From 0588fa9f161ef9e4b3b8370f25396fc5aeb2a699 Mon Sep 17 00:00:00 2001 From: AlanCoding Date: Wed, 1 Feb 2017 10:55:36 -0500 Subject: [PATCH] disable standard out censoring for now --- awx/main/models/jobs.py | 23 ---------------- .../tests/unit/models/test_survey_models.py | 27 ------------------- 2 files changed, 50 deletions(-) diff --git a/awx/main/models/jobs.py b/awx/main/models/jobs.py index 6c19d973a2..d76b03c42a 100644 --- a/awx/main/models/jobs.py +++ b/awx/main/models/jobs.py @@ -31,7 +31,6 @@ from awx.main.utils import ( ignore_inventory_computed_fields, parse_yaml_or_json, ) -from awx.main.redact import PlainTextCleaner from awx.main.fields import ImplicitRoleField from awx.main.models.mixins import ResourceMixin, SurveyJobTemplateMixin, SurveyJobMixin from awx.main.models.base import PERM_INVENTORY_SCAN @@ -601,28 +600,6 @@ class Job(UnifiedJob, JobOptions, SurveyJobMixin, JobNotificationMixin): return "$hidden due to Ansible no_log flag$" return artifacts - def _survey_search_and_replace(self, content): - # Use job template survey spec to identify password fields. - # Then lookup password fields in extra_vars and save the values - job_extra_vars = self.extra_vars_dict - password_list = [job_extra_vars[k] for k in self.survey_passwords.keys() - if k in job_extra_vars] - return_content = content - for val in password_list: - if len(val) == 0: - continue # avoids memory errors - return_content = PlainTextCleaner.remove_sensitive(return_content, val) - return return_content - - - def _result_stdout_raw_limited(self, *args, **kwargs): - buff, start, end, abs_end = super(Job, self)._result_stdout_raw_limited(*args, **kwargs) - return self._survey_search_and_replace(buff), start, end, abs_end - - def _result_stdout_raw(self, *args, **kwargs): - content = super(Job, self)._result_stdout_raw(*args, **kwargs) - return self._survey_search_and_replace(content) - # Job Credential required @property def can_start(self): diff --git a/awx/main/tests/unit/models/test_survey_models.py b/awx/main/tests/unit/models/test_survey_models.py index 3d9b44bcca..584a4cc7f0 100644 --- a/awx/main/tests/unit/models/test_survey_models.py +++ b/awx/main/tests/unit/models/test_survey_models.py @@ -59,33 +59,6 @@ def test_survey_passwords_not_in_extra_vars(): } -@pytest.mark.survey -def test_survey_passwords_not_in_stdout(job_with_survey): - job_with_survey.survey_passwords['has_blank_value'] = '$encrypted$' - job_with_survey.extra_vars = json.dumps({ - 'has_blank_value': '', - 'secret_key': '6kQngg3h8lgiSTvIEb21', - 'SSN': '123-45-6789'}) - example_stdout = ''' -PLAY [all] ********************************************************************* - -TASK [debug] ******************************************************************* -ok: [webserver45] => { - "msg": "Helpful echo of your secret_key: secret_key=6kQngg3h8lgiSTvIEb21 " -} - -TASK [debug] ******************************************************************* -ok: [webserver46] => { - "msg": "Helpful echo of your secret_key: secret_key=123-45-6789 " -} -''' - display_stdout = job_with_survey._survey_search_and_replace(example_stdout) - assert display_stdout == example_stdout.replace( - '6kQngg3h8lgiSTvIEb21', '$encrypted$').replace('123-45-6789', '$encrypted$') - assert type(display_stdout) == type(example_stdout) - - - def test_job_safe_args_redacted_passwords(job): """Verify that safe_args hides passwords in the job extra_vars""" kwargs = {'ansible_version': '2.1'}