-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: add loop control for options list task in otelwinreg #5132
base: main
Are you sure you want to change the base?
Conversation
All contributors have signed the CLA ✍️ ✅ |
I have read the CLA Document and I hereby sign the CLA |
6f424de
to
c285092
Compare
@@ -6,6 +6,8 @@ | |||
{{ (splunk_otel_collector_options_list | default([])) + [item.key + '=' + (value | string)] }} | |||
loop: > | |||
{{ splunk_otel_collector_options | default({}) | combine(splunk_otel_collector_additional_env_vars) | dict2items }} | |||
loop_control: | |||
label: "{{ item.key }}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I note in your example you have item=KEYOFMYSECRETVALUE
, so wanted to double check that we indeed want item.key
.
In general I'm for adding the loop control + label
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
relevant parts of code for other reviewers:
- ansible docs
splunk_otel_collector_options
-
SPLUNK_ACCESS_TOKEN: "{{ splunk_access_token }}" SPLUNK_API_URL: "{{ splunk_api_url }}" GOMEMLIMIT: "{{ gomemlimit if gomemlimit != '' else omit }}" SPLUNK_BUNDLE_DIR: >- {{ splunk_bundle_dir if splunk_bundle_dir != '' else '{{ansible_env.ProgramFiles}}\Splunk\OpenTelemetry Collector\agent-bundle' }} SPLUNK_COLLECTD_DIR: "{{ splunk_collectd_dir if splunk_collectd_dir != '' else omit }}" SPLUNK_CONFIG: >- {{ splunk_otel_collector_config if splunk_otel_collector_config != '' else '{{ ansible_env.ProgramData }}\Splunk\OpenTelemetry Collector\agent_config.yaml' }} SPLUNK_INGEST_URL: "{{ splunk_ingest_url }}" SPLUNK_HEC_TOKEN: "{{ splunk_hec_token }}" SPLUNK_HEC_URL: "{{ splunk_hec_url }}" SPLUNK_LISTEN_INTERFACE: "{{ splunk_listen_interface if splunk_listen_interface != '' else omit }}" SPLUNK_MEMORY_TOTAL_MIB: "{{ splunk_memory_total_mib }}" SPLUNK_REALM: "{{ splunk_realm }}" SPLUNK_TRACE_URL: "{{ splunk_trace_url }}"
-
splunk_otel_collector_additional_env_vars
(looks empty from defaults)
4a41f77
to
5c3a8e9
Compare
I'm not too familiar, but the output from our CI tests still shows the values:
According to the note for label:
So if the goal is hide the sensitive data, then maybe we should try |
Hello @jeffreyc-splunk, Sorry for the late response. I think your tests have the Ansible verbosity parameter enabled, that's why the pipeline shows values. You're right, |
Let's go with Alternatively, if you want to modify |
Description:
Fixing an issue - Add a loop control for loop task "Get Splunk OpenTelemetry Collector options list" in
otel_win_reg.yml
.This fix prevents a potentially sensitive value from being displayed.
Testing: