diff --git a/lib/ansible/modules/web_infrastructure/jenkins_plugin.py b/lib/ansible/modules/web_infrastructure/jenkins_plugin.py index 9aba61a..6d2bad6 100644 --- a/lib/ansible/modules/web_infrastructure/jenkins_plugin.py +++ b/lib/ansible/modules/web_infrastructure/jenkins_plugin.py @@ -52,6 +52,8 @@ options: description: - Option used to allow the user to overwrite any of the other options. To remove an option, set the value of the option to C(null). + - Changed in 2.5.0, 2.4.1, 2.3.3 to raise an error if C(url_password) is specified in params. + Use the actual C(url_password) argument instead. state: required: false choices: [absent, present, pinned, unpinned, enabled, disabled, latest] @@ -166,20 +168,18 @@ EXAMPLES = ''' state: absent # -# Example of how to use the params -# -# Define a variable and specify all default parameters you want to use across -# all jenkins_plugin calls: +# Example of how to authenticate # # my_jenkins_params: # url_username: admin -# url_password: p4ssw0rd -# url: http://localhost:8888 # - name: Install plugin jenkins_plugin: name: build-pipeline-plugin params: "{{ my_jenkins_params }}" + url_password: p4ssw0rd + url: http://localhost:8888 +# Note that url_password **can not** be placed in params as params could end up in a log file # # Example of a Play which handles Jenkins restarts during the state changes @@ -764,6 +764,11 @@ def main(): # Update module parameters by user's parameters if defined if 'params' in module.params and isinstance(module.params['params'], dict): + if 'url_password' in module.params['params']: + # The params argument should be removed eventually. Until then, raise an error if + # url_password is specified there as it can lead to the password being logged + module.fail_json(msg='Do not specify url_password in params as it may get logged') + module.params.update(module.params['params']) # Remove the params module.params.pop('params', None)