diff options
39 files changed, 122 insertions, 50 deletions
diff --git a/changelogs/fragments/new-nolog-entries.yml b/changelogs/fragments/new-nolog-entries.yml new file mode 100644 index 0000000000..00a0b38601 --- /dev/null +++ b/changelogs/fragments/new-nolog-entries.yml @@ -0,0 +1,57 @@ +security_fixes: + - _sf_account_manager - `initiator_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - _sf_account_manager - `target_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - aws_netapp_cvs_active_directory - `api_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - aws_netapp_cvs_active_directory - `secret_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - aws_netapp_cvs_filesystems - `api_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - aws_netapp_cvs_filesystems - `secret_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - aws_netapp_cvs_pool - `api_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - aws_netapp_cvs_pool - `secret_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - aws_netapp_cvs_snapshots - `api_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - aws_netapp_cvs_snapshots - `secret_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - ce_vrrp - `auth_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - cp_mgmt_vpn_community_meshed - `shared_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - cp_mgmt_vpn_community_star - `shared_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - docker_swarm - `signing_ca_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_backend_service - `oauth2_client_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_disk - `disk_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_disk - `source_image_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_disk - `source_snapshot_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_image - `image_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_image - `source_disk_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_instance_template - `disk_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_instance_template - `source_image_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_region_disk - `disk_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_region_disk - `source_snapshot_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_snapshot - `snapshot_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_snapshot - `source_disk_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_ssl_certificate - `private_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_compute_vpn_tunnel - `shared_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gcp_sql_instance - `client_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - gitlab_runner - `registration_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - iap_start_workflow - `token_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - ibm_sa_host - `iscsi_chap_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - keycloak_client - `auth_client_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - keycloak_clienttemplate - `auth_client_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - keycloak_group - `auth_client_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - librato_annotation - `api_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - na_elementsw_account - `initiator_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - na_elementsw_account - `target_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - netscaler_lb_monitor - `radkey` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - nios_nsgroup - `tsig_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - nxos_aaa_server - `global_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - nxos_pim_interface - `hello_auth_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - oneandone_firewall_policy - `auth_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - oneandone_load_balancer - `auth_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - oneandone_monitoring_policy - `auth_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - oneandone_private_network - `auth_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - oneandone_public_ip - `auth_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - ovirt - `instance_rootpw` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - pagerduty_alert - `api_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - pagerduty_alert - `integration_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - pagerduty_alert - `service_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - pulp_repo - `feed_client_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - rax_clb_ssl - `private_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - spotinst_aws_elastigroup - `multai_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - spotinst_aws_elastigroup - `token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - utm_proxy_auth_profile - `frontend_cookie_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). diff --git a/lib/ansible/module_utils/identity/keycloak/keycloak.py b/lib/ansible/module_utils/identity/keycloak/keycloak.py index 5fb9b92852..a6786b66a6 100644 --- a/lib/ansible/module_utils/identity/keycloak/keycloak.py +++ b/lib/ansible/module_utils/identity/keycloak/keycloak.py @@ -57,7 +57,7 @@ def keycloak_argument_spec(): auth_keycloak_url=dict(type='str', aliases=['url'], required=True), auth_client_id=dict(type='str', default='admin-cli'), auth_realm=dict(type='str', required=True), - auth_client_secret=dict(type='str', default=None), + auth_client_secret=dict(type='str', default=None, no_log=True), auth_username=dict(type='str', aliases=['username'], required=True), auth_password=dict(type='str', aliases=['password'], required=True, no_log=True), validate_certs=dict(type='bool', default=True) diff --git a/lib/ansible/module_utils/netapp.py b/lib/ansible/module_utils/netapp.py index 5c4d0abd9f..17471935ee 100644 --- a/lib/ansible/module_utils/netapp.py +++ b/lib/ansible/module_utils/netapp.py @@ -139,8 +139,8 @@ def aws_cvs_host_argument_spec(): return dict( api_url=dict(required=True, type='str'), validate_certs=dict(required=False, type='bool', default=True), - api_key=dict(required=True, type='str'), - secret_key=dict(required=True, type='str') + api_key=dict(required=True, type='str', no_log=True), + secret_key=dict(required=True, type='str', no_log=True) ) diff --git a/lib/ansible/modules/cloud/docker/docker_swarm.py b/lib/ansible/modules/cloud/docker/docker_swarm.py index 4fd4c875c4..b1250c6554 100644 --- a/lib/ansible/modules/cloud/docker/docker_swarm.py +++ b/lib/ansible/modules/cloud/docker/docker_swarm.py @@ -622,7 +622,7 @@ def main(): name=dict(type='str'), labels=dict(type='dict'), signing_ca_cert=dict(type='str'), - signing_ca_key=dict(type='str'), + signing_ca_key=dict(type='str', no_log=True), ca_force_rotate=dict(type='int'), autolock_managers=dict(type='bool'), node_id=dict(type='str'), diff --git a/lib/ansible/modules/cloud/google/gcp_compute_backend_service.py b/lib/ansible/modules/cloud/google/gcp_compute_backend_service.py index 5914d9774e..2e4618f93e 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_backend_service.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_backend_service.py @@ -732,7 +732,11 @@ def main(): health_checks=dict(required=True, type='list', elements='str'), iap=dict( type='dict', - options=dict(enabled=dict(type='bool'), oauth2_client_id=dict(required=True, type='str'), oauth2_client_secret=dict(required=True, type='str')), + options=dict( + enabled=dict(type='bool'), + oauth2_client_id=dict(required=True, type='str'), + oauth2_client_secret=dict(required=True, type='str', no_log=True), + ), ), load_balancing_scheme=dict(default='EXTERNAL', type='str'), name=dict(required=True, type='str'), diff --git a/lib/ansible/modules/cloud/google/gcp_compute_disk.py b/lib/ansible/modules/cloud/google/gcp_compute_disk.py index 55820fd099..047bc72d45 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_disk.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_disk.py @@ -460,10 +460,10 @@ def main(): type=dict(type='str'), source_image=dict(type='str'), zone=dict(required=True, type='str'), - source_image_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'), kms_key_name=dict(type='str'))), - disk_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'), kms_key_name=dict(type='str'))), + source_image_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str', no_log=True), kms_key_name=dict(type='str'))), + disk_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str', no_log=True), kms_key_name=dict(type='str'))), source_snapshot=dict(type='dict'), - source_snapshot_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'), kms_key_name=dict(type='str'))), + source_snapshot_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str', no_log=True), kms_key_name=dict(type='str'))), ) ) diff --git a/lib/ansible/modules/cloud/google/gcp_compute_image.py b/lib/ansible/modules/cloud/google/gcp_compute_image.py index 4dd2699598..1c38fd71aa 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_image.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_image.py @@ -461,13 +461,13 @@ def main(): disk_size_gb=dict(type='int'), family=dict(type='str'), guest_os_features=dict(type='list', elements='dict', options=dict(type=dict(type='str'))), - image_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'))), + image_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str', no_log=True))), labels=dict(type='dict'), licenses=dict(type='list', elements='str'), name=dict(required=True, type='str'), raw_disk=dict(type='dict', options=dict(container_type=dict(type='str'), sha1_checksum=dict(type='str'), source=dict(required=True, type='str'))), source_disk=dict(type='dict'), - source_disk_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'))), + source_disk_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str', no_log=True))), source_disk_id=dict(type='str'), source_type=dict(type='str'), ) diff --git a/lib/ansible/modules/cloud/google/gcp_compute_instance_template.py b/lib/ansible/modules/cloud/google/gcp_compute_instance_template.py index 975de80326..eec8139e48 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_instance_template.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_instance_template.py @@ -914,7 +914,13 @@ def main(): auto_delete=dict(type='bool'), boot=dict(type='bool'), device_name=dict(type='str'), - disk_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'), rsa_encrypted_key=dict(type='str'))), + disk_encryption_key=dict( + type='dict', + options=dict( + raw_key=dict(type='str', no_log=True), + rsa_encrypted_key=dict(type='str', no_log=True), + ), + ), index=dict(type='int'), initialize_params=dict( type='dict', @@ -923,7 +929,7 @@ def main(): disk_size_gb=dict(type='int'), disk_type=dict(type='str'), source_image=dict(type='str'), - source_image_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'))), + source_image_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str', no_log=True))), ), ), interface=dict(type='str'), diff --git a/lib/ansible/modules/cloud/google/gcp_compute_region_disk.py b/lib/ansible/modules/cloud/google/gcp_compute_region_disk.py index daa5e06eb8..c20d4464bc 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_region_disk.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_region_disk.py @@ -369,9 +369,9 @@ def main(): replica_zones=dict(required=True, type='list', elements='str'), type=dict(type='str'), region=dict(required=True, type='str'), - disk_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'))), + disk_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str', no_log=True))), source_snapshot=dict(type='dict'), - source_snapshot_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'))), + source_snapshot_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str', no_log=True))), ) ) diff --git a/lib/ansible/modules/cloud/google/gcp_compute_snapshot.py b/lib/ansible/modules/cloud/google/gcp_compute_snapshot.py index 726f15156e..dbf277bd06 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_snapshot.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_snapshot.py @@ -291,8 +291,8 @@ def main(): labels=dict(type='dict'), source_disk=dict(required=True, type='dict'), zone=dict(type='str'), - snapshot_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'), kms_key_name=dict(type='str'))), - source_disk_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'), kms_key_name=dict(type='str'))), + snapshot_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str', no_log=True), kms_key_name=dict(type='str'))), + source_disk_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str', no_log=True), kms_key_name=dict(type='str'))), ) ) diff --git a/lib/ansible/modules/cloud/google/gcp_compute_ssl_certificate.py b/lib/ansible/modules/cloud/google/gcp_compute_ssl_certificate.py index 2e54a10aff..e807ee7338 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_ssl_certificate.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_ssl_certificate.py @@ -180,7 +180,7 @@ def main(): certificate=dict(required=True, type='str'), description=dict(type='str'), name=dict(type='str'), - private_key=dict(required=True, type='str'), + private_key=dict(required=True, type='str', no_log=True), ) ) diff --git a/lib/ansible/modules/cloud/google/gcp_compute_vpn_tunnel.py b/lib/ansible/modules/cloud/google/gcp_compute_vpn_tunnel.py index 7efe468020..6991b89384 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_vpn_tunnel.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_vpn_tunnel.py @@ -280,7 +280,7 @@ def main(): target_vpn_gateway=dict(type='dict'), router=dict(type='dict'), peer_ip=dict(type='str'), - shared_secret=dict(required=True, type='str'), + shared_secret=dict(required=True, type='str', no_log=True), ike_version=dict(default=2, type='int'), local_traffic_selector=dict(type='list', elements='str'), remote_traffic_selector=dict(type='list', elements='str'), diff --git a/lib/ansible/modules/cloud/google/gcp_sql_instance.py b/lib/ansible/modules/cloud/google/gcp_sql_instance.py index 5f87578706..db7b3a801b 100644 --- a/lib/ansible/modules/cloud/google/gcp_sql_instance.py +++ b/lib/ansible/modules/cloud/google/gcp_sql_instance.py @@ -688,7 +688,7 @@ def main(): options=dict( ca_certificate=dict(type='str'), client_certificate=dict(type='str'), - client_key=dict(type='str'), + client_key=dict(type='str', no_log=True), connect_retry_interval=dict(type='int'), dump_file_path=dict(type='str'), master_heartbeat_period=dict(type='int'), diff --git a/lib/ansible/modules/cloud/misc/ovirt.py b/lib/ansible/modules/cloud/misc/ovirt.py index e9372c088a..0e7d01bf4c 100644 --- a/lib/ansible/modules/cloud/misc/ovirt.py +++ b/lib/ansible/modules/cloud/misc/ovirt.py @@ -380,7 +380,7 @@ def main(): instance_gateway=dict(type='str', aliases=['gateway']), instance_domain=dict(type='str', aliases=['domain']), instance_dns=dict(type='str', aliases=['dns']), - instance_rootpw=dict(type='str', aliases=['rootpw']), + instance_rootpw=dict(type='str', aliases=['rootpw'], no_log=True), instance_key=dict(type='str', aliases=['key']), sdomain=dict(type='str'), region=dict(type='str'), diff --git a/lib/ansible/modules/cloud/oneandone/oneandone_firewall_policy.py b/lib/ansible/modules/cloud/oneandone/oneandone_firewall_policy.py index 2d2c16bcef..a57a396a45 100644 --- a/lib/ansible/modules/cloud/oneandone/oneandone_firewall_policy.py +++ b/lib/ansible/modules/cloud/oneandone/oneandone_firewall_policy.py @@ -504,7 +504,8 @@ def main(): argument_spec=dict( auth_token=dict( type='str', - default=os.environ.get('ONEANDONE_AUTH_TOKEN')), + default=os.environ.get('ONEANDONE_AUTH_TOKEN'), + no_log=True), api_url=dict( type='str', default=os.environ.get('ONEANDONE_API_URL')), diff --git a/lib/ansible/modules/cloud/oneandone/oneandone_load_balancer.py b/lib/ansible/modules/cloud/oneandone/oneandone_load_balancer.py index ee83889bbd..c3f2de6edf 100644 --- a/lib/ansible/modules/cloud/oneandone/oneandone_load_balancer.py +++ b/lib/ansible/modules/cloud/oneandone/oneandone_load_balancer.py @@ -595,7 +595,8 @@ def main(): argument_spec=dict( auth_token=dict( type='str', - default=os.environ.get('ONEANDONE_AUTH_TOKEN')), + default=os.environ.get('ONEANDONE_AUTH_TOKEN'), + no_log=True), api_url=dict( type='str', default=os.environ.get('ONEANDONE_API_URL')), diff --git a/lib/ansible/modules/cloud/oneandone/oneandone_monitoring_policy.py b/lib/ansible/modules/cloud/oneandone/oneandone_monitoring_policy.py index 735cc848af..f99a95f89c 100644 --- a/lib/ansible/modules/cloud/oneandone/oneandone_monitoring_policy.py +++ b/lib/ansible/modules/cloud/oneandone/oneandone_monitoring_policy.py @@ -950,7 +950,8 @@ def main(): argument_spec=dict( auth_token=dict( type='str', - default=os.environ.get('ONEANDONE_AUTH_TOKEN')), + default=os.environ.get('ONEANDONE_AUTH_TOKEN'), + no_log=True), api_url=dict( type='str', default=os.environ.get('ONEANDONE_API_URL')), diff --git a/lib/ansible/modules/cloud/oneandone/oneandone_private_network.py b/lib/ansible/modules/cloud/oneandone/oneandone_private_network.py index 06ed26e262..309c61a141 100644 --- a/lib/ansible/modules/cloud/oneandone/oneandone_private_network.py +++ b/lib/ansible/modules/cloud/oneandone/oneandone_private_network.py @@ -384,7 +384,8 @@ def main(): argument_spec=dict( auth_token=dict( type='str', - default=os.environ.get('ONEANDONE_AUTH_TOKEN')), + default=os.environ.get('ONEANDONE_AUTH_TOKEN'), + no_log=True), api_url=dict( type='str', default=os.environ.get('ONEANDONE_API_URL')), diff --git a/lib/ansible/modules/cloud/oneandone/oneandone_public_ip.py b/lib/ansible/modules/cloud/oneandone/oneandone_public_ip.py index 86376124f9..88cfff5bd8 100644 --- a/lib/ansible/modules/cloud/oneandone/oneandone_public_ip.py +++ b/lib/ansible/modules/cloud/oneandone/oneandone_public_ip.py @@ -277,7 +277,8 @@ def main(): argument_spec=dict( auth_token=dict( type='str', - default=os.environ.get('ONEANDONE_AUTH_TOKEN')), + default=os.environ.get('ONEANDONE_AUTH_TOKEN'), + no_log=True), api_url=dict( type='str', default=os.environ.get('ONEANDONE_API_URL')), diff --git a/lib/ansible/modules/cloud/rackspace/rax_clb_ssl.py b/lib/ansible/modules/cloud/rackspace/rax_clb_ssl.py index 86248f023f..ce7939e364 100644 --- a/lib/ansible/modules/cloud/rackspace/rax_clb_ssl.py +++ b/lib/ansible/modules/cloud/rackspace/rax_clb_ssl.py @@ -236,7 +236,7 @@ def main(): loadbalancer=dict(required=True), state=dict(default='present', choices=['present', 'absent']), enabled=dict(type='bool', default=True), - private_key=dict(), + private_key=dict(no_log=True), certificate=dict(), intermediate_certificate=dict(), secure_port=dict(type='int', default=443), diff --git a/lib/ansible/modules/cloud/spotinst/spotinst_aws_elastigroup.py b/lib/ansible/modules/cloud/spotinst/spotinst_aws_elastigroup.py index f90b2dd375..9d932e59a2 100644 --- a/lib/ansible/modules/cloud/spotinst/spotinst_aws_elastigroup.py +++ b/lib/ansible/modules/cloud/spotinst/spotinst_aws_elastigroup.py @@ -1438,7 +1438,7 @@ def main(): min_size=dict(type='int', required=True), monitoring=dict(type='str'), multai_load_balancers=dict(type='list'), - multai_token=dict(type='str'), + multai_token=dict(type='str', no_log=True), name=dict(type='str', required=True), network_interfaces=dict(type='list'), on_demand_count=dict(type='int'), @@ -1462,7 +1462,7 @@ def main(): target_group_arns=dict(type='list'), tenancy=dict(type='str'), terminate_at_end_of_billing_hour=dict(type='bool'), - token=dict(type='str'), + token=dict(type='str', no_log=True), unit=dict(type='str'), user_data=dict(type='str'), utilize_reserved_instances=dict(type='bool'), diff --git a/lib/ansible/modules/monitoring/librato_annotation.py b/lib/ansible/modules/monitoring/librato_annotation.py index ce707a9817..2ff8ad8fb1 100644 --- a/lib/ansible/modules/monitoring/librato_annotation.py +++ b/lib/ansible/modules/monitoring/librato_annotation.py @@ -146,7 +146,7 @@ def main(): module = AnsibleModule( argument_spec=dict( user=dict(required=True), - api_key=dict(required=True), + api_key=dict(required=True, no_log=True), name=dict(required=False), title=dict(required=True), source=dict(required=False), diff --git a/lib/ansible/modules/monitoring/pagerduty_alert.py b/lib/ansible/modules/monitoring/pagerduty_alert.py index b2551620eb..5aaa7a4770 100644 --- a/lib/ansible/modules/monitoring/pagerduty_alert.py +++ b/lib/ansible/modules/monitoring/pagerduty_alert.py @@ -190,9 +190,9 @@ def main(): argument_spec=dict( name=dict(required=False), service_id=dict(required=True), - service_key=dict(required=False), - integration_key=dict(required=False), - api_key=dict(required=True), + service_key=dict(required=False, no_log=True), + integration_key=dict(required=False, no_log=True), + api_key=dict(required=True, no_log=True), state=dict(required=True, choices=['triggered', 'acknowledged', 'resolved']), client=dict(required=False, default=None), diff --git a/lib/ansible/modules/net_tools/nios/nios_nsgroup.py b/lib/ansible/modules/net_tools/nios/nios_nsgroup.py index fdb511123d..f9cabf0020 100644 --- a/lib/ansible/modules/net_tools/nios/nios_nsgroup.py +++ b/lib/ansible/modules/net_tools/nios/nios_nsgroup.py @@ -305,7 +305,7 @@ def main(): address=dict(required=True, ib_req=True), name=dict(required=True, ib_req=True), stealth=dict(type='bool', default=False), - tsig_key=dict(), + tsig_key=dict(no_log=True), tsig_key_alg=dict(choices=['HMAC-MD5', 'HMAC-SHA256'], default='HMAC-MD5'), tsig_key_name=dict(required=True) ) diff --git a/lib/ansible/modules/network/check_point/cp_mgmt_vpn_community_meshed.py b/lib/ansible/modules/network/check_point/cp_mgmt_vpn_community_meshed.py index f223a948d4..3bd6722d3a 100644 --- a/lib/ansible/modules/network/check_point/cp_mgmt_vpn_community_meshed.py +++ b/lib/ansible/modules/network/check_point/cp_mgmt_vpn_community_meshed.py @@ -202,7 +202,7 @@ def main(): )), shared_secrets=dict(type='list', options=dict( external_gateway=dict(type='str'), - shared_secret=dict(type='str') + shared_secret=dict(type='str', no_log=True) )), tags=dict(type='list'), use_shared_secret=dict(type='bool'), diff --git a/lib/ansible/modules/network/check_point/cp_mgmt_vpn_community_star.py b/lib/ansible/modules/network/check_point/cp_mgmt_vpn_community_star.py index 7e9ff8d876..814f9ee00e 100644 --- a/lib/ansible/modules/network/check_point/cp_mgmt_vpn_community_star.py +++ b/lib/ansible/modules/network/check_point/cp_mgmt_vpn_community_star.py @@ -213,7 +213,7 @@ def main(): satellite_gateways=dict(type='list'), shared_secrets=dict(type='list', options=dict( external_gateway=dict(type='str'), - shared_secret=dict(type='str') + shared_secret=dict(type='str', no_log=True) )), tags=dict(type='list'), use_shared_secret=dict(type='bool'), diff --git a/lib/ansible/modules/network/cloudengine/ce_vrrp.py b/lib/ansible/modules/network/cloudengine/ce_vrrp.py index 8e27f40b54..3fee56314a 100644 --- a/lib/ansible/modules/network/cloudengine/ce_vrrp.py +++ b/lib/ansible/modules/network/cloudengine/ce_vrrp.py @@ -1314,7 +1314,7 @@ def main(): holding_multiplier=dict(type='str'), auth_mode=dict(type='str', choices=['simple', 'md5', 'none']), is_plain=dict(type='bool', default=False), - auth_key=dict(type='str'), + auth_key=dict(type='str', no_log=True), fast_resume=dict(type='str', choices=['enable', 'disable']), state=dict(type='str', default='present', choices=['present', 'absent']) diff --git a/lib/ansible/modules/network/itential/iap_start_workflow.py b/lib/ansible/modules/network/itential/iap_start_workflow.py index 15d0d4e5aa..0ffe6eddf5 100644 --- a/lib/ansible/modules/network/itential/iap_start_workflow.py +++ b/lib/ansible/modules/network/itential/iap_start_workflow.py @@ -169,7 +169,7 @@ def main(): argument_spec=dict( iap_port=dict(type='str', required=True), iap_fqdn=dict(type='str', required=True), - token_key=dict(type='str', required=True), + token_key=dict(type='str', required=True, no_log=True), workflow_name=dict(type='str', required=True), description=dict(type='str', required=True), variables=dict(type='dict', required=False), diff --git a/lib/ansible/modules/network/netscaler/netscaler_lb_monitor.py b/lib/ansible/modules/network/netscaler/netscaler_lb_monitor.py index fa6a9ae0b4..702ab58e24 100644 --- a/lib/ansible/modules/network/netscaler/netscaler_lb_monitor.py +++ b/lib/ansible/modules/network/netscaler/netscaler_lb_monitor.py @@ -986,7 +986,7 @@ def main(): secondarypassword=dict(type='str'), logonpointname=dict(type='str'), lasversion=dict(type='str'), - radkey=dict(type='str'), + radkey=dict(type='str', no_log=True), radnasid=dict(type='str'), radnasip=dict(type='str'), radaccounttype=dict(type='float'), diff --git a/lib/ansible/modules/network/nxos/nxos_aaa_server.py b/lib/ansible/modules/network/nxos/nxos_aaa_server.py index d47a2c848e..d189ff2ed5 100644 --- a/lib/ansible/modules/network/nxos/nxos_aaa_server.py +++ b/lib/ansible/modules/network/nxos/nxos_aaa_server.py @@ -234,7 +234,7 @@ def default_aaa_server(existing, params, server_type): def main(): argument_spec = dict( server_type=dict(type='str', choices=['radius', 'tacacs'], required=True), - global_key=dict(type='str'), + global_key=dict(type='str', no_log=True), encrypt_type=dict(type='str', choices=['0', '7']), deadtime=dict(type='str'), server_timeout=dict(type='str'), diff --git a/lib/ansible/modules/network/nxos/nxos_pim_interface.py b/lib/ansible/modules/network/nxos/nxos_pim_interface.py index 5cd08bbd94..a0d7a17179 100644 --- a/lib/ansible/modules/network/nxos/nxos_pim_interface.py +++ b/lib/ansible/modules/network/nxos/nxos_pim_interface.py @@ -482,7 +482,7 @@ def main(): interface=dict(type='str', required=True), sparse=dict(type='bool', default=False), dr_prio=dict(type='str'), - hello_auth_key=dict(type='str'), + hello_auth_key=dict(type='str', no_log=True), hello_interval=dict(type='int'), jp_policy_out=dict(type='str'), jp_policy_in=dict(type='str'), diff --git a/lib/ansible/modules/network/nxos/nxos_snmp_user.py b/lib/ansible/modules/network/nxos/nxos_snmp_user.py index c98051e589..a3d5894c5f 100644 --- a/lib/ansible/modules/network/nxos/nxos_snmp_user.py +++ b/lib/ansible/modules/network/nxos/nxos_snmp_user.py @@ -293,7 +293,7 @@ def main(): argument_spec = dict( user=dict(required=True, type='str'), group=dict(type='str'), - pwd=dict(type='str'), + pwd=dict(type='str', no_log=True), privacy=dict(type='str'), authentication=dict(choices=['md5', 'sha']), encrypt=dict(type='bool'), diff --git a/lib/ansible/modules/network/nxos/nxos_vrrp.py b/lib/ansible/modules/network/nxos/nxos_vrrp.py index a1f393a3ec..4beb38309e 100644 --- a/lib/ansible/modules/network/nxos/nxos_vrrp.py +++ b/lib/ansible/modules/network/nxos/nxos_vrrp.py @@ -330,7 +330,7 @@ def main(): admin_state=dict(required=False, type='str', choices=['shutdown', 'no shutdown', 'default'], default='shutdown'), - authentication=dict(required=False, type='str'), + authentication=dict(required=False, type='str', no_log=True), state=dict(choices=['absent', 'present'], required=False, default='present') ) argument_spec.update(nxos_argument_spec) diff --git a/lib/ansible/modules/packaging/os/pulp_repo.py b/lib/ansible/modules/packaging/os/pulp_repo.py index 0e3595ad55..2938d93163 100644 --- a/lib/ansible/modules/packaging/os/pulp_repo.py +++ b/lib/ansible/modules/packaging/os/pulp_repo.py @@ -544,7 +544,7 @@ def main(): generate_sqlite=dict(default=False, type='bool'), feed_ca_cert=dict(aliases=['importer_ssl_ca_cert', 'ca_cert'], deprecated_aliases=[dict(name='ca_cert', version='2.14')]), feed_client_cert=dict(aliases=['importer_ssl_client_cert']), - feed_client_key=dict(aliases=['importer_ssl_client_key']), + feed_client_key=dict(aliases=['importer_ssl_client_key'], no_log=True), name=dict(required=True, aliases=['repo']), proxy_host=dict(), proxy_port=dict(), diff --git a/lib/ansible/modules/source_control/gitlab_runner.py b/lib/ansible/modules/source_control/gitlab_runner.py index 7a92c8992b..feda78ef17 100644 --- a/lib/ansible/modules/source_control/gitlab_runner.py +++ b/lib/ansible/modules/source_control/gitlab_runner.py @@ -304,7 +304,7 @@ def main(): locked=dict(type='bool', default=False), access_level=dict(type='str', default='ref_protected', choices=["not_protected", "ref_protected"]), maximum_timeout=dict(type='int', default=3600), - registration_token=dict(type='str', required=True), + registration_token=dict(type='str', required=True, no_log=True), state=dict(type='str', default="present", choices=["absent", "present"]), )) diff --git a/lib/ansible/modules/storage/ibm/ibm_sa_host.py b/lib/ansible/modules/storage/ibm/ibm_sa_host.py index 483b7ce58b..ac1715bf26 100644 --- a/lib/ansible/modules/storage/ibm/ibm_sa_host.py +++ b/lib/ansible/modules/storage/ibm/ibm_sa_host.py @@ -95,7 +95,7 @@ def main(): cluster=dict(), domain=dict(), iscsi_chap_name=dict(), - iscsi_chap_secret=dict() + iscsi_chap_secret=dict(no_log=True) ) ) diff --git a/lib/ansible/modules/storage/netapp/_sf_account_manager.py b/lib/ansible/modules/storage/netapp/_sf_account_manager.py index a4f270892f..e0561aa8b6 100644 --- a/lib/ansible/modules/storage/netapp/_sf_account_manager.py +++ b/lib/ansible/modules/storage/netapp/_sf_account_manager.py @@ -120,8 +120,8 @@ class SolidFireAccount(object): account_id=dict(required=False, type='int', default=None), new_name=dict(required=False, type='str', default=None), - initiator_secret=dict(required=False, type='str'), - target_secret=dict(required=False, type='str'), + initiator_secret=dict(required=False, type='str', no_log=True), + target_secret=dict(required=False, type='str', no_log=True), attributes=dict(required=False, type='dict'), status=dict(required=False, type='str'), )) diff --git a/lib/ansible/modules/storage/netapp/na_elementsw_account.py b/lib/ansible/modules/storage/netapp/na_elementsw_account.py index 7dcd2f7601..a01f4831f8 100644 --- a/lib/ansible/modules/storage/netapp/na_elementsw_account.py +++ b/lib/ansible/modules/storage/netapp/na_elementsw_account.py @@ -142,8 +142,8 @@ class ElementSWAccount(object): state=dict(required=True, choices=['present', 'absent']), element_username=dict(required=True, aliases=["account_id"], type='str'), from_name=dict(required=False, default=None), - initiator_secret=dict(required=False, type='str'), - target_secret=dict(required=False, type='str'), + initiator_secret=dict(required=False, type='str', no_log=True), + target_secret=dict(required=False, type='str', no_log=True), attributes=dict(required=False, type='dict'), status=dict(required=False, type='str'), )) diff --git a/lib/ansible/modules/web_infrastructure/sophos_utm/utm_proxy_auth_profile.py b/lib/ansible/modules/web_infrastructure/sophos_utm/utm_proxy_auth_profile.py index fe1c5ce414..f36789db19 100644 --- a/lib/ansible/modules/web_infrastructure/sophos_utm/utm_proxy_auth_profile.py +++ b/lib/ansible/modules/web_infrastructure/sophos_utm/utm_proxy_auth_profile.py @@ -319,7 +319,7 @@ def main(): backend_user_suffix=dict(type='str', required=False, default=""), comment=dict(type='str', required=False, default=""), frontend_cookie=dict(type='str', required=False), - frontend_cookie_secret=dict(type='str', required=False), + frontend_cookie_secret=dict(type='str', required=False, no_log=True), frontend_form=dict(type='str', required=False), frontend_form_template=dict(type='str', required=False, default=""), frontend_login=dict(type='str', required=False), |