Bianca Henderson
4fa36487ab
Selectively redact sensitive kubeconfig data from logs ( #1014 )
...
SUMMARY
Resolves #782
ISSUE TYPE
Bugfix Pull Request
ADDITIONAL INFORMATION
The proper redaction of kubeconfig data can be seen by running this example playbook with verbosity of -vvv against the code in this PR.
Prior to these changes, all info was redacted (as shown in the example below):
ok: [local] => {
"changed": false,
"invocation": {
"module_args": {
"api_key": null,
"binary_path": null,
"ca_cert": null,
"context": null,
"get_all_values": false,
"host": null,
"kubeconfig": {
"apiVersion": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"clusters": [
{
"cluster": {
"insecure-skip-tls-verify": true,
"server": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
{
"cluster": {
"certificate-authority-data": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"server": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
{
"cluster": {
"certificate-authority": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"extensions": [
{
"extension": {
"last-update": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"provider": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"version": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
}
],
"server": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
}
],
"contexts": [
{
"context": {
"cluster": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"user": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
{
"context": {
"cluster": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"user": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
[output shortened]
With the changes in this PR, only sensitive data is redacted:
ok: [local] => {
"changed": false,
"invocation": {
"module_args": {
"api_key": null,
"binary_path": null,
"ca_cert": null,
"context": null,
"get_all_values": false,
"host": null,
"kubeconfig": {
"apiVersion": "v1",
"clusters": [
{
"cluster": {
"insecure-skip-tls-verify": true,
"server": "<server address>"
},
"name": "exercise"
},
{
"cluster": {
"certificate-authority-data": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"server": "<server address>"
},
"name": "kind-drain-test"
},
{
"cluster": {
"certificate-authority": "<path to .crt>",
"extensions": [
{
"extension": {
"last-update": "Tue, 07 Oct 2025 11:25:54 EDT",
"provider": "minikube.sigs.k8s.io",
"version": "v1.35.0"
},
"name": "cluster_info"
}
],
"server": "<server address>"
},
"name": "minikube"
}
],
"contexts": [
{
"context": {
"cluster": "exercise-pod",
"user": "bianca"
},
"name": "exercise"
},
{
"context": {
"cluster": "kind-drain-test",
"user": "kind-drain-test"
},
"name": "kind-drain-test"
},
[output shortened]
Reviewed-by: Bikouo Aubin
Reviewed-by: GomathiselviS <gomathiselvi@gmail.com >
Reviewed-by: Yuriy Novostavskiy <yuriy@novostavskiy.kyiv.ua >
Reviewed-by: Alina Buzachis
2025-10-13 15:01:22 +00:00
