Remove sensitive parameters from archived deployment cfg.

Remove the sensitive parameters before archiving the user configurations in the archive file. Ticket #566
author: Abhishek Koneru <akoneru@redhat.com> 2013-04-10 16:21:26 -0400
committer: Abhishek Koneru <akoneru@redhat.com> 2013-04-17 12:17:09 -0400
commit: 0294f5e83bb4ee0525ea3fca4c9f866c0b257147 (patch)
tree: b5c6e70bed5cef6269e701936065559a0099c18d /base/server/src/scriptlets
parent: b724aa7fd9e65b0461594f3e8821506bdab7b7d6 (diff)
download: pki-0294f5e83bb4ee0525ea3fca4c9f866c0b257147.tar.gz
pki-0294f5e83bb4ee0525ea3fca4c9f866c0b257147.tar.xz
pki-0294f5e83bb4ee0525ea3fca4c9f866c0b257147.zip
1 files changed, 9 insertions, 6 deletions
diff --git a/base/server/src/scriptlets/infrastructure_layout.py b/base/server/src/scriptlets/infrastructure_layout.py
index c523c8514..f3535d767 100644
--- a/base/server/src/scriptlets/infrastructure_layout.py
+++ b/base/server/src/scriptlets/infrastructure_layout.py
@@ -60,12 +60,15 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                        master['pki_default_deployment_cfg_replica'])
 
         print "Storing deployment configuration into " + config.pki_master_dict['pki_user_deployment_cfg_replica'] + "."
-        if master['pki_user_deployment_cfg']:
-            util.file.copy(master['pki_user_deployment_cfg'],
-                           master['pki_user_deployment_cfg_replica'])
-        else:
-            with open(master['pki_user_deployment_cfg_replica'], 'w') as f:
-                config.user_config.write(f)
+
+        #Archive the user deployment configuration excluding the sensitive parameters
+        sensitive_parameters = config.pki_master_dict['sensitive_parameters'].split()
+        sections = config.user_config.sections()
+        for s in sections:
+            for k in sensitive_parameters:
+                config.user_config.set(s, k, 'XXXXXXXX')
+        with open(master['pki_user_deployment_cfg_replica'], 'w') as f:
+            config.user_config.write(f)
 
         # establish top-level infrastructure, instance, and subsystem
         # base directories and create the "registry" symbolic link that
author	Abhishek Koneru <akoneru@redhat.com>	2013-04-10 16:21:26 -0400
committer	Abhishek Koneru <akoneru@redhat.com>	2013-04-17 12:17:09 -0400
commit	0294f5e83bb4ee0525ea3fca4c9f866c0b257147 (patch)
tree	b5c6e70bed5cef6269e701936065559a0099c18d /base/server/src/scriptlets
parent	b724aa7fd9e65b0461594f3e8821506bdab7b7d6 (diff)
download	pki-0294f5e83bb4ee0525ea3fca4c9f866c0b257147.tar.gz pki-0294f5e83bb4ee0525ea3fca4c9f866c0b257147.tar.xz pki-0294f5e83bb4ee0525ea3fca4c9f866c0b257147.zip