From 527b5cd616887cbfa776e022fe4fc59813756f9f Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Fri, 12 Mar 2021 09:14:56 +0100 Subject: [PATCH] More no_log changes (#471) * More no_log changes * changelog --- changelogs/fragments/471-no_log.yml | 2 ++ plugins/modules/aws_secret.py | 2 +- plugins/modules/s3_sync.py | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/471-no_log.yml diff --git a/changelogs/fragments/471-no_log.yml b/changelogs/fragments/471-no_log.yml new file mode 100644 index 00000000000..2a60e77609d --- /dev/null +++ b/changelogs/fragments/471-no_log.yml @@ -0,0 +1,2 @@ +security_fixes: +- aws_secret - flag the ``secret`` paramter as containing sensitive data which shouldn't be logged (https://github.com/ansible-collections/community.aws/pull/471). diff --git a/plugins/modules/aws_secret.py b/plugins/modules/aws_secret.py index 962501d5d02..22141ce24a6 100644 --- a/plugins/modules/aws_secret.py +++ b/plugins/modules/aws_secret.py @@ -334,7 +334,7 @@ def main(): 'description': dict(default=""), 'kms_key_id': dict(), 'secret_type': dict(choices=['binary', 'string'], default="string"), - 'secret': dict(default=""), + 'secret': dict(default="", no_log=True), 'tags': dict(type='dict', default={}), 'rotation_lambda': dict(), 'rotation_interval': dict(type='int', default=30), diff --git a/plugins/modules/s3_sync.py b/plugins/modules/s3_sync.py index 1222d98cfd6..e0edbea82b0 100644 --- a/plugins/modules/s3_sync.py +++ b/plugins/modules/s3_sync.py @@ -497,7 +497,7 @@ def main(): mode=dict(choices=['push'], default='push'), file_change_strategy=dict(choices=['force', 'date_size', 'checksum'], default='date_size'), bucket=dict(required=True), - key_prefix=dict(required=False, default=''), + key_prefix=dict(required=False, default='', no_log=False), file_root=dict(required=True, type='path'), permission=dict(required=False, choices=['private', 'public-read', 'public-read-write', 'authenticated-read', 'aws-exec-read', 'bucket-owner-read', 'bucket-owner-full-control']),