Re: [ansible-devel] Bypassing no_log for a specific output (dumps of zabbix modules)

2019-08-15 Thread Dušan Matejka 
Thanks for replying, I guess I will add `notes:` section to zabbix 
documentation fragment stating that using default Admin password is not 
recommended and to expect weird output. 


On Wednesday, August 14, 2019 at 2:55:41 PM UTC+2, Brian Coca wrote:
>
> if no_log could be bypassed and runtime, it would trigger a CVE ... so 
> the way to test the modules is to disable no_log in the module code 
> itself. 
>
>
> -- 
> -- 
> Brian Coca 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-devel+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-devel/7621008e-e2b0-4ed3-8d82-d2ec8c751f40%40googlegroups.com.

[ansible-devel] Bypassing no_log for a specific output (dumps of zabbix modules)

2019-08-09 Thread Dušan Matejka 
Hi,

I've been searching for ways to bypass no_log option for specific module 
output, but with no luck so far. To my understanding, providing no_log for 
at least one argument in argument_spec makes every module output containing 
value of such argument to be altered. 

This makes trouble for people that are testing zabbix modules and/or are 
too lazy to change its default Admin password -> "zabbix". This is what 
happens when missing dependency error is thrown (it is only a cosmetic 
issue):

fatal: [zbx-dev-node002]: FAILED! => changed=false
  msg: 'Missing required -api module (check docs or install with: pip 
install -api)'


But it gets worse when some content is returned by a module and there is a 
word 'zabbix' present in it. For example, dumping zabbix template into 
string:

- hosts: localhost
  tasks:  
- name: test export
  zabbix_template:
server_url: http://127.0.0.1/zabbix
login_user: admin
login_password: zabbix
template_name: "Template OS Linux"
state: dump
dump_format: xml


With the following result:


<_export>
4.2

...




Full problem is described in this issue comment 
 
and followed by my response, which is explaining why it is probably 
happening -> no_log=True. This issue doesn't seem to occur when user dumps 
template into JSON, I believe because module returns dump in an actual JSON 
format and not as a string (this is unfortunately not doable with XML 
output).

Is there any other way than describing this behaviour in module 
documentation? Any help would be greatly appreciated,
Dusan


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-devel+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-devel/afe5dc19-6c57-4645-a49d-09b3cf15e257%40googlegroups.com.

Re: [ansible-devel] ansible.cfg overrides

2016-05-03 Thread Dušan Matejka 
Thank you for explaining this to me Matt :) I somehow managed to overlook 
line you pointed out.

On Tuesday, May 3, 2016 at 9:59:14 PM UTC+2, Matt Martz wrote:
>
> It is specifically documented that ansible.cfg files are not merged in the 
> documentation provided at 
> http://docs.ansible.com/ansible/intro_configuration.html
>
> "Ansible will process the above list and use the first file found. 
> Settings in files are not merged"
>
> You could override these values however using env vars. Such as exporting 
> `ANSIBLE_LOG_PATH="/var/log/ansible.log"` before running your ansible 
> command.  This could also be achieved by having a file that you source 
> before running ansible.
>
> Having the configurations merge would like cause issues for a number of 
> people.  Such as where I have an ~/.ansible.cfg but for some projects I 
> have a completely different ansible.cfg that may not override all of the 
> settings, but I wouldn't want them merged.
>
> On Tue, May 3, 2016 at 2:41 PM, Dušan Matejka <matejka...@gmail.com 
> > wrote:
>
>> Hello,
>>
>> We are using multiple ansible playbook repositories in our company. While 
>> we want to make some configuration directives local only for a specific 
>> repository, there are some which need to be defined for every current and 
>> future repo used in our setup. 
>>
>> A fine example is a log_path directive. Let's say that we want to log 
>> every future ansible command run on a master machine to a 
>> /var/log/ansible.log which is independent of the repository from which the 
>> run was made. This is why I added the following lines to 
>> /etc/ansible/ansible.cfg:
>> [defaults]
>> log_path = /var/log/ansible.log
>>
>> However, all directives defined in this file are being ignored, when 
>> ${PWD}/ansible.cfg configuration file is present. 
>>
>> I've prepared a small patch to deal with this issue: 
>> https://github.com/D3DeFi/ansible/commit/09973901057084f6d06f989ff9b2915a8390e57c
>>  
>> but I am not sure if it is a good idea to submit it as a feature_request or 
>> bugfix, or if to submit it at all. Bugfix, because this 'override' behavior 
>> is standard for many other tools and I think it should be default for 
>> ansible as well.
>>
>> Can you guys please provide your opinion on this ? :) Is this even a good 
>> idea or does ansible read only one ansible.cfg file for purpose ?
>>
>> Thanks,
>> Dusan 
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Development" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-deve...@googlegroups.com .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> -- 
> Matt Martz
> @sivel
> sivel.net
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-devel+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.