d85e055 ipapython.ipautil.run: allow skipping stdout/stderr logging

Authored and Committed by abbra 4 years ago
    ipapython.ipautil.run: allow skipping stdout/stderr logging
    
    There are cases when output from a utility run contains sensitive
    content that is better to avoid logging. For example, klist can be told
    to show actual encryption keys with -K option. Redacting them out with
    nolog option to ipapython.ipautil.run() is not possible because
    replacement routine expects exact matches.
    
    Introduce two boolean options that allow to skip printing output from
    the utility being run:
      -- nolog_output: skip printing captured stdout
      -- nolog_error: skip printing captured stderr
    
    These options default to False (thus, stdout/stderr content will
    continue to be printed). In case they were set to True, corresponding
    line will contain
    
       stdout=<REDACTED>
    
    or
    
       stderr=<REDACTED>
    
    Fixes: https://pagure.io/freeipa/issue/3999
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
    
        
file modified
+15 -3