tools: add extract_sensitive_params

moved and generalized from pve-storage, since we'll need it
in more places

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>

diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
index 4b445eafa784d526250e7632d93f02158645b8a7..bda236a1d08653669a832bb7aad7ceba4f2eefe5 100644 (file)
--- a/src/PVE/Tools.pm
+++ b/src/PVE/Tools.pm
@@ -48,6 +48,7 @@ template_replace
 safe_print
 trim
 extract_param
+extract_sensitive_params
 file_copy
 get_host_arch
 O_PATH
@@ -807,6 +808,29 @@ sub extract_param {
     return $res;
 }
 
+sub extract_sensitive_params :prototype($$$) {
+    my ($param, $sensitive_list, $delete_list) = @_;
+
+    my $sensitive;
+
+    my %delete = map { $_ => 1 } ($delete_list || [])->@*;
+
+    # always extract sensitive keys, so they don't get written to the www-data readable scfg
+    for my $opt (@$sensitive_list) {
+       # First handle deletions as explicitly setting `undef`, afterwards new values may override
+       # it.
+       if (exists($delete{$opt})) {
+           $sensitive->{$opt} = undef;
+       }
+
+       if (defined(my $value = extract_param($param, $opt))) {
+           $sensitive->{$opt} = $value;
+       }
+    }
+
+    return $sensitive;
+}
+
 # Note: we use this to wait until vncterm/spiceterm is ready
 sub wait_for_vnc_port {
     my ($port, $family, $timeout) = @_;