feat: Use verbosity-based logging in network role

[spetrosi]

This PR replaces hardcoded no_log: true with verbosity-based logging no_log: "{{ ansible_verbosity < 3 }}" throughout the network role.

Changes

• Replace no_log: true with no_log: "{{ ansible_verbosity < 3 }}" in:
  • tasks/set_facts.yml: setup, service_facts, package_facts tasks
  • tasks/main.yml: NetworkManager and initscripts service tasks

Rationale

In the network role, no_log: true was used for verbosity control to reduce verbose output from service and package fact gathering tasks, not to protect sensitive information.

Using ansible_verbosity < 3 allows users to see the output when debugging with increased verbosity flags (-vvv or higher), while keeping output concise by default.

This differs from roles where no_log is used for security purposes (e.g., protecting credentials or secrets), where a *_secure_logging parameter would be appropriate.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Adds a new network_secure_logging variable (default true) to control no_log behavior for sensitive tasks, and switches facts-related tasks to verbosity-based logging while documenting the new variable.

Flow diagram for no_log behavior with network_secure_logging and verbosity

flowchart TD
  A[Start_task] --> B[Is_task_sensitive_credentials_or_secrets]
  B -->|Yes| C[Set_no_log_to_network_secure_logging]
  B -->|No| D[Is_task_facts_module_service_facts_or_package_facts]

  D -->|Yes| E[Evaluate_ansible_verbosity_less_than_2]
  E -->|True| F[Set_no_log_true_hide_facts_output]
  E -->|False| G[Set_no_log_false_show_facts_output]

  D -->|No| H[Use_existing_no_log_behavior_or_default]

  C --> I[Execute_task_with_configured_no_log]
  F --> I
  G --> I
  H --> I
  I --> J[End_task]

Loading

File-Level Changes

Change	Details	Files
Make sensitive network tasks respect a configurable secure-logging toggle instead of hard-coded no_log.	Replace hard-coded no_log: true with no_log: "{{ network_secure_logging }}" on tasks that handle network configuration and fingerprints Ensure behavior defaults to secure logging while allowing users to temporarily disable it for debugging	tasks/set_facts.yml tasks/main.yml
Use Ansible verbosity to control logging for verbose facts modules.	Change service_facts task to use no_log: "{{ ansible_verbosity < 2 }}" so output appears only at -vv and above Change package_facts task to use no_log: "{{ ansible_verbosity < 2 }}" to avoid noisy logs in normal runs	tasks/set_facts.yml
Introduce and document the new network_secure_logging variable with a secure default.	Add network_secure_logging: true to role defaults to enable secure logging by default Document network_secure_logging in README.md, including its purpose, default value, and guidance on when to disable it	defaults/main.yml README.md

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• Consider wrapping the templated no_log expressions with | bool (e.g. no_log: "{{ network_secure_logging | bool }}") to ensure they are always interpreted as booleans even if overridden via inventory or extra vars.
• Since the verbosity-based logging rule is used in multiple places, you might want to introduce a dedicated variable (e.g. network_fact_logging_quiet: ansible_verbosity < 2) in defaults/main.yml and reference that for service_facts and package_facts to make the intent clearer and easier to adjust.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Consider wrapping the templated `no_log` expressions with `| bool` (e.g. `no_log: "{{ network_secure_logging | bool }}"`) to ensure they are always interpreted as booleans even if overridden via inventory or extra vars.
- Since the verbosity-based logging rule is used in multiple places, you might want to introduce a dedicated variable (e.g. `network_fact_logging_quiet: ansible_verbosity < 2`) in `defaults/main.yml` and reference that for `service_facts` and `package_facts` to make the intent clearer and easier to adjust.

## Individual Comments

### Comment 1
<location path="tasks/set_facts.yml" line_range="8" />
<code_context>
   when:
     - network_provider == "nm" or network_state != {}
-  no_log: true
+  no_log: "{{ network_secure_logging }}"

 # If any 802.1x connections are used, the wpa_supplicant
</code_context>
<issue_to_address>
**🚨 suggestion (security):** Consider explicitly casting `network_secure_logging` to a boolean for robustness.

If `network_secure_logging` is set as a string in vars (e.g. `'false'`), Ansible may treat it as truthy, leading to unexpected logging or suppression. Using `no_log: "{{ network_secure_logging | bool }}"` (optionally with `| default(true)`) would make this robust to different input types and avoid surprises.

```suggestion
  no_log: "{{ network_secure_logging | default(true) | bool }}"
```
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 42.52%. Comparing base (1b57520) to head (e600e2f).
⚠️ Report is 95 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #868      +/-   ##
==========================================
- Coverage   43.11%   42.52%   -0.59%     
==========================================
  Files          12       13       +1     
  Lines        3124     3172      +48     
==========================================
+ Hits         1347     1349       +2     
- Misses       1777     1823      +46     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[richm]

Suggested change

	no_log: "{{ network_secure_logging }}"
	no_log: "{{ ansible_verbosity < 2 }}"

Adding no_log: true was just for verbosity, not security - same with other places

so I don't think we need network_secure_logging for now

[richm]

@spetrosi you'll need to sign your commit for the DCO check e.g. git commit -s --amend