community.zabbix icon indicating copy to clipboard operation
community.zabbix copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

zabbix_hostmacro_module: disable diff output of macro_type=secret

Open tuxmartin opened this issue 5 months ago • 3 comments

SUMMARY

zabbix_hostmacro_module: disable diff output of macro_type=secret

ISSUE TYPE
  • Bug Report
COMPONENT NAME

community.zabbix.zabbix_hostmacro

ANSIBLE VERSION
ansible [core 2.13.13]
  config file = None
  configured module search path = ['/home/martin/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.10/dist-packages/ansible
  ansible collection location = /home/martin/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.10.12 (main, Nov 20 2023, 15:14:05) [GCC 11.4.0]
  jinja version = 3.1.3
  libyaml = True
CONFIGURATION
DEFAULT_CALLBACK_PLUGIN_PATH(/home/martin/ansible/test/ansible.cfg) = ['/home/martin/ansible/test/.callbacks']
DEFAULT_MANAGED_STR(/home/martin/ansible/test/ansible.cfg) = This file is managed by Ansible.
DEFAULT_ROLES_PATH(/home/martin/ansible/test/ansible.cfg) = ['/home/martin/ansible/test/roles']
DEFAULT_STDOUT_CALLBACK(/home/martin/ansible/test/ansible.cfg) = anstomlog
DEFAULT_TIMEOUT(/home/martin/ansible/test/ansible.cfg) = 30
DEFAULT_VAULT_PASSWORD_FILE(/home/martin/ansible/test/ansible.cfg) = /home/martin/ansible/test/.vault.pass
DEPRECATION_WARNINGS(/home/martin/ansible/test/ansible.cfg) = True
HOST_KEY_CHECKING(/home/martin/ansible/test/ansible.cfg) = False
RETRY_FILES_ENABLED(/home/martin/ansible/test/ansible.cfg) = False
OS / ENVIRONMENT / Zabbix Version
  • Ubuntu 22.04.3 LTS x64
  • Zabbix 6.0.25
  • community.zabbix 2.3.1
  • ansible-core 2.13.13
STEPS TO REPRODUCE

Just use zabbix_hostmacro_module

Task:


`host_vars`:
```yaml
zabbix_host_macros:
  - name: '{$AWS.ACCESS.KEY.ID}'
    value: AKIAxyz

  - name: '{$AWS.SECRET.ACCESS.KEY}'
    value:  abc123
    type: secret

Run: ansible-playbook -i production/ zabbix_hostmacro.yml --diff --check

EXPECTED RESULTS

'type': 'secret should by anonymized. Something like:

ok: [test.example.net -> localhost({{ zabbix_host_server_url }})] => (item={'name': '{$AWS.ACCESS.KEY.ID}', 'value': 'AKIAxyz'})
changed: [test.example.net -> localhost({{ zabbix_host_server_url }})] => (item={'name': '{$AWS.SECRET.ACCESS.KEY}', 'value': '***********************', 'type': 'secret'})
ACTUAL RESULTS

Output:

ok: [test.example.net -> localhost({{ zabbix_host_server_url }})] => (item={'name': '{$AWS.ACCESS.KEY.ID}', 'value': 'AKIAxxxxxxxxxxx'})
changed: [test.example.net -> localhost({{ zabbix_host_server_url }})] => (item={'name': '{$AWS.SECRET.ACCESS.KEY}', 'value': 'abc123', 'type': 'secret'})

tuxmartin avatar Jan 23 '24 11:01 tuxmartin