ceph-volume process allow obfuscating a key or index when logging commands

Signed-off-by: Alfredo Deza <adeza@redhat.com>
2025-01-04 02:02:36 +00:00 · 2017-10-16 06:50:27 -04:00 · 2017-10-16 06:50:27 -04:00 · bbcca70d96
commit bbcca70d96
parent 555b664882
1 changed files with 42 additions and 1 deletions
--- a/src/ceph-volume/ceph_volume/process.py
+++ b/src/ceph-volume/ceph_volume/process.py
@ -48,6 +48,47 @@ def log_descriptors(reads, process, terminal_logging):
            pass


+def obfuscate(command_, on=None):
+    """
+    Certain commands that are useful to log might contain information that
+    should be replaced by '*' like when creating OSDs and the keyryings are
+    being passed, which should not be logged.
+
+    :param on: A string (will match a flag) or an integer (will match an index)
+
+    If matching on a flag (when ``on`` is a string) it will obfuscate on the
+    value for that flag. That is a command like ['ls', '-l', '/'] that calls
+    `obfuscate(command, on='-l')` will obfustace '/' which is the value for
+    `-l`.
+
+    The reason for `on` to allow either a string or an integer, altering
+    behavior for both is because it is easier for ``run`` and ``call`` to just
+    pop a value to obfuscate (vs. allowing an index or a flag)
+    """
+    command = command_[:]
+    msg = "Running command: %s" % ' '.join(command)
+    if on in [None, False]:
+        return msg
+
+    if isinstance(on, int):
+        index = on
+
+    else:
+        try:
+            index = command.index(on) + 1
+        except ValueError:
+            # if the flag just doesn't exist then it doesn't matter just return
+            # the base msg
+            return msg
+
+    try:
+        command[index] = '*' * len(command[index])
+    except IndexError: # the index was completely out of range
+        return msg
+
+    return "Running command: %s" % ' '.join(command)
+
+
 def run(command, **kw):
    """
    A real-time-logging implementation of a remote subprocess.Popen call where
@ -57,7 +98,7 @@ def run(command, **kw):
    :param stop_on_error: If a nonzero exit status is return, it raises a ``RuntimeError``
    """
    stop_on_error = kw.pop('stop_on_error', True)
-    command_msg = "Running command: %s" % ' '.join(command)
+    command_msg = obfuscate(command, kw.pop('obfuscate', None))
    stdin = kw.pop('stdin', None)
    logger.info(command_msg)
    terminal.write(command_msg)