[BUG] Strip ANSI escape codes from Terraform/Ansible output in API and logs (fixes #1366, fixes #1367)#1401
Open
cray44 wants to merge 1 commit intosplunk:developfrom
Open
Conversation
…d logs (fixes splunk#1366) - Add strip_ansi() utility to attack_range/utils.py using regex - Terraform: pass --no-color via no_color=IsFlagged (also fixes splunk#1367 where colored output was not captured as error text) - Terraform: strip ANSI from init/apply/destroy output before logging or raising RuntimeError - Ansible: set ANSIBLE_NO_COLOR=1 via envvars in ansible_runner.run() - Ansible: strip ANSI from stdout artifact files and event messages before logging - API: strip ANSI from exception messages and tracebacks at all error capture points (build_vpn, build_lab, destroy) Defense in depth: ANSI codes are suppressed at the source (flags) AND stripped at every boundary where they enter the system.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes #1366 and fixes #1367
Terminal color codes (ANSI escape sequences like
\x1b[31m) from Terraform and Ansible output were flowing through to the web app logs and API error responses, making them unreadable. Additionally, colored Terraform output was not being properly captured as error text, causing the API to report "No error output from terraform" even when errors were visible in Docker logs.Changes
Prevention (suppress ANSI at the source):
terraform_manager.py: Changedno_color=IsNotFlaggedtono_color=IsFlaggedinapply()anddestroy()calls, which passes--no-colorto Terraformansible_manager.py: SetANSIBLE_NO_COLOR=1in environment variables passed toansible_runner.run()Defense in depth (strip ANSI wherever output enters the system):
utils.py: Addedstrip_ansi()function using regex pattern\x1b\[[0-9;]*[a-zA-Z]to remove all ANSI escape sequencesterraform_manager.py: Strip ANSI fromstdout/stderrafterapply(),destroy(), andinit()calls, and from retry outputs after state lock unlockansible_manager.py: Strip ANSI from stdout artifact files, event error messages, and Ansible eventmsgfieldsapp.py: Strip ANSI from exception messages and tracebacks at all three error-capture boundaries (build_vpn, build_lab, destroy)Testing
py_compilepasses for all 4 modified files)strip_ansi()unit tested: correctly strips\x1b[31mand other ANSI codes from stringsChecklist
develop