Skip to content

Commit

Permalink
Move asa provider to suboptions
Browse files Browse the repository at this point in the history
Fixes ansible#32343

* Move provider arg spec as part of suboptions
  to validate input args against provider spec.
* This handles `no_log` for password arg correctly.

Merged to devel PR ansible#28984

( cherry picked from commit 599fe23 )
  • Loading branch information
ganeshrn committed Oct 31, 2017
1 parent 497c73d commit e10e2f0
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 9 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -234,6 +234,7 @@ Ansible Changes By Release
https://github.com/ansible/ansible/issues/31786
* Fix ansible-doc and ansible-console module-path option (https://github.com/ansible/ansible/pull/31744)
* Fix for hostname module on RHEL 7.5 (https://github.com/ansible/ansible/issues/31811)
* Fix provider password leak in logs for asa modules (https://github.com/ansible/ansible/issues/32343)

### Known Bugs
* Implicit localhost is getting ansible_connection from all:vars instead of
Expand Down
15 changes: 6 additions & 9 deletions lib/ansible/module_utils/asa.py
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
_DEVICE_CONFIGS = {}
_CONNECTION = None

asa_argument_spec = {
asa_provider_spec = {
'host': dict(),
'port': dict(type='int'),
'username': dict(fallback=(env_fallback, ['ANSIBLE_NET_USERNAME'])),
Expand All @@ -42,11 +42,15 @@
'authorize': dict(fallback=(env_fallback, ['ANSIBLE_NET_AUTHORIZE']), type='bool'),
'auth_pass': dict(fallback=(env_fallback, ['ANSIBLE_NET_AUTH_PASS']), no_log=True),
'timeout': dict(type='int'),
'provider': dict(type='dict'),
'context': dict(),
'passwords': dict()
}

asa_argument_spec = {
'provider': dict(type='dict', options=asa_provider_spec),
}
asa_argument_spec.update(asa_provider_spec)

command_spec = {
'command': dict(key=True),
'prompt': dict(),
Expand All @@ -59,17 +63,10 @@ def get_argspec():


def check_args(module):
provider = module.params['provider'] or {}

for key in asa_argument_spec:
if key not in ['context', 'passwords', 'provider', 'authorize'] and module.params[key]:
module.warn('argument %s has been deprecated and will be removed in a future version' % key)

if provider:
for param in ('auth_pass', 'password'):
if provider.get(param):
module.no_log_values.update(return_values(provider[param]))


def get_connection(module):
global _CONNECTION
Expand Down

0 comments on commit e10e2f0

Please sign in to comment.