From 89c714a95d19c004406b7192b66bfc5624b58a8f Mon Sep 17 00:00:00 2001 From: NilashishC Date: Tue, 19 Dec 2023 19:52:31 +0530 Subject: [PATCH] allow option masking of sensitive parameters Signed-off-by: NilashishC --- plugins/action/nxos.py | 1 - .../nxos/argspec/ntp_global/ntp_global.py | 196 +++++++++--------- .../nxos/facts/ntp_global/ntp_global.py | 15 +- plugins/modules/nxos_ntp_global.py | 3 +- 4 files changed, 112 insertions(+), 103 deletions(-) diff --git a/plugins/action/nxos.py b/plugins/action/nxos.py index 3602c4074..031263f71 100644 --- a/plugins/action/nxos.py +++ b/plugins/action/nxos.py @@ -115,7 +115,6 @@ def run(self, tmp=None, task_vars=None): "msg": "Connection type %s is not valid for this module" % self._play_context.connection, } - result = super(ActionModule, self).run(task_vars=task_vars) if warnings: if "warnings" in result: diff --git a/plugins/module_utils/network/nxos/argspec/ntp_global/ntp_global.py b/plugins/module_utils/network/nxos/argspec/ntp_global/ntp_global.py index a680e58d6..63d595958 100644 --- a/plugins/module_utils/network/nxos/argspec/ntp_global/ntp_global.py +++ b/plugins/module_utils/network/nxos/argspec/ntp_global/ntp_global.py @@ -31,109 +31,113 @@ class Ntp_globalArgs(object): # pylint: disable=R0903 """The arg spec for the nxos_ntp_global module""" - argument_spec = { - "running_config": {"type": "str"}, - "config": { - "type": "dict", - "options": { - "access_group": { - "type": "dict", - "options": { - "match_all": {"type": "bool"}, - "peer": { - "type": "list", - "elements": "dict", - "options": {"access_list": {"type": "str"}}, - }, - "query_only": { - "type": "list", - "elements": "dict", - "options": {"access_list": {"type": "str"}}, - }, - "serve": { - "type": "list", - "elements": "dict", - "options": {"access_list": {"type": "str"}}, + def __init__(self, redact_sensitive=True): + self.redact_sensitive = redact_sensitive + + def get_argument_spec(self): + return { + "running_config": {"type": "str"}, + "config": { + "type": "dict", + "options": { + "access_group": { + "type": "dict", + "options": { + "match_all": {"type": "bool"}, + "peer": { + "type": "list", + "elements": "dict", + "options": {"access_list": {"type": "str"}}, + }, + "query_only": { + "type": "list", + "elements": "dict", + "options": {"access_list": {"type": "str"}}, + }, + "serve": { + "type": "list", + "elements": "dict", + "options": {"access_list": {"type": "str"}}, + }, + "serve_only": { + "type": "list", + "elements": "dict", + "options": {"access_list": {"type": "str"}}, + }, }, - "serve_only": { - "type": "list", - "elements": "dict", - "options": {"access_list": {"type": "str"}}, + }, + "allow": { + "type": "dict", + "options": { + "control": { + "type": "dict", + "options": {"rate_limit": {"type": "int"}}, + }, + "private": {"type": "bool"}, }, }, - }, - "allow": { - "type": "dict", - "options": { - "control": { - "type": "dict", - "options": {"rate_limit": {"type": "int"}}, + "authenticate": {"type": "bool"}, + "authentication_keys": { + "type": "list", + "elements": "dict", + "no_log": False, + "options": { + "id": {"type": "int"}, + "key": {"type": "str", "no_log": self.redact_sensitive}, + "encryption": {"type": "int"}, }, - "private": {"type": "bool"}, }, - }, - "authenticate": {"type": "bool"}, - "authentication_keys": { - "type": "list", - "elements": "dict", - "no_log": False, - "options": { - "id": {"type": "int"}, - "key": {"type": "str", "no_log": True}, - "encryption": {"type": "int"}, + "logging": {"type": "bool"}, + "master": { + "type": "dict", + "options": {"stratum": {"type": "int"}}, }, - }, - "logging": {"type": "bool"}, - "master": { - "type": "dict", - "options": {"stratum": {"type": "int"}}, - }, - "passive": {"type": "bool"}, - "peers": { - "type": "list", - "elements": "dict", - "options": { - "peer": {"type": "str"}, - "key_id": {"type": "int"}, - "maxpoll": {"type": "int"}, - "minpoll": {"type": "int"}, - "prefer": {"type": "bool"}, - "vrf": {"type": "str", "aliases": ["use_vrf"]}, + "passive": {"type": "bool"}, + "peers": { + "type": "list", + "elements": "dict", + "options": { + "peer": {"type": "str"}, + "key_id": {"type": "int"}, + "maxpoll": {"type": "int"}, + "minpoll": {"type": "int"}, + "prefer": {"type": "bool"}, + "vrf": {"type": "str", "aliases": ["use_vrf"]}, + }, }, - }, - "servers": { - "type": "list", - "elements": "dict", - "options": { - "server": {"type": "str"}, - "key_id": {"type": "int"}, - "maxpoll": {"type": "int"}, - "minpoll": {"type": "int"}, - "prefer": {"type": "bool"}, - "vrf": {"type": "str", "aliases": ["use_vrf"]}, + "servers": { + "type": "list", + "elements": "dict", + "options": { + "server": {"type": "str"}, + "key_id": {"type": "int"}, + "maxpoll": {"type": "int"}, + "minpoll": {"type": "int"}, + "prefer": {"type": "bool"}, + "vrf": {"type": "str", "aliases": ["use_vrf"]}, + }, + }, + "source": {"type": "str"}, + "source_interface": {"type": "str"}, + "trusted_keys": { + "type": "list", + "elements": "dict", + "no_log": False, + "options": {"key_id": {"type": "int"}}, }, }, - "source": {"type": "str"}, - "source_interface": {"type": "str"}, - "trusted_keys": { - "type": "list", - "elements": "dict", - "no_log": False, - "options": {"key_id": {"type": "int"}}, - }, }, - }, - "state": { - "type": "str", - "choices": [ - "merged", - "replaced", - "overridden", - "deleted", - "parsed", - "gathered", - "rendered", - ], - "default": "merged", - }, - } # pylint: disable=C0301 + "state": { + "type": "str", + "choices": [ + "merged", + "replaced", + "overridden", + "deleted", + "parsed", + "gathered", + "rendered", + ], + "default": "merged", + }, + } # pylint: disable=C0301 diff --git a/plugins/module_utils/network/nxos/facts/ntp_global/ntp_global.py b/plugins/module_utils/network/nxos/facts/ntp_global/ntp_global.py index 258b68aaf..8fb51461f 100644 --- a/plugins/module_utils/network/nxos/facts/ntp_global/ntp_global.py +++ b/plugins/module_utils/network/nxos/facts/ntp_global/ntp_global.py @@ -28,9 +28,9 @@ class Ntp_globalFacts(object): """The nxos ntp_global facts class""" - def __init__(self, module, subspec="config", options="options"): + def __init__(self, module): self._module = module - self.argument_spec = Ntp_globalArgs.argument_spec + self.argument_spec = module.argument_spec def get_config(self, connection): """Wrapper method for `connection.get()` @@ -55,7 +55,10 @@ def populate_facts(self, connection, ansible_facts, data=None): data = self.get_config(connection) # parse native config using the Ntp_global template - ntp_global_parser = Ntp_globalTemplate(lines=data.splitlines(), module=self._module) + ntp_global_parser = Ntp_globalTemplate( + lines=data.splitlines(), + module=self._module, + ) objs = ntp_global_parser.parse() if "access_group" in objs: @@ -80,7 +83,11 @@ def populate_facts(self, connection, ansible_facts, data=None): ansible_facts["ansible_network_resources"].pop("ntp_global", None) params = utils.remove_empties( - ntp_global_parser.validate_config(self.argument_spec, {"config": objs}, redact=True), + ntp_global_parser.validate_config( + self.argument_spec, + {"config": objs}, + redact=True, + ), ) facts["ntp_global"] = params.get("config", {}) diff --git a/plugins/modules/nxos_ntp_global.py b/plugins/modules/nxos_ntp_global.py index 18cd851c9..d6d727a14 100644 --- a/plugins/modules/nxos_ntp_global.py +++ b/plugins/modules/nxos_ntp_global.py @@ -698,7 +698,6 @@ This output will always be in the same format as the module argspec. """ - from ansible.module_utils.basic import AnsibleModule from ansible_collections.cisco.nxos.plugins.module_utils.network.nxos.argspec.ntp_global.ntp_global import ( @@ -716,7 +715,7 @@ def main(): :returns: the result form module invocation """ module = AnsibleModule( - argument_spec=Ntp_globalArgs.argument_spec, + argument_spec=Ntp_globalArgs(redact_sensitive=False).get_argument_spec(), mutually_exclusive=[["config", "running_config"]], required_if=[ ["state", "merged", ["config"]],