Merge pull request #478 from automationiberia/issue446

silvinux · web-flow · commit 1b5c4f31c4ac · 2023-01-26T12:02:04.000+01:00
add no_log everywhere controller_api_plugin is used
diff --git a/changelogs/fragments/filetree_create.yml b/changelogs/fragments/filetree_create.yml
@@ -3,4 +3,5 @@ minor_changes:
   - Renamed variable controller_workflow_job_templates to controller_workflows (the previos one was not used at all).
   - Improve template to export settings with filetree_create role. Settings will be in yaml format.
   - Add or fix some variables or extra_vars exported from objects like notifications, inventory, inventory_source, hosts, groups, jt or wjt.
+  - Add no_log everywhere controller_api_plugin is used to avoid to expose sensitive information in case of crashes.
 ...
diff --git a/changelogs/fragments/object_diff.yml b/changelogs/fragments/object_diff.yml
@@ -0,0 +1,4 @@
+---
+minor_changes:
+  - Add no_log everywhere controller_api_plugin is used to avoid to expose sensitive information in case of crashes.
+...
diff --git a/roles/filetree_create/tasks/all.yml b/roles/filetree_create/tasks/all.yml
@@ -4,6 +4,7 @@
     is_aap: "{{ lookup(controller_api_plugin, 'ping',
                        host=controller_hostname, oauth_token=controller_oauthtoken,
                        verify_ssl=controller_validate_certs).version is version('4.0.0', '>=') }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
 - name: Include tasks (block)
   when: "['all', 'labels', 'applications', 'instance_groups', 'settings', 'inventory', 'credentials', 'credential_types', 'notification_templates', 'users', 'teams', 'organizations', 'projects', 'execution_environments', 'job_templates', 'workflow_job_templates', 'workflow_job_template_nodes'] | intersect(input_tag) | length > 0"
diff --git a/roles/filetree_create/tasks/applications.yml b/roles/filetree_create/tasks/applications.yml
@@ -5,7 +5,8 @@
                                 query_params={'order_by': 'organization,id'},
                                 host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                                 return_all=true, max_objects=query_controller_api_max_objects)
-                       }}"
+                           }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
 - name: "Create the <ORGANIZATION_NAME>/applications output directory for applications in {{ output_path }}"
   ansible.builtin.file:
diff --git a/roles/filetree_create/tasks/credential_types.yml b/roles/filetree_create/tasks/credential_types.yml
@@ -6,6 +6,7 @@
                                         host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                                         return_all=true, max_objects=query_controller_api_max_objects)
                                }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
   when: is_aap
 
 - name: "Get current Credential Types from the API when Tower"
@@ -15,6 +16,7 @@
                                         host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                                         return_all=true, max_objects=query_controller_api_max_objects)
                                }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
   when: not is_aap
 
