diff options
83 files changed, 236 insertions, 155 deletions
diff --git a/changelogs/fragments/471-no_log.yml b/changelogs/fragments/471-no_log.yml index 14217c20f5..e1c537bc0c 100644 --- a/changelogs/fragments/471-no_log.yml +++ b/changelogs/fragments/471-no_log.yml @@ -1,2 +1,2 @@ security_fixes: -- aws_secret - flag the ``secret`` parameter as containing sensitive data which shouldn't be logged (https://github.com/ansible-collections/community.aws/pull/471). +- aws_secret - flag the ``secret`` parameter as containing sensitive data which shouldn't be logged (https://github.com/ansible-collections/community.aws/pull/471) (CVE-2021-3447). diff --git a/changelogs/fragments/community.aws-475-no_log-missing.yml b/changelogs/fragments/community.aws-475-no_log-missing.yml index c07ab112ad..9e501df8aa 100644 --- a/changelogs/fragments/community.aws-475-no_log-missing.yml +++ b/changelogs/fragments/community.aws-475-no_log-missing.yml @@ -1,4 +1,4 @@ security_fixes: -- "aws_direct_connect_virtual_interface - mark the ``authentication_key`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475)." -- "sts_assume_role - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475)." -- "sts_session_token - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475)." +- "aws_direct_connect_virtual_interface - mark the ``authentication_key`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475). (CVE-2021-3447)" +- "sts_assume_role - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475). (CVE-2021-3447)" +- "sts_session_token - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475). (CVE-2021-3447)" diff --git a/changelogs/fragments/community.docker-103-docker_swarm-no_log.yml b/changelogs/fragments/community.docker-103-docker_swarm-no_log.yml index a2e40747ac..f94775f1c0 100644 --- a/changelogs/fragments/community.docker-103-docker_swarm-no_log.yml +++ b/changelogs/fragments/community.docker-103-docker_swarm-no_log.yml @@ -1,4 +1,4 @@ security_fixes: -- "docker_swarm - the ``join_token`` option is now marked as ``no_log`` so it is no longer written into logs (https://github.com/ansible-collections/community.docker/pull/103)." +- "docker_swarm - the ``join_token`` option is now marked as ``no_log`` so it is no longer written into logs (https://github.com/ansible-collections/community.docker/pull/103). (CVE-2021-3447)" breaking_changes: -- "docker_swarm - if ``join_token`` is specified, a returned join token with the same value will be replaced by ``VALUE_SPECIFIED_IN_NO_LOG_PARAMETER``. Make sure that you do not blindly use the join tokens from the return value of this module when the module is invoked with ``join_token`` specified! This breaking change appears in a minor release since it is necessary to fix a security issue (https://github.com/ansible-collections/community.docker/pull/103)." +- "docker_swarm - if ``join_token`` is specified, a returned join token with the same value will be replaced by ``VALUE_SPECIFIED_IN_NO_LOG_PARAMETER``. Make sure that you do not blindly use the join tokens from the return value of this module when the module is invoked with ``join_token`` specified! This breaking change appears in a minor release since it is necessary to fix a security issue (https://github.com/ansible-collections/community.docker/pull/103). (CVE-2021-3447)" diff --git a/changelogs/fragments/community.general-2018-missing-no_log-again.yml b/changelogs/fragments/community.general-2018-missing-no_log-again.yml index 7410b7643e..90e83b370d 100644 --- a/changelogs/fragments/community.general-2018-missing-no_log-again.yml +++ b/changelogs/fragments/community.general-2018-missing-no_log-again.yml @@ -1,2 +1,2 @@ security_fixes: -- "na_cdot_user - mark the ``set_password`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/2018)." +- "na_cdot_user - mark the ``set_password`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/2018). (CVE-2021-3447)" diff --git a/changelogs/fragments/community.network-223-no_log-missing.yml b/changelogs/fragments/community.network-223-no_log-missing.yml index 20c621a49d..11d824964c 100644 --- a/changelogs/fragments/community.network-223-no_log-missing.yml +++ b/changelogs/fragments/community.network-223-no_log-missing.yml @@ -1,4 +1,4 @@ security_fixes: -- "avi_webhook - mark the ``verification_token`` parameter as ``no_log`` to prevent potential leaking of secret values (https://github.com/ansible-collections/community.network/pull/223)." -- "avi_sslkeyandcertificate - mark the ``enckey_base64`` parameter as ``no_log`` to prevent potential leaking of secret values (https://github.com/ansible-collections/community.network/pull/223)." -- "avi_cloudconnectoruser - mark the ``azure_userpass``, ``gcp_credentials``, ``oci_credentials``, and ``tencent_credentials`` parameters as ``no_log`` to prevent leaking of secret values (https://github.com/ansible-collections/community.network/pull/223)." +- "avi_webhook - mark the ``verification_token`` parameter as ``no_log`` to prevent potential leaking of secret values (https://github.com/ansible-collections/community.network/pull/223). (CVE-2021-3447)" +- "avi_sslkeyandcertificate - mark the ``enckey_base64`` parameter as ``no_log`` to prevent potential leaking of secret values (https://github.com/ansible-collections/community.network/pull/223). (CVE-2021-3447)" +- "avi_cloudconnectoruser - mark the ``azure_userpass``, ``gcp_credentials``, ``oci_credentials``, and ``tencent_credentials`` parameters as ``no_log`` to prevent leaking of secret values (https://github.com/ansible-collections/community.network/pull/223). (CVE-2021-3447)" diff --git a/changelogs/fragments/more-no_log-fixes.yml b/changelogs/fragments/more-no_log-fixes.yml new file mode 100644 index 0000000000..62f50aceb9 --- /dev/null +++ b/changelogs/fragments/more-no_log-fixes.yml @@ -0,0 +1,79 @@ +minor_changes: + - azure_rm_roledefinition - module specification is now valid. + +security_fixes: + - azure_rm_devtestlabartifactsource - ``security_token`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - bigip_device_license - ``license_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - bigip_dns_nameserver - ``tsig_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - bigip_dns_zone - ``tsig_server_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - bigip_profile_client_ssl - ``key`` and ``passphrase`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_dlp_fp_doc_source - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_endpoint_control_forticlient_ems - ``admin_password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_endpoint_control_profile - ``preshared_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_endpoint_control_settings - ``forticlient_reg_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_extender_controller_extender - ``aaa_shared_secret``, ``ha_shared_secret``, ``modem_passwd``, and ``ppp_password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_firewall_ssh_local_ca - ``password`` and ``private_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_firewall_ssh_local_key - ``password`` and ``private_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_log_disk_setting - ``uploadpass`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_router_bgp - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_router_isis - ``auth_password_l1`` and ``auth_password_l2`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_router_key_chain - ``key_string`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_router_ospf - ``authentication_key`` and `md5_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_router_rip - ``auth_string`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_switch_controller_switch_profile - ``login_passwd`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_system_admin - ``fortitoken`` and ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_system_api_user - ``api_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_system_automation_action - ``aws_api_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_system_autoupdate_tunneling - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_system_csf - ``password`` and ``group_password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_system_ddns - ``ddns_password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_system_email_server - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_system_fsso_polling - ``auth_password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_system_ha - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_system_interface - ``password`` and ``pptp_password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_system_link_monitor - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_system_mobile_tunnel - ``n_mhae_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_system_ntp - ``key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_system_pppoe_interface - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_system_probe_response - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_system_sdn_connector - ``access_key``, ``client_secret``, ``key_passwd``, ``password``, ``private_key``, and ``secret_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_system_virtual_wan_link - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_system_wccp - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_user_fortitoken - ``activation_code``, ``license``, ``seed``, and ``serial_number`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_user_fsso - ``password``, ``password1``, ``password2``, ``password3``, ``password4``, and ``password5`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_user_fsso_polling - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_user_group - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_user_krb_keytab - ``keytab`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_user_ldap - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_user_local - ``fortitoken``, ``passwd``, and ``ppk_secret`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_user_peer - ``ldap_password`` and ``passwd`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_user_radius - ``secret``, ``rsso_secret``, ``secondary_secret``, and ``tertiary_secret`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_user_tacacsplus - ``key``, ``secondary_key``, and ``tertiary_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_vpn_certificate_crl - ``ldap_password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_vpn_certificate_local - ``password``, ``private_key``, and ``scep_password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_vpn_ipsec_manualkey - ``authkey`` and ``enckey`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_vpn_ipsec_manualkey_interface - ``auth_key`` and ``enc_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_vpn_ipsec_phase1 - ``authpasswd``, ``group_authentication_secret``, ``ppk_secret``, ``psksecret``, and ``psksecret_remote`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_vpn_ipsec_phase1_interface - ``authpasswd``, ``group_authentication_secret``, ``ppk_secret``, ``psksecret``, and ``psksecret_remote`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_vpn_ssl_web_portal - ``logon_password`` and ``sso_password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_vpn_ssl_web_user_bookmark - ``logon_password`` and ``sso_password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_vpn_ssl_web_user_group_bookmark - ``logon_password`` and ``sso_password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_wireless_controller_inter_controller - ``inter_controller_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_wireless_controller_vap - ``captive_portal_macauth_radius_secret``, ``captive_portal_radius_secret``, ``key``, and ``passphrase`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_wireless_controller_wtp - ``login_passwd`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - fortios_wireless_controller_wtp_profile - ``fortipresence_secret`` and ``login_passwd`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - gcp_compute_instance - ``raw_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - gcp_container_cluster - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - gcp_sql_instance - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - icx_system - ``auth_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - ios_ntp - ``auth_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - logentries_msg - ``token`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - na_elementsw_cluster_snmp - ``password`` and ``passphrase`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - netscaler_lb_monitor - ``password`` and ``secondarypassword`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - nxos_aaa_server_host - ``key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - ovirt_auth - ``token`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - pingdom - ``key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - rollbar_deployment - ``token` no longer appears in logs (``no_log``) (CVE-2021-3447) + - stackdriver - ``key`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - tower_credential - ``security_token`` and ``secret`` no longer appears in logs (``no_log``) (CVE-2021-3447) + - zabbix_action - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) diff --git a/lib/ansible/modules/cloud/azure/azure_rm_devtestlabartifactsource.py b/lib/ansible/modules/cloud/azure/azure_rm_devtestlabartifactsource.py index 99eb44bc31..5fa1dff7b7 100644 --- a/lib/ansible/modules/cloud/azure/azure_rm_devtestlabartifactsource.py +++ b/lib/ansible/modules/cloud/azure/azure_rm_devtestlabartifactsource.py @@ -164,7 +164,8 @@ class AzureRMDevTestLabArtifactsSource(AzureRMModuleBase): type='str' ), security_token=dict( - type='str' + type='str', + no_log=True ), is_enabled=dict( type='bool' diff --git a/lib/ansible/modules/cloud/azure/azure_rm_roledefinition.py b/lib/ansible/modules/cloud/azure/azure_rm_roledefinition.py index 30308eedc5..e98507d6d1 100644 --- a/lib/ansible/modules/cloud/azure/azure_rm_roledefinition.py +++ b/lib/ansible/modules/cloud/azure/azure_rm_roledefinition.py @@ -116,19 +116,19 @@ except ImportError: permission_spec = dict( actions=dict( type='list', - options=dict(type='str') + elements='str', ), not_actions=dict( type='list', - options=dict(type='str') + elements='str', ), data_actions=dict( type='list', - options=dict(type='str') + elements='str', ), not_data_actions=dict( type='list', - options=dict(type='str') + elements='str', ), ) diff --git a/lib/ansible/modules/cloud/google/gcp_compute_instance.py b/lib/ansible/modules/cloud/google/gcp_compute_instance.py index 49f6ca8dfe..7c483a6988 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_instance.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_instance.py @@ -994,7 +994,10 @@ def main(): auto_delete=dict(type='bool'), boot=dict(type='bool'), device_name=dict(type='str'), - disk_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'), rsa_encrypted_key=dict(type='str'))), + disk_encryption_key=dict( + type='dict', + options=dict(raw_key=dict(type='str', no_log=True), rsa_encrypted_key=dict(type='str', no_log=True)) + ), index=dict(type='int'), initialize_params=dict( type='dict', @@ -1003,7 +1006,7 @@ def main(): disk_size_gb=dict(type='int'), disk_type=dict(type='str'), source_image=dict(type='str', aliases=['image', 'image_family']), - source_image_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'))), + source_image_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str', no_log=True))), ), ), interface=dict(type='str'), diff --git a/lib/ansible/modules/cloud/google/gcp_container_cluster.py b/lib/ansible/modules/cloud/google/gcp_container_cluster.py index d525a1d962..430e11d1f8 100644 --- a/lib/ansible/modules/cloud/google/gcp_container_cluster.py +++ b/lib/ansible/modules/cloud/google/gcp_container_cluster.py @@ -1195,7 +1195,7 @@ def main(): type='dict', options=dict( username=dict(type='str'), - password=dict(type='str'), + password=dict(type='str', no_log=True), client_certificate_config=dict(type='dict', options=dict(issue_client_certificate=dict(type='bool'))), ), ), diff --git a/lib/ansible/modules/cloud/google/gcp_sql_instance.py b/lib/ansible/modules/cloud/google/gcp_sql_instance.py index db7b3a801b..92a9db223e 100644 --- a/lib/ansible/modules/cloud/google/gcp_sql_instance.py +++ b/lib/ansible/modules/cloud/google/gcp_sql_instance.py @@ -692,7 +692,7 @@ def main(): connect_retry_interval=dict(type='int'), dump_file_path=dict(type='str'), master_heartbeat_period=dict(type='int'), - password=dict(type='str'), + password=dict(type='str', no_log=True), ssl_cipher=dict(type='str'), username=dict(type='str'), verify_server_certificate=dict(type='bool'), diff --git a/lib/ansible/modules/cloud/ovirt/ovirt_auth.py b/lib/ansible/modules/cloud/ovirt/ovirt_auth.py index c8f7407b24..a7f8c8de76 100644 --- a/lib/ansible/modules/cloud/ovirt/ovirt_auth.py +++ b/lib/ansible/modules/cloud/ovirt/ovirt_auth.py @@ -223,7 +223,7 @@ def main(): kerberos=dict(required=False, type='bool', default=False), headers=dict(required=False, type='dict'), state=dict(default='present', choices=['present', 'absent']), - token=dict(default=None), + token=dict(default=None, no_log=True), ovirt_auth=dict(required=None, type='dict'), ), required_if=[ diff --git a/lib/ansible/modules/monitoring/pingdom.py b/lib/ansible/modules/monitoring/pingdom.py index a9025604f5..2636ffd543 100644 --- a/lib/ansible/modules/monitoring/pingdom.py +++ b/lib/ansible/modules/monitoring/pingdom.py @@ -113,7 +113,7 @@ def main(): checkid=dict(required=True), uid=dict(required=True), passwd=dict(required=True, no_log=True), - key=dict(required=True) + key=dict(required=True, no_log=True) ) ) diff --git a/lib/ansible/modules/monitoring/rollbar_deployment.py b/lib/ansible/modules/monitoring/rollbar_deployment.py index dfd45c480a..228b0baaec 100644 --- a/lib/ansible/modules/monitoring/rollbar_deployment.py +++ b/lib/ansible/modules/monitoring/rollbar_deployment.py @@ -91,7 +91,7 @@ def main(): module = AnsibleModule( argument_spec=dict( - token=dict(required=True), + token=dict(required=True, no_log=True), environment=dict(required=True), revision=dict(required=True), user=dict(required=False), diff --git a/lib/ansible/modules/monitoring/stackdriver.py b/lib/ansible/modules/monitoring/stackdriver.py index a33058a4ea..0c669d3e33 100644 --- a/lib/ansible/modules/monitoring/stackdriver.py +++ b/lib/ansible/modules/monitoring/stackdriver.py @@ -144,7 +144,7 @@ def main(): module = AnsibleModule( argument_spec=dict( - key=dict(required=True), + key=dict(required=True, no_log=True), event=dict(required=True, choices=['deploy', 'annotation']), msg=dict(), revision_id=dict(), diff --git a/lib/ansible/modules/monitoring/zabbix/zabbix_action.py b/lib/ansible/modules/monitoring/zabbix/zabbix_action.py index bf54d5605c..fc986afe6d 100644 --- a/lib/ansible/modules/monitoring/zabbix/zabbix_action.py +++ b/lib/ansible/modules/monitoring/zabbix/zabbix_action.py @@ -1753,7 +1753,7 @@ def main(): required=False, choices=['agent', 'server', 'proxy'] ), - password=dict(type='str', required=False), + password=dict(type='str', required=False, no_log=True), port=dict(type='int', required=False), run_on_groups=dict(type='list', required=False), run_on_hosts=dict(type='list', required=False), @@ -1845,7 +1845,7 @@ def main(): required=False, choices=['agent', 'server', 'proxy'] ), - password=dict(type='str', required=False), + password=dict(type='str', required=False, no_log=True), port=dict(type='int', required=False), run_on_groups=dict(type='list', required=False), run_on_hosts=dict(type='list', required=False), @@ -1929,7 +1929,7 @@ def main(): required=False, choices=['agent', 'server', 'proxy'] ), - password=dict(type='str', required=False), + password=dict(type='str', required=False, no_log=True), port=dict(type='int', required=False), run_on_groups=dict(type='list', required=False), run_on_hosts=dict(type='list', required=False), diff --git a/lib/ansible/modules/network/f5/bigip_device_license.py b/lib/ansible/modules/network/f5/bigip_device_license.py index f3c769e3b8..c6969a2bee 100644 --- a/lib/ansible/modules/network/f5/bigip_device_license.py +++ b/lib/ansible/modules/network/f5/bigip_device_license.py @@ -847,7 +847,7 @@ class ArgumentSpec(object): def __init__(self): self.supports_check_mode = True argument_spec = dict( - license_key=dict(), + license_key=dict(no_log=True), license_server=dict( default='activate.f5.com' ), diff --git a/lib/ansible/modules/network/f5/bigip_dns_nameserver.py b/lib/ansible/modules/network/f5/bigip_dns_nameserver.py index 9d92bb0278..ca051b9139 100644 --- a/lib/ansible/modules/network/f5/bigip_dns_nameserver.py +++ b/lib/ansible/modules/network/f5/bigip_dns_nameserver.py @@ -433,7 +433,7 @@ class ArgumentSpec(object): address=dict(), service_port=dict(), route_domain=dict(), - tsig_key=dict(), + tsig_key=dict(no_log=True), state=dict( default='present', choices=['present', 'absent'] diff --git a/lib/ansible/modules/network/f5/bigip_dns_zone.py b/lib/ansible/modules/network/f5/bigip_dns_zone.py index 73496a1e58..82e1daf88a 100644 --- a/lib/ansible/modules/network/f5/bigip_dns_zone.py +++ b/lib/ansible/modules/network/f5/bigip_dns_zone.py @@ -663,7 +663,7 @@ class ArgumentSpec(object): ) ), nameservers=dict(type='list'), - tsig_server_key=dict(), + tsig_server_key=dict(no_log=True), partition=dict( default='Common', fallback=(env_fallback, ['F5_PARTITION']) diff --git a/lib/ansible/modules/network/f5/bigip_profile_client_ssl.py b/lib/ansible/modules/network/f5/bigip_profile_client_ssl.py index d43cd62975..b170e7af7e 100644 --- a/lib/ansible/modules/network/f5/bigip_profile_client_ssl.py +++ b/lib/ansible/modules/network/f5/bigip_profile_client_ssl.py @@ -1061,9 +1061,9 @@ class ArgumentSpec(object): type='list', options=dict( cert=dict(required=True), - key=dict(required=True), + key=dict(required=True, no_log=True), chain=dict(), - passphrase=dict() + passphrase=dict(no_log=True) ) ), state=dict( diff --git a/lib/ansible/modules/network/fortios/fortios_dlp_fp_doc_source.py b/lib/ansible/modules/network/fortios/fortios_dlp_fp_doc_source.py index e0c9d5a3b9..a5980f4428 100644 --- a/lib/ansible/modules/network/fortios/fortios_dlp_fp_doc_source.py +++ b/lib/ansible/modules/network/fortios/fortios_dlp_fp_doc_source.py @@ -415,7 +415,7 @@ def main(): "keep_modified": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "name": {"required": True, "type": "str"}, - "password": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, "period": {"required": False, "type": "str", "choices": ["none", "daily", "weekly", "monthly"]}, diff --git a/lib/ansible/modules/network/fortios/fortios_endpoint_control_forticlient_ems.py b/lib/ansible/modules/network/fortios/fortios_endpoint_control_forticlient_ems.py index f894b5f51f..7fa61cfd89 100644 --- a/lib/ansible/modules/network/fortios/fortios_endpoint_control_forticlient_ems.py +++ b/lib/ansible/modules/network/fortios/fortios_endpoint_control_forticlient_ems.py @@ -342,7 +342,7 @@ def main(): "state": {"required": False, "type": "str", "choices": ["present", "absent"]}, "address": {"required": False, "type": "str"}, - "admin_password": {"required": False, "type": "str"}, + "admin_password": {"required": False, "type": "str", "no_log": True}, "admin_type": {"required": False, "type": "str", "choices": ["Windows", "LDAP"]}, "admin_username": {"required": False, "type": "str"}, diff --git a/lib/ansible/modules/network/fortios/fortios_endpoint_control_profile.py b/lib/ansible/modules/network/fortios/fortios_endpoint_control_profile.py index 990252b670..988758450b 100644 --- a/lib/ansible/modules/network/fortios/fortios_endpoint_control_profile.py +++ b/lib/ansible/modules/network/fortios/fortios_endpoint_control_profile.py @@ -977,7 +977,7 @@ def main(): "auth_method": {"required": False, "type": "str", "choices": ["psk", "certificate"]}, "name": {"required": True, "type": "str"}, - "preshared_key": {"required": False, "type": "str"}, + "preshared_key": {"required": False, "type": "str", "no_log": True}, "remote_gw": {"required": False, "type": "str"}, "sslvpn_access_port": {"required": False, "type": "int"}, "sslvpn_require_certificate": {"required": False, "type": "str", @@ -998,7 +998,7 @@ def main(): "auth_method": {"required": False, "type": "str", "choices": ["psk", "certificate"]}, "name": {"required": True, "type": "str"}, - "preshared_key": {"required": False, "type": "str"}, + "preshared_key": {"required": False, "type": "str", "no_log": True}, "remote_gw": {"required": False, "type": "str"}, "sslvpn_access_port": {"required": False, "type": "int"}, "sslvpn_require_certificate": {"required": False, "type": "str", diff --git a/lib/ansible/modules/network/fortios/fortios_endpoint_control_settings.py b/lib/ansible/modules/network/fortios/fortios_endpoint_control_settings.py index a1c5784167..ad5ba085ed 100644 --- a/lib/ansible/modules/network/fortios/fortios_endpoint_control_settings.py +++ b/lib/ansible/modules/network/fortios/fortios_endpoint_control_settings.py @@ -341,7 +341,7 @@ def main(): "forticlient_offline_grace": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "forticlient_offline_grace_interval": {"required": False, "type": "int"}, - "forticlient_reg_key": {"required": False, "type": "str"}, + "forticlient_reg_key": {"required": False, "type": "str", "no_log": True}, "forticlient_reg_key_enforce": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "forticlient_reg_timeout": {"required": False, "type": "int"}, diff --git a/lib/ansible/modules/network/fortios/fortios_extender_controller_extender.py b/lib/ansible/modules/network/fortios/fortios_extender_controller_extender.py index b1b7b43a79..db96315221 100644 --- a/lib/ansible/modules/network/fortios/fortios_extender_controller_extender.py +++ b/lib/ansible/modules/network/fortios/fortios_extender_controller_extender.py @@ -531,7 +531,7 @@ def main(): "options": { "state": {"required": False, "type": "str", "choices": ["present", "absent"]}, - "aaa_shared_secret": {"required": False, "type": "str"}, + "aaa_shared_secret": {"required": False, "type": "str", "no_log": True}, "access_point_name": {"required": False, "type": "str"}, "admin": {"required": False, "type": "str", "choices": ["disable", "discovered", "enable"]}, @@ -546,14 +546,14 @@ def main(): "choices": ["dial-on-demand", "always-connect"]}, "dial_status": {"required": False, "type": "int"}, "ext_name": {"required": False, "type": "str"}, - "ha_shared_secret": {"required": False, "type": "str"}, + "ha_shared_secret": {"required": False, "type": "str", "no_log": True}, "id": {"required": True, "type": "str"}, "ifname": {"required": False, "type": "str"}, "initiated_update": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "mode": {"required": False, "type": "str", "choices": ["standalone", "redundant"]}, - "modem_passwd": {"required": False, "type": "str"}, + "modem_passwd": {"required": False, "type": "str", "no_log": True}, "modem_type": {"required": False, "type": "str", "choices": ["cdma", "gsm/lte", "wimax"]}, "multi_mode": {"required": False, "type": "str", @@ -563,7 +563,7 @@ def main(): "choices": ["auto", "pap", "chap"]}, "ppp_echo_request": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "ppp_password": {"required": False, "type": "str"}, + "ppp_password": {"required": False, "type": "str", "no_log": True}, "ppp_username": {"required": False, "type": "str"}, "primary_ha": {"required": False, "type": "str"}, "quota_limit_mb": {"required": False, "type": "int"}, diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_ca.py b/lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_ca.py index 9e7f4b10bb..5bf3c1b729 100644 --- a/lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_ca.py +++ b/lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_ca.py @@ -312,8 +312,8 @@ def main(): "state": {"required": False, "type": "str", "choices": ["present", "absent"]}, "name": {"required": True, "type": "str"}, - "password": {"required": False, "type": "str"}, - "private_key": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, + "private_key": {"required": False, "type": "str", "no_log": True}, "public_key": {"required": False, "type": "str"}, "source": {"required": False, "type": "str", "choices": ["built-in", "user"]} diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_key.py b/lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_key.py index fd125b9b65..88aa3c26b9 100644 --- a/lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_key.py +++ b/lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_key.py @@ -312,8 +312,8 @@ def main(): "state": {"required": False, "type": "str", "choices": ["present", "absent"]}, "name": {"required": True, "type": "str"}, - "password": {"required": False, "type": "str"}, - "private_key": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, + "private_key": {"required": False, "type": "str", "no_log": True}, "public_key": {"required": False, "type": "str"}, "source": {"required": False, "type": "str", "choices": ["built-in", "user"]} diff --git a/lib/ansible/modules/network/fortios/fortios_log_disk_setting.py b/lib/ansible/modules/network/fortios/fortios_log_disk_setting.py index ee1b9cea67..6f1d9e2b77 100644 --- a/lib/ansible/modules/network/fortios/fortios_log_disk_setting.py +++ b/lib/ansible/modules/network/fortios/fortios_log_disk_setting.py @@ -476,7 +476,7 @@ def main(): "disable"]}, "uploaddir": {"required": False, "type": "str"}, "uploadip": {"required": False, "type": "str"}, - "uploadpass": {"required": False, "type": "str"}, + "uploadpass": {"required": False, "type": "str", "no_log": True}, "uploadport": {"required": False, "type": "int"}, "uploadsched": {"required": False, "type": "str", "choices": ["disable", "enable"]}, diff --git a/lib/ansible/modules/network/fortios/fortios_router_bgp.py b/lib/ansible/modules/network/fortios/fortios_router_bgp.py index 9c090de956..88d5836cc7 100644 --- a/lib/ansible/modules/network/fortios/fortios_router_bgp.py +++ b/lib/ansible/modules/network/fortios/fortios_router_bgp.py @@ -2083,7 +2083,7 @@ def main(): "choices": ["enable", "disable"]}, "passive": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "password": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, "prefix_list_in": {"required": False, "type": "str"}, "prefix_list_in6": {"required": False, "type": "str"}, "prefix_list_out": {"required": False, "type": "str"}, diff --git a/lib/ansible/modules/network/fortios/fortios_router_isis.py b/lib/ansible/modules/network/fortios/fortios_router_isis.py index 891f740573..93eaab47e3 100644 --- a/lib/ansible/modules/network/fortios/fortios_router_isis.py +++ b/lib/ansible/modules/network/fortios/fortios_router_isis.py @@ -872,8 +872,8 @@ def main(): "choices": ["password", "md5"]}, "auth_mode_l2": {"required": False, "type": "str", "choices": ["password", "md5"]}, - "auth_password_l1": {"required": False, "type": "str"}, - "auth_password_l2": {"required": False, "type": "str"}, + "auth_password_l1": {"required": False, "type": "str", "no_log": True}, + "auth_password_l2": {"required": False, "type": "str", "no_log": True}, "auth_sendonly_l1": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "auth_sendonly_l2": {"required": False, "type": "str", @@ -896,8 +896,8 @@ def main(): "choices": ["md5", "password"]}, "auth_mode_l2": {"required": False, "type": "str", "choices": ["md5", "password"]}, - "auth_password_l1": {"required": False, "type": "str"}, - "auth_password_l2": {"required": False, "type": "str"}, + "auth_password_l1": {"required": False, "type": "str", "no_log": True}, + "auth_password_l2": {"required": False, "type": "str", "no_log": True}, "auth_send_only_l1": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "auth_send_only_l2": {"required": False, "type": "str", diff --git a/lib/ansible/modules/network/fortios/fortios_router_key_chain.py b/lib/ansible/modules/network/fortios/fortios_router_key_chain.py index f94acd5681..2667009cef 100644 --- a/lib/ansible/modules/network/fortios/fortios_router_key_chain.py +++ b/lib/ansible/modules/network/fortios/fortios_router_key_chain.py @@ -297,7 +297,7 @@ def main(): "options": { "accept_lifetime": {"required": False, "type": "str"}, "id": {"required": True, "type": "str"}, - "key_string": {"required": False, "type": "str"}, + "key_string": {"required": False, "type": "str", "no_log": True}, "send_lifetime": {"required": False, "type": "str"} }}, "name": {"required": True, "type": "str"} diff --git a/lib/ansible/modules/network/fortios/fortios_router_ospf.py b/lib/ansible/modules/network/fortios/fortios_router_ospf.py index 67f01aafe8..ed7bc7d49c 100644 --- a/lib/ansible/modules/network/fortios/fortios_router_ospf.py +++ b/lib/ansible/modules/network/fortios/fortios_router_ospf.py @@ -960,10 +960,10 @@ def main(): "options": { "authentication": {"required": False, "type": "str", "choices": ["none", "text", "md5"]}, - "authentication_key": {"required": False, "type": "str"}, + "authentication_key": {"required": False, "type": "str", "no_log": True}, "dead_interval": {"required": False, "type": "int"}, "hello_interval": {"required": False, "type": "int"}, - "md5_key": {"required": False, "type": "str"}, + "md5_key": {"required": False, "type": "str", "no_log": True}, "name": {"required": True, "type": "str"}, "peer": {"required": False, "type": "str"}, "retransmit_interval": {"required": False, "type": "int"}, @@ -1017,7 +1017,7 @@ def main(): "options": { "authentication": {"required": False, "type": "str", "choices": ["none", "text", "md5"]}, - "authentication_key": {"required": False, "type": "str"}, + "authentication_key": {"required": False, "type": "str", "no_log": True}, "bfd": {"required": False, "type": "str", "choices": ["global", "enable", "disable"]}, "cost": {"required": False, "type": "int"}, @@ -1028,7 +1028,7 @@ def main(): "hello_multiplier": {"required": False, "type": "int"}, "interface": {"required": False, "type": "str"}, "ip": {"required": False, "type": "str"}, - "md5_key": {"required": False, "type": "str"}, + "md5_key": {"required": False, "type": "str", "no_log": True}, "mtu": {"required": False, "type": "int"}, "mtu_ignore": {"required": False, "type": "str", "choices": ["enable", "disable"]}, diff --git a/lib/ansible/modules/network/fortios/fortios_router_rip.py b/lib/ansible/modules/network/fortios/fortios_router_rip.py index 89d6376c31..21ab31a848 100644 --- a/lib/ansible/modules/network/fortios/fortios_router_rip.py +++ b/lib/ansible/modules/network/fortios/fortios_router_rip.py @@ -586,7 +586,7 @@ def main(): "auth_keychain": {"required": False, "type": "str"}, "auth_mode": {"required": False, "type": "str", "choices": ["none", "text", "md5"]}, - "auth_string": {"required": False, "type": "str"}, + "auth_string": {"required": False, "type": "str", "no_log": True}, "flags": {"required": False, "type": "int"}, "name": {"required": True, "type": "str"}, "receive_version": {"required": False, "type": "str", diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_switch_profile.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_switch_profile.py index 01afb47096..0cfe6c2df2 100644 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_switch_profile.py +++ b/lib/ansible/modules/network/fortios/fortios_switch_controller_switch_profile.py @@ -279,7 +279,7 @@ def main(): "switch_controller_switch_profile": { "required": False, "type": "dict", "default": None, "options": { - "login_passwd": {"required": False, "type": "str"}, + "login_passwd": {"required": False, "type": "str", "no_log": True}, "login_passwd_override": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "name": {"required": True, "type": "str"} diff --git a/lib/ansible/modules/network/fortios/fortios_system_admin.py b/lib/ansible/modules/network/fortios/fortios_system_admin.py index c2055c757c..4d7b068e3e 100644 --- a/lib/ansible/modules/network/fortios/fortios_system_admin.py +++ b/lib/ansible/modules/network/fortios/fortios_system_admin.py @@ -854,7 +854,7 @@ def main(): "email_to": {"required": False, "type": "str"}, "force_password_change": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "fortitoken": {"required": False, "type": "str"}, + "fortitoken": {"required": False, "type": "str", "no_log": True}, "guest_auth": {"required": False, "type": "str", "choices": ["disable", "enable"]}, "guest_lang": {"required": False, "type": "str"}, @@ -934,7 +934,7 @@ def main(): "usr_name": {"required": False, "type": "str"} }}, "name": {"required": True, "type": "str"}, - "password": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, "password_expire": {"required": False, "type": "str"}, "peer_auth": {"required": False, "type": "str", "choices": ["enable", "disable"]}, diff --git a/lib/ansible/modules/network/fortios/fortios_system_api_user.py b/lib/ansible/modules/network/fortios/fortios_system_api_user.py index ab0fde13c3..26b2534ed4 100644 --- a/lib/ansible/modules/network/fortios/fortios_system_api_user.py +++ b/lib/ansible/modules/network/fortios/fortios_system_api_user.py @@ -373,7 +373,7 @@ def main(): "state": {"required": False, "type": "str", "choices": ["present", "absent"]}, "accprofile": {"required": False, "type": "str"}, - "api_key": {"required": False, "type": "str"}, + "api_key": {"required": False, "type": "str", "no_log": True}, "comments": {"required": False, "type": "str"}, "cors_allow_origin": {"required": False, "type": "str"}, "name": {"required": True, "type": "str"}, diff --git a/lib/ansible/modules/network/fortios/fortios_system_automation_action.py b/lib/ansible/modules/network/fortios/fortios_system_automation_action.py index cc909cecee..a4a9f7efa9 100644 --- a/lib/ansible/modules/network/fortios/fortios_system_automation_action.py +++ b/lib/ansible/modules/network/fortios/fortios_system_automation_action.py @@ -402,7 +402,7 @@ def main(): "disable-ssid", "quarantine", "quarantine-forticlient", "ban-ip", "aws-lambda", "webhook"]}, "aws_api_id": {"required": False, "type": "str"}, - "aws_api_key": {"required": False, "type": "str"}, + "aws_api_key": {"required": False, "type": "str", "no_log": True}, "aws_api_path": {"required": False, "type": "str"}, "aws_api_stage": {"required": False, "type": "str"}, "aws_domain": {"required": False, "type": "str"}, diff --git a/lib/ansible/modules/network/fortios/fortios_system_autoupdate_tunneling.py b/lib/ansible/modules/network/fortios/fortios_system_autoupdate_tunneling.py index 499a80728a..bd92de5a14 100644 --- a/lib/ansible/modules/network/fortios/fortios_system_autoupdate_tunneling.py +++ b/lib/ansible/modules/network/fortios/fortios_system_autoupdate_tunneling.py @@ -270,7 +270,7 @@ def main(): "required": False, "type": "dict", "default": None, "options": { "address": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, "port": {"required": False, "type": "int"}, "status": {"required": False, "type": "str", "choices": ["enable", "disable"]}, diff --git a/lib/ansible/modules/network/fortios/fortios_system_csf.py b/lib/ansible/modules/network/fortios/fortios_system_csf.py index a35637d76d..be89dd15a0 100644 --- a/lib/ansible/modules/network/fortios/fortios_system_csf.py +++ b/lib/ansible/modules/network/fortios/fortios_system_csf.py @@ -372,11 +372,11 @@ def main(): "choices": ["fortimail"]}, "login": {"required": False, "type": "str"}, "name": {"required": True, "type": "str"}, - "password": {"required": False, "type": "str"} + "password": {"required": False, "type": "str", "no_log": True} }}, "fixed_key": {"required": False, "type": "str"}, "group_name": {"required": False, "type": "str"}, - "group_password": {"required": False, "type": "str"}, + "group_password": {"required": False, "type": "str", "no_log": True}, "management_ip": {"required": False, "type": "str"}, "management_port": {"required": False, "type": "int"}, "status": {"required": False, "type": "str", diff --git a/lib/ansible/modules/network/fortios/fortios_system_ddns.py b/lib/ansible/modules/network/fortios/fortios_system_ddns.py index eb8665e592..0564dfc3bd 100644 --- a/lib/ansible/modules/network/fortios/fortios_system_ddns.py +++ b/lib/ansible/modules/network/fortios/fortios_system_ddns.py @@ -391,7 +391,7 @@ def main(): "ddns_domain": {"required": False, "type": "str"}, "ddns_key": {"required": False, "type": "str"}, "ddns_keyname": {"required": False, "type": "str"}, - "ddns_password": {"required": False, "type": "str"}, + "ddns_password": {"required": False, "type": "str", "no_log": True}, "ddns_server": {"required": False, "type": "str", "choices": ["dyndns.org", "dyns.net", "tzo.com", "vavic.com", "dipdns.net", "now.net.cn", diff --git a/lib/ansible/modules/network/fortios/fortios_system_email_server.py b/lib/ansible/modules/network/fortios/fortios_system_email_server.py index 8944928b96..78c255ad6c 100644 --- a/lib/ansible/modules/network/fortios/fortios_system_email_server.py +++ b/lib/ansible/modules/network/fortios/fortios_system_email_server.py @@ -326,7 +326,7 @@ def main(): "options": { "authenticate": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "password": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, "port": {"required": False, "type": "int"}, "reply_to": {"required": False, "type": "str"}, "security": {"required": False, "type": "str", diff --git a/lib/ansible/modules/network/fortios/fortios_system_fsso_polling.py b/lib/ansible/modules/network/fortios/fortios_system_fsso_polling.py index ec6af242a9..80caacbce2 