From 29b89089a109ba02f4f98b10ee686d0157e89999 Mon Sep 17 00:00:00 2001
From: George Shuklin <george.shuklin@gmail.com>
Date: Thu, 20 Feb 2025 20:52:33 +0200
Subject: [PATCH 1/2] security: hide content of the service account contents
 from the logs for GCE

When instance is waited for SSH, loop label contains all server data,
returned by the driver. One of them is service_account_contents
which contains a private key to  a GCE service account, used to create
VMs in GCE, if GCP_SERVICE_ACCOUNT_CONTENTS environment variable was
used.
---
 .../gce/playbooks/tasks/create_linux_instance.yml              | 3 +++
 test/gce/scenarios/linux/tasks/create_linux_instance.yml       | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/src/molecule_plugins/gce/playbooks/tasks/create_linux_instance.yml b/src/molecule_plugins/gce/playbooks/tasks/create_linux_instance.yml
index a5efeb33..f8b5bad3 100644
--- a/src/molecule_plugins/gce/playbooks/tasks/create_linux_instance.yml
+++ b/src/molecule_plugins/gce/playbooks/tasks/create_linux_instance.yml
@@ -56,12 +56,15 @@
     - "Dump instance config"
 
 - name: Wait for SSH
+  no_log: "{{ molecule_no_log }}" # GCE modules leaks GCP_SERVICE_ACCOUNT_CONTENTS value in returned values from module, which contains private key
   ansible.builtin.wait_for:
     port: 22
     host: "{{ item.networkInterfaces.0.accessConfigs.0.natIP if molecule_yml.driver.external_access else item.networkInterfaces.0.networkIP }}"
     search_regex: SSH
     delay: 10
   loop: "{{ server.results }}"
+  loop_control:
+    label: "{{ item.name }}"
   register: waitfor
   until: waitfor.failed == false
   retries: 6
diff --git a/test/gce/scenarios/linux/tasks/create_linux_instance.yml b/test/gce/scenarios/linux/tasks/create_linux_instance.yml
index 3c781c45..72bc7655 100644
--- a/test/gce/scenarios/linux/tasks/create_linux_instance.yml
+++ b/test/gce/scenarios/linux/tasks/create_linux_instance.yml
@@ -50,9 +50,11 @@
     - Dump instance config
 
 - name: Wait for SSH
+  no_log: "{{ molecule_no_log }}"
   ansible.builtin.wait_for:
     port: 22
     host: "{{ item.networkInterfaces.0.accessConfigs.0.natIP if molecule_yml.driver.external_access else item.networkInterfaces.0.networkIP }}"
     search_regex: SSH
     delay: 10
   loop: "{{ server.results }}"
+

From 576f8c59b19151343045e7436b63f59f27fd40ef Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Sat, 22 Feb 2025 08:27:19 +0000
Subject: [PATCH 2/2] [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
---
 test/gce/scenarios/linux/tasks/create_linux_instance.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/test/gce/scenarios/linux/tasks/create_linux_instance.yml b/test/gce/scenarios/linux/tasks/create_linux_instance.yml
index 72bc7655..3078f4b7 100644
--- a/test/gce/scenarios/linux/tasks/create_linux_instance.yml
+++ b/test/gce/scenarios/linux/tasks/create_linux_instance.yml
@@ -57,4 +57,3 @@
     search_regex: SSH
     delay: 10
   loop: "{{ server.results }}"
-