diff options
| author | Lee Yarwood <lyarwood@redhat.com> | 2015-07-07 14:54:49 +0100 |
|---|---|---|
| committer | Bryn M. Reeves <bmr@redhat.com> | 2015-07-07 20:44:31 +0100 |
| commit | 5917dbd8f38bab29de9e40d1135b0e9e85cb91bc (patch) | |
| tree | f6e4d10e0f24d5d5e87ebd4e2c79a4171e8ad3fb | |
| parent | fb7bbcf9e60002d75db383fac08244a7fa06a1d6 (diff) | |
| download | sos-5917dbd8f38bab29de9e40d1135b0e9e85cb91bc.tar.gz | |
[openstack_neutron] Obscure passwords and secrets
The following passwords and secrets are now obscured :
- rabbit_password
- qpid_password
- nova_admin_password
- xenapi_connection_password
- password
- connection
- admin_password
- metadata_proxy_shared_secret
- qpid_password
- eapi_password
- crd_password
- primary_l3_host_password
- serverauth
- ucsm_password
- ha_vrrp_auth_password
- ssl_key_password
- vcenter_password
- edge_appliance_password
- tenant_admin_password
- apic_password
Fixes #594
Signed-off-by: Lee Yarwood <lyarwood@redhat.com>
| -rw-r--r-- | sos/plugins/openstack_neutron.py | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/sos/plugins/openstack_neutron.py b/sos/plugins/openstack_neutron.py index 36de7cc9..ab895c84 100644 --- a/sos/plugins/openstack_neutron.py +++ b/sos/plugins/openstack_neutron.py @@ -14,6 +14,7 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +import glob import os import re @@ -50,6 +51,21 @@ class Neutron(Plugin): self.netns_dumps() + def postproc(self): + protect_keys = [ + "rabbit_password", "qpid_password", "nova_admin_password", + "xenapi_connection_password", "password", "connection", + "admin_password", "metadata_proxy_shared_secret", "qpid_password", + "eapi_password", "crd_password", "primary_l3_host_password", + "serverauth", "ucsm_password", "ha_vrrp_auth_password", + "ssl_key_password", "nsx_password", "vcenter_password", + "edge_appliance_password", "tenant_admin_password", "apic_password" + ] + regexp = r"((?m)^\s*#*(%s)\s*=\s*)(.*)" % "|".join(protect_keys) + + for config_file in glob.glob("/etc/%s/*" % self.component_name): + self.do_file_sub(config_file, regexp, r"\1*********") + def netns_dumps(self): # It would've been beautiful if we could get parts of the networking # plugin to run in different namespaces. There are a couple of options |