diff options
| author | Jose Castillo <jcastillo@redhat.com> | 2024-02-27 12:32:16 +0000 |
|---|---|---|
| committer | Jake Hunsaker <jacob.r.hunsaker@gmail.com> | 2024-03-16 15:11:37 -0400 |
| commit | 8d6db6da672be43cb70e186ef429ef684584ba17 (patch) | |
| tree | 44b4efc8b594b3a1bb502869f967534e4297fc0a | |
| parent | 686ef7e327d58b769cec41a2449cd8090f847062 (diff) | |
| download | sos-8d6db6da672be43cb70e186ef429ef684584ba17.tar.gz | |
[openstack_keystone] Obfuscate OIDC client secret
Obfuscate OIDC client secret inside
/var/lib/config-data/puppet-generated/keystone/
etc/httpd/conf.d/10-keystone_wsgi.conf
The secret looks like this:
OIDCClientSecret "Password"
And after obfuscation, it will look like this:
OIDCClientSecret *********
Related: RH: RHEL-26720
Signed-off-by: Jose Castillo <jcastillo@redhat.com>
| -rw-r--r-- | sos/report/plugins/openstack_keystone.py | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/sos/report/plugins/openstack_keystone.py b/sos/report/plugins/openstack_keystone.py index d7a50bd2..dd22d41c 100644 --- a/sos/report/plugins/openstack_keystone.py +++ b/sos/report/plugins/openstack_keystone.py @@ -91,17 +91,22 @@ class OpenStackKeystone(Plugin): self.var_puppet_gen + "/etc/keystone/*", regexp, subst ) + self.do_path_regex_sub( + self.var_puppet_gen + "/etc/httpd/conf.d/", + regexp, subst + ) def postproc(self): protect_keys = [ "password", "qpid_password", "rabbit_password", "ssl_key_password", "ldap_dns_password", "neutron_admin_password", "host_password", - "admin_password", "admin_token", "ca_password", "transport_url" + "admin_password", "admin_token", "ca_password", "transport_url", + "OIDCClientSecret", ] connection_keys = ["connection"] self.apply_regex_sub( - r"(^\s*(%s)\s*=\s*)(.*)" % "|".join(protect_keys), + r"(^\s*(%s)\s*(=\s*)?)(.*)" % "|".join(protect_keys), r"\1*********" ) self.apply_regex_sub( |