-
Notifications
You must be signed in to change notification settings - Fork 23.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a header_secret input for uri module #73244
Comments
Files identified in the description: If these files are incorrect, please update the |
Hi @PierreLesouhaitier what about using the |
I think the no_log option in the playbook header results in the whole task to be not logged. It is a problem for us as we miss many logs. My request is to have only the token in the request header to be obliterated. |
This would be useful for the body in the URI module too. |
This would really be useful to have. We also use |
waiting_on_contributor but instead of 'hiding a special header' this should really be another 'auth type' implementation. |
I was thinking on implementing something like this: headers=dict(type='dict', default={}),
secret_headers=dict(type='dict', default={}, no_log=True), With this approach, any header that would need to be hidden will be in the headers_secret. - name: URI Test
ansible.builtin.uri:
url: http://www.example.com
return_content: true
headers:
Content-Type: application/json
Another-header: "another-header"
secret_headers:
x-ms-client-auth-token: "{{ token }}"
another-token: "{{ another-token }}"
register: myvar
no_log: false The header behaves like:
And Ansible logs: "headers": {
"Content-Type": "application/json",
"another-header": "another-header"
},
"secret_headers": {
"another-token": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"x-ms-client-auth-token": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
}, @bcoca @PierreLesouhaitier What do you think? It fits the requirements and gives extra functionality to the URI module but not sure if you had another solution in mind. |
After a recent conversation, I believe the plan we want to take is to use the upcoming data tagging feature, to allow users to tags data in a playbook with |
Thanks @sivel Then I won't do any change but I think this should be closed IMHO. Regards |
Any update on this? Or workaround? |
As a partial workaround, I set a play var |
Unfortunately this does not cover running in AWX/AAP, which will show the whole loop item(s) in the task details, even when loop_control:label: hides them in the "normal" output Edit: |
Thank you very much for your submission to Ansible. It means a lot to us that you've taken time to contribute. Unfortunately, this issue has been open for some time while waiting for a contributor to take it up but there does not seem to have been anyone that did so. So we are going to close this issue to clear up the queues and make it easier for contributors to browse possible implementation targets. However, we're absolutely always up for discussion. Because this project is very active, we're unlikely to see comments made on closed tickets and we lock them after some time. If you or anyone else has any further questions, please let us know by using any of the communication methods listed in the page below: In the future, sometimes starting a discussion on the development list prior to proposing or implementing a feature can make getting things included a little easier, but it's not always necessary. Thank you once again for this and your interest in Ansible! |
SUMMARY
We use a lot uri module, and we send API token in the header. These secrets need to be hidden on the log, so we are forced to mark the entire task as no_log: true missing many logs.
ISSUE TYPE
COMPONENT NAME
uri module
ADDITIONAL INFORMATION
Just add a header_secret input in uri with no_log=True optional argument.
It would be merged with the header input.
The text was updated successfully, but these errors were encountered: