diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-28 09:27:16 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-30 16:02:48 -0500 |
commit | 5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6 (patch) | |
tree | dd8f1cad6df0d45547111b9e46682975518c1a46 /base/deploy/src/pkidestroy | |
parent | cef7a7704f9f4b48c0a9b242fabd3a919f2068d5 (diff) | |
download | pki-5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6.tar.gz pki-5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6.tar.xz pki-5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6.zip |
Reorganized sensitive parameters.
Previously sensitive parameters are stored in the Sensitive section in
the configuration file, separate from the hierarchical structure used
by non-sensitive parameters. To allow defining multiple subsystems in
a single configuration file the sensitive and non-sensitive parameters
have been reorganized into the same hierarchical structure.
To maintain the security a new meta-parameter has been added to list
all sensitive parameter names. This way the deployment code will know
whether a parameter is sensitive, which then will mask the value before
displaying it to the screen or storing it in a log file.
Ticket #399
Diffstat (limited to 'base/deploy/src/pkidestroy')
-rwxr-xr-x | base/deploy/src/pkidestroy | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/base/deploy/src/pkidestroy b/base/deploy/src/pkidestroy index 1597712e1..88a47308f 100755 --- a/base/deploy/src/pkidestroy +++ b/base/deploy/src/pkidestroy @@ -29,7 +29,6 @@ try: import argparse import logging import os - import pprint import socket import struct import subprocess @@ -88,9 +87,6 @@ def main(argv): print log.PKI_SUBPROCESS_ERROR_1 % exc sys.exit(1) - # Initialize 'pretty print' for objects - pp = pprint.PrettyPrinter(indent=4) - # Read and process command-line arguments. parser = PKIConfigParser() parser.process_command_line_arguments(argv) @@ -116,36 +112,36 @@ def main(argv): # Read the specified PKI configuration file. rv = parser.read_pki_configuration_file() if rv != 0: - config.pki_log.error(PKI_UNABLE_TO_PARSE_1, rv, + config.pki_log.error(log.PKI_UNABLE_TO_PARSE_1, rv, extra=config.PKI_INDENTATION_LEVEL_0) sys.exit(1) else: # NEVER print out 'sensitive' name/value pairs!!! config.pki_log.debug(log.PKI_DICTIONARY_COMMON, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pp.pformat(config.pki_common_dict), + config.pki_log.debug(pkilogging.format(config.pki_common_dict), extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pp.pformat(config.pki_web_server_dict), + config.pki_log.debug(pkilogging.format(config.pki_web_server_dict), extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pp.pformat(config.pki_subsystem_dict), + config.pki_log.debug(pkilogging.format(config.pki_subsystem_dict), extra=config.PKI_INDENTATION_LEVEL_0) # NEVER print out 'sensitive' name/value pairs!!! config.pki_log.debug(log.PKI_DICTIONARY_COMMON, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pp.pformat(config.pki_common_dict), + config.pki_log.debug(pkilogging.format(config.pki_common_dict), extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pp.pformat(config.pki_web_server_dict), + config.pki_log.debug(pkilogging.format(config.pki_web_server_dict), extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pp.pformat(config.pki_subsystem_dict), + config.pki_log.debug(pkilogging.format(config.pki_subsystem_dict), extra=config.PKI_INDENTATION_LEVEL_0) # Combine the various sectional dictionaries into a PKI master dictionary @@ -154,7 +150,7 @@ def main(argv): config.pki_log_name config.pki_log.debug(log.PKI_DICTIONARY_MASTER, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pp.pformat(config.pki_master_dict), + config.pki_log.debug(pkilogging.format(config.pki_master_dict), extra=config.PKI_INDENTATION_LEVEL_0) # Remove the specified PKI subsystem. @@ -181,7 +177,7 @@ def main(argv): sys.exit(1) config.pki_log.debug(log.PKI_DICTIONARY_MASTER, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pp.pformat(config.pki_master_dict), + config.pki_log.debug(pkilogging.format(config.pki_master_dict), extra=config.PKI_INDENTATION_LEVEL_0) |