Fix password protection for nova

Signed-off-by: Xavier Queralt <xqueralt@redhat.com>

1 files changed, 11 insertions, 14 deletions

diff --git a/sos/plugins/openstack_nova.py b/sos/plugins/openstack_nova.py
index e9932b48..3823c572 100644
--- a/sos/plugins/openstack_nova.py
+++ b/sos/plugins/openstack_nova.py
@@ -60,20 +60,17 @@ class OpenStackNova(Plugin):
         self.add_copy_spec("/etc/nova/")
 
     def postproc(self):
-        protect_passwords = {
-            "/etc/nova/nova.conf": [
-                "ldap_dns_password", "neutron_admin_password",
-                "rabbit_password", "qpid_password", "powervm_mgr_passwd",
-                "xenapi_connection_password", "virtual_power_host_pass",
-                "password", "host_password", "vnc_password", "connection",
-                "sql_connection"],
-            "/etc/nova/api-paste.ini": ["admin_password"]
-        }
-
-        for conf_file, keys in protect_passwords.items():
-            for password_key in keys:
-                regexp = r"(?m)^(%s\s*=\s*)(.*)" % password_key
-                self.do_file_sub(conf_file, regexp, r"\1*********")
+        protect_keys = [
+            "ldap_dns_password", "neutron_admin_password", "rabbit_password",
+            "qpid_password", "powervm_mgr_passwd", "virtual_power_host_pass",
+            "xenapi_connection_password", "password", "host_password",
+            "vnc_password", "connection", "sql_connection", "admin_password"
+        ]
+
+        regexp = r"((?m)^\s*#*(%s)\s*=\s*)(.*)" % "|".join(protect_keys)
+
+        for conf_file in ["/etc/nova/nova.conf", "/etc/nova/api-paste.ini"]:
+            self.do_file_sub(conf_file, regexp, r"\1*********")
 
 
 class DebianOpenStackNova(OpenStackNova, DebianPlugin, UbuntuPlugin):