Backport of https://github.com/ansible-collections/community.network/pull/223. (#73913)

author: Felix Fontein <felix@fontein.de> 2021-04-03 18:26:55 +0200
committer: GitHub <noreply@github.com> 2021-04-03 11:26:55 -0500
commit: ede3b025767c005dec709c3b646d6259a6d954fb (patch)
tree: d70d72efd5c30515c38176577e1bf828d863216a
parent: d523263945da457f7c84ea79bd4840c8891c90d7 (diff)
download: ansible-ede3b025767c005dec709c3b646d6259a6d954fb.tar.gz
4 files changed, 7 insertions, 3 deletions
diff --git a/changelogs/fragments/community.network-223-no_log-missing.yml b/changelogs/fragments/community.network-223-no_log-missing.yml
new file mode 100644
index 0000000000..889fd670b1
--- /dev/null
+++ b/changelogs/fragments/community.network-223-no_log-missing.yml
@@ -0,0 +1,4 @@
+security_fixes:
+- "avi_webhook - mark the ``verification_token`` parameter as ``no_log`` to prevent potential leaking of secret values (https://github.com/ansible-collections/community.network/pull/223)."
+- "avi_sslkeyandcertificate - mark the ``enckey_base64`` parameter as ``no_log`` to prevent potential leaking of secret values (https://github.com/ansible-collections/community.network/pull/223)."
+- "avi_cloudconnectoruser - mark the ``azure_userpass`` parameter as ``no_log`` to prevent leaking of secret values (https://github.com/ansible-collections/community.network/pull/223)."
diff --git a/lib/ansible/modules/network/avi/avi_cloudconnectoruser.py b/lib/ansible/modules/network/avi/avi_cloudconnectoruser.py
index 78f61d5398..7ea2b391ff 100644
--- a/lib/ansible/modules/network/avi/avi_cloudconnectoruser.py
+++ b/lib/ansible/modules/network/avi/avi_cloudconnectoruser.py
@@ -110,7 +110,7 @@ def main():
                                    choices=['put', 'patch']),
         avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
         azure_serviceprincipal=dict(type='dict',),
-        azure_userpass=dict(type='dict',),
+        azure_userpass=dict(type='dict', no_log=True),
         name=dict(type='str', required=True),
         private_key=dict(type='str', no_log=True,),
         public_key=dict(type='str',),
diff --git a/lib/ansible/modules/network/avi/avi_sslkeyandcertificate.py b/lib/ansible/modules/network/avi/avi_sslkeyandcertificate.py
index f500bd65d4..f1bdfc6bfd 100644
--- a/lib/ansible/modules/network/avi/avi_sslkeyandcertificate.py
+++ b/lib/ansible/modules/network/avi/avi_sslkeyandcertificate.py
@@ -147,7 +147,7 @@ def main():
         certificate_management_profile_ref=dict(type='str',),
         created_by=dict(type='str',),
         dynamic_params=dict(type='list',),
-        enckey_base64=dict(type='str',),
+        enckey_base64=dict(type='str', no_log=True),
         enckey_name=dict(type='str',),
         hardwaresecuritymodulegroup_ref=dict(type='str',),
         key=dict(type='str', no_log=True,),
diff --git a/lib/ansible/modules/network/avi/avi_webhook.py b/lib/ansible/modules/network/avi/avi_webhook.py
index f787b60505..e837475ded 100644
--- a/lib/ansible/modules/network/avi/avi_webhook.py
+++ b/lib/ansible/modules/network/avi/avi_webhook.py
@@ -110,7 +110,7 @@ def main():
         tenant_ref=dict(type='str',),
         url=dict(type='str',),
         uuid=dict(type='str',),
-        verification_token=dict(type='str',),
+        verification_token=dict(type='str', no_log=True),
     )
     argument_specs.update(avi_common_argument_spec())
     module = AnsibleModule(
author	Felix Fontein <felix@fontein.de>	2021-04-03 18:26:55 +0200
committer	GitHub <noreply@github.com>	2021-04-03 11:26:55 -0500
commit	ede3b025767c005dec709c3b646d6259a6d954fb (patch)
tree	d70d72efd5c30515c38176577e1bf828d863216a
parent	d523263945da457f7c84ea79bd4840c8891c90d7 (diff)
download	ansible-ede3b025767c005dec709c3b646d6259a6d954fb.tar.gz