Redact usernames in UniFi diagnostics (#64794)

homeassistant/components/unifi/diagnostics.py

@@ -7,13 +7,14 @@ from typing import Any
 
 from homeassistant.components.diagnostics import REDACTED, async_redact_data
 from homeassistant.config_entries import ConfigEntry
-from homeassistant.const import CONF_PASSWORD
+from homeassistant.const import CONF_PASSWORD, CONF_USERNAME
 from homeassistant.core import HomeAssistant, callback
 from homeassistant.helpers.device_registry import format_mac
 
 from .const import CONF_CONTROLLER, DOMAIN as UNIFI_DOMAIN
 
 TO_REDACT = {CONF_CONTROLLER, CONF_PASSWORD}
+REDACT_CONFIG = {CONF_CONTROLLER, CONF_PASSWORD, CONF_USERNAME}
 REDACT_CLIENTS = {"bssid", "essid"}
 REDACT_DEVICES = {
     "anon_id",
@@ -59,9 +60,6 @@ async def async_get_config_entry_diagnostics(
     diag: dict[str, Any] = {}
     macs_to_redact: dict[str, str] = {}
 
-    diag["config"] = async_redact_data(config_entry.data, TO_REDACT)
-    diag["site_role"] = controller.site_role
-
     counter = 0
     for mac in chain(controller.api.clients, controller.api.devices):
         macs_to_redact[mac] = format_mac(str(counter).zfill(12))
@@ -74,8 +72,10 @@ async def async_get_config_entry_diagnostics(
                 macs_to_redact[mac] = format_mac(str(counter).zfill(12))
                 counter += 1
 
-    diag["options"] = async_replace_data(config_entry.options, macs_to_redact)
+    diag["config"] = async_redact_data(
-
+        async_replace_data(config_entry.as_dict(), macs_to_redact), REDACT_CONFIG
+    )
+    diag["site_role"] = controller.site_role
     diag["entities"] = async_replace_data(controller.entities, macs_to_redact)
     diag["clients"] = {
         macs_to_redact[k]: async_redact_data(

tests/components/unifi/test_diagnostics.py

@@ -1,5 +1,6 @@
 """Test UniFi Network diagnostics."""
 
+from homeassistant.components.diagnostics import REDACTED
 from homeassistant.components.unifi.const import (
     CONF_ALLOW_BANDWIDTH_SENSORS,
     CONF_ALLOW_UPTIME_SENSORS,
@@ -114,18 +115,29 @@ async def test_entry_diagnostics(hass, hass_client, aioclient_mock):
 
     assert await get_diagnostics_for_config_entry(hass, hass_client, config_entry) == {
         "config": {
-            "controller": "**REDACTED**",
+            "data": {
-            "host": "1.2.3.4",
+                "controller": REDACTED,
-            "password": "**REDACTED**",
+                "host": "1.2.3.4",
-            "port": 1234,
+                "password": REDACTED,
-            "site": "site_id",
+                "port": 1234,
-            "username": "username",
+                "site": "site_id",
-            "verify_ssl": False,
+                "username": REDACTED,
-        },
+                "verify_ssl": False,
-        "options": {
+            },
-            "allow_bandwidth_sensors": True,
+            "disabled_by": None,
-            "allow_uptime_sensors": True,
+            "domain": "unifi",
-            "block_client": ["00:00:00:00:00:00"],
+            "entry_id": "1",
+            "options": {
+                "allow_bandwidth_sensors": True,
+                "allow_uptime_sensors": True,
+                "block_client": ["00:00:00:00:00:00"],
+            },
+            "pref_disable_new_entities": False,
+            "pref_disable_polling": False,
+            "source": "user",
+            "title": "Mock Title",
+            "unique_id": "1",
+            "version": 1,
         },
         "site_role": "admin",
         "entities": {
@@ -188,7 +200,7 @@ async def test_entry_diagnostics(hass, hass_client, aioclient_mock):
                             },
                             {
                                 "age": 1,
-                                "mac": "**REDACTED**",
+                                "mac": REDACTED,
                                 "static": True,
                                 "uptime": 0,
                                 "vlan": 0,