mirror of
https://github.com/ansible-collections/kubernetes.core.git
synced 2026-03-27 13:53:03 +00:00
d6492b66d9
This is a backport of PR #1014 as merged into main (4fa3648).
SUMMARY
Resolves #782
ISSUE TYPE
Bugfix Pull Request
ADDITIONAL INFORMATION
The proper redaction of kubeconfig data can be seen by running this example playbook with verbosity of -vvv against the code in this PR.
Prior to these changes, all info was redacted (as shown in the example below):
ok: [local] => {
"changed": false,
"invocation": {
"module_args": {
"api_key": null,
"binary_path": null,
"ca_cert": null,
"context": null,
"get_all_values": false,
"host": null,
"kubeconfig": {
"apiVersion": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"clusters": [
{
"cluster": {
"insecure-skip-tls-verify": true,
"server": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
{
"cluster": {
"certificate-authority-data": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"server": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
{
"cluster": {
"certificate-authority": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"extensions": [
{
"extension": {
"last-update": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"provider": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"version": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
}
],
"server": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
}
],
"contexts": [
{
"context": {
"cluster": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"user": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
{
"context": {
"cluster": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"user": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
[output shortened]
With the changes in this PR, only sensitive data is redacted:
ok: [local] => {
"changed": false,
"invocation": {
"module_args": {
"api_key": null,
"binary_path": null,
"ca_cert": null,
"context": null,
"get_all_values": false,
"host": null,
"kubeconfig": {
"apiVersion": "v1",
"clusters": [
{
"cluster": {
"insecure-skip-tls-verify": true,
"server": "<server address>"
},
"name": "exercise"
},
{
"cluster": {
"certificate-authority-data": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"server": "<server address>"
},
"name": "kind-drain-test"
},
{
"cluster": {
"certificate-authority": "<path to .crt>",
"extensions": [
{
"extension": {
"last-update": "Tue, 07 Oct 2025 11:25:54 EDT",
"provider": "minikube.sigs.k8s.io",
"version": "v1.35.0"
},
"name": "cluster_info"
}
],
"server": "<server address>"
},
"name": "minikube"
}
],
"contexts": [
{
"context": {
"cluster": "exercise-pod",
"user": "bianca"
},
"name": "exercise"
},
{
"context": {
"cluster": "kind-drain-test",
"user": "kind-drain-test"
},
"name": "kind-drain-test"
},
[output shortened]
Reviewed-by: GomathiselviS <gomathiselvi@gmail.com>
43 lines
1.1 KiB
Python
43 lines
1.1 KiB
Python
from __future__ import absolute_import, division, print_function
|
|
|
|
from ansible.module_utils.basic import env_fallback
|
|
|
|
__metaclass__ = type
|
|
|
|
|
|
HELM_AUTH_ARG_SPEC = dict(
|
|
binary_path=dict(type="path"),
|
|
context=dict(
|
|
type="str",
|
|
aliases=["kube_context"],
|
|
fallback=(env_fallback, ["K8S_AUTH_CONTEXT"]),
|
|
),
|
|
kubeconfig=dict(
|
|
type="raw",
|
|
aliases=["kubeconfig_path"],
|
|
fallback=(env_fallback, ["K8S_AUTH_KUBECONFIG"]),
|
|
),
|
|
host=dict(type="str", fallback=(env_fallback, ["K8S_AUTH_HOST"])),
|
|
ca_cert=dict(
|
|
type="path",
|
|
aliases=["ssl_ca_cert"],
|
|
fallback=(env_fallback, ["K8S_AUTH_SSL_CA_CERT"]),
|
|
),
|
|
validate_certs=dict(
|
|
type="bool",
|
|
default=True,
|
|
aliases=["verify_ssl"],
|
|
fallback=(env_fallback, ["K8S_AUTH_VERIFY_SSL"]),
|
|
),
|
|
api_key=dict(
|
|
type="str",
|
|
no_log=True,
|
|
fallback=(env_fallback, ["K8S_AUTH_API_KEY"]),
|
|
),
|
|
)
|
|
|
|
HELM_AUTH_MUTUALLY_EXCLUSIVE = [
|
|
("context", "ca_cert"),
|
|
("context", "validate_certs"),
|
|
]
|