From 47870c3385b57820bc3dc372c225424b32e321d5 Mon Sep 17 00:00:00 2001 From: Brian Coca Date: Thu, 16 Feb 2017 10:52:27 -0500 Subject: [PATCH] refine password field filtering (#21230) * refine password field filtering * dont skip * removed bad leftover vestige of previous condition --- lib/ansible/module_utils/basic.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/ansible/module_utils/basic.py b/lib/ansible/module_utils/basic.py index 7f1719606d..fd52bac3b3 100644 --- a/lib/ansible/module_utils/basic.py +++ b/lib/ansible/module_utils/basic.py @@ -1814,12 +1814,14 @@ class AnsibleModule(object): canon = self.aliases.get(param, param) arg_opts = self.argument_spec.get(canon, {}) no_log = arg_opts.get('no_log', False) - arg_type = arg_opts.get('type', 'str') if self.boolean(no_log): log_args[param] = 'NOT_LOGGING_PARAMETER' - # try to capture all passwords/passphrase named fields - elif arg_type != 'bool' and PASSWORD_MATCH.search(param): + # try to capture all passwords/passphrase named fields missed by no_log + elif PASSWORD_MATCH.search(param) and \ + arg_opts.get('type', 'str') != 'bool' and \ + not arg_opts.get('choices', False): + # skip boolean and enums as they are about 'password' state log_args[param] = 'NOT_LOGGING_PASSWORD' self.warn('Module did not set no_log for %s' % param) else: