From 8d6db6da672be43cb70e186ef429ef684584ba17 Mon Sep 17 00:00:00 2001
From: Jose Castillo <jcastillo@redhat.com>
Date: Tue, 27 Feb 2024 12:32:16 +0000
Subject: [openstack_keystone] Obfuscate OIDC client secret
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Obfuscate OIDC client secret inside
/var/lib/config-data/puppet-generated/keystone/
	etc/httpd/conf.d/10-keystone_wsgi.conf 

The secret looks like this:
 
 OIDCClientSecret "Password"

And after obfuscation, it will look like this:

OIDCClientSecret *********

Related: RH: RHEL-26720

Signed-off-by: Jose Castillo <jcastillo@redhat.com>
---
 sos/report/plugins/openstack_keystone.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/sos/report/plugins/openstack_keystone.py b/sos/report/plugins/openstack_keystone.py
index d7a50bd2..dd22d41c 100644
--- a/sos/report/plugins/openstack_keystone.py
+++ b/sos/report/plugins/openstack_keystone.py
@@ -91,17 +91,22 @@ class OpenStackKeystone(Plugin):
             self.var_puppet_gen + "/etc/keystone/*",
             regexp, subst
         )
+        self.do_path_regex_sub(
+            self.var_puppet_gen + "/etc/httpd/conf.d/",
+            regexp, subst
+        )
 
     def postproc(self):
         protect_keys = [
             "password", "qpid_password", "rabbit_password", "ssl_key_password",
             "ldap_dns_password", "neutron_admin_password", "host_password",
-            "admin_password", "admin_token", "ca_password", "transport_url"
+            "admin_password", "admin_token", "ca_password", "transport_url",
+            "OIDCClientSecret",
         ]
         connection_keys = ["connection"]
 
         self.apply_regex_sub(
-            r"(^\s*(%s)\s*=\s*)(.*)" % "|".join(protect_keys),
+            r"(^\s*(%s)\s*(=\s*)?)(.*)" % "|".join(protect_keys),
             r"\1*********"
         )
         self.apply_regex_sub(
-- 
cgit