From 6d5c4d23d1a8fef70ab2e6b907104241322b3a49 Mon Sep 17 00:00:00 2001
From: Pavel Moravec <pmoravec@redhat.com>
Date: Wed, 15 Nov 2017 17:28:42 +0100
Subject: [PATCH] [openstack_keystone] Properly collect (non)default keystone
 domains

- call crudini instead of (wrapper and not necessarily installed)
 openstack-config
- collect default /etc/keystone/domains only when crudini fails
- scrub passwords in /etc/keystone/domains as well, when collected

Resolves: #1147

Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
---
 sos/plugins/openstack_keystone.py | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/sos/plugins/openstack_keystone.py b/sos/plugins/openstack_keystone.py
index 72c7f8e2..631e02b2 100644
--- a/sos/plugins/openstack_keystone.py
+++ b/sos/plugins/openstack_keystone.py
@@ -34,7 +34,6 @@ class OpenStackKeystone(Plugin):
             "/etc/keystone/keystone.conf",
             "/etc/keystone/logging.conf",
             "/etc/keystone/policy.json",
-            "/etc/keystone/domains",
             self.var_puppet_gen + "/etc/keystone/*.conf",
             self.var_puppet_gen + "/etc/keystone/*.json",
             self.var_puppet_gen + "/etc/httpd/conf/",
@@ -58,14 +57,15 @@ class OpenStackKeystone(Plugin):
                 "/var/log/containers/httpd/keystone/*log"
             ], sizelimit=self.limit)
 
-        # collect domain config directory, if exists
-        self.domain_config_dir_added = False
+        # collect domain config directory, if specified
+        # if not, collect default /etc/keystone/domains
         self.domain_config_dir = self.get_cmd_output_now(
-                "openstack-config --get /etc/keystone/keystone.conf "
+                "crudini --get /etc/keystone/keystone.conf "
                 "identity domain_config_dir")
-        if self.domain_config_dir and os.path.isdir(self.domain_config_dir):
-            self.add_copy_spec(self.domain_config_dir)
-            self.domain_config_dir_added = True
+        if self.domain_config_dir is None or \
+                not(os.path.isdir(self.domain_config_dir)):
+            self.domain_config_dir = "/etc/keystone/domains"
+        self.add_copy_spec(self.domain_config_dir)
 
         if self.get_option("verify"):
             self.add_cmd_output("rpm -V %s" % ' '.join(self.packages))
@@ -98,10 +98,9 @@ class OpenStackKeystone(Plugin):
             regexp, r"\1*********"
         )
 
-        # obfuscate LDAP plaintext passwords in domain config dir, if collected
-        if self.domain_config_dir_added:
-            self.do_path_regex_sub(self.domain_config_dir,
-                                   r"((?m)^\s*(%s)\s*=\s*)(.*)", r"\1********")
+        # obfuscate LDAP plaintext passwords in domain config dir
+        self.do_path_regex_sub(self.domain_config_dir,
+                               r"((?m)^\s*(%s)\s*=\s*)(.*)", r"\1********")
 
 
 class DebianKeystone(OpenStackKeystone, DebianPlugin, UbuntuPlugin):
-- 
2.13.6