zabbix_hostmacro_module: disable diff output of macro_type=secret

[tuxmartin]

SUMMARY

zabbix_hostmacro_module: disable diff output of macro_type=secret

ISSUE TYPE

• Bug Report

COMPONENT NAME

community.zabbix.zabbix_hostmacro

ANSIBLE VERSION

ansible [core 2.13.13]
  config file = None
  configured module search path = ['/home/martin/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.10/dist-packages/ansible
  ansible collection location = /home/martin/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.10.12 (main, Nov 20 2023, 15:14:05) [GCC 11.4.0]
  jinja version = 3.1.3
  libyaml = True

CONFIGURATION

DEFAULT_CALLBACK_PLUGIN_PATH(/home/martin/ansible/test/ansible.cfg) = ['/home/martin/ansible/test/.callbacks']
DEFAULT_MANAGED_STR(/home/martin/ansible/test/ansible.cfg) = This file is managed by Ansible.
DEFAULT_ROLES_PATH(/home/martin/ansible/test/ansible.cfg) = ['/home/martin/ansible/test/roles']
DEFAULT_STDOUT_CALLBACK(/home/martin/ansible/test/ansible.cfg) = anstomlog
DEFAULT_TIMEOUT(/home/martin/ansible/test/ansible.cfg) = 30
DEFAULT_VAULT_PASSWORD_FILE(/home/martin/ansible/test/ansible.cfg) = /home/martin/ansible/test/.vault.pass
DEPRECATION_WARNINGS(/home/martin/ansible/test/ansible.cfg) = True
HOST_KEY_CHECKING(/home/martin/ansible/test/ansible.cfg) = False
RETRY_FILES_ENABLED(/home/martin/ansible/test/ansible.cfg) = False

OS / ENVIRONMENT / Zabbix Version

• Ubuntu 22.04.3 LTS x64
• Zabbix 6.0.25
• community.zabbix 2.3.1
• ansible-core 2.13.13

STEPS TO REPRODUCE

Just use zabbix_hostmacro_module

Task:

`host_vars`:
```yaml
zabbix_host_macros:
  - name: '{$AWS.ACCESS.KEY.ID}'
    value: AKIAxyz

  - name: '{$AWS.SECRET.ACCESS.KEY}'
    value:  abc123
    type: secret

Run: ansible-playbook -i production/ zabbix_hostmacro.yml --diff --check

EXPECTED RESULTS

'type': 'secret should by anonymized. Something like:

ok: [test.example.net -> localhost({{ zabbix_host_server_url }})] => (item={'name': '{$AWS.ACCESS.KEY.ID}', 'value': 'AKIAxyz'})
changed: [test.example.net -> localhost({{ zabbix_host_server_url }})] => (item={'name': '{$AWS.SECRET.ACCESS.KEY}', 'value': '***********************', 'type': 'secret'})

ACTUAL RESULTS

Output:

ok: [test.example.net -> localhost({{ zabbix_host_server_url }})] => (item={'name': '{$AWS.ACCESS.KEY.ID}', 'value': 'AKIAxxxxxxxxxxx'})
changed: [test.example.net -> localhost({{ zabbix_host_server_url }})] => (item={'name': '{$AWS.SECRET.ACCESS.KEY}', 'value': 'abc123', 'type': 'secret'})

[tuxmartin]

My task is:

- name: set host macros
  delegate_to: localhost
  community.zabbix.zabbix_hostmacro:
    host_name: "{{ inventory_hostname }}"
    macro_name: "{{ item.name }}"
    macro_value: "{{ item.value }}"
    macro_description: "{{ item.description | default('') | trim }}"
    macro_type: "{{ item.type | default('text') }}"
    state: "{{ item.state | default('present') }}"
    force: True
  with_items: "{{ zabbix_host_macros }}"

[leomuso]

Hi, you can use no_log: true as an option

[tuxmartin]

@leomuso yes, as hostfix. But I would like to non-secret diff output.