From 719478fd34077fcbf1b6c6ad201c36ff57983490 Mon Sep 17 00:00:00 2001
From: Endi Sukma Dewata <edewata@redhat.com>
Date: Wed, 28 Nov 2012 09:27:16 -0500
Subject: Reorganized sensitive parameters.

Previously sensitive parameters are stored in the Sensitive section in
the configuration file, separate from the hierarchical structure used
by non-sensitive parameters. To allow defining multiple subsystems in
a single configuration file the sensitive and non-sensitive parameters
have been reorganized into the same hierarchical structure.

To maintain the security a new meta-parameter has been added to list
all sensitive parameter names. This way the deployment code will know
whether a parameter is sensitive, which then will mask the value before
displaying it to the screen or storing it in a log file.

Ticket #399
---
 base/deploy/src/scriptlets/pkilogging.py | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'base/deploy/src/scriptlets/pkilogging.py')

diff --git a/base/deploy/src/scriptlets/pkilogging.py b/base/deploy/src/scriptlets/pkilogging.py
index 9b22ae39c..3c146a12c 100644
--- a/base/deploy/src/scriptlets/pkilogging.py
+++ b/base/deploy/src/scriptlets/pkilogging.py
@@ -22,7 +22,25 @@
 # System Imports
 import logging
 import os
+import pprint
 
+sensitive_parameters = []
+
+# Initialize 'pretty print' for objects
+pp = pprint.PrettyPrinter(indent=4)
+
+def format(dict):
+    new_dict = {}
+
+    # mask sensitive data
+    for key in dict:
+        if key in sensitive_parameters:
+            value = 'XXXXXXXX'
+        else:
+            value = dict[key]
+        new_dict[key] = value
+
+    return pp.pformat(new_dict)
 
 # PKI Deployment Logging Functions
 def enable_pki_logger(log_dir, log_name, log_level, console_log_level, logger):
-- 
cgit