Redact sensitive values by default in ansible-test
This commit is contained in:
Matt Clay
parent
84d9b3e589
commit
0631e057e9
2
changelogs/fragments/ansible-test-redact.yml
Normal file
2
changelogs/fragments/ansible-test-redact.yml
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
minor_changes:
|
||||||
|
- ansible-test defaults to redacting sensitive values (disable with the ``--no-redact`` option)
|
||||||
|
|
@ -206,8 +206,15 @@ def parse_args():
|
||||||
common.add_argument('--redact',
|
common.add_argument('--redact',
|
||||||
dest='redact',
|
dest='redact',
|
||||||
action='store_true',
|
action='store_true',
|
||||||
|
default=True,
|
||||||
help='redact sensitive values in output')
|
help='redact sensitive values in output')
|
||||||
|
|
||||||
|
common.add_argument('--no-redact',
|
||||||
|
dest='redact',
|
||||||
|
action='store_false',
|
||||||
|
default=False,
|
||||||
|
help='show sensitive values in output')
|
||||||
|
|
||||||
common.add_argument('--check-python',
|
common.add_argument('--check-python',
|
||||||
choices=SUPPORTED_PYTHON_VERSIONS,
|
choices=SUPPORTED_PYTHON_VERSIONS,
|
||||||
help=argparse.SUPPRESS)
|
help=argparse.SUPPRESS)
|
||||||
|
|
|
||||||
|
|
@ -617,6 +617,7 @@ def filter_options(args, argv, options, exclude, require):
|
||||||
options['--requirements'] = 0
|
options['--requirements'] = 0
|
||||||
options['--truncate'] = 1
|
options['--truncate'] = 1
|
||||||
options['--redact'] = 0
|
options['--redact'] = 0
|
||||||
|
options['--no-redact'] = 0
|
||||||
|
|
||||||
if isinstance(args, TestConfig):
|
if isinstance(args, TestConfig):
|
||||||
options.update({
|
options.update({
|
||||||
|
|
@ -681,3 +682,5 @@ def filter_options(args, argv, options, exclude, require):
|
||||||
|
|
||||||
if args.redact:
|
if args.redact:
|
||||||
yield '--redact'
|
yield '--redact'
|
||||||
|
else:
|
||||||
|
yield '--no-redact'
|
||||||
|
|
|
||||||
|
|
@ -636,7 +636,7 @@ class Display:
|
||||||
self.rows = 0
|
self.rows = 0
|
||||||
self.columns = 0
|
self.columns = 0
|
||||||
self.truncate = 0
|
self.truncate = 0
|
||||||
self.redact = False
|
self.redact = True
|
||||||
self.sensitive = set()
|
self.sensitive = set()
|
||||||
|
|
||||||
if os.isatty(0):
|
if os.isatty(0):
|
||||||
|
|
@ -703,6 +703,9 @@ class Display:
|
||||||
"""
|
"""
|
||||||
if self.redact and self.sensitive:
|
if self.redact and self.sensitive:
|
||||||
for item in self.sensitive:
|
for item in self.sensitive:
|
||||||
|
if not item:
|
||||||
|
continue
|
||||||
|
|
||||||
message = message.replace(item, '*' * len(item))
|
message = message.replace(item, '*' * len(item))
|
||||||
|
|
||||||
if truncate:
|
if truncate:
|
||||||
|
|
|
||||||
|
|
@ -95,9 +95,6 @@ class CommonConfig:
|
||||||
self.truncate = args.truncate # type: int
|
self.truncate = args.truncate # type: int
|
||||||
self.redact = args.redact # type: bool
|
self.redact = args.redact # type: bool
|
||||||
|
|
||||||
if is_shippable():
|
|
||||||
self.redact = True
|
|
||||||
|
|
||||||
self.cache = {}
|
self.cache = {}
|
||||||
|
|
||||||
def get_ansible_config(self): # type: () -> str
|
def get_ansible_config(self): # type: () -> str
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue