From a36bb614c092c147da11c20334dff6839d3c29b2 Mon Sep 17 00:00:00 2001
From: Jake Hutchinson <jake@stackhpc.com>
Date: Wed, 30 Oct 2024 16:34:29 +0000
Subject: [PATCH] Add loop control to custom DNF repos

This avoids leaking repository credentials by suppressing the dict
output to only print the key.

Change-Id: Ic7aa0e4c4f625908aeb30de65edac8bce96af761
Related-Bug: #2087938
---
 ansible/roles/dnf/tasks/custom-repo.yml               |  2 ++
 .../notes/dnf-loop-control-6e2c8ba1915d2631.yaml      | 11 +++++++++++
 2 files changed, 13 insertions(+)
 create mode 100644 releasenotes/notes/dnf-loop-control-6e2c8ba1915d2631.yaml

diff --git a/ansible/roles/dnf/tasks/custom-repo.yml b/ansible/roles/dnf/tasks/custom-repo.yml
index a20018e92..b7e66de76 100644
--- a/ansible/roles/dnf/tasks/custom-repo.yml
+++ b/ansible/roles/dnf/tasks/custom-repo.yml
@@ -26,6 +26,8 @@
     username: "{{ item.value.username | default(omit) }}"
     state: "{{ item.value.state | default(omit)}}"
   with_dict: "{{ dnf_custom_repos }}"
+  loop_control:
+    label: "{{ item.key }}"
   register: register_dnf_command
   retries: 3
   delay: 10
diff --git a/releasenotes/notes/dnf-loop-control-6e2c8ba1915d2631.yaml b/releasenotes/notes/dnf-loop-control-6e2c8ba1915d2631.yaml
new file mode 100644
index 000000000..38f8d257b
--- /dev/null
+++ b/releasenotes/notes/dnf-loop-control-6e2c8ba1915d2631.yaml
@@ -0,0 +1,11 @@
+---
+security:
+  - |
+    Avoid leaking DNF repository username/password credentials in the Kayobe
+    output by adding loop control to print only the repository key.
+    `LP#2087938 <https://launchpad.net/bugs/2087938>`__
+fixes:
+  - |
+    Avoid leaking DNF repository username/password credentials in the Kayobe
+    output by adding loop control to print only the repository key.
+    `LP#2087938 <https://launchpad.net/bugs/2087938>`__