Remove encrypted from surveys #867
Conversation
There was a problem hiding this comment.
If I'm reading this correctly this will set the value to ''.
This doesn't feel like a good idea because this will mean we blank out the password. At least having $encrypted$ means people know where they need to replace values.
An alternate strategy here would be to raise a PR against the lookup plugin to add a flag to not return values with $encrypted$ and instead omit them from the results
|
Okay the error looks like this: |
Ah I see. I hadn't read properly that this was within surveys so setting a default of being blank may be our best solution here as you've done. I'll approve for now but I'll request someone else takes a look |
There was a problem hiding this comment.
The proposed changes gives undesired results:
$ansible-playbook -i inventory.yaml example.yaml
PLAY [play all] *****************************************************************************************************************************************************************************************************************************
TASK [debug] ********************************************************************************************************************************************************************************************************************************
ok: [hosta] => {
"msg": [
"REDHAT_PASSWORD: \"$encrypted$\"\n",
"REDHAT_PASSWORD: \"\\'\\'\"\n"
]
}
PLAY RECAP **********************************************************************************************************************************************************************************************************************************
hosta : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Instead of replace("$encrypted$", "\'\'"), it should be replace("$encrypted$", "")
ansible-playbook -i inventory.yaml example.yaml
PLAY [play all] *****************************************************************************************************************************************************************************************************************************
TASK [debug] ********************************************************************************************************************************************************************************************************************************
ok: [hosta] => {
"msg": [
"REDHAT_PASSWORD: \"$encrypted$\"\n",
"REDHAT_PASSWORD: \"\"\n"
]
}
PLAY RECAP **********************************************************************************************************************************************************************************************************************************
hosta : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
|
Okay, I left only the empty double quotes. |
|
I don't like this change at all @Tompage1994 @ivarmu. If you export a WF or a JT with any encrypted data either in a survey or in the WF/JT itself, that value should be put in place vaulted or it has to be omitted. With this change, if someone exports a JT/WF, default password of survey will be replaced for nothing which could ends up in an unexpected situation. I'd prefer to have to review things manually like passwords after export objects with filetree_create rather than leave filetree_create exports objects with false values of some parameters |
What does this PR do?
Recently, I've discovered that
$encrypted$is exported with the job template/workflow when a password is set in the survey field. During the import, this causes an issue, and the survey is not imported.How should this be tested?
filetree_create.$encrypted$in the export.Is there a relevant Issue open for this?
N/A
Other Relevant info, PRs, etc
N/A