Yedidyah Bar David has uploaded a new change for review. Change subject: packaging: setup: Do not log passwords ......................................................................
packaging: setup: Do not log passwords Most of the code already refrains from logging passwords. This change also makes upgrade from legacy 3.2 code not log the db password and also makes otopi not log db password and admin password in dumpEnvironment even if set from an answer file etc. Depends on http://gerrit.ovirt.org/19776 . Bug-Url: https://bugzilla.redhat.com/1014115 Change-Id: I81c7371eaf930b3cc21861deb620c61891ad4d1f Signed-off-by: Yedidyah Bar David <d...@redhat.com> --- M ovirt-engine.spec.in M packaging/setup/plugins/ovirt-engine-common/db/connection.py M packaging/setup/plugins/ovirt-engine-setup/config/options.py M packaging/setup/plugins/ovirt-engine-setup/legacy/database.py 4 files changed, 27 insertions(+), 1 deletion(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/39/19939/1 diff --git a/ovirt-engine.spec.in b/ovirt-engine.spec.in index a2c85bf..558f814 100644 --- a/ovirt-engine.spec.in +++ b/ovirt-engine.spec.in @@ -281,7 +281,7 @@ Requires: logrotate Requires: m2crypto Requires: nfs-utils -Requires: otopi >= 1.1.1-1 +Requires: otopi >= 1.1.2-1 Requires: policycoreutils-python Requires: python-psycopg2 Requires: yum diff --git a/packaging/setup/plugins/ovirt-engine-common/db/connection.py b/packaging/setup/plugins/ovirt-engine-common/db/connection.py index ce9800f..342ef5a 100644 --- a/packaging/setup/plugins/ovirt-engine-common/db/connection.py +++ b/packaging/setup/plugins/ovirt-engine-common/db/connection.py @@ -43,6 +43,16 @@ super(Plugin, self).__init__(context=context) @plugin.event( + stage=plugin.Stages.STAGE_BOOT, + ) + def _boot(self): + self.environment[ + otopicons.BaseEnv.SUPPRESS_ENVIRONMENT_KEYS + ].append( + osetupcons.DBEnv.PASSWORD + ) + + @plugin.event( stage=plugin.Stages.STAGE_INIT, ) def _init(self): diff --git a/packaging/setup/plugins/ovirt-engine-setup/config/options.py b/packaging/setup/plugins/ovirt-engine-setup/config/options.py index 2c1d128..ab0f1c5 100644 --- a/packaging/setup/plugins/ovirt-engine-setup/config/options.py +++ b/packaging/setup/plugins/ovirt-engine-setup/config/options.py @@ -41,6 +41,16 @@ super(Plugin, self).__init__(context=context) @plugin.event( + stage=plugin.Stages.STAGE_BOOT, + ) + def _boot(self): + self.environment[ + otopicons.BaseEnv.SUPPRESS_ENVIRONMENT_KEYS + ].append( + osetupcons.ConfigEnv.ADMIN_PASSWORD + ) + + @plugin.event( stage=plugin.Stages.STAGE_INIT, ) def _init(self): diff --git a/packaging/setup/plugins/ovirt-engine-setup/legacy/database.py b/packaging/setup/plugins/ovirt-engine-setup/legacy/database.py index 201d7a4..97ddb57 100644 --- a/packaging/setup/plugins/ovirt-engine-setup/legacy/database.py +++ b/packaging/setup/plugins/ovirt-engine-setup/legacy/database.py @@ -24,6 +24,7 @@ _ = lambda m: gettext.dgettext(message=m, domain='ovirt-engine-setup') +from otopi import constants as otopicons from otopi import util from otopi import plugin @@ -76,6 +77,11 @@ osetupcons.DBEnv.PASSWORD: d[4], osetupcons.DBEnv.NEW_DATABASE: False, }) + self.environment[ + otopicons.CoreEnv.LOG_FILTER + ].append( + self.environment[osetupcons.DBEnv.PASSWORD] + ) dbovirtutils = database.OvirtUtils(plugin=self) dbovirtutils.tryDatabaseConnect() if dbovirtutils.isNewDatabase(): -- To view, visit http://gerrit.ovirt.org/19939 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I81c7371eaf930b3cc21861deb620c61891ad4d1f Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.3.0.1 Gerrit-Owner: Yedidyah Bar David <d...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
