PyPI - cli2 - Versions diffs - 4.2.6__tar.gz → 4.2.8__tar.gz - Mend

cli2 4.2.6tar.gz → 4.2.8tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (56) hide show

{cli2-4.2.6/cli2.egg-info → cli2-4.2.8}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: cli2
-Version: 4.2.6
+Version: 4.2.8
 Summary: image:: https://yourlabs.io/oss/cli2/badges/master/pipeline.svg
 Home-page: https://yourlabs.io/oss/cli2
 Author: James Pic

{cli2-4.2.6 → cli2-4.2.8}/cli2/__init__.py RENAMED Viewed

@@ -38,7 +38,7 @@ except ImportError:
     raise
     # httpx not installed
     pass
-from .display import diff, diff_data, render, print, highlight
+from .display import diff, diff_data, render, print, highlight, yaml_highlight
 from .lock import Lock
 from .log import configure, log
 from .table import Table

{cli2-4.2.6 → cli2-4.2.8}/cli2/ansible/action.py RENAMED Viewed

@@ -1,15 +1,18 @@
 """
-Experimental: my base class for Ansible actions.
+Base class for Ansible Actions.
 """
 import asyncio
 import cli2
 import copy
+import difflib
 import os
 import re
 import traceback
 from ansible.plugins.action import ActionBase
+from ansible.plugins.action import display
+from ansible.plugins.filter.core import to_nice_yaml
 # colors:
 # black
@@ -126,7 +129,39 @@ class ActionBase(ActionBase):
         The client object generated by :py:meth:`client_factory` if you
         implement it.
+    .. py:attribute:: mask
+        List of result keys to mask, if set, this module will print the result
+        with masked values, so you can set no_log: True for the task and still
+        see most of the result.
+    .. py:attribute:: masked_keys
+        Property which returns the list of keys in :py:attr:`mask` + those in
+        the `mask` fact + those in the client if any.
+    .. py:attribute:: masked_values
+        First, the plugin will iterate over args and facts to learn all values
+        which are in :py:attr:`masked_keys`.
+        This is then both used and provisioned by :py:meth:`mask_data()`.
     """
+    mask = None
+    masked = Option(fact='mask', default=[])
+    masked_values = None
+    @property
+    def masked_keys(self):
+        result = []
+        if self.mask:
+            result += self.mask
+        result += self.masked
+        if self.client and self.client.mask:
+            result += self.client.mask
+        return result
     def get(self, arg_name=None, fact_name=None, default=UNSET_DEFAULT):
         if arg_name and arg_name in self._task.args:
             return self._task.args[arg_name]
@@ -146,10 +181,19 @@ class ActionBase(ActionBase):
         asyncio.run(self.run_wrapped_async())
         return self.result
+    def collect_masked_values(self):
+        # collect all values that have to be masked
+        self.masked_values = []
+        for key in self.masked_keys:
+            if self.task_vars.get(key, None):
+                self.masked_values.append(self.task_vars[key])
+            if self._task.args.get(key, None):
+                self.masked_values.append(self._task.args[key])
     async def run_wrapped_async(self):
         self.verbosity = self.task_vars.get('ansible_verbosity', 0)
-        if 'LOG_LEVEL' not in os.environ and 'DEBUG' not in os.environ:
+        if 'LOG_LEVEL' not in os.environ and os.getenv('DEBUG'):
             if self.verbosity == 1:
                 os.environ['LOG_LEVEL'] = 'INFO'
             elif self.verbosity >= 2:
@@ -161,6 +205,7 @@ class ActionBase(ActionBase):
                 self.client = await self.client_factory()
             except NotImplementedError:
                 self.client = None
+            self.collect_masked_values()
             await self.run_async()
         except Exception as exc:
             self.result['failed'] = True
@@ -186,28 +231,73 @@ class ActionBase(ActionBase):
             # for pytest to raise
             self.exc = exc
         finally:
+            if self.mask and self.verbosity:
+                self.print_yaml(self.result)
             if (
                 self._before_data != UNSET_DEFAULT
                 and self._after_data != UNSET_DEFAULT
             ):
-                diff = cli2.diff_data(
-                    self._before_data,
-                    self._after_data,
+                diff = difflib.unified_diff(
+                    to_nice_yaml(
+                        self.mask_data(self._before_data)
+                    ).splitlines(),
+                    to_nice_yaml(
+                        self.mask_data(self._after_data)
+                    ).splitlines(),
                     self._before_label,
                     self._after_label,
                 )
-                if self.client and self.client.mask:
-                    output = '\n'.join([
-                        line.rstrip() for line in diff if line.strip()
-                    ])
-                    output = re.sub(
-                        f'({"|".join(self.client.mask)}): (.*)',
-                        '\\1: ***MASKED***',
-                        ''.join(output),
-                    )
-                    print(cli2.highlight(output, 'Diff'))
+                cli2.diff(diff)
+    def print_yaml(self, data):
+        """
+        Render data as masked yaml.
+        """
+        data = self.mask_data(data)
+        yaml = to_nice_yaml(data)
+        rendered = cli2.yaml_highlight(yaml)
+        self.print(rendered)
+    def print(self, data):
+        # this serves for mocking
+        print(data)
+    def mask_data(self, data):
+        """"
+        Do our best to mask sensitive values in the data param recursively.
+        - when data is a dict: it is recursively iterated on, any value that in
+          is :py:attr:`masked_keys` will have it's value replaced with
+          ``***MASKED***``, also, the value is added to
+          :py:attr:`masked_values`.
+        - when data is a string, each :py:attr:`masked_values` will be replaced
+          with ``***MASKED***``, so we're actually able to mask sensitive
+          information from stdout outputs and the likes.
+        - when data is a list, each item is passed to :py:meth:`mask_data()`.
+        Note that the :envvar:`DEBUG` environment variable will prevent any
+        masking at all.
+        """
+        if os.getenv('DEBUG'):
+            return data
+        return self._mask(copy.deepcopy(data))
+    def _mask(self, data):
+        if isinstance(data, dict):
+            for key, value in data.items():
+                if key in self.masked_keys:
+                    self.masked_values.append(value)
+                    data[key] = '***MASKED***'
                 else:
-                    cli2.diff(diff)
+                    data[key] = self.mask_data(value)
+        elif isinstance(data, list):
+            return [self.mask_data(item) for item in data]
+        elif isinstance(data, str):
+            for value in self.masked_values:
+                data = data.replace(str(value), '***MASKED***')
+        return data
     async def run_async(self):
         """
@@ -247,6 +337,7 @@ class ActionBase(ActionBase):
         obj.task_vars = facts or {}
         obj.task_vars.setdefault('ansible_verbosity', 2)
         obj.exc = False
+        obj.masked_values = []
         if client:
             async def _factory():
                 return client
@@ -277,7 +368,7 @@ class ActionBase(ActionBase):
         :param data: Dictionnary of data
         :param label: Label to show in diff
         """
-        self._before_data = copy.deepcopy(data)
+        self._before_data = data
         self._before_label = label
     def after_set(self, data, label='after'):
@@ -287,5 +378,40 @@ class ActionBase(ActionBase):
         :param data: Dictionnary of data
         :param label: Label to show in diff
         """
-        self._after_data = copy.deepcopy(data)
+        self._after_data = data
         self._after_label = label
+    def subprocess_remote(self, cmd, **kwargs):
+        """
+        Execute a shell command on the remote in a masked context
+        :param cmd: Command to run
+        :param kwargs: Other shell args, such as creates etc
+        """
+        new_task = self._task.copy()
+        new_task.args = dict(_raw_params=cmd, **kwargs)
+        if self.verbosity:
+            display.display(
+                f'<{self.task_vars["inventory_hostname"]}> + '
+                + self.mask_data(cmd),
+                color='blue',
+            )
+        shell_action = self._shared_loader_obj.action_loader.get(
+            'ansible.builtin.shell',
+            task=new_task,
+            connection=self._connection,
+            play_context=self._play_context,
+            loader=self._loader,
+            templar=self._templar,
+            shared_loader_obj=self._shared_loader_obj,
+        )
+        result = shell_action.run(task_vars=self.task_vars.copy())
+        if self.verbosity:
+            if 'stderr_lines' in result:
+                print(self.mask_data(result['stderr']))
+            if 'stdout_lines' in result:
+                print(self.mask_data(result['stdout']))
+        result.pop('invocation')
+        return result

