shaba/awx
1
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2024-11-02 18:21:12 +03:00
Code Releases Activity

AC-752 Hide password in BROKER_URL environment variable, show other variables that are known not to contain sensitive information.

Browse Source
This commit is contained in:
Chris Church 2013-12-11 15:17:18 -05:00
parent 783ecbe2ba
commit 5bf3197680
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
awx/main/tasks.py
View File

@ -134,10 +134,19 @@ class BaseTask(Task):
return env return env
def build_safe_env(self, instance, **kwargs): def build_safe_env(self, instance, **kwargs):
hidden_re = re.compile('API|TOKEN|KEY|SECRET|PASS') hidden_re = re.compile(r'API|TOKEN|KEY|SECRET|PASS')
urlpass_re = re.compile(r'^.*?://.?:(.*?)@.*?$')
env = self.build_env(instance, **kwargs) env = self.build_env(instance, **kwargs)
for k,v in env.items(): for k,v in env.items():
if hidden_re.search(k): if k == 'BROKER_URL':
m = urlpass_re.match(v)
if m:
env[k] = urlpass_re.sub('*'*len(m.groups()[0]), v)
elif k in ('REST_API_URL', 'AWS_ACCESS_KEY', 'AWS_ACCESS_KEY_ID'):
continue
elif k.startswith('ANSIBLE_'):
continue
elif hidden_re.search(k):
env[k] = '*'*len(str(v)) env[k] = '*'*len(str(v))
return env return env