packaging: setup: Filter from logs secrets from otopi answer files

For details, see oVirt/ovirt-engine#585 .

Change-Id: Ided28013bc854474dc18ec4dfd4e20884945f86c
Signed-off-by: Yedidyah Bar David <didi@redhat.com>

ovirt-engine-dwh.spec.in

@@ -152,7 +152,7 @@ Requires:       postgresql-contrib >= 12.0
 %package grafana-integration-setup
 Summary:	%{product_name} Grafana integration setup
 Group:		Virtualization/Management
-Requires:	ovirt-engine-setup-plugin-ovirt-engine-common >= 4.5.0
+Requires:	ovirt-engine-setup-plugin-ovirt-engine-common >= 4.5.3
 Requires:	%{name}-setup = %{version}-%{release}
 Requires:	grafana >= 7.3
 Requires:	grafana-postgres >= 7.3

packaging/setup/ovirt_engine_setup/dwh/constants.py

@@ -65,6 +65,7 @@ def DWH_DB_ENV_KEYS(self):
             DEK.DUMPER: DBEnv.DUMPER,
             DEK.FILTER: DBEnv.FILTER,
             DEK.RESTORE_JOBS: DBEnv.RESTORE_JOBS,
+            DEK.CREDS_Q_NAME_FUNC: dwh_question_name,
         }
 
     @classproperty
@@ -83,6 +84,10 @@ def DEFAULT_DWH_DB_ENV_KEYS(self):
         }
 
 
+def dwh_question_name(what):
+    return f'OVESETUP_DWH_DB_{what.upper()}'
+
+
 @util.export
 @util.codegen
 class Defaults(object):
@@ -302,6 +307,8 @@ def USER(self):
         answerfile_condition=lambda env: not env.get(
             ProvisioningEnv.POSTGRES_PROVISIONING_ENABLED
         ),
+        is_secret=True,
+        asked_on=(dwh_question_name(DEK.PASSWORD),),
     )
     def PASSWORD(self):
         return 'OVESETUP_DWH_DB/password'

packaging/setup/ovirt_engine_setup/grafana_dwh/constants.py

@@ -60,6 +60,7 @@ def DWH_DB_ENV_KEYS(self):
             DEK.DUMPER: DWHDBEnv.DUMPER,
             DEK.FILTER: DWHDBEnv.FILTER,
             DEK.RESTORE_JOBS: DWHDBEnv.RESTORE_JOBS,
+            DEK.CREDS_Q_NAME_FUNC: dwh_question_name,
         }
 
     @classproperty
@@ -92,6 +93,7 @@ def GRAFANA_DB_ENV_KEYS(self):
             DEK.DUMPER: DWHDBEnv.DUMPER,
             DEK.FILTER: DWHDBEnv.FILTER,
             DEK.RESTORE_JOBS: DWHDBEnv.RESTORE_JOBS,
+            DEK.CREDS_Q_NAME_FUNC: grafana_question_name,
         }
 
     @classproperty
@@ -113,6 +115,14 @@ def DEFAULT_GRAFANA_DB_ENV_KEYS(self):
     PKI_GRAFANA_APACHE_CERT_NAME = 'apache-grafana'
 
 
+def dwh_question_name(what):
+    return f'OVESETUP_DWH_DB_{what.upper()}'
+
+
+def grafana_question_name(what):
+    return f'OVESETUP_GRAFANA_DB_{what.upper()}'
+
+
 @util.export
 @util.codegen
 class Defaults(object):
@@ -260,6 +270,9 @@ class ConfigEnv(object):
     @osetupattrs(
         answerfile=True,
         is_secret=True,
+        # This is the name used by ovirt-setup-lib's dialog.queryPassword.
+        # TODO: Consider doing something to not hard-code this here.
+        asked_on=('queryEnvKey_input_OVESETUP_GRAFANA_CONFIG/adminPassword',),
     )
     def ADMIN_PASSWORD(self):
         return 'OVESETUP_GRAFANA_CONFIG/adminPassword'
@@ -269,6 +282,7 @@ def ADMIN_PASSWORD(self):
 
     @osetupattrs(
         is_secret=True,
+        asked_on=(),
     )
     def CONF_SECRET_KEY(self):
         return 'OVESETUP_GRAFANA_CONFIG/confSecretKey'
@@ -310,6 +324,8 @@ def USER(self):
 
     @osetupattrs(
         answerfile=True,
+        is_secret=True,
+        asked_on=(grafana_question_name(DEK.PASSWORD),),
     )
     def PASSWORD(self):
         return 'OVESETUP_GRAFANA_DB/password'

packaging/setup/plugins/ovirt-engine-common/ovirt-engine-dwh/core/misc.py

@@ -29,6 +29,17 @@ class Plugin(plugin.PluginBase):
     def __init__(self, context):
         super(Plugin, self).__init__(context=context)
 
+    @plugin.event(
+        stage=plugin.Stages.STAGE_BOOT,
+        before=(
+            osetupcons.Stages.SECRETS_FILTERED_FROM_SETUP_ATTRS_MODULES,
+        ),
+    )
+    def _boot(self):
+        self.environment[
+            osetupcons.CoreEnv.SETUP_ATTRS_MODULES
+        ].append(odwhcons)
+
     @plugin.event(
         stage=plugin.Stages.STAGE_INIT,
     )
@@ -47,9 +58,6 @@ def _setup(self):
             description='DWH files',
             optional=True,
         )
-        self.environment[
-            osetupcons.CoreEnv.SETUP_ATTRS_MODULES
-        ].append(odwhcons)
         self.logger.debug(
             'dwh version: %s-%s (%s)\n',
             odwhcons.Const.PACKAGE_NAME,

packaging/setup/plugins/ovirt-engine-setup/ovirt-engine-dwh/db/connection.py

@@ -89,7 +89,6 @@ def _customization(self):
         )
         dbovirtutils.getCredentials(
             name='DWH',
-            queryprefix='OVESETUP_DWH_DB_',
             defaultdbenvkeys=odwhcons.Const.DEFAULT_DWH_DB_ENV_KEYS,
             show_create_msg=True,
         )

packaging/setup/plugins/ovirt-engine-setup/ovirt-engine-dwh/db/engine_connection.py

@@ -56,7 +56,6 @@ def _engine_customization(self):
         )
         dbovirtutils.getCredentials(
             name='Engine',
-            queryprefix='OVESETUP_ENGINE_DB_',
             defaultdbenvkeys={
                 'host': '',
                 'port': '5432',

packaging/setup/plugins/ovirt-engine-setup/ovirt-engine-grafana-dwh/db/dwh_connection.py

@@ -49,7 +49,6 @@ def _customization(self):
             dbenvkeys=ogdwhcons.Const.GRAFANA_DB_ENV_KEYS,
         ).getCredentials(
             name='Grafana',
-            queryprefix='OVESETUP_GRAFANA_DB_',
             defaultdbenvkeys=ogdwhcons.Const.DEFAULT_GRAFANA_DB_ENV_KEYS,
             show_create_msg=False,
             validateconf=False,