esrally must not log clear text user passwords

[suckowbiz]

esrally 0.9.4 logs the basic auth password in clear text:

2018-04-08 07:00:00,100 PID:42 rally.client INFO Creating ES client connected to [{'host': '1.2.3.4', 'port': 9200}, {'host': '1.2.3.5', 'port': 9200}] with options [{'use_ssl': True, 'verify_certs': False, 'basic_auth_user': 'me', 'basic_auth_password': 'mypassword', 'http_auth': ('me', 'password')}]

esrally must not do this to enable usage in enterprise environments.

Please accept PR (following).

[danielmitterdorfer]

Thank you for the PR! I left a couple of comments.

[danielmitterdorfer]

Can you please change this to "basic_auth_password" in masked_client_options?

[suckowbiz]

Yes. I learned it's more pyhtonic and Pyhton 3 compatible: https://stackoverflow.com/questions/1323410/has-key-or-in

[danielmitterdorfer]

Can you please change this to "http_auth" in masked_client_options?

[suckowbiz]

Will do.

[danielmitterdorfer]

I think this should be masked_client_options["http_auth"] = (client_options["http_auth"][0], "*****") as you are modifying the http_auth entry and a basic_auth_user does not necessarily exist then.

[dliappis]

Thanks! Left one minor comment.

[dliappis]

Very minor comment/ask, the current code is not consistent at the moment, but while you are at it, would it be possible to use the comma format and have the options as arguments, as documented here? The idea is that moving forwards we move away from % for strings, so in your case it'd be:

logger.info("Creating ES client connected to %s with options [%s]", hosts, masked_client_options)

Thank you!

[suckowbiz]

Of course.

[suckowbiz]

Thanks for the review. I applied the requested changes.

[danielmitterdorfer]

Thanks for your contribution and iterating on the PR! The changes looks fine to me.

We'll merge the PR soon. It will be included in the next release 0.10.0 of Rally.

[suckowbiz]

Thanks for accepting my commit. Looking forward to run 0.10.0 soonish :).