diff options
| author | Rick Elrod <rick@elrod.me> | 2021-02-04 19:06:39 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-02-04 18:06:39 -0600 |
| commit | cc82d986c40328d4ae81298a9d287c95a6326bb0 (patch) | |
| tree | 9af3a6e39cedd924a917f5bcd3b095bb7ad06896 | |
| parent | beeaf10c9f40ed10b9423a0dd004360ca84b42c8 (diff) | |
| download | ansible-cc82d986c40328d4ae81298a9d287c95a6326bb0.tar.gz | |
[security] Add no_log to several module args (CVE-2021-20191) [2.8] (#73488)
Change:
- A number of modules were missing no_log=True where they should have
had it.
Test Plan:
- Lots of grepping.
Tickets:
- Refs https://github.com/ansible-collections/community.general/pull/1725
Signed-off-by: Rick Elrod <rick@elrod.me>
35 files changed, 104 insertions, 44 deletions
diff --git a/changelogs/fragments/new-nolog-entries.yml b/changelogs/fragments/new-nolog-entries.yml new file mode 100644 index 0000000000..df8bd1ff48 --- /dev/null +++ b/changelogs/fragments/new-nolog-entries.yml @@ -0,0 +1,45 @@ +security_fixes: + - _sf_account_manager - `initiator_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - _sf_account_manager - `target_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - ce_vrrp - `auth_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - docker_swarm - `signing_ca_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_backend_service - `oauth2_client_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_disk - `disk_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_disk - `source_image_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_disk - `source_snapshot_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_image - `image_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_image - `source_disk_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_instance_template - `disk_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_instance_template - `source_image_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_region_disk - `disk_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_region_disk - `source_snapshot_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_ssl_certificate - `private_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_vpn_tunnel - `shared_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_sql_instance - `client_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gitlab_runner - `registration_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - iap_start_workflow - `token_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - ibm_sa_host - `iscsi_chap_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - keycloak_client - `auth_client_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - keycloak_clienttemplate - `auth_client_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - keycloak_group - `auth_client_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - librato_annotation - `api_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - na_elementsw_account - `initiator_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - na_elementsw_account - `target_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - netscaler_lb_monitor - `radkey` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - nios_nsgroup - `tsig_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - nxos_aaa_server - `global_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - nxos_pim_interface - `hello_auth_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - oneandone_firewall_policy - `auth_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - oneandone_load_balancer - `auth_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - oneandone_monitoring_policy - `auth_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - oneandone_private_network - `auth_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - oneandone_public_ip - `auth_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - ovirt - `instance_rootpw` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - pagerduty_alert - `api_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - pagerduty_alert - `integration_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - pagerduty_alert - `service_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - pulp_repo - `feed_client_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - rax_clb_ssl - `private_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - spotinst_aws_elastigroup - `multai_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - spotinst_aws_elastigroup - `token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - utm_proxy_auth_profile - `frontend_cookie_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). diff --git a/lib/ansible/module_utils/keycloak.py b/lib/ansible/module_utils/keycloak.py index d4855edc8c..3b49179b8a 100644 --- a/lib/ansible/module_utils/keycloak.py +++ b/lib/ansible/module_utils/keycloak.py @@ -57,7 +57,7 @@ def keycloak_argument_spec(): auth_keycloak_url=dict(type='str', aliases=['url'], required=True), auth_client_id=dict(type='str', default='admin-cli'), auth_realm=dict(type='str', required=True), - auth_client_secret=dict(type='str', default=None), + auth_client_secret=dict(type='str', default=None, no_log=True), auth_username=dict(type='str', aliases=['username'], required=True), auth_password=dict(type='str', aliases=['password'], required=True, no_log=True), validate_certs=dict(type='bool', default=True) diff --git a/lib/ansible/modules/cloud/docker/docker_swarm.py b/lib/ansible/modules/cloud/docker/docker_swarm.py index eb324fe8da..f6a8988e2c 100644 --- a/lib/ansible/modules/cloud/docker/docker_swarm.py +++ b/lib/ansible/modules/cloud/docker/docker_swarm.py @@ -620,7 +620,7 @@ def main(): name=dict(type='str'), labels=dict(type='dict'), signing_ca_cert=dict(type='str'), - signing_ca_key=dict(type='str'), + signing_ca_key=dict(type='str', no_log=True), ca_force_rotate=dict(type='int'), autolock_managers=dict(type='bool'), node_id=dict(type='str'), diff --git a/lib/ansible/modules/cloud/google/gcp_compute_backend_service.py b/lib/ansible/modules/cloud/google/gcp_compute_backend_service.py index 869b4aedff..f352fc67fc 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_backend_service.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_backend_service.py @@ -686,7 +686,11 @@ def main(): health_checks=dict(required=True, type='list', elements='str'), iap=dict( type='dict', - options=dict(enabled=dict(type='bool'), oauth2_client_id=dict(required=True, type='str'), oauth2_client_secret=dict(required=True, type='str')), + options=dict( + enabled=dict(type='bool'), + oauth2_client_id=dict(required=True, type='str'), + oauth2_client_secret=dict(required=True, type='str', no_log=True), + ), ), load_balancing_scheme=dict(default='EXTERNAL', type='str', choices=['INTERNAL', 'EXTERNAL']), name=dict(required=True, type='str'), diff --git a/lib/ansible/modules/cloud/google/gcp_compute_disk.py b/lib/ansible/modules/cloud/google/gcp_compute_disk.py index 051683ff4d..255e2f142e 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_disk.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_disk.py @@ -440,10 +440,10 @@ def main(): type=dict(type='str'), source_image=dict(type='str'), zone=dict(required=True, type='str'), - source_image_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'), kms_key_name=dict(type='str'))), - disk_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'), kms_key_name=dict(type='str'))), + source_image_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str', no_log=True), kms_key_name=dict(type='str'))), + disk_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str', no_log=True), kms_key_name=dict(type='str'))), source_snapshot=dict(type='dict'), - source_snapshot_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'), kms_key_name=dict(type='str'))), + source_snapshot_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str', no_log=True), kms_key_name=dict(type='str'))), ) ) diff --git a/lib/ansible/modules/cloud/google/gcp_compute_image.py b/lib/ansible/modules/cloud/google/gcp_compute_image.py index f8db6b4308..673562d480 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_image.