cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Mark ansible-test cloud credentials as sensitive.

Browse source
This commit is contained in:
Matt Clay 2019-09-16 21:01:37 -07:00
parent 23c7bf6481
commit 9f7b124a6f
10 changed files with 38 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
changelogs/fragments/ansible-test-cloud-secrets.yml Normal file
View file

@ -0,0 +1,3 @@
bugfixes:
- >
**security issue** - Redact cloud plugin secrets in ansible-test when running integration tests using cloud plugins. Only present in 2.9.0b1.

5
test/lib/ansible_test/_internal/cloud/azure.py
View file

@ -125,6 +125,8 @@ class AzureCloudProvider(CloudProvider):
RESOURCE_GROUP_SECONDARY=response['resourceGroupNames'][1], RESOURCE_GROUP_SECONDARY=response['resourceGroupNames'][1],
) )
display.sensitive.add(values['AZURE_SECRET'])
config = '\n'.join('%s: %s' % (key, values[key]) for key in sorted(values)) config = '\n'.join('%s: %s' % (key, values[key]) for key in sorted(values))
config = '[default]\n' + config config = '[default]\n' + config
@ -146,6 +148,9 @@ class AzureCloudEnvironment(CloudEnvironment):
""" """
env_vars = get_config(self.config_path) env_vars = get_config(self.config_path)
display.sensitive.add(env_vars.get('AZURE_SECRET'))
display.sensitive.add(env_vars.get('AZURE_PASSWORD'))
ansible_vars = dict( ansible_vars = dict(
resource_prefix=self.resource_prefix, resource_prefix=self.resource_prefix,
) )

2
test/lib/ansible_test/_internal/cloud/cloudscale.py
View file

@ -66,6 +66,8 @@ class CloudscaleCloudEnvironment(CloudEnvironment):
CLOUDSCALE_API_TOKEN=parser.get('default', 'cloudscale_api_token'), CLOUDSCALE_API_TOKEN=parser.get('default', 'cloudscale_api_token'),
) )
display.sensitive.add(env_vars['CLOUDSCALE_API_TOKEN'])
ansible_vars = dict( ansible_vars = dict(
cloudscale_resource_prefix=self.resource_prefix, cloudscale_resource_prefix=self.resource_prefix,
) )

4
test/lib/ansible_test/_internal/cloud/cs.py
View file

@ -201,6 +201,8 @@ class CsCloudProvider(CloudProvider):
SECRET=credentials['secretkey'], SECRET=credentials['secretkey'],
) )
display.sensitive.add(values['SECRET'])
config = self._populate_config_template(config, values) config = self._populate_config_template(config, values)
self._write_config(config) self._write_config(config)
@ -280,6 +282,8 @@ class CsCloudEnvironment(CloudEnvironment):
CLOUDSTACK_TIMEOUT=config['timeout'], CLOUDSTACK_TIMEOUT=config['timeout'],
) )
display.sensitive.add(env_vars['CLOUDSTACK_SECRET'])
ansible_vars = dict( ansible_vars = dict(
cs_resource_prefix=self.resource_prefix, cs_resource_prefix=self.resource_prefix,
) )

4
test/lib/ansible_test/_internal/cloud/hcloud.py
View file

@ -77,6 +77,8 @@ class HcloudCloudProvider(CloudProvider):
TOKEN=token, TOKEN=token,
) )
display.sensitive.add(values['TOKEN'])
config = self._populate_config_template(config, values) config = self._populate_config_template(config, values)
self._write_config(config) self._write_config(config)
@ -104,6 +106,8 @@ class HcloudCloudEnvironment(CloudEnvironment):
HCLOUD_TOKEN=parser.get('default', 'hcloud_api_token'), HCLOUD_TOKEN=parser.get('default', 'hcloud_api_token'),
) )
display.sensitive.add(env_vars['HCLOUD_TOKEN'])
ansible_vars = dict( ansible_vars = dict(
hcloud_prefix=self.resource_prefix, hcloud_prefix=self.resource_prefix,
) )

2
test/lib/ansible_test/_internal/cloud/opennebula.py
View file

@ -59,6 +59,8 @@ class OpenNebulaCloudEnvironment(CloudEnvironment):
ansible_vars.update(dict(parser.items('default'))) ansible_vars.update(dict(parser.items('default')))
display.sensitive.add(ansible_vars.get('opennebula_password'))
return CloudEnvironmentConfig( return CloudEnvironmentConfig(
ansible_vars=ansible_vars, ansible_vars=ansible_vars,
) )

7
test/lib/ansible_test/_internal/cloud/scaleway.py
View file

@ -10,7 +10,10 @@ from . import (
CloudEnvironmentConfig, CloudEnvironmentConfig,
) )
from ..util import ConfigParser from ..util import (
ConfigParser,
display,
)
class ScalewayCloudProvider(CloudProvider): class ScalewayCloudProvider(CloudProvider):
@ -57,6 +60,8 @@ class ScalewayCloudEnvironment(CloudEnvironment):
SCW_ORG=parser.get('default', 'org') SCW_ORG=parser.get('default', 'org')
) )
display.sensitive.add(env_vars['SCW_API_KEY'])
ansible_vars = dict( ansible_vars = dict(
scw_org=parser.get('default', 'org'), scw_org=parser.get('default', 'org'),
) )

2
test/lib/ansible_test/_internal/cloud/tower.py
View file

@ -124,6 +124,8 @@ class TowerCloudProvider(CloudProvider):
PASSWORD=connection.password, PASSWORD=connection.password,
) )
display.sensitive.add(values['PASSWORD'])
config = self._populate_config_template(config, values) config = self._populate_config_template(config, values)
self._write_config(config) self._write_config(config)

4
test/lib/ansible_test/_internal/cloud/vcenter.py
View file

@ -257,6 +257,10 @@ class VcenterEnvironment(CloudEnvironment):
vcsim=self._get_cloud_config('vcenter_host'), vcsim=self._get_cloud_config('vcenter_host'),
) )
for key, value in ansible_vars.items():
if key.endswith('_password'):
display.sensitive.add(value)
return CloudEnvironmentConfig( return CloudEnvironmentConfig(
env_vars=env_vars, env_vars=env_vars,
ansible_vars=ansible_vars, ansible_vars=ansible_vars,

7
test/lib/ansible_test/_internal/cloud/vultr.py
View file

@ -10,7 +10,10 @@ from . import (
CloudEnvironmentConfig, CloudEnvironmentConfig,
) )
from ..util import ConfigParser from ..util import (
ConfigParser,
display,
)
class VultrCloudProvider(CloudProvider): class VultrCloudProvider(CloudProvider):
@ -56,6 +59,8 @@ class VultrCloudEnvironment(CloudEnvironment):
VULTR_API_KEY=parser.get('default', 'key'), VULTR_API_KEY=parser.get('default', 'key'),
) )
display.sensitive.add(env_vars['VULTR_API_KEY'])
ansible_vars = dict( ansible_vars = dict(
vultr_resource_prefix=self.resource_prefix, vultr_resource_prefix=self.resource_prefix,
) )