Sensitive password field exposed when the task of checking deprecated privileges settings is skipped due to with_items loop

[maarous]

When the role runs the task:

- name: Ensure PostgreSQL users do not use deprecated privileges settings
  debug:
    msg "Postgresql user {{ item.name }} uses deprecated privileges settings. See https://github.com/geerlingguy/ansible-role-postgresql/issues/254"
  with_items: "{{ postgresql_users }}"
  when: item.priv is defined

Ansible prints the full contents of item in the skipped message, which includes sensitive fields such as the PostgreSQL user's password.
Example output:

TASK [geerlingguy.postgresql : Ensure PostgreSQL users do not use deprecated privileges settings] ***********************************************************
skipping: [boo.example.com] => (item={'name': 'example_user', 'password': 'xDsfdsf8v4Zz', 'encrypted': True, 'db': 'foo_db', 'login_host': 'localhost', 'port': 5432, 'state': 'present'})

This results in a security risk, as sensitive values are exposed even though the task itself is skipped and does not explicitly log them.

[zerwes]

Hello @maarous
👍 for pointing at this
As my fix for the fix (pr #267 as a fup to #266) is still unmerged, I implemented a different solution in 734541d by changing the loop label.

[maarous]

Hello @zerwes , your fix is much better. Thanks !! It was merged.