diff options
| author | Rick Elrod <rick@elrod.me> | 2021-04-04 19:00:41 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-04-04 19:00:41 -0500 |
| commit | 6ac19b7757670029b895b62c4458e8ad2bc965b3 (patch) | |
| tree | 56089bcc6a7414ab0dc945e865f1a0720fd0e0b5 | |
| parent | 6ed3e37df114147a1be01784c028cebc923d2f20 (diff) | |
| download | ansible-6ac19b7757670029b895b62c4458e8ad2bc965b3.tar.gz | |
[security] Add more missing no_logs (#74116)
Change:
- Add missing no_log on fields and subfields which should have it.
- Update several changelogs with CVE id.
Signed-off-by: Rick Elrod <rick@elrod.me>
50 files changed, 146 insertions, 96 deletions
diff --git a/changelogs/fragments/471-no_log.yml b/changelogs/fragments/471-no_log.yml index 14217c20f5..e1c537bc0c 100644 --- a/changelogs/fragments/471-no_log.yml +++ b/changelogs/fragments/471-no_log.yml @@ -1,2 +1,2 @@ security_fixes: -- aws_secret - flag the ``secret`` parameter as containing sensitive data which shouldn't be logged (https://github.com/ansible-collections/community.aws/pull/471). +- aws_secret - flag the ``secret`` parameter as containing sensitive data which shouldn't be logged (https://github.com/ansible-collections/community.aws/pull/471) (CVE-2021-3447). diff --git a/changelogs/fragments/community.aws-475-no_log-missing.yml b/changelogs/fragments/community.aws-475-no_log-missing.yml index c07ab112ad..9e501df8aa 100644 --- a/changelogs/fragments/community.aws-475-no_log-missing.yml +++ b/changelogs/fragments/community.aws-475-no_log-missing.yml @@ -1,4 +1,4 @@ security_fixes: -- "aws_direct_connect_virtual_interface - mark the ``authentication_key`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475)." -- "sts_assume_role - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475)." -- "sts_session_token - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475)." +- "aws_direct_connect_virtual_interface - mark the ``authentication_key`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475). (CVE-2021-3447)" +- "sts_assume_role - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475). (CVE-2021-3447)" +- "sts_session_token - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475). (CVE-2021-3447)" diff --git a/changelogs/fragments/community.docker-103-docker_swarm-no_log.yml b/changelogs/fragments/community.docker-103-docker_swarm-no_log.yml index a2e40747ac..f94775f1c0 100644 --- a/changelogs/fragments/community.docker-103-docker_swarm-no_log.yml +++ b/changelogs/fragments/community.docker-103-docker_swarm-no_log.yml @@ -1,4 +1,4 @@ security_fixes: -- "docker_swarm - the ``join_token`` option is now marked as ``no_log`` so it is no longer written into logs (https://github.com/ansible-collections/community.docker/pull/103)." +- "docker_swarm - the ``join_token`` option is now marked as ``no_log`` so it is no longer written into logs (https://github.com/ansible-collections/community.docker/pull/103). (CVE-2021-3447)" breaking_changes: -- "docker_swarm - if ``join_token`` is specified, a returned join token with the same value will be replaced by ``VALUE_SPECIFIED_IN_NO_LOG_PARAMETER``. Make sure that you do not blindly use the join tokens from the return value of this module when the module is invoked with ``join_token`` specified! This breaking change appears in a minor release since it is necessary to fix a security issue (https://github.com/ansible-collections/community.docker/pull/103)." +- "docker_swarm - if ``join_token`` is specified, a returned join token with the same value will be replaced by ``VALUE_SPECIFIED_IN_NO_LOG_PARAMETER``. Make sure that you do not blindly use the join tokens from the return value of this module when the module is invoked with ``join_token`` specified! This breaking change appears in a minor release since it is necessary to fix a security issue (https://github.com/ansible-collections/community.docker/pull/103). (CVE-2021-3447)" diff --git a/changelogs/fragments/community.general-2018-missing-no_log-again.yml b/changelogs/fragments/community.general-2018-missing-no_log-again.yml index 7410b7643e..90e83b370d 100644 --- a/changelogs/fragments/community.general-2018-missing-no_log-again.yml +++ b/changelogs/fragments/community.general-2018-missing-no_log-again.yml @@ -1,2 +1,2 @@ security_fixes: -- "na_cdot_user - mark the ``set_password`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/2018)." +- "na_cdot_user - mark the ``set_password`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/2018). (CVE-2021-3447)" diff --git a/changelogs/fragments/community.network-223-no_log-missing.yml b/changelogs/fragments/community.network-223-no_log-missing.yml index 889fd670b1..84d5934e68 100644 --- a/changelogs/fragments/community.network-223-no_log-missing.yml +++ b/changelogs/fragments/community.network-223-no_log-missing.yml @@ -1,4 +1,4 @@ security_fixes: -- "avi_webhook - mark the ``verification_token`` parameter as ``no_log`` to prevent potential leaking of secret values (https://github.com/ansible-collections/community.network/pull/223)." -- "avi_sslkeyandcertificate - mark the ``enckey_base64`` parameter as ``no_log`` to prevent potential leaking of secret values (https://github.com/ansible-collections/community.network/pull/223)." -- "avi_cloudconnectoruser - mark the ``azure_userpass`` parameter as ``no_log`` to prevent leaking of secret values (https://github.com/ansible-collections/community.network/pull/223)." +- "avi_webhook - mark the ``verification_token`` parameter as ``no_log`` to prevent potential leaking of secret values (https://github.com/ansible-collections/community.network/pull/223). (CVE-2021-3447)" +- "avi_sslkeyandcertificate - mark the ``enckey_base64`` parameter as ``no_log`` to prevent potential leaking of secret values (https://github.com/ansible-collections/community.network/pull/223). (CVE-2021-3447)" +- "avi_cloudconnectoruser - mark the ``azure_userpass`` parameter as ``no_log`` to prevent leaking of secret values (https://github.com/ansible-collections/community.network/pull/223). (CVE-2021-3447)" diff --git a/changelogs/fragments/more-no_log-fixes.yml b/changelogs/fragments/more-no_log-fixes.yml new file mode 100644 index 0000000000..1f234faaee --- /dev/null +++ b/changelogs/fragments/more-no_log-fixes.yml @@ -0,0 +1,46 @@ +security_fixes: + - azure_rm_devtestlabartifactsource - ``security_token`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - bigip_device_license - ``license_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - bigip_dns_nameserver - ``tsig_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - bigip_dns_zone - ``tsig_server_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - bigip_profile_client_ssl - ``key`` and ``passphrase`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_dlp_fp_doc_source - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_endpoint_control_forticlient_ems - ``admin_password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_endpoint_control_profile - ``preshared_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_endpoint_control_settings - ``forticlient_reg_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_extender_controller_extender - ``aaa_shared_secret``, ``ha_shared_secret``, ``modem_passwd``, and ``ppp_password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_firewall_ssh_local_ca - ``password`` and ``private_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_firewall_ssh_local_key - ``password`` and ``private_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_log_disk_setting - ``uploadpass`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_router_bgp - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_router_ospf - ``authentication_key`` and `md5_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_router_rip - ``auth_string`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_system_admin - ``fortitoken`` and ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_system_api_user - ``api_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_system_interface - ``password`` and ``pptp_password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_system_sdn_connector - ``access_key``, ``client_secret``, ``key_passwd``, ``password``, ``private_key``, and ``secret_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_system_virtual_wan_link - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_user_radius - ``secret``, ``rsso_secret``, ``secondary_secret``, and ``tertiary_secret`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_user_tacacsplus - ``key``, ``secondary_key``, and ``tertiary_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_vpn_ipsec_manualkey - ``authkey`` and ``enckey`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_vpn_ipsec_manualkey_interface - ``auth_key`` and ``enc_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_vpn_ipsec_phase1 - ``authpasswd``, ``group_authentication_secret``, ``ppk_secret``, ``psksecret``, and ``psksecret_remote`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_vpn_ipsec_phase1_interface - ``authpasswd``, ``group_authentication_secret``, ``ppk_secret``, ``psksecret``, and ``psksecret_remote`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_vpn_ssl_web_portal - ``logon_password`` and ``sso_password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_wireless_controller_vap - ``captive_portal_macauth_radius_secret``, ``captive_portal_radius_secret``, ``key``, and ``passphrase`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_wireless_controller_wtp - ``login_passwd`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_wireless_controller_wtp_profile - ``fortipresence_secret`` and ``login_passwd`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - gcp_compute_instance - ``raw_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - gcp_container_cluster - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - gcp_sql_instance - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - ios_ntp - ``auth_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - logentries_msg - ``token`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - na_elementsw_cluster_snmp - ``password`` and ``passphrase`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - netscaler_lb_monitor - ``password`` and ``secondarypassword`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - nxos_aaa_server_host - ``key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - ovirt_auth - ``token`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - pingdom - ``key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - rollbar_deployment - ``token` no longer appears in logs (``no_log``) (CVE-2021-3447) + - stackdriver - ``key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - tower_credential - ``security_token`` and ``secret`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - zabbix_action - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) diff --git a/lib/ansible/modules/cloud/azure/azure_rm_devtestlabartifactsource.py b/lib/ansible/modules/cloud/azure/azure_rm_devtestlabartifactsource.py index 70c2f83814..49a5fff6b2 100644 --- a/lib/ansible/modules/cloud/azure/azure_rm_devtestlabartifactsource.py +++ b/lib/ansible/modules/cloud/azure/azure_rm_devtestlabartifactsource.py @@ -164,7 +164,8 @@ class AzureRMDevTestLabArtifactsSource(AzureRMModuleBase): type='str' ), security_token=dict( - type='str' + type='str', + no_log=True ), is_enabled=dict( type='bool' diff --git a/lib/ansible/modules/cloud/google/gcp_compute_instance.py b/lib/ansible/modules/cloud/google/gcp_compute_instance.py index 2b922c69ba..581e7a32c3 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_instance.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_instance.py @@ -889,7 +889,10 @@ def main(): auto_delete=dict(type='bool'), boot=dict(type='bool'), device_name=dict(type='str'), - disk_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'), rsa_encrypted_key=dict(type='str'))), + disk_encryption_key=dict( + type='dict', + options=dict(raw_key=dict(type='str', no_log=True), rsa_encrypted_key=dict(type='str', no_log=True)) + ), index=dict(type='int'), initialize_params=dict( type='dict', @@ -898,7 +901,7 @@ def main(): disk_size_gb=dict(type='int'), disk_type=dict(type='str'), source_image=dict(type='str', aliases=['image', 'image_family']), - source_image_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'))), + source_image_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str', no_log=True))), ), ), interface=dict(type='str', choices=['SCSI', 'NVME']), diff --git a/lib/ansible/modules/cloud/google/gcp_sql_instance.py b/lib/ansible/modules/cloud/google/gcp_sql_instance.py index b2f062bcd3..c6ef771313 100644 --- a/lib/ansible/modules/cloud/google/gcp_sql_instance.py +++ b/lib/ansible/modules/cloud/google/gcp_sql_instance.py @@ -630,7 +630,7 @@ def main(): connect_retry_interval=dict(type='int'), dump_file_path=dict(type='str'), master_heartbeat_period=dict(type='int'), - password=dict(type='str'), + password=dict(type='str', no_log=True), ssl_cipher=dict(type='str'), username=dict(type='str'), verify_server_certificate=dict(type='bool'), diff --git a/lib/ansible/modules/cloud/ovirt/ovirt_auth.py b/lib/ansible/modules/cloud/ovirt/ovirt_auth.py index 06034925e2..cb208cd404 100644 --- a/lib/ansible/modules/cloud/ovirt/ovirt_auth.py +++ b/lib/ansible/modules/cloud/ovirt/ovirt_auth.py @@ -223,7 +223,7 @@ def main(): kerberos=dict(required=False, type='bool', default=False), headers=dict(required=False, type='dict'), state=dict(default='present', choices=['present', 'absent']), - token=dict(default=None), + token=dict(default=None, no_log=True), ovirt_auth=dict(required=None, type='dict'), ), required_if=[ diff --git a/lib/ansible/modules/monitoring/pingdom.py b/lib/ansible/modules/monitoring/pingdom.py index a9025604f5..2636ffd543 100644 --- a/lib/ansible/modules/monitoring/pingdom.py +++ b/lib/ansible/modules/monitoring/pingdom.py @@ -113,7 +113,7 @@ def main(): checkid=dict(required=True), uid=dict(required=True), passwd=dict(required=True, no_log=True), - key=dict(required=True) + key=dict(required=True, no_log=True) ) ) diff --git a/lib/ansible/modules/monitoring/rollbar_deployment.py b/lib/ansible/modules/monitoring/rollbar_deployment.py index 4125c1319b..841af61845 100644 --- a/lib/ansible/modules/monitoring/rollbar_deployment.py +++ b/lib/ansible/modules/monitoring/rollbar_deployment.py @@ -83,7 +83,7 @@ def main(): module = AnsibleModule( argument_spec=dict( - token=dict(required=True), + token=dict(required=True, no_log=True), environment=dict(required=True), revision=dict(required=True), user=dict(required=False), diff --git a/lib/ansible/modules/monitoring/stackdriver.py b/lib/ansible/modules/monitoring/stackdriver.py index a33058a4ea..0c669d3e33 100644 --- a/lib/ansible/modules/monitoring/stackdriver.py +++ b/lib/ansible/modules/monitoring/stackdriver.py @@ -144,7 +144,7 @@ def main(): module = AnsibleModule( argument_spec=dict( - key=dict(required=True), + key=dict(required=True, no_log=True), event=dict(required=True, choices=['deploy', 'annotation']), msg=dict(), revision_id=dict(), diff --git a/lib/ansible/modules/monitoring/zabbix/zabbix_action.py b/lib/ansible/modules/monitoring/zabbix/zabbix_action.py index 4158763bb0..3105ab42dc 100644 --- a/lib/ansible/modules/monitoring/zabbix/zabbix_action.py +++ b/lib/ansible/modules/monitoring/zabbix/zabbix_action.py @@ -1735,7 +1735,7 @@ def main(): required=False, choices=['agent', 'server', 'proxy'] ), - password=dict(type='str', required=False), + password=dict(type='str', required=False, no_log=True), port=dict(type='int', required=False), run_on_groups=dict(type='list', required=False), run_on_hosts=dict(type='list', required=False), @@ -1827,7 +1827,7 @@ def main(): required=False, choices=['agent', 'server', 'proxy'] ), - password=dict(type='str', required=False), + password=dict(type='str', required=False, no_log=True), port=dict(type='int', required=False), run_on_groups=dict(type='list', required=False), run_on_hosts=dict(type='list', required=False), @@ -1911,7 +1911,7 @@ def main(): required=False, choices=['agent', 'server', 'proxy'] ), - password=dict(type='str', required=False), + password=dict(type='str', required=False, no_log=True), port=dict(type='int', required=False), run_on_groups=dict(type='list', required=False), run_on_hosts=dict(type='list', required=False), diff --git a/lib/ansible/modules/network/f5/bigip_device_license.py b/lib/ansible/modules/network/f5/bigip_device_license.py index f3c769e3b8..c6969a2bee 100644 --- a/lib/ansible/modules/network/f5/bigip_device_license.py +++ b/lib/ansible/modules/network/f5/bigip_device_license.py @@ -847,7 +847,7 @@ class ArgumentSpec(object): def __init__(self): self.supports_check_mode = True argument_spec = dict( - license_key=dict(), + license_key=dict(no_log=True), license_server=dict( default='activate.f5.com' ), diff --git a/lib/ansible/modules/network/f5/bigip_dns_nameserver.py b/lib/ansible/modules/network/f5/bigip_dns_nameserver.py index 9d92bb0278..ca051b9139 100644 --- a/lib/ansible/modules/network/f5/bigip_dns_nameserver.py +++ b/lib/ansible/modules/network/f5/bigip_dns_nameserver.py @@ -433,7 +433,7 @@ class ArgumentSpec(object): address=dict(), service_port=dict(), route_domain=dict(), - tsig_key=dict(), + tsig_key=dict(no_log=True), state=dict( default='present', choices=['present', 'absent'] diff --git a/lib/ansible/modules/network/f5/bigip_dns_zone.py b/lib/ansible/modules/network/f5/bigip_dns_zone.py index 3f91cbef28..75cf4441f7 100644 --- a/lib/ansible/modules/network/f5/bigip_dns_zone.py +++ b/lib/ansible/modules/network/f5/bigip_dns_zone.py @@ -579,7 +579,7 @@ class ArgumentSpec(object): ) ), nameservers=dict(type='list'), - tsig_server_key=dict(), + tsig_server_key=dict(no_log=True), partition=dict( default='Common', fallback=(env_fallback, ['F5_PARTITION']) diff --git a/lib/ansible/modules/network/f5/bigip_profile_client_ssl.py b/lib/ansible/modules/network/f5/bigip_profile_client_ssl.py index 671a62da49..f3a193526b 100644 --- a/lib/ansible/modules/network/f5/bigip_profile_client_ssl.py +++ b/lib/ansible/modules/network/f5/bigip_profile_client_ssl.py @@ -1053,9 +1053,9 @@ class ArgumentSpec(object): type='list', options=dict( cert=dict(required=True), - key=dict(required=True), + key=dict(required=True, no_log=True), chain=dict(), - passphrase=dict() + passphrase=dict(no_log=True) ) ), state=dict( diff --git a/lib/ansible/modules/network/fortios/fortios_dlp_fp_doc_source.py b/lib/ansible/modules/network/fortios/fortios_dlp_fp_doc_source.py index 481b9393d9..fd3debb18b 100644 --- a/lib/ansible/modules/network/fortios/fortios_dlp_fp_doc_source.py +++ b/lib/ansible/modules/network/fortios/fortios_dlp_fp_doc_source.py @@ -345,7 +345,7 @@ def main(): "keep-modified": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "name": {"required": True, "type": "str"}, - "password": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, "period": {"required": False, "type": "str", "choices": ["none", "daily", "weekly", "monthly"]}, diff --git a/lib/ansible/modules/network/fortios/fortios_endpoint_control_forticlient_ems.py b/lib/ansible/modules/network/fortios/fortios_endpoint_control_forticlient_ems.py index ed82fdd007..b6f81f0ba9 100644 --- a/lib/ansible/modules/network/fortios/fortios_endpoint_control_forticlient_ems.py +++ b/lib/ansible/modules/network/fortios/fortios_endpoint_control_forticlient_ems.py @@ -280,7 +280,7 @@ def main(): "state": {"required": True, "type": "str", "choices": ["present", "absent"]}, "address": {"required": False, "type": "str"}, - "admin-password": {"required": False, "type": "str"}, + "admin-password": {"required": False, "type": "str", "no_log": True}, "admin-type": {"required": False, "type": "str", "choices": ["Windows", "LDAP"]}, "admin-username": {"required": False, "type": "str"}, diff --git a/lib/ansible/modules/network/fortios/fortios_endpoint_control_profile.py b/lib/ansible/modules/network/fortios/fortios_endpoint_control_profile.py index bcaaefafbd..cf8348ad18 100644 --- a/lib/ansible/modules/network/fortios/fortios_endpoint_control_profile.py +++ b/lib/ansible/modules/network/fortios/fortios_endpoint_control_profile.py @@ -826,7 +826,7 @@ def main(): "auth-method": {"required": False, "type": "str", "choices": ["psk", "certificate"]}, "name": {"required": True, "type": "str"}, - "preshared-key": {"required": False, "type": "str"}, + "preshared-key": {"required": False, "type": "str", "no_log": True}, "remote-gw": {"required": False, "type": "str"}, "sslvpn-access-port": {"required": False, "type": "int"}, "sslvpn-require-certificate": {"required": False, "type": "str", @@ -847,7 +847,7 @@ def main(): "auth-method": {"required": False, "type": "str", "choices": ["psk", "certificate"]}, "name": {"required": True, "type": "str"}, - "preshared-key": {"required": False, "type": "str"}, + "preshared-key": {"required": False, "type": "str", "no_log": True}, "remote-gw": {"required": False, "type": "str"}, "sslvpn-access-port": {"required": False, "type": "int"}, "sslvpn-require-certificate": {"required": False, "type": "str", diff --git a/lib/ansible/modules/network/fortios/fortios_endpoint_control_settings.py b/lib/ansible/modules/network/fortios/fortios_endpoint_control_settings.py index 6f6a4dfd31..42af253cd8 100644 --- a/lib/ansible/modules/network/fortios/fortios_endpoint_control_settings.py +++ b/lib/ansible/modules/network/fortios/fortios_endpoint_control_settings.py @@ -299,7 +299,7 @@ def main(): "forticlient-offline-grace": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "forticlient-offline-grace-interval": {"required": False, "type": "int"}, - "forticlient-reg-key": {"required": False, "type": "str"}, + "forticlient-reg-key": {"required": False, "type": "str", "no_log": True}, "forticlient-reg-key-enforce": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "forticlient-reg-timeout": {"required": False, "type": "int"}, diff --git a/lib/ansible/modules/network/fortios/fortios_extender_controller_extender.py b/lib/ansible/modules/network/fortios/fortios_extender_controller_extender.py index 8cbdd01faf..ac9b33b102 100644 --- a/lib/ansible/modules/network/fortios/fortios_extender_controller_extender.py +++ b/lib/ansible/modules/network/fortios/fortios_extender_controller_extender.py @@ -442,7 +442,7 @@ def main(): "options": { "state": {"required": True, "type": "str", "choices": ["present", "absent"]}, - "aaa-shared-secret": {"required": False, "type": "str"}, + "aaa-shared-secret": {"required": False, "type": "str", "no_log": True}, "access-point-name": {"required": False, "type": "str"}, "admin": {"required": False, "type": "str", "choices": ["disable", "discovered", "enable"]}, @@ -457,14 +457,14 @@ def main(): "choices": ["dial-on-demand", "always-connect"]}, "dial-status": {"required": False, "type": "int"}, "ext-name": {"required": False, "type": "str"}, - "ha-shared-secret": {"required": False, "type": "str"}, + "ha-shared-secret": {"required": False, "type": "str", "no_log": True}, "id": {"required": True, "type": "str"}, "ifname": {"required": False, "type": "str"}, "initiated-update": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "mode": {"required": False, "type": "str", "choices": ["standalone", "redundant"]}, - "modem-passwd": {"required": False, "type": "str"}, + "modem-passwd": {"required": False, "type": "str", "no_log": True}, "modem-type": {"required": False, "type": "str", "choices": ["cdma", "gsm/lte", "wimax"]}, "multi-mode": {"required": False, "type": "str", @@ -474,7 +474,7 @@ def main(): "choices": ["auto", "pap", "chap"]}, "ppp-echo-request": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "ppp-password": {"required": False, "type": "str"}, + "ppp-password": {"required": False, "type": "str", "no_log": True}, "ppp-username": {"required": False, "type": "str"}, "primary-ha": {"required": False, "type": "str"}, "quota-limit-mb": {"required": False, "type": "int"}, diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_ca.py b/lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_ca.py index 4b3ce7332b..e21dd0fbfb 100644 --- a/lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_ca.py +++ b/lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_ca.py @@ -256,8 +256,8 @@ def main(): "state": {"required": True, "type": "str", "choices": ["present", "absent"]}, "name": {"required": True, "type": "str"}, - "password": {"required": False, "type": "str"}, - "private-key": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, + "private-key": {"required": False, "type": "str", "no_log": True}, "public-key": {"required": False, "type": "str"}, "source": {"required": False, "type": "str", "choices": ["built-in", "user"]} diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_key.py b/lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_key.py index 6f29cfe81f..3a89f2c0b3 100644 --- a/lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_key.py +++ b/lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_key.py @@ -256,8 +256,8 @@ def main(): "state": {"required": True, "type": "str", "choices": ["present", "absent"]}, "name": {"required": True, "type": "str"}, - "password": {"required": False, "type": "str"}, - "private-key": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, + "private-key": {"required": False, "type": "str", "no_log": True}, "public-key": {"required": False, "type": "str"}, "source": {"required": False, "type": "str", "choices": ["built-in", "user"]} diff --git a/lib/ansible/modules/network/fortios/fortios_log_disk_setting.py b/lib/ansible/modules/network/fortios/fortios_log_disk_setting.py index 2485eaf28d..f0913ecb24 100644 --- a/lib/ansible/modules/network/fortios/fortios_log_disk_setting.py +++ b/lib/ansible/modules/network/fortios/fortios_log_disk_setting.py @@ -422,7 +422,7 @@ def main(): "disable"]}, "uploaddir": {"required": False, "type": "str"}, "uploadip": {"required": False, "type": "str"}, - "uploadpass": {"required": False, "type": "str"}, + "uploadpass": {"required": False, "type": "str", "no_log": True}, "uploadport": {"required": False, "type": "int"}, "uploadsched": {"required": False, "type": "str", "choices": ["disable", "enable"]}, diff --git a/lib/ansible/modules/network/fortios/fortios_router_bgp.py