 - name: "Create the output directory for credential types: {{ output_path }}"
diff --git a/roles/filetree_create/tasks/credentials.yml b/roles/filetree_create/tasks/credentials.yml
@@ -6,6 +6,7 @@
                                    host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                                    return_all=true, max_objects=query_controller_api_max_objects)
                           }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
 - name: "Create the <ORGANIZATION_NAME>/credentials output directory for credentials in {{ output_path }}"
   ansible.builtin.file:
diff --git a/roles/filetree_create/tasks/execution_environments.yml b/roles/filetree_create/tasks/execution_environments.yml
@@ -5,6 +5,7 @@
                                               host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                                               return_all=true, max_objects=query_controller_api_max_objects)
                                      }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
 - name: "Create the output directory for execution environments: {{ output_path }}"
   ansible.builtin.file:
diff --git a/roles/filetree_create/tasks/instance_groups.yml b/roles/filetree_create/tasks/instance_groups.yml
@@ -5,6 +5,7 @@
                                               host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                                               return_all=true, max_objects=query_controller_api_max_objects)
                                      }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
 - name: "Create the output directory for instance groups: {{ output_path }}"
   ansible.builtin.file:
diff --git a/roles/filetree_create/tasks/inventory.yml b/roles/filetree_create/tasks/inventory.yml
@@ -6,6 +6,7 @@
                                  host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                                  return_all=true, max_objects=query_controller_api_max_objects)
                         }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
 - name: "Create the <ORGANIZATION_NAME>/inventories output directory for inventories in {{ output_path }}"
   ansible.builtin.file:
@@ -50,6 +51,7 @@
   loop_control:
     loop_var: current_inventory_sources
     label: "{{ inventory_sources_output_path }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
 - name: "Set the inventory's hosts"
   ansible.builtin.include_tasks: "hosts.yml"
@@ -66,6 +68,7 @@
   loop_control:
     loop_var: current_inventory_hosts
     label: "{{ hosts_output_path }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
 - name: "Set the inventory's groups"
   ansible.builtin.include_tasks: "groups.yml"
@@ -82,4 +85,5 @@
   loop_control:
     loop_var: current_inventory_groups
     label: "{{ groups_output_path }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 ...
diff --git a/roles/filetree_create/tasks/job_templates.yml b/roles/filetree_create/tasks/job_templates.yml
@@ -6,6 +6,7 @@
                                      host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                                      return_all=true, max_objects=query_controller_api_max_objects)
                             }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
 - name: "Create the <ORGANIZATION_NAME> output directories for job templates in {{ output_path }}"
   ansible.builtin.file:
@@ -47,4 +48,5 @@
   loop_control:
     loop_var: current_job_templates_asset_value
     label: "{{ __dest }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 ...
diff --git a/roles/filetree_create/tasks/labels.yml b/roles/filetree_create/tasks/labels.yml
@@ -6,6 +6,7 @@
                                 host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                                 return_all=true, max_objects=query_controller_api_max_objects)
                        }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
 - name: "Create the <ORGANIZATION_NAME>/labels output directory for labels in {{ output_path }}"
   ansible.builtin.file:
diff --git a/roles/filetree_create/tasks/notification_templates.yml b/roles/filetree_create/tasks/notification_templates.yml
@@ -5,6 +5,7 @@
                                               host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                                               return_all=true, max_objects=query_controller_api_max_objects)
                                      }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
 - name: "Create the <ORGANIZATION_NAME>/notification_templates output directory for notification templates in {{ output_path }}"
   ansible.builtin.file:
diff --git a/roles/filetree_create/tasks/organizations.yml b/roles/filetree_create/tasks/organizations.yml
@@ -6,6 +6,7 @@
                             host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                             return_all=true, max_objects=query_controller_api_max_objects)
                    }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
 - name: "Create the output directory for organizations: {{ output_path + '/' + current_organization_dir.name }}"
   ansible.builtin.file:
@@ -42,4 +43,5 @@
   loop_control:
     loop_var: current_organization
     label: "{{ __dest }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 ...
diff --git a/roles/filetree_create/tasks/projects.yml b/roles/filetree_create/tasks/projects.yml
@@ -6,6 +6,7 @@
                                 host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                                 return_all=true, max_objects=query_controller_api_max_objects)
                        }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
 - name: "Create the <ORGANIZATION_NAME>/projects output directory for projects in {{ output_path }}"
   ansible.builtin.file:
@@ -44,4 +45,5 @@
   loop_control:
     loop_var: current_projects_asset_value
     label: "{{ __dest }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 ...
diff --git a/roles/filetree_create/tasks/settings.yml b/roles/filetree_create/tasks/settings.yml
@@ -5,6 +5,7 @@
                             host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                             return_all=true, max_objects=query_controller_api_max_objects)
                        }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
 - name: "Create the output directory for credential types: {{ output_path }}"
   ansible.builtin.file:
diff --git a/roles/filetree_create/tasks/team_roles.yml b/roles/filetree_create/tasks/team_roles.yml
@@ -5,6 +5,7 @@
                                   host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                                   return_all=true, max_objects=query_controller_api_max_objects)
                          }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
 - name: "Create the output directory for team roles: {{ output_path }}"
   ansible.builtin.file:
diff --git a/roles/filetree_create/tasks/teams.yml b/roles/filetree_create/tasks/teams.yml
@@ -6,6 +6,7 @@
                              host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                              return_all=true, max_objects=query_controller_api_max_objects)
                     }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
 - name: "Create the <ORGANIZATION_NAME>/teams output directory for teams in {{ output_path }}"
   ansible.builtin.file:
diff --git a/roles/filetree_create/tasks/user_roles.yml b/roles/filetree_create/tasks/user_roles.yml
@@ -5,6 +5,7 @@
                                   host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                                   return_all=true, max_objects=query_controller_api_max_objects)
                          }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
 - name: "Create the output directory for user roles: {{ output_path }}"
   ansible.builtin.file:
diff --git a/roles/filetree_create/tasks/users.yml b/roles/filetree_create/tasks/users.yml
@@ -5,16 +5,22 @@
                              host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                              return_all=true, max_objects=query_controller_api_max_objects)
                     }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
 - name: "Add the users the Organizations information"
   ansible.builtin.set_fact:
     current_users: "{{ (current_users | default([])) + [user_lookvar_item | combine({'organizations': user_lookvar_item_organizations})] }}"
   vars:
-    user_lookvar_item_organizations: "{{ query(controller_api_plugin, user_lookvar_item.related.organizations, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) | selectattr('name', 'defined') | map(attribute='name') }}"
+    user_lookvar_item_organizations: "{{ query(controller_api_plugin, user_lookvar_item.related.organizations,
+                                               host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
+                                               return_all=true, max_objects=query_controller_api_max_objects
+                                              ) | selectattr('name', 'defined') | map(attribute='name')
+                                      }}"
   loop: "{{ users_lookvar }}"
   loop_control:
     loop_var: user_lookvar_item
     label: "User {{ user_lookvar_item.username }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
 - name: "Create the <ORGANIZATION_NAME> output directory for users in {{ output_path }}"
   ansible.builtin.file:
diff --git a/roles/filetree_create/tasks/workflow_job_templates.yml b/roles/filetree_create/tasks/workflow_job_templates.yml
@@ -6,6 +6,7 @@
                                               host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                                               return_all=true, max_objects=query_controller_api_max_objects)
                                      }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
 - name: "Create the <ORGANIZATION_NAME>/workflow_job_templates output directory for workflow job templates in {{ output_path }}"
   ansible.builtin.file:
@@ -50,4 +51,5 @@
   loop_control:
     loop_var: current_workflow_job_templates_asset_value
     label: "{{ __dest }}"
+  no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 ...
diff --git a/roles/filetree_create/tests/filetree_create.yml b/roles/filetree_create/tests/filetree_create.yml
@@ -26,7 +26,7 @@
           ansible.builtin.set_fact:
             controller_oauthtoken: "{{ authtoken_res.json.token }}"
             controller_oauthtoken_url: "{{ authtoken_res.json.url }}"
-      no_log: "{{ controller_configuration_filetree_create_secure_logging | default('false') }}"
+      no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
       when: controller_oauthtoken is not defined
       tags:
         - always
diff --git a/roles/object_diff/tasks/credential_types.yml b/roles/object_diff/tasks/credential_types.yml
@@ -7,6 +7,7 @@
                                                 host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                                                 return_all=true, max_objects=query_controller_api_max_objects)
                                         }}"
+  no_log: "{{ controller_configuration_object_diff_secure_logging }}"
   when: is_aap
 
