Revert "Change show_diff to default to yes"
This was originally to match what puppet agent --test is, since the rest of the options defaulted to on are grabbed from --test. However, some security concerns have since been raised - namely that since this is not the same invocation as --test but instead a remote orchestration of puppet, the fact that passwords leak into the diff is a dangerous default. This reverts commit b86762c1806aa7f021a4780d06db2d3937910a62.
This commit is contained in:
parent
d90f91e802
commit
9b9464ab89
1 changed files with 3 additions and 3 deletions
|
@ -45,9 +45,9 @@ options:
|
||||||
default: None
|
default: None
|
||||||
show_diff:
|
show_diff:
|
||||||
description:
|
description:
|
||||||
- Should puppet return diffs of changes applied. Defaults to yes, to match puppet agent --test. Change to no to avoid leaking secret changes.
|
- Should puppet return diffs of changes applied. Defaults to off to avoid leaking secret changes by default.
|
||||||
required: false
|
required: false
|
||||||
default: yes
|
default: no
|
||||||
choices: [ "yes", "no" ]
|
choices: [ "yes", "no" ]
|
||||||
facts:
|
facts:
|
||||||
description:
|
description:
|
||||||
|
@ -109,7 +109,7 @@ def main():
|
||||||
puppetmaster=dict(required=False, default=None),
|
puppetmaster=dict(required=False, default=None),
|
||||||
manifest=dict(required=False, default=None),
|
manifest=dict(required=False, default=None),
|
||||||
show_diff=dict(
|
show_diff=dict(
|
||||||
default=True, aliases=['show-diff'], type='bool'),
|
default=False, aliases=['show-diff'], type='bool'),
|
||||||
facts=dict(default=None),
|
facts=dict(default=None),
|
||||||
facter_basename=dict(default='ansible'),
|
facter_basename=dict(default='ansible'),
|
||||||
environment=dict(required=False, default=None),
|
environment=dict(required=False, default=None),
|
||||||
|
|
Loading…
Reference in a new issue