From 9855ce131555d5a0f6c167ff70a63beddd74a5d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ivan=20Aragon=C3=A9s=20Muniesa?= <26822043+ivarmu@users.noreply.github.com> Date: Thu, 26 Jan 2023 09:13:22 +0100 Subject: [PATCH 1/2] add no_log everywhere controller_api_plugin is used --- roles/filetree_create/tasks/all.yml | 1 + roles/filetree_create/tasks/applications.yml | 3 ++- roles/filetree_create/tasks/credential_types.yml | 2 ++ roles/filetree_create/tasks/credentials.yml | 1 + roles/filetree_create/tasks/execution_environments.yml | 1 + roles/filetree_create/tasks/instance_groups.yml | 1 + roles/filetree_create/tasks/inventory.yml | 4 ++++ roles/filetree_create/tasks/job_templates.yml | 2 ++ roles/filetree_create/tasks/labels.yml | 1 + roles/filetree_create/tasks/notification_templates.yml | 1 + roles/filetree_create/tasks/organizations.yml | 2 ++ roles/filetree_create/tasks/projects.yml | 2 ++ roles/filetree_create/tasks/settings.yml | 1 + roles/filetree_create/tasks/team_roles.yml | 1 + roles/filetree_create/tasks/teams.yml | 1 + roles/filetree_create/tasks/user_roles.yml | 1 + roles/filetree_create/tasks/users.yml | 8 +++++++- roles/filetree_create/tasks/workflow_job_templates.yml | 2 ++ roles/filetree_create/tests/filetree_create.yml | 2 +- roles/object_diff/tasks/credential_types.yml | 2 ++ roles/object_diff/tasks/credentials.yml | 2 ++ roles/object_diff/tasks/groups.yml | 3 +++ roles/object_diff/tasks/hosts.yml | 3 +++ roles/object_diff/tasks/inventories.yml | 2 ++ roles/object_diff/tasks/inventory_sources.yml | 2 ++ roles/object_diff/tasks/job_templates.yml | 2 ++ roles/object_diff/tasks/main.yml | 1 + roles/object_diff/tasks/organizations.yml | 3 +++ roles/object_diff/tasks/projects.yml | 2 ++ roles/object_diff/tasks/roles.yml | 2 ++ roles/object_diff/tasks/teams.yml | 3 +++ roles/object_diff/tasks/user_accounts.yml | 2 ++ roles/object_diff/tasks/workflow_job_templates.yml | 2 ++ 33 files changed, 65 insertions(+), 3 deletions(-) diff --git a/roles/filetree_create/tasks/all.yml b/roles/filetree_create/tasks/all.yml index 081e5200e..900038000 100644 --- a/roles/filetree_create/tasks/all.yml +++ b/roles/filetree_create/tasks/all.yml @@ -4,6 +4,7 @@ is_aap: "{{ lookup(controller_api_plugin, 'ping', host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs).version is version('4.0.0', '>=') }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: Include tasks (block) when: "['all', 'labels', 'applications', 'instance_groups', 'settings', 'inventory', 'credentials', 'credential_types', 'notification_templates', 'users', 'teams', 'organizations', 'projects', 'execution_environments', 'job_templates', 'workflow_job_templates', 'workflow_job_template_nodes'] | intersect(input_tag) | length > 0" diff --git a/roles/filetree_create/tasks/applications.yml b/roles/filetree_create/tasks/applications.yml index ce66bdbf0..477902b17 100644 --- a/roles/filetree_create/tasks/applications.yml +++ b/roles/filetree_create/tasks/applications.yml @@ -5,7 +5,8 @@ query_params={'order_by': 'organization,id'}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) - }}" + }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the /applications output directory for applications in {{ output_path }}" ansible.builtin.file: diff --git a/roles/filetree_create/tasks/credential_types.yml b/roles/filetree_create/tasks/credential_types.yml index f732c78fa..ac0291539 100644 --- a/roles/filetree_create/tasks/credential_types.yml +++ b/roles/filetree_create/tasks/credential_types.yml @@ -6,6 +6,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" when: is_aap - name: "Get current Credential Types from the API when Tower" @@ -15,6 +16,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" when: not is_aap - name: "Create the output directory for credential types: {{ output_path }}" diff --git a/roles/filetree_create/tasks/credentials.yml b/roles/filetree_create/tasks/credentials.yml index 5f1b7e0e8..3af85f91f 100644 --- a/roles/filetree_create/tasks/credentials.yml +++ b/roles/filetree_create/tasks/credentials.yml @@ -6,6 +6,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the /credentials output directory for credentials in {{ output_path }}" ansible.builtin.file: diff --git a/roles/filetree_create/tasks/execution_environments.yml b/roles/filetree_create/tasks/execution_environments.yml index 259a42d77..2fc737d3f 100644 --- a/roles/filetree_create/tasks/execution_environments.yml +++ b/roles/filetree_create/tasks/execution_environments.yml @@ -5,6 +5,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the output directory for execution environments: {{ output_path }}" ansible.builtin.file: diff --git a/roles/filetree_create/tasks/instance_groups.yml b/roles/filetree_create/tasks/instance_groups.yml index 6846941d9..41657a065 100644 --- a/roles/filetree_create/tasks/instance_groups.yml +++ b/roles/filetree_create/tasks/instance_groups.yml @@ -5,6 +5,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the output directory for instance groups: {{ output_path }}" ansible.builtin.file: diff --git a/roles/filetree_create/tasks/inventory.yml b/roles/filetree_create/tasks/inventory.yml index 3bf4a52a1..2c3e9ef64 100644 --- a/roles/filetree_create/tasks/inventory.yml +++ b/roles/filetree_create/tasks/inventory.yml @@ -6,6 +6,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the /inventories output directory for inventories in {{ output_path }}" ansible.builtin.file: @@ -50,6 +51,7 @@ loop_control: loop_var: current_inventory_sources label: "{{ inventory_sources_output_path }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Set the inventory's hosts" ansible.builtin.include_tasks: "hosts.yml" @@ -66,6 +68,7 @@ loop_control: loop_var: current_inventory_hosts label: "{{ hosts_output_path }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Set the inventory's groups" ansible.builtin.include_tasks: "groups.yml" @@ -82,4 +85,5 @@ loop_control: loop_var: current_inventory_groups label: "{{ groups_output_path }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" ... diff --git a/roles/filetree_create/tasks/job_templates.yml b/roles/filetree_create/tasks/job_templates.yml index a54e16e45..87617eaf1 100644 --- a/roles/filetree_create/tasks/job_templates.yml +++ b/roles/filetree_create/tasks/job_templates.yml @@ -6,6 +6,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the output directories for job templates in {{ output_path }}" ansible.builtin.file: @@ -47,4 +48,5 @@ loop_control: loop_var: current_job_templates_asset_value label: "{{ __dest }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" ... diff --git a/roles/filetree_create/tasks/labels.yml b/roles/filetree_create/tasks/labels.yml index 2cec4a266..f993c998f 100644 --- a/roles/filetree_create/tasks/labels.yml +++ b/roles/filetree_create/tasks/labels.yml @@ -6,6 +6,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the /labels output directory for labels in {{ output_path }}" ansible.builtin.file: diff --git a/roles/filetree_create/tasks/notification_templates.yml b/roles/filetree_create/tasks/notification_templates.yml index d42859d1d..d2517e90f 100644 --- a/roles/filetree_create/tasks/notification_templates.yml +++ b/roles/filetree_create/tasks/notification_templates.yml @@ -5,6 +5,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the /notification_templates output directory for notification templates in {{ output_path }}" ansible.builtin.file: diff --git a/roles/filetree_create/tasks/organizations.yml b/roles/filetree_create/tasks/organizations.yml index 1d889f1f8..ebbfed93c 100644 --- a/roles/filetree_create/tasks/organizations.yml +++ b/roles/filetree_create/tasks/organizations.yml @@ -6,6 +6,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the output directory for organizations: {{ output_path + '/' + current_organization_dir.name }}" ansible.builtin.file: @@ -42,4 +43,5 @@ loop_control: loop_var: current_organization label: "{{ __dest }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" ... diff --git a/roles/filetree_create/tasks/projects.yml b/roles/filetree_create/tasks/projects.yml index be873f744..0b96f126d 100644 --- a/roles/filetree_create/tasks/projects.yml +++ b/roles/filetree_create/tasks/projects.yml @@ -6,6 +6,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the /projects output directory for projects in {{ output_path }}" ansible.builtin.file: @@ -44,4 +45,5 @@ loop_control: loop_var: current_projects_asset_value label: "{{ __dest }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" ... diff --git a/roles/filetree_create/tasks/settings.yml b/roles/filetree_create/tasks/settings.yml index 88ae1d154..856a61c8c 100644 --- a/roles/filetree_create/tasks/settings.yml +++ b/roles/filetree_create/tasks/settings.yml @@ -5,6 +5,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the output directory for credential types: {{ output_path }}" ansible.builtin.file: diff --git a/roles/filetree_create/tasks/team_roles.yml b/roles/filetree_create/tasks/team_roles.yml index 9f497d1f5..1db22c86d 100644 --- a/roles/filetree_create/tasks/team_roles.yml +++ b/roles/filetree_create/tasks/team_roles.yml @@ -5,6 +5,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the output directory for team roles: {{ output_path }}" ansible.builtin.file: diff --git a/roles/filetree_create/tasks/teams.yml b/roles/filetree_create/tasks/teams.yml index 0cf0a745e..ea20e6ae3 100644 --- a/roles/filetree_create/tasks/teams.yml +++ b/roles/filetree_create/tasks/teams.yml @@ -6,6 +6,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the /teams output directory for teams in {{ output_path }}" ansible.builtin.file: diff --git a/roles/filetree_create/tasks/user_roles.yml b/roles/filetree_create/tasks/user_roles.yml index efdab949a..cd4335327 100644 --- a/roles/filetree_create/tasks/user_roles.yml +++ b/roles/filetree_create/tasks/user_roles.yml @@ -5,6 +5,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the output directory for user roles: {{ output_path }}" ansible.builtin.file: diff --git a/roles/filetree_create/tasks/users.yml b/roles/filetree_create/tasks/users.yml index 296d2715e..bd3a0b8bd 100644 --- a/roles/filetree_create/tasks/users.yml +++ b/roles/filetree_create/tasks/users.yml @@ -5,16 +5,22 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Add the users the Organizations information" ansible.builtin.set_fact: current_users: "{{ (current_users | default([])) + [user_lookvar_item | combine({'organizations': user_lookvar_item_organizations})] }}" vars: - user_lookvar_item_organizations: "{{ query(controller_api_plugin, user_lookvar_item.related.organizations, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) | selectattr('name', 'defined') | map(attribute='name') }}" + user_lookvar_item_organizations: "{{ query(controller_api_plugin, user_lookvar_item.related.organizations, + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects + ) | selectattr('name', 'defined') | map(attribute='name') + }}" loop: "{{ users_lookvar }}" loop_control: loop_var: user_lookvar_item label: "User {{ user_lookvar_item.username }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the output directory for users in {{ output_path }}" ansible.builtin.file: diff --git a/roles/filetree_create/tasks/workflow_job_templates.yml b/roles/filetree_create/tasks/workflow_job_templates.yml index 095ac0cc4..0f4655130 100644 --- a/roles/filetree_create/tasks/workflow_job_templates.yml +++ b/roles/filetree_create/tasks/workflow_job_templates.yml @@ -6,6 +6,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the /workflow_job_templates output directory for workflow job templates in {{ output_path }}" ansible.builtin.file: @@ -50,4 +51,5 @@ loop_control: loop_var: current_workflow_job_templates_asset_value label: "{{ __dest }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" ... diff --git a/roles/filetree_create/tests/filetree_create.yml b/roles/filetree_create/tests/filetree_create.yml index f9afd9b2a..f8f0c42cd 100644 --- a/roles/filetree_create/tests/filetree_create.yml +++ b/roles/filetree_create/tests/filetree_create.yml @@ -26,7 +26,7 @@ ansible.builtin.set_fact: controller_oauthtoken: "{{ authtoken_res.json.token }}" controller_oauthtoken_url: "{{ authtoken_res.json.url }}" - no_log: "{{ controller_configuration_filetree_create_secure_logging | default('false') }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" when: controller_oauthtoken is not defined tags: - always diff --git a/roles/object_diff/tasks/credential_types.yml b/roles/object_diff/tasks/credential_types.yml index dbb5417fd..237ad0779 100644 --- a/roles/object_diff/tasks/credential_types.yml +++ b/roles/object_diff/tasks/credential_types.yml @@ -7,6 +7,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" when: is_aap - name: "Get the API list of all Credential Types" @@ -16,6 +17,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" when: not is_aap - name: "Find the difference of Credential Types between what is on the Controller versus CasC on SCM" diff --git a/roles/object_diff/tasks/credentials.yml b/roles/object_diff/tasks/credentials.yml index 1465af525..b4263d14f 100644 --- a/roles/object_diff/tasks/credentials.yml +++ b/roles/object_diff/tasks/credentials.yml @@ -6,6 +6,7 @@ query_params={'name': orgs}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get the API list of all Credentials in Organization {{ orgs }}" ansible.builtin.set_fact: @@ -14,6 +15,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Find the difference of Credentials between what