diff --git a/plugins/modules/ldap_auth_provider.py b/plugins/modules/ldap_auth_provider.py index 19168f72..e0ee4da0 100644 --- a/plugins/modules/ldap_auth_provider.py +++ b/plugins/modules/ldap_auth_provider.py @@ -197,7 +197,6 @@ client_key_file: '/path/to/ssl/key.pem' binding: user_dn: 'cn=binder,dc=acme,dc=org' - password: 'YOUR_PASSWORD' group_search: base_dn: 'dc=acme,dc=org' attribute: 'member' @@ -220,6 +219,15 @@ API_VERSION = "authentication/v2" +def remove_item(result): + if result: + for server in result["servers"]: + if server["binding"] and "password" in server["binding"]: + del server["binding"]["password"] + + return result + + def _filter(payload): # Remove keys with None values from dict return dict((k, v) for k, v in payload.items() if v is not None) @@ -361,7 +369,7 @@ def main(): changed, ldap_provider = utils.sync_v1( module.params["state"], client, path, payload, module.check_mode, do_differ ) - module.exit_json(changed=changed, object=ldap_provider) + module.exit_json(changed=changed, object=remove_item(ldap_provider)) except errors.Error as e: module.fail_json(msg=str(e)) diff --git a/tests/integration/molecule/module_ldap_auth_provider/converge.yml b/tests/integration/molecule/module_ldap_auth_provider/converge.yml index bee23a0a..053bdf82 100644 --- a/tests/integration/molecule/module_ldap_auth_provider/converge.yml +++ b/tests/integration/molecule/module_ldap_auth_provider/converge.yml @@ -259,7 +259,7 @@ - result.object.servers.0.client_cert_file == '/path/to/ssl/cert.pem' - result.object.servers.0.client_key_file == '/path/to/ssl/key.pem' - result.object.servers.0.binding.user_dn == 'cn=binder,dc=acme,dc=org' - - result.object.servers.0.binding.password == 'VALUE_SPECIFIED_IN_NO_LOG_PARAMETER' + - "'password' not in result.object.servers.0.binding" - result.object.servers.0.group_search.base_dn == 'dc=acme,dc=org' - result.object.servers.0.group_search.attribute == 'member' - result.object.servers.0.group_search.name_attribute == 'cn'