diff options
| author | Michael Scherer <mscherer@users.noreply.github.com> | 2016-10-17 11:38:20 +0200 |
|---|---|---|
| committer | René Moser <mail@renemoser.net> | 2016-10-17 11:38:20 +0200 |
| commit | 0f8c02b5d39173449ecf24bc3d1f50fcdb60a993 (patch) | |
| tree | 377ca2a745fa9a6f2283ece84f742d6cf8f7f366 /cloud/ovirt | |
| parent | 26b76ea1b320fd5dd8786ba9753cff5038796f7a (diff) | |
| download | ansible-modules-extras-0f8c02b5d39173449ecf24bc3d1f50fcdb60a993.tar.gz | |
ovirt_auth: fix type and password leak (#3119)
Do not leak the password in log, and verify the path of ca_file
Diffstat (limited to 'cloud/ovirt')
| -rw-r--r-- | cloud/ovirt/ovirt_auth.py | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/cloud/ovirt/ovirt_auth.py b/cloud/ovirt/ovirt_auth.py index 19ab2e16..50ed548e 100644 --- a/cloud/ovirt/ovirt_auth.py +++ b/cloud/ovirt/ovirt_auth.py @@ -98,10 +98,7 @@ tasks: # oVirt user's password, and include that yaml file with variable: - include_vars: ovirt_password.yml - # Always be sure to pass 'no_log: true' to ovirt_auth task, - # so the oVirt user's password is not logged: - name: Obtain SSO token with using username/password credentials: - no_log: true ovirt_auth: url: https://ovirt.example.com/ovirt-engine/api username: admin@internal @@ -171,8 +168,8 @@ def main(): argument_spec=dict( url=dict(default=None), username=dict(default=None), - password=dict(default=None), - ca_file=dict(default=None), + password=dict(default=None, no_log=True), + ca_file=dict(default=None, type='path'), insecure=dict(required=False, type='bool', default=False), timeout=dict(required=False, type='int', default=0), compress=dict(required=False, type='bool', default=True), |