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_image.py @@ -444,7 +444,7 @@ def main(): disk_size_gb=dict(type='int'), family=dict(type='str'), guest_os_features=dict(type='list', elements='dict', options=dict(type=dict(type='str', choices=['VIRTIO_SCSI_MULTIQUEUE']))), - image_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'))), + image_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str', no_log=True))), labels=dict(type='dict'), licenses=dict(type='list', elements='str'), name=dict(required=True, type='str'), @@ -453,7 +453,7 @@ def main(): options=dict(container_type=dict(type='str', choices=['TAR']), sha1_checksum=dict(type='str'), source=dict(required=True, type='str')), ), source_disk=dict(type='dict'), - source_disk_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'))), + source_disk_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str', no_log=True))), source_disk_id=dict(type='str'), source_type=dict(type='str', choices=['RAW']), ) diff --git a/lib/ansible/modules/cloud/google/gcp_compute_instance_template.py b/lib/ansible/modules/cloud/google/gcp_compute_instance_template.py index 566efea58d..274fb1f0d1 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_instance_template.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_instance_template.py @@ -863,7 +863,13 @@ def main(): auto_delete=dict(type='bool'), boot=dict(type='bool'), device_name=dict(type='str'), - disk_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'), rsa_encrypted_key=dict(type='str'))), + disk_encryption_key=dict( + type='dict', + options=dict( + raw_key=dict(type='str', no_log=True), + rsa_encrypted_key=dict(type='str', no_log=True), + ), + ), index=dict(type='int'), initialize_params=dict( type='dict', @@ -872,7 +878,7 @@ def main(): disk_size_gb=dict(type='int'), disk_type=dict(type='str'), source_image=dict(type='str'), - source_image_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'))), + source_image_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str', no_log=True))), ), ), interface=dict(type='str', choices=['SCSI', 'NVME']), diff --git a/lib/ansible/modules/cloud/google/gcp_compute_region_disk.py b/lib/ansible/modules/cloud/google/gcp_compute_region_disk.py index 12beabc750..0756ef006e 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_region_disk.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_region_disk.py @@ -354,9 +354,9 @@ def main(): replica_zones=dict(required=True, type='list', elements='str'), type=dict(type='str'), region=dict(required=True, type='str'), - disk_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'))), + disk_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str', no_log=True))), source_snapshot=dict(type='dict'), - source_snapshot_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'))), + source_snapshot_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str', no_log=True))), ) ) diff --git a/lib/ansible/modules/cloud/google/gcp_compute_ssl_certificate.py b/lib/ansible/modules/cloud/google/gcp_compute_ssl_certificate.py index 8a4e6ae79c..6575281bc8 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_ssl_certificate.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_ssl_certificate.py @@ -163,7 +163,7 @@ def main(): certificate=dict(required=True, type='str'), description=dict(type='str'), name=dict(type='str'), - private_key=dict(required=True, type='str'), + private_key=dict(required=True, type='str', no_log=True), ) ) diff --git a/lib/ansible/modules/cloud/google/gcp_compute_vpn_tunnel.py b/lib/ansible/modules/cloud/google/gcp_compute_vpn_tunnel.py index ec7be3db05..c08323c783 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_vpn_tunnel.