Reorganized sensitive parameters.

Previously sensitive parameters are stored in the Sensitive section in the configuration file, separate from the hierarchical structure used by non-sensitive parameters. To allow defining multiple subsystems in a single configuration file the sensitive and non-sensitive parameters have been reorganized into the same hierarchical structure. To maintain the security a new meta-parameter has been added to list all sensitive parameter names. This way the deployment code will know whether a parameter is sensitive, which then will mask the value before displaying it to the screen or storing it in a log file. Ticket #399
author: Endi Sukma Dewata <edewata@redhat.com> 2012-11-28 09:27:16 -0500
committer: Endi Sukma Dewata <edewata@redhat.com> 2012-11-28 10:24:48 -0500
commit: 310a30f230eae7fd34d8a41e54ee3125ffb91046 (patch)
tree: f6e390ddf170d933f9c22f471afad129150fb840 /base/deploy/src/pkispawn
parent: 3683d2a0647ff09508d0cf1f0553a35870c110db (diff)
download: pki-310a30f230eae7fd34d8a41e54ee3125ffb91046.tar.gz
pki-310a30f230eae7fd34d8a41e54ee3125ffb91046.tar.xz
pki-310a30f230eae7fd34d8a41e54ee3125ffb91046.zip
1 files changed, 10 insertions, 14 deletions
diff --git a/base/deploy/src/pkispawn b/base/deploy/src/pkispawn
index fbb6b8e26..8031bbdf5 100755
--- a/base/deploy/src/pkispawn
+++ b/base/deploy/src/pkispawn
@@ -29,7 +29,6 @@ try:
     import argparse
     import logging
     import os
-    import pprint
     import socket
     import struct
     import subprocess
@@ -88,9 +87,6 @@ def main(argv):
         print log.PKI_SUBPROCESS_ERROR_1 % exc
         sys.exit(1)
 
-    # Initialize 'pretty print' for objects
-    pp = pprint.PrettyPrinter(indent=4)
-
     # Read and process command-line arguments.
     parser = PKIConfigParser()
     parser.process_command_line_arguments(argv)
@@ -123,43 +119,43 @@ def main(argv):
     # Read the specified PKI configuration file.
     rv = parser.read_pki_configuration_file()
     if rv != 0:
-        config.pki_log.error(PKI_UNABLE_TO_PARSE_1, rv,
+        config.pki_log.error(log.PKI_UNABLE_TO_PARSE_1, rv,
                              extra=config.PKI_INDENTATION_LEVEL_0)
         sys.exit(1)
     else:
         # NEVER print out 'sensitive' name/value pairs!!!
         config.pki_log.debug(log.PKI_DICTIONARY_COMMON,
                              extra=config.PKI_INDENTATION_LEVEL_0)
-        config.pki_log.debug(pp.pformat(config.pki_common_dict),
+        config.pki_log.debug(pkilogging.format(config.pki_common_dict),
                              extra=config.PKI_INDENTATION_LEVEL_0)
         config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER,
                              extra=config.PKI_INDENTATION_LEVEL_0)
-        config.pki_log.debug(pp.pformat(config.pki_web_server_dict),
+        config.pki_log.debug(pkilogging.format(config.pki_web_server_dict),
                              extra=config.PKI_INDENTATION_LEVEL_0)
         config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM,
                              extra=config.PKI_INDENTATION_LEVEL_0)
-        config.pki_log.debug(pp.pformat(config.pki_subsystem_dict),
+        config.pki_log.debug(pkilogging.format(config.pki_subsystem_dict),
                              extra=config.PKI_INDENTATION_LEVEL_0)
 
     # NEVER print out 'sensitive' name/value pairs!!!
     config.pki_log.debug(log.PKI_DICTIONARY_COMMON,
                          extra=config.PKI_INDENTATION_LEVEL_0)
-    config.pki_log.debug(pp.pformat(config.pki_common_dict),
+    config.pki_log.debug(pkilogging.format(config.pki_common_dict),
                          extra=config.PKI_INDENTATION_LEVEL_0)
     config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER,
                          extra=config.PKI_INDENTATION_LEVEL_0)
-    config.pki_log.debug(pp.pformat(config.pki_web_server_dict),
+    config.pki_log.debug(pkilogging.format(config.pki_web_server_dict),
                          extra=config.PKI_INDENTATION_LEVEL_0)
     config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM,
                          extra=config.PKI_INDENTATION_LEVEL_0)
-    config.pki_log.debug(pp.pformat(config.pki_subsystem_dict),
+    config.pki_log.debug(pkilogging.format(config.pki_subsystem_dict),
                          extra=config.PKI_INDENTATION_LEVEL_0)
 
     # Read in the PKI slots configuration file.
     parser.compose_pki_slots_dictionary()
     config.pki_log.debug(log.PKI_DICTIONARY_SLOTS,
                          extra=config.PKI_INDENTATION_LEVEL_0)
-    config.pki_log.debug(pp.pformat(config.pki_slots_dict),
+    config.pki_log.debug(pkilogging.format(config.pki_slots_dict),
                          extra=config.PKI_INDENTATION_LEVEL_0)
 
     # Combine the various sectional dictionaries into a PKI master dictionary
@@ -168,7 +164,7 @@ def main(argv):
                                               config.pki_log_name
     config.pki_log.debug(log.PKI_DICTIONARY_MASTER,
                          extra=config.PKI_INDENTATION_LEVEL_0)
-    config.pki_log.debug(pp.pformat(config.pki_master_dict),
+    config.pki_log.debug(pkilogging.format(config.pki_master_dict),
                          extra=config.PKI_INDENTATION_LEVEL_0)
 
     # Install and configure the specified PKI subsystem.
@@ -195,7 +191,7 @@ def main(argv):
             sys.exit(1)
     config.pki_log.debug(log.PKI_DICTIONARY_MASTER,
                          extra=config.PKI_INDENTATION_LEVEL_0)
-    config.pki_log.debug(pp.pformat(config.pki_master_dict),
+    config.pki_log.debug(pkilogging.format(config.pki_master_dict),
                          extra=config.PKI_INDENTATION_LEVEL_0)
author	Endi Sukma Dewata <edewata@redhat.com>	2012-11-28 09:27:16 -0500
committer	Endi Sukma Dewata <edewata@redhat.com>	2012-11-28 10:24:48 -0500
commit	310a30f230eae7fd34d8a41e54ee3125ffb91046 (patch)
tree	f6e390ddf170d933f9c22f471afad129150fb840 /base/deploy/src/pkispawn
parent	3683d2a0647ff09508d0cf1f0553a35870c110db (diff)
download	pki-310a30f230eae7fd34d8a41e54ee3125ffb91046.tar.gz pki-310a30f230eae7fd34d8a41e54ee3125ffb91046.tar.xz pki-310a30f230eae7fd34d8a41e54ee3125ffb91046.zip