added no_log to the 'Populate *' tasks (#493)

* added no_log to the 'Populate *' tasks * Fix the connection method * Fix the connection method
redhat-cop · Feb 9, 2023 · eed5918 · eed5918
1 parent a044d12
commit eed5918
Show file tree

Hide file tree

Showing 23 changed files with 73 additions and 0 deletions.
diff --git a/changelogs/fragments/filetree_read.yml b/changelogs/fragments/filetree_read.yml
@@ -0,0 +1,4 @@
+---
+minor_changes:
+  - "Add no_log to all tasks that populates data to avoid exposing encrypted data"
+...
diff --git a/roles/filetree_read/tasks/applications.yml b/roles/filetree_read/tasks/applications.yml
@@ -20,10 +20,12 @@
   loop: "{{ __contents_filetree_controller_applications.results }}"
   loop_control:
     loop_var: __populate_applications_list_item
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __contents_filetree_controller_applications.results is defined and __populate_applications_list_item.ansible_facts.controller_applications is defined
 
 - name: "Set Applications Data Structure"
   ansible.builtin.set_fact:
     controller_applications: "{{ __populate_controller_applications }}"
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __populate_controller_applications is defined
 ...
diff --git a/roles/filetree_read/tasks/credential_input_sources.yml b/roles/filetree_read/tasks/credential_input_sources.yml
@@ -20,10 +20,12 @@
   loop: "{{ __contents_filetree_controller_credential_input_sources.results }}"
   loop_control:
     loop_var: __populate_input_sources_list_item
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __contents_filetree_controller_credential_input_sources.results is defined and __populate_input_sources_list_item.ansible_facts.controller_credential_input_sources is defined
 
 - name: "Set Credential Input Sources Data Structure"
   ansible.builtin.set_fact:
     controller_credential_input_sources: "{{ __populate_controller_credential_input_sources }}"
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __populate_controller_credential_input_sources is defined
 ...
diff --git a/roles/filetree_read/tasks/credential_types.yml b/roles/filetree_read/tasks/credential_types.yml
@@ -20,10 +20,12 @@
   loop: "{{ __contents_filetree_controller_credential_types.results }}"
   loop_control:
     loop_var: __populate_credentials_list_item
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __contents_filetree_controller_credential_types.results is defined and __populate_credentials_list_item.ansible_facts.controller_credential_types is defined
 
 - name: "Set Projects Data Structure"
   ansible.builtin.set_fact:
     controller_credential_types: "{{ __populate_controller_credential_types }}"
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __populate_controller_credential_types is defined
 ...
diff --git a/roles/filetree_read/tasks/credentials.yml b/roles/filetree_read/tasks/credentials.yml
@@ -20,6 +20,7 @@
   loop: "{{ __contents_filetree_controller_credentials.results }}"
   loop_control:
     loop_var: __populate_credentials_list_item
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __contents_filetree_controller_credentials.results is defined and __populate_credentials_list_item.ansible_facts.controller_credentials is defined
 
 - name: "Segregated Credentials list when controller_location is defined"
@@ -31,6 +32,7 @@
       loop: "{{ __populate_controller_credentials }}"
       loop_control:
         loop_var: __populate_credentials_list_common_item
+      no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
       when: "__populate_credentials_list_common_item.controller_location is not defined"
 
     - name: "Populate Credentials list by __site objects"
@@ -39,20 +41,24 @@
       loop: "{{ __populate_controller_credentials }}"
       loop_control:
         loop_var: __populate_credentials_list_site_item
+      no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
       when: "__populate_credentials_list_site_item.controller_location is defined and __populate_credentials_list_site_item.controller_location == controller_location"
 
     - name: "Concatenate Credentials list common + site"
       ansible.builtin.set_fact:
         __populate_controller_credentials_total: "{{ __populate_controller_credentials_common | default([]) + __populate_controller_credentials_site }}"
+      no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
       when: __populate_controller_credentials_site is defined
 
     - name: "Set Credentials Data Structure common + site concatenated"
       ansible.builtin.set_fact:
         __populate_controller_credentials: "{{ __populate_controller_credentials_total }}"
+      no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
       when: __populate_controller_credentials_total is defined
 
 - name: "Set Credentials Data Structure"
   ansible.builtin.set_fact:
     controller_credentials: "{{ __populate_controller_credentials }}"
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __populate_controller_credentials is defined
 ...
diff --git a/roles/filetree_read/tasks/execution_environments.yml b/roles/filetree_read/tasks/execution_environments.yml
@@ -20,6 +20,7 @@
   loop: "{{ __contents_filetree_controller_execution_environments.results }}"
   loop_control:
     loop_var: __populate_execution_environments_list_item
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __contents_filetree_controller_execution_environments.results is defined and __populate_execution_environments_list_item.ansible_facts.controller_execution_environments is defined
 
 - name: "Segregated Execution Environments list when controller_location is defined"
@@ -31,6 +32,7 @@
       loop: "{{ __populate_controller_execution_environments }}"
       loop_control:
         loop_var: __populate_execution_environments_list_common_item
+      no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
       when: "__populate_execution_environments_list_common_item.controller_location is not defined"
 
     - name: "Populate Execution Environments list by __site objects"
@@ -39,20 +41,24 @@
       loop: "{{ __populate_controller_execution_environments }}"
       loop_control:
         loop_var: __populate_execution_environments_list_site_item
+      no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
       when: "__populate_execution_environments_list_site_item.controller_location is defined and __populate_execution_environments_list_site_item.controller_location == controller_location"
 
     - name: "Concatenate Execution Environments list common + site"
       ansible.builtin.set_fact:
         __populate_controller_execution_environments_total: "{{ __populate_controller_execution_environments_common | default([]) + __populate_controller_execution_environments_site }}"
+      no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
       when: __populate_controller_execution_environments_site is defined
 
     - name: "Set Execution Environments Data Structure common + site concatenated"
       ansible.builtin.set_fact:
         __populate_controller_execution_environments: "{{ __populate_controller_execution_environments_total }}"
+      no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
       when: __populate_controller_execution_environments_total is defined
 
 - name: "Set Execution Environments Data Structure"
   ansible.builtin.set_fact:
     controller_execution_environments: "{{ __populate_controller_execution_environments }}"
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __populate_controller_execution_environments is defined
 ...
diff --git a/roles/filetree_read/tasks/groups.yml b/roles/filetree_read/tasks/groups.yml
@@ -20,10 +20,12 @@
   loop: "{{ __contents_filetree_controller_groups.results }}"
   loop_control:
     loop_var: __populate_groups_list_item
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __contents_filetree_controller_groups.results is defined and __populate_groups_list_item.ansible_facts.controller_groups is defined
 
 - name: "Set Groups Data Structure"
   ansible.builtin.set_fact:
     controller_groups: "{{ __populate_controller_groups }}"
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __populate_controller_groups is defined
 ...
diff --git a/roles/filetree_read/tasks/hosts.yml b/roles/filetree_read/tasks/hosts.yml
@@ -20,6 +20,7 @@
   loop: "{{ __contents_filetree_controller_hosts.results }}"
   loop_control:
     loop_var: __populate_hosts_list_item
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __contents_filetree_controller_hosts.results is defined and __populate_hosts_list_item.ansible_facts.controller_hosts is defined
 
 - name: "Segregated Hosts list when controller_location is defined"
@@ -31,6 +32,7 @@
       loop: "{{ __populate_controller_hosts }}"
       loop_control:
         loop_var: __populate_hosts_list_common_item
+      no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
       when: "__populate_hosts_list_common_item.controller_location is not defined"
 
     - name: "Populate Hosts list by __site objects"
@@ -39,20 +41,24 @@
       loop: "{{ __populate_controller_hosts }}"
       loop_control:
         loop_var: __populate_hosts_list_site_item
+      no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
       when: "__populate_hosts_list_site_item.controller_location is defined and __populate_hosts_list_site_item.controller_location == controller_location"
 
     - name: "Concatenate Hosts list common + site"
       ansible.builtin.set_fact:
         __populate_controller_hosts_total: "{{ __populate_controller_hosts_common | default([]) + __populate_controller_hosts_site }}"
+      no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
       when: __populate_controller_hosts_site is defined
 
     - name: "Set Hosts Data Structure common + site concatenated"
       ansible.builtin.set_fact:
         __populate_controller_hosts: "{{ __populate_controller_hosts_total }}"
+      no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
       when: __populate_controller_hosts_total is defined
 
