From bbd42fcf368d3c1184d112aafade01eb640d0bcd Mon Sep 17 00:00:00 2001
From: Seth Vidal <skvidal@fedoraproject.org>
Date: Tue, 10 Jul 2012 17:13:51 -0400
Subject: [PATCH] modify user module so that password is NEVER logged before
 the command runs

---
 user | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/user b/user
index 5e1d44f2da2..7301bdf7d29 100755
--- a/user
+++ b/user
@@ -22,6 +22,7 @@ try:
 except ImportError:
     import simplejson as json
 import os
+import re
 import pwd
 import grp
 import shlex
@@ -265,7 +266,8 @@ argfile = sys.argv[1]
 args    = open(argfile, 'r').read()
 items   = shlex.split(args)
 syslog.openlog('ansible-%s' % os.path.basename(__file__))
-syslog.syslog(syslog.LOG_NOTICE, 'Invoked with %s' % args)
+log_args = re.sub(r'password=.+ (.*)', r"password=NOT_LOGGING_PASSWORD \1", args)
+syslog.syslog(syslog.LOG_NOTICE, 'Invoked with %s' % log_args)
 
 if not len(items):
     fail_json(msg='the module requires arguments -a')