Description
ISSUE TYPE
- Bug Report
COMPONENT NAME
lib/ansible/modules/web_infrastructure/jenkins_plugin.py
ANSIBLE VERSION
devel 2.4 2.3
CONFIGURATION
N/A
OS / ENVIRONMENT
N/A
SUMMARY
It was noticed that using the jenkins_plugin with username and password would log the password on the remote host. After some digging I discovered that in addition to the normal url_username and url_password arguments for fetch_url() the jenkins_plugin module also has a params argument where arbitrary ansible module arguments can be given. This parameter should go away as it circumvents all the normal argument checking, validation, and normalization.
For url_password, this is bad as using param to send in the url_password instead of the specific url_password argument allows the url_password to be logged. This can be a security problem.
I also found the source of the user's use of param instead of url_username and url_password: the module documentation has an example of using param that has that in it.
STEPS TO FIX
- I am going to immediately create and merge a PR to remove the param example and replace it with using the url_username and url_password arguments directly.
- The params argument should also be removed (as it bypasses the no_log setting on url_password, allowing the password to be logged by mistake). Additional parameters that the module uses should be explicitly stated in the argument_spec instead. (I took a look at the module and it does not appear that params is passed directly to the jenkins server, instead, specific keys are always plucked out of the params. So there should be no problem removing params.)