Fix zuul_json callback plugin problem with loops

When using 'with_items' in Ansible the result items of the iterations are contained in the list under the 'results' key. This can cause secrets to be leaked when they are used in a loop. Change-Id: I9e8d08f75207b362ca23457c44cc2f38ff43ac23
2018-03-14 07:33:04 +01:00 · 2018-03-14 07:33:04 +01:00 · b7cbdda897
parent 1e4384747d
commit b7cbdda897
2 changed files with 13 additions and 0 deletions
--- a/tests/fixtures/config/remote-zuul-json/git/org_project/playbooks/no-log.yaml
+++ b/tests/fixtures/config/remote-zuul-json/git/org_project/playbooks/no-log.yaml
@ -5,3 +5,7 @@
    - debug:
        msg: setec astronomy
      no_log: true
+    - debug:
+        msg: setec astronomy
+      no_log: true
+      with_sequence: start=0 end=2
--- a/zuul/ansible/callback/zuul_json.py
+++ b/zuul/ansible/callback/zuul_json.py
@ -121,6 +121,15 @@ class CallbackModule(CallbackBase):
                         " 'no_log: true' was specified for this result")
        else:
            clean_result = strip_internal_keys(result._result)
+
+            for index, item_result in enumerate(
+                    clean_result.get('results', [])):
+                if not item_result.get('_ansible_no_log', False):
+                    continue
+                clean_result['results'][index] = dict(
+                    censored="the output has been hidden due to the fact that"
+                             " 'no_log: true' was specified for this result")
+
            self.results[-1]['tasks'][-1]['hosts'][host.name] = clean_result

    def v2_playbook_on_stats(self, stats):