Resolves #918 to make no_log configurable (#923)

README.md

@@ -44,6 +44,7 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w
          * [CSRF Cookie Secure Setting](#csrf-cookie-secure-setting)
          * [Session Cookie Secure Setting](#session-cookie-secure-setting)
          * [Extra Settings](#extra-settings)
+         * [Configure no_log](#no-log)
          * [Service Account](#service-account)
       * [Uninstall](#uninstall)
       * [Upgrading](#upgrading)
@@ -1019,6 +1020,21 @@ Example configuration of `extra_settings` parameter
         value: "cn=admin,dc=example,dc=com"
 ```
 
+#### No Log
+Configure no_log for tasks with no_log
+
+| Name   | Description          | Default |
+| ------ | -------------------- | ------- |
+| no_log | No log configuration | 'true'  |
+
+Example configuration of `no_log` parameter
+
+```yaml
+  spec:
+    no_log: 'true'
+```
+
+
 #### Service Account
 
 If you need to modify some `ServiceAccount` proprieties

config/crd/bases/awx.ansible.com_awxs.yaml

@@ -482,6 +482,9 @@ spec:
                         x-kubernetes-preserve-unknown-fields: true
                     type: object
                   type: array
+                no_log:
+                  description: Configure no_log for no_log tasks
+                  type: string
                 security_context_settings:
                   description: Key/values that will be set under the pod-level securityContext field
                   type: object

config/crd/bases/awxbackup.ansible.com_awxbackups.yaml

@@ -52,6 +52,9 @@ spec:
                 postgres_image_version:
                   description: PostgreSQL container image version to use
                   type: string
+                no_log:
+                  description: Configure no_log for no_log tasks
+                  type: string
             status:
               type: object
               properties:

config/crd/bases/awxrestore.ansible.com_awxrestores.yaml

@@ -56,6 +56,9 @@ spec:
                 postgres_image_version:
                   description: PostgreSQL container image version to use
                   type: string
+                no_log:
+                  description: Configure no_log for no_log tasks
+                  type: string
             status:
               type: object
               properties:

config/manifests/bases/awx-operator.clusterserviceversion.yaml

@@ -574,6 +574,11 @@ spec:
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
         - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: No Log Configuration
+        path: no_log
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
       - displayName: Security Context Settings
         path: security_context_settings
         x-descriptors:

roles/backup/defaults/main.yml

@@ -10,3 +10,6 @@ backup_pvc_namespace: "{{ ansible_operator_meta.namespace }}"
 
 # Size of backup PVC if created dynamically
 backup_storage_requirements: ''
+
+# Set no_log settings on certain tasks
+no_log: 'true'

roles/backup/tasks/dump_generated_secret.yml

@@ -25,15 +25,15 @@
       namespace: '{{ ansible_operator_meta.namespace }}'
       name: "{{ _name }}"
   register: _secret
-  no_log: true
+  no_log: "{{ no_log }}"
 
 - name: Set secret data
   set_fact:
       _data: "{{ _secret['resources'][0]['data'] }}"
       _type: "{{ _secret['resources'][0]['type'] }}"
-  no_log: true
+  no_log: "{{ no_log }}"
 
 - name: Create and Add secret names and data to dictionary
   set_fact:
       secret_dict: "{{ secret_dict | default({}) | combine({ item: {'name': _name, 'data': _data, 'type': _type }}) }}"
-  no_log: true
+  no_log: "{{ no_log }}"

roles/backup/tasks/dump_secret.yml

@@ -13,16 +13,16 @@
             namespace: '{{ ansible_operator_meta.namespace }}'
             name: "{{ _name }}"
         register: _secret
-        no_log: true
+        no_log: "{{ no_log }}"
 
       - name: Set secret key
         set_fact:
             _data: "{{ _secret['resources'][0]['data'] }}"
             _type: "{{ _secret['resources'][0]['type'] }}"
-        no_log: true
+        no_log: "{{ no_log }}"
 
       - name: Create and Add secret names and data to dictionary
         set_fact:
             secret_dict: "{{ secret_dict | default({}) | combine({item: { 'name': _name, 'data': _data, 'type': _type }}) }}"
-        no_log: true
+        no_log: "{{ no_log }}"
   when: _name != ''

roles/backup/tasks/postgres.yml

@@ -6,7 +6,7 @@
     namespace: '{{ ansible_operator_meta.namespace }}'
     name: "{{ this_awx['resources'][0]['status']['postgresConfigurationSecret'] }}"
   register: pg_config
