Open derekpurdy opened 1 year ago
@derekpurdy I'm curious, do you think data should be masked by the task or by the module? @BGmot, thoughts?
@derekpurdy I'm curious, do you think data should be masked by the task or by the module? @BGmot, thoughts?
Honestly I'm not sure.
I don't think it's possible but I think would be great for it to run no-log:true if it detects a secret macro type, but duplicating it just to add a when clause wouldn't be ideal.
This might be possible on module level code, I'll take a look.
SUMMARY
Use no_log: true for setting Macros in the api.yml task for zabbix agent role.
macro_type of secret was added with #620
ISSUE TYPE
COMPONENT NAME
roles/zabbix_agent/tasks/api.yml "API | Updating host configuration with macros"
ADDITIONAL INFORMATION
Due to sensitive information potentially being set with zabbix_agent_macros when macro_type is set to secret, I believe the "API | Updating host configuration with macros" should be modified to run with no_log: true.