is on the Controller versus CasC on SCM" ansible.builtin.set_fact: diff --git a/roles/object_diff/tasks/groups.yml b/roles/object_diff/tasks/groups.yml index b7cfd4ff9..cd8c71127 100644 --- a/roles/object_diff/tasks/groups.yml +++ b/roles/object_diff/tasks/groups.yml @@ -5,6 +5,7 @@ query_params={'name': orgs}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get the API list of all inventories" ansible.builtin.set_fact: @@ -16,6 +17,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get the API list of all groups in the inventories at organization {{ orgs }}" ansible.builtin.set_fact: @@ -27,6 +29,7 @@ loop: "{{ __controller_api_inventories }}" loop_control: loop_var: current_inventory + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Group differences (block)" when: __controller_api_groups is defined diff --git a/roles/object_diff/tasks/hosts.yml b/roles/object_diff/tasks/hosts.yml index 1962ab145..303ad6950 100644 --- a/roles/object_diff/tasks/hosts.yml +++ b/roles/object_diff/tasks/hosts.yml @@ -5,6 +5,7 @@ query_params={'name': orgs}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get the API list of all inventories" ansible.builtin.set_fact: @@ -17,6 +18,7 @@ password=controller_password, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get the API list of all hosts in the inventories at organization {{ orgs }}" ansible.builtin.set_fact: @@ -25,6 +27,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" loop: "{{ __controller_api_inventories }}" loop_control: loop_var: current_inventory diff --git a/roles/object_diff/tasks/inventories.yml b/roles/object_diff/tasks/inventories.yml index d9b74c550..65e2930a9 100644 --- a/roles/object_diff/tasks/inventories.yml +++ b/roles/object_diff/tasks/inventories.yml @@ -5,6 +5,7 @@ query_params={'name': orgs}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get the API list of all Inventories" ansible.builtin.set_fact: @@ -13,6 +14,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Find the difference of Inventories between what is on the Controller versus CasC on SCM" ansible.builtin.set_fact: diff --git a/roles/object_diff/tasks/inventory_sources.yml b/roles/object_diff/tasks/inventory_sources.yml index caddc6c33..6da6f9179 100644 --- a/roles/object_diff/tasks/inventory_sources.yml +++ b/roles/object_diff/tasks/inventory_sources.yml @@ -5,6 +5,7 @@ query_params={'name': orgs}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get the API list of all Inventory Sources" ansible.builtin.set_fact: @@ -13,6 +14,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Find the difference of Inventory Sources between what is on the Controller versus CasC on SCM" ansible.builtin.set_fact: diff --git a/roles/object_diff/tasks/job_templates.yml b/roles/object_diff/tasks/job_templates.yml index cf9b5f677..ce4d1a8eb 100644 --- a/roles/object_diff/tasks/job_templates.yml +++ b/roles/object_diff/tasks/job_templates.yml @@ -5,6 +5,7 @@ query_params={'name': orgs}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get the API list of all Job Templates in Organization {{ orgs }}" ansible.builtin.set_fact: @@ -13,6 +14,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Find the difference of Job Templates between what is on the Controller versus CasC on SCM" ansible.builtin.set_fact: diff --git a/roles/object_diff/tasks/main.yml b/roles/object_diff/tasks/main.yml index 3ad3a5014..34bec9423 100644 --- a/roles/object_diff/tasks/main.yml +++ b/roles/object_diff/tasks/main.yml @@ -32,6 +32,7 @@ is_aap: "{{ lookup(controller_api_plugin, 'ping', host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs).version is version('4.0.0', '>=') }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" tags: - always diff --git a/roles/object_diff/tasks/organizations.yml b/roles/object_diff/tasks/organizations.yml index 87f6a9b06..79482b6c5 100644 --- a/roles/object_diff/tasks/organizations.yml +++ b/roles/object_diff/tasks/organizations.yml @@ -5,6 +5,7 @@ query_params={'username': controller_username}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Role differences (block)" when: @@ -16,6 +17,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Find the difference of Organizations between what is on the Controller versus curated list." ansible.builtin.set_fact: @@ -30,6 +32,7 @@ loop: "{{ __organizations_difference }}" loop_control: loop_var: __organizations_difference_list_empty_item + no_log: "{{ controller_configuration_object_diff_secure_logging }}" when: - protect_not_empty_orgs