SHA256
1
0
forked from pool/cloud-init
cloud-init/hidesensitivedata

37 lines
853 B
Plaintext
Raw Permalink Normal View History

#!/usr/bin/python3
import json
import os
import sys
from pathlib import Path
from cloudinit.atomic_helper import write_json
from cloudinit.sources import (
DataSource,
process_instance_metadata,
redact_sensitive_keys,
)
from cloudinit.stages import Init
init = Init()
log_file = init.cfg["def_log_file"]
if os.path.exists(log_file):
os.chmod(log_file, 0o640)
rundir = init.paths.run_dir
instance_data_path = Path(rundir, "instance-data.json")
if not os.path.exists(str(instance_data_path)):
sys.exit(0)
instance_json = json.load(instance_data_path.open(encoding="utf-8"))
sensitive_keys = DataSource.sensitive_metadata_keys
processed_json = process_instance_metadata(
instance_json, sensitive_keys=sensitive_keys
)
redacted_json = redact_sensitive_keys(processed_json)
write_json(str(instance_data_path), redacted_json)