Do not log passwords

This prevents data to be leaked into the callback plugin.

Change-Id: If3f5c6d25a198dc82fd702ffb82a5ae438e775ba

tasks/keystone_federation_sp_idp_setup.yml

@@ -32,6 +32,7 @@
     endpoint: "{{ keystone_service_adminurl }}"
     insecure: "{{ keystone_service_adminuri_insecure }}"
   when: item.domain is defined
+  no_log: true
   with_items: "{{ keystone_federated_identities | default([]) }}"
 
 - name: Ensure project which remote IDP users are mapped onto exists
@@ -45,6 +46,7 @@
     endpoint: "{{ keystone_service_adminurl }}"
     insecure: "{{ keystone_service_adminuri_insecure }}"
   when: item.project is defined
+  no_log: true
   with_items: "{{ keystone_federated_identities | default([]) }}"
 
 - name: Ensure user which remote IDP users are mapped onto exists
@@ -63,6 +65,7 @@
     item.user is defined and
     item.password is defined and
     item.project is defined
+  no_log: true
   with_items: "{{ keystone_federated_identities | default([]) }}"
 
 - name: Ensure Group for external IDP users exists
@@ -76,6 +79,7 @@
     endpoint: "{{ keystone_service_adminurl }}"
     insecure: "{{ keystone_service_adminuri_insecure }}"
   when: item.group is defined
+  no_log: true
   with_items: "{{ keystone_federated_identities | default([]) }}"
 
 - name: Ensure Role for external IDP users exists
@@ -90,6 +94,7 @@
   when: >
     item.group is defined and
     item.project is defined
+  no_log: true
   with_items: "{{ keystone_federated_identities | default([]) }}"
 
 - name: Ensure Group/Project/Role mapping exists
@@ -106,6 +111,7 @@
   when: >
     item.group is defined and
     item.project is defined
+  no_log: true
   with_items: "{{ keystone_federated_identities | default([]) }}"
 
 - name: Ensure mapping for external IDP attributes exists
@@ -119,6 +125,7 @@
     endpoint: "{{ keystone_service_adminurl }}"
     insecure: "{{ keystone_service_adminuri_insecure }}"
   when: item.protocol.mapping.name is defined
+  no_log: true
   with_items: "{{ keystone_federated_protocols | default([]) }}"
 
 - name: Ensure external IDP
@@ -133,6 +140,7 @@
     endpoint: "{{ keystone_service_adminurl }}"
     insecure: "{{ keystone_service_adminuri_insecure }}"
   when: item.name is defined
+  no_log: true
   with_items: "{{ keystone_sp.trusted_idp_list | default([]) }}"
 
 - name: Ensure federation protocol exists
@@ -147,4 +155,5 @@
     endpoint: "{{ keystone_service_adminurl }}"
     insecure: "{{ keystone_service_adminuri_insecure }}"
   when: item.protocol.name is defined
+  no_log: true
   with_items: "{{ keystone_federated_protocols | default([]) }}"

tasks/keystone_idp_sp_setup.yml

@@ -24,6 +24,7 @@
     sp_url: "{{ item.sp_url }}"
     sp_auth_url: "{{ item.auth_url }}"
   with_items: "{{ keystone_idp.service_providers | default([]) }}"
+  no_log: true
   register: add_service_providers
   until: add_service_providers|success
   retries: 5

tasks/keystone_ldap_setup.yml

@@ -24,6 +24,7 @@
     endpoint: "{{ keystone_service_adminurl }}"
     insecure: "{{ keystone_service_adminuri_insecure }}"
   with_dict: "{{ keystone_ldap }}"
+  no_log: true
   run_once: true
 
 - name: Create Keystone LDAP domain configs

tasks/keystone_service_setup.yml

@@ -38,6 +38,7 @@
      --bootstrap-admin-url {{ keystone_service_adminuri }} \
      --bootstrap-public-url {{ keystone_service_publicuri }} \
      --bootstrap-internal-url {{ keystone_service_internaluri }}
+  no_log: true
   become: yes
   become_user: "{{ keystone_system_user_name }}"
   changed_when: false
@@ -57,6 +58,7 @@
     ignore_catalog: True
     tenant_name: "{{ keystone_service_tenant_name }}"
     description: "{{ keystone_service_description }}"
+  no_log: true
   register: add_service
   until: add_service|success
   retries: 5
@@ -72,6 +74,7 @@
     endpoint: "http://{{ ansible_host }}:{{ keystone_uwsgi_ports['keystone-wsgi-admin']['http'] }}/v3"
     ignore_catalog: True
     role_name: "{{ keystone_default_role_name }}"
+  no_log: true
   register: add_member_role
   when: not keystone_service_in_ldap | bool
   until: add_member_role|success
@@ -90,6 +93,7 @@
     service_name: "{{ keystone_service_name }}"
     service_type: "{{ keystone_service_type }}"
     description: "{{ keystone_service_description }}"
+  no_log: true
   register: add_service
   until: add_service|success
   retries: 5
@@ -107,6 +111,7 @@
     user_name: "{{ keystone_service_user_name }}"
     tenant_name: "{{ keystone_service_tenant_name }}"
     password: "{{ keystone_service_password }}"
+  no_log: true
   register: add_service
   until: add_service|success
   retries: 5
@@ -124,6 +129,7 @@
     user_name: "{{ keystone_service_user_name }}"
     tenant_name: "{{ keystone_service_tenant_name }}"
     role_name: "{{ keystone_role_name }}"
+  no_log: true
   register: add_service
   until: add_service|success
   retries: 5
@@ -148,6 +154,7 @@
         interface: "internal"
       - url: "{{ keystone_service_adminuri }}"
         interface: "admin"
+  no_log: true
   register: add_service
   until: add_service|success
   retries: 5

tests/test-keystone-functional.yml

@@ -38,6 +38,7 @@
         login_user: "{{ keystone_admin_user_name }}"
         login_password: "{{ keystone_auth_admin_password }}"
         login_project_name: "{{ keystone_admin_tenant_name }}"
+      no_log: true
       with_items:
         - "admin"
         - "keystone"
@@ -49,6 +50,7 @@
         login_user: "{{ keystone_admin_user_name }}"
         login_password: "{{ keystone_auth_admin_password }}"
         login_project_name: "{{ keystone_admin_tenant_name }}"
+      no_log: true
       with_items:
         - "admin"
         - "service"