From 594adb98773d365efda5a7449f66042015645f7f Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Fri, 29 Oct 2010 20:24:31 +0200
Subject: Log script options to logfile

Uses a new subclass IPAOptionParser in scripts instead of OptionParser
from the standard python library. IPAOptionParser uses its own IPAOption
class to store options, which adds a new 'sensitive' attribute.

https://fedorahosted.org/freeipa/ticket/393
---
 ipapython/config.py | 42 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 41 insertions(+), 1 deletion(-)

(limited to 'ipapython/config.py')

diff --git a/ipapython/config.py b/ipapython/config.py
index 12d916cff..4df47dea1 100644
--- a/ipapython/config.py
+++ b/ipapython/config.py
@@ -18,7 +18,7 @@
 #
 
 import ConfigParser
-from optparse import OptionParser, IndentedHelpFormatter
+from optparse import Option, Values, OptionParser, IndentedHelpFormatter
 
 import socket
 import ipapython.dnsclient
@@ -46,6 +46,46 @@ class IPAFormatter(IndentedHelpFormatter):
             ret += "%s %s\n" % (spacing, line)
         return ret
 
+class IPAOption(Option):
+    """
+    optparse.Option subclass with support of options labeled as
+    security-sensitive such as passwords.
+    """
+    ATTRS = Option.ATTRS + ["sensitive"]
+
+class IPAOptionParser(OptionParser):
+    """
+    optparse.OptionParser subclass that uses IPAOption by default
+    for storing options.
+    """
+    def __init__(self,
+                 usage=None,
+                 option_list=None,
+                 option_class=IPAOption,
+                 version=None,
+                 conflict_handler="error",
+                 description=None,
+                 formatter=None,
+                 add_help_option=True,
+                 prog=None):
+        OptionParser.__init__(self, usage, option_list, option_class,
+                              version, conflict_handler, description,
+                              formatter, add_help_option, prog)
+
+    def get_safe_opts(self, opts):
+        """
+        Returns all options except those with sensitive=True in the same
+        fashion as parse_args would
+        """
+        all_opts_dict = dict([ (o.dest, o) for o in self._get_all_options() if hasattr(o, 'sensitive') ])
+        safe_opts_dict = {}
+
+        for option, value in opts.__dict__.iteritems():
+            if all_opts_dict[option].sensitive != True:
+                safe_opts_dict[option] = value
+
+        return Values(safe_opts_dict)
+
 def verify_args(parser, args, needed_args = None):
     """Verify that we have all positional arguments we need, if not, exit."""
     if needed_args:
-- 
cgit