Clean up secrets-redaction

-Fix docstrings -Clean up positional/keyword arguments -Clean unit testing and code bits Signed-off-by: Elijah Swift <elijah.swift@ibm.com> Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
ambitus · Aug 17, 2023 · 5c0dab7 · 5c0dab7
1 parent e0f891d
commit 5c0dab7
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 15 deletions.
diff --git a/pyracf/common/logger.py b/pyracf/common/logger.py
@@ -134,7 +134,7 @@ def redact_request_xml(
         Redact a list of specific secret traits in a request xml string or bytes object.
         Based the following xml pattern:
             '<xmltag attribute="any">xml value</xmltag>'
-        This function also accounts for varied amounts of variation in the xml attributes.
+        This function also accounts for any number of arbitrary xml attributes.
         """
         is_bytes = False
         if isinstance(xml_string, bytes):

diff --git a/pyracf/common/security_admin.py b/pyracf/common/security_admin.py
@@ -154,17 +154,18 @@ def _make_request(
                 security_request.dump_request_xml(encoding="utf-8"),
                 secret_traits=self.__secret_traits,
             )
-            self.__clear_state(security_request=security_request)
+            self.__clear_state(security_request)
             return request
-        result_xml = self.__irrsmo00.call_racf(
-            security_request.dump_request_xml(), irrsmo00_precheck
+        result_xml = self.__logger.redact_result_xml(
+            self.__irrsmo00.call_racf(
+                security_request.dump_request_xml(), irrsmo00_precheck
+            ),
+            self.__secret_traits,
         )
-        result_xml = self.__logger.redact_result_xml(result_xml, self.__secret_traits)
-        self.__clear_state(security_request=security_request)
+        self.__clear_state(security_request)
         if self.__debug:
             self.__logger.log_xml("Result XML", result_xml)
         results = SecurityResult(result_xml)
-        del result_xml
         if self.__debug:
             # No need to redact anything here since the result dictionary
             # already has secrets redacted when it is built.

diff --git a/tests/user/test_user_debug_logging.py b/tests/user/test_user_debug_logging.py
@@ -205,10 +205,6 @@ def test_add_user_request_debug_log_password_xml_tags_not_redacted_on_success(
         self.assertEqual(
             success_log, TestUserConstants.TEST_ADD_USER_PASSWORD_SUCCESS_LOG
         )
-        self.assertNotIn("(" + self.simple_password + ")", success_log)
-        self.assertNotIn('"' + self.simple_password + '"', success_log)
-        self.assertNotIn(">" + self.simple_password + "<", success_log)
-        self.assertIn(self.simple_password, success_log)
 
     def test_add_user_request_debug_log_password_xml_tags_not_redacted_on_error(
         self,
@@ -228,10 +224,6 @@ def test_add_user_request_debug_log_password_xml_tags_not_redacted_on_error(
                 pass
         error_log = self.ansi_escape.sub("", stdout.getvalue())
         self.assertEqual(error_log, TestUserConstants.TEST_ADD_USER_PASSWORD_ERROR_LOG)
-        self.assertNotIn("(" + self.simple_password + ")", error_log)
-        self.assertNotIn('"' + self.simple_password + '"', error_log)
-        self.assertNotIn(">" + self.simple_password + "<", error_log)
-        self.assertIn(self.simple_password, error_log)
 
     # ============================================================================
     # Add Additional Secrets