ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity

Backport of https://github.com/ansible-collections/community.docker/pull/103 to stable-1. (#2015)

Browse source
This commit is contained in:
Felix Fontein 2021-03-13 12:00:21 +01:00 committed by GitHub
parent b8050e1296
commit d0fa5060df
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
changelogs/fragments/community.docker-103-docker_swarm-no_log.yml Normal file
View file

@ -0,0 +1,4 @@
security_fixes:
- "docker_swarm - the ``join_token`` option is now marked as ``no_log`` so it is no longer written into logs (https://github.com/ansible-collections/community.docker/pull/103)."
breaking_changes:
- "docker_swarm - if ``join_token`` is specified, a returned join token with the same value will be replaced by ``VALUE_SPECIFIED_IN_NO_LOG_PARAMETER``. Make sure that you do not blindly use the join tokens from the return value of this module when the module is invoked with ``join_token`` specified! This breaking change appears in a minor release since it is necessary to fix a security issue (https://github.com/ansible-collections/community.docker/pull/103)."

16
plugins/modules/cloud/docker/docker_swarm.py
View file

@ -85,6 +85,8 @@ options:
description: description:
- Swarm token used to join a swarm cluster. - Swarm token used to join a swarm cluster.
- Used with I(state=join). - Used with I(state=join).
- If this value is specified, the corresponding value in the return values will be censored by Ansible.
This is a side-effect of this value not being logged.
type: str type: str
remote_addrs: remote_addrs:
description: description:
@ -237,12 +239,20 @@ swarm_facts:
type: dict type: dict
contains: contains:
Worker: Worker:
description: Token to create a new *worker* node description:
- Token to join the cluster as a new *worker* node.
- "B(Note:) if this value has been specified as I(join_token), the value here will not
be the token, but C(VALUE_SPECIFIED_IN_NO_LOG_PARAMETER). If you pass I(join_token),
make sure your playbook/role does not depend on this return value!"
returned: success returned: success
type: str type: str
example: SWMTKN-1--xxxxx example: SWMTKN-1--xxxxx
Manager: Manager:
description: Token to create a new *manager* node description:
- Token to join the cluster as a new *manager* node.
- "B(Note:) if this value has been specified as I(join_token), the value here will not
be the token, but C(VALUE_SPECIFIED_IN_NO_LOG_PARAMETER). If you pass I(join_token),
make sure your playbook/role does not depend on this return value!"
returned: success returned: success
type: str type: str
example: SWMTKN-1--xxxxx example: SWMTKN-1--xxxxx
@ -604,7 +614,7 @@ def main():
force=dict(type='bool', default=False), force=dict(type='bool', default=False),
listen_addr=dict(type='str', default='0.0.0.0:2377'), listen_addr=dict(type='str', default='0.0.0.0:2377'),
remote_addrs=dict(type='list', elements='str'), remote_addrs=dict(type='list', elements='str'),
join_token=dict(type='str'), join_token=dict(type='str', no_log=True),
snapshot_interval=dict(type='int'), snapshot_interval=dict(type='int'),
task_history_retention_limit=dict(type='int'), task_history_retention_limit=dict(type='int'),
keep_old_snapshots=dict(type='int'), keep_old_snapshots=dict(type='int'),