Remove password from return object in ad auth provider

We are hiding password value in the ad_auth_provider
module return object as passwords are visible from
what Sensu Go backend returns.

plugins/modules/ad_auth_provider.py

@@ -208,7 +208,6 @@
       default_upn_domain: 'example.org'
       binding:
         user_dn: 'cn=binder,dc=acme,dc=org'
-        password: 'YOUR_PASSWORD'
       group_search:
         base_dn: 'dc=acme,dc=org'
         attribute: 'member'
@@ -232,6 +231,15 @@
 API_VERSION = "authentication/v2"
 
 
+def remove_item(result):
+    if result:
+        for server in result["servers"]:
+            if server["binding"] and "password" in server["binding"]:
+                del server["binding"]["password"]
+
+    return result
+
+
 def _filter(payload):
     # Remove keys with None values from dict
     return dict((k, v) for k, v in payload.items() if v is not None)
@@ -379,7 +387,7 @@ def main():
         changed, ad_provider = utils.sync_v1(
             module.params["state"], client, path, payload, module.check_mode, do_differ
         )
-        module.exit_json(changed=changed, object=ad_provider)
+        module.exit_json(changed=changed, object=remove_item(ad_provider))
     except errors.Error as e:
         module.fail_json(msg=str(e))
 

tests/integration/molecule/module_ad_auth_provider/converge.yml

@@ -261,7 +261,7 @@
           - result.object.servers.0.client_key_file == '/path/to/ssl/key.pem'
           - result.object.servers.0.default_upn_domain == 'example.org'
           - result.object.servers.0.binding.user_dn == 'cn=binder,dc=acme,dc=org'
-          - result.object.servers.0.binding.password == 'VALUE_SPECIFIED_IN_NO_LOG_PARAMETER'
+          - "'password' not in result.object.servers.0.binding"
           - result.object.servers.0.group_search.base_dn == 'dc=acme,dc=org'
           - result.object.servers.0.group_search.attribute == 'member'
           - result.object.servers.0.group_search.name_attribute == 'cn'