diff options
author | Toshio Kuratomi <a.badger@gmail.com> | 2017-09-25 12:56:59 -0700 |
---|---|---|
committer | Toshio Kuratomi <a.badger@gmail.com> | 2017-09-25 17:10:09 -0700 |
commit | a508bb205a45794a5cc4fdc46702732a79f14f97 (patch) | |
tree | b25233e263940c5e6e2ab53dfadc61752c770140 /lib | |
parent | 2149d1092bb6bbff9874258d975c21a7e89939e0 (diff) | |
download | ansible-a508bb205a45794a5cc4fdc46702732a79f14f97.tar.gz |
Remove example of using params for the url_password
params could be logged so never use it for passwords.
Also add code to raise an error if passwords are used in that field.
References #30874
(cherry picked from commit 863fcb5aced55fd9ce3080905bd6405c8bfd0511)
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ansible/modules/web_infrastructure/jenkins_plugin.py | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/lib/ansible/modules/web_infrastructure/jenkins_plugin.py b/lib/ansible/modules/web_infrastructure/jenkins_plugin.py index 9aba61a847..6d2bad6395 100644 --- a/lib/ansible/modules/web_infrastructure/jenkins_plugin.py +++ b/lib/ansible/modules/web_infrastructure/jenkins_plugin.py @@ -52,6 +52,8 @@ options: description: - Option used to allow the user to overwrite any of the other options. To remove an option, set the value of the option to C(null). + - Changed in 2.5.0, 2.4.1, 2.3.3 to raise an error if C(url_password) is specified in params. + Use the actual C(url_password) argument instead. state: required: false choices: [absent, present, pinned, unpinned, enabled, disabled, latest] @@ -166,20 +168,18 @@ EXAMPLES = ''' state: absent # -# Example of how to use the params -# -# Define a variable and specify all default parameters you want to use across -# all jenkins_plugin calls: +# Example of how to authenticate # # my_jenkins_params: # url_username: admin -# url_password: p4ssw0rd -# url: http://localhost:8888 # - name: Install plugin jenkins_plugin: name: build-pipeline-plugin params: "{{ my_jenkins_params }}" + url_password: p4ssw0rd + url: http://localhost:8888 +# Note that url_password **can not** be placed in params as params could end up in a log file # # Example of a Play which handles Jenkins restarts during the state changes @@ -764,6 +764,11 @@ def main(): # Update module parameters by user's parameters if defined if 'params' in module.params and isinstance(module.params['params'], dict): + if 'url_password' in module.params['params']: + # The params argument should be removed eventually. Until then, raise an error if + # url_password is specified there as it can lead to the password being logged + module.fail_json(msg='Do not specify url_password in params as it may get logged') + module.params.update(module.params['params']) # Remove the params module.params.pop('params', None) |