From e588d6475f0ab68f012591aa6b981b74509f3927 Mon Sep 17 00:00:00 2001
From: Michael Hudson-Doyle <michael.hudson@canonical.com>
Date: Tue, 19 May 2020 07:43:52 +1200
Subject: [PATCH] do not log wifi passwords from existing configs

---
 subiquitycore/controllers/network.py |  5 +++--
 subiquitycore/models/network.py      | 24 +----------------------
 subiquitycore/netplan.py             | 29 ++++++++++++++++++++++++++--
 3 files changed, 31 insertions(+), 27 deletions(-)

diff --git a/subiquitycore/controllers/network.py b/subiquitycore/controllers/network.py
index c540856c..94524458 100644
--- a/subiquitycore/controllers/network.py
+++ b/subiquitycore/controllers/network.py
@@ -29,7 +29,6 @@ from subiquitycore.file_util import write_file
 from subiquitycore.models.network import (
     BondParameters,
     NetDevAction,
-    sanitize_config,
     )
 from subiquitycore import netplan
 from subiquitycore.ui.views.network import (
@@ -342,7 +341,9 @@ class NetworkController(BaseController):
         config = self.model.render_config()
 
         log.debug("network config: \n%s",
-                  yaml.dump(sanitize_config(config), default_flow_style=False))
+                  yaml.dump(
+                      netplan.sanitize_config(config),
+                      default_flow_style=False))
 
         for p in netplan.configs_in_root(self.root, masked=True):
             if p == self.netplan_path:
diff --git a/subiquitycore/models/network.py b/subiquitycore/models/network.py
index 662589a7..1f3fa61b 100644
--- a/subiquitycore/models/network.py
+++ b/subiquitycore/models/network.py
@@ -13,7 +13,6 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-import copy
 import enum
 import ipaddress
 import logging
@@ -44,27 +43,6 @@ class NetDevAction(enum.Enum):
     DELETE = _("Delete")
 
 
-def _sanitize_inteface_config(iface_config):
-    for ap, ap_config in iface_config.get('access-points', {}).items():
-        if 'password' in ap_config:
-            ap_config['password'] = '<REDACTED>'
-
-
-def sanitize_interface_config(iface_config):
-    iface_config = copy.deepcopy(iface_config)
-    _sanitize_inteface_config(iface_config)
-    return iface_config
-
-
-def sanitize_config(config):
-    """Return a copy of config with passwords redacted."""
-    config = copy.deepcopy(config)
-    interfaces = config.get('network', {}).get('wifis', {}).items()
-    for iface, iface_config in interfaces:
-        _sanitize_inteface_config(iface_config)
-    return config
-
-
 class BondParameters:
     # Just a place to hang various data about how bonds can be
     # configured.
@@ -293,7 +271,7 @@ class NetworkModel(object):
             dev.config = config
             log.debug("new_link %s %s with config %s",
                       ifindex, link.name,
-                      sanitize_interface_config(dev.config))
+                      netplan.sanitize_interface_config(dev.config))
             self.devices_by_name[link.name] = dev
         return dev
 
diff --git a/subiquitycore/netplan.py b/subiquitycore/netplan.py
index aac23143..ed42a07b 100644
--- a/subiquitycore/netplan.py
+++ b/subiquitycore/netplan.py
@@ -8,6 +8,27 @@ import yaml
 log = logging.getLogger("subiquitycore.netplan")
 
 
+def _sanitize_inteface_config(iface_config):
+    for ap, ap_config in iface_config.get('access-points', {}).items():
+        if 'password' in ap_config:
+            ap_config['password'] = '<REDACTED>'
+
+
+def sanitize_interface_config(iface_config):
+    iface_config = copy.deepcopy(iface_config)
+    _sanitize_inteface_config(iface_config)
+    return iface_config
+
+
+def sanitize_config(config):
+    """Return a copy of config with passwords redacted."""
+    config = copy.deepcopy(config)
+    interfaces = config.get('network', {}).get('wifis', {}).items()
+    for iface, iface_config in interfaces:
+        _sanitize_inteface_config(iface_config)
+    return config
+
+
 class Config:
     """A NetplanConfig represents the network config for a system.
 
@@ -85,7 +106,9 @@ class _PhysicalDevice:
             self.match_mac = match.get('macaddress')
             self.match_driver = match.get('driver')
         self.config = config
-        log.debug("config for %s = %s" % (name, self.config))
+        log.debug(
+            "config for %s = %s" % (
+                name, sanitize_interface_config(self.config)))
 
     def matches_link(self, link):
         if self.match_name is not None:
@@ -107,7 +130,9 @@ class _VirtualDevice:
     def __init__(self, name, config):
         self.name = name
         self.config = config
-        log.debug("config for %s = %s" % (name, self.config))
+        log.debug(
+            "config for %s = %s" % (
+                name, sanitize_interface_config(self.config)))
 
 
 def configs_in_root(root, masked=False):