is defined - protect_not_empty_orgs diff --git a/roles/object_diff/tasks/projects.yml b/roles/object_diff/tasks/projects.yml index 9b0db27bf..6ea7b93cf 100644 --- a/roles/object_diff/tasks/projects.yml +++ b/roles/object_diff/tasks/projects.yml @@ -5,6 +5,7 @@ query_params={'name': orgs}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get the API list of all Projects in Organization {{ orgs }}" ansible.builtin.set_fact: @@ -13,6 +14,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Find the difference of Project between what is on the Controller versus CasC on SCM" ansible.builtin.set_fact: diff --git a/roles/object_diff/tasks/roles.yml b/roles/object_diff/tasks/roles.yml index c97f470cf..8c10126ba 100644 --- a/roles/object_diff/tasks/roles.yml +++ b/roles/object_diff/tasks/roles.yml @@ -5,6 +5,7 @@ query_params={'username': controller_username}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Role differences (block)" when: @@ -38,6 +39,7 @@ }}" loop_control: loop_var: current_role + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Explode the roles for users" ansible.builtin.set_fact: diff --git a/roles/object_diff/tasks/teams.yml b/roles/object_diff/tasks/teams.yml index fad5994c7..12ef352fb 100644 --- a/roles/object_diff/tasks/teams.yml +++ b/roles/object_diff/tasks/teams.yml @@ -5,6 +5,7 @@ query_params={'username': controller_username}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Team differences (block)" when: @@ -16,6 +17,7 @@ query_params={'name': orgs}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get the API list of all teams in Organization {{ orgs }}" ansible.builtin.set_fact: @@ -24,6 +26,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Find the difference of Teams between what is on the Controller versus CasC on SCM" ansible.builtin.set_fact: diff --git a/roles/object_diff/tasks/user_accounts.yml b/roles/object_diff/tasks/user_accounts.yml index ee08740b7..2b8d7ac03 100644 --- a/roles/object_diff/tasks/user_accounts.yml +++ b/roles/object_diff/tasks/user_accounts.yml @@ -6,6 +6,7 @@ query_params={'username': controller_username}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get all users from the API" ansible.builtin.set_fact: @@ -13,6 +14,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Populate user accounts (block)" when: not drop_user_external_accounts diff --git a/roles/object_diff/tasks/workflow_job_templates.yml b/roles/object_diff/tasks/workflow_job_templates.yml index 9867cb506..f26795e2c 100644 --- a/roles/object_diff/tasks/workflow_job_templates.yml +++ b/roles/object_diff/tasks/workflow_job_templates.yml @@ -5,6 +5,7 @@ query_params={'name': orgs}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get the API list of all Workflow Job Templates" ansible.builtin.set_fact: @@ -13,6 +14,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Find the difference of Workflow Job Templates between what is on the Controller versus CasC on SCM" ansible.builtin.set_fact: From 725b95ff9172de615beba083adc8c2173b22fadb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ivan=20Aragon=C3=A9s=20Muniesa?= <26822043+ivarmu@users.noreply.github.com> Date: Thu, 26 Jan 2023 11:44:09 +0100 Subject: [PATCH 2/2] added changelog fragment --- changelogs/fragments/filetree_create.yml | 1 + changelogs/fragments/object_diff.yml | 4 ++++ 2 files changed, 5 insertions(+) create mode 100644 changelogs/fragments/object_diff.yml diff --git a/changelogs/fragments/filetree_create.yml b/changelogs/fragments/filetree_create.yml index e91d29e26..01e8d2aaa 100644 --- a/changelogs/fragments/filetree_create.yml +++ b/changelogs/fragments/filetree_create.yml @@ -3,4 +3,5 @@ minor_changes: - Renamed variable controller_workflow_job_templates to controller_workflows (the previos one was not used at all). - Improve template to export settings with filetree_create role. Settings will be in yaml format. - Add or fix some variables or extra_vars exported from objects like notifications, inventory, inventory_source, hosts, groups, jt or wjt. + - Add no_log everywhere controller_api_plugin is used to avoid to expose sensitive information in case of crashes. ... diff --git a/changelogs/fragments/object_diff.yml b/changelogs/fragments/object_diff.yml new file mode 100644 index 000000000..d0e9d6908 --- /dev/null +++ b/changelogs/fragments/object_diff.yml @@ -0,0 +1,4 @@ +--- +minor_changes: + - Add no_log everywhere controller_api_plugin is used to avoid to expose sensitive information in case of crashes. +...