From 4f31106ac4e81236820abef9ca2b74b4d63d5b68 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Fri, 12 Mar 2021 09:37:23 +0100 Subject: [PATCH] [PR #2001/1ea08076 backport][stable-1] Mark non-secret leaking module options with no_log=False (#2004) * Mark non-secret leaking module options with no_log=False (#2001) * Mark non-secret leaking module options with no_log=False. * Add changelog fragment. (cherry picked from commit 1ea080762b3abf5783a4c4eb1f3c3c19fef67569) * Add one more. Co-authored-by: Felix Fontein --- changelogs/fragments/2001-no_log-false.yml | 2 ++ plugins/module_utils/oracle/oci_utils.py | 2 +- plugins/modules/cloud/docker/docker_swarm_service.py | 2 +- plugins/modules/cloud/pubnub/pubnub_blocks.py | 2 +- plugins/modules/cloud/spotinst/spotinst_aws_elastigroup.py | 2 +- plugins/modules/cloud/xenserver/xenserver_guest.py | 2 +- plugins/modules/clustering/consul/consul_acl.py | 2 +- plugins/modules/clustering/consul/consul_kv.py | 2 +- plugins/modules/clustering/etcd3.py | 2 +- plugins/modules/files/read_csv.py | 2 +- plugins/modules/files/xattr.py | 2 +- plugins/modules/net_tools/cloudflare_dns.py | 2 +- .../modules/source_control/bitbucket/bitbucket_access_key.py | 2 +- .../source_control/bitbucket/bitbucket_pipeline_known_host.py | 2 +- plugins/modules/source_control/github/github_deploy_key.py | 2 +- plugins/modules/source_control/gitlab/gitlab_deploy_key.py | 2 +- plugins/modules/system/dconf.py | 2 +- plugins/modules/system/gconftool2.py | 2 +- plugins/modules/system/osx_defaults.py | 2 +- 19 files changed, 20 insertions(+), 18 deletions(-) create mode 100644 changelogs/fragments/2001-no_log-false.yml diff --git a/changelogs/fragments/2001-no_log-false.yml b/changelogs/fragments/2001-no_log-false.yml new file mode 100644 index 00000000000..82d9ba0bb05 --- /dev/null +++ b/changelogs/fragments/2001-no_log-false.yml @@ -0,0 +1,2 @@ +bugfixes: +- "Mark various module options with ``no_log=False`` which have a name that potentially could leak secrets, but which do not (https://github.com/ansible-collections/community.general/pull/2001)." diff --git a/plugins/module_utils/oracle/oci_utils.py b/plugins/module_utils/oracle/oci_utils.py index bdba5db7ae1..333d919140f 100644 --- a/plugins/module_utils/oracle/oci_utils.py +++ b/plugins/module_utils/oracle/oci_utils.py @@ -104,7 +104,7 @@ def get_common_arg_spec(supports_create=False, supports_wait=False): if supports_create: common_args.update( - key_by=dict(type="list", elements="str"), + key_by=dict(type="list", elements="str", no_log=False), force_create=dict(type="bool", default=False), ) diff --git a/plugins/modules/cloud/docker/docker_swarm_service.py b/plugins/modules/cloud/docker/docker_swarm_service.py index 7c6f23a0f7c..b81bfeda57b 100644 --- a/plugins/modules/cloud/docker/docker_swarm_service.py +++ b/plugins/modules/cloud/docker/docker_swarm_service.py @@ -2729,7 +2729,7 @@ def main(): gid=dict(type='str'), mode=dict(type='int'), )), - secrets=dict(type='list', elements='dict', options=dict( + secrets=dict(type='list', elements='dict', no_log=False, options=dict( secret_id=dict(type='str'), secret_name=dict(type='str', required=True), filename=dict(type='str'), diff --git a/plugins/modules/cloud/pubnub/pubnub_blocks.py b/plugins/modules/cloud/pubnub/pubnub_blocks.py index 640f6d925eb..1dbe416b9cb 100644 --- a/plugins/modules/cloud/pubnub/pubnub_blocks.py +++ b/plugins/modules/cloud/pubnub/pubnub_blocks.py @@ -549,7 +549,7 @@ def main(): password=dict(default='', required=False, type='str', no_log=True), account=dict(default='', required=False, type='str'), application=dict(required=True, type='str'), - keyset=dict(required=True, type='str'), + keyset=dict(required=True, type='str', no_log=False), state=dict(default='present', type='str', choices=['started', 'stopped', 'present', 'absent']), name=dict(required=True, type='str'), description=dict(type='str'), diff --git a/plugins/modules/cloud/spotinst/spotinst_aws_elastigroup.py b/plugins/modules/cloud/spotinst/spotinst_aws_elastigroup.py index a1dcd94efb0..1a0ddb9fef8 100644 --- a/plugins/modules/cloud/spotinst/spotinst_aws_elastigroup.py +++ b/plugins/modules/cloud/spotinst/spotinst_aws_elastigroup.py @@ -1448,7 +1448,7 @@ def