search

rhevm-qe-automation / ovirt-ansible

Ansible playbooks for ovirt management
GNU General Public License v3.0
26 stars 28 forks source link

Clear text password in output when using ovirt-iso-uploader-conf role #180

Open fedyafed opened 4 years ago

fedyafed commented 4 years ago

Hi!

When I use ovirt-iso-uploader-conf role I can see values for each parameter in output like:

TASK [ovirt-iso-uploader-conf : Set ovirt-iso-uploader parameters in config file]
ok: [ovirt] => (item={u'key': u'user', u'val': u'admin'})
ok: [ovirt] => (item={u'key': u'passwd', u'val': u'password'})
skipping: [ovirt] => (item={u'key': u'engine', u'val': u''})
skipping: [ovirt] => (item={u'key': u'cert-file', u'val': u''})
skipping: [ovirt] => (item={u'key': u'iso-domain', u'val': u''})
skipping: [ovirt] => (item={u'key': u'nfs-server', u'val': u''})
skipping: [ovirt] => (item={u'key': u'ssh-user', u'val': u''})
skipping: [ovirt] => (item={u'key': u'ssh-port', u'val': u''})
skipping: [ovirt] => (item={u'key': u'key-file', u'val': u''})

I suggest to use label in loop_control:

- name: Set ovirt-iso-uploader parameters in config file
  lineinfile:
    dest: "{{ ovirt_iso_uploader_conf }}"
    line: "{{ item.key }}={{ item.val }}"
    regexp: "^{{ item.key }} *=.*$"
    insertafter: EOF
  when:
    item.val != ""
  with_items:
    - { key: "user", val: "{{ ovirt_iso_uploader_user }}" }
    - { key: "passwd", val: "{{ ovirt_iso_uploader_password }}" }
    - { key: "engine", val: "{{ ovirt_iso_uploader_engine }}" }
    - { key: "cert-file", val: "{{ ovirt_iso_uploader_cert_file }}" }
    - { key: "iso-domain", val: "{{ ovirt_iso_uploader_iso_domain }}" }
    - { key: "nfs-server", val: "{{ ovirt_iso_uploader_nfs_server }}" }
    - { key: "ssh-user", val: "{{ ovirt_iso_uploader_ssh_user }}" }
    - { key: "ssh-port", val: "{{ ovirt_iso_uploader_ssh_port }}" }
    - { key: "key-file", val: "{{ ovirt_iso_uploader_key_file }}" }
  loop_control:
    label: '{{ item.key }}'

In this case you can't see the password anymore:

TASK [ovirt-iso-uploader-conf : Set ovirt-iso-uploader parameters in config file]
ok: [ovirt] => (item=user)
ok: [ovirt] => (item=passwd)
skipping: [ovirt] => (item=engine)
skipping: [ovirt] => (item=cert-file)
skipping: [ovirt] => (item=iso-domain)
skipping: [ovirt] => (item=nfs-server)
skipping: [ovirt] => (item=ssh-user)
skipping: [ovirt] => (item=ssh-port)
skipping: [ovirt] => (item=key-file)

Thanks!