Reorganized sensitive parameters.

Previously sensitive parameters are stored in the Sensitive section in
the configuration file, separate from the hierarchical structure used
by non-sensitive parameters. To allow defining multiple subsystems in
a single configuration file the sensitive and non-sensitive parameters
have been reorganized into the same hierarchical structure.

To maintain the security a new meta-parameter has been added to list
all sensitive parameter names. This way the deployment code will know
whether a parameter is sensitive, which then will mask the value before
displaying it to the screen or storing it in a log file.

Ticket #399

1 files changed, 18 insertions, 0 deletions

diff --git a/base/deploy/src/scriptlets/pkilogging.py b/base/deploy/src/scriptlets/pkilogging.py
index 9b22ae39c..3c146a12c 100644
--- a/base/deploy/src/scriptlets/pkilogging.py
+++ b/base/deploy/src/scriptlets/pkilogging.py
@@ -22,7 +22,25 @@
 # System Imports
 import logging
 import os
+import pprint
 
+sensitive_parameters = []
+
+# Initialize 'pretty print' for objects
+pp = pprint.PrettyPrinter(indent=4)
+
+def format(dict):
+    new_dict = {}
+
+    # mask sensitive data
+    for key in dict:
+        if key in sensitive_parameters:
+            value = 'XXXXXXXX'
+        else:
+            value = dict[key]
+        new_dict[key] = value
+
+    return pp.pformat(new_dict)
 
 # PKI Deployment Logging Functions
 def enable_pki_logger(log_dir, log_name, log_level, console_log_level, logger):