100644 --- a/lib/ansible/modules/network/fortios/fortios_system_fsso_polling.py +++ b/lib/ansible/modules/network/fortios/fortios_system_fsso_polling.py @@ -267,7 +267,7 @@ def main(): "system_fsso_polling": { "required": False, "type": "dict", "default": None, "options": { - "auth_password": {"required": False, "type": "str"}, + "auth_password": {"required": False, "type": "str", "no_log": True}, "authentication": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "listening_port": {"required": False, "type": "int"}, diff --git a/lib/ansible/modules/network/fortios/fortios_system_ha.py b/lib/ansible/modules/network/fortios/fortios_system_ha.py index d7559e79a8..1becfa618d 100644 --- a/lib/ansible/modules/network/fortios/fortios_system_ha.py +++ b/lib/ansible/modules/network/fortios/fortios_system_ha.py @@ -800,7 +800,7 @@ def main(): "override": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "override_wait_time": {"required": False, "type": "int"}, - "password": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, "pingserver_failover_threshold": {"required": False, "type": "int"}, "pingserver_flip_timeout": {"required": False, "type": "int"}, "pingserver_monitor_interface": {"required": False, "type": "str"}, diff --git a/lib/ansible/modules/network/fortios/fortios_system_interface.py b/lib/ansible/modules/network/fortios/fortios_system_interface.py index 306adc9007..47cd49800e 100644 --- a/lib/ansible/modules/network/fortios/fortios_system_interface.py +++ b/lib/ansible/modules/network/fortios/fortios_system_interface.py @@ -2372,7 +2372,7 @@ def main(): "both"]}, "outbandwidth": {"required": False, "type": "int"}, "padt_retry_timeout": {"required": False, "type": "int"}, - "password": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, "ping_serv_status": {"required": False, "type": "int"}, "polling_interval": {"required": False, "type": "int"}, "pppoe_unnumbered_negotiate": {"required": False, "type": "str", @@ -2382,7 +2382,7 @@ def main(): "mschapv1", "mschapv2"]}, "pptp_client": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "pptp_password": {"required": False, "type": "str"}, + "pptp_password": {"required": False, "type": "str", "no_log": True}, "pptp_server_ip": {"required": False, "type": "str"}, "pptp_timeout": {"required": False, "type": "int"}, "pptp_user": {"required": False, "type": "str"}, diff --git a/lib/ansible/modules/network/fortios/fortios_system_link_monitor.py b/lib/ansible/modules/network/fortios/fortios_system_link_monitor.py index 6536163dea..af6d6e7b97 100644 --- a/lib/ansible/modules/network/fortios/fortios_system_link_monitor.py +++ b/lib/ansible/modules/network/fortios/fortios_system_link_monitor.py @@ -424,7 +424,7 @@ def main(): "interval": {"required": False, "type": "int"}, "name": {"required": True, "type": "str"}, "packet_size": {"required": False, "type": "int"}, - "password": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, "port": {"required": False, "type": "int"}, "protocol": {"required": False, "type": "str", "choices": ["ping", "tcp-echo", "udp-echo", diff --git a/lib/ansible/modules/network/fortios/fortios_system_mobile_tunnel.py b/lib/ansible/modules/network/fortios/fortios_system_mobile_tunnel.py index cafeda5b16..73fd98fde9 100644 --- a/lib/ansible/modules/network/fortios/fortios_system_mobile_tunnel.py +++ b/lib/ansible/modules/network/fortios/fortios_system_mobile_tunnel.py @@ -373,7 +373,7 @@ def main(): "home_address": {"required": False, "type": "str"}, "home_agent": {"required": False, "type": "str"}, "lifetime": {"required": False, "type": "int"}, - "n_mhae_key": {"required": False, "type": "str"}, + "n_mhae_key": {"required": False, "type": "str", "no_log": True}, "n_mhae_key_type": {"required": False, "type": "str", "choices": ["ascii", "base64"]}, "n_mhae_spi": {"required": False, "type": "int"}, diff --git a/lib/ansible/modules/network/fortios/fortios_system_ntp.py b/lib/ansible/modules/network/fortios/fortios_system_ntp.py index 000bcbfe29..a2a6822a59 100644 --- a/lib/ansible/modules/network/fortios/fortios_system_ntp.py +++ b/lib/ansible/modules/network/fortios/fortios_system_ntp.py @@ -347,7 +347,7 @@ def main(): "authentication": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "id": {"required": True, "type": "int"}, - "key": {"required": False, "type": "str"}, + "key": {"required": False, "type": "str", "no_log": True}, "key_id": {"required": False, "type": "int"}, "ntpv3": {"required": False, "type": "str", "choices": ["enable", "disable"]}, diff --git a/lib/ansible/modules/network/fortios/fortios_system_pppoe_interface.py b/lib/ansible/modules/network/fortios/fortios_system_pppoe_interface.py index 38f612d5fa..d60b0bc344 100644 --- a/lib/ansible/modules/network/fortios/fortios_system_pppoe_interface.py +++ b/lib/ansible/modules/network/fortios/fortios_system_pppoe_interface.py @@ -376,7 +376,7 @@ def main(): "lcp_max_echo_fails": {"required": False, "type": "int"}, "name": {"required": True, "type": "str"}, "padt_retry_timeout": {"required": False, "type": "int"}, - "password": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, "pppoe_unnumbered_negotiate": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "service_name": {"required": False, "type": "str"}, diff --git a/lib/ansible/modules/network/fortios/fortios_system_probe_response.py b/lib/ansible/modules/network/fortios/fortios_system_probe_response.py index cea8d3730a..e11ecf3c4f 100644 --- a/lib/ansible/modules/network/fortios/fortios_system_probe_response.py +++ b/lib/ansible/modules/network/fortios/fortios_system_probe_response.py @@ -291,7 +291,7 @@ def main(): "http_probe_value": {"required": False, "type": "str"}, "mode": {"required": False, "type": "str", "choices": ["none", "http-probe", "twamp"]}, - "password": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, "port": {"required": False, "type": "int"}, "security_mode": {"required": False, "type": "str", "choices": ["none", "authentication"]}, diff --git a/lib/ansible/modules/network/fortios/fortios_system_sdn_connector.py b/lib/ansible/modules/network/fortios/fortios_system_sdn_connector.py index 9a6f0fb45f..e9637cc392 100644 --- a/lib/ansible/modules/network/fortios/fortios_system_sdn_connector.py +++ b/lib/ansible/modules/network/fortios/fortios_system_sdn_connector.py @@ -557,19 +557,19 @@ def main(): "options": { "state": {"required": False, "type": "str", "choices": ["present", "absent"]}, - "access_key": {"required": False, "type": "str"}, + "access_key": {"required": False, "type": "str", "no_log": True}, "azure_region": {"required": False, "type": "str", "choices": ["global", "china", "germany", "usgov", "local"]}, "client_id": {"required": False, "type": "str"}, - "client_secret": {"required": False, "type": "str"}, + "client_secret": {"required": False, "type": "str", "no_log": True}, "compartment_id": {"required": False, "type": "str"}, "external_ip": {"required": False, "type": "list", "options": { "name": {"required": True, "type": "str"} }}, "gcp_project": {"required": False, "type": "str"}, - "key_passwd": {"required": False, "type": "str"}, + "key_passwd": {"required": False, "type": "str", "no_log": True}, "login_endpoint": {"required": False, "type": "str"}, "name": {"required": True, "type": "str"}, "nic": {"required": False, "type": "list", @@ -586,8 +586,8 @@ def main(): "oci_region": {"required": False, "type": "str", "choices": ["phoenix", "ashburn", "frankfurt", "london"]}, - "password": {"required": False, "type": "str"}, - "private_key": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, + "private_key": {"required": False, "type": "str", "no_log": True}, "region": {"required": False, "type": "str"}, "resource_group": {"required": False, "type": "str"}, "resource_url": {"required": False, "type": "str"}, @@ -604,7 +604,7 @@ def main(): "next_hop": {"required": False, "type": "str"} }} }}, - "secret_key": {"required": False, "type": "str"}, + "secret_key": {"required": False, "type": "str", "no_log": True}, "server": {"required": False, "type": "str"}, "server_port": {"required": False, "type": "int"}, "service_account": {"required": False, "type": "str"}, diff --git a/lib/ansible/modules/network/fortios/fortios_system_virtual_wan_link.py b/lib/ansible/modules/network/fortios/fortios_system_virtual_wan_link.py index 6a3b1a3262..f6a4f4e7e6 100644 --- a/lib/ansible/modules/network/fortios/fortios_system_virtual_wan_link.py +++ b/lib/ansible/modules/network/fortios/fortios_system_virtual_wan_link.py @@ -966,7 +966,7 @@ def main(): }}, "name": {"required": True, "type": "str"}, "packet_size": {"required": False, "type": "int"}, - "password": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, "port": {"required": False, "type": "int"}, "protocol": {"required": False, "type": "str", "choices": ["ping", "tcp-echo", "udp-echo", diff --git a/lib/ansible/modules/network/fortios/fortios_system_wccp.py b/lib/ansible/modules/network/fortios/fortios_system_wccp.py index c4d5213d9b..ff1d2f8577 100644 --- a/lib/ansible/modules/network/fortios/fortios_system_wccp.py +++ b/lib/ansible/modules/network/fortios/fortios_system_wccp.py @@ -432,7 +432,7 @@ def main(): "forward_method": {"required": False, "type": "str", "choices": ["GRE", "L2", "any"]}, "group_address": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, "ports": {"required": False, "type": "str"}, "ports_defined": {"required": False, "type": "str", "choices": ["source", "destination"]}, diff --git a/lib/ansible/modules/network/fortios/fortios_user_fortitoken.py b/lib/ansible/modules/network/fortios/fortios_user_fortitoken.py index dfdc3785d4..401cdf83cf 100644 --- a/lib/ansible/modules/network/fortios/fortios_user_fortitoken.py +++ b/lib/ansible/modules/network/fortios/fortios_user_fortitoken.py @@ -309,14 +309,14 @@ def main(): "user_fortitoken": { "required": False, "type": "dict", "default": None, "options": { - "activation_code": {"required": False, "type": "str"}, + "activation_code": {"required": False, "type": "str", "no_log": True}, "activation_expire": {"required": False, "type": "int"}, "comments": {"required": False, "type": "str"}, - "license": {"required": False, "type": "str"}, + "license": {"required": False, "type": "str", "no_log": True}, "os_ver": {"required": False, "type": "str"}, "reg_id": {"required": False, "type": "str"}, - "seed": {"required": False, "type": "str"}, - "serial_number": {"required": False, "type": "str"}, + "seed": {"required": False, "type": "str", "no_log": True}, + "serial_number": {"required": False, "type": "str", "no_log": True}, "status": {"required": False, "type": "str", "choices": ["active", "lock"]} diff --git a/lib/ansible/modules/network/fortios/fortios_user_fsso.py b/lib/ansible/modules/network/fortios/fortios_user_fsso.py index f1b07d810a..229b1fa9fd 100644 --- a/lib/ansible/modules/network/fortios/fortios_user_fsso.py +++ b/lib/ansible/modules/network/fortios/fortios_user_fsso.py @@ -363,11 +363,11 @@ def main(): "options": { "ldap_server": {"required": False, "type": "str"}, "name": {"required": True, "type": "str"}, - "password": {"required": False, "type": "str"}, - "password2": {"required": False, "type": "str"}, - "password3": {"required": False, "type": "str"}, - "password4": {"required": False, "type": "str"}, - "password5": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, + "password2": {"required": False, "type": "str", "no_log": True}, + "password3": {"required": False, "type": "str", "no_log": True}, + "password4": {"required": False, "type": "str", "no_log": True}, + "password5": {"required": False, "type": "str", "no_log": True}, "port": {"required": False, "type": "int"}, "port2": {"required": False, "type": "int"}, "port3": {"required": False, "type": "int"}, diff --git a/lib/ansible/modules/network/fortios/fortios_user_fsso_polling.py b/lib/ansible/modules/network/fortios/fortios_user_fsso_polling.py index 23bd3d4e1b..0b1b505480 100644 --- a/lib/ansible/modules/network/fortios/fortios_user_fsso_polling.py +++ b/lib/ansible/modules/network/fortios/fortios_user_fsso_polling.py @@ -337,7 +337,7 @@ def main(): "id": {"required": True, "type": "int"}, "ldap_server": {"required": False, "type": "str"}, "logon_history": {"required": False, "type": "int"}, - "password": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, "polling_frequency": {"required": False, "type": "int"}, "port": {"required": False, "type": "int"}, "server": {"required": False, "type": "str"}, diff --git a/lib/ansible/modules/network/fortios/fortios_user_group.py b/lib/ansible/modules/network/fortios/fortios_user_group.py index 639863b625..b984d3ad74 100644 --- a/lib/ansible/modules/network/fortios/fortios_user_group.py +++ b/lib/ansible/modules/network/fortios/fortios_user_group.py @@ -525,7 +525,7 @@ def main(): "expiration": {"required": False, "type": "str"}, "mobile_phone": {"required": False, "type": "str"}, "name": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, "sponsor": {"required": False, "type": "str"}, "user_id": {"required": False, "type": "str"} }}, diff --git a/lib/ansible/modules/network/fortios/fortios_user_krb_keytab.py b/lib/ansible/modules/network/fortios/fortios_user_krb_keytab.py index 1489fc586c..3f874b8f04 100644 --- a/lib/ansible/modules/network/fortios/fortios_user_krb_keytab.py +++ b/lib/ansible/modules/network/fortios/fortios_user_krb_keytab.py @@ -281,7 +281,7 @@ def main(): "user_krb_keytab": { "required": False, "type": "dict", "default": None, "options": { - "keytab": {"required": False, "type": "str"}, + "keytab": {"required": False, "type": "str", "no_log": True}, "ldap_server": {"required": False, "type": "str"}, "name": {"required": True, "type": "str"}, "principal": {"required": False, "type": "str"} diff --git a/lib/ansible/modules/network/fortios/fortios_user_ldap.py b/lib/ansible/modules/network/fortios/fortios_user_ldap.py index c5361593ac..c2f1757678 100644 --- a/lib/ansible/modules/network/fortios/fortios_user_ldap.py +++ b/lib/ansible/modules/network/fortios/fortios_user_ldap.py @@ -430,7 +430,7 @@ def main(): "group_search_base": {"required": False, "type": "str"}, "member_attr": {"required": False, "type": "str"}, "name": {"required": True, "type": "str"}, - "password": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, "password_expiry_warning": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "password_renewal": {"required": False, "type": "str", diff --git a/lib/ansible/modules/network/fortios/fortios_user_local.py b/lib/ansible/modules/network/fortios/fortios_user_local.py index e3839bdc0c..1418b8f9ac 100644 --- a/lib/ansible/modules/network/fortios/fortios_user_local.py +++ b/lib/ansible/modules/network/fortios/fortios_user_local.py @@ -396,15 +396,15 @@ def main(): "auth_concurrent_value": {"required": False, "type": "int"}, "authtimeout": {"required": False, "type": "int"}, "email_to": {"required": False, "type": "str"}, - "fortitoken": {"required": False, "type": "str"}, + "fortitoken": {"required": False, "type": "str", "no_log": True}, "id": {"required": False, "type": "int"}, "ldap_server": {"required": False, "type": "str"}, "name": {"required": True, "type": "str"}, - "passwd": {"required": False, "type": "str"}, + "passwd": {"required": False, "type": "str", "no_log": True}, "passwd_policy": {"required": False, "type": "str"}, "passwd_time": {"required": False, "type": "str"}, "ppk_identity": {"required": False, "type": "str"}, - "ppk_secret": {"required": False, "type": "str"}, + "ppk_secret": {"required": False, "type": "str", "no_log": True}, "radius_server": {"required": False, "type": "str"}, "sms_custom_server": {"required": False, "type": "str"}, "sms_phone": {"required": False, "type": "str"}, diff --git a/lib/ansible/modules/network/fortios/fortios_user_peer.py b/lib/ansible/modules/network/fortios/fortios_user_peer.py index 840b098bd2..e4c9da86eb 100644 --- a/lib/ansible/modules/network/fortios/fortios_user_peer.py +++ b/lib/ansible/modules/network/fortios/fortios_user_peer.py @@ -352,14 +352,14 @@ def main(): "ipv4", "ipv6"]}, "ldap_mode": {"required": False, "type": "str", "choices": ["password", "principal-name"]}, - "ldap_password": {"required": False, "type": "str"}, + "ldap_password": {"required": False, "type": "str", "no_log": True}, "ldap_server": {"required": False, "type": "str"}, "ldap_username": {"required": False, "type": "str"}, "mandatory_ca_verify": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "name": {"required": True, "type": "str"}, "ocsp_override_server": {"required": False, "type": "str"}, - "passwd": {"required": False, "type": "str"}, + "passwd": {"required": False, "type": "str", "no_log": True}, "subject": {"required": False, "type": "str"}, "two_factor": {"required": False, "type": "str", "choices": ["enable", "disable"]} diff --git a/lib/ansible/modules/network/fortios/fortios_user_radius.py b/lib/ansible/modules/network/fortios/fortios_user_radius.py index 7d89516c19..6bf5108ab9 100644 --- a/lib/ansible/modules/network/fortios/fortios_user_radius.py +++ b/lib/ansible/modules/network/fortios/fortios_user_radius.py @@ -658,7 +658,7 @@ def main(): "options": { "id": {"required": True, "type": "int"}, "port": {"required": False, "type": "int"}, - "secret": {"required": False, "type": "str"}, + "secret": {"required": False, "type": "str", "no_log": True}, "server": {"required": False, "type": "str"}, "source_ip": {"required": False, "type": "str"}, "status": {"required": False, "type": "str", @@ -720,12 +720,12 @@ def main(): "rsso_radius_response": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "rsso_radius_server_port": {"required": False, "type": "int"}, - "rsso_secret": {"required": False, "type": "str"}, + "rsso_secret": {"required": False, "type": "str", "no_log": True}, "rsso_validate_request_secret": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "secondary_secret": {"required": False, "type": "str"}, + "secondary_secret": {"required": False, "type": "str", "no_log": True}, "secondary_server": {"required": False, "type": "str"}, - "secret": {"required": False, "type": "str"}, + "secret": {"required": False, "type": "str", "no_log": True}, "server": {"required": False, "type": "str"}, "source_ip": {"required": False, "type": "str"}, "sso_attribute": {"required": False, "type": "str", @@ -740,7 +740,7 @@ def main(): "sso_attribute_key": {"required": False, "type": "str"}, "sso_attribute_value_override": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "tertiary_secret": {"required": False, "type": "str"}, + "tertiary_secret": {"required": False, "type": "str", "no_log": True}, "tertiary_server": {"required": False, "type": "str"}, "timeout": {"required": False, "type": "int"}, "use_management_vdom": {"required": False, "type": "str", diff --git a/lib/ansible/modules/network/fortios/fortios_user_tacacsplus.py b/lib/ansible/modules/network/fortios/fortios_user_tacacsplus.py index 08c646de18..eadf8f6606 100644 --- a/lib/ansible/modules/network/fortios/fortios_user_tacacsplus.py +++ b/lib/ansible/modules/network/fortios/fortios_user_tacacsplus.py @@ -354,14 +354,14 @@ def main(): "ascii", "auto"]}, "authorization": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "key": {"required": False, "type": "str"}, + "key": {"required": False, "type": "str", "no_log": True}, "name": {"required": True, "type": "str"}, "port": {"required": False, "type": "int"}, - "secondary_key": {"required": False, "type": "str"}, + "secondary_key": {"required": False, "type": "str", "no_log": True}, "secondary_server": {"required": False, "type": "str"}, "server": {"required": False, "type": "str"}, "source_ip": {"required": False, "type": "str"}, - "tertiary_key": {"required": False, "type": "str"}, + "tertiary_key": {"required": False, "type": "str", "no_log": True}, "tertiary_server": {"required": False, "type": "str"} } diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_certificate_crl.py b/lib/ansible/modules/network/fortios/fortios_vpn_certificate_crl.py index 047272604c..1ea1615046 100644 --- a/lib/ansible/modules/network/fortios/fortios_vpn_certificate_crl.py +++ b/lib/ansible/modules/network/fortios/fortios_vpn_certificate_crl.py @@ -344,7 +344,7 @@ def main(): "crl": {"required": False, "type": "str"}, "http_url": {"required": False, "type": "str"}, "last_updated": {"required": False, "type": "int"}, - "ldap_password": {"required": False, "type": "str"}, + "ldap_password": {"required": False, "type": "str", "no_log": True}, "ldap_server": {"required": False, "type": "str"}, "ldap_username": {"required": False, "type": "str"}, "name": {"required": True, "type": "str"}, diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_certificate_local.py b/lib/ansible/modules/network/fortios/fortios_vpn_certificate_local.py index 84ecec1f15..ed562cfa75 100644 --- a/lib/ansible/modules/network/fortios/fortios_vpn_certificate_local.py +++ b/lib/ansible/modules/network/fortios/fortios_vpn_certificate_local.py @@ -427,11 +427,11 @@ def main(): "name": {"required": True, "type": "str"}, "name_encoding": {"required": False, "type": "str", "choices": ["printable", "utf8"]}, - "password": {"required": False, "type": "str"}, - "private_key": {"required": False, "type": "str"}, + "password": {"required": False, "type": "str", "no_log": True}, + "private_key": {"required": False, "type": "str", "no_log": True}, "range": {"required": False, "type": "str", "choices": ["global", "vdom"]}, - "scep_password": {"required": False, "type": "str"}, + "scep_password": {"required": False, "type": "str", "no_log": True}, "scep_url": {"required": False, "type": "str"}, "source": {"required": False, "type": "str", "choices": ["factory", "user", "bundle"]}, diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey.py b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey.py index 56200378a7..be9f1d7fee 100644 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey.py +++ b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey.py @@ -348,8 +348,8 @@ def main(): "authentication": {"required": False, "type": "str", "choices": ["null", "md5", "sha1", "sha256", "sha384", "sha512"]}, - "authkey": {"required": False, "type": "str"}, - "enckey": {"required": False, "type": "str"}, + "authkey": {"required": False, "type": "str", "no_log": True}, + "enckey": {"required": False, "type": "str", "no_log": True}, "encryption": {"required": False, "type": "str", "choices": ["null", "des"]}, "interface": {"required": False, "type": "str"}, diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey_interface.py b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey_interface.py index 9a49eb6acd..171001201f 100644 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey_interface.py +++ b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey_interface.py @@ -377,10 +377,10 @@ def main(): "auth_alg": {"required": False, "type": "str", "choices": ["null", "md5", "sha1", "sha256", "sha384", "sha512"]}, - "auth_key": {"required": False, "type": "str"}, + "auth_key": {"required": False, "type": "str", "no_log": True}, "enc_alg": {"required": False, "type": "str", "choices": ["null", "des"]}, - "enc_key": {"required": False, "type": "str"}, + "enc_key": {"required": False, "type": "str", "no_log": True}, "interface": {"required": False, "type": "str"}, "ip_version": {"required": False, "type": "str", "choices": ["4", "6"]}, diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1.py b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1.py index df838c88f9..2b5aaaec40 100644 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1.py +++ b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1.py @@ -1063,7 +1063,7 @@ def main(): "choices": ["psk", "signature"]}, "authmethod_remote": {"required": False, "type": "str", "choices": ["psk", "signature"]}, - "authpasswd": {"required": False, "type": "str"}, + "authpasswd": {"required": False, "type": "str", "no_log": True}, "authusr": {"required": False, "type": "str"}, "authusrgrp": {"required": False, "type": "str"}, "auto_negotiate": {"required": False, "type": "str", @@ -1116,7 +1116,7 @@ def main(): "fragmentation_mtu": {"required": False, "type": "int"}, "group_authentication": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "group_authentication_secret": {"required": False, "type": "str"}, + "group_authentication_secret": {"required": False, "type": "str", "no_log": True}, "ha_sync_esp_seqno": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "idle_timeout": {"required": False, "type": "str", @@ -1185,13 +1185,13 @@ def main(): "ppk": {"required": False, "type": "str", "choices": ["disable", "allow", "require"]}, "ppk_identity": {"required": False, "type": "str"}, - "ppk_secret": {"required": False, "type": "str"}, + "ppk_secret": {"required": False, "type": "str", "no_log": True}, "priority": {"required": False, "type": "int"}, "proposal": {"required": False, "type": "str", "choices": ["des-md5", "des-sha1", "des-sha256", "des-sha384", "des-sha512"]}, - "psksecret": {"required": False, "type": "str"}, - "psksecret_remote": {"required": False, "type": "str"}, + "psksecret": {"required": False, "type": "str", "no_log": True}, + "psksecret_remote": {"required": False, "type": "str", "no_log": True}, "reauth": {"required": False, "type": "str", "choices": ["disable", "enable"]}, "rekey": {"required": False, "type": "str", diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1_interface.py b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1_interface.py index 3cf19f05b1..71c66dc7a8 100644 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1_interface.py +++ b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1_interface.py @@ -1255,7 +1255,7 @@ def main(): "choices": ["psk", "signature"]}, "authmethod_remote": {"required": False, "type": "str", "choices": ["psk", "signature"]}, - "authpasswd": {"required": False, "type": "str"}, + "authpasswd": {"required": False, "type": "str", "no_log": True}, "authusr": {"required": False, "type": "str"}, "authusrgrp": {"required": False, "type": "str"}, "auto_discovery_forwarder": {"required": False, "type": "str", @@ -1330,7 +1330,7 @@ def main(): "fragmentation_mtu": {"required": False, "type": "int"}, "group_authentication": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "group_authentication_secret": {"required": False, "type": "str"}, + "group_authentication_secret": {"required": False, "type": "str", "no_log": True}, "ha_sync_esp_seqno": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "idle_timeout": {"required": False, "type": "str", @@ -1415,13 +1415,13 @@ def main(): "ppk": {"required": False, "type": "str", "choices": ["disable", "allow", "require"]}, "ppk_identity": {"required": False, "type": "str"}, - "ppk_secret": {"required": False, "type": "str"}, + "ppk_secret": {"required": False, "type": "str", "no_log": True}, "priority": {"required": False, "type": "int"}, "proposal": {"required": False, "type": "str", "choices": ["des-md5", "des-sha1", "des-sha256", "des-sha384", "des-sha512"]}, - "psksecret": {"required": False, "type": "str"}, - "psksecret_remote": {"required": False, "type": "str"}, + "psksecret": {"required": False, "type": "str", "no_log": True}, + "psksecret_remote": {"required": False, "type": "str", "no_log": True}, "reauth": {"required": False, "type": "str", "choices": ["disable", "enable"]}, "rekey": {"required": False, "type": "str", diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_portal.py b/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_portal.py index 784b8053f9..81c5eaf290 100644 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_portal.py +++ b/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_portal.py @@ -1055,7 +1055,7 @@ def main(): "host": {"required": False, "type": "str"}, "listening_port": {"required": False, "type": "int"}, "load_balancing_info": {"required": False, "type": "str"}, - "logon_password": {"required": False, "type": "str"}, + "logon_password": {"required": False, "type": "str", "no_log": True}, "logon_user": {"required": False, "type": "str"}, "name": {"required": True, "type": "str"}, "port": {"required": False, "type": "int"}, @@ -1078,7 +1078,7 @@ def main(): "choices": ["sslvpn-login", "alternative"]}, "sso_credential_sent_once": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "sso_password": {"required": False, "type": "str"}, + "sso_password": {"required": False, "type": "str", "no_log": True}, "sso_username": {"required": False, "type": "str"}, "url": {"required": False, "type": "str"} }}, diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_user_bookmark.py b/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_user_bookmark.py index b659976f27..758e104534 100644 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_user_bookmark.py +++ b/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_user_bookmark.py @@ -469,7 +469,7 @@ def main(): "host": {"required": False, "type": "str"}, "listening_port": {"required": False, "type": "int"}, "load_balancing_info": {"required": False, "type": "str"}, - "logon_password": {"required": False, "type": "str"}, + "logon_password": {"required": False, "type": "str", "no_log": True}, "logon_user": {"required": False, "type": "str"}, "name": {"required": True, "type": "str"}, "port": {"required": False, "type": "int"}, @@ -492,7 +492,7 @@ def main(): "choices": ["sslvpn-login", "alternative"]}, "sso_credential_sent_once": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "sso_password": {"required": False, "type": "str"}, + "sso_password": {"required": False, "type": "str", "no_log": True}, "sso_username": {"required": False, "type": "str"}, "url": {"required": False, "type": "str"} }}, diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_user_group_bookmark.py b/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_user_group_bookmark.py index 1a0d1e934d..ae63d8895f 100644 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_user_group_bookmark.py +++ b/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_user_group_bookmark.py @@ -464,7 +464,7 @@ def main(): "host": {"required": False, "type": "str"}, "listening_port": {"required": False, "type": "int"}, "load_balancing_info": {"required": False, "type": "str"}, - "logon_password": {"required": False, "type": "str"}, + "logon_password": {"required": False, "type": "str", "no_log": True}, "logon_user": {"required": False, "type": "str"}, "name": {"required": True, "type": "str"}, "port": {"required": False, "type": "int"}, @@ -487,7 +487,7 @@ def main(): "choices": ["sslvpn-login", "alternative"]}, "sso_credential_sent_once": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "sso_password": {"required": False, "type": "str"}, + "sso_password": {"required": False, "type": "str", "no_log": True}, "sso_username": {"required": False, "type": "str"}, "url": {"required": False, "type": "str"} }}, diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_inter_controller.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_inter_controller.py index c35817e253..c6354a5e4e 100644 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_inter_controller.py +++ b/lib/ansible/modules/network/fortios/fortios_wireless_controller_inter_controller.py @@ -306,7 +306,7 @@ def main(): "options": { "fast_failover_max": {"required": False, "type": "int"}, "fast_failover_wait": {"required": False, "type": "int"}, - "inter_controller_key": {"required": False, "type": "str"}, + "inter_controller_key": {"required": False, "type": "str", "no_log": True}, "inter_controller_mode": {"required": False, "type": "str", "choices": ["disable", "l2-roaming", "1+1"]}, "inter_controller_peer": {"required": False, "type": "list", diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_vap.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_vap.py index 54fd9a40a7..f47c7b1447 100644 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_vap.py +++ b/lib/ansible/modules/network/fortios/fortios_wireless_controller_vap.py @@ -1230,9 +1230,9 @@ def main(): "netbios-ds", "ipv6", "all-other-mc", "all-other-bc"]}, "captive_portal_ac_name": {"required": False, "type": "str"}, - "captive_portal_macauth_radius_secret": {"required": False, "type": "str"}, + "captive_portal_macauth_radius_secret": {"required": False, "type": "str", "no_log": True}, "captive_portal_macauth_radius_server": {"required": False, "type": "str"}, - "captive_portal_radius_secret": {"required": False, "type": "str"}, + "captive_portal_radius_secret": {"required": False, "type": "str", "no_log": True}, "captive_portal_radius_server": {"required": False, "type": "str"}, "captive_portal_session_timeout_interval": {"required": False, "type": "int"}, "dhcp_lease_time": {"required": False, "type": "int"}, @@ -1270,7 +1270,7 @@ def main(): "intra_vap_privacy": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "ip": {"required": False, "type": "str"}, - "key": {"required": False, "type": "str"}, + "key": {"required": False, "type": "str", "no_log": True}, "keyindex": {"required": False, "type": "int"}, "ldpc": {"required": False, "type": "str", "choices": ["disable", "rx", "tx", @@ -1311,7 +1311,7 @@ def main(): "comment": {"required": False, "type": "str"}, "concurrent_clients": {"required": False, "type": "str"}, "key_name": {"required": False, "type": "str"}, - "passphrase": {"required": False, "type": "str"} + "passphrase": {"required": False, "type": "str", "no_log": True} }}, "multicast_enhance": {"required": False, "type": "str", "choices": ["enable", "disable"]}, @@ -1321,7 +1321,7 @@ def main(): "name": {"required": True, "type": "str"}, "okc": {"required": False, "type": "str", "choices": ["disable", "enable"]}, - "passphrase": {"required": False, "type": "str"}, + "passphrase": {"required": False, "type": "str", "no_log": True}, "pmf": {"required": False, "type": "str", "choices": ["disable", "enable", "optional"]}, "pmf_assoc_comeback_timeout": {"required": False, "type": "int"}, diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp.py index aad60890af..6ab601e593 100644 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp.py +++ b/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp.py @@ -1005,7 +1005,7 @@ def main(): "led_state": {"required": False, "type": "str", "choices": ["enable", "disable"]}, "location": {"required": False, "type": "str"}, - "login_passwd": {"required": False, "type": "str"}, + "login_passwd": {"required": False, "type": "str", "no_log": True}, "login_passwd_change": {"required": False, "type": "str", "choices": ["yes", "default", "no"]}, "mesh_bridge_enable": {"required": False, "type": "str", diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp_profile.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp_profile.py index 9b1d5286f4..d0a4c1c7c2 100644 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp_profile.py +++ b/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp_profile.py @@ -1777,7 +1777,7 @@ def main(): "fortipresence_project": {"required": False, "type": "str"}, "fortipresence_rogue": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "fortipresence_secret": {"required": False, "type": "str"}, + "fortipresence_secret": {"required": False, "type": "str", "no_log": True}, "fortipresence_server": {"required": False, "type": "str"}, "fortipresence_unassoc": {"required": False, "type": "str", "choices": ["enable", "disable"]}, @@ -1792,7 +1792,7 @@ def main(): "choices": ["enable", "disable"]}, "lldp": {"required": False, "type": "str", "choices": ["enable", "disable"]}, - "login_passwd": {"required": False, "type": "str"}, + "login_passwd": {"required": False, "type": "str", "no_log": True}, "login_passwd_change": {"required": False, "type": "str", "choices": ["yes", "default", "no"]}, "max_clients": {"required": False, "type": "int"}, diff --git a/lib/ansible/modules/network/icx/icx_system.py b/lib/ansible/modules/network/icx/icx_system.py index 449601fd7b..0f0e12e8f0 100644 --- a/lib/ansible/modules/network/icx/icx_system.py +++ b/lib/ansible/modules/network/icx/icx_system.py @@ -430,7 +430,7 @@ def main(): auth_port_num=dict(), acct_port_num=dict(), acct_type=dict(choices=['accounting-only', 'authentication-only', 'authorization-only', 'default']), - auth_key=dict(), + auth_key=dict(no_log=True), auth_key_type=dict(type='list', choices=['dot1x', 'mac-auth', 'web-auth']) ) argument_spec = dict( diff --git a/lib/ansible/modules/network/ios/ios_ntp.py b/lib/ansible/modules/network/ios/ios_ntp.py index 4fc886c643..195d9540c6 100644 --- a/lib/ansible/modules/network/ios/ios_ntp.py +++ b/lib/ansible/modules/network/ios/ios_ntp.py @@ -38,7 +38,7 @@ options: default: False auth_key: description: - - md5 NTP authentication key of tye 7. + - md5 NTP authentication key of type 7. key_id: description: - auth_key id. Data type string @@ -272,7 +272,7 @@ def main(): acl=dict(), logging=dict(type='bool', default=False), auth=dict(type='bool', default=False), - auth_key=dict(), + auth_key=dict(no_log=True), key_id=dict(), state=dict(choices=['absent', 'present'], default='present') ) diff --git a/lib/ansible/modules/network/netscaler/netscaler_lb_monitor.py b/lib/ansible/modules/network/netscaler/netscaler_lb_monitor.py index 702ab58e24..1b6c6e0237 100644 --- a/lib/ansible/modules/network/netscaler/netscaler_lb_monitor.py +++ b/lib/ansible/modules/network/netscaler/netscaler_lb_monitor.py @@ -982,8 +982,8 @@ def main(): dispatcherip=dict(type='str'), dispatcherport=dict(type='int'), username=dict(type='str'), - password=dict(type='str'), - secondarypassword=dict(type='str'), + password=dict(type='str', no_log=True), + secondarypassword=dict(type='str', no_log=True), logonpointname=dict(type='str'), lasversion=dict(type='str'), radkey=dict(type='str', no_log=True), diff --git a/lib/ansible/modules/network/nxos/nxos_aaa_server_host.py b/lib/ansible/modules/network/nxos/nxos_aaa_server_host.py index e9aa8e2a93..8e1fe8cff3 100644 --- a/lib/ansible/modules/network/nxos/nxos_aaa_server_host.py +++ b/lib/ansible/modules/network/nxos/nxos_aaa_server_host.py @@ -246,7 +246,7 @@ def main(): argument_spec = dict( server_type=dict(choices=['radius', 'tacacs'], required=True), address=dict(type='str', required=True), - key=dict(type='str'), + key=dict(type='str', no_log=True), encrypt_type=dict(type='str', choices=['0', '7']), host_timeout=dict(type='str'), auth_port=dict(type='str'), diff --git a/lib/ansible/modules/notification/logentries_msg.py b/lib/ansible/modules/notification/logentries_msg.py index 51ba941992..17fb6f2730 100644 --- a/lib/ansible/modules/notification/logentries_msg.py +++ b/lib/ansible/modules/notification/logentries_msg.py @@ -73,7 +73,7 @@ def send_msg(module, token, msg, api, port): def main(): module = AnsibleModule( argument_spec=dict( - token=dict(type='str', required=True), + token=dict(type='str', required=True, no_log=True), msg=dict(type='str', required=True), api=dict(type='str', default="data.logentries.com"), port=dict(type='int', default=80)), diff --git a/lib/ansible/modules/storage/netapp/na_elementsw_cluster_snmp.py b/lib/ansible/modules/storage/netapp/na_elementsw_cluster_snmp.py index ecce3eb661..d1a54a67f1 100644 --- a/lib/ansible/modules/storage/netapp/na_elementsw_cluster_snmp.py +++ b/lib/ansible/modules/storage/netapp/na_elementsw_cluster_snmp.py @@ -177,8 +177,8 @@ class ElementSWClusterSnmp(object): options=dict( access=dict(type='str', choices=['rouser', 'rwuser', 'rosys']), name=dict(type='str', default=None), - password=dict(type='str', default=None), - passphrase=dict(type='str', default=None), + password=dict(type='str', default=None, no_log=True), + passphrase=dict(type='str', default=None, no_log=True), secLevel=dict(type='str', choices=['auth', 'noauth', 'priv']) ) ), diff --git a/lib/ansible/modules/web_infrastructure/ansible_tower/tower_credential.py b/lib/ansible/modules/web_infrastructure/ansible_tower/tower_credential.py index 8f8b41badf..d9987a5440 100644 --- a/lib/ansible/modules/web_infrastructure/ansible_tower/tower_credential.py +++ b/lib/ansible/modules/web_infrastructure/ansible_tower/tower_credential.py @@ -254,8 +254,8 @@ def main(): authorize=dict(type='bool', default=False), authorize_password=dict(no_log=True), client=dict(), - security_token=dict(), - secret=dict(), + security_token=dict(no_log=True), + secret=dict(no_log=True), tenant=dict(), subscription=dict(), domain=dict(), diff --git a/test/sanity/ignore.txt b/test/sanity/ignore.txt index 7865dc4d0a..ccaea7fc7a 100644 --- a/test/sanity/ignore.txt +++ b/test/sanity/ignore.txt @@ -1162,9 +1162,7 @@ lib/ansible/modules/cloud/azure/azure_rm_resourcegroup.py validate-modules:param lib/ansible/modules/cloud/azure/azure_rm_resourcegroup_info.py validate-modules:parameter-type-not-in-doc lib/ansible/modules/cloud/azure/azure_rm_roleassignment.py validate-modules:parameter-type-not-in-doc lib/ansible/modules/cloud/azure/azure_rm_roleassignment_info.py validate-modules:parameter-type-not-in-doc -lib/ansible/modules/cloud/azure/azure_rm_roledefinition.py validate-modules:invalid-argument-spec lib/ansible/modules/cloud/azure/azure_rm_roledefinition.py validate-modules:parameter-type-not-in-doc -lib/ansible/modules/cloud/azure/azure_rm_roledefinition.py validate-modules:missing-suboption-docs lib/ansible/modules/cloud/azure/azure_rm_roledefinition_info.py validate-modules:parameter-type-not-in-doc lib/ansible/modules/cloud/azure/azure_rm_route.py validate-modules:parameter-type-not-in-doc lib/ansible/modules/cloud/azure/azure_rm_routetable.py validate-modules:parameter-type-not-in-doc |