From 83ddf6d30b957692342dbc00a32be0158c7ad430 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Mon, 15 Mar 2021 17:57:02 +0100 Subject: [PATCH] Backport of https://github.com/ansible-collections/community.network/pull/223. --- .../fragments/community.network-223-no_log-missing.yml | 4 ++++ lib/ansible/modules/network/avi/avi_cloudconnectoruser.py | 8 ++++---- .../modules/network/avi/avi_sslkeyandcertificate.py | 2 +- lib/ansible/modules/network/avi/avi_webhook.py | 2 +- 4 files changed, 10 insertions(+), 6 deletions(-) create mode 100644 changelogs/fragments/community.network-223-no_log-missing.yml diff --git a/changelogs/fragments/community.network-223-no_log-missing.yml b/changelogs/fragments/community.network-223-no_log-missing.yml new file mode 100644 index 00000000000000..20c621a49d87a7 --- /dev/null +++ b/changelogs/fragments/community.network-223-no_log-missing.yml @@ -0,0 +1,4 @@ +security_fixes: +- "avi_webhook - mark the ``verification_token`` parameter as ``no_log`` to prevent potential leaking of secret values (https://github.com/ansible-collections/community.network/pull/223)." +- "avi_sslkeyandcertificate - mark the ``enckey_base64`` parameter as ``no_log`` to prevent potential leaking of secret values (https://github.com/ansible-collections/community.network/pull/223)." +- "avi_cloudconnectoruser - mark the ``azure_userpass``, ``gcp_credentials``, ``oci_credentials``, and ``tencent_credentials`` parameters as ``no_log`` to prevent leaking of secret values (https://github.com/ansible-collections/community.network/pull/223)." diff --git a/lib/ansible/modules/network/avi/avi_cloudconnectoruser.py b/lib/ansible/modules/network/avi/avi_cloudconnectoruser.py index 51210edcd142b1..f6ae70b5b0dccd 100644 --- a/lib/ansible/modules/network/avi/avi_cloudconnectoruser.py +++ b/lib/ansible/modules/network/avi/avi_cloudconnectoruser.py @@ -125,14 +125,14 @@ def main(): choices=['put', 'patch']), avi_api_patch_op=dict(choices=['add', 'replace', 'delete']), azure_serviceprincipal=dict(type='dict',), - azure_userpass=dict(type='dict',), - gcp_credentials=dict(type='dict',), + azure_userpass=dict(type='dict', no_log=True), + gcp_credentials=dict(type='dict', no_log=True), name=dict(type='str', required=True), - oci_credentials=dict(type='dict',), + oci_credentials=dict(type='dict', no_log=True), private_key=dict(type='str', no_log=True,), public_key=dict(type='str',), tenant_ref=dict(type='str',), - tencent_credentials=dict(type='dict',), + tencent_credentials=dict(type='dict', no_log=True), url=dict(type='str',), uuid=dict(type='str',), ) diff --git a/lib/ansible/modules/network/avi/avi_sslkeyandcertificate.py b/lib/ansible/modules/network/avi/avi_sslkeyandcertificate.py index 8b96fae24c188c..130e457cc793c6 100644 --- a/lib/ansible/modules/network/avi/avi_sslkeyandcertificate.py +++ b/lib/ansible/modules/network/avi/avi_sslkeyandcertificate.py @@ -173,7 +173,7 @@ def main(): certificate_management_profile_ref=dict(type='str',), created_by=dict(type='str',), dynamic_params=dict(type='list',), - enckey_base64=dict(type='str',), + enckey_base64=dict(type='str', no_log=True), enckey_name=dict(type='str',), format=dict(type='str',), hardwaresecuritymodulegroup_ref=dict(type='str',), diff --git a/lib/ansible/modules/network/avi/avi_webhook.py b/lib/ansible/modules/network/avi/avi_webhook.py index 4cd6960c006898..1f876d42e527d8 100644 --- a/lib/ansible/modules/network/avi/avi_webhook.py +++ b/lib/ansible/modules/network/avi/avi_webhook.py @@ -110,7 +110,7 @@ def main(): tenant_ref=dict(type='str',), url=dict(type='str',), uuid=dict(type='str',), - verification_token=dict(type='str',), + verification_token=dict(type='str', no_log=True), ) argument_specs.update(avi_common_argument_spec()) module = AnsibleModule(