Redact sensitive values by default in ansible-test

This commit is contained in:
Matt Clay 2019-09-16 22:40:58 -07:00
parent 84d9b3e589
commit 0631e057e9
5 changed files with 16 additions and 4 deletions

View file

@ -0,0 +1,2 @@
minor_changes:
- ansible-test defaults to redacting sensitive values (disable with the ``--no-redact`` option)

View file

@ -206,8 +206,15 @@ def parse_args():
common.add_argument('--redact',
dest='redact',
action='store_true',
default=True,
help='redact sensitive values in output')
common.add_argument('--no-redact',
dest='redact',
action='store_false',
default=False,
help='show sensitive values in output')
common.add_argument('--check-python',
choices=SUPPORTED_PYTHON_VERSIONS,
help=argparse.SUPPRESS)

View file

@ -617,6 +617,7 @@ def filter_options(args, argv, options, exclude, require):
options['--requirements'] = 0
options['--truncate'] = 1
options['--redact'] = 0
options['--no-redact'] = 0
if isinstance(args, TestConfig):
options.update({
@ -681,3 +682,5 @@ def filter_options(args, argv, options, exclude, require):
if args.redact:
yield '--redact'
else:
yield '--no-redact'

View file

@ -636,7 +636,7 @@ class Display:
self.rows = 0
self.columns = 0
self.truncate = 0
self.redact = False
self.redact = True
self.sensitive = set()
if os.isatty(0):
@ -703,6 +703,9 @@ class Display:
"""
if self.redact and self.sensitive:
for item in self.sensitive:
if not item:
continue
message = message.replace(item, '*' * len(item))
if truncate:

View file

@ -95,9 +95,6 @@ class CommonConfig:
self.truncate = args.truncate # type: int
self.redact = args.redact # type: bool
if is_shippable():
self.redact = True
self.cache = {}
def get_ansible_config(self): # type: () -> str