External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-25 01:27:45 -02:30
Code Issues Packages Projects Releases Wiki Activity

Avoid redacting Galaxy URLs

Browse Source
This commit is contained in:
AlanCoding
2019-08-26 12:10:10 -04:00
parent c566c332f9
commit d59d8562db
2 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
awx/main/redact.py
View File

@@ -1,6 +1,8 @@
import re import re
import urllib.parse as urlparse import urllib.parse as urlparse
from django.conf import settings
REPLACE_STR = '$encrypted$' REPLACE_STR = '$encrypted$'
@@ -10,14 +12,22 @@ class UriCleaner(object):
@staticmethod @staticmethod
def remove_sensitive(cleartext): def remove_sensitive(cleartext):
if settings.PRIVATE_GALAXY_URL:
exclude_list = (settings.PUBLIC_GALAXY_URL, settings.PRIVATE_GALAXY_URL)
else:
exclude_list = (settings.PUBLIC_GALAXY_URL)
redactedtext = cleartext redactedtext = cleartext
text_index = 0 text_index = 0
while True: while True:
match = UriCleaner.SENSITIVE_URI_PATTERN.search(redactedtext, text_index) match = UriCleaner.SENSITIVE_URI_PATTERN.search(redactedtext, text_index)
if not match: if not match:
break break
try:
uri_str = match.group(1) uri_str = match.group(1)
# Do not redact items from the exclude list
if any(uri_str.startswith(exclude_uri) for exclude_uri in exclude_list):
text_index = match.start() + len(UriCleaner.REPLACE_STR)
continue
try:
# May raise a ValueError if invalid URI for one reason or another # May raise a ValueError if invalid URI for one reason or another
o = urlparse.urlsplit(uri_str) o = urlparse.urlsplit(uri_str)
@@ -52,6 +62,7 @@ class UriCleaner(object):
redactedtext = t redactedtext = t
if text_index >= len(redactedtext): if text_index >= len(redactedtext):
text_index = len(redactedtext) - 1 text_index = len(redactedtext) - 1
print('URL string old: {} new: {}'.format(uri_str_old, uri_str))
except ValueError: except ValueError:
# Invalid URI, redact the whole URI to be safe # Invalid URI, redact the whole URI to be safe
redactedtext = redactedtext[:match.start()] + UriCleaner.REPLACE_STR + redactedtext[match.end():] redactedtext = redactedtext[:match.start()] + UriCleaner.REPLACE_STR + redactedtext[match.end():]

2
awx/settings/defaults.py
View File

@@ -627,6 +627,8 @@ PRIVATE_GALAXY_URL = None
PRIVATE_GALAXY_USERNAME = None PRIVATE_GALAXY_USERNAME = None
PRIVATE_GALAXY_TOKEN = None PRIVATE_GALAXY_TOKEN = None
PRIVATE_GALAXY_PASSWORD = None PRIVATE_GALAXY_PASSWORD = None
# Public Galaxy URL, not configurable outside of file-based settings
PUBLIC_GALAXY_URL = 'https://galaxy.ansible.com'
# Enable bubblewrap support for running jobs (playbook runs only). # Enable bubblewrap support for running jobs (playbook runs only).
# Note: This setting may be overridden by database settings. # Note: This setting may be overridden by database settings.