From 7b7a483e467b749731f64ecfbac9dd28aa89c749 Mon Sep 17 00:00:00 2001
From: Arif Ali <arif.ali@canonical.com>
Date: Tue, 23 Apr 2024 22:59:50 +0100
Subject: [neutron] Don't collect ml2 certs

Signed-off-by: Arif Ali <arif.ali@canonical.com>
---
 sos/report/plugins/openstack_neutron.py | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/sos/report/plugins/openstack_neutron.py b/sos/report/plugins/openstack_neutron.py
index 5efda2b5..bed4351f 100644
--- a/sos/report/plugins/openstack_neutron.py
+++ b/sos/report/plugins/openstack_neutron.py
@@ -44,6 +44,38 @@ class OpenStackNeutron(Plugin):
         self.add_forbidden_path("/var/lib/neutron/lock")
         self.add_cmd_output("ls -laZR /var/lib/neutron/lock")
 
+        if self.path_exists(self.var_puppet_gen):
+            ml2_pre = self.var_puppet_gen
+        else:
+            ml2_pre = ""
+
+        ml2_conf_file = f"{ml2_pre}/etc/neutron/plugins/ml2/ml2_conf.ini"
+
+        ml2_certs = []
+
+        ml2_cert_keys = [
+            'ovn_nb_private_key',
+            'ovn_nb_certificate',
+            'ovn_nb_ca_cert',
+            'ovn_sb_private_key',
+            'ovn_sb_certificate',
+            'ovn_sb_ca_cert',
+        ]
+
+        try:
+            with open(ml2_conf_file, 'r', encoding='UTF-8') as cfile:
+                for line in cfile.read().splitlines():
+                    if not line:
+                        continue
+                    words = line.split('=')
+                    if words[0].strip() in ml2_cert_keys:
+                        ml2_certs.append(words[1].strip())
+        except IOError as error:
+            self._log_error(f'Could not open conf file {ml2_conf_file}:'
+                            f' {error}')
+
+        self.add_forbidden_path(ml2_certs)
+
         vars_all = [p in os.environ for p in [
                     'OS_USERNAME', 'OS_PASSWORD']]
 
-- 
cgit