mirror of
https://github.com/ansible-collections/kubernetes.core.git
synced 2026-05-07 05:22:39 +00:00
This is a backport of PR #1014 as merged into main (4fa3648).
SUMMARY
Resolves #782
ISSUE TYPE
Bugfix Pull Request
ADDITIONAL INFORMATION
The proper redaction of kubeconfig data can be seen by running this example playbook with verbosity of -vvv against the code in this PR.
Prior to these changes, all info was redacted (as shown in the example below):
ok: [local] => {
"changed": false,
"invocation": {
"module_args": {
"api_key": null,
"binary_path": null,
"ca_cert": null,
"context": null,
"get_all_values": false,
"host": null,
"kubeconfig": {
"apiVersion": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"clusters": [
{
"cluster": {
"insecure-skip-tls-verify": true,
"server": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
{
"cluster": {
"certificate-authority-data": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"server": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
{
"cluster": {
"certificate-authority": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"extensions": [
{
"extension": {
"last-update": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"provider": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"version": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
}
],
"server": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
}
],
"contexts": [
{
"context": {
"cluster": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"user": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
{
"context": {
"cluster": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"user": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
[output shortened]
With the changes in this PR, only sensitive data is redacted:
ok: [local] => {
"changed": false,
"invocation": {
"module_args": {
"api_key": null,
"binary_path": null,
"ca_cert": null,
"context": null,
"get_all_values": false,
"host": null,
"kubeconfig": {
"apiVersion": "v1",
"clusters": [
{
"cluster": {
"insecure-skip-tls-verify": true,
"server": "<server address>"
},
"name": "exercise"
},
{
"cluster": {
"certificate-authority-data": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"server": "<server address>"
},
"name": "kind-drain-test"
},
{
"cluster": {
"certificate-authority": "<path to .crt>",
"extensions": [
{
"extension": {
"last-update": "Tue, 07 Oct 2025 11:25:54 EDT",
"provider": "minikube.sigs.k8s.io",
"version": "v1.35.0"
},
"name": "cluster_info"
}
],
"server": "<server address>"
},
"name": "minikube"
}
],
"contexts": [
{
"context": {
"cluster": "exercise-pod",
"user": "bianca"
},
"name": "exercise"
},
{
"context": {
"cluster": "kind-drain-test",
"user": "kind-drain-test"
},
"name": "kind-drain-test"
},
[output shortened]
Reviewed-by: GomathiselviS <gomathiselvi@gmail.com>
This commit is contained in:
patchback[bot]
GitHub
@@ -3,6 +3,9 @@ from typing import Optional
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule, missing_required_lib
|
||||
from ansible.module_utils.common.text.converters import to_text
|
||||
from ansible_collections.kubernetes.core.plugins.module_utils.args_common import (
|
||||
extract_sensitive_values_from_kubeconfig,
|
||||
)
|
||||
from ansible_collections.kubernetes.core.plugins.module_utils.version import (
|
||||
LooseVersion,
|
||||
)
|
||||
@@ -33,6 +36,15 @@ class AnsibleK8SModule:
|
||||
|
||||
self._module = self.settings["module_class"](**kwargs)
|
||||
|
||||
# Apply kubeconfig redaction for logging purposes
|
||||
if hasattr(self._module, "params") and hasattr(self._module, "no_log_values"):
|
||||
kubeconfig = self._module.params.get("kubeconfig")
|
||||
if kubeconfig and isinstance(kubeconfig, dict):
|
||||
# Add sensitive values to no_log_values to prevent them from appearing in logs
|
||||
self._module.no_log_values.update(
|
||||
extract_sensitive_values_from_kubeconfig(kubeconfig)
|
||||
)
|
||||
|
||||
if self.settings["check_k8s"]:
|
||||
self.requires("kubernetes")
|
||||
self.has_at_least("kubernetes", "24.2.0", warn=True)
|
||||
|
||||
Reference in New Issue
Block a user