1 files changed, 26 insertions, 15 deletions

diff --git a/cloudinit/util.py b/cloudinit/util.py
index a8c0cceb..33da73eb 100644
--- a/cloudinit/util.py
+++ b/cloudinit/util.py
@@ -24,8 +24,8 @@
 
 from StringIO import StringIO
 
-import copy as obj_copy
 import contextlib
+import copy as obj_copy
 import errno
 import glob
 import grp
@@ -317,8 +317,9 @@ def multi_log(text, console=True, stderr=True,
         else:
             log.log(log_level, text)
 
+
 def is_ipv4(instr):
-    """ determine if input string is a ipv4 address. return boolean"""
+    """determine if input string is a ipv4 address. return boolean."""
     toks = instr.split('.')
     if len(toks) != 4:
         return False
@@ -826,12 +827,12 @@ def get_cmdline_url(names=('cloud-config-url', 'url'),
 
 
 def is_resolvable(name):
-    """ determine if a url is resolvable, return a boolean
+    """determine if a url is resolvable, return a boolean
     This also attempts to be resilent against dns redirection.
 
     Note, that normal nsswitch resolution is used here.  So in order
     to avoid any utilization of 'search' entries in /etc/resolv.conf
-    we have to append '.'. 
+    we have to append '.'.
 
     The top level 'invalid' domain is invalid per RFC.  And example.com
     should also not exist.  The random entry will be resolved inside
@@ -847,7 +848,7 @@ def is_resolvable(name):
             try:
                 result = socket.getaddrinfo(iname, None, 0, 0,
                     socket.SOCK_STREAM, socket.AI_CANONNAME)
-                badresults[iname] = [] 
+                badresults[iname] = []
                 for (_fam, _stype, _proto, cname, sockaddr) in result:
                     badresults[iname].append("%s: %s" % (cname, sockaddr[0]))
                     badips.add(sockaddr[0])
@@ -856,7 +857,7 @@ def is_resolvable(name):
         _DNS_REDIRECT_IP = badips
         if badresults:
             LOG.debug("detected dns redirection: %s" % badresults)
-    
+
     try:
         result = socket.getaddrinfo(name, None)
         # check first result's sockaddr field
@@ -874,7 +875,7 @@ def get_hostname():
 
 
 def is_resolvable_url(url):
-    """ determine if this url is resolvable (existing or ip) """
+    """determine if this url is resolvable (existing or ip)."""
     return (is_resolvable(urlparse.urlparse(url).hostname))
 
 
@@ -1105,7 +1106,7 @@ def hash_blob(blob, routine, mlen=None):
 
 def rename(src, dest):
     LOG.debug("Renaming %s to %s", src, dest)
-    # TODO use a se guard here??
+    # TODO(harlowja) use a se guard here??
     os.rename(src, dest)
 
 
@@ -1284,12 +1285,15 @@ def ensure_file(path, mode=0644):
     write_file(path, content='', omode="ab", mode=mode)
 
 
-def chmod(path, mode):
-    real_mode = None
+def safe_int(possible_int):
     try:
-        real_mode = int(mode)
+        return int(possible_int)
     except (ValueError, TypeError):
-        pass
+        return None
+
+
+def chmod(path, mode):
+    real_mode = safe_int(mode)
     if path and real_mode:
         with SeLinuxGuard(path):
             os.chmod(path, real_mode)
@@ -1329,12 +1333,19 @@ def delete_dir_contents(dirname):
             del_file(node_fullpath)
 
 
-def subp(args, data=None, rcs=None, env=None, capture=True, shell=False):
+def subp(args, data=None, rcs=None, env=None, capture=True, shell=False,
+         logstring=False):
     if rcs is None:
         rcs = [0]
     try:
-        LOG.debug(("Running command %s with allowed return codes %s"
-                   " (shell=%s, capture=%s)"), args, rcs, shell, capture)
+
+        if not logstring:
+            LOG.debug(("Running command %s with allowed return codes %s"
+                       " (shell=%s, capture=%s)"), args, rcs, shell, capture)
+        else:
+            LOG.debug(("Running hidden command to protect sensitive "
+                       "input/output logstring: %s"), logstring)
+
         if not capture:
             stdout = None
             stderr = None