main(): iam_role_arn=dict(type='str'), iam_role_name=dict(type='str'), image_id=dict(type='str', required=True), - key_pair=dict(type='str'), + key_pair=dict(type='str', no_log=False), kubernetes=dict(type='dict'), lifetime_period=dict(type='int'), load_balancers=dict(type='list'), diff --git a/plugins/modules/cloud/xenserver/xenserver_guest.py b/plugins/modules/cloud/xenserver/xenserver_guest.py index a9a5fb4c37a..2316168e9d1 100644 --- a/plugins/modules/cloud/xenserver/xenserver_guest.py +++ b/plugins/modules/cloud/xenserver/xenserver_guest.py @@ -1839,7 +1839,7 @@ def main(): type='list', elements='dict', options=dict( - key=dict(type='str', required=True), + key=dict(type='str', required=True, no_log=False), value=dict(type='raw', required=True), ), ), diff --git a/plugins/modules/clustering/consul/consul_acl.py b/plugins/modules/clustering/consul/consul_acl.py index c8d08f8e26f..cb5395ed310 100644 --- a/plugins/modules/clustering/consul/consul_acl.py +++ b/plugins/modules/clustering/consul/consul_acl.py @@ -229,7 +229,7 @@ PORT_PARAMETER_NAME: dict(default=8500, type='int'), RULES_PARAMETER_NAME: dict(type='list', elements='dict'), STATE_PARAMETER_NAME: dict(default=PRESENT_STATE_VALUE, choices=[PRESENT_STATE_VALUE, ABSENT_STATE_VALUE]), - TOKEN_PARAMETER_NAME: dict(), + TOKEN_PARAMETER_NAME: dict(no_log=False), TOKEN_TYPE_PARAMETER_NAME: dict(choices=[CLIENT_TOKEN_TYPE_VALUE, MANAGEMENT_TOKEN_TYPE_VALUE], default=CLIENT_TOKEN_TYPE_VALUE) } diff --git a/plugins/modules/clustering/consul/consul_kv.py b/plugins/modules/clustering/consul/consul_kv.py index bafa7fd6d94..01e9be2d05e 100644 --- a/plugins/modules/clustering/consul/consul_kv.py +++ b/plugins/modules/clustering/consul/consul_kv.py @@ -297,7 +297,7 @@ def main(): argument_spec=dict( cas=dict(type='str'), flags=dict(type='str'), - key=dict(type='str', required=True), + key=dict(type='str', required=True, no_log=False), host=dict(type='str', default='localhost'), scheme=dict(type='str', default='http'), validate_certs=dict(type='bool', default=True), diff --git a/plugins/modules/clustering/etcd3.py b/plugins/modules/clustering/etcd3.py index df7319ecfe6..0f87e32d138 100644 --- a/plugins/modules/clustering/etcd3.py +++ b/plugins/modules/clustering/etcd3.py @@ -134,7 +134,7 @@ def run_module(): # define the available arguments/parameters that a user can pass to # the module module_args = dict( - key=dict(type='str', required=True), + key=dict(type='str', required=True, no_log=False), value=dict(type='str', required=True), host=dict(type='str', default='localhost'), port=dict(type='int', default=2379), diff --git a/plugins/modules/files/read_csv.py b/plugins/modules/files/read_csv.py index 7100d3782d9..24a77c0e284 100644 --- a/plugins/modules/files/read_csv.py +++ b/plugins/modules/files/read_csv.py @@ -164,7 +164,7 @@ def main(): argument_spec=dict( path=dict(type='path', required=True, aliases=['filename']), dialect=dict(type='str', default='excel'), - key=dict(type='str'), + key=dict(type='str', no_log=False), fieldnames=dict(type='list', elements='str'), unique=dict(type='bool', default=True), delimiter=dict(type='str'), diff --git a/plugins/modules/files/xattr.py b/plugins/modules/files/xattr.py index 8b1449be073..0d5f9f46f30 100644 --- a/plugins/modules/files/xattr.py +++ b/plugins/modules/files/xattr.py @@ -172,7 +172,7 @@ def main(): argument_spec=dict( path=dict(type='path', required=True, aliases=['name']), namespace=dict(type='str', default='user'), - key=dict(type='str'), + key=dict(type='str', no_log=False), value=dict(type='str'), state=dict(type='str', default='read', choices=['absent', 'all', 'keys', 'present', 'read']), follow=dict(type='bool', default=True), diff --git a/plugins/modules/net_tools/cloudflare_dns.py b/plugins/modules/net_tools/cloudflare_dns.py index fc62aa702c0..51e5f28d5a0 100644 --- a/plugins/modules/net_tools/cloudflare_dns.py +++ b/plugins/modules/net_tools/cloudflare_dns.py @@ -794,7 +794,7 @@ def main(): algorithm=dict(type='int'), cert_usage=dict(type='int', choices=[0, 1, 2, 3]), hash_type=dict(type='int', choices=[1, 2]), - key_tag=dict(type='int'), + key_tag=dict(type='int', no_log=False), port=dict(type='int'), priority=dict(type='int', default=1), proto=dict(type='str'), diff --git a/plugins/modules/source_control/bitbucket/bitbucket_access_key.py b/plugins/modules/source_control/bitbucket/bitbucket_access_key.py index 