mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Add no_log to some module arguments (#1725)
* Add no_log to some module arguments This will prevent potentially sensitive information from being printed to the console. See: CVE-2021-20191 * Update changelogs/fragments/CVE-2021-20191_no_log.yml Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
parent
2297f2f802
commit
ae8edc02e1
4 changed files with 8 additions and 4 deletions
4
changelogs/fragments/CVE-2021-20191_no_log.yml
Normal file
4
changelogs/fragments/CVE-2021-20191_no_log.yml
Normal file
|
@ -0,0 +1,4 @@
|
|||
security_fixes:
|
||||
- module_utils/_netapp, na_ontap_gather_facts - enabled ``no_log`` for the options ``api_key`` and ``secret_key`` to prevent accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.general/pull/1725).
|
||||
- module_utils/identity/keycloak, keycloak_client, keycloak_clienttemplate, keycloak_group - enabled ``no_log`` for the option ``auth_client_secret`` to prevent accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.general/pull/1725).
|
||||
- utm_proxy_auth_profile - enabled ``no_log`` for the option ``frontend_cookie_secret`` to prevent accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.general/pull/1725).
|
|
@ -142,8 +142,8 @@ def aws_cvs_host_argument_spec():
|
|||
return dict(
|
||||
api_url=dict(required=True, type='str'),
|
||||
validate_certs=dict(required=False, type='bool', default=True),
|
||||
api_key=dict(required=True, type='str'),
|
||||
secret_key=dict(required=True, type='str')
|
||||
api_key=dict(required=True, type='str', no_log=True),
|
||||
secret_key=dict(required=True, type='str', no_log=True)
|
||||
)
|
||||
|
||||
|
||||
|
|
|
@ -58,7 +58,7 @@ def keycloak_argument_spec():
|
|||
auth_keycloak_url=dict(type='str', aliases=['url'], required=True),
|
||||
auth_client_id=dict(type='str', default='admin-cli'),
|
||||
auth_realm=dict(type='str', required=True),
|
||||
auth_client_secret=dict(type='str', default=None),
|
||||
auth_client_secret=dict(type='str', default=None, no_log=True),
|
||||
auth_username=dict(type='str', aliases=['username'], required=True),
|
||||
auth_password=dict(type='str', aliases=['password'], required=True, no_log=True),
|
||||
validate_certs=dict(type='bool', default=True)
|
||||
|
|
|
@ -336,7 +336,7 @@ def main():
|
|||
backend_user_suffix=dict(type='str', required=False, default=""),
|
||||
comment=dict(type='str', required=False, default=""),
|
||||
frontend_cookie=dict(type='str', required=False),
|
||||
frontend_cookie_secret=dict(type='str', required=False),
|
||||
frontend_cookie_secret=dict(type='str', required=False, no_log=True),
|
||||
frontend_form=dict(type='str', required=False),
|
||||
frontend_form_template=dict(type='str', required=False, default=""),
|
||||
frontend_login=dict(type='str', required=False),
|
||||
|
|
Loading…
Reference in a new issue