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_vpn_tunnel.py @@ -269,7 +269,7 @@ def main(): target_vpn_gateway=dict(required=True, type='dict'), router=dict(type='dict'), peer_ip=dict(required=True, type='str'), - shared_secret=dict(required=True, type='str'), + shared_secret=dict(required=True, type='str', no_log=True), ike_version=dict(default=2, type='int'), local_traffic_selector=dict(type='list', elements='str'), remote_traffic_selector=dict(type='list', elements='str'), diff --git a/lib/ansible/modules/cloud/google/gcp_sql_instance.py b/lib/ansible/modules/cloud/google/gcp_sql_instance.py index 9cfa57d2fb..b2f062bcd3 100644 --- a/lib/ansible/modules/cloud/google/gcp_sql_instance.py +++ b/lib/ansible/modules/cloud/google/gcp_sql_instance.py @@ -626,7 +626,7 @@ def main(): options=dict( ca_certificate=dict(type='str'), client_certificate=dict(type='str'), - client_key=dict(type='str'), + client_key=dict(type='str', no_log=True), connect_retry_interval=dict(type='int'), dump_file_path=dict(type='str'), master_heartbeat_period=dict(type='int'), diff --git a/lib/ansible/modules/cloud/misc/ovirt.py b/lib/ansible/modules/cloud/misc/ovirt.py index e9372c088a..0e7d01bf4c 100644 --- a/lib/ansible/modules/cloud/misc/ovirt.py +++ b/lib/ansible/modules/cloud/misc/ovirt.py @@ -380,7 +380,7 @@ def main(): instance_gateway=dict(type='str', aliases=['gateway']), instance_domain=dict(type='str', aliases=['domain']), instance_dns=dict(type='str', aliases=['dns']), - instance_rootpw=dict(type='str', aliases=['rootpw']), + instance_rootpw=dict(type='str', aliases=['rootpw'], no_log=True), instance_key=dict(type='str', aliases=['key']), sdomain=dict(type='str'), region=dict(type='str'), diff --git a/lib/ansible/modules/cloud/oneandone/oneandone_firewall_policy.py b/lib/ansible/modules/cloud/oneandone/oneandone_firewall_policy.py index 2d2c16bcef..a57a396a45 100644 --- a/lib/ansible/modules/cloud/oneandone/oneandone_firewall_policy.py +++ b/lib/ansible/modules/cloud/oneandone/oneandone_firewall_policy.py @@ -504,7 +504,8 @@ def main(): argument_spec=dict( auth_token=dict( type='str', - default=os.environ.get('ONEANDONE_AUTH_TOKEN')), + default=os.environ.get('ONEANDONE_AUTH_TOKEN'), + no_log=True), api_url=dict( type='str', default=os.environ.get('ONEANDONE_API_URL')), diff --git a/lib/ansible/modules/cloud/oneandone/oneandone_load_balancer.py b/lib/ansible/modules/cloud/oneandone/oneandone_load_balancer.py index ee83889bbd..c3f2de6edf 100644 --- a/lib/ansible/modules/cloud/oneandone/oneandone_load_balancer.py +++ b/lib/ansible/modules/cloud/oneandone/oneandone_load_balancer.py @@ -595,7 +595,8 @@ def main(): argument_spec=dict( auth_token=dict( type='str', - default=os.environ.get('ONEANDONE_AUTH_TOKEN')), + default=os.environ.get('ONEANDONE_AUTH_TOKEN'), + no_log=True), api_url=dict( type='str', default=os.environ.get('ONEANDONE_API_URL')), diff --git a/lib/ansible/modules/cloud/oneandone/oneandone_monitoring_policy.py b/lib/ansible/modules/cloud/oneandone/oneandone_monitoring_policy.py index 735cc848af..f99a95f89c 100644 --- a/lib/ansible/modules/cloud/oneandone/oneandone_monitoring_policy.py +++ b/lib/ansible/modules/cloud/oneandone/oneandone_monitoring_policy.py @@ -950,7 +950,8 @@ def main(): argument_spec=dict( auth_token=dict( type='str', - default=os.environ.get('ONEANDONE_AUTH_TOKEN')), + default=os.environ.get('ONEANDONE_AUTH_TOKEN'), + no_log=True), api_url=dict( type='str', default=os.environ.get('ONEANDONE_API_URL')), diff --git a/lib/ansible/modules/cloud/oneandone/oneandone_private_network.py b/lib/ansible/modules/cloud/oneandone/oneandone_private_network.py index 06ed26e262..309c61a141 100644 --- a/lib/ansible/modules/cloud/oneandone/oneandone_private_network.py +++ b/lib/ansible/modules/cloud/oneandone/oneandone_private_network.py @@ -384,7 +384,8 @@ def main(): argument_spec=dict( auth_token=dict( type='str', - default=os.environ.get('ONEANDONE_AUTH_TOKEN')), + default=os.environ.get('ONEANDONE_AUTH_TOKEN'), + no_log=True), api_url=dict( type='str', default=os.environ.get('ONEANDONE_API_URL')), diff --git a/lib/ansible/modules/cloud/oneandone/oneandone_public_ip.py b/lib/ansible/modules/cloud/oneandone/oneandone_public_ip.py index 86376124f9..88cfff5bd8 100644 --- a/lib/ansible/modules/cloud/oneandone/oneandone_public_ip.py +++ b/lib/ansible/modules/cloud/oneandone/oneandone_public_ip.py @@ -277,7 +277,8 @@ def main(): argument_spec=dict( auth_token=dict( type='str', - default=os.environ.get('ONEANDONE_AUTH_TOKEN')), + default=os.environ.get('ONEANDONE_AUTH_TOKEN'), + no_log=True), api_url=dict( type='str', default=os.environ.get('ONEANDONE_API_URL')), diff --git a/lib/ansible/modules/cloud/rackspace/rax_clb_ssl.py b/lib/ansible/modules/cloud/rackspace/rax_clb_ssl.py index 86248f023f..ce7939e364 100644 --- a/lib/ansible/modules/cloud/rackspace/rax_clb_ssl.py +++ b/lib/ansible/modules/cloud/rackspace/rax_clb_ssl.py @@ -236,7 +236,7 @@ def main(): loadbalancer=dict(required=True), state=dict(default='present', choices=['present', 'absent']), enabled=dict(type='bool', default=True), - private_key=dict(), + private_key=dict(no_log=True), certificate=dict(), intermediate_certificate=dict(), secure_port=dict(type='int', default=443), diff --git a/lib/ansible/modules/cloud/spotinst/spotinst_aws_elastigroup.py b/lib/ansible/modules/cloud/spotinst/spotinst_aws_elastigroup.py index f90b2dd375..9d932e59a2 100644 --- a/lib/ansible/modules/cloud/spotinst/spotinst_aws_elastigroup.py +++ b/lib/ansible/modules/cloud/spotinst/spotinst_aws_elastigroup.py @@ -1438,7 +1438,7 @@ def main(): min_size=dict(type='int', required=True), monitoring=dict(type='str'), multai_load_balancers=dict(type='list'), - multai_token=dict(type='str'), + multai_token=dict(type='str', no_log=True), name=dict(type='str', required=True), network_interfaces=dict(type='list'), on_demand_count=dict(type='int'), @@ -1462,7 +1462,7 @@ def main(): target_group_arns=dict(type='list'), tenancy=dict(type='str'), terminate_at_end_of_billing_hour=dict(type='bool'), - token=dict(type='str'), + token=dict(type='str', no_log=True), unit=dict(type='str'), user_data=dict(type='str'), utilize_reserved_instances=dict(type='bool'), diff --git a/lib/ansible/modules/monitoring/librato_annotation.py b/lib/ansible/modules/monitoring/librato_annotation.py index aaaca3613f..79a4ebb8ec 100644 --- a/lib/ansible/modules/monitoring/librato_annotation.py +++ b/lib/ansible/modules/monitoring/librato_annotation.py @@ -146,7 +146,7 @@ def main(): module = AnsibleModule( argument_spec=dict( user=dict(required=True), - api_key=dict(required=True), + api_key=dict(required=True, no_log=True), name=dict(required=False), title=dict(required=True), source=dict(required=False), diff --git a/lib/ansible/modules/monitoring/pagerduty_alert.py b/lib/ansible/modules/monitoring/pagerduty_alert.py index f9ea471dc3..5aaa7a4770 100644 --- a/lib/ansible/modules/monitoring/pagerduty_alert.py +++ b/lib/ansible/modules/monitoring/pagerduty_alert.py @@ -190,9 +190,9 @@ def main(): argument_spec=dict( name=dict(required=False), service_id=dict(required=True), - service_key=dict(require=False), - integration_key=dict(require=False), - api_key=dict(required=True), + service_key=dict(required=False, no_log=True), + integration_key=dict(required=False, no_log=True), + api_key=dict(required=True, no_log=True), state=dict(required=True, choices=['triggered', 'acknowledged', 'resolved']), client=dict(required=False, default=None), diff --git a/lib/ansible/modules/net_tools/nios/nios_nsgroup.py b/lib/ansible/modules/net_tools/nios/nios_nsgroup.py index fdb511123d..f9cabf0020 100644 --- a/lib/ansible/modules/net_tools/nios/nios_nsgroup.py +++ b/lib/ansible/modules/net_tools/nios/nios_nsgroup.py @@ -305,7 +305,7 @@ def main(): address=dict(required=True, ib_req=True), name=dict(required=True, ib_req=True), stealth=dict(type='bool', default=False), - tsig_key=dict(), + tsig_key=dict(no_log=True), tsig_key_alg=dict(choices=['HMAC-MD5', 'HMAC-SHA256'], default='HMAC-MD5'), tsig_key_name=dict(required=True) ) diff --git a/lib/ansible/modules/network/cloudengine/ce_vrrp.py b/lib/ansible/modules/network/cloudengine/ce_vrrp.py index 1ecf4b5c3f..7fde219e5a 100644 --- a/lib/ansible/modules/network/cloudengine/ce_vrrp.py +++ b/lib/ansible/modules/network/cloudengine/ce_vrrp.py @@ -1316,7 +1316,7 @@ def main(): holding_multiplier=dict(type='str'), auth_mode=dict(type='str', choices=['simple', 'md5', 