-
Bug
-
Resolution: Done
-
Normal
-
6.12.0
Description of problem:
Ansible Satellite Collection repository (redhat.satellite.repositories) module logs credentials.
Version-Release number of selected component (if applicable):
redhat.satellite: 3.9.0 and 3.7.0
How reproducible: Always
Steps to Reproduce:
1. Install ansible-collection-redhat-satellite-3.7 or 3.9
2. Run the playbook with defined credentials, see example below:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- name: Setup AAP additional repos on Satellite
hosts: localhost
gather_facts: false
vars:
satellite_collections_redhat_url: https://console.redhat.com/api/automation-hub/content/540155-synclist/
satellite_collections_redhat_requirements: |
—
collections:
- redhat.satellite
aap_products:
- name: Ansible
repositories: - name: Red Hat Collections
content_type: ansible_collection
url: "{{ satellite_collections_redhat_url }}"
ansible_collection_requirements: "{{ satellite_collections_redhat_requirements }}"
upstream_username: "{{ cdn_username }}"
upstream_password: "{{ cdn_password }}"
roles:
- role: redhat.satellite.repositories
vars:
satellite_server_url: https://satellite.example.com
satellite_username: "admin"
satellite_password: "password"
satellite_organization: "gss"
satellite_products: "{{ aap_products }}"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
It will add the ansible satellite collection to ansible_collection repository in Satellite.
Actual results:
redhat.satellite.repositories role (or repository module) logged to the output the password in cleartext in `upstream_password` field
Expected results:
This value should be obfuscated to match other modules that routinely obfuscate password values.
Additional info:
Logging the password in cleartext is a security risk, it is affecting the usage of this module.