Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -189,3 +189,7 @@ cython_debug/
*.sarif

**tar.gz

# Secrets and certificates
*.pem
*.key
3 changes: 1 addition & 2 deletions CODE_OF_CONDUCT.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
# Community Code of Conduct

Please see the official
[Ansible Community Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html).
Please see the official [Ansible Community Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html).
15 changes: 15 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# Security Policy

## Supported Versions

Ansible applies security fixes according to the 3-versions-back support
policy. Please find more information in [our docs](
https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html#release-status
).

## Reporting a Vulnerability

We encourage responsible disclosure practices for security
vulnerabilities. Please read our [policies for reporting bugs](
https://docs.ansible.com/ansible/devel/community/reporting_bugs_and_features.html#reporting-a-bug
) if you want to report a security issue that might affect Ansible.
2 changes: 1 addition & 1 deletion inventory.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ all:
aap_validate_certs: false
controller_validate_certs: false

# If secure_logging is set to 'true', Secrets may be displayed in logs.
# If secure_logging is set to 'true', secrets are hidden from logs.
# secure_logging: false

## Operators to deploy on the OpenShift Hub Cluster
Expand Down
1 change: 1 addition & 0 deletions roles/aap_deploy/tasks/install.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
---
- name: install | Validate OpenShift bearer token
no_log: true
ansible.builtin.uri:
url: "{{ aap_deploy_openshift_host | default(lookup('ansible.builtin.env', 'K8S_AUTH_HOST')) }}"
method: GET
Expand Down
4 changes: 2 additions & 2 deletions roles/aap_seed/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@
delay: 5
register: aap_seed_api_status
until: aap_seed_api_status.status == 200
no_log: true
ansible.builtin.uri:
url: https://{{ aap_seed_controller_hostname }}/api{{ '/controller' if aap_version is not defined or aap_version is defined and aap_version is version('2.5', '>=') }}/v2/config/ # noqa: yaml[line-length]
method: GET
Expand All @@ -72,6 +73,7 @@
delay: 5
register: aap_seed_api_status
until: aap_seed_api_status.status == 200
no_log: true
ansible.builtin.uri:
url: https://{{ aap_seed_controller_hostname }}/api{{ '/controller' if aap_version is not defined or aap_version is defined and aap_version is version('2.5', '>=') }}/v2/config/ # noqa: yaml[line-length]
method: GET
Expand All @@ -94,9 +96,7 @@

- name: Set variables for {{ aap_seed_cac_collection }}
ansible.builtin.set_fact:
controller_configuration_secure_logging: false # noqa: var-naming[no-role-prefix]
controller_configuration_async_delay: 5 # noqa: var-naming[no-role-prefix]
aap_configuration_secure_logging: false # noqa: var-naming[no-role-prefix]
aap_configuration_async_delay: 5 # noqa: var-naming[no-role-prefix]

- name: Call dispatch role
Expand Down
1 change: 1 addition & 0 deletions roles/bootstrap/tasks/aap_subscription.yml
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@
register: __bootstrap_aap_license_manifest_content

- name: aap_subscription | Apply license to AAP
no_log: true
ansible.builtin.uri:
method: POST
status_code: 200
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
---
# WARNING: cluster-admin grants unrestricted cluster access. Replace with a scoped ClusterRole for production use.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
Expand Down
1 change: 1 addition & 0 deletions roles/mtv_management/tasks/mtv_query_inventory.yml
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@
headers:
Authorization: Bearer {{ openshift_api_key }}
register: _mtv_management_mtv_inventory_query_result
no_log: true

- name: mtv_query_inventory | Set Result Fact
ansible.builtin.set_fact:
Expand Down
1 change: 1 addition & 0 deletions roles/vm_hot_plug/tasks/_storage.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
default([]) |
selectattr('name', 'equalto', vm_hot_plug_storage_instance.name) | list | length == 0
)
no_log: true
ansible.builtin.uri:
url:
"{{ vm_hot_plug_openshift_host }}/apis/subresources.{{ vm_hot_plug_kubevirt_api_version }}\
Expand Down
1 change: 1 addition & 0 deletions roles/vm_lifecycle/tasks/_perform_operation.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---

- name: _perform_operation | Perform VM Operation
no_log: true
ansible.builtin.uri:
url: "{{ vm_lifecycle_openshift_host }}/apis/subresources.{{ vm_lifecycle_kubevirt_api_version }}/namespaces/{{ vm_operations_vm.vm.metadata.namespace }}/virtualmachines/{{ vm_operations_vm.vm.metadata.name }}/{{ vm_lifecycle_valid_vm_operations[vm_operations_vm['operation']].endpoint }}" # noqa: yaml[line-length]
validate_certs: "{{ vm_lifecycle_openshift_verify_ssl }}"
Expand Down
Loading