Merge "Revert "security: hide sensitive auth_password in kolla_container module logs""

ansible/library/kolla_container.py

@@ -268,8 +268,7 @@ def generate_module():
     # NOTE(r-krcek): arguments_spec should also be reflected in the list of
     # arguments in service-check-containers role
     argument_spec = dict(
-        common_options=dict(required=False, type='dict',
-                            default=dict(), no_log=True),
+        common_options=dict(required=False, type='dict', default=dict()),
         action=dict(required=True, type='str',
                     choices=['compare_container',
                              'compare_image',

releasenotes/notes/bug-2120302-824ede145936a6eb.yaml

@@ -1,13 +0,0 @@
----
-security:
-  - |
-    Added no_log=True to the ``common_options`` argument in generate_module()
-    to prevent the auth_password and other sensitive data from being printed
-    in Ansible logs during container operations when
-    ``docker_registry_password`` was set. This improves security by hiding
-    credentials from logs.
-
-    This change addresses the issue where auth_password was visible in log
-    despite already having no_log=True on the auth_password parameter itself,
-    because it was nested inside common_options dict without no_log protection.
-    `LP#2120302 <https://launchpad.net/bugs/2120302>`__

tests/test_kolla_container.py

@@ -36,8 +36,7 @@ class ModuleArgsTest(base.BaseTestCase):
 
     def test_module_args(self):
         argument_spec = dict(
-            common_options=dict(required=False, type='dict', default=dict(),
-                                no_log=True),
+            common_options=dict(required=False, type='dict', default=dict()),
             action=dict(
                 required=True, type='str',
                 choices=['compare_container',