From 606277476b172397ed7b66ddca05f0bd8d94bda9 Mon Sep 17 00:00:00 2001 From: Seth Vidal Date: Tue, 10 Jul 2012 17:13:51 -0400 Subject: [PATCH] modify user module so that password is NEVER logged before the command runs --- library/user | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/user b/library/user index 5e1d44f2da2..7301bdf7d29 100755 --- a/library/user +++ b/library/user @@ -22,6 +22,7 @@ try: except ImportError: import simplejson as json import os +import re import pwd import grp import shlex @@ -265,7 +266,8 @@ argfile = sys.argv[1] args = open(argfile, 'r').read() items = shlex.split(args) syslog.openlog('ansible-%s' % os.path.basename(__file__)) -syslog.syslog(syslog.LOG_NOTICE, 'Invoked with %s' % args) +log_args = re.sub(r'password=.+ (.*)', r"password=NOT_LOGGING_PASSWORD \1", args) +syslog.syslog(syslog.LOG_NOTICE, 'Invoked with %s' % log_args) if not len(items): fail_json(msg='the module requires arguments -a')