b/lib/ansible/modules/network/fortios/fortios_router_bgp.py index 7e94911136..625a7b69ba 100644 --- a/lib/ansible/modules/network/fortios/fortios_router_bgp.py +++ b/lib/ansible/modules/network/fortios/fortios_router_bgp.py @@ -1794,7 +1794,7 @@ def main(): "choices": ["enable", "disable"]}, "passive": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "password": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, "prefix-list-in": {"required": False, "type": "str"}, "prefix-list-in6": {"required": False, "type": "str"}, "prefix-list-out": {"required": False, "type": "str"}, diff --git a/lib/ansible/modules/network/fortios/fortios_router_ospf.py b/lib/ansible/modules/network/fortios/fortios_router_ospf.py index 62e2964786..00da859070 100644 --- a/lib/ansible/modules/network/fortios/fortios_router_ospf.py +++ b/lib/ansible/modules/network/fortios/fortios_router_ospf.py @@ -841,7 +841,7 @@ def main(): "options": { "authentication": {"required": False, "type": "str", "choices": ["none", "text", "md5"]}, - "authentication-key": {"required": False, "type": "str"}, + "authentication-key": {"required": False, "type": "str", "no_log": True}, "dead-interval": {"required": False, "type": "int"}, "hello-interval": {"required": False, "type": "int"}, "md5-key": {"required": False, "type": "str"}, @@ -898,7 +898,7 @@ def main(): "options": { "authentication": {"required": False, "type": "str", "choices": ["none", "text", "md5"]}, - "authentication-key": {"required": False, "type": "str"}, + "authentication-key": {"required": False, "type": "str", "no_log": True}, "bfd": {"required": False, "type": "str", "choices": ["global", "enable", "disable"]}, "cost": {"required": False, "type": "int"}, @@ -909,7 +909,7 @@ def main(): "hello-multiplier": {"required": False, "type": "int"}, "interface": {"required": False, "type": "str"}, "ip": {"required": False, "type": "str"}, - "md5-key": {"required": False, "type": "str"}, + "md5-key": {"required": False, "type": "str", "no_log": True}, "mtu": {"required": False, "type": "int"}, "mtu-ignore": {"required": False, "type": "str", "choices": ["enable", "disable"]}, diff --git a/lib/ansible/modules/network/fortios/fortios_router_rip.py b/lib/ansible/modules/network/fortios/fortios_router_rip.py index 3d372c24f2..b54873ea41 100644 --- a/lib/ansible/modules/network/fortios/fortios_router_rip.py +++ b/lib/ansible/modules/network/fortios/fortios_router_rip.py @@ -522,7 +522,7 @@ def main(): "auth-keychain": {"required": False, "type": "str"}, "auth-mode": {"required": False, "type": "str", "choices": ["none", "text", "md5"]}, - "auth-string": {"required": False, "type": "str"}, + "auth-string": {"required": False, "type": "str", "no_log": True}, "flags": {"required": False, "type": "int"}, "name": {"required": True, "type": "str"}, "receive-version": {"required": False, "type": "str", diff --git a/lib/ansible/modules/network/fortios/fortios_system_admin.py b/lib/ansible/modules/network/fortios/fortios_system_admin.py index c89486ebb7..72eee0e746 100644 --- a/lib/ansible/modules/network/fortios/fortios_system_admin.py +++ b/lib/ansible/modules/network/fortios/fortios_system_admin.py @@ -763,7 +763,7 @@ def main(): "email-to": {"required": False, "type": "str"}, "force-password-change": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "fortitoken": {"required": False, "type": "str"}, + "fortitoken": {"required": False, "type": "str", "no_log": True}, "guest-auth": {"required": False, "type": "str", "choices": ["disable", "enable"]}, "guest-lang": {"required": False, "type": "str"}, @@ -855,7 +855,7 @@ def main(): "usr-name": {"required": True, "type": "str"} }}, "name": {"required": True, "type": "str"}, - "password": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, "password-expire": {"required": False, "type": "str"}, "peer-auth": {"required": False, "type": "str", "choices": ["enable", "disable"]}, diff --git a/lib/ansible/modules/network/fortios/fortios_system_api_user.py b/lib/ansible/modules/network/fortios/fortios_system_api_user.py index 8855dbf594..889dea6d16 100644 --- a/lib/ansible/modules/network/fortios/fortios_system_api_user.py +++ b/lib/ansible/modules/network/fortios/fortios_system_api_user.py @@ -320,7 +320,7 @@ def main(): "state": {"required": True, "type": "str", "choices": ["present", "absent"]}, "accprofile": {"required": False, "type": "str"}, - "api-key": {"required": False, "type": "str"}, + "api-key": {"required": False, "type": "str", "no_log": True}, "comments": {"required": False, "type": "str"}, "cors-allow-origin": {"required": False, "type": "str"}, "name": {"required": True, "type": "str"}, diff --git a/lib/ansible/modules/network/fortios/fortios_system_interface.py b/lib/ansible/modules/network/fortios/fortios_system_interface.py index 5a1da7590b..078f03ce32 100644 --- a/lib/ansible/modules/network/fortios/fortios_system_interface.py +++ b/lib/ansible/modules/network/fortios/fortios_system_interface.py @@ -2050,7 +2050,7 @@ def main(): "both"]}, "outbandwidth": {"required": False, "type": "int"}, "padt-retry-timeout": {"required": False, "type": "int"}, - "password": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, "ping-serv-status": {"required": False, "type": "int"}, "polling-interval": {"required": False, "type": "int"}, "pppoe-unnumbered-negotiate": {"required": False, "type": "str", @@ -2060,7 +2060,7 @@ def main(): "mschapv1", "mschapv2"]}, "pptp-client": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "pptp-password": {"required": False, "type": "str"}, + "pptp-password": {"required": False, "type": "str", "no_log": True}, "pptp-server-ip": {"required": False, "type": "str"}, "pptp-timeout": {"required": False, "type": "int"}, "pptp-user": {"required": False, "type": "str"}, diff --git a/lib/ansible/modules/network/fortios/fortios_system_sdn_connector.py b/lib/ansible/modules/network/fortios/fortios_system_sdn_connector.py index a9bbbdfd40..d559ea1aa0 100644 --- a/lib/ansible/modules/network/fortios/fortios_system_sdn_connector.py +++ b/lib/ansible/modules/network/fortios/fortios_system_sdn_connector.py @@ -450,19 +450,19 @@ def main(): "options": { "state": {"required": True, "type": "str", "choices": ["present", "absent"]}, - "access-key": {"required": False, "type": "str"}, + "access-key": {"required": False, "type": "str", "no_log": True}, "azure-region": {"required": False, "type": "str", "choices": ["global", "china", "germany", "usgov"]}, "client-id": {"required": False, "type": "str"}, - "client-secret": {"required": False, "type": "str"}, + "client-secret": {"required": False, "type": "str", "no_log": True}, "compartment-id": {"required": False, "type": "str"}, "external-ip": {"required": False, "type": "list", "options": { "name": {"required": True, "type": "str"} }}, "gcp-project": {"required": False, "type": "str"}, - "key-passwd": {"required": False, "type": "str"}, + "key-passwd": {"required": False, "type": "str", "no_log": True}, "name": {"required": True, "type": "str"}, "nic": {"required": False, "type": "list", "options": { @@ -478,8 +478,8 @@ def main(): "oci-region": {"required": False, "type": "str", "choices": ["phoenix", "ashburn", "frankfurt", "london"]}, - "password": {"required": False, "type": "str"}, - "private-key": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, + "private-key": {"required": False, "type": "str", "no_log": True}, "region": {"required": False, "type": "str"}, "resource-group": {"required": False, "type": "str"}, "route": {"required": False, "type": "list", @@ -495,7 +495,7 @@ def main(): "next-hop": {"required": False, "type": "str"} }} }}, - "secret-key": {"required": False, "type": "str"}, + "secret-key": {"required": False, "type": "str", "no_log": True}, "server": {"required": False, "type": "str"}, "server-port": {"required": False, "type": "int"}, "service-account": {"required": False, "type": "str"}, diff --git a/lib/ansible/modules/network/fortios/fortios_system_virtual_wan_link.py b/lib/ansible/modules/network/fortios/fortios_system_virtual_wan_link.py index 7ececdaa36..f8e5350ffc 100644 --- a/lib/ansible/modules/network/fortios/fortios_system_virtual_wan_link.py +++ b/lib/ansible/modules/network/fortios/fortios_system_virtual_wan_link.py @@ -812,7 +812,7 @@ def main(): }}, "name": {"required": True, "type": "str"}, "packet-size": {"required": False, "type": "int"}, - "password": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, "port": {"required": False, "type": "int"}, "protocol": {"required": False, "type": "str", "choices": ["ping", "tcp-echo", "udp-echo", diff --git a/lib/ansible/modules/network/fortios/fortios_user_radius.py b/lib/ansible/modules/network/fortios/fortios_user_radius.py index 1b4f310466..d8b1334845 100644 --- a/lib/ansible/modules/network/fortios/fortios_user_radius.py +++ b/lib/ansible/modules/network/fortios/fortios_user_radius.py @@ -575,7 +575,7 @@ def main(): "options": { "id": {"required": True, "type": "int"}, "port": {"required": False, "type": "int"}, - "secret": {"required": False, "type": "str"}, + "secret": {"required": False, "type": "str", "no_log": True}, "server": {"required": False, "type": "str"}, "source-ip": {"required": False, "type": "str"}, "status": {"required": False, "type": "str", @@ -637,11 +637,11 @@ def main(): "rsso-radius-response": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "rsso-radius-server-port": {"required": False, "type": "int"}, - "rsso-secret": {"required": False, "type": "str"}, + "rsso-secret": {"required": False, "type": "str", "no_log": True}, "rsso-validate-request-secret": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "secondary-secret": {"required": False, "type": "str"}, - "secondary-server": {"required": False, "type": "str"}, + "secondary-server": {"required": False, "type": "str", "no_log": True}, "secret": {"required": False, "type": "str"}, "server": {"required": False, "type": "str"}, "source-ip": {"required": False, "type": "str"}, @@ -657,7 +657,7 @@ def main(): "sso-attribute-key": {"required": False, "type": "str"}, "sso-attribute-value-override": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "tertiary-secret": {"required": False, "type": "str"}, + "tertiary-secret": {"required": False, "type": "str", "no_log": True}, "tertiary-server": {"required": False, "type": "str"}, "timeout": {"required": False, "type": "int"}, "use-management-vdom": {"required": False, "type": "str", diff --git a/lib/ansible/modules/network/fortios/fortios_user_tacacsplus.py b/lib/ansible/modules/network/fortios/fortios_user_tacacsplus.py index c24019b449..3f87ec01fd 100644 --- a/lib/ansible/modules/network/fortios/fortios_user_tacacsplus.py +++ b/lib/ansible/modules/network/fortios/fortios_user_tacacsplus.py @@ -292,14 +292,14 @@ def main(): "ascii", "auto"]}, "authorization": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "key": {"required": False, "type": "str"}, + "key": {"required": False, "type": "str", "no_log": True}, "name": {"required": True, "type": "str"}, "port": {"required": False, "type": "int"}, - "secondary-key": {"required": False, "type": "str"}, + "secondary-key": {"required": False, "type": "str", "no_log": True}, "secondary-server": {"required": False, "type": "str"}, "server": {"required": False, "type": "str"}, "source-ip": {"required": False, "type": "str"}, - "tertiary-key": {"required": False, "type": "str"}, + "tertiary-key": {"required": False, "type": "str", "no_log": True}, "tertiary-server": {"required": False, "type": "str"} } diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey.py b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey.py index 615de35145..ca33de9986 100644 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey.py +++ b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey.py @@ -307,8 +307,8 @@ def main(): "authentication": {"required": False, "type": "str", "choices": ["null", "md5", "sha1", "sha256", "sha384", "sha512"]}, - "authkey": {"required": False, "type": "str"}, - "enckey": {"required": False, "type": "str"}, + "authkey": {"required": False, "type": "str", "no_log": True}, + "enckey": {"required": False, "type": "str", "no_log": True}, "encryption": {"required": False, "type": "str", "choices": ["null", "des"]}, "interface": {"required": False, "type": "str"}, diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey_interface.py b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey_interface.py index 1a996070c1..5809a92ffb 100644 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey_interface.py +++ b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey_interface.py @@ -332,10 +332,10 @@ def main(): "auth-alg": {"required": False, "type": "str", "choices": ["null", "md5", "sha1", "sha256", "sha384", "sha512"]}, - "auth-key": {"required": False, "type": "str"}, + "auth-key": {"required": False, "type": "str", "no_log": True}, "enc-alg": {"required": False, "type": "str", "choices": ["null", "des"]}, - "enc-key": {"required": False, "type": "str"}, + "enc-key": {"required": False, "type": "str", "no_log": True}, "interface": {"required": False, "type": "str"}, "ip-version": {"required": False, "type": "str", "choices": ["4", "6"]}, diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1.py b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1.py index f0db4c6f97..f102d34862 100644 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1.py +++ b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1.py @@ -924,7 +924,7 @@ def main(): "choices": ["psk", "signature"]}, "authmethod-remote": {"required": False, "type": "str", "choices": ["psk", "signature"]}, - "authpasswd": {"required": False, "type": "str"}, + "authpasswd": {"required": False, "type": "str", "no_log": True}, "authusr": {"required": False, "type": "str"}, "authusrgrp": {"required": False, "type": "str"}, "auto-negotiate": {"required": False, "type": "str", @@ -977,7 +977,7 @@ def main(): "fragmentation-mtu": {"required": False, "type": "int"}, "group-authentication": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "group-authentication-secret": {"required": False, "type": "password-3"}, + "group-authentication-secret": {"required": False, "type": "password-3", "no_log": True}, "ha-sync-esp-seqno": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "idle-timeout": {"required": False, "type": "str", @@ -1048,12 +1048,12 @@ def main(): "ppk": {"required": False, "type": "str", "choices": ["disable", "allow", "require"]}, "ppk-identity": {"required": False, "type": "str"}, - "ppk-secret": {"required": False, "type": "password-3"}, + "ppk-secret": {"required": False, "type": "password-3", "no_log": True}, "priority": {"required": False, "type": "int"}, "proposal": {"required": False, "type": "str", "choices": ["des-md5", "des-sha1", "des-sha256", "des-sha384", "des-sha512"]}, - "psksecret": {"required": False, "type": "password-3"}, + "psksecret": {"required": False, "type": "password-3", "no_log": True}, "psksecret-remote": {"required": False, "type": "password-3"}, "reauth": {"required": False, "type": "str", "choices": ["disable", "enable"]}, diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1_interface.py b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1_interface.py index 546006b329..ad4187868f 100644 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1_interface.py +++ b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1_interface.py @@ -1080,7 +1080,7 @@ def main(): "choices": ["psk", "signature"]}, "authmethod-remote": {"required": False, "type": "str", "choices": ["psk", "signature"]}, - "authpasswd": {"required": False, "type": "str"}, + "authpasswd": {"required": False, "type": "str", "no_log": True}, "authusr": {"required": False, "type": "str"}, "authusrgrp": {"required": False, "type": "str"}, "auto-discovery-forwarder": {"required": False, "type": "str", @@ -1153,7 +1153,7 @@ def main(): "fragmentation-mtu": {"required": False, "type": "int"}, "group-authentication": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "group-authentication-secret": {"required": False, "type": "password-3"}, + "group-authentication-secret": {"required": False, "type": "password-3", "no_log": True}, "ha-sync-esp-seqno": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "idle-timeout": {"required": False, "type": "str", @@ -1240,12 +1240,12 @@ def main(): "ppk": {"required": False, "type": "str", "choices": ["disable", "allow", "require"]}, "ppk-identity": {"required": False, "type": "str"}, - "ppk-secret": {"required": False, "type": "password-3"}, + "ppk-secret": {"required": False, "type": "password-3", "no_log": True}, "priority": {"required": False, "type": "int"}, "proposal": {"required": False, "type": "str", "choices": ["des-md5", "des-sha1", "des-sha256", "des-sha384", "des-sha512"]}, - "psksecret": {"required": False, "type": "password-3"}, + "psksecret": {"required": False, "type": "password-3", "no_log": True}, "psksecret-remote": {"required": False, "type": "password-3"}, "reauth": {"required": False, "type": "str", "choices": ["disable", "enable"]}, diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_portal.py b/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_portal.py index 84a89c0c15..fcdf78bc5c 100644 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_portal.py +++ b/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_portal.py @@ -911,7 +911,7 @@ def main(): "host": {"required": False, "type": "str"}, "listening-port": {"required": False, "type": "int"}, "load-balancing-info": {"required": False, "type": "str"}, - "logon-password": {"required": False, "type": "str"}, + "logon-password": {"required": False, "type": "str", "no_log": True}, "logon-user": {"required": False, "type": "str"}, "name": {"required": True, "type": "str"}, "port": {"required": False, "type": "int"}, @@ -935,7 +935,7 @@ def main(): "sso-credential-sent-once": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "sso-password": {"required": False, "type": "str"}, - "sso-username": {"required": False, "type": "str"}, + "sso-username": {"required": False, "type": "str", "no_log": True}, "url": {"required": False, "type": "str"} }}, "name": {"required": True, "type": "str"} diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_vap.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_vap.py index 3168b7ca30..dc5ae61627 100644 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_vap.py +++ b/lib/ansible/modules/network/fortios/fortios_wireless_controller_vap.py @@ -1074,9 +1074,9 @@ def main(): "netbios-ds", "ipv6", "all-other-mc", "all-other-bc"]}, "captive-portal-ac-name": {"required": False, "type": "str"}, - "captive-portal-macauth-radius-secret": {"required": False, "type": "str"}, + "captive-portal-macauth-radius-secret": {"required": False, "type": "str", "no_log": True}, "captive-portal-macauth-radius-server": {"required": False, "type": "str"}, - "captive-portal-radius-secret": {"required": False, "type": "str"}, + "captive-portal-radius-secret": {"required": False, "type": "str", "no_log": True}, "captive-portal-radius-server": {"required": False, "type": "str"}, "captive-portal-session-timeout-interval": {"required": False, "type": "int"}, "dhcp-lease-time": {"required": False, "type": "int"}, @@ -1114,7 +1114,7 @@ def main(): "intra-vap-privacy": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "ip": {"required": False, "type": "str"}, - "key": {"required": False, "type": "str"}, + "key": {"required": False, "type": "str", "no_log": True}, "keyindex": {"required": False, "type": "int"}, "ldpc": {"required": False, "type": "str", "choices": ["disable", "rx", "tx", @@ -1155,7 +1155,7 @@ def main(): "comment": {"required": False, "type": "str"}, "concurrent-clients": {"required": False, "type": "str"}, "key-name": {"required": True, "type": "str"}, - "passphrase": {"required": False, "type": "str"} + "passphrase": {"required": False, "type": "str", "no_log": True} }}, "multicast-enhance": {"required": False, "type": "str", "choices": ["enable", "disable"]}, @@ -1165,7 +1165,7 @@ def main(): "name": {"required": True, "type": "str"}, "okc": {"required": False, "type": "str", "choices": ["disable", "enable"]}, - "passphrase": {"required": False, "type": "str"}, + "passphrase": {"required": False, "type": "str", "no_log": True}, "pmf": {"required": False, "type": "str", "choices": ["disable", "enable", "optional"]}, "pmf-assoc-comeback-timeout": {"required": False, "type": "int"}, diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp.py index 6844efa8c2..65fedbea55 100644 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp.py +++ b/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp.py @@ -873,7 +873,7 @@ def main(): "led-state": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "location": {"required": False, "type": "str"}, - "login-passwd": {"required": False, "type": "str"}, + "login-passwd": {"required": False, "type": "str", "no_log": True}, "login-passwd-change": {"required": False, "type": "str", "choices": ["yes", "default", "no"]}, "mesh-bridge-enable": {"required": False, "type": "str", diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp_profile.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp_profile.py index d84f0d38c4..c5ab706fd0 100644 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp_profile.py +++ b/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp_profile.py @@ -1560,7 +1560,7 @@ def main(): "fortipresence-project": {"required": False, "type": "str"}, "fortipresence-rogue": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "fortipresence-secret": {"required": False, "type": "str"}, + "fortipresence-secret": {"required": False, "type": "str", "no_log": True}, "fortipresence-server": {"required": False, "type": "str"}, "fortipresence-unassoc": {"required": False, "type": "str", "choices": ["enable", "disable"]}, @@ -1575,7 +1575,7 @@ def main(): "choices": ["enable", "disable"]}, "lldp": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "login-passwd": {"required": False, "type": "str"}, + "login-passwd": {"required": False, "type": "str", "no_log": True}, "login-passwd-change": {"required": False, "type": "str", "choices": ["yes", "default", "no"]}, "max-clients": {"required": False, "type": "int"}, diff --git a/lib/ansible/modules/network/ios/ios_ntp.py b/lib/ansible/modules/network/ios/ios_ntp.py index 4fc886c643..195d9540c6 100644 --- a/lib/ansible/modules/network/ios/ios_ntp.py +++ b/lib/ansible/modules/network/ios/ios_ntp.py @@ -38,7 +38,7 @@ options: default: False auth_key: description: - - md5 NTP authentication key of tye 7. + - md5 NTP authentication key of type 7. key_id: description: - auth_key id. Data type string @@ -272,7 +272,7 @@ def main(): acl=dict(), logging=dict(type='bool', default=False), auth=dict(type='bool', default=False), - auth_key=dict(), + auth_key=dict(no_log=True), key_id=dict(), state=dict(choices=['absent', 'present'], default='present') ) diff --git a/lib/ansible/modules/network/netscaler/netscaler_lb_monitor.py b/lib/ansible/modules/network/netscaler/netscaler_lb_monitor.py index 702ab58e24..1b6c6e0237 100644 --- a/lib/ansible/modules/network/netscaler/netscaler_lb_monitor.py +++ b/lib/ansible/modules/network/netscaler/netscaler_lb_monitor.py @@ -982,8 +982,8 @@ def main(): dispatcherip=dict(type='str'), dispatcherport=dict(type='int'), username=dict(type='str'), - password=dict(type='str'), - secondarypassword=dict(type='str'), + password=dict(type='str', no_log=True), + secondarypassword=dict(type='str', no_log=True), logonpointname=dict(type='str'), lasversion=dict(type='str'), radkey=dict(type='str', no_log=True), diff --git a/lib/ansible/modules/network/nxos/nxos_aaa_server_host.py b/lib/ansible/modules/network/nxos/nxos_aaa_server_host.py index e9aa8e2a93..8e1fe8cff3 100644 --- a/lib/ansible/modules/network/nxos/nxos_aaa_server_host.py +++ b/lib/ansible/modules/network/nxos/nxos_aaa_server_host.py @@ -246,7 +246,7 @@ def main(): argument_spec = dict( server_type=dict(choices=['radius', 'tacacs'], required=True), address=dict(type='str', required=True), - key=dict(type='str'), + key=dict(type='str', no_log=True), encrypt_type=dict(type='str', choices=['0', '7']), host_timeout=dict(type='str'), auth_port=dict(type='str'), diff --git a/lib/ansible/modules/notification/logentries_msg.py b/lib/ansible/modules/notification/logentries_msg.py index 51ba941992..17fb6f2730 100644 --- a/lib/ansible/modules/notification/logentries_msg.py +++ b/lib/ansible/modules/notification/logentries_msg.py @@ -73,7 +73,7 @@ def send_msg(module, token, msg, api, port): def main(): module = AnsibleModule( argument_spec=dict( - token=dict(type='str', required=True), + token=dict(type='str', required=True, no_log=True), msg=dict(type='str', required=True), api=dict(type='str', default="data.logentries.com"), port=dict(type='int', default=80)), diff --git a/lib/ansible/modules/storage/netapp/na_elementsw_cluster_snmp.py b/lib/ansible/modules/storage/netapp/na_elementsw_cluster_snmp.py index a97e053125..ee70e81d0a 100644 --- a/lib/ansible/modules/storage/netapp/na_elementsw_cluster_snmp.py +++ b/lib/ansible/modules/storage/netapp/na_elementsw_cluster_snmp.py @@ -177,8 +177,8 @@ class ElementSWClusterSnmp(object): options=dict( access=dict(type='str', choices=['rouser', 'rwuser', 'rosys']), name=dict(type='str', default=None), - password=dict(type='str', default=None), - passphrase=dict(type='str', default=None), + password=dict(type='str', default=None, no_log=True), + passphrase=dict(type='str', default=None, no_log=True), secLevel=dict(type='str', choices=['auth', 'noauth', 'priv']) ) ), diff --git a/lib/ansible/modules/web_infrastructure/ansible_tower/tower_credential.py b/lib/ansible/modules/web_infrastructure/ansible_tower/tower_credential.py index a8bdd1e5b5..6ee01045ae 100644 --- a/lib/ansible/modules/web_infrastructure/ansible_tower/tower_credential.py +++ b/lib/ansible/modules/web_infrastructure/ansible_tower/tower_credential.py @@ -245,8 +245,8 @@ def main(): authorize=dict(type='bool', default=False), authorize_password=dict(no_log=True), client=dict(), - security_token=dict(), - secret=dict(), + security_token=dict(no_log=True), + secret=dict(no_log=True), tenant=dict(), subscription=dict(), domain=dict(), |