Remove password from return object in ldap auth provider

We are hiding password value in the ldap_auth_provider
module return object as passwords are visible from
what Sensu Go backend returns.

plugins/modules/ldap_auth_provider.py

@@ -197,7 +197,6 @@
       client_key_file: '/path/to/ssl/key.pem'
       binding:
         user_dn: 'cn=binder,dc=acme,dc=org'
-        password: 'YOUR_PASSWORD'
       group_search:
         base_dn: 'dc=acme,dc=org'
         attribute: 'member'
@@ -220,6 +219,15 @@
 API_VERSION = "authentication/v2"
 
 
+def remove_item(result):
+    if result:
+        for server in result["servers"]:
+            if server["binding"] and "password" in server["binding"]:
+                del server["binding"]["password"]
+
+    return result
+
+
 def _filter(payload):
     # Remove keys with None values from dict
     return dict((k, v) for k, v in payload.items() if v is not None)
@@ -361,7 +369,7 @@ def main():
         changed, ldap_provider = utils.sync_v1(
             module.params["state"], client, path, payload, module.check_mode, do_differ
         )
-        module.exit_json(changed=changed, object=ldap_provider)
+        module.exit_json(changed=changed, object=remove_item(ldap_provider))
     except errors.Error as e:
         module.fail_json(msg=str(e))
 

tests/integration/molecule/module_ldap_auth_provider/converge.yml

@@ -259,7 +259,7 @@
           - result.object.servers.0.client_cert_file == '/path/to/ssl/cert.pem'
           - result.object.servers.0.client_key_file == '/path/to/ssl/key.pem'
           - result.object.servers.0.binding.user_dn == 'cn=binder,dc=acme,dc=org'
-          - result.object.servers.0.binding.password == 'VALUE_SPECIFIED_IN_NO_LOG_PARAMETER'
+          - "'password' not in result.object.servers.0.binding"
           - result.object.servers.0.group_search.base_dn == 'dc=acme,dc=org'
           - result.object.servers.0.group_search.attribute == 'member'
           - result.object.servers.0.group_search.name_attribute == 'cn'