3 files changed, 71 insertions, 32 deletions

diff --git a/openstackclient/common/configuration.py b/openstackclient/common/configuration.py
index 49ef0e05..cb415505 100644
--- a/openstackclient/common/configuration.py
+++ b/openstackclient/common/configuration.py
@@ -45,7 +45,6 @@ class ShowConfiguration(command.ShowOne):
         return parser
 
     def take_action(self, parsed_args):
-
         info = self.app.client_manager.get_configuration()
 
         # Assume a default secret list in case we do not have an auth_plugin
@@ -63,4 +62,9 @@ class ShowConfiguration(command.ShowOne):
                 value = REDACTED
             info['auth.' + key] = value
 
+        if parsed_args.mask:
+            for secret_opt in secret_opts:
+                if secret_opt in info:
+                    info[secret_opt] = REDACTED
+
         return zip(*sorted(info.items()))
diff --git a/openstackclient/tests/unit/common/test_configuration.py b/openstackclient/tests/unit/common/test_configuration.py
index bdd3debf..148228ec 100644
--- a/openstackclient/tests/unit/common/test_configuration.py
+++ b/openstackclient/tests/unit/common/test_configuration.py
@@ -35,11 +35,14 @@ class TestConfiguration(utils.TestCommand):
         fakes.REGION_NAME,
     )
 
-    opts = [mock.Mock(secret=True, dest="password"),
-            mock.Mock(secret=True, dest="token")]
+    opts = [
+        mock.Mock(secret=True, dest="password"),
+        mock.Mock(secret=True, dest="token"),
+    ]
 
-    @mock.patch("keystoneauth1.loading.base.get_plugin_options",
-                return_value=opts)
+    @mock.patch(
+        "keystoneauth1.loading.base.get_plugin_options", return_value=opts
+    )
     def test_show(self, m_get_plugin_opts):
         arglist = []
         verifylist = [('mask', True)]
@@ -51,12 +54,14 @@ class TestConfiguration(utils.TestCommand):
         self.assertEqual(self.columns, columns)
         self.assertEqual(self.datalist, data)
 
-    @mock.patch("keystoneauth1.loading.base.get_plugin_options",
-                return_value=opts)
+    @mock.patch(
+        "keystoneauth1.loading.base.get_plugin_options", return_value=opts
+    )
     def test_show_unmask(self, m_get_plugin_opts):
         arglist = ['--unmask']
         verifylist = [('mask', False)]
         cmd = configuration.ShowConfiguration(self.app, None)
+
         parsed_args = self.check_parser(cmd, arglist, verifylist)
 
         columns, data = cmd.take_action(parsed_args)
@@ -71,15 +76,49 @@ class TestConfiguration(utils.TestCommand):
         )
         self.assertEqual(datalist, data)
 
-    @mock.patch("keystoneauth1.loading.base.get_plugin_options",
-                return_value=opts)
-    def test_show_mask(self, m_get_plugin_opts):
+    @mock.patch(
+        "keystoneauth1.loading.base.get_plugin_options", return_value=opts
+    )
+    def test_show_mask_with_cloud_config(self, m_get_plugin_opts):
         arglist = ['--mask']
         verifylist = [('mask', True)]
+        self.app.client_manager.configuration_type = "cloud_config"
         cmd = configuration.ShowConfiguration(self.app, None)
+
         parsed_args = self.check_parser(cmd, arglist, verifylist)
 
         columns, data = cmd.take_action(parsed_args)
 
         self.assertEqual(self.columns, columns)
         self.assertEqual(self.datalist, data)
+
+    @mock.patch(
+        "keystoneauth1.loading.base.get_plugin_options", return_value=opts
+    )
+    def test_show_mask_with_global_env(self, m_get_plugin_opts):
+        arglist = ['--mask']
+        verifylist = [('mask', True)]
+        self.app.client_manager.configuration_type = "global_env"
+        column_list = (
+            'identity_api_version',
+            'password',
+            'region',
+            'token',
+            'username',
+        )
+        datalist = (
+            fakes.VERSION,
+            configuration.REDACTED,
+            fakes.REGION_NAME,
+            configuration.REDACTED,
+            fakes.USERNAME,
+        )
+
+        cmd = configuration.ShowConfiguration(self.app, None)
+
+        parsed_args = self.check_parser(cmd, arglist, verifylist)
+
+        columns, data = cmd.take_action(parsed_args)
+
+        self.assertEqual(column_list, columns)
+        self.assertEqual(datalist, data)
diff --git a/openstackclient/tests/unit/fakes.py b/openstackclient/tests/unit/fakes.py
index 00e0c129..086c2466 100644
--- a/openstackclient/tests/unit/fakes.py
+++ b/openstackclient/tests/unit/fakes.py
@@ -11,7 +11,6 @@
 #   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 #   License for the specific language governing permissions and limitations
 #   under the License.
-#
 
 import json
 import sys
@@ -49,21 +48,6 @@ TEST_RESPONSE_DICT_V3.set_project_scope()
 TEST_VERSIONS = fixture.DiscoveryList(href=AUTH_URL)
 
 
-def to_unicode_dict(catalog_dict):
-    """Converts dict to unicode dict
-
-    """
-    if isinstance(catalog_dict, dict):
-        return {to_unicode_dict(key): to_unicode_dict(value)
-                for key, value in catalog_dict.items()}
-    elif isinstance(catalog_dict, list):
-        return [to_unicode_dict(element) for element in catalog_dict]
-    elif isinstance(catalog_dict, str):
-        return catalog_dict + u""
-    else:
-        return catalog_dict
-
-
 class FakeStdout(object):
 
     def __init__(self):
@@ -142,18 +126,30 @@ class FakeClientManager(object):
         self.network_endpoint_enabled = True
         self.compute_endpoint_enabled = True
         self.volume_endpoint_enabled = True
+        # The source of configuration. This is either 'cloud_config' (a
+        # clouds.yaml file) or 'global_env' ('OS_'-prefixed envvars)
+        self.configuration_type = 'cloud_config'
 
     def get_configuration(self):
-        return {
-            'auth': {
-                'username': USERNAME,
-                'password': PASSWORD,
-                'token': AUTH_TOKEN,
-            },
+
+        config = {
             'region': REGION_NAME,
             'identity_api_version': VERSION,
         }
 
+        if self.configuration_type == 'cloud_config':
+            config['auth'] = {
+                'username': USERNAME,
+                'password': PASSWORD,
+                'token': AUTH_TOKEN,
+            }
+        elif self.configuration_type == 'global_env':
+            config['username'] = USERNAME
+            config['password'] = PASSWORD
+            config['token'] = AUTH_TOKEN
+
+        return config
+
     def is_network_endpoint_enabled(self):
         return self.network_endpoint_enabled