Open mamoep opened 1 year ago
These security logging parameters are masked by Ansible itself during the facts, nothing is done in the modules. I see you mentioned Ansible FOS 1.3.3 as the version. As per my understanding, it is the same behavior in older Ansible FOS releases as well. This behavior can be overridden with the no_log option in yml or ansible.cfg to show sensitive parameters as well in ansible logging. Did you try no_log option?
What is the FOS Switch release? what is the actual name that should be shown instead of VALUE_SPECIFIED_IN_NO_LOG_PARAMETER?
I tried to set "no_log: false" in the playbook but it didn't make any difference. I don't think that setting can override "secured" variables from the module code.
Tested with FOS 8.2.3d and 9.1.1c
The actual name is the one used infos_user_name: "{{ username }}"
variable. So whichever user I choose as login credential.
Taking our fos_user_name out of the credentials and treating it as different is working fine. Please let us know if it works for you with these changes: --> In the playbook *.yml file(s), remove the fos_user_name from the credential group. --> In the tasks of facts.yml, add fos_user_name as shown below: brocade_facts: credential: "{{credential}}" fos_user_name: "{{fos_user_name}}" --> In the brocade_facts.py, have the following changes argument_spec = dict( credential=dict(required=True, type='dict', no_log=True),
fos_user_name=dict(required=True, type='str'),
...
Please let us know if it resolves this issue.
The proposed fix works.
I suggest to following change to keep the current structure of the credential object intact, while still be able to mute the password.
argument_spec = dict(
credential=dict(
required=True,
type='dict',
options=dict(
fos_ip_addr=dict(required=True, type='str'),
fos_user_name=dict(required=True, type='str'),
fos_password=dict(required=True, type='str', no_log=True),
https=dict(required=True, type='bool'),
ssh_hostkeymust=dict(required=False, type='bool')
)
),
Thanks for the confirmation and suggestion. Sure, we will handle it in the proposed way so that no need to change existing playbooks. This will be handled in the next release.
This approach proposed here is implemented in FOSAnsible release 2.0.0.
When collecting switch information with the brocade_facts module, the name of the user that is used for login is replaced by "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER". I am using Ansible Galaxy collection version 1.3.3.
Task:
Output