def mask_secrets(self, value):
result = copy.deepcopy(value)
liveaction = result['liveaction']
parameters = {}
# pylint: disable=no-member
parameters.update(value.get('action', {}).get('parameters', {}))
parameters.update(value.get('runner', {}).get('runner_parameters', {}))
secret_parameters = get_secret_parameters(parameters=parameters)
result['parameters'] = mask_secret_parameters(parameters=result['parameters'],
secret_parameters=secret_parameters)
if 'parameters' in liveaction:
liveaction['parameters'] = mask_secret_parameters(parameters=liveaction['parameters'],
secret_parameters=secret_parameters)
# TODO(mierdin): This logic should be moved to the dedicated Inquiry
# data model once it exists.
if self.runner.get('name') == "inquirer":
schema = result['result'].get('schema', {})
response = result['result'].get('response', {})
# We can only mask response secrets if response and schema exist and are
# not empty
if response and schema:
result['result']['response'] = mask_inquiry_response(response, schema)
return result
def mask_secrets(self, value):
result = copy.deepcopy(value)
liveaction = result["liveaction"]
parameters = {}
# pylint: disable=no-member
parameters.update(value.get("action", {}).get("parameters", {}))
parameters.update(value.get("runner", {}).get("runner_parameters", {}))
secret_parameters = get_secret_parameters(parameters=parameters)
result["parameters"] = mask_secret_parameters(
parameters=result.get("parameters", {}),
secret_parameters=secret_parameters)
if "parameters" in liveaction:
liveaction["parameters"] = mask_secret_parameters(
parameters=liveaction["parameters"],
secret_parameters=secret_parameters)
if liveaction.get("action", "") == "st2.inquiry.respond":
# Special case to mask parameters for `st2.inquiry.respond` action
# In this case, this execution is just a plain python action, not
# an inquiry, so we don't natively have a handle on the response
# schema.
#
# To prevent leakage, we can just mask all response fields.
#
# Note: The 'string' type in secret_parameters doesn't matter,
# it's just a placeholder to tell mask_secret_parameters()
# that this parameter is indeed a secret parameter and to
# mask it.
result["parameters"]["response"] = mask_secret_parameters(
parameters=liveaction["parameters"]["response"],
secret_parameters={
p: "string"
for p in liveaction["parameters"]["response"]
},
)
# TODO(mierdin): This logic should be moved to the dedicated Inquiry
# data model once it exists.
result["result"] = ActionExecutionDB.result.parse_field_value(
result["result"])
if self.runner.get("name") == "inquirer":
schema = result["result"].get("schema", {})
response = result["result"].get("response", {})
# We can only mask response secrets if response and schema exist and are
# not empty
if response and schema:
result["result"]["response"] = mask_inquiry_response(
response, schema)
return result
def mask_secrets(self, value):
result = copy.deepcopy(value)
liveaction = result['liveaction']
parameters = {}
# pylint: disable=no-member
parameters.update(value.get('action', {}).get('parameters', {}))
parameters.update(value.get('runner', {}).get('runner_parameters', {}))
secret_parameters = get_secret_parameters(parameters=parameters)
result['parameters'] = mask_secret_parameters(
parameters=result['parameters'],
secret_parameters=secret_parameters)
if 'parameters' in liveaction:
liveaction['parameters'] = mask_secret_parameters(
parameters=liveaction['parameters'],
secret_parameters=secret_parameters)
if liveaction.get('action', '') == 'st2.inquiry.respond':
# Special case to mask parameters for `st2.inquiry.respond` action
# In this case, this execution is just a plain python action, not
# an inquiry, so we don't natively have a handle on the response
# schema.
#
# To prevent leakage, we can just mask all response fields.
#
# Note: The 'string' type in secret_parameters doesn't matter,
# it's just a placeholder to tell mask_secret_parameters()
# that this parameter is indeed a secret parameter and to
# mask it.
result['parameters']['response'] = mask_secret_parameters(
parameters=liveaction['parameters']['response'],
secret_parameters={
p: 'string'
for p in liveaction['parameters']['response']
})
# TODO(mierdin): This logic should be moved to the dedicated Inquiry
# data model once it exists.
if self.runner.get('name') == "inquirer":
schema = result['result'].get('schema', {})
response = result['result'].get('response', {})
# We can only mask response secrets if response and schema exist and are
# not empty
if response and schema:
result['result']['response'] = mask_inquiry_response(
response, schema)
return result
def mask_secrets(self, value):
result = copy.deepcopy(value)
liveaction = result['liveaction']
parameters = {}
# pylint: disable=no-member
parameters.update(value.get('action', {}).get('parameters', {}))
parameters.update(value.get('runner', {}).get('runner_parameters', {}))
secret_parameters = get_secret_parameters(parameters=parameters)
result['parameters'] = mask_secret_parameters(parameters=result.get('parameters', {}),
secret_parameters=secret_parameters)
if 'parameters' in liveaction:
liveaction['parameters'] = mask_secret_parameters(parameters=liveaction['parameters'],
secret_parameters=secret_parameters)
if liveaction.get('action', '') == 'st2.inquiry.respond':
# Special case to mask parameters for `st2.inquiry.respond` action
# In this case, this execution is just a plain python action, not
# an inquiry, so we don't natively have a handle on the response
# schema.
#
# To prevent leakage, we can just mask all response fields.
#
# Note: The 'string' type in secret_parameters doesn't matter,
# it's just a placeholder to tell mask_secret_parameters()
# that this parameter is indeed a secret parameter and to
# mask it.
result['parameters']['response'] = mask_secret_parameters(
parameters=liveaction['parameters']['response'],
secret_parameters={p: 'string' for p in liveaction['parameters']['response']}
)
# TODO(mierdin): This logic should be moved to the dedicated Inquiry
# data model once it exists.
if self.runner.get('name') == "inquirer":
schema = result['result'].get('schema', {})
response = result['result'].get('response', {})
# We can only mask response secrets if response and schema exist and are
# not empty
if response and schema:
result['result']['response'] = mask_inquiry_response(response, schema)
return result