 - name: "Get the API list of all Credential Types"
@@ -16,6 +17,7 @@
                                                 host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                                                 return_all=true, max_objects=query_controller_api_max_objects)
                                         }}"
+  no_log: "{{ controller_configuration_object_diff_secure_logging }}"
   when: not is_aap
 
 - name: "Find the difference of Credential Types between what is on the Controller versus CasC on SCM"
diff --git a/roles/object_diff/tasks/credentials.yml b/roles/object_diff/tasks/credentials.yml
@@ -6,6 +6,7 @@
                                               query_params={'name': orgs},
                                               host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs)
                                    }}"
+  no_log: "{{ controller_configuration_object_diff_secure_logging }}"
 
 - name: "Get the API list of all Credentials in Organization {{ orgs }}"
   ansible.builtin.set_fact:
@@ -14,6 +15,7 @@
                                             host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                                             return_all=true, max_objects=query_controller_api_max_objects)
                                    }}"
+  no_log: "{{ controller_configuration_object_diff_secure_logging }}"
 
 - name: "Find the difference of Credentials between what is on the Controller versus CasC on SCM"
   ansible.builtin.set_fact:
diff --git a/roles/object_diff/tasks/groups.yml b/roles/object_diff/tasks/groups.yml
@@ -5,6 +5,7 @@
                                            query_params={'name': orgs},
                                            host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs)
                                  }}"
+  no_log: "{{ controller_configuration_object_diff_secure_logging }}"
 
