From 60fee5154b15b5f7b2558d1eb65e1b3f153d9f71 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Sun, 18 Mar 2018 21:51:50 +0100 Subject: [PATCH] letsencrypt: don't mask values specified in data (#37556) * Don't mask values specified in data. This heavily improves readability of error messages such as 'Authorization for ******** returned in********: CHALLENGE: ********-01 DETAILS: Incorrect TXT record "********" (and 1 more) found at ********.********;' (verbatim quote). * Added documentation. --- lib/ansible/modules/web_infrastructure/letsencrypt.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/ansible/modules/web_infrastructure/letsencrypt.py b/lib/ansible/modules/web_infrastructure/letsencrypt.py index bca00b04fe..13cde80301 100644 --- a/lib/ansible/modules/web_infrastructure/letsencrypt.py +++ b/lib/ansible/modules/web_infrastructure/letsencrypt.py @@ -128,6 +128,11 @@ options: - "The data to validate ongoing challenges." - "The value that must be used here will be provided by a previous use of this module." + - "I(Note): the C(data) option was marked as C(no_log) up to + Ansible 2.5. From Ansible 2.6 on, it is no longer marked this way + as it causes error messages to be come unusable, and C(data) does + not contain any information which can be used without having + access to the account key or which are not public anyway." dest: description: - "The destination file for the certificate." @@ -1293,7 +1298,7 @@ def main(): terms_agreed=dict(required=False, default=False, type='bool'), challenge=dict(required=False, default='http-01', choices=['http-01', 'dns-01', 'tls-sni-02'], type='str'), csr=dict(required=True, aliases=['src'], type='path'), - data=dict(required=False, no_log=True, default=None, type='dict'), + data=dict(required=False, default=None, type='dict'), dest=dict(aliases=['cert'], type='path'), fullchain_dest=dict(aliases=['fullchain'], type='path'), chain_dest=dict(required=False, default=None, aliases=['chain'], type='path'),