From 719478fd34077fcbf1b6c6ad201c36ff57983490 Mon Sep 17 00:00:00 2001
From: Endi Sukma Dewata <edewata@redhat.com>
Date: Wed, 28 Nov 2012 09:27:16 -0500
Subject: Reorganized sensitive parameters.

Previously sensitive parameters are stored in the Sensitive section in
the configuration file, separate from the hierarchical structure used
by non-sensitive parameters. To allow defining multiple subsystems in
a single configuration file the sensitive and non-sensitive parameters
have been reorganized into the same hierarchical structure.

To maintain the security a new meta-parameter has been added to list
all sensitive parameter names. This way the deployment code will know
whether a parameter is sensitive, which then will mask the value before
displaying it to the screen or storing it in a log file.

Ticket #399
---
 base/deploy/src/pkidestroy | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

(limited to 'base/deploy/src/pkidestroy')

diff --git a/base/deploy/src/pkidestroy b/base/deploy/src/pkidestroy
index 1597712e1..88a47308f 100755
--- a/base/deploy/src/pkidestroy
+++ b/base/deploy/src/pkidestroy
@@ -29,7 +29,6 @@ try:
     import argparse
     import logging
     import os
-    import pprint
     import socket
     import struct
     import subprocess
@@ -88,9 +87,6 @@ def main(argv):
         print log.PKI_SUBPROCESS_ERROR_1 % exc
         sys.exit(1)
 
-    # Initialize 'pretty print' for objects
-    pp = pprint.PrettyPrinter(indent=4)
-
     # Read and process command-line arguments.
     parser = PKIConfigParser()
     parser.process_command_line_arguments(argv)
@@ -116,36 +112,36 @@ def main(argv):
     # Read the specified PKI configuration file.
     rv = parser.read_pki_configuration_file()
     if rv != 0:
-        config.pki_log.error(PKI_UNABLE_TO_PARSE_1, rv,
+        config.pki_log.error(log.PKI_UNABLE_TO_PARSE_1, rv,
                              extra=config.PKI_INDENTATION_LEVEL_0)
         sys.exit(1)
     else:
         # NEVER print out 'sensitive' name/value pairs!!!
         config.pki_log.debug(log.PKI_DICTIONARY_COMMON,
                              extra=config.PKI_INDENTATION_LEVEL_0)
-        config.pki_log.debug(pp.pformat(config.pki_common_dict),
+        config.pki_log.debug(pkilogging.format(config.pki_common_dict),
                              extra=config.PKI_INDENTATION_LEVEL_0)
         config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER,
                              extra=config.PKI_INDENTATION_LEVEL_0)
-        config.pki_log.debug(pp.pformat(config.pki_web_server_dict),
+        config.pki_log.debug(pkilogging.format(config.pki_web_server_dict),
                              extra=config.PKI_INDENTATION_LEVEL_0)
         config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM,
                              extra=config.PKI_INDENTATION_LEVEL_0)
-        config.pki_log.debug(pp.pformat(config.pki_subsystem_dict),
+        config.pki_log.debug(pkilogging.format(config.pki_subsystem_dict),
                              extra=config.PKI_INDENTATION_LEVEL_0)
 
     # NEVER print out 'sensitive' name/value pairs!!!
     config.pki_log.debug(log.PKI_DICTIONARY_COMMON,
                          extra=config.PKI_INDENTATION_LEVEL_0)
-    config.pki_log.debug(pp.pformat(config.pki_common_dict),
+    config.pki_log.debug(pkilogging.format(config.pki_common_dict),
                          extra=config.PKI_INDENTATION_LEVEL_0)
     config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER,
                          extra=config.PKI_INDENTATION_LEVEL_0)
-    config.pki_log.debug(pp.pformat(config.pki_web_server_dict),
+    config.pki_log.debug(pkilogging.format(config.pki_web_server_dict),
                          extra=config.PKI_INDENTATION_LEVEL_0)
     config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM,
                          extra=config.PKI_INDENTATION_LEVEL_0)
-    config.pki_log.debug(pp.pformat(config.pki_subsystem_dict),
+    config.pki_log.debug(pkilogging.format(config.pki_subsystem_dict),
                          extra=config.PKI_INDENTATION_LEVEL_0)
 
     # Combine the various sectional dictionaries into a PKI master dictionary
@@ -154,7 +150,7 @@ def main(argv):
                                                 config.pki_log_name
     config.pki_log.debug(log.PKI_DICTIONARY_MASTER,
                          extra=config.PKI_INDENTATION_LEVEL_0)
-    config.pki_log.debug(pp.pformat(config.pki_master_dict),
+    config.pki_log.debug(pkilogging.format(config.pki_master_dict),
                          extra=config.PKI_INDENTATION_LEVEL_0)
 
     # Remove the specified PKI subsystem.
@@ -181,7 +177,7 @@ def main(argv):
             sys.exit(1)
     config.pki_log.debug(log.PKI_DICTIONARY_MASTER,
                          extra=config.PKI_INDENTATION_LEVEL_0)
-    config.pki_log.debug(pp.pformat(config.pki_master_dict),
+    config.pki_log.debug(pkilogging.format(config.pki_master_dict),
                          extra=config.PKI_INDENTATION_LEVEL_0)
 
 
-- 
cgit