ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-25 14:20:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

fix no_log disclosure when using aliases

Browse source
This commit is contained in:
Brian Coca 2015-12-22 17:15:58 -05:00
commit 010839aedc
1 changed files with 12 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

18
lib/ansible/module_utils/basic.py
View file

@ -516,6 +516,7 @@ class AnsibleModule(object):
self._debug = False self._debug = False
self.aliases = {} self.aliases = {}
self._legal_inputs = ['_ansible_check_mode', '_ansible_no_log', '_ansible_debug']
if add_file_common_args: if add_file_common_args:
for k, v in FILE_COMMON_ARGUMENTS.items(): for k, v in FILE_COMMON_ARGUMENTS.items():
@ -524,6 +525,14 @@ class AnsibleModule(object):
self.params = self._load_params() self.params = self._load_params()
# append to legal_inputs and then possibly check against them
try:
self.aliases = self._handle_aliases()
except Exception, e:
# use exceptions here cause its not safe to call vail json until no_log is processed
print('{"failed": true, "msg": "Module alias error: %s"}' % str(e))
sys.exit(1)
# Save parameter values that should never be logged # Save parameter values that should never be logged
self.no_log_values = set() self.no_log_values = set()
# Use the argspec to determine which args are no_log # Use the argspec to determine which args are no_log
@ -538,10 +547,6 @@ class AnsibleModule(object):
# reset to LANG=C if it's an invalid/unavailable locale # reset to LANG=C if it's an invalid/unavailable locale
self._check_locale() self._check_locale()
self._legal_inputs = ['_ansible_check_mode', '_ansible_no_log', '_ansible_debug']
# append to legal_inputs and then possibly check against them
self.aliases = self._handle_aliases()
self._check_arguments(check_invalid_arguments) self._check_arguments(check_invalid_arguments)
@ -1064,6 +1069,7 @@ class AnsibleModule(object):
self.fail_json(msg="An unknown error was encountered while attempting to validate the locale: %s" % e) self.fail_json(msg="An unknown error was encountered while attempting to validate the locale: %s" % e)
def _handle_aliases(self): def _handle_aliases(self):
# this uses exceptions as it happens before we can safely call fail_json
aliases_results = {} #alias:canon aliases_results = {} #alias:canon
for (k,v) in self.argument_spec.items(): for (k,v) in self.argument_spec.items():
self._legal_inputs.append(k) self._legal_inputs.append(k)
@ -1072,11 +1078,11 @@ class AnsibleModule(object):
required = v.get('required', False) required = v.get('required', False)
if default is not None and required: if default is not None and required:
# not alias specific but this is a good place to check this # not alias specific but this is a good place to check this
self.fail_json(msg="internal error: required and default are mutually exclusive for %s" % k) raise Exception("internal error: required and default are mutually exclusive for %s" % k)
if aliases is None: if aliases is None:
continue continue
if type(aliases) != list: if type(aliases) != list:
self.fail_json(msg='internal error: aliases must be a list') raise Exception('internal error: aliases must be a list')
for alias in aliases: for alias in aliases:
self._legal_inputs.append(alias) self._legal_inputs.append(alias)
aliases_results[alias] = k aliases_results[alias] = k