diff options
| author | Christian Fetzer <fetzer.ch@gmail.com> | 2018-04-05 20:08:30 +0200 |
|---|---|---|
| committer | scottb <dharmabumstead@users.noreply.github.com> | 2018-04-05 11:08:30 -0700 |
| commit | 9cca9a9c108124b56cd9e90130bf5ea02e3464be (patch) | |
| tree | dc8665f742e394f94a48a7868228ab5a45a71921 | |
| parent | 2a604f6fe6555e6635c060a1934f5b4c92c35204 (diff) | |
| download | ansible-9cca9a9c108124b56cd9e90130bf5ea02e3464be.tar.gz | |
docs: Document disabling diff on task level (#37998)
* docs: Document disabling diff on task level
Tasks that deal with secrets may leak sensitive information when
running in Check Mode. This change updates the documentation explaining
that the diff can be deactivated on task level.
The feature was requested in #14860 and got introduced in Ansible 2.4
with #28581.
* Updated for clarity
| -rw-r--r-- | docs/docsite/rst/user_guide/playbooks_checkmode.rst | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/docs/docsite/rst/user_guide/playbooks_checkmode.rst b/docs/docsite/rst/user_guide/playbooks_checkmode.rst index 6123e0c6fa..9eee4e4425 100644 --- a/docs/docsite/rst/user_guide/playbooks_checkmode.rst +++ b/docs/docsite/rst/user_guide/playbooks_checkmode.rst @@ -98,3 +98,18 @@ Since the diff feature produces a large amount of output, it is best used when c ansible-playbook foo.yml --check --diff --limit foo.example.com +.. versionadded:: 2.4 + +The ``--diff`` option can reveal sensitive information. This option can disabled for tasks by specifying ``diff: no``. + +Example:: + + tasks: + - name: this task will not report a diff when the file changes + template: + src: secret.conf.j2 + dest: /etc/secret.conf + owner: root + group: root + mode: '0600' + diff: no |