summaryrefslogtreecommitdiffstats
path: root/base/deploy/src/pkispawn
diff options
context:
space:
mode:
authorEndi Sukma Dewata <edewata@redhat.com>2012-11-28 09:27:16 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2012-11-30 16:02:48 -0500
commit5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6 (patch)
treedd8f1cad6df0d45547111b9e46682975518c1a46 /base/deploy/src/pkispawn
parentcef7a7704f9f4b48c0a9b242fabd3a919f2068d5 (diff)
downloadpki-5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6.tar.gz
pki-5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6.tar.xz
pki-5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6.zip
Reorganized sensitive parameters.
Previously sensitive parameters are stored in the Sensitive section in the configuration file, separate from the hierarchical structure used by non-sensitive parameters. To allow defining multiple subsystems in a single configuration file the sensitive and non-sensitive parameters have been reorganized into the same hierarchical structure. To maintain the security a new meta-parameter has been added to list all sensitive parameter names. This way the deployment code will know whether a parameter is sensitive, which then will mask the value before displaying it to the screen or storing it in a log file. Ticket #399
Diffstat (limited to 'base/deploy/src/pkispawn')
-rwxr-xr-xbase/deploy/src/pkispawn24
1 files changed, 10 insertions, 14 deletions
diff --git a/base/deploy/src/pkispawn b/base/deploy/src/pkispawn
index a687d5bef..65c25a93d 100755
--- a/base/deploy/src/pkispawn
+++ b/base/deploy/src/pkispawn
@@ -29,7 +29,6 @@ try:
import argparse
import logging
import os
- import pprint
import socket
import struct
import subprocess
@@ -88,9 +87,6 @@ def main(argv):
print log.PKI_SUBPROCESS_ERROR_1 % exc
sys.exit(1)
- # Initialize 'pretty print' for objects
- pp = pprint.PrettyPrinter(indent=4)
-
# Read and process command-line arguments.
parser = PKIConfigParser()
parser.process_command_line_arguments(argv)
@@ -136,43 +132,43 @@ def main(argv):
# Read the specified PKI configuration file.
rv = parser.read_pki_configuration_file()
if rv != 0:
- config.pki_log.error(PKI_UNABLE_TO_PARSE_1, rv,
+ config.pki_log.error(log.PKI_UNABLE_TO_PARSE_1, rv,
extra=config.PKI_INDENTATION_LEVEL_0)
sys.exit(1)
else:
# NEVER print out 'sensitive' name/value pairs!!!
config.pki_log.debug(log.PKI_DICTIONARY_COMMON,
extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(pp.pformat(config.pki_common_dict),
+ config.pki_log.debug(pkilogging.format(config.pki_common_dict),
extra=config.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER,
extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(pp.pformat(config.pki_web_server_dict),
+ config.pki_log.debug(pkilogging.format(config.pki_web_server_dict),
extra=config.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM,
extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(pp.pformat(config.pki_subsystem_dict),
+ config.pki_log.debug(pkilogging.format(config.pki_subsystem_dict),
extra=config.PKI_INDENTATION_LEVEL_0)
# NEVER print out 'sensitive' name/value pairs!!!
config.pki_log.debug(log.PKI_DICTIONARY_COMMON,
extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(pp.pformat(config.pki_common_dict),
+ config.pki_log.debug(pkilogging.format(config.pki_common_dict),
extra=config.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER,
extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(pp.pformat(config.pki_web_server_dict),
+ config.pki_log.debug(pkilogging.format(config.pki_web_server_dict),
extra=config.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM,
extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(pp.pformat(config.pki_subsystem_dict),
+ config.pki_log.debug(pkilogging.format(config.pki_subsystem_dict),
extra=config.PKI_INDENTATION_LEVEL_0)
# Read in the PKI slots configuration file.
parser.compose_pki_slots_dictionary()
config.pki_log.debug(log.PKI_DICTIONARY_SLOTS,
extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(pp.pformat(config.pki_slots_dict),
+ config.pki_log.debug(pkilogging.format(config.pki_slots_dict),
extra=config.PKI_INDENTATION_LEVEL_0)
# Combine the various sectional dictionaries into a PKI master dictionary
@@ -185,7 +181,7 @@ def main(argv):
config.pki_log_name
config.pki_log.debug(log.PKI_DICTIONARY_MASTER,
extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(pp.pformat(config.pki_master_dict),
+ config.pki_log.debug(pkilogging.format(config.pki_master_dict),
extra=config.PKI_INDENTATION_LEVEL_0)
# Install and configure the specified PKI subsystem.
@@ -215,7 +211,7 @@ def main(argv):
sys.exit(1)
config.pki_log.debug(log.PKI_DICTIONARY_MASTER,
extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(pp.pformat(config.pki_master_dict),
+ config.pki_log.debug(pkilogging.format(config.pki_master_dict),
extra=config.PKI_INDENTATION_LEVEL_0)