From 17c62bd5aa24459bde2894a876d170803f52db3e Mon Sep 17 00:00:00 2001
From: Andy Ning <andy.ning@windriver.com>
Date: Thu, 3 Dec 2020 09:57:12 -0500
Subject: [PATCH] Remove secure hieradata files from collect

Supporting controller puppet manifests apply following DOR introduces
cached hieradata which will be included in log collect.

This change updated collect to remove the secure hieradata files in the
cache as they contain clear text passwords.

Change-Id: I17542c9fd778107f065531d02c53c59581fc179e
Partial-Bug: 1904739
Depends-On: https://review.opendev.org/c/starlingx/config/+/765373
Signed-off-by: Andy Ning <andy.ning@windriver.com>
---
 tools/collector/scripts/collect_mask_passwords | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/collector/scripts/collect_mask_passwords b/tools/collector/scripts/collect_mask_passwords
index d881e95e..4e72fc6d 100644
--- a/tools/collector/scripts/collect_mask_passwords
+++ b/tools/collector/scripts/collect_mask_passwords
@@ -64,6 +64,7 @@ done
 find ${COLLECT_NAME_DIR} -name server-cert.pem | xargs --no-run-if-empty rm -f
 rm -rf ${COLLECT_NAME_DIR}/var/extra/platform/config/*/ssh_config
 rm -f ${COLLECT_NAME_DIR}/var/extra/platform/puppet/*/hieradata/secure*.yaml
+rm -f ${COLLECT_NAME_DIR}/etc/puppet/cache/hieradata/secure*.yaml
 
 # Mask user passwords in sysinv db dump
 if [ -f ${COLLECT_NAME_DIR}/var/extra/database/sysinv.db.sql.txt ]; then