 - name: "Set Hosts Data Structure"
   ansible.builtin.set_fact:
     controller_hosts: "{{ __populate_controller_hosts }}"
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __populate_controller_hosts is defined
 ...
diff --git a/roles/filetree_read/tasks/instance_groups.yml b/roles/filetree_read/tasks/instance_groups.yml
@@ -20,6 +20,7 @@
   loop: "{{ __contents_filetree_controller_instance_groups.results }}"
   loop_control:
     loop_var: __populate_instance_groups_list_item
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __contents_filetree_controller_instance_groups.results is defined and __populate_instance_groups_list_item.ansible_facts.controller_instance_groups is defined
 
 - name: "Segregated Instance Groups list when controller_location is defined"
@@ -31,6 +32,7 @@
       loop: "{{ __populate_controller_instance_groups }}"
       loop_control:
         loop_var: __populate_instance_groups_list_common_item
+      no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
       when: "__populate_instance_groups_list_common_item.controller_location is not defined"
 
     - name: "Populate Instance Groups list by __site objects"
@@ -39,20 +41,24 @@
       loop: "{{ __populate_controller_instance_groups }}"
       loop_control:
         loop_var: __populate_instance_groups_list_site_item
+      no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
       when: "__populate_instance_groups_list_site_item.controller_location is defined and __populate_instance_groups_list_site_item.controller_location == controller_location"
 
     - name: "Concatenate Instance Groups list common + site"
       ansible.builtin.set_fact:
         __populate_controller_instance_groups_total: "{{ __populate_controller_instance_groups_common | default([]) + __populate_controller_instance_groups_site }}"
+      no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
       when: __populate_controller_instance_groups_site is defined
 
     - name: "Set Instance Groups Data Structure common + site concatenated"
       ansible.builtin.set_fact:
         __populate_controller_instance_groups: "{{ __populate_controller_instance_groups_total }}"
+      no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
       when: __populate_controller_instance_groups_total is defined
 
 - name: "Set Instance Groups Data Structure"
   ansible.builtin.set_fact:
     controller_instance_groups: "{{ __populate_controller_instance_groups }}"
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __populate_controller_instance_groups is defined
 ...
diff --git a/roles/filetree_read/tasks/inventories.yml b/roles/filetree_read/tasks/inventories.yml
@@ -20,10 +20,12 @@
   loop: "{{ __contents_filetree_controller_inventories.results }}"
   loop_control:
     loop_var: __populate_inventories_list_item
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __contents_filetree_controller_inventories.results is defined and __populate_inventories_list_item.ansible_facts.controller_inventories is defined
 
 - name: "Set Inventories Data Structure"
   ansible.builtin.set_fact:
     controller_inventories: "{{ __populate_controller_inventories }}"
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __populate_controller_inventories is defined
 ...
diff --git a/roles/filetree_read/tasks/inventory_sources.yml b/roles/filetree_read/tasks/inventory_sources.yml
@@ -20,6 +20,7 @@
   loop: "{{ __contents_filetree_controller_inventory_sources.results }}"
   loop_control:
     loop_var: __populate_inventory_sources_list_item
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __contents_filetree_controller_inventory_sources.results is defined and __populate_inventory_sources_list_item.ansible_facts.controller_inventory_sources is defined
 
 - name: "Segregated Inventory Sources list when controller_location is defined"
@@ -31,6 +32,7 @@
       loop: "{{ __populate_controller_inventory_sources }}"
       loop_control:
         loop_var: __populate_inventory_sources_list_common_item
+      no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
       when: "__populate_inventory_sources_list_common_item.controller_location is not defined"
 
     - name: "Populate Inventory Sources list by __site objects"
@@ -39,20 +41,24 @@
       loop: "{{ __populate_controller_inventory_sources }}"
       loop_control:
         loop_var: __populate_inventory_sources_list_site_item
+      no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
       when: "__populate_inventory_sources_list_site_item.controller_location is defined and __populate_inventory_sources_list_site_item.controller_location == controller_location"
 
     - name: "Concatenate Inventory Sources list common + site"
       ansible.builtin.set_fact:
         __populate_controller_inventory_sources_total: "{{ __populate_controller_inventory_sources_common | default([]) + __populate_controller_inventory_sources_site }}"
+      no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
       when: __populate_controller_inventory_sources_site is defined
 
     - name: "Set Inventory Sources Data Structure common + site concatenated"
       ansible.builtin.set_fact:
         __populate_controller_inventory_sources: "{{ __populate_controller_inventory_sources_total }}"
+      no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
       when: __populate_controller_inventory_sources_total is defined
 
 - name: "Set Inventory Sources Data Structure"
   ansible.builtin.set_fact:
     controller_inventory_sources: "{{ __populate_controller_inventory_sources }}"
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __populate_controller_inventory_sources is defined
 ...
diff --git a/roles/filetree_read/tasks/job_templates.yml b/roles/filetree_read/tasks/job_templates.yml
@@ -20,10 +20,12 @@
   loop: "{{ __contents_filetree_controller_templates.results }}"
   loop_control:
     loop_var: __populate_job_templates_list_item
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __contents_filetree_controller_templates.results is defined and __populate_job_templates_list_item.ansible_facts.controller_templates is defined
 
 - name: "Set Job Templates Data Structure"
   ansible.builtin.set_fact:
     controller_templates: "{{ __populate_controller_job_templates }}"
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __populate_controller_job_templates is defined
 ...
diff --git a/roles/filetree_read/tasks/labels.yml b/roles/filetree_read/tasks/labels.yml
@@ -20,10 +20,12 @@
   loop: "{{ __contents_filetree_controller_labels.results }}"
   loop_control:
     loop_var: __populate_labels_list_item
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __contents_filetree_controller_labels.results is defined and __populate_labels_list_item.ansible_facts.controller_labels is defined
 
 - name: "Set Labels Data Structure"
   ansible.builtin.set_fact:
     controller_labels: "{{ __populate_controller_labels }}"
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __populate_controller_labels is defined
 ...
diff --git a/roles/filetree_read/tasks/notifications.yml b/roles/filetree_read/tasks/notifications.yml
@@ -20,10 +20,12 @@
   loop: "{{ __contents_filetree_controller_notifications.results }}"
   loop_control:
     loop_var: __populate_notifications_list_item
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __contents_filetree_controller_notifications.results is defined and __populate_notifications_list_item.ansible_facts.controller_notifications is defined
 
 - name: "Set Notifications Data Structure"
   ansible.builtin.set_fact:
     controller_notifications: "{{ __populate_controller_notifications }}"
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __populate_controller_notifications is defined
 ...
diff --git a/roles/filetree_read/tasks/organizations.yml b/roles/filetree_read/tasks/organizations.yml
@@ -20,10 +20,12 @@
   loop: "{{ __contents_filetree_controller_organizations.results }}"
   loop_control:
     loop_var: __populate_organizations_list_item
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __contents_filetree_controller_organizations.results is defined and __populate_organizations_list_item.ansible_facts.controller_organizations is defined
 
 - name: "Set Organization Data Structure"
   ansible.builtin.set_fact:
     controller_organizations: "{{ __populate_controller_organizations }}"
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __populate_controller_organizations is defined
 ...
diff --git a/roles/filetree_read/tasks/projects.yml b/roles/filetree_read/tasks/projects.yml
@@ -20,10 +20,12 @@
   loop: "{{ __contents_filetree_controller_projects.results }}"
   loop_control:
     loop_var: __populate_projects_list_item
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __contents_filetree_controller_projects.results is defined and __populate_projects_list_item.ansible_facts.controller_projects is defined
 
 - name: "Set Projects Data Structure"
   ansible.builtin.set_fact:
     controller_projects: "{{ __populate_controller_projects }}"
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __populate_controller_projects is defined
 ...
diff --git a/roles/filetree_read/tasks/roles.yml b/roles/filetree_read/tasks/roles.yml
@@ -20,10 +20,12 @@
   loop: "{{ __contents_filetree_controller_roles.results }}"
   loop_control:
     loop_var: __populate_roles_list_item
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __contents_filetree_controller_roles.results is defined and __populate_roles_list_item.ansible_facts.controller_roles is defined
 
 - name: "Set Roles Data Structure"
   ansible.builtin.set_fact:
     controller_roles: "{{ __populate_controller_roles }}"
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __populate_controller_roles is defined
 ...
diff --git a/roles/filetree_read/tasks/schedules.yml b/roles/filetree_read/tasks/schedules.yml
@@ -20,10 +20,12 @@
   loop: "{{ __contents_filetree_controller_schedules.results }}"
   loop_control:
     loop_var: __populate_schedules_list_item
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __contents_filetree_controller_schedules.results is defined and __populate_schedules_list_item.ansible_facts.controller_schedules is defined
 
 - name: "Set Schedules Data Structure"
   ansible.builtin.set_fact:
     controller_schedules: "{{ __populate_controller_schedules }}"
+  no_log: "{{ controller_configuration_filetree_read_secure_logging }}"
   when: __populate_controller_schedules is defined
 ...