New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Give control whether loop_control label is private #62738
Comments
Here is an excerpt from an actual playbook used to manage OpenShift projects and resources where I want item label to be the resource type and name of what is affected.
In the underlying playbook, I've chose to selectively
|
I can confirm that private items in loops are very hard to identify. Something like this would really help:
Also, some kind of custom public templated string would be handy for non-loop tasks too. |
Files identified in the description:
If these files are incorrect, please update the |
Would also be useful for the mysql_user module which is warning if we don't specify no_log: yes. Example: This
gives this "great" output:
|
Until ansible/ansible#62738 is fixed.
Files identified in the description: If these files are incorrect, please update the |
bot_broken there is nothing foreman related in this issue, and yet is has the |
!bot_broken |
Making this proposed feature 'opt-in' doesn't seem to have any downsides to me. When items in a loop fail, not being able to see which ones failed is less than ideal. |
I see many comments that the reason for this is because loop labels may contain private data. However I can't find any mention of whether these comments are talking about the default label or an explicit label. I can understand why the default label (what is used when no So why not pursue this as the solution? It would be a lot more intuitive if explicit labels were shown when using If there is some real world case where a loop label is explicitly defined, and it should still be hidden, can someone provide a concrete example? I couldn't find one digging through the linked issues. |
Suppose you have a list of dictionaries you're looping over and one of the attributes of said dictionary is sensitive. Also suppose that the task itself emits that sensitive element unless |
@jhg03a Was that supposed to be a response to my "concrete example" request? If so that's not quite what I was asking. That's the behavior I was proposing. I was trying to see if there was a real world example where that wouldn't work. |
Ah, my mistake. I can't think of a functional reason it doesn't. |
Thank you very much for your submission to Ansible. It means a lot to us that you've taken time to contribute. Unfortunately, this issue has been open for some time while waiting for a contributor to take it up but there does not seem to have been anyone that did so. So we are going to close this issue to clear up the queues and make it easier for contributors to browse possible implementation targets. However, we're absolutely always up for discussion. Because this project is very active, we're unlikely to see comments made on closed tickets and we lock them after some time. If you or anyone else has any further questions, please let us know by using any of the communication methods listed in the page below: In the future, sometimes starting a discussion on the development list prior to proposing or implementing a feature can make getting things included a little easier, but it's not always necessary. Thank you once again for this and your interest in Ansible! |
SUMMARY
Enhance user control whether a given item label should be private.
ISSUE TYPE
COMPONENT NAME
lib/ansible/plugins/callback/init.py
ADDITIONAL INFORMATION
During #12214, item labels were censored respective of
no_log
because there were some cases where the labels were private. In cases where the list is a collection of vaulted variables, this would make sense, however this causes confusion and lack of audibility whereloop_control
label
has been explicitly set to a value that is public.results in output proves difficult to understand and verify what is going on
As discussed in #62091, a mechanism similar to playbook prompts
private
attribute would allow end users informed consent to output item labels.The text was updated successfully, but these errors were encountered: