From 999a304c3b148ee938b4edf4dbe118d52b92491f Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Fri, 17 Mar 2017 09:54:09 -0400
Subject: [PATCH] add no_log filtering for runner_item_on_xyz events

see: #5691
---
 awx/lib/tests/test_display_callback.py   | 20 ++++++++++++++++----
 awx/lib/tower_display_callback/module.py | 22 +++++++++++++---------
 2 files changed, 29 insertions(+), 13 deletions(-)

diff --git a/awx/lib/tests/test_display_callback.py b/awx/lib/tests/test_display_callback.py
index 2e3b58bdfc..1cd2ec613c 100644
--- a/awx/lib/tests/test_display_callback.py
+++ b/awx/lib/tests/test_display_callback.py
@@ -126,14 +126,13 @@ def test_callback_plugin_receives_events(executor, cache, event, playbook):
       when: false
 '''},  # noqa
 {'no_log_on_play.yml': '''
-- name: play-level no_log set
+- name: args should not be logged when play-level no_log set
   connection: local
   hosts: all
   gather_facts: no
   no_log: true
   tasks:
-      - name: args should not be logged when play-level no_log set
-        shell: echo "SENSITIVE"
+      - shell: echo "SENSITIVE"
 '''},  # noqa
 {'async_no_log.yml': '''
 - name: async task args should suppressed with no_log
@@ -147,6 +146,19 @@ def test_callback_plugin_receives_events(executor, cache, event, playbook):
       shell: echo "SENSITIVE"
       no_log: true
 '''},  # noqa
+{'with_items.yml': '''
+- name: with_items tasks should be suppressed with no_log
+  connection: local
+  hosts: all
+  gather_facts: no
+  tasks:
+      - shell: echo {{ item }}
+        no_log: true
+        with_items: [ "SENSITIVE", "SENSITIVE-SKIPPED", "SENSITIVE-FAILED" ]
+        when: item != "SENSITIVE-SKIPPED"
+        failed_when: item == "SENSITIVE-FAILED"
+        ignore_errors: yes
+'''},  # noqa
 ])
 def test_callback_plugin_no_log_filters(executor, cache, playbook):
     executor.run()
@@ -167,4 +179,4 @@ def test_callback_plugin_strips_task_environ_variables(executor, cache, playbook
     executor.run()
     assert len(cache)
     for event in cache.values():
-        assert os.environ['VIRTUAL_ENV'] not in json.dumps(event)
+        assert os.environ['PATH'] not in json.dumps(event)
diff --git a/awx/lib/tower_display_callback/module.py b/awx/lib/tower_display_callback/module.py
index 74b6fec9d6..9d8cf24fb9 100644
--- a/awx/lib/tower_display_callback/module.py
+++ b/awx/lib/tower_display_callback/module.py
@@ -75,6 +75,11 @@ class BaseCallbackModule(CallbackBase):
         super(BaseCallbackModule, self).__init__()
         self.task_uuids = set()
 
+    def censor_result(self, res):
+        if res.get('_ansible_no_log', False):
+            return {'censored': "the output has been hidden due to the fact that 'no_log: true' was specified for this result"}  # noqa
+        return res
+
     @contextlib.contextmanager
     def capture_event_data(self, event, **event_data):
 
@@ -310,9 +315,7 @@ class BaseCallbackModule(CallbackBase):
         if result._task.get_name() == 'setup':
             result._result.get('ansible_facts', {}).pop('ansible_env', None)
 
-        res = result._result
-        if res.get('_ansible_no_log', False):
-            res = {'censored': "the output has been hidden due to the fact that 'no_log: true' was specified for this result"}
+        res = self.censor_result(result._result)
 
         event_data = dict(
             host=result._host.get_name(),
@@ -327,9 +330,7 @@ class BaseCallbackModule(CallbackBase):
     def v2_runner_on_failed(self, result, ignore_errors=False):
         # FIXME: Add verbosity for exception/results output.
 
-        res = result._result
-        if res.get('_ansible_no_log', False):
-            res = {'censored': "the output has been hidden due to the fact that 'no_log: true' was specified for this result"}
+        res = self.censor_result(result._result)
 
         event_data = dict(
             host=result._host.get_name(),
@@ -424,28 +425,31 @@ class BaseCallbackModule(CallbackBase):
             super(BaseCallbackModule, self).v2_on_file_diff(result)
 
     def v2_runner_item_on_ok(self, result):
+        res = self.censor_result(result._result)
         event_data = dict(
             host=result._host.get_name(),
             task=result._task,
-            res=result._result,
+            res=res,
         )
         with self.capture_event_data('runner_item_on_ok', **event_data):
             super(BaseCallbackModule, self).v2_runner_item_on_ok(result)
 
     def v2_runner_item_on_failed(self, result):
+        res = self.censor_result(result._result)
         event_data = dict(
             host=result._host.get_name(),
             task=result._task,
-            res=result._result,
+            res=res,
         )
         with self.capture_event_data('runner_item_on_failed', **event_data):
             super(BaseCallbackModule, self).v2_runner_item_on_failed(result)
 
     def v2_runner_item_on_skipped(self, result):
+        res = self.censor_result(result._result)
         event_data = dict(
             host=result._host.get_name(),
             task=result._task,
-            res=result._result,
+            res=res,
         )
         with self.capture_event_data('runner_item_on_skipped', **event_data):
             super(BaseCallbackModule, self).v2_runner_item_on_skipped(result)