Set display_args_to_stdout for secure jobs
Ansible has a config flag that is accessible from callback plugins that is an indicator for whether or not to display args in the log output. It should be noted that this can wind up being a general flag in our callback plugin that will let us know if the job being run is secure or insecure. Change-Id: Ie0b45ca533e71610cc18950edd735dc3258bd604
This commit is contained in:
parent
5ac9384d90
commit
40728e3ef4
@ -799,6 +799,14 @@ class AnsibleJob(object):
|
||||
config.write('action_plugins = %s\n'
|
||||
% self.launcher_server.action_dir)
|
||||
|
||||
# On secure jobs, we want to prevent the printing of args,
|
||||
# since secure jobs might have access to secrets that they may
|
||||
# need to pass to a task or a role. On the other hand, there
|
||||
# should be no sensitive data in insecure jobs, and printing
|
||||
# the args could be useful for debugging.
|
||||
config.write('display_args_to_stdout = %s\n' %
|
||||
str(not secure))
|
||||
|
||||
config.write('[ssh_connection]\n')
|
||||
# NB: when setting pipelining = True, keep_remote_files
|
||||
# must be False (the default). Otherwise it apparently
|
||||
|
Loading…
Reference in New Issue
Block a user