wbrawner/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move asa provider to suboptions (#32356)

Browse source 
Fixes #32343

* Move provider arg spec as part of suboptions
  to validate input args against provider spec.
* This handles `no_log` for password arg correctly.

Merged to devel PR #28984

( cherry picked from commit 599fe23ed6 )
This commit is contained in:
Ganesh Nalawade 2017-11-01 09:16:53 +05:30 committed by GitHub
parent 8ae0079ef7
commit 8c1dfdbc31
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -244,6 +244,7 @@ Ansible Changes By Release
https://github.com/ansible/ansible/issues/31786 https://github.com/ansible/ansible/issues/31786
* Fix ansible-doc and ansible-console module-path option (https://github.com/ansible/ansible/pull/31744) * Fix ansible-doc and ansible-console module-path option (https://github.com/ansible/ansible/pull/31744)
* Fix for hostname module on RHEL 7.5 (https://github.com/ansible/ansible/issues/31811) * Fix for hostname module on RHEL 7.5 (https://github.com/ansible/ansible/issues/31811)
* Fix provider password leak in logs for asa modules (https://github.com/ansible/ansible/issues/32343)
### Known Bugs ### Known Bugs
* Implicit localhost is getting ansible_connection from all:vars instead of * Implicit localhost is getting ansible_connection from all:vars instead of

15
lib/ansible/module_utils/asa.py
View file

@ -33,7 +33,7 @@ from ansible.module_utils.connection import Connection, exec_command
_DEVICE_CONFIGS = {} _DEVICE_CONFIGS = {}
_CONNECTION = None _CONNECTION = None
asa_argument_spec = { asa_provider_spec = {
'host': dict(), 'host': dict(),
'port': dict(type='int'), 'port': dict(type='int'),
'username': dict(fallback=(env_fallback, ['ANSIBLE_NET_USERNAME'])), 'username': dict(fallback=(env_fallback, ['ANSIBLE_NET_USERNAME'])),
@ -42,11 +42,15 @@ asa_argument_spec = {
'authorize': dict(fallback=(env_fallback, ['ANSIBLE_NET_AUTHORIZE']), type='bool'), 'authorize': dict(fallback=(env_fallback, ['ANSIBLE_NET_AUTHORIZE']), type='bool'),
'auth_pass': dict(fallback=(env_fallback, ['ANSIBLE_NET_AUTH_PASS']), no_log=True), 'auth_pass': dict(fallback=(env_fallback, ['ANSIBLE_NET_AUTH_PASS']), no_log=True),
'timeout': dict(type='int'), 'timeout': dict(type='int'),
'provider': dict(type='dict'),
'context': dict(), 'context': dict(),
'passwords': dict() 'passwords': dict()
} }
asa_argument_spec = {
'provider': dict(type='dict', options=asa_provider_spec),
}
asa_argument_spec.update(asa_provider_spec)
command_spec = { command_spec = {
'command': dict(key=True), 'command': dict(key=True),
'prompt': dict(), 'prompt': dict(),
@ -59,17 +63,10 @@ def get_argspec():
def check_args(module): def check_args(module):
provider = module.params['provider'] or {}
for key in asa_argument_spec: for key in asa_argument_spec:
if key not in ['context', 'passwords', 'provider', 'authorize'] and module.params[key]: if key not in ['context', 'passwords', 'provider', 'authorize'] and module.params[key]:
module.warn('argument %s has been deprecated and will be removed in a future version' % key) module.warn('argument %s has been deprecated and will be removed in a future version' % key)
if provider:
for param in ('auth_pass', 'password'):
if provider.get(param):
module.no_log_values.update(return_values(provider[param]))
def get_connection(module): def get_connection(module):
global _CONNECTION global _CONNECTION