Ability to show_secrets for admin as applied to apikeys

* utility method in a base class that controllers can use to decide
  the value of mask_secrets. This utility uses query parameters to
  decide if secrets should be returned unmasked.
* apikeys controller uses utility to decide

st2api/st2api/controllers/base.py

@@ -24,6 +24,9 @@
 ]
 
 
+SHOW_SECRETS_QUERY_PARAM = 'show_secrets'
+
+
 class BaseRestControllerMixin(RestController):
     """
     Base REST controller class which contains various utility functions.
@@ -64,3 +67,25 @@ def _get_query_param_value(self, request, param_name, param_type, default_value=
             value = transform_to_bool(value)
 
         return value
+
+    def _get_mask_secrets(self, request):
+        """
+        Return a value for mask_secrets which can be used in masking secret properties
+        to be retruned by any API. The default value is as per the config however admin
+        users have the ability to override by passing in a special query parameter
+        show_secrets.
+
+        :param request: Request object.
+
+        :rtype: ``bool``
+        """
+        mask_secrets = cfg.CONF.api.mask_secrets
+        show_secrets_param = self._get_query_param_value(request=request,
+                                                   param_name=SHOW_SECRETS_QUERY_PARAM,
+                                                   param_type='bool',
+                                                   default_value=False)
+
+        if show_secrets and request_user_is_admin(request=request):
+            mask_secrets = False
+
+        return mask_secrets

st2api/st2api/controllers/v1/auth.py

@@ -77,7 +77,8 @@ def get_one(self, api_key_id_or_key):
             abort(http_client.NOT_FOUND, msg)
 
         try:
-            return ApiKeyAPI.from_model(api_key_db, mask_secrets=cfg.CONF.api.mask_secrets)
+            mask_secrets = self._get_mask_secrets(pecan.request)
+            return ApiKeyAPI.from_model(api_key_db, mask_secrets=mask_secrets)
         except (ValidationError, ValueError) as e:
             LOG.exception('Failed to serialize API key.')
             abort(http_client.INTERNAL_SERVER_ERROR, str(e))
@@ -91,9 +92,9 @@ def get_all(self, **kw):
             Handles requests:
                 GET /keys/
         """
-
+        mask_secrets = self._get_mask_secrets(pecan.request)
         api_key_dbs = ApiKey.get_all(**kw)
-        api_keys = [ApiKeyAPI.from_model(api_key_db, mask_secrets=cfg.CONF.api.mask_secrets)
+        api_keys = [ApiKeyAPI.from_model(api_key_db, mask_secrets=mask_secrets)
                     for api_key_db in api_key_dbs]
 
         return api_keys