Security fix: Remove document data printout from exception message

This is to remove document data printout from the MissingDocumentKey
exception message which could expose sensitive data if it is caught
and logged by other services, for example. Instead, the child
and parent documents' schema and name are printed, in addition to
the action object in which the path that could not be resolved
in either parent or document is contained.

Change-Id: I07f43e57527d05e98e98e5f80567b97dd2a762f9

deckhand/engine/layering.py

@@ -405,9 +405,11 @@ class DocumentLayering(object):
                                                   action_path)
                 if from_child is None:
                     raise errors.MissingDocumentKey(
-                        child=child_data.data,
-                        parent=overall_data.data,
-                        key=action_path)
+                        child_schema=child_data.schema,
+                        child_name=child_data.name,
+                        parent_schema=overall_data.schema,
+                        parent_name=overall_data.name,
+                        action=action)
 
                 engine_utils.deep_delete(from_child, overall_data.data, None)
 
@@ -417,9 +419,11 @@ class DocumentLayering(object):
 
             if from_child is None:
                 raise errors.MissingDocumentKey(
-                    child=child_data.data,
-                    parent=overall_data.data,
-                    key=action_path)
+                    child_schema=child_data.schema,
+                    child_name=child_data.name,
+                    parent_schema=overall_data.schema,
+                    parent_name=overall_data.name,
+                    action=action)
 
             if (isinstance(from_parent, dict)
                     and isinstance(from_child, dict)):
@@ -436,9 +440,11 @@ class DocumentLayering(object):
 
             if from_child is None:
                 raise errors.MissingDocumentKey(
-                    child=child_data.data,
-                    parent=overall_data.data,
-                    key=action_path)
+                    child_schema=child_data.schema,
+                    child_name=child_data.name,
+                    parent_schema=overall_data.schema,
+                    parent_name=overall_data.name,
+                    action=action)
 
             overall_data.data = utils.jsonpath_replace(
                 overall_data.data, from_child, action_path)

deckhand/errors.py

@@ -230,12 +230,22 @@ class SubstitutionDependencyCycle(DeckhandException):
 
 
 class MissingDocumentKey(DeckhandException):
-    """The key does not exist in the "rendered_data".
+    """Either the parent or child document data is missing the action path
+    used for layering.
 
     **Troubleshoot:**
+
+    * Check that the action path exists in the data section for both child
+      and parent documents being layered together.
+    * Note that previous delete layering actions can affect future layering
+      actions by removing a path needed by a future layering action.
+    * Note that substitutions that substitute in lists or objects into the
+      rendered data for a document can also complicate debugging this issue.
     """
-    msg_fmt = ("Missing document key %(key)s from either parent or child. "
-               "Parent: %(parent)s. Child: %(child)s.")
+    msg_fmt = ("Missing action path in %(action)s needed for layering from "
+               "either the data section of the parent [%(parent_schema)s] "
+               "%(parent_name)s or child [%(child_schema)s] %(child_name)s "
+               "document.")
     code = 400