Merge pull request #1014 from marktheunissen/journald
Fix regex that allows passwords to get into syslog, use journal if available.
This commit is contained in:
commit
e795fa1ec2
1 changed files with 29 additions and 7 deletions
|
@ -55,9 +55,16 @@ try:
|
||||||
except ImportError:
|
except ImportError:
|
||||||
from md5 import md5 as _md5
|
from md5 import md5 as _md5
|
||||||
|
|
||||||
|
try:
|
||||||
|
from systemd import journal
|
||||||
|
has_journal = True
|
||||||
|
except ImportError:
|
||||||
|
import syslog
|
||||||
|
has_journal = False
|
||||||
|
|
||||||
class AnsibleModule(object):
|
class AnsibleModule(object):
|
||||||
|
|
||||||
def __init__(self, argument_spec, bypass_checks=False, no_log=False,
|
def __init__(self, argument_spec, bypass_checks=False, no_log=False,
|
||||||
check_invalid_arguments=True, mutually_exclusive=None, required_together=None,
|
check_invalid_arguments=True, mutually_exclusive=None, required_together=None,
|
||||||
required_one_of=None):
|
required_one_of=None):
|
||||||
|
|
||||||
|
@ -144,7 +151,7 @@ class AnsibleModule(object):
|
||||||
non_zero = [ c for c in counts if c > 0 ]
|
non_zero = [ c for c in counts if c > 0 ]
|
||||||
if len(non_zero) > 0:
|
if len(non_zero) > 0:
|
||||||
if 0 in counts:
|
if 0 in counts:
|
||||||
self.fail_json(msg="parameters are required together: %s" % check)
|
self.fail_json(msg="parameters are required together: %s" % check)
|
||||||
|
|
||||||
def _check_required_arguments(self):
|
def _check_required_arguments(self):
|
||||||
''' ensure all required arguments are present '''
|
''' ensure all required arguments are present '''
|
||||||
|
@ -198,11 +205,26 @@ class AnsibleModule(object):
|
||||||
|
|
||||||
def _log_invocation(self):
|
def _log_invocation(self):
|
||||||
''' log that ansible ran the module '''
|
''' log that ansible ran the module '''
|
||||||
syslog.openlog('ansible-%s' % os.path.basename(__file__))
|
# Sanitize possible password argument when logging.
|
||||||
# Sanitize possible password argument when logging
|
log_args = dict()
|
||||||
log_args = re.sub(r'password=.+ (.*)', r"password=NOT_LOGGING_PASSWORD \1", self.args)
|
passwd_keys = ['password', 'login_password']
|
||||||
log_args = re.sub(r'login_password=.+ (.*)', r"login_password=NOT_LOGGING_PASSWORD \1", log_args)
|
for param in self.params:
|
||||||
syslog.syslog(syslog.LOG_NOTICE, 'Invoked with %s' % log_args)
|
if param in passwd_keys:
|
||||||
|
log_args[param] = 'NOT_LOGGING_PASSWORD'
|
||||||
|
else:
|
||||||
|
log_args[param] = self.params[param]
|
||||||
|
|
||||||
|
if (has_journal):
|
||||||
|
journal_args = ["MESSAGE=Ansible module invoked", "MODULE=%s" % os.path.basename(__file__)]
|
||||||
|
for arg in log_args:
|
||||||
|
journal_args.append(arg.upper() + "=" + str(log_args[arg]))
|
||||||
|
journal.sendv(*journal_args)
|
||||||
|
else:
|
||||||
|
msg = ''
|
||||||
|
syslog.openlog('ansible-%s' % os.path.basename(__file__))
|
||||||
|
for arg in log_args:
|
||||||
|
msg = msg + arg + '=' + str(log_args[arg]) + ' '
|
||||||
|
syslog.syslog(syslog.LOG_NOTICE, 'Invoked with %s' % msg)
|
||||||
|
|
||||||
def get_bin_path(self, arg, required=False, opt_dirs=[]):
|
def get_bin_path(self, arg, required=False, opt_dirs=[]):
|
||||||
'''
|
'''
|
||||||
|
|
Loading…
Reference in a new issue