80c1c493151..6e16b267ea8 100644 --- a/plugins/modules/source_control/bitbucket/bitbucket_access_key.py +++ b/plugins/modules/source_control/bitbucket/bitbucket_access_key.py @@ -224,7 +224,7 @@ def main(): argument_spec.update( repository=dict(type='str', required=True), username=dict(type='str', required=True), - key=dict(type='str'), + key=dict(type='str', no_log=False), label=dict(type='str', required=True), state=dict(type='str', choices=['present', 'absent'], required=True), ) diff --git a/plugins/modules/source_control/bitbucket/bitbucket_pipeline_known_host.py b/plugins/modules/source_control/bitbucket/bitbucket_pipeline_known_host.py index dba9f9aab66..356b09c0357 100644 --- a/plugins/modules/source_control/bitbucket/bitbucket_pipeline_known_host.py +++ b/plugins/modules/source_control/bitbucket/bitbucket_pipeline_known_host.py @@ -263,7 +263,7 @@ def main(): repository=dict(type='str', required=True), username=dict(type='str', required=True), name=dict(type='str', required=True), - key=dict(type='str'), + key=dict(type='str', no_log=False), state=dict(type='str', choices=['present', 'absent'], required=True), ) module = AnsibleModule( diff --git a/plugins/modules/source_control/github/github_deploy_key.py b/plugins/modules/source_control/github/github_deploy_key.py index 8954317b715..419ab4e7694 100644 --- a/plugins/modules/source_control/github/github_deploy_key.py +++ b/plugins/modules/source_control/github/github_deploy_key.py @@ -291,7 +291,7 @@ def main(): owner=dict(required=True, type='str', aliases=['account', 'organization']), repo=dict(required=True, type='str', aliases=['repository']), name=dict(required=True, type='str', aliases=['title', 'label']), - key=dict(required=True, type='str'), + key=dict(required=True, type='str', no_log=False), read_only=dict(required=False, type='bool', default=True), state=dict(default='present', choices=['present', 'absent']), force=dict(required=False, type='bool', default=False), diff --git a/plugins/modules/source_control/gitlab/gitlab_deploy_key.py b/plugins/modules/source_control/gitlab/gitlab_deploy_key.py index c66a6f9da83..1174718e684 100644 --- a/plugins/modules/source_control/gitlab/gitlab_deploy_key.py +++ b/plugins/modules/source_control/gitlab/gitlab_deploy_key.py @@ -234,7 +234,7 @@ def main(): api_token=dict(type='str', no_log=True), state=dict(type='str', default="present", choices=["absent", "present"]), project=dict(type='str', required=True), - key=dict(type='str', required=True), + key=dict(type='str', required=True, no_log=False), can_push=dict(type='bool', default=False), title=dict(type='str', required=True) )) diff --git a/plugins/modules/system/dconf.py b/plugins/modules/system/dconf.py index d92d45ed893..19a823abaa0 100644 --- a/plugins/modules/system/dconf.py +++ b/plugins/modules/system/dconf.py @@ -348,7 +348,7 @@ def main(): module = AnsibleModule( argument_spec=dict( state=dict(default='present', choices=['present', 'absent', 'read']), - key=dict(required=True, type='str'), + key=dict(required=True, type='str', no_log=False), value=dict(required=False, default=None, type='str'), ), supports_check_mode=True diff --git a/plugins/modules/system/gconftool2.py b/plugins/modules/system/gconftool2.py index a4acad55800..6b9ce71213c 100644 --- a/plugins/modules/system/gconftool2.py +++ b/plugins/modules/system/gconftool2.py @@ -151,7 +151,7 @@ def main(): # Setup the Ansible module module = AnsibleModule( argument_spec=dict( - key=dict(type='str', required=True), + key=dict(type='str', required=True, no_log=False), value_type=dict(type='str', choices=['bool', 'float', 'int', 'string']), value=dict(type='str'), state=dict(type='str', required=True, choices=['absent', 'get', 'present']), diff --git a/plugins/modules/system/osx_defaults.py b/plugins/modules/system/osx_defaults.py index a036290879e..45179dc7d29 100644 --- a/plugins/modules/system/osx_defaults.py +++ b/plugins/modules/system/osx_defaults.py @@ -369,7 +369,7 @@ def main(): argument_spec=dict( domain=dict(type='str', default='NSGlobalDomain'), host=dict(type='str'), - key=dict(type='str'), + key=dict(type='str', no_log=False), type=dict(type='str', default='string', choices=['array', 'bool', 'boolean', 'date', 'float', 'int', 'integer', 'string']), array_add=dict(type='bool', default=False), value=dict(type='raw'),