Redact sensitive values by default in ansible-test

2019-09-16 22:40:58 -07:00 · 2019-09-16 22:40:58 -07:00 · 0631e057e9
commit 0631e057e9
parent 84d9b3e589
5 changed files with 16 additions and 4 deletions
--- a/changelogs/fragments/ansible-test-redact.yml
+++ b/changelogs/fragments/ansible-test-redact.yml
@ -0,0 +1,2 @@
+minor_changes:
+    - ansible-test defaults to redacting sensitive values (disable with the ``--no-redact`` option)
--- a/test/lib/ansible_test/_internal/cli.py
+++ b/test/lib/ansible_test/_internal/cli.py
@ -206,8 +206,15 @@ def parse_args():
    common.add_argument('--redact',
                        dest='redact',
                        action='store_true',
+                        default=True,
                        help='redact sensitive values in output')

+    common.add_argument('--no-redact',
+                        dest='redact',
+                        action='store_false',
+                        default=False,
+                        help='show sensitive values in output')
+
    common.add_argument('--check-python',
                        choices=SUPPORTED_PYTHON_VERSIONS,
                        help=argparse.SUPPRESS)
--- a/test/lib/ansible_test/_internal/delegation.py
+++ b/test/lib/ansible_test/_internal/delegation.py
@ -617,6 +617,7 @@ def filter_options(args, argv, options, exclude, require):
    options['--requirements'] = 0
    options['--truncate'] = 1
    options['--redact'] = 0
+    options['--no-redact'] = 0

    if isinstance(args, TestConfig):
        options.update({
@ -681,3 +682,5 @@ def filter_options(args, argv, options, exclude, require):

    if args.redact:
        yield '--redact'
+    else:
+        yield '--no-redact'
--- a/test/lib/ansible_test/_internal/util.py
+++ b/test/lib/ansible_test/_internal/util.py
@ -636,7 +636,7 @@ class Display:
        self.rows = 0
        self.columns = 0
        self.truncate = 0
-        self.redact = False
+        self.redact = True
        self.sensitive = set()

        if os.isatty(0):
@ -703,6 +703,9 @@ class Display:
        """
        if self.redact and self.sensitive:
            for item in self.sensitive:
+                if not item:
+                    continue
+
                message = message.replace(item, '*' * len(item))

        if truncate:
--- a/test/lib/ansible_test/_internal/util_common.py
+++ b/test/lib/ansible_test/_internal/util_common.py
@ -95,9 +95,6 @@ class CommonConfig:
        self.truncate = args.truncate  # type: int
        self.redact = args.redact  # type: bool

-        if is_shippable():
-            self.redact = True
-
        self.cache = {}

    def get_ansible_config(self):  # type: () -> str