diff --git a/awx/main/redact.py b/awx/main/redact.py index ec6211910b..fce725f427 100644 --- a/awx/main/redact.py +++ b/awx/main/redact.py @@ -1,6 +1,8 @@ import re import urllib.parse as urlparse +from django.conf import settings + REPLACE_STR = '$encrypted$' @@ -10,14 +12,22 @@ class UriCleaner(object): @staticmethod def remove_sensitive(cleartext): + if settings.PRIVATE_GALAXY_URL: + exclude_list = (settings.PUBLIC_GALAXY_URL, settings.PRIVATE_GALAXY_URL) + else: + exclude_list = (settings.PUBLIC_GALAXY_URL) redactedtext = cleartext text_index = 0 while True: match = UriCleaner.SENSITIVE_URI_PATTERN.search(redactedtext, text_index) if not match: break + uri_str = match.group(1) + # Do not redact items from the exclude list + if any(uri_str.startswith(exclude_uri) for exclude_uri in exclude_list): + text_index = match.start() + len(UriCleaner.REPLACE_STR) + continue try: - uri_str = match.group(1) # May raise a ValueError if invalid URI for one reason or another o = urlparse.urlsplit(uri_str) @@ -52,6 +62,7 @@ class UriCleaner(object): redactedtext = t if text_index >= len(redactedtext): text_index = len(redactedtext) - 1 + print('URL string old: {} new: {}'.format(uri_str_old, uri_str)) except ValueError: # Invalid URI, redact the whole URI to be safe redactedtext = redactedtext[:match.start()] + UriCleaner.REPLACE_STR + redactedtext[match.end():] diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py index 1424850cb2..c6bbe841e9 100644 --- a/awx/settings/defaults.py +++ b/awx/settings/defaults.py @@ -627,6 +627,8 @@ PRIVATE_GALAXY_URL = None PRIVATE_GALAXY_USERNAME = None PRIVATE_GALAXY_TOKEN = None PRIVATE_GALAXY_PASSWORD = None +# Public Galaxy URL, not configurable outside of file-based settings +PUBLIC_GALAXY_URL = 'https://galaxy.ansible.com' # Enable bubblewrap support for running jobs (playbook runs only). # Note: This setting may be overridden by database settings.