Alon Bar-Lev has uploaded a new change for review.
Change subject: core: config: support sensitive keys
......................................................................
core: config: support sensitive keys
do not print sensitive keys' value to log.
Change-Id: I8dc10fb3eeb1cc97a03cc160133a84d6b2a23d87
Signed-off-by: Alon Bar-Lev <alo...@redhat.com>
---
M backend/manager/conf/engine.conf.defaults.in
M
backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/LocalConfig.java
2 files changed, 19 insertions(+), 1 deletion(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/53/14353/1
diff --git a/backend/manager/conf/engine.conf.defaults.in
b/backend/manager/conf/engine.conf.defaults.in
index 90a85d6..74a53cc 100644
--- a/backend/manager/conf/engine.conf.defaults.in
+++ b/backend/manager/conf/engine.conf.defaults.in
@@ -7,6 +7,12 @@
#
#
+# Comma separated list of keys
+# not to be logged.
+#
+SENSITIVE_KEYS=""
+
+#
# The location of the Java virtual machine used by the engine:
#
JAVA_HOME=/usr/lib/jvm/jre-1.7.0-openjdk.x86_64
@@ -136,6 +142,7 @@
# Database connection details (note that the password is
# encrypted):
#
+SENSITIVE_KEYS="${SENSITIVE_KEYS},ENGINE_DB_PASSWORD"
ENGINE_DB_DRIVER=org.postgresql.Driver
ENGINE_DB_URL=jdbc:postgresql://localhost/engine
ENGINE_DB_SSL=false
diff --git
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/LocalConfig.java
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/LocalConfig.java
index 2c366b0..7ce2264 100644
---
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/LocalConfig.java
+++
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/LocalConfig.java
@@ -51,6 +51,9 @@
private Map<String, String> values = new HashMap<String, String>();
private LocalConfig() {
+ // Set basic defaults
+ values.put("SENSITIVE_KEYS", "");
+
// This is the list of configuration files that will be loaded and
// merged (the initial size is 2 because usually we will have only two
// configuration files to merge, the defaults and the variables):
@@ -118,10 +121,14 @@
if (log.isInfoEnabled()) {
Set<String> keys = values.keySet();
List<String> list = new ArrayList<String>(keys.size());
+ List<String> sensitiveKeys = Arrays.asList(getSensitiveKeys());
list.addAll(keys);
Collections.sort(list);
for (String key : list) {
- String value = values.get(key);
+ String value = "***";
+ if (!sensitiveKeys.contains(key)) {
+ value = values.get(key);
+ }
log.info("Value of property \"" + key + "\" is \"" + value +
"\".");
}
}
@@ -312,6 +319,10 @@
return new File(value);
}
+ public String[] getSensitiveKeys() {
+ return getProperty("SENSITIVE_KEYS").split(",");
+ }
+
public boolean isProxyEnabled() {
return getBoolean("ENGINE_PROXY_ENABLED");
}
--
To view, visit http://gerrit.ovirt.org/14353
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I8dc10fb3eeb1cc97a03cc160133a84d6b2a23d87
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
