From 27b08282ea540fb64b18157007755d6bcfc5e3d7 Mon Sep 17 00:00:00 2001
From: Pavel Moravec <pmoravec@redhat.com>
Date: Mon, 27 Nov 2023 17:23:20 +0100
Subject: [PATCH] [ansible] Skip collecting redundant dirs and files from
 /etc/ansible

Forbid collecting some files and dirs from /etc/ansible that are not
interesting for any investigation but might potentially collect
sensitive data.

Resolves: #3423

Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
---
 sos/report/plugins/ansible.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/sos/report/plugins/ansible.py b/sos/report/plugins/ansible.py
index 5991b7862e..d4bceb1cb3 100644
--- a/sos/report/plugins/ansible.py
+++ b/sos/report/plugins/ansible.py
@@ -29,7 +29,11 @@ def setup(self):
             "ansible --version"
         ])
 
-        # let rhui plugin collects the RHUI specific files
-        self.add_forbidden_path("/etc/ansible/facts.d/rhui_*.fact")
+        # don't generic & collect potentially sensitive files and dirs
+        self.add_forbidden_path([
+            "/etc/ansible/facts.d/",
+            "/etc/ansible/roles/",
+            "/etc/ansible/hosts",
+        ])
 
 # vim: set et ts=4 sw=4 :