From 5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6 Mon Sep 17 00:00:00 2001
From: Endi Sukma Dewata <edewata@redhat.com>
Date: Wed, 28 Nov 2012 09:27:16 -0500
Subject: Reorganized sensitive parameters.

Previously sensitive parameters are stored in the Sensitive section in
the configuration file, separate from the hierarchical structure used
by non-sensitive parameters. To allow defining multiple subsystems in
a single configuration file the sensitive and non-sensitive parameters
have been reorganized into the same hierarchical structure.

To maintain the security a new meta-parameter has been added to list
all sensitive parameter names. This way the deployment code will know
whether a parameter is sensitive, which then will mask the value before
displaying it to the screen or storing it in a log file.

Ticket #399
---
 base/deploy/src/pkispawn | 24 ++++++++++--------------
 1 file changed, 10 insertions(+), 14 deletions(-)

(limited to 'base/deploy/src/pkispawn')

diff --git a/base/deploy/src/pkispawn b/base/deploy/src/pkispawn
index a687d5bef..65c25a93d 100755
--- a/base/deploy/src/pkispawn
+++ b/base/deploy/src/pkispawn
@@ -29,7 +29,6 @@ try:
     import argparse
     import logging
     import os
-    import pprint
     import socket
     import struct
     import subprocess
@@ -88,9 +87,6 @@ def main(argv):
         print log.PKI_SUBPROCESS_ERROR_1 % exc
         sys.exit(1)
 
-    # Initialize 'pretty print' for objects
-    pp = pprint.PrettyPrinter(indent=4)
-
     # Read and process command-line arguments.
     parser = PKIConfigParser()
     parser.process_command_line_arguments(argv)
@@ -136,43 +132,43 @@ def main(argv):
     # Read the specified PKI configuration file.
     rv = parser.read_pki_configuration_file()
     if rv != 0:
-        config.pki_log.error(PKI_UNABLE_TO_PARSE_1, rv,
+        config.pki_log.error(log.PKI_UNABLE_TO_PARSE_1, rv,
                              extra=config.PKI_INDENTATION_LEVEL_0)
         sys.exit(1)
     else:
         # NEVER print out 'sensitive' name/value pairs!!!
         config.pki_log.debug(log.PKI_DICTIONARY_COMMON,
                              extra=config.PKI_INDENTATION_LEVEL_0)
-        config.pki_log.debug(pp.pformat(config.pki_common_dict),
+        config.pki_log.debug(pkilogging.format(config.pki_common_dict),
                              extra=config.PKI_INDENTATION_LEVEL_0)
         config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER,
                              extra=config.PKI_INDENTATION_LEVEL_0)
-        config.pki_log.debug(pp.pformat(config.pki_web_server_dict),
+        config.pki_log.debug(pkilogging.format(config.pki_web_server_dict),
                              extra=config.PKI_INDENTATION_LEVEL_0)
         config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM,
                              extra=config.PKI_INDENTATION_LEVEL_0)
-        config.pki_log.debug(pp.pformat(config.pki_subsystem_dict),
+        config.pki_log.debug(pkilogging.format(config.pki_subsystem_dict),
                              extra=config.PKI_INDENTATION_LEVEL_0)
 
     # NEVER print out 'sensitive' name/value pairs!!!
     config.pki_log.debug(log.PKI_DICTIONARY_COMMON,
                          extra=config.PKI_INDENTATION_LEVEL_0)
-    config.pki_log.debug(pp.pformat(config.pki_common_dict),
+    config.pki_log.debug(pkilogging.format(config.pki_common_dict),
                          extra=config.PKI_INDENTATION_LEVEL_0)
     config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER,
                          extra=config.PKI_INDENTATION_LEVEL_0)
-    config.pki_log.debug(pp.pformat(config.pki_web_server_dict),
+    config.pki_log.debug(pkilogging.format(config.pki_web_server_dict),
                          extra=config.PKI_INDENTATION_LEVEL_0)
     config.pki_log.debug(log.PKI_DICTIONARY_SUBSYSTEM,
                          extra=config.PKI_INDENTATION_LEVEL_0)
-    config.pki_log.debug(pp.pformat(config.pki_subsystem_dict),
+    config.pki_log.debug(pkilogging.format(config.pki_subsystem_dict),
                          extra=config.PKI_INDENTATION_LEVEL_0)
 
     # Read in the PKI slots configuration file.
     parser.compose_pki_slots_dictionary()
     config.pki_log.debug(log.PKI_DICTIONARY_SLOTS,
                          extra=config.PKI_INDENTATION_LEVEL_0)
-    config.pki_log.debug(pp.pformat(config.pki_slots_dict),
+    config.pki_log.debug(pkilogging.format(config.pki_slots_dict),
                          extra=config.PKI_INDENTATION_LEVEL_0)
 
     # Combine the various sectional dictionaries into a PKI master dictionary
@@ -185,7 +181,7 @@ def main(argv):
                                                     config.pki_log_name
     config.pki_log.debug(log.PKI_DICTIONARY_MASTER,
                          extra=config.PKI_INDENTATION_LEVEL_0)
-    config.pki_log.debug(pp.pformat(config.pki_master_dict),
+    config.pki_log.debug(pkilogging.format(config.pki_master_dict),
                          extra=config.PKI_INDENTATION_LEVEL_0)
 
     # Install and configure the specified PKI subsystem.
@@ -215,7 +211,7 @@ def main(argv):
             sys.exit(1)
     config.pki_log.debug(log.PKI_DICTIONARY_MASTER,
                          extra=config.PKI_INDENTATION_LEVEL_0)
-    config.pki_log.debug(pp.pformat(config.pki_master_dict),
+    config.pki_log.debug(pkilogging.format(config.pki_master_dict),
                          extra=config.PKI_INDENTATION_LEVEL_0)
 
 
-- 
cgit