-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[security] docker_swarm: mark join_token as no_log #103
[security] docker_swarm: mark join_token as no_log #103
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What options we have to get the tokens now? Maybe we should also add the comment to get the tokens you have to use docker_swarm_info
module? As far as I see it is not censored there in output.
Exactly the same as before - except if you call the module with |
Co-authored-by: Piotr Wojciechowski <[email protected]>
So tokens are hidden in the |
When you create a cluster, you do not specify |
@WojciechowskiPiotr thanks for reviewing and merging! I'll work on backports later today. |
…2.9.20 Alina Buzachis (1): New AWS module mod_defaults - rds_option_group (_info) modules (#74098) Carlos Camacho (1): [stable-2.9] Fix: nmcli bridge-slave fails with error (#74125) Felix Fontein (4): Backport of ansible-collections/community.docker#103. (#73890) Backport of ansible-collections/community.aws#475. (#73894) Backport of ansible-collections/community.general#2018. (#73893) Backport of ansible-collections/community.network#223. (#73909) Jill R (1): New AWS module mod_defaults - wafv2 modules (#73975) Mark Chappell (3): Ensure unit test paths for connection and inventory plugins are based on the context (#73877) Partial backport of community.aws/471 - no_log=True for aws_secret (#73874) [backport/2.9] module_defaults: Add rds_snapshot (#74113) Matt Clay (1): [stable-2.9] Fix ansible-test coverage exporting. Matt Martz (1): [stable-2.9] Ensure task from the worker is finalized/squashed (#73881) (#73929) Rick Elrod (5): Update Ansible release version to v2.9.19.post0. [security] Add more missing no_logs (#74115) New release v2.9.20rc1 Update Ansible release version to v2.9.20rc1.post0. New release v2.9.20 Sam Doran (2): Move file needed by cs_volume test to S3 [stable-2.9] find - set proper default based on use_regex (#73961) (#73966) Xabier Napal (1): Fix wrong backup directory var name in apt module (#73840) (#74003) nitzmahone (1): add optional module_utils import support (#73832) (#73916)
SUMMARY
The
join_token
parameter ofdocker_swarm
is currently not marked asno_log
, which causes its value to be written to syslog during module invocation. This PR changes that.An unfortunate side-effect is that if
join_token
is specified, the value there will be censored from the return values (i.e. replaced byVALUE_SPECIFIED_IN_NO_LOG_PARAMETER
). This can potentially break playbooks/roles which store the return value.This only affects the situation when
join_token
is provided; I think that usually in that case, the return values are not used, so it should break relatively few things (if any).CC @WojciechowskiPiotr @relrod
ISSUE TYPE
COMPONENT NAME
docker_swarm