-  no_log: true
+  no_log: "{{ no_log }}"
 
 - name: Fail if postgres configuration secret status does not exist
   fail:
@@ -21,7 +21,7 @@
     awx_postgres_port: "{{ pg_config['resources'][0]['data']['port'] | b64decode }}"
     awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}"
     awx_postgres_type: "{{ pg_config['resources'][0]['data']['type'] | default('unmanaged'|b64encode) | b64decode }}"
-  no_log: true
+  no_log: "{{ no_log }}"
 
 - block:
     - name: Delete pod to reload a resource configuration
@@ -80,7 +80,7 @@
 - name: Set full resolvable host name for postgres pod
   set_fact:
     resolvable_db_host: '{{ (awx_postgres_type == "managed") | ternary(awx_postgres_host + "." + ansible_operator_meta.namespace + ".svc.cluster.local", awx_postgres_host) }}'  # yamllint disable-line rule:line-length
-  no_log: true
+  no_log: "{{ no_log }}"
 
 - name: Set pg_dump command
   set_fact:
@@ -91,7 +91,7 @@
       -d {{ awx_postgres_database }}
       -p {{ awx_postgres_port }}
       -F custom
-  no_log: true
+  no_log: "{{ no_log }}"
 
 - name: Write pg_dump to backup on PVC
   k8s_exec:
@@ -104,5 +104,5 @@
       echo 'Successful'
       """
   register: data_migration
-  no_log: true
+  no_log: "{{ no_log }}"
   failed_when: "'Successful' not in data_migration.stdout"

roles/backup/tasks/secrets.yml

@@ -39,12 +39,12 @@
 - name: Nest secrets under a single variable
   set_fact:
     secrets: {"secrets": '{{ secret_dict }}'}
-  no_log: true
+  no_log: "{{ no_log }}"
 
 - name: Write postgres configuration to pvc
   k8s_exec:
     namespace: "{{ backup_pvc_namespace }}"
     pod: "{{ ansible_operator_meta.name }}-db-management"
     command: >-
       bash -c "echo '{{ secrets | to_yaml }}' > {{ backup_dir }}/secrets.yml"
-  no_log: true
+  no_log: "{{ no_log }}"

roles/installer/defaults/main.yml

@@ -281,3 +281,6 @@ garbage_collect_secrets: false
 development_mode: false
 
 security_context_settings: {}
+
+# Set no_log settings on certain tasks
+no_log: 'true'

roles/installer/tasks/admin_password_configuration.yml

@@ -5,7 +5,7 @@
     namespace: '{{ ansible_operator_meta.namespace }}'
     name: '{{ admin_password_secret }}'
   register: _custom_admin_password
-  no_log: true
+  no_log: "{{ no_log }}"
   when: admin_password_secret | length
 
 - name: Check for default admin password configuration
@@ -14,36 +14,36 @@
     namespace: '{{ ansible_operator_meta.namespace }}'
     name: '{{ ansible_operator_meta.name }}-admin-password'
   register: _default_admin_password
-  no_log: true
+  no_log: "{{ no_log }}"
 
 - name: Set admin password secret
   set_fact:
     _admin_password_secret: '{{ _custom_admin_password["resources"] | default([]) | length | ternary(_custom_admin_password, _default_admin_password) }}'
-  no_log: true
+  no_log: "{{ no_log }}"
 
 - block:
     - name: Create admin password secret
       k8s:
         apply: true
         definition: "{{ lookup('template', 'admin_password_secret.yaml.j2') }}"
-      no_log: true
+      no_log: "{{ no_log }}"
 
     - name: Read admin password secret
       k8s_info:
         kind: Secret
         namespace: '{{ ansible_operator_meta.namespace }}'
         name: '{{ ansible_operator_meta.name }}-admin-password'
       register: _generated_admin_password
-      no_log: true
+      no_log: "{{ no_log }}"
 
   when: not _admin_password_secret['resources'] | default([]) | length
 
 - name: Set admin password secret
   set_fact:
     __admin_password_secret: '{{ _generated_admin_password["resources"] | default([]) | length | ternary(_generated_admin_password, _admin_password_secret) }}'
-  no_log: true
+  no_log: "{{ no_log }}"
 
 - name: Store admin password
   set_fact:
     admin_password: "{{ __admin_password_secret['resources'][0]['data']['password'] | b64decode }}"
-  no_log: true
+  no_log: "{{ no_log }}"

roles/installer/tasks/broadcast_websocket_configuration.yml

@@ -5,7 +5,7 @@
     namespace: '{{ ansible_operator_meta.namespace }}'
     name: '{{ broadcast_websocket_secret }}'
   register: _custom_broadcast_websocket
-  no_log: true
+  no_log: "{{ no_log }}"
   when: broadcast_websocket_secret | length
 
 - name: Check for default broadcast websocket secret configuration
@@ -14,38 +14,38 @@
     namespace: '{{ ansible_operator_meta.namespace }}'
     name: '{{ ansible_operator_meta.name }}-broadcast-websocket'
   register: _default_broadcast_websocket
-  no_log: true
+  no_log: "{{ no_log }}"
 
 - name: Set broadcast websocket secret
   set_fact:
     # yamllint disable-line rule:line-length
     _broadcast_websocket_secret: '{{ _custom_broadcast_websocket["resources"] | default([]) | length | ternary(_custom_broadcast_websocket, _default_broadcast_websocket) }}'  # noqa 204
-  no_log: true
+  no_log: "{{ no_log }}"
 
 - block:
     - name: Create broadcast websocket secret
       k8s:
         apply: true
         definition: "{{ lookup('template', 'broadcast_websocket_secret.yaml.j2') }}"
-      no_log: true
+      no_log: "{{ no_log }}"
 
     - name: Read broadcast websocket secret
       k8s_info:
         kind: Secret
         namespace: '{{ ansible_operator_meta.namespace }}'
         name: '{{ ansible_operator_meta.name }}-broadcast-websocket'
       register: _generated_broadcast_websocket
-      no_log: true
+      no_log: "{{ no_log }}"
 
   when: not _broadcast_websocket_secret['resources'] | default([]) | length
 
 - name: Set broadcast websocket secret
   set_fact:
     # yamllint disable-line rule:line-length
     __broadcast_websocket_secret: '{{ _generated_broadcast_websocket["resources"] | default([]) | length | ternary(_generated_broadcast_websocket, _broadcast_websocket_secret)  }}'  # noqa 204
-  no_log: true
+  no_log: "{{ no_log }}"
 
 - name: Store broadcast websocket secret name
   set_fact:
     broadcast_websocket_secret_value: "{{ __broadcast_websocket_secret['resources'][0]['data']['secret'] | b64decode }}"
-  no_log: true
+  no_log: "{{ no_log }}"

roles/installer/tasks/cleanup.yml

@@ -23,6 +23,6 @@
         - '{{ _secret_key }}'
         - '{{ _postgres_configuration }}'
         - '{{ _broadcast_websocket_secret }}'
-      no_log: true
+      no_log: "{{ no_log }}"
 
   when: not garbage_collect_secrets | bool

roles/installer/tasks/database_configuration.yml

@@ -6,15 +6,15 @@
     name: '{{ postgres_configuration_secret }}'
   register: _custom_pg_config_resources
   when: postgres_configuration_secret | length
-  no_log: true
+  no_log: "{{ no_log }}"
 
 - name: Check for default PostgreSQL configuration
   k8s_info:
     kind: Secret
     namespace: '{{ ansible_operator_meta.namespace }}'
     name: '{{ ansible_operator_meta.name }}-postgres-configuration'
   register: _default_pg_config_resources
-  no_log: true
+  no_log: "{{ no_log }}"
 
 - name: Check for specified old PostgreSQL configuration secret
   k8s_info:
@@ -23,15 +23,15 @@
     name: '{{ old_postgres_configuration_secret }}'
   register: _custom_old_pg_config_resources
   when: old_postgres_configuration_secret | length
-  no_log: true
+  no_log: "{{ no_log }}"
 
 - name: Check for default old PostgreSQL configuration
   k8s_info:
     kind: Secret
     namespace: '{{ ansible_operator_meta.namespace }}'
     name: '{{ ansible_operator_meta.name }}-old-postgres-configuration'
   register: _default_old_pg_config_resources
-  no_log: true
+  no_log: "{{ no_log }}"
 
 - name: Set old PostgreSQL configuration
   set_fact:
@@ -45,7 +45,7 @@
   when:
     - old_pg_config['resources'] is defined
     - old_pg_config['resources'] | length
-  no_log: true
+  no_log: "{{ no_log }}"
 
 - name: Set default postgres image
   set_fact:
@@ -54,7 +54,7 @@
 - name: Set PostgreSQL configuration
   set_fact:
     _pg_config: '{{ _custom_pg_config_resources["resources"] | default([]) | length | ternary(_custom_pg_config_resources, _default_pg_config_resources) }}'
-  no_log: true
+  no_log: "{{ no_log }}"
 
 - name: Set user provided postgres image
   set_fact:
@@ -72,21 +72,21 @@
       k8s:
         apply: true
         definition: "{{ lookup('template', 'postgres_secret.yaml.j2') }}"
-      no_log: true
+      no_log: "{{ no_log }}"
 
     - name: Read Database Configuration
       k8s_info:
         kind: Secret
         namespace: '{{ ansible_operator_meta.namespace }}'
         name: '{{ ansible_operator_meta.name }}-postgres-configuration'
       register: _generated_pg_config_resources
-      no_log: true
+      no_log: "{{ no_log }}"
   when: not _pg_config['resources'] | default([]) | length
 
 - name: Set PostgreSQL Configuration
   set_fact:
     pg_config: '{{ _generated_pg_config_resources["resources"] | default([]) | length | ternary(_generated_pg_config_resources, _pg_config) }}'
-  no_log: true
+  no_log: "{{ no_log }}"
 
 - name: Set actual postgres configuration secret used
   set_fact:
@@ -140,7 +140,7 @@
     awx_postgres_port: "{{ pg_config['resources'][0]['data']['port'] | b64decode }}"
     awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}"
     awx_postgres_sslmode: "{{ pg_config['resources'][0]['data']['sslmode'] |  default('prefer'|b64encode) | b64decode }}"
-  no_log: true
+  no_log: "{{ no_log }}"
 
 - name: Wait for Database to initialize if managed DB
   k8s_info: