From a53057797e7fb863e0b46dcb848462355503ec89 Mon Sep 17 00:00:00 2001
From: Pavel Moravec <pmoravec@redhat.com>
Date: Fri, 1 Sep 2017 21:20:58 +0200
Subject: [openstack_keystone] collect domain specific config

Collect domain config directory if it exists.

Resolves: #1086

Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
---
 sos/plugins/openstack_keystone.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/sos/plugins/openstack_keystone.py b/sos/plugins/openstack_keystone.py
index bdcb61d1..d8be424b 100644
--- a/sos/plugins/openstack_keystone.py
+++ b/sos/plugins/openstack_keystone.py
@@ -55,6 +55,15 @@ class OpenStackKeystone(Plugin):
                 "/var/log/containers/keystone/*.log"
             ], sizelimit=self.limit)
 
+        # collect domain config directory, if exists
+        self.domain_config_dir_added = False
+        self.domain_config_dir = self.get_cmd_output_now(
+                "openstack-config --get /etc/keystone/keystone.conf "
+                "identity domain_config_dir")
+        if self.domain_config_dir and os.path.isdir(self.domain_config_dir):
+            self.add_copy_spec(self.domain_config_dir)
+            self.domain_config_dir_added = True
+
         if self.get_option("verify"):
             self.add_cmd_output("rpm -V %s" % ' '.join(self.packages))
 
@@ -86,6 +95,11 @@ class OpenStackKeystone(Plugin):
             regexp, r"\1*********"
         )
 
+        # obfuscate LDAP plaintext passwords in domain config dir, if collected
+        if self.domain_config_dir_added:
+            self.do_path_regex_sub(self.domain_config_dir,
+                                   r"((?m)^\s*(%s)\s*=\s*)(.*)", r"\1********")
+
 
 class DebianKeystone(OpenStackKeystone, DebianPlugin, UbuntuPlugin):
 
-- 
cgit