From 8d0fb0f8a48667024868498d45a913e93cf1ad2d Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Sat, 13 Mar 2021 17:32:35 +0100 Subject: [PATCH] Fix missing no_log=True. --- changelogs/fragments/475-no_log-missing.yml | 4 ++++ plugins/modules/aws_direct_connect_virtual_interface.py | 2 +- plugins/modules/sts_assume_role.py | 2 +- plugins/modules/sts_session_token.py | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) create mode 100644 changelogs/fragments/475-no_log-missing.yml diff --git a/changelogs/fragments/475-no_log-missing.yml b/changelogs/fragments/475-no_log-missing.yml new file mode 100644 index 00000000000..c07ab112ad2 --- /dev/null +++ b/changelogs/fragments/475-no_log-missing.yml @@ -0,0 +1,4 @@ +security_fixes: +- "aws_direct_connect_virtual_interface - mark the ``authentication_key`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475)." +- "sts_assume_role - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475)." +- "sts_session_token - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475)." diff --git a/plugins/modules/aws_direct_connect_virtual_interface.py b/plugins/modules/aws_direct_connect_virtual_interface.py index 6c7720fbc54..eb4906cc730 100644 --- a/plugins/modules/aws_direct_connect_virtual_interface.py +++ b/plugins/modules/aws_direct_connect_virtual_interface.py @@ -484,7 +484,7 @@ def main(): name=dict(), vlan=dict(type='int', default=100), bgp_asn=dict(type='int', default=65000), - authentication_key=dict(), + authentication_key=dict(no_log=True), amazon_address=dict(), customer_address=dict(), address_type=dict(), diff --git a/plugins/modules/sts_assume_role.py b/plugins/modules/sts_assume_role.py index 378eb0031f8..d1203a3c5a5 100644 --- a/plugins/modules/sts_assume_role.py +++ b/plugins/modules/sts_assume_role.py @@ -162,7 +162,7 @@ def main(): external_id=dict(required=False, default=None), policy=dict(required=False, default=None), mfa_serial_number=dict(required=False, default=None), - mfa_token=dict(required=False, default=None) + mfa_token=dict(required=False, default=None, no_log=True) ) module = AnsibleAWSModule(argument_spec=argument_spec) diff --git a/plugins/modules/sts_session_token.py b/plugins/modules/sts_session_token.py index 7c8221a9c68..7e51fb08ac3 100644 --- a/plugins/modules/sts_session_token.py +++ b/plugins/modules/sts_session_token.py @@ -129,7 +129,7 @@ def main(): argument_spec = dict( duration_seconds=dict(required=False, default=None, type='int'), mfa_serial_number=dict(required=False, default=None), - mfa_token=dict(required=False, default=None), + mfa_token=dict(required=False, default=None, no_log=True), ) module = AnsibleAWSModule(argument_spec=argument_spec)