From c8f62ea4b6193a175add12e1795c18dad500c38e Mon Sep 17 00:00:00 2001
From: Pavel Moravec <pmoravec@redhat.com>
Date: Tue, 2 Aug 2016 11:55:23 +0200
Subject: [PATCH] [ceph] skip collecting of all keyring and bindpass files

Do not collect any keyring files - expand the add_forbidden_path
regular expressions accordingly to cover there filenames like:

/var/lib/ceph/tmp/keyring.mon.magna055

Do not either collect any /etc/ceph/*bindpass* that can store LDAP
bind passwords.

Resolves: #861

Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
---
 sos/plugins/ceph.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/sos/plugins/ceph.py b/sos/plugins/ceph.py
index 10fee88..74b7c4c 100644
--- a/sos/plugins/ceph.py
+++ b/sos/plugins/ceph.py
@@ -59,11 +59,12 @@ class Ceph(Plugin, RedHatPlugin, UbuntuPlugin):
             "ceph report"
         ])
 
-        self.add_forbidden_path("/etc/ceph/*keyring")
-        self.add_forbidden_path("/var/lib/ceph/*keyring")
-        self.add_forbidden_path("/var/lib/ceph/*/*keyring")
-        self.add_forbidden_path("/var/lib/ceph/*/*/*keyring")
+        self.add_forbidden_path("/etc/ceph/*keyring*")
+        self.add_forbidden_path("/var/lib/ceph/*keyring*")
+        self.add_forbidden_path("/var/lib/ceph/*/*keyring*")
+        self.add_forbidden_path("/var/lib/ceph/*/*/*keyring*")
         self.add_forbidden_path("/var/lib/ceph/osd/*")
         self.add_forbidden_path("/var/lib/ceph/osd/mon/*")
+        self.add_forbidden_path("/etc/ceph/*bindpass*")
 
 # vim: set et ts=4 sw=4 :
-- 
2.4.11