Skip to content

Commit

Permalink
[foreman] scrub admin init password in installer logs
Browse files Browse the repository at this point in the history 
Obfuscate several instances of passwords:

"--foreman-initial-admin-password", "mySecret",
+candlepin.amqp.keystore_password=secretHash1
+jpa.config.hibernate.connection.password=secretHash2

by enhancing the scrubbing of:

--password='secretPwd'

Relevant: #3475

Signed-off-by: Barbora Vassova <[email protected]>
  • Loading branch information
@bvassova @TurboTurtle
bvassova authored and TurboTurtle committed Mar 2, 2024
1 parent d7d7348 commit 53b2246
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions sos/plugins/foreman.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -290,7 +290,12 @@ def postproc(self):
"/var/log/foreman-installer/sat*",
sat_debug_reg,
r"\1 \2 ********")
# also hide passwords in yet different formats
self.do_path_regex_sub(
"/var/log/foreman-installer/sat*",
r"(\.|_|-)password(=\'|=|\", \")(\w*)",
r"\1password\2********")
self.do_path_regex_sub(
"/var/log/foreman-installer/foreman-proxy*",
r"(\s*proxy_password\s=) (.*)",
r"\1 ********")
Expand Down

0 comments on commit 53b2246

Please sign in to comment.