'none']), is_plain=dict(type='bool', default=False), - auth_key=dict(type='str'), + auth_key=dict(type='str', no_log=True), fast_resume=dict(type='str', choices=['enable', 'disable']), state=dict(type='str', default='present', choices=['present', 'absent']) diff --git a/lib/ansible/modules/network/itential/iap_start_workflow.py b/lib/ansible/modules/network/itential/iap_start_workflow.py index 15d0d4e5aa..0ffe6eddf5 100644 --- a/lib/ansible/modules/network/itential/iap_start_workflow.py +++ b/lib/ansible/modules/network/itential/iap_start_workflow.py @@ -169,7 +169,7 @@ def main(): argument_spec=dict( iap_port=dict(type='str', required=True), iap_fqdn=dict(type='str', required=True), - token_key=dict(type='str', required=True), + token_key=dict(type='str', required=True, no_log=True), workflow_name=dict(type='str', required=True), description=dict(type='str', required=True), variables=dict(type='dict', required=False), diff --git a/lib/ansible/modules/network/netscaler/netscaler_lb_monitor.py b/lib/ansible/modules/network/netscaler/netscaler_lb_monitor.py index fa6a9ae0b4..702ab58e24 100644 --- a/lib/ansible/modules/network/netscaler/netscaler_lb_monitor.py +++ b/lib/ansible/modules/network/netscaler/netscaler_lb_monitor.py @@ -986,7 +986,7 @@ def main(): secondarypassword=dict(type='str'), logonpointname=dict(type='str'), lasversion=dict(type='str'), - radkey=dict(type='str'), + radkey=dict(type='str', no_log=True), radnasid=dict(type='str'), radnasip=dict(type='str'), radaccounttype=dict(type='float'), diff --git a/lib/ansible/modules/network/nxos/nxos_aaa_server.py b/lib/ansible/modules/network/nxos/nxos_aaa_server.py index d47a2c848e..d189ff2ed5 100644 --- a/lib/ansible/modules/network/nxos/nxos_aaa_server.py +++ b/lib/ansible/modules/network/nxos/nxos_aaa_server.py @@ -234,7 +234,7 @@ def default_aaa_server(existing, params, server_type): def main(): argument_spec = dict( server_type=dict(type='str', choices=['radius', 'tacacs'], required=True), - global_key=dict(type='str'), + global_key=dict(type='str', no_log=True), encrypt_type=dict(type='str', choices=['0', '7']), deadtime=dict(type='str'), server_timeout=dict(type='str'), diff --git a/lib/ansible/modules/network/nxos/nxos_pim_interface.py b/lib/ansible/modules/network/nxos/nxos_pim_interface.py index 227f2179b6..c7046804f7 100644 --- a/lib/ansible/modules/network/nxos/nxos_pim_interface.py +++ b/lib/ansible/modules/network/nxos/nxos_pim_interface.py @@ -435,7 +435,7 @@ def main(): interface=dict(type='str', required=True), sparse=dict(type='bool', default=False), dr_prio=dict(type='str'), - hello_auth_key=dict(type='str'), + hello_auth_key=dict(type='str', no_log=True), hello_interval=dict(type='int'), jp_policy_out=dict(type='str'), jp_policy_in=dict(type='str'), diff --git a/lib/ansible/modules/network/nxos/nxos_snmp_user.py b/lib/ansible/modules/network/nxos/nxos_snmp_user.py index c98051e589..a3d5894c5f 100644 --- a/lib/ansible/modules/network/nxos/nxos_snmp_user.py +++ b/lib/ansible/modules/network/nxos/nxos_snmp_user.py @@ -293,7 +293,7 @@ def main(): argument_spec = dict( user=dict(required=True, type='str'), group=dict(type='str'), - pwd=dict(type='str'), + pwd=dict(type='str', no_log=True), privacy=dict(type='str'), authentication=dict(choices=['md5', 'sha']), encrypt=dict(type='bool'), diff --git a/lib/ansible/modules/network/nxos/nxos_vrrp.py b/lib/ansible/modules/network/nxos/nxos_vrrp.py index a1f393a3ec..4beb38309e 100644 --- a/lib/ansible/modules/network/nxos/nxos_vrrp.py +++ b/lib/ansible/modules/network/nxos/nxos_vrrp.py @@ -330,7 +330,7 @@ def main(): admin_state=dict(required=False, type='str', choices=['shutdown', 'no shutdown', 'default'], default='shutdown'), - authentication=dict(required=False, type='str'), + authentication=dict(required=False, type='str', no_log=True), state=dict(choices=['absent', 'present'], required=False, default='present') ) argument_spec.update(nxos_argument_spec) diff --git a/lib/ansible/modules/packaging/os/pulp_repo.py b/lib/ansible/modules/packaging/os/pulp_repo.py index 26ccc97b07..fac550d7d0 100644 --- a/lib/ansible/modules/packaging/os/pulp_repo.py +++ b/lib/ansible/modules/packaging/os/pulp_repo.py @@ -537,7 +537,7 @@ def main(): generate_sqlite=dict(default=False, type='bool'), ca_cert=dict(aliases=['importer_ssl_ca_cert']), client_cert=dict(aliases=['importer_ssl_client_cert']), - client_key=dict(aliases=['importer_ssl_client_key']), + client_key=dict(aliases=['importer_ssl_client_key'], no_log=True), name=dict(required=True, aliases=['repo']), proxy_host=dict(), proxy_port=dict(), diff --git a/lib/ansible/modules/source_control/gitlab_runner.py b/lib/ansible/modules/source_control/gitlab_runner.py index ffbc790947..8bfde3371a 100644 --- a/lib/ansible/modules/source_control/gitlab_runner.py +++ b/lib/ansible/modules/source_control/gitlab_runner.py @@ -304,7 +304,7 @@ def main(): locked=dict(type='bool', default=False), access_level=dict(type='str', default='ref_protected', choices=["not_protected", "ref_protected"]), maximum_timeout=dict(type='int', default=3600), - registration_token=dict(type='str', required=True), + registration_token=dict(type='str', required=True, no_log=True), state=dict(type='str', default="present", choices=["absent", "present"]), )) diff --git a/lib/ansible/modules/storage/ibm/ibm_sa_host.py b/lib/ansible/modules/storage/ibm/ibm_sa_host.py index 483b7ce58b..ac1715bf26 100644 --- a/lib/ansible/modules/storage/ibm/ibm_sa_host.py +++ b/lib/ansible/modules/storage/ibm/ibm_sa_host.py @@ -95,7 +95,7 @@ def main(): cluster=dict(), domain=dict(), iscsi_chap_name=dict(), - iscsi_chap_secret=dict() + iscsi_chap_secret=dict(no_log=True) ) ) diff --git a/lib/ansible/modules/storage/netapp/_sf_account_manager.py b/lib/ansible/modules/storage/netapp/_sf_account_manager.py index a4f270892f..e0561aa8b6 100644 --- a/lib/ansible/modules/storage/netapp/_sf_account_manager.py +++ b/lib/ansible/modules/storage/netapp/_sf_account_manager.py @@ -120,8 +120,8 @@ class SolidFireAccount(object): account_id=dict(required=False, type='int', default=None), new_name=dict(required=False, type='str', default=None), - initiator_secret=dict(required=False, type='str'), - target_secret=dict(required=False, type='str'), + initiator_secret=dict(required=False, type='str', no_log=True), + target_secret=dict(required=False, type='str', no_log=True), attributes=dict(required=False, type='dict'), status=dict(required=False, type='str'), )) diff --git a/lib/ansible/modules/storage/netapp/na_elementsw_account.py b/lib/ansible/modules/storage/netapp/na_elementsw_account.py index 7dcd2f7601..a01f4831f8 100644 --- a/lib/ansible/modules/storage/netapp/na_elementsw_account.py +++ b/lib/ansible/modules/storage/netapp/na_elementsw_account.py @@ -142,8 +142,8 @@ class ElementSWAccount(object): state=dict(required=True, choices=['present', 'absent']), element_username=dict(required=True, aliases=["account_id"], type='str'), from_name=dict(required=False, default=None), - initiator_secret=dict(required=False, type='str'), - target_secret=dict(required=False, type='str'), + initiator_secret=dict(required=False, type='str', no_log=True), + target_secret=dict(required=False, type='str', no_log=True), attributes=dict(required=False, type='dict'), status=dict(required=False, type='str'), )) diff --git a/lib/ansible/modules/web_infrastructure/sophos_utm/utm_proxy_auth_profile.py b/lib/ansible/modules/web_infrastructure/sophos_utm/utm_proxy_auth_profile.py index fe1c5ce414..f36789db19 100644 --- a/lib/ansible/modules/web_infrastructure/sophos_utm/utm_proxy_auth_profile.py +++ b/lib/ansible/modules/web_infrastructure/sophos_utm/utm_proxy_auth_profile.py @@ -319,7 +319,7 @@ def main(): backend_user_suffix=dict(type='str', required=False, default=""), comment=dict(type='str', required=False, default=""), frontend_cookie=dict(type='str', required=False), - frontend_cookie_secret=dict(type='str', required=False), + frontend_cookie_secret=dict(type='str', required=False, no_log=True), frontend_form=dict(type='str', required=False), frontend_form_template=dict(type='str', required=False, default=""), frontend_login=dict(type='str', required=False), |