diff options
author | Felix Fontein <felix@fontein.de> | 2021-04-03 18:26:55 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-04-03 11:26:55 -0500 |
commit | ede3b025767c005dec709c3b646d6259a6d954fb (patch) | |
tree | d70d72efd5c30515c38176577e1bf828d863216a | |
parent | d523263945da457f7c84ea79bd4840c8891c90d7 (diff) | |
download | ansible-ede3b025767c005dec709c3b646d6259a6d954fb.tar.gz |
Backport of https://github.com/ansible-collections/community.network/pull/223. (#73913)
4 files changed, 7 insertions, 3 deletions
diff --git a/changelogs/fragments/community.network-223-no_log-missing.yml b/changelogs/fragments/community.network-223-no_log-missing.yml new file mode 100644 index 0000000000..889fd670b1 --- /dev/null +++ b/changelogs/fragments/community.network-223-no_log-missing.yml @@ -0,0 +1,4 @@ +security_fixes: +- "avi_webhook - mark the ``verification_token`` parameter as ``no_log`` to prevent potential leaking of secret values (https://github.com/ansible-collections/community.network/pull/223)." +- "avi_sslkeyandcertificate - mark the ``enckey_base64`` parameter as ``no_log`` to prevent potential leaking of secret values (https://github.com/ansible-collections/community.network/pull/223)." +- "avi_cloudconnectoruser - mark the ``azure_userpass`` parameter as ``no_log`` to prevent leaking of secret values (https://github.com/ansible-collections/community.network/pull/223)." diff --git a/lib/ansible/modules/network/avi/avi_cloudconnectoruser.py b/lib/ansible/modules/network/avi/avi_cloudconnectoruser.py index 78f61d5398..7ea2b391ff 100644 --- a/lib/ansible/modules/network/avi/avi_cloudconnectoruser.py +++ b/lib/ansible/modules/network/avi/avi_cloudconnectoruser.py @@ -110,7 +110,7 @@ def main(): choices=['put', 'patch']), avi_api_patch_op=dict(choices=['add', 'replace', 'delete']), azure_serviceprincipal=dict(type='dict',), - azure_userpass=dict(type='dict',), + azure_userpass=dict(type='dict', no_log=True), name=dict(type='str', required=True), private_key=dict(type='str', no_log=True,), public_key=dict(type='str',), diff --git a/lib/ansible/modules/network/avi/avi_sslkeyandcertificate.py b/lib/ansible/modules/network/avi/avi_sslkeyandcertificate.py index f500bd65d4..f1bdfc6bfd 100644 --- a/lib/ansible/modules/network/avi/avi_sslkeyandcertificate.py +++ b/lib/ansible/modules/network/avi/avi_sslkeyandcertificate.py @@ -147,7 +147,7 @@ def main(): certificate_management_profile_ref=dict(type='str',), created_by=dict(type='str',), dynamic_params=dict(type='list',), - enckey_base64=dict(type='str',), + enckey_base64=dict(type='str', no_log=True), enckey_name=dict(type='str',), hardwaresecuritymodulegroup_ref=dict(type='str',), key=dict(type='str', no_log=True,), diff --git a/lib/ansible/modules/network/avi/avi_webhook.py b/lib/ansible/modules/network/avi/avi_webhook.py index f787b60505..e837475ded 100644 --- a/lib/ansible/modules/network/avi/avi_webhook.py +++ b/lib/ansible/modules/network/avi/avi_webhook.py @@ -110,7 +110,7 @@ def main(): tenant_ref=dict(type='str',), url=dict(type='str',), uuid=dict(type='str',), - verification_token=dict(type='str',), + verification_token=dict(type='str', no_log=True), ) argument_specs.update(avi_common_argument_spec()) module = AnsibleModule( |