From 73b19cb666d70f2288a96c95cfab4bf8ed391faa Mon Sep 17 00:00:00 2001
From: Steven Hardy <shardy@redhat.com>
Date: Mon, 8 Oct 2012 17:16:42 +0100
Subject: [PATCH] heat engine : Avoid printing credentials to logfile

Avoid printing the AWS secret key to the (world-readable)
engine logfile

Fixes #258

Change-Id: I26d809064c603421c4bbe4a060de5d4776fec4b8
Signed-off-by: Steven Hardy <shardy@redhat.com>
---
 heat/engine/user.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/heat/engine/user.py b/heat/engine/user.py
index 67d681cd..2f1d6876 100644
--- a/heat/engine/user.py
+++ b/heat/engine/user.py
@@ -172,14 +172,17 @@ class AccessKey(Resource):
 
     def FnGetAtt(self, key):
         res = None
+        log_res = None
         if key == 'UserName':
             res = self.properties['UserName']
+            log_res = res
         elif key == 'SecretAccessKey':
             res = self._secret_accesskey()
+            log_res = "<SANITIZED>"
         else:
             raise exception.InvalidTemplateAttribute(
                         resource=self.physical_resource_name(), key=key)
 
         logger.info('%s.GetAtt(%s) == %s' % (self.physical_resource_name(),
-                                             key, res))
+                                             key, log_res))
         return unicode(res)
-- 
2.45.2