From 4fb24327a3283a57bdf14f10dbf06426ecbb96ac Mon Sep 17 00:00:00 2001
From: Felix Fontein <felix@fontein.de>
Date: Sat, 3 Apr 2021 16:54:50 +0200
Subject: [PATCH] Backport of
 https://github.com/ansible-collections/community.general/pull/2018. (#73893)

---
 .../fragments/community.general-2018-missing-no_log-again.yml   | 2 ++
 lib/ansible/modules/storage/netapp/_na_cdot_user.py             | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/fragments/community.general-2018-missing-no_log-again.yml

diff --git a/changelogs/fragments/community.general-2018-missing-no_log-again.yml b/changelogs/fragments/community.general-2018-missing-no_log-again.yml
new file mode 100644
index 00000000000..7410b7643e7
--- /dev/null
+++ b/changelogs/fragments/community.general-2018-missing-no_log-again.yml
@@ -0,0 +1,2 @@
+security_fixes:
+- "na_cdot_user - mark the ``set_password`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/2018)."
diff --git a/lib/ansible/modules/storage/netapp/_na_cdot_user.py b/lib/ansible/modules/storage/netapp/_na_cdot_user.py
index c3580091da8..69008ff0b99 100644
--- a/lib/ansible/modules/storage/netapp/_na_cdot_user.py
+++ b/lib/ansible/modules/storage/netapp/_na_cdot_user.py
@@ -132,7 +132,7 @@ class NetAppCDOTUser(object):
                                        choices=['community', 'password',
                                                 'publickey', 'domain',
                                                 'nsswitch', 'usm']),
-            set_password=dict(required=False, type='str', default=None),
+            set_password=dict(required=False, type='str', default=None, no_log=True),
             role_name=dict(required=False, type='str'),
 
             vserver=dict(required=True, type='str'),