search

ansible-collections / netapp.ontap

Ansible collection to support NetApp ONTAP configuration.
https://galaxy.ansible.com/netapp/ontap
GNU General Public License v3.0
51 stars 34 forks source link

na_ontap_cifs_local_user warns "[WARNING]: Module did not set no_log for set_password" #163

Closed freedge closed 11 months ago

freedge commented 1 year ago

Summary

running a playbook containing this task:

  - name: cifs user
    na_ontap_cifs_local_user:
      state: present
      vserver: vs
      name: tata
      user_password: "{{ netapp_password }}"
      account_disabled: False
      full_name: Tata
      hostname: "{{ netapp_hostname }}"
      username: "{{ netapp_username }}"
      password: "{{ netapp_password }}"
      use_rest: always
      https: true
      validate_certs: false
      description: a user account to access CIFS that can be used as default in mappings
    delegate_to: localhost

getting a warning:

[WARNING]: Module did not set no_log for set_password

Component Name

na_ontap_cifs_local_user

Ansible Version

$ ansible --version
ansible [core 2.14.4]
  config file = Xnetapp/ansible.cfg
  configured module search path = ['Xplugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = Xnetapp/myenv/lib/python3.10/site-packages/ansible
  ansible collection location = Xnetapp
  executable location = Xnetapp/myenv/bin/ansible
  python version = 3.10.6 (main, May 29 2023, 11:10:38) [GCC 11.3.0] (Xnetapp/myenv/bin/python3)
  jinja version = 3.1.2
  libyaml = True

ONTAP Collection Version

$ ansible-galaxy collection list
Collection   Version                 
------------ -------                 
netapp.ontap 22.7.0

ONTAP Version

NetApp Release 9.13.1: Mon Jun 19 13:36:41 UTC 2023

Playbook

- name: cifs user
    na_ontap_cifs_local_user:
      state: present
      vserver: vs
      name: tata
      user_password: "{{ netapp_password }}"
      account_disabled: False
      full_name: Tata
      hostname: "{{ netapp_hostname }}"
      username: "{{ netapp_username }}"
      password: "{{ netapp_password }}"
      use_rest: always
      https: true
      validate_certs: false
      description: a user account to access CIFS that can be used as default in mappings
    delegate_to: localhost

Steps to Reproduce

Expected Results

no warning

Actual Results

warning
carchi8py commented 11 months ago

Ansible will warn any time any parameter contains (Password, key, secrets, so on), and the internal option no_log is not set.

No_log hides password, key, and so on so they don't appear in plain text.

set_password is a bool and not a secret, so it should be log to help with debug. I"ll talk to Redhat and see if there is a way to disable this, but i don't believe this is.