External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-19 23:07:42 -02:30
Code Issues Packages Projects Releases Wiki Activity

Redact env vars for Galaxy token or password

Browse Source
This commit is contained in:
AlanCoding
2019-10-02 11:46:47 -04:00
parent 576ff1007e
commit 85c99cc38a
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
awx/main/models/credential/__init__.py
View File

@@ -64,7 +64,7 @@ def build_safe_env(env):
for k, v in safe_env.items(): for k, v in safe_env.items():
if k == 'AWS_ACCESS_KEY_ID': if k == 'AWS_ACCESS_KEY_ID':
continue continue
elif k.startswith('ANSIBLE_') and not k.startswith('ANSIBLE_NET'): elif k.startswith('ANSIBLE_') and not k.startswith('ANSIBLE_NET') and not k.startswith('ANSIBLE_GALAXY_SERVER'):
continue continue
elif hidden_re.search(k): elif hidden_re.search(k):
safe_env[k] = HIDDEN_PASSWORD safe_env[k] = HIDDEN_PASSWORD

2
awx/main/tests/unit/test_tasks.py
View File

@@ -130,6 +130,8 @@ def test_send_notifications_list(mock_notifications_filter, mock_job_get, mocker
('VMWARE_PASSWORD', 'SECRET'), ('VMWARE_PASSWORD', 'SECRET'),
('API_SECRET', 'SECRET'), ('API_SECRET', 'SECRET'),
('CALLBACK_CONNECTION', 'amqp://tower:password@localhost:5672/tower'), ('CALLBACK_CONNECTION', 'amqp://tower:password@localhost:5672/tower'),
('ANSIBLE_GALAXY_SERVER_PRIMARY_GALAXY_PASSWORD', 'SECRET'),
('ANSIBLE_GALAXY_SERVER_PRIMARY_GALAXY_TOKEN', 'SECRET'),
]) ])
def test_safe_env_filtering(key, value): def test_safe_env_filtering(key, value):
assert build_safe_env({key: value})[key] == tasks.HIDDEN_PASSWORD assert build_safe_env({key: value})[key] == tasks.HIDDEN_PASSWORD