mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Merge pull request #7132 from jimi-c/issue_6601_hide_vault_yaml
Hide YAML content on syntax errors when a vault password is specified
This commit is contained in:
commit
b9d8b3b911
1 changed files with 29 additions and 18 deletions
|
@ -464,9 +464,10 @@ Could be written as:
|
|||
|
||||
return msg
|
||||
|
||||
def process_yaml_error(exc, data, path=None):
|
||||
def process_yaml_error(exc, data, path=None, show_content=True):
|
||||
if hasattr(exc, 'problem_mark'):
|
||||
mark = exc.problem_mark
|
||||
if show_content:
|
||||
if mark.line -1 >= 0:
|
||||
before_probline = data.split("\n")[mark.line-1]
|
||||
else:
|
||||
|
@ -504,6 +505,14 @@ Should be written as:
|
|||
|
||||
"""
|
||||
msg = process_common_errors(msg, probline, mark.column)
|
||||
else:
|
||||
# most likely displaying a file with sensitive content,
|
||||
# so don't show any of the actual lines of yaml just the
|
||||
# line number itself
|
||||
msg = """Syntax error while loading YAML script, %s
|
||||
The error appears to have been on line %s, column %s, but may actually
|
||||
be before there depending on the exact syntax problem.
|
||||
""" % (path, mark.line + 1, mark.column + 1)
|
||||
|
||||
else:
|
||||
# No problem markers means we have to throw a generic
|
||||
|
@ -519,6 +528,7 @@ def parse_yaml_from_file(path, vault_password=None):
|
|||
''' convert a yaml file to a data structure '''
|
||||
|
||||
data = None
|
||||
show_content = True
|
||||
|
||||
try:
|
||||
data = open(path).read()
|
||||
|
@ -528,11 +538,12 @@ def parse_yaml_from_file(path, vault_password=None):
|
|||
vault = VaultLib(password=vault_password)
|
||||
if vault.is_encrypted(data):
|
||||
data = vault.decrypt(data)
|
||||
show_content = False
|
||||
|
||||
try:
|
||||
return parse_yaml(data, path_hint=path)
|
||||
except yaml.YAMLError, exc:
|
||||
process_yaml_error(exc, data, path)
|
||||
process_yaml_error(exc, data, path, show_content)
|
||||
|
||||
def parse_kv(args):
|
||||
''' convert a string of key/value items to a dict '''
|
||||
|
|
Loading…
Reference in a new issue