From ed5a01c0cf5c7c1aaf5bf5206c78a9e0ef7e46af Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Thu, 2 Mar 2017 11:57:22 -0500
Subject: [PATCH] strip `ansible_env` from job event callback data

this often contains sensitive details, and the data is already filtered
and stored on the job itself

see: #5601
---
 awx/lib/tower_display_callback/module.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/awx/lib/tower_display_callback/module.py b/awx/lib/tower_display_callback/module.py
index c553b08853..c40c94ec5a 100644
--- a/awx/lib/tower_display_callback/module.py
+++ b/awx/lib/tower_display_callback/module.py
@@ -304,6 +304,12 @@ class BaseCallbackModule(CallbackBase):
 
     def v2_runner_on_ok(self, result):
         # FIXME: Display detailed results or not based on verbosity.
+
+        # strip environment vars from the job event; it already exists on the
+        # job and sensitive values are filtered there
+        if result._task.get_name() == 'setup':
+            result._result.get('ansible_facts', {}).pop('ansible_env', None)
+
         event_data = dict(
             host=result._host.get_name(),
             remote_addr=result._host.address,