apevec / rpms / ansible

Forked from rpms/ansible 5 years ago
Clone
Blob Blame History Raw
diff --git a/lib/ansible/modules/web_infrastructure/jenkins_plugin.py b/lib/ansible/modules/web_infrastructure/jenkins_plugin.py
index 9aba61a..6d2bad6 100644
--- a/lib/ansible/modules/web_infrastructure/jenkins_plugin.py
+++ b/lib/ansible/modules/web_infrastructure/jenkins_plugin.py
@@ -52,6 +52,8 @@ options:
     description:
       - Option used to allow the user to overwrite any of the other options. To
         remove an option, set the value of the option to C(null).
+      - Changed in 2.5.0, 2.4.1, 2.3.3 to raise an error if C(url_password) is specified in params.
+        Use the actual C(url_password) argument instead.
   state:
     required: false
     choices: [absent, present, pinned, unpinned, enabled, disabled, latest]
@@ -166,20 +168,18 @@ EXAMPLES = '''
     state: absent
 
 #
-# Example of how to use the params
-#
-# Define a variable and specify all default parameters you want to use across
-# all jenkins_plugin calls:
+# Example of how to authenticate
 #
 # my_jenkins_params:
 #   url_username: admin
-#   url_password: p4ssw0rd
-#   url: http://localhost:8888
 #
 - name: Install plugin
   jenkins_plugin:
     name: build-pipeline-plugin
     params: "{{ my_jenkins_params }}"
+    url_password: p4ssw0rd
+    url: http://localhost:8888
+# Note that url_password **can not** be placed in params as params could end up in a log file
 
 #
 # Example of a Play which handles Jenkins restarts during the state changes
@@ -764,6 +764,11 @@ def main():
 
     # Update module parameters by user's parameters if defined
     if 'params' in module.params and isinstance(module.params['params'], dict):
+        if 'url_password' in module.params['params']:
+            # The params argument should be removed eventually.  Until then, raise an error if
+            # url_password is specified there as it can lead to the password being logged
+            module.fail_json(msg='Do not specify url_password in params as it may get logged')
+
         module.params.update(module.params['params'])
         # Remove the params
         module.params.pop('params', None)