ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-25 22:30:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

Remove example of using params for the url_password

Browse source 
params could be logged so never use it for passwords.

Also add code to raise an error if passwords are used in that field.

References #30874
This commit is contained in:
Toshio Kuratomi 2017-09-25 12:56:59 -07:00
commit 863fcb5ace
1 changed files with 11 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

17
lib/ansible/modules/web_infrastructure/jenkins_plugin.py
View file

@ -52,6 +52,8 @@ options:
description: description:
- Option used to allow the user to overwrite any of the other options. To - Option used to allow the user to overwrite any of the other options. To
remove an option, set the value of the option to C(null). remove an option, set the value of the option to C(null).
- Changed in 2.5.0, 2.4.1, 2.3.3 to raise an error if C(url_password) is specified in params.
Use the actual C(url_password) argument instead.
state: state:
required: false required: false
choices: [absent, present, pinned, unpinned, enabled, disabled, latest] choices: [absent, present, pinned, unpinned, enabled, disabled, latest]
@ -166,20 +168,18 @@ EXAMPLES = '''
state: absent state: absent
# #
# Example of how to use the params # Example of how to authenticate
#
# Define a variable and specify all default parameters you want to use across
# all jenkins_plugin calls:
# #
# my_jenkins_params: # my_jenkins_params:
# url_username: admin # url_username: admin
# url_password: p4ssw0rd
# url: http://localhost:8888
# #
- name: Install plugin - name: Install plugin
jenkins_plugin: jenkins_plugin:
name: build-pipeline-plugin name: build-pipeline-plugin
params: "{{ my_jenkins_params }}" params: "{{ my_jenkins_params }}"
url_password: p4ssw0rd
url: http://localhost:8888
# Note that url_password **can not** be placed in params as params could end up in a log file
# #
# Example of a Play which handles Jenkins restarts during the state changes # Example of a Play which handles Jenkins restarts during the state changes
@ -764,6 +764,11 @@ def main():
# Update module parameters by user's parameters if defined # Update module parameters by user's parameters if defined
if 'params' in module.params and isinstance(module.params['params'], dict): if 'params' in module.params and isinstance(module.params['params'], dict):
if 'url_password' in module.params['params']:
# The params argument should be removed eventually. Until then, raise an error if
# url_password is specified there as it can lead to the password being logged
module.fail_json(msg='Do not specify url_password in params as it may get logged')
module.params.update(module.params['params']) module.params.update(module.params['params'])
# Remove the params # Remove the params
module.params.pop('params', None) module.params.pop('params', None)