Merge pull request #6969 from AlanCoding/censor_overwriting

Prevent overwriting of playbook data when censoring
2024-11-01 08:21:15 +03:00 · 2017-07-11 09:40:35 -04:00 · 2017-07-11 09:40:35 -04:00 · 586961907c
commit 586961907c
parent 1d5023189e b393a60ece
2 changed files with 35 additions and 0 deletions
--- a/awx/lib/tests/test_display_callback.py
+++ b/awx/lib/tests/test_display_callback.py
@ -209,6 +209,38 @@ def test_callback_plugin_task_args_leak(executor, cache, playbook):
    assert events[5]['event_data']['task_args'] == "the output has been hidden due to the fact that 'no_log: true' was specified for this result"  # noqa


+@pytest.mark.parametrize('playbook', [
+{'loop_with_no_log.yml': '''
+- name: playbook variable should not be overwritten when using no log
+  connection: local
+  hosts: all
+  gather_facts: no
+  tasks:
+    - command: "{{ item }}"
+      register: command_register
+      no_log: True
+      with_items:
+        - "echo helloworld!"
+    - debug: msg="{{ command_register.results|map(attribute='stdout')|list }}"
+'''},  # noqa
+])
+def test_callback_plugin_censoring_does_not_overwrite(executor, cache, playbook):
+    executor.run()
+    events = cache.values()
+    assert events[0]['event'] == 'playbook_on_start'
+    assert events[1]['event'] == 'playbook_on_play_start'
+
+    # task 1
+    assert events[2]['event'] == 'playbook_on_task_start'
+    # Ordering of task and item events may differ randomly
+    assert set(['runner_on_ok', 'runner_item_on_ok']) == set([data['event'] for data in events[3:5]])
+
+    # task 2 no_log=True
+    assert events[5]['event'] == 'playbook_on_task_start'
+    assert events[6]['event'] == 'runner_on_ok'
+    assert 'helloworld!' in events[6]['event_data']['res']['msg']
+
+
@pytest.mark.parametrize('playbook', [
 {'strip_env_vars.yml': '''
 - name: sensitive environment variables should be stripped from events
--- a/awx/lib/tower_display_callback/module.py
+++ b/awx/lib/tower_display_callback/module.py
@ -21,6 +21,7 @@ from __future__ import (absolute_import, division, print_function)
 import contextlib
 import sys
 import uuid
+from copy import copy

 # Ansible
 from ansible.plugins.callback import CallbackBase
@ -73,6 +74,8 @@ class BaseCallbackModule(CallbackBase):
        if event_data.get('res'):
            if event_data['res'].get('_ansible_no_log', False):
                event_data['res'] = {'censored': CENSORED}
+            if event_data['res'].get('results', []):
+                event_data['res']['results'] = copy(event_data['res']['results'])
            for i, item in enumerate(event_data['res'].get('results', [])):
                if isinstance(item, dict) and item.get('_ansible_no_log', False):
                    event_data['res']['results'][i] = {'censored': CENSORED}