sos/sos-redact-secrets-from-sahara-config.patch
Bryn M. Reeves 89b86368f8 Update spec file for sos-3.2-1
Update sos in rawhide to the upstream 3.2 release and additional
patches including the fix for CVE-2015-7529.
2015-12-16 15:53:30 +00:00

36 lines
1.2 KiB
Diff

From 706e523d608b588cfd70b2dfa957feafe0645796 Mon Sep 17 00:00:00 2001
From: Rohan Kanade <rkanade@redhat.com>
Date: Mon, 15 Jun 2015 20:24:10 +0530
Subject: [PATCH] [openstack_sahara] redact secrets from sahara configuration
Signed-off-by: Rohan Kanade <rkanade@redhat.com>
---
sos/plugins/openstack_sahara.py | 11 +++++++++++
1 files changed, 11 insertions(+), 0 deletions(-)
diff --git a/sos/plugins/openstack_sahara.py b/sos/plugins/openstack_sahara.py
index f0b95e4..9d971ba 100644
--- a/sos/plugins/openstack_sahara.py
+++ b/sos/plugins/openstack_sahara.py
@@ -31,6 +31,17 @@ class OpenStackSahara(Plugin):
if self.get_option("log"):
self.add_copy_spec("/var/log/sahara/")
+ def postproc(self):
+ protect_keys = [
+ 'memcache_secret_key', 'qpid_password', 'rabbit_password',
+ 'admin_password', 'password', 'ssl_key_password',
+ 'admin_token', 'connection'
+ ]
+
+ regexp = r"((?m)^\s*#*(%s)\s*=\s*)(.*)" % "|".join(protect_keys)
+
+ self.do_file_sub('/etc/sahara/sahara.conf', regexp, r"\1*********")
+
class DebianOpenStackSahara(OpenStackSahara, DebianPlugin, UbuntuPlugin):
"""OpenStackSahara related information for Debian based distributions."""
--
1.7.1