cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

refine password field filtering (#21230)

Browse source 
* refine password field filtering

* dont skip

* removed bad leftover vestige of previous condition
This commit is contained in:
Brian Coca 2017-02-16 10:52:27 -05:00 committed by GitHub
parent cc0bb54d2c
commit 47870c3385
1 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
lib/ansible/module_utils/basic.py
View file

@ -1814,12 +1814,14 @@ class AnsibleModule(object):
canon = self.aliases.get(param, param) canon = self.aliases.get(param, param)
arg_opts = self.argument_spec.get(canon, {}) arg_opts = self.argument_spec.get(canon, {})
no_log = arg_opts.get('no_log', False) no_log = arg_opts.get('no_log', False)
arg_type = arg_opts.get('type', 'str')
if self.boolean(no_log): if self.boolean(no_log):
log_args[param] = 'NOT_LOGGING_PARAMETER' log_args[param] = 'NOT_LOGGING_PARAMETER'
# try to capture all passwords/passphrase named fields # try to capture all passwords/passphrase named fields missed by no_log
elif arg_type != 'bool' and PASSWORD_MATCH.search(param): elif PASSWORD_MATCH.search(param) and \
arg_opts.get('type', 'str') != 'bool' and \
not arg_opts.get('choices', False):
# skip boolean and enums as they are about 'password' state
log_args[param] = 'NOT_LOGGING_PASSWORD' log_args[param] = 'NOT_LOGGING_PASSWORD'
self.warn('Module did not set no_log for %s' % param) self.warn('Module did not set no_log for %s' % param)
else: else: