diff options
| author | Felix Fontein <felix@fontein.de> | 2021-04-03 18:24:36 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-04-03 11:24:36 -0500 |
| commit | 6b8c35cd41633fb54966b343bef0791f1cc0e8a0 (patch) | |
| tree | e671269368a159b02d20f255753172af03a0dfc5 | |
| parent | 8ed0c02e5c3c27dee7a3485de9d8c84171cf43d6 (diff) | |
| download | ansible-6b8c35cd41633fb54966b343bef0791f1cc0e8a0.tar.gz | |
Backport of https://github.com/ansible-collections/community.aws/pull/475. (#73910)
4 files changed, 7 insertions, 3 deletions
diff --git a/changelogs/fragments/community.aws-475-no_log-missing.yml b/changelogs/fragments/community.aws-475-no_log-missing.yml new file mode 100644 index 0000000000..c07ab112ad --- /dev/null +++ b/changelogs/fragments/community.aws-475-no_log-missing.yml @@ -0,0 +1,4 @@ +security_fixes: +- "aws_direct_connect_virtual_interface - mark the ``authentication_key`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475)." +- "sts_assume_role - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475)." +- "sts_session_token - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475)." diff --git a/lib/ansible/modules/cloud/amazon/aws_direct_connect_virtual_interface.py b/lib/ansible/modules/cloud/amazon/aws_direct_connect_virtual_interface.py index d0f20bd35a..28571cfca8 100644 --- a/lib/ansible/modules/cloud/amazon/aws_direct_connect_virtual_interface.py +++ b/lib/ansible/modules/cloud/amazon/aws_direct_connect_virtual_interface.py @@ -451,7 +451,7 @@ def main(): name=dict(), vlan=dict(type='int', default=100), bgp_asn=dict(type='int', default=65000), - authentication_key=dict(), + authentication_key=dict(no_log=True), amazon_address=dict(), customer_address=dict(), address_type=dict(), diff --git a/lib/ansible/modules/cloud/amazon/sts_assume_role.py b/lib/ansible/modules/cloud/amazon/sts_assume_role.py index ccba39cd6b..ebbd917b9e 100644 --- a/lib/ansible/modules/cloud/amazon/sts_assume_role.py +++ b/lib/ansible/modules/cloud/amazon/sts_assume_role.py @@ -162,7 +162,7 @@ def main(): external_id=dict(required=False, default=None), policy=dict(required=False, default=None), mfa_serial_number=dict(required=False, default=None), - mfa_token=dict(required=False, default=None) + mfa_token=dict(required=False, default=None, no_log=True) ) ) diff --git a/lib/ansible/modules/cloud/amazon/sts_session_token.py b/lib/ansible/modules/cloud/amazon/sts_session_token.py index fa64f5ada9..3bc7701766 100644 --- a/lib/ansible/modules/cloud/amazon/sts_session_token.py +++ b/lib/ansible/modules/cloud/amazon/sts_session_token.py @@ -133,7 +133,7 @@ def main(): dict( duration_seconds=dict(required=False, default=None, type='int'), mfa_serial_number=dict(required=False, default=None), - mfa_token=dict(required=False, default=None) + mfa_token=dict(required=False, default=None, no_log=True) ) ) |