{cli2-4.2.6 → cli2-4.2.8/cli2.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: cli2
-Version: 4.2.6
+Version: 4.2.8
 Summary: image:: https://yourlabs.io/oss/cli2/badges/master/pipeline.svg
 Home-page: https://yourlabs.io/oss/cli2
 Author: James Pic

{cli2-4.2.6 → cli2-4.2.8}/setup.py RENAMED Viewed

@@ -44,7 +44,7 @@ from setuptools import setup
 setup(
     name='cli2',
-    version='4.2.6',
+    version='4.2.8',
     setup_requires='setupmeta',
     packages=['cli2'],
     install_requires=[

{cli2-4.2.6 → cli2-4.2.8}/tests/test_ansible.py RENAMED Viewed

@@ -8,6 +8,27 @@ import yaml
 from cli2 import ansible
+class ActionModule(ansible.ActionBase):
+    mask = ['a']
+    async def run_async(self):
+        self.result['x'] = dict(a='a', b='b', c='c', d='foo a rrr')
+@pytest.mark.asyncio
+async def test_mask(monkeypatch):
+    printer = mock.Mock()
+    monkeypatch.setattr(ActionModule, 'print', printer)
+    module = await ActionModule.run_test_async(facts=dict(mask=['b']))
+    # result is untouched
+    assert module.result == {'x':
+        {'a': 'a', 'b': 'b', 'c': 'c', 'd': 'foo a rrr'}
+    }
+    # output has proper masking
+    expected = "\x1b[94mx\x1b[39;49;00m:\x1b[37m\x1b[39;49;00m\n\x1b[37m    \x1b[39;49;00m\x1b[94ma\x1b[39;49;00m:\x1b[37m \x1b[39;49;00m\x1b[33m'\x1b[39;49;00m\x1b[33m***MASKED***\x1b[39;49;00m\x1b[33m'\x1b[39;49;00m\x1b[37m\x1b[39;49;00m\n\x1b[37m    \x1b[39;49;00m\x1b[94mb\x1b[39;49;00m:\x1b[37m \x1b[39;49;00m\x1b[33m'\x1b[39;49;00m\x1b[33m***MASKED***\x1b[39;49;00m\x1b[33m'\x1b[39;49;00m\x1b[37m\x1b[39;49;00m\n\x1b[37m    \x1b[39;49;00m\x1b[94mc\x1b[39;49;00m:\x1b[37m \x1b[39;49;00mc\x1b[37m\x1b[39;49;00m\n\x1b[37m    \x1b[39;49;00m\x1b[94md\x1b[39;49;00m:\x1b[37m \x1b[39;49;00mfoo ***MASKED*** rrr\x1b[37m\x1b[39;49;00m\n"  # noqa
+    printer.assert_called_once_with(expected)
 @pytest.mark.asyncio
 async def test_response_error(httpx_mock):
     class Client(cli2.Client):