From f5c4a627b67c8dd6ee83acbfb71e05388604c817 Mon Sep 17 00:00:00 2001
From: Michal Nasiadka <mnasiadka@gmail.com>
Date: Wed, 13 Aug 2025 12:27:41 +0000
Subject: [PATCH] Revert "security: hide sensitive auth_password in
 kolla_container module logs"

This reverts commit 9e8b2c4661416e7812afa70bad144201ea410fe9.

Reason for revert: no_log=True on common_options over-redacts,
including parsed stdout, breaking CI. Different approach needed.

Change-Id: Ia1a1a247c72b0edb13a26f3f73259abe4f92b762
Signed-off-by: Michal Nasiadka <mnasiadka@gmail.com>
---
 ansible/library/kolla_container.py                  |  3 +--
 .../notes/bug-2120302-824ede145936a6eb.yaml         | 13 -------------
 tests/test_kolla_container.py                       |  3 +--
 3 files changed, 2 insertions(+), 17 deletions(-)
 delete mode 100644 releasenotes/notes/bug-2120302-824ede145936a6eb.yaml

diff --git a/ansible/library/kolla_container.py b/ansible/library/kolla_container.py
index ad32369ba6..c6a0ea5d1b 100644
--- a/ansible/library/kolla_container.py
+++ b/ansible/library/kolla_container.py
@@ -268,8 +268,7 @@ def generate_module():
     # NOTE(r-krcek): arguments_spec should also be reflected in the list of
     # arguments in service-check-containers role
     argument_spec = dict(
-        common_options=dict(required=False, type='dict',
-                            default=dict(), no_log=True),
+        common_options=dict(required=False, type='dict', default=dict()),
         action=dict(required=True, type='str',
                     choices=['compare_container',
                              'compare_image',
diff --git a/releasenotes/notes/bug-2120302-824ede145936a6eb.yaml b/releasenotes/notes/bug-2120302-824ede145936a6eb.yaml
deleted file mode 100644
index 3f9434272f..0000000000
--- a/releasenotes/notes/bug-2120302-824ede145936a6eb.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-security:
-  - |
-    Added no_log=True to the ``common_options`` argument in generate_module()
-    to prevent the auth_password and other sensitive data from being printed
-    in Ansible logs during container operations when
-    ``docker_registry_password`` was set. This improves security by hiding
-    credentials from logs.
-
-    This change addresses the issue where auth_password was visible in log
-    despite already having no_log=True on the auth_password parameter itself,
-    because it was nested inside common_options dict without no_log protection.
-    `LP#2120302 <https://launchpad.net/bugs/2120302>`__
diff --git a/tests/test_kolla_container.py b/tests/test_kolla_container.py
index cb496ea39a..c1ea866c24 100644
--- a/tests/test_kolla_container.py
+++ b/tests/test_kolla_container.py
@@ -36,8 +36,7 @@ class ModuleArgsTest(base.BaseTestCase):
 
     def test_module_args(self):
         argument_spec = dict(
-            common_options=dict(required=False, type='dict', default=dict(),
-                                no_log=True),
+            common_options=dict(required=False, type='dict', default=dict()),
             action=dict(
                 required=True, type='str',
                 choices=['compare_container',