mirror of
https://github.com/ansible-collections/kubernetes.core.git
synced 2026-03-27 13:53:03 +00:00
4fa36487ab
SUMMARY Resolves #782 ISSUE TYPE Bugfix Pull Request ADDITIONAL INFORMATION The proper redaction of kubeconfig data can be seen by running this example playbook with verbosity of -vvv against the code in this PR. Prior to these changes, all info was redacted (as shown in the example below): ok: [local] => { "changed": false, "invocation": { "module_args": { "api_key": null, "binary_path": null, "ca_cert": null, "context": null, "get_all_values": false, "host": null, "kubeconfig": { "apiVersion": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "clusters": [ { "cluster": { "insecure-skip-tls-verify": true, "server": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" }, "name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" }, { "cluster": { "certificate-authority-data": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "server": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" }, "name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" }, { "cluster": { "certificate-authority": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "extensions": [ { "extension": { "last-update": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "provider": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "version": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" }, "name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" } ], "server": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" }, "name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" } ], "contexts": [ { "context": { "cluster": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "user": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" }, "name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" }, { "context": { "cluster": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "user": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" }, "name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" }, [output shortened] With the changes in this PR, only sensitive data is redacted: ok: [local] => { "changed": false, "invocation": { "module_args": { "api_key": null, "binary_path": null, "ca_cert": null, "context": null, "get_all_values": false, "host": null, "kubeconfig": { "apiVersion": "v1", "clusters": [ { "cluster": { "insecure-skip-tls-verify": true, "server": "<server address>" }, "name": "exercise" }, { "cluster": { "certificate-authority-data": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "server": "<server address>" }, "name": "kind-drain-test" }, { "cluster": { "certificate-authority": "<path to .crt>", "extensions": [ { "extension": { "last-update": "Tue, 07 Oct 2025 11:25:54 EDT", "provider": "minikube.sigs.k8s.io", "version": "v1.35.0" }, "name": "cluster_info" } ], "server": "<server address>" }, "name": "minikube" } ], "contexts": [ { "context": { "cluster": "exercise-pod", "user": "bianca" }, "name": "exercise" }, { "context": { "cluster": "kind-drain-test", "user": "kind-drain-test" }, "name": "kind-drain-test" }, [output shortened] Reviewed-by: Bikouo Aubin Reviewed-by: GomathiselviS <gomathiselvi@gmail.com> Reviewed-by: Yuriy Novostavskiy <yuriy@novostavskiy.kyiv.ua> Reviewed-by: Alina Buzachis
43 lines
1.1 KiB
Python
43 lines
1.1 KiB
Python
from __future__ import absolute_import, division, print_function
|
|
|
|
from ansible.module_utils.basic import env_fallback
|
|
|
|
__metaclass__ = type
|
|
|
|
|
|
HELM_AUTH_ARG_SPEC = dict(
|
|
binary_path=dict(type="path"),
|
|
context=dict(
|
|
type="str",
|
|
aliases=["kube_context"],
|
|
fallback=(env_fallback, ["K8S_AUTH_CONTEXT"]),
|
|
),
|
|
kubeconfig=dict(
|
|
type="raw",
|
|
aliases=["kubeconfig_path"],
|
|
fallback=(env_fallback, ["K8S_AUTH_KUBECONFIG"]),
|
|
),
|
|
host=dict(type="str", fallback=(env_fallback, ["K8S_AUTH_HOST"])),
|
|
ca_cert=dict(
|
|
type="path",
|
|
aliases=["ssl_ca_cert"],
|
|
fallback=(env_fallback, ["K8S_AUTH_SSL_CA_CERT"]),
|
|
),
|
|
validate_certs=dict(
|
|
type="bool",
|
|
default=True,
|
|
aliases=["verify_ssl"],
|
|
fallback=(env_fallback, ["K8S_AUTH_VERIFY_SSL"]),
|
|
),
|
|
api_key=dict(
|
|
type="str",
|
|
no_log=True,
|
|
fallback=(env_fallback, ["K8S_AUTH_API_KEY"]),
|
|
),
|
|
)
|
|
|
|
HELM_AUTH_MUTUALLY_EXCLUSIVE = [
|
|
("context", "ca_cert"),
|
|
("context", "validate_certs"),
|
|
]
|