From 0040ed1446ffaaae671d77c234b979d60aed4c6c Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Thu, 29 Sep 2022 11:03:25 +0200 Subject: [PATCH] Make example AWS UUIDS follow a specific pattern - RDS (#1073) Make example AWS UUIDS follow a specific pattern - RDS SUMMARY Various AWS IAM resources have UUID which follow a specific pattern. Similarly AWS accounts are all 12 digit numbers (text aliases in a couple of cases). To minimize the risk of accidental data leaks use a consistent Account ID in examples (123456789012), and a specific format for the UUIDS: (AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)12345EXAMPLE54321 While this does nothing about historic data, having consistency makes it easier to prevent future leaks. Note: We should follow this up with an update to the developer docs, however I'd like to get this in prior to 5.0.0 Split from #1070 due to test concurrency problems ISSUE TYPE Docs Pull Request COMPONENT NAME plugins/modules/rds_instance_info.py plugins/modules/rds_option_group.py plugins/modules/rds_option_group_info.py plugins/modules/rds_snapshot_info.py plugins/modules/rds_subnet_group.py ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis --- changelogs/fragments/1073-gitleaks-2.yml | 2 ++ plugins/modules/rds_instance_info.py | 4 ++-- plugins/modules/rds_option_group.py | 2 +- plugins/modules/rds_option_group_info.py | 2 +- plugins/modules/rds_snapshot_info.py | 8 ++++---- plugins/modules/rds_subnet_group.py | 2 +- 6 files changed, 11 insertions(+), 9 deletions(-) create mode 100644 changelogs/fragments/1073-gitleaks-2.yml diff --git a/changelogs/fragments/1073-gitleaks-2.yml b/changelogs/fragments/1073-gitleaks-2.yml new file mode 100644 index 00000000000..46c095dfa80 --- /dev/null +++ b/changelogs/fragments/1073-gitleaks-2.yml @@ -0,0 +1,2 @@ +trivial: +- various modules - Update example Account IDs and IAM UUIDs for consistency (https://github.com/ansible-collections/amazon.aws/pull/1070). diff --git a/plugins/modules/rds_instance_info.py b/plugins/modules/rds_instance_info.py index e2c63444397..f5afe30e9ad 100644 --- a/plugins/modules/rds_instance_info.py +++ b/plugins/modules/rds_instance_info.py @@ -87,7 +87,7 @@ description: ARN of the database instance returned: always type: str - sample: arn:aws:rds:us-west-2:111111111111:db:helloworld-rds + sample: arn:aws:rds:us-west-2:123456789012:db:helloworld-rds db_instance_class: description: Instance class of the database instance returned: always @@ -248,7 +248,7 @@ description: KMS Key ID returned: always type: str - sample: arn:aws:kms:us-west-2:111111111111:key/abcd1234-0000-abcd-1111-0123456789ab + sample: arn:aws:kms:us-west-2:123456789012:key/abcd1234-0000-abcd-1111-0123456789ab latest_restorable_time: description: Latest time to which a database can be restored with point-in-time restore returned: always diff --git a/plugins/modules/rds_option_group.py b/plugins/modules/rds_option_group.py index f036adeef8a..7451afccda4 100644 --- a/plugins/modules/rds_option_group.py +++ b/plugins/modules/rds_option_group.py @@ -207,7 +207,7 @@ description: The Amazon Resource Name (ARN) for the option group. returned: always type: str - sample: "arn:aws:rds:ap-southeast-2:721066863947:og:ansible-test-option-group" + sample: "arn:aws:rds:ap-southeast-2:123456789012:og:ansible-test-option-group" option_group_description: description: Provides a description of the option group. returned: always diff --git a/plugins/modules/rds_option_group_info.py b/plugins/modules/rds_option_group_info.py index 94447773aa4..7104b9d0353 100644 --- a/plugins/modules/rds_option_group_info.py +++ b/plugins/modules/rds_option_group_info.py @@ -97,7 +97,7 @@ description: The Amazon Resource Name (ARN) for the option group. returned: always type: str - sample: "arn:aws:rds:ap-southeast-2:721066863947:og:ansible-test-option-group" + sample: "arn:aws:rds:ap-southeast-2:123456789012:og:ansible-test-option-group" option_group_description: description: Provides a description of the option group. returned: always diff --git a/plugins/modules/rds_snapshot_info.py b/plugins/modules/rds_snapshot_info.py index f64d6890979..0cc433079bc 100644 --- a/plugins/modules/rds_snapshot_info.py +++ b/plugins/modules/rds_snapshot_info.py @@ -94,7 +94,7 @@ description: Snapshot ARN returned: always type: str - sample: arn:aws:rds:us-west-2:111111111111:snapshot:rds:hello-world-rds-us1-2018-05-16-04-03 + sample: arn:aws:rds:us-west-2:123456789012:snapshot:rds:hello-world-rds-us1-2018-05-16-04-03 db_snapshot_identifier: description: Snapshot name returned: always @@ -129,7 +129,7 @@ description: ID of the KMS Key encrypting the snapshot returned: always type: str - sample: arn:aws:kms:us-west-2:111111111111:key/abcd1234-1234-aaaa-0000-1234567890ab + sample: arn:aws:kms:us-west-2:123456789012:key/abcd1234-1234-aaaa-0000-1234567890ab license_model: description: License model returned: always @@ -211,7 +211,7 @@ description: ARN of the database snapshot returned: always type: str - sample: arn:aws:rds:ca-central-1:111111111111:cluster-snapshot:test-aurora-snapshot + sample: arn:aws:rds:ca-central-1:123456789012:cluster-snapshot:test-aurora-snapshot db_cluster_snapshot_identifier: description: Snapshot identifier returned: always @@ -236,7 +236,7 @@ description: ID of the KMS Key encrypting the snapshot returned: always type: str - sample: arn:aws:kms:ca-central-1:111111111111:key/abcd1234-abcd-1111-aaaa-0123456789ab + sample: arn:aws:kms:ca-central-1:123456789012:key/abcd1234-abcd-1111-aaaa-0123456789ab license_model: description: License model returned: always diff --git a/plugins/modules/rds_subnet_group.py b/plugins/modules/rds_subnet_group.py index ebc263f54ab..b82da2c7e1b 100644 --- a/plugins/modules/rds_subnet_group.py +++ b/plugins/modules/rds_subnet_group.py @@ -165,7 +165,7 @@ description: The ARN of the DB subnet group returned: I(state=present) type: str - sample: "arn:aws:rds:eu-north-1:721066863947:subgrp:ansible-test-13950442" + sample: "arn:aws:rds:eu-north-1:123456789012:subgrp:ansible-test-13950442" tags: description: The tags associated with the subnet group returned: I(state=present)