From dec03d06c894001611af0b3cb37801fa49ea214c Mon Sep 17 00:00:00 2001
From: Matt Clay <matt@mystile.com>
Date: Tue, 17 Sep 2019 09:06:26 -0700
Subject: [PATCH] [stable-2.7] Redact sensitive values by default in
 ansible-test. (cherry picked from commit
 0631e057e9124af1d1676def456d49c6e0c16404)

Co-authored-by: Matt Clay <matt@mystile.com>.
---
 changelogs/fragments/ansible-test-redact.yml | 2 ++
 test/runner/lib/cli.py                       | 7 +++++++
 test/runner/lib/delegation.py                | 3 +++
 test/runner/lib/util.py                      | 8 ++++----
 4 files changed, 16 insertions(+), 4 deletions(-)
 create mode 100644 changelogs/fragments/ansible-test-redact.yml

diff --git a/changelogs/fragments/ansible-test-redact.yml b/changelogs/fragments/ansible-test-redact.yml
new file mode 100644
index 00000000000..59eb32b46f0
--- /dev/null
+++ b/changelogs/fragments/ansible-test-redact.yml
@@ -0,0 +1,2 @@
+minor_changes:
+    - ansible-test defaults to redacting sensitive values (disable with the ``--no-redact`` option)
diff --git a/test/runner/lib/cli.py b/test/runner/lib/cli.py
index cab215fe489..429adac7f1b 100644
--- a/test/runner/lib/cli.py
+++ b/test/runner/lib/cli.py
@@ -177,8 +177,15 @@ def parse_args():
     common.add_argument('--redact',
                         dest='redact',
                         action='store_true',
+                        default=True,
                         help='redact sensitive values in output')
 
+    common.add_argument('--no-redact',
+                        dest='redact',
+                        action='store_false',
+                        default=False,
+                        help='show sensitive values in output')
+
     test = argparse.ArgumentParser(add_help=False, parents=[common])
 
     test.add_argument('include',
diff --git a/test/runner/lib/delegation.py b/test/runner/lib/delegation.py
index c0098cb4a44..6f43b606438 100644
--- a/test/runner/lib/delegation.py
+++ b/test/runner/lib/delegation.py
@@ -461,6 +461,7 @@ def filter_options(args, argv, options, exclude, require):
     options['--requirements'] = 0
     options['--truncate'] = 1
     options['--redact'] = 0
+    options['--no-redact'] = 0
 
     if isinstance(args, TestConfig):
         options.update({
@@ -520,3 +521,5 @@ def filter_options(args, argv, options, exclude, require):
 
     if args.redact:
         yield '--redact'
+    else:
+        yield '--no-redact'
diff --git a/test/runner/lib/util.py b/test/runner/lib/util.py
index 8eeca9cb4d5..37e2152a4a0 100644
--- a/test/runner/lib/util.py
+++ b/test/runner/lib/util.py
@@ -604,7 +604,7 @@ class Display(object):
         self.rows = 0
         self.columns = 0
         self.truncate = 0
-        self.redact = False
+        self.redact = True
         self.sensitive = set()
 
         if os.isatty(0):
@@ -671,6 +671,9 @@ class Display(object):
         """
         if self.redact and self.sensitive:
             for item in self.sensitive:
+                if not item:
+                    continue
+
                 message = message.replace(item, '*' * len(item))
 
         if truncate:
@@ -757,9 +760,6 @@ class CommonConfig(object):
         self.truncate = args.truncate  # type: int
         self.redact = args.redact  # type: bool
 
-        if is_shippable():
-            self.redact = True
-
 
 def docker_qualify_image(name):
     """