From cc71ada59d30bc7fb4fcd45ebc5766430b4f4409 Mon Sep 17 00:00:00 2001 From: Markus Pesch Date: Wed, 15 Feb 2023 14:25:49 +0100 Subject: [PATCH] fix: hide sensitive information in log output --- tasks/create_unix_user.yml | 12 ++++++++---- tasks/main.yml | 1 + 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/tasks/create_unix_user.yml b/tasks/create_unix_user.yml index b4524e7..4972c26 100644 --- a/tasks/create_unix_user.yml +++ b/tasks/create_unix_user.yml @@ -14,7 +14,8 @@ shell: "{{ unix_user.value.shell | default('/bin/bash') }}" password: "{{ unix_user.value.password | default('') | password_hash('sha512') }}" state: present - when: "unix_user.value.groups is not defined and unix_user.value.uid is not defined" + when: unix_user.value.groups is not defined and unix_user.value.uid is not defined + no_log: true - name: "Create unix user without additional groups and with uid: {{ unix_user.key }}" ansible.builtin.user: @@ -27,7 +28,8 @@ shell: "{{ unix_user.value.shell | default('/bin/bash') }}" password: "{{ unix_user.value.password | default('') | password_hash('sha512') }}" state: present - when: "unix_user.value.groups is not defined and unix_user.value.uid is defined" + when: unix_user.value.groups is not defined and unix_user.value.uid is defined + no_log: true - name: "Create unix user with additional groups and uid: {{ unix_user.key }}" ansible.builtin.user: @@ -41,7 +43,8 @@ shell: "{{ unix_user.value.shell | default('/bin/bash') }}" password: "{{ unix_user.value.password | default('') | password_hash('sha512') }}" state: present - when: "unix_user.value.groups is defined and unix_user.value.uid is defined" + when: unix_user.value.groups is defined and unix_user.value.uid is defined + no_log: true - name: "Create unix user with additional groups and without uid: {{ unix_user.key }}" ansible.builtin.user: @@ -54,7 +57,8 @@ shell: "{{ unix_user.value.shell | default('/bin/bash') }}" password: "{{ unix_user.value.password | default('') | password_hash('sha512') }}" state: present - when: "unix_user.value.groups is defined and unix_user.value.uid is not defined" + when: unix_user.value.groups is defined and unix_user.value.uid is not defined + no_log: true - name: "Create .ssh directory for unix user: {{ unix_user.key }}" ansible.builtin.file: diff --git a/tasks/main.yml b/tasks/main.yml index 4cbc2c3..6ea2d43 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -34,6 +34,7 @@ - name: Create unix users ansible.builtin.include_tasks: create_unix_user.yml + no_log: true with_dict: "{{ unix_users }}" loop_control: loop_var: unix_user