diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-28 09:27:16 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-28 10:24:48 -0500 |
commit | 310a30f230eae7fd34d8a41e54ee3125ffb91046 (patch) | |
tree | f6e390ddf170d933f9c22f471afad129150fb840 /base/deploy/src/pkispawn | |
parent | 3683d2a0647ff09508d0cf1f0553a35870c110db (diff) | |
download | pki-310a30f230eae7fd34d8a41e54ee3125ffb91046.tar.gz pki-310a30f230eae7fd34d8a41e54ee3125ffb91046.tar.xz pki-310a30f230eae7fd34d8a41e54ee3125ffb91046.zip |
Reorganized sensitive parameters.
Previously sensitive parameters are stored in the Sensitive section in
the configuration file, separate from the hierarchical structure used
by non-sensitive parameters. To allow defining multiple subsystems in
a single configuration file the sensitive and non-sensitive parameters
have been reorganized into the same hierarchical structure.
To maintain the security a new meta-parameter has been added to list
all sensitive parameter names. This way the deployment code will know
whether a parameter is sensitive, which then will mask the value before
displaying it to the screen or storing it in a log file.
Ticket #399
Diffstat (limited to 'base/deploy/src/pkispawn')
-rwxr-xr-x | base/deploy/src/pkispawn | 24 |
1 files changed, 10 insertions, 14 deletions
diff --git a/base/deploy/src/pkispawn b/base/deploy/src/pkispawn index fbb6b8e26..8031bbdf5 100755 --- a/base/deploy/src/pkispawn +++ b/base/deploy/src/pkispawn @@ -29,7 +29,6 @@ try: import argparse import logging import os - import pprint import socket import struct import subprocess @@ -88,9 +87,6 @@ def main(argv): print log.PKI_SUBPROCESS_ERROR_1 % exc sys.exit(1) - # Initialize 'pretty print' for objects - pp = pprint.PrettyPrinter(indent=4) - # Read and process command-line arguments. parser = PKIConfigParser() parser.process_command_line_arguments(argv) @@ -123,43 +119,43 @@ def main(argv): # Read the specified PKI configuration file. rv = parser.read_pki_configuration_file() if rv != 0: - config.pki_log.error(PKI_UNABLE_TO_PARSE_1, rv, + config.pki_log.error(log.PKI_UNABLE_TO_PARSE_1, rv, extra=config.PKI_INDENTATION_LEVEL_0) sys.exit(1) else: # NEVER print out 'sensitive' name/value pairs!!! config.pki_log.debug(log.PKI_DICTIONARY_COMMON, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pp.pformat(config.pki_common_dict), + config.pki_log.debug(pkilogging.format(config.pki_common_dict), extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pp.pformat(config.pki_web_server_dict), + config.pki_log.debug(pkilogging.format(config.pki_web_server_dict), extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pp.pformat(config.pki_subsystem_dict), + config.pki_log.debug(pkilogging.format(config.pki_subsystem_dict), extra=config.PKI_INDENTATION_LEVEL_0) # NEVER print out 'sensitive' name/value pairs!!! config.pki_log.debug(log.PKI_DICTIONARY_COMMON, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pp.pformat(config.pki_common_dict), + config.pki_log.debug(pkilogging.format(config.pki_common_dict), extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pp.pformat(config.pki_web_server_dict), + config.pki_log.debug(pkilogging.format(config.pki_web_server_dict), extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pp.pformat(config.pki_subsystem_dict), + config.pki_log.debug(pkilogging.format(config.pki_subsystem_dict), extra=config.PKI_INDENTATION_LEVEL_0) # Read in the PKI slots configuration file. parser.compose_pki_slots_dictionary() config.pki_log.debug(log.PKI_DICTIONARY_SLOTS, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pp.pformat(config.pki_slots_dict), + config.pki_log.debug(pkilogging.format(config.pki_slots_dict), extra=config.PKI_INDENTATION_LEVEL_0) # Combine the various sectional dictionaries into a PKI master dictionary @@ -168,7 +164,7 @@ def main(argv): config.pki_log_name config.pki_log.debug(log.PKI_DICTIONARY_MASTER, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pp.pformat(config.pki_master_dict), + config.pki_log.debug(pkilogging.format(config.pki_master_dict), extra=config.PKI_INDENTATION_LEVEL_0) # Install and configure the specified PKI subsystem. @@ -195,7 +191,7 @@ def main(argv): sys.exit(1) config.pki_log.debug(log.PKI_DICTIONARY_MASTER, extra=config.PKI_INDENTATION_LEVEL_0) - config.pki_log.debug(pp.pformat(config.pki_master_dict), + config.pki_log.debug(pkilogging.format(config.pki_master_dict), extra=config.PKI_INDENTATION_LEVEL_0) |