[stable-2.8] Redact sensitive values by default in ansible-test.

(cherry picked from commit 0631e057e9) Co-authored-by: Matt Clay <matt@mystile.com>
6 years ago · c284e40866
parent 5c1c91c3d2
commit c284e40866
4 changed files with 16 additions and 4 deletions
--- a/changelogs/fragments/ansible-test-redact.yml
+++ b/changelogs/fragments/ansible-test-redact.yml
@ -0,0 +1,2 @@
+minor_changes:
+    - ansible-test defaults to redacting sensitive values (disable with the ``--no-redact`` option)
--- a/test/runner/lib/cli.py
+++ b/test/runner/lib/cli.py
@ -180,8 +180,15 @@ def parse_args():
    common.add_argument('--redact',
                        dest='redact',
                        action='store_true',
+                        default=True,
                        help='redact sensitive values in output')

+    common.add_argument('--no-redact',
+                        dest='redact',
+                        action='store_false',
+                        default=False,
+                        help='show sensitive values in output')
+
    test = argparse.ArgumentParser(add_help=False, parents=[common])

    test.add_argument('include',
--- a/test/runner/lib/delegation.py
+++ b/test/runner/lib/delegation.py
@ -492,6 +492,7 @@ def filter_options(args, argv, options, exclude, require):
    options['--requirements'] = 0
    options['--truncate'] = 1
    options['--redact'] = 0
+    options['--no-redact'] = 0

    if isinstance(args, TestConfig):
        options.update({
@ -551,3 +552,5 @@ def filter_options(args, argv, options, exclude, require):

    if args.redact:
        yield '--redact'
+    else:
+        yield '--no-redact'
--- a/test/runner/lib/util.py
+++ b/test/runner/lib/util.py
@ -662,7 +662,7 @@ class Display(object):
        self.rows = 0
        self.columns = 0
        self.truncate = 0
-        self.redact = False
+        self.redact = True
        self.sensitive = set()

        if os.isatty(0):
@ -729,6 +729,9 @@ class Display(object):
        """
        if self.redact and self.sensitive:
            for item in self.sensitive:
+                if not item:
+                    continue
+
                message = message.replace(item, '*' * len(item))

        if truncate:
@ -815,9 +818,6 @@ class CommonConfig(object):
        self.truncate = args.truncate  # type: int
        self.redact = args.redact  # type: bool

-        if is_shippable():
-            self.redact = True
-
        self.cache = {}