From 0294f5e83bb4ee0525ea3fca4c9f866c0b257147 Mon Sep 17 00:00:00 2001
From: Abhishek Koneru <akoneru@redhat.com>
Date: Wed, 10 Apr 2013 16:21:26 -0400
Subject: Remove sensitive parameters from archived deployment cfg.

Remove the sensitive parameters before archiving the user
configurations in the archive file.

Ticket #566
---
 base/server/src/scriptlets/infrastructure_layout.py | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

(limited to 'base/server/src/scriptlets/infrastructure_layout.py')

diff --git a/base/server/src/scriptlets/infrastructure_layout.py b/base/server/src/scriptlets/infrastructure_layout.py
index c523c8514..f3535d767 100644
--- a/base/server/src/scriptlets/infrastructure_layout.py
+++ b/base/server/src/scriptlets/infrastructure_layout.py
@@ -60,12 +60,15 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                        master['pki_default_deployment_cfg_replica'])
 
         print "Storing deployment configuration into " + config.pki_master_dict['pki_user_deployment_cfg_replica'] + "."
-        if master['pki_user_deployment_cfg']:
-            util.file.copy(master['pki_user_deployment_cfg'],
-                           master['pki_user_deployment_cfg_replica'])
-        else:
-            with open(master['pki_user_deployment_cfg_replica'], 'w') as f:
-                config.user_config.write(f)
+
+        #Archive the user deployment configuration excluding the sensitive parameters
+        sensitive_parameters = config.pki_master_dict['sensitive_parameters'].split()
+        sections = config.user_config.sections()
+        for s in sections:
+            for k in sensitive_parameters:
+                config.user_config.set(s, k, 'XXXXXXXX')
+        with open(master['pki_user_deployment_cfg_replica'], 'w') as f:
+            config.user_config.write(f)
 
         # establish top-level infrastructure, instance, and subsystem
         # base directories and create the "registry" symbolic link that
-- 
cgit