diff options
author | Pavel Moravec <pmoravec@redhat.com> | 2021-08-03 21:54:33 +0200 |
---|---|---|
committer | Jake Hunsaker <jhunsake@redhat.com> | 2021-08-04 08:58:47 -0400 |
commit | 4e5bebffca9936bcdf4d38aad9989970a15dd72b (patch) | |
tree | b352cacd696a0b164177b6dd5dbb81a7ad245034 | |
parent | 939d00f473f4861932134b5c80aec40a330964aa (diff) | |
download | sos-4e5bebffca9936bcdf4d38aad9989970a15dd72b.tar.gz |
[rhui] Update the plugin on several places
- obfuscate "rhui_manager_password: xxx" in /root/.rhui/answers.yaml*
- no need to collect or obfuscate anything from /etc/ansible/facts.d
- newly detect the plugin via /etc/rhui/rhui-tools.conf file or rhui-manager
command (only)
Resolves: #2637
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
-rw-r--r-- | sos/report/plugins/rhui.py | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/sos/report/plugins/rhui.py b/sos/report/plugins/rhui.py index 1d479f85..52065fb4 100644 --- a/sos/report/plugins/rhui.py +++ b/sos/report/plugins/rhui.py @@ -16,8 +16,8 @@ class Rhui(Plugin, RedHatPlugin): short_desc = 'Red Hat Update Infrastructure' plugin_name = "rhui" - commands = ("rhui-manager",) - files = ("/etc/ansible/facts.d/rhui_auth.fact", "/usr/lib/rhui/cds.py") + commands = ("rhui-manager", ) + files = ("/etc/rhui/rhui-tools.conf", ) def setup(self): self.add_copy_spec([ @@ -27,7 +27,6 @@ class Rhui(Plugin, RedHatPlugin): "/var/log/rhui-subscription-sync.log", "/var/cache/rhui/*", "/root/.rhui/*", - "/etc/ansible/facts.d/rhui_*.fact", ]) # skip collecting certificate keys self.add_forbidden_path("/etc/pki/rhui/**/*.key", recursive=True) @@ -42,11 +41,10 @@ class Rhui(Plugin, RedHatPlugin): ], timeout=60, env={'PYTHONUNBUFFERED': '1'}) def postproc(self): - # obfuscate admin_pw and secret_key values - for prop in ["admin_pw", "secret_key"]: - self.do_path_regex_sub( - "/etc/ansible/facts.d/rhui_auth.fact", - r"(%s\s*=\s*)(.*)" % prop, + # hide rhui_manager_password value in (also rotated) answers file + self.do_path_regex_sub( + r"/root/\.rhui/answers.yaml.*", + r"(\s*rhui_manager_password\s*:)\s*(\S+)", r"\1********") # obfuscate twoo cookies for login session for cookie in ["csrftoken", "sessionid"]: |