 - name: "Get the API list of all inventories"
   ansible.builtin.set_fact:
@@ -16,6 +17,7 @@
                                             host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                                             return_all=true, max_objects=query_controller_api_max_objects)
                                    }}"
+  no_log: "{{ controller_configuration_object_diff_secure_logging }}"
 
 - name: "Get the API list of all groups in the inventories at organization {{ orgs }}"
   ansible.builtin.set_fact:
@@ -27,6 +29,7 @@
   loop: "{{ __controller_api_inventories }}"
   loop_control:
     loop_var: current_inventory
+  no_log: "{{ controller_configuration_object_diff_secure_logging }}"
 
 - name: "Group differences (block)"
   when: __controller_api_groups is defined
diff --git a/roles/object_diff/tasks/hosts.yml b/roles/object_diff/tasks/hosts.yml
@@ -5,6 +5,7 @@
                                             query_params={'name': orgs},
                                             host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs)
                                  }}"
+  no_log: "{{ controller_configuration_object_diff_secure_logging }}"
 
 - name: "Get the API list of all inventories"
   ansible.builtin.set_fact:
@@ -17,6 +18,7 @@
                                             oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                                             return_all=true, max_objects=query_controller_api_max_objects)
                                    }}"
+  no_log: "{{ controller_configuration_object_diff_secure_logging }}"
 
 - name: "Get the API list of all hosts in the inventories at organization {{ orgs }}"
   ansible.builtin.set_fact:
@@ -25,6 +27,7 @@
                                     host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                                     return_all=true, max_objects=query_controller_api_max_objects)
                              }}"
+  no_log: "{{ controller_configuration_object_diff_secure_logging }}"
   loop: "{{ __controller_api_inventories }}"
   loop_control:
     loop_var: current_inventory
diff --git a/roles/object_diff/tasks/inventories.yml b/roles/object_diff/tasks/inventories.yml
@@ -5,6 +5,7 @@
                                              query_params={'name': orgs},
                                              host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs)
                                    }}"
+  no_log: "{{ controller_configuration_object_diff_secure_logging }}"
 
 - name: "Get the API list of all Inventories"
   ansible.builtin.set_fact:
@@ -13,6 +14,7 @@
                                             host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                                             return_all=true, max_objects=query_controller_api_max_objects)
                                    }}"
+  no_log: "{{ controller_configuration_object_diff_secure_logging }}"
 
 - name: "Find the difference of Inventories between what is on the Controller versus CasC on SCM"
   ansible.builtin.set_fact:
diff --git a/roles/object_diff/tasks/inventory_sources.yml b/roles/object_diff/tasks/inventory_sources.yml
@@ -5,6 +5,7 @@
                                              query_params={'name': orgs},
                                              host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs)
                                    }}"
+  no_log: "{{ controller_configuration_object_diff_secure_logging }}"
 
 - name: "Get the API list of all Inventory Sources"
   ansible.builtin.set_fact:
@@ -13,6 +14,7 @@
                                                   host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs,
                                                   return_all=true, max_objects=query_controller_api_max_objects)
                                          }}"
+  no_log: "{{ controller_configuration_object_diff_secure_logging }}"
 
 - name: "Find the difference of Inventory Sources between what is on the Controller versus CasC on SCM"
   ansible.builtin.set_fact:
diff --git a/roles/object_diff/tasks/job_templates.yml b/roles/object_diff/tasks/job_templates.yml
diff --git a/roles/object_diff/tasks/main.yml b/roles/object_diff/tasks/main.yml
diff --git a/roles/object_diff/tasks/organizations.yml b/roles/object_diff/tasks/organizations.yml
diff --git a/roles/object_diff/tasks/projects.yml b/roles/object_diff/tasks/projects.yml
diff --git a/roles/object_diff/tasks/roles.yml b/roles/object_diff/tasks/roles.yml
diff --git a/roles/object_diff/tasks/teams.yml b/roles/object_diff/tasks/teams.yml
diff --git a/roles/object_diff/tasks/user_accounts.yml b/roles/object_diff/tasks/user_accounts.yml
diff --git a/roles/object_diff/tasks/workflow_job_templates.yml b/roles/object_diff/tasks/workflow_job_templates.yml

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +minor_changes:
 +  - Add no_log everywhere controller_api_plugin is used to avoid to expose sensitive information in case of crashes.
 +...