[pulp] collect dynaconf list in pulp-3

- enable the plugin for pulp-3 - collect dynaconf list output and scrub passwords there Resoves: #2277 Closes: #2266 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
author: Pavel Moravec <pmoravec@redhat.com> 2020-10-19 11:48:40 +0200
committer: Jake Hunsaker <jhunsake@redhat.com> 2020-10-26 10:51:29 -0400
commit: cc8cc68e446dd6297be5930a925c9ebd23d07a45 (patch)
tree: 5c73553c7ba6ac7a936c81d303c82f121dbaf3d8
parent: 22b19739d94f0a40fb8dfd3236e63991a0c027b9 (diff)
download: sos-cc8cc68e446dd6297be5930a925c9ebd23d07a45.tar.gz
1 files changed, 16 insertions, 1 deletions
diff --git a/sos/report/plugins/pulp.py b/sos/report/plugins/pulp.py
index aa2ccea7..95e0a14a 100644
--- a/sos/report/plugins/pulp.py
+++ b/sos/report/plugins/pulp.py
@@ -18,7 +18,8 @@ class Pulp(Plugin, RedHatPlugin):
     short_desc = 'Pulp platform'
 
     plugin_name = "pulp"
-    packages = ("pulp-server", "pulp-katello")
+    packages = ("pulp-server", "pulp-katello", "python3-pulpcore")
+    files = ("/etc/pulp/settings.py")
     option_list = [
         ('tasks', 'number of tasks to collect from DB queries', 'fast', 200)
     ]
@@ -63,6 +64,7 @@ class Pulp(Plugin, RedHatPlugin):
 
         self.add_copy_spec([
             "/etc/pulp/*.conf",
+            "/etc/pulp/settings.py",
             "/etc/pulp/server/plugins.conf.d/",
             "/etc/default/pulp*",
             "/var/log/httpd/pulp-http.log*",
@@ -128,6 +130,11 @@ class Pulp(Plugin, RedHatPlugin):
             "qpid-stat -%s --ssl-certificate=%s -b amqps://localhost:5671" %
             (opt, self.messaging_cert_file) for opt in "quc"
         ])
+        self.add_cmd_output(
+            "sudo -u pulp PULP_SETTINGS='/etc/pulp/settings.py' "
+            "DJANGO_SETTINGS_MODULE='pulpcore.app.settings' dynaconf list",
+            suggest_filename="dynaconf_list"
+        )
 
     def build_mongo_cmd(self, query):
         _cmd = "bash -c %s"
@@ -153,4 +160,12 @@ class Pulp(Plugin, RedHatPlugin):
         repl = r"\1********\4"
         self.do_path_regex_sub("/etc/pulp(.*)(.json$)", jreg, repl)
 
+        # obfuscate SECRET_KEY = .. and 'PASSWORD': .. in dynaconf list output
+        # and also in settings.py
+        # count with option that PASSWORD is with(out) quotes or in capitals
+        key_pass_re = r"(SECRET_KEY\s*=|(password|PASSWORD)(\"|'|:)+)\s*(\S*)"
+        repl = r"\1 ********"
+        self.do_path_regex_sub("/etc/pulp/settings.py", key_pass_re, repl)
+        self.do_cmd_output_sub("dynaconf list", key_pass_re, repl)
+
 # vim: set et ts=4 sw=4 :
author	Pavel Moravec <pmoravec@redhat.com>	2020-10-19 11:48:40 +0200
committer	Jake Hunsaker <jhunsake@redhat.com>	2020-10-26 10:51:29 -0400
commit	cc8cc68e446dd6297be5930a925c9ebd23d07a45 (patch)
tree	5c73553c7ba6ac7a936c81d303c82f121dbaf3d8
parent	22b19739d94f0a40fb8dfd3236e63991a0c027b9 (diff)
download	sos-cc8cc68e446dd6297be5930a925c9ebd23d07a45.tar.gz