From 5917dbd8f38bab29de9e40d1135b0e9e85cb91bc Mon Sep 17 00:00:00 2001
From: Lee Yarwood <lyarwood@redhat.com>
Date: Tue, 7 Jul 2015 14:54:49 +0100
Subject: [PATCH] [openstack_neutron] Obscure passwords and secrets

The following passwords and secrets are now obscured :

 - rabbit_password
 - qpid_password
 - nova_admin_password
 - xenapi_connection_password
 - password
 - connection
 - admin_password
 - metadata_proxy_shared_secret
 - qpid_password
 - eapi_password
 - crd_password
 - primary_l3_host_password
 - serverauth
 - ucsm_password
 - ha_vrrp_auth_password
 - ssl_key_password
 - vcenter_password
 - edge_appliance_password
 - tenant_admin_password
 - apic_password

Fixes #594

Signed-off-by: Lee Yarwood <lyarwood@redhat.com>
---
 sos/plugins/openstack_neutron.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/sos/plugins/openstack_neutron.py b/sos/plugins/openstack_neutron.py
index 36de7cc..ab895c8 100644
--- a/sos/plugins/openstack_neutron.py
+++ b/sos/plugins/openstack_neutron.py
@@ -14,6 +14,7 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
+import glob
 import os
 import re
 
@@ -50,6 +51,21 @@ class Neutron(Plugin):
 
         self.netns_dumps()
 
+    def postproc(self):
+        protect_keys = [
+            "rabbit_password", "qpid_password", "nova_admin_password",
+            "xenapi_connection_password", "password", "connection",
+            "admin_password", "metadata_proxy_shared_secret", "qpid_password",
+            "eapi_password", "crd_password", "primary_l3_host_password",
+            "serverauth", "ucsm_password", "ha_vrrp_auth_password",
+            "ssl_key_password", "nsx_password", "vcenter_password",
+            "edge_appliance_password", "tenant_admin_password", "apic_password"
+        ]
+        regexp = r"((?m)^\s*#*(%s)\s*=\s*)(.*)" % "|".join(protect_keys)
+
+        for config_file in glob.glob("/etc/%s/*" % self.component_name):
+            self.do_file_sub(config_file, regexp, r"\1*********")
+
     def netns_dumps(self):
         # It would've been beautiful if we could get parts of the networking
         # plugin to run in different namespaces. There are a couple of options
-- 
1.8.3.1