archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[security] Add more missing no_logs (#74116)

Browse Source 
Change:
- Add missing no_log on fields and subfields which should have it.
- Update several changelogs with CVE id.

Signed-off-by: Rick Elrod <rick@elrod.me>
pull/74214/head
Rick Elrod 5 years ago committed by GitHub
parent 6ed3e37df1
commit 6ac19b7757
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
50 changed files with 146 additions and 96 deletions
Show Stats Download Patch File Download Diff File

2
changelogs/fragments/471-no_log.yml
Unescape Escape View File

@ -1,2 +1,2 @@
security_fixes:
- aws_secret - flag the ``secret`` parameter as containing sensitive data which shouldn't be logged (https://github.com/ansible-collections/community.aws/pull/471).
- aws_secret - flag the ``secret`` parameter as containing sensitive data which shouldn't be logged (https://github.com/ansible-collections/community.aws/pull/471) (CVE-2021-3447).

6
changelogs/fragments/community.aws-475-no_log-missing.yml
Unescape Escape View File

@ -1,4 +1,4 @@
security_fixes:
- "aws_direct_connect_virtual_interface - mark the ``authentication_key`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475)."
- "sts_assume_role - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475)."
- "sts_session_token - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475)."
- "aws_direct_connect_virtual_interface - mark the ``authentication_key`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475). (CVE-2021-3447)"
- "sts_assume_role - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475). (CVE-2021-3447)"
- "sts_session_token - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475). (CVE-2021-3447)"

4
changelogs/fragments/community.docker-103-docker_swarm-no_log.yml
Unescape Escape View File

@ -1,4 +1,4 @@
security_fixes:
- "docker_swarm - the ``join_token`` option is now marked as ``no_log`` so it is no longer written into logs (https://github.com/ansible-collections/community.docker/pull/103)."
- "docker_swarm - the ``join_token`` option is now marked as ``no_log`` so it is no longer written into logs (https://github.com/ansible-collections/community.docker/pull/103). (CVE-2021-3447)"
breaking_changes:
- "docker_swarm - if ``join_token`` is specified, a returned join token with the same value will be replaced by ``VALUE_SPECIFIED_IN_NO_LOG_PARAMETER``. Make sure that you do not blindly use the join tokens from the return value of this module when the module is invoked with ``join_token`` specified! This breaking change appears in a minor release since it is necessary to fix a security issue (https://github.com/ansible-collections/community.docker/pull/103)."
- "docker_swarm - if ``join_token`` is specified, a returned join token with the same value will be replaced by ``VALUE_SPECIFIED_IN_NO_LOG_PARAMETER``. Make sure that you do not blindly use the join tokens from the return value of this module when the module is invoked with ``join_token`` specified! This breaking change appears in a minor release since it is necessary to fix a security issue (https://github.com/ansible-collections/community.docker/pull/103). (CVE-2021-3447)"

2
changelogs/fragments/community.general-2018-missing-no_log-again.yml
Unescape Escape View File

@ -1,2 +1,2 @@
security_fixes:
- "na_cdot_user - mark the ``set_password`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/2018)."
- "na_cdot_user - mark the ``set_password`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/2018). (CVE-2021-3447)"

6
changelogs/fragments/community.network-223-no_log-missing.yml
Unescape Escape View File

@ -1,4 +1,4 @@
security_fixes:
- "avi_webhook - mark the ``verification_token`` parameter as ``no_log`` to prevent potential leaking of secret values (https://github.com/ansible-collections/community.network/pull/223)."
- "avi_sslkeyandcertificate - mark the ``enckey_base64`` parameter as ``no_log`` to prevent potential leaking of secret values (https://github.com/ansible-collections/community.network/pull/223)."
- "avi_cloudconnectoruser - mark the ``azure_userpass`` parameter as ``no_log`` to prevent leaking of secret values (https://github.com/ansible-collections/community.network/pull/223)."
- "avi_webhook - mark the ``verification_token`` parameter as ``no_log`` to prevent potential leaking of secret values (https://github.com/ansible-collections/community.network/pull/223). (CVE-2021-3447)"
- "avi_sslkeyandcertificate - mark the ``enckey_base64`` parameter as ``no_log`` to prevent potential leaking of secret values (https://github.com/ansible-collections/community.network/pull/223). (CVE-2021-3447)"
- "avi_cloudconnectoruser - mark the ``azure_userpass`` parameter as ``no_log`` to prevent leaking of secret values (https://github.com/ansible-collections/community.network/pull/223). (CVE-2021-3447)"

46
changelogs/fragments/more-no_log-fixes.yml
Unescape Escape View File

@ -0,0 +1,46 @@
security_fixes:
- azure_rm_devtestlabartifactsource - ``security_token`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- bigip_device_license - ``license_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- bigip_dns_nameserver - ``tsig_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- bigip_dns_zone - ``tsig_server_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- bigip_profile_client_ssl - ``key`` and ``passphrase`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_dlp_fp_doc_source - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_endpoint_control_forticlient_ems - ``admin_password`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_endpoint_control_profile - ``preshared_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_endpoint_control_settings - ``forticlient_reg_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_extender_controller_extender - ``aaa_shared_secret``, ``ha_shared_secret``, ``modem_passwd``, and ``ppp_password`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_firewall_ssh_local_ca - ``password`` and ``private_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_firewall_ssh_local_key - ``password`` and ``private_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_log_disk_setting - ``uploadpass`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_router_bgp - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_router_ospf - ``authentication_key`` and `md5_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_router_rip - ``auth_string`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_system_admin - ``fortitoken`` and ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_system_api_user - ``api_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_system_interface - ``password`` and ``pptp_password`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_system_sdn_connector - ``access_key``, ``client_secret``, ``key_passwd``, ``password``, ``private_key``, and ``secret_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_system_virtual_wan_link - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_user_radius - ``secret``, ``rsso_secret``, ``secondary_secret``, and ``tertiary_secret`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_user_tacacsplus - ``key``, ``secondary_key``, and ``tertiary_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_vpn_ipsec_manualkey - ``authkey`` and ``enckey`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_vpn_ipsec_manualkey_interface - ``auth_key`` and ``enc_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_vpn_ipsec_phase1 - ``authpasswd``, ``group_authentication_secret``, ``ppk_secret``, ``psksecret``, and ``psksecret_remote`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_vpn_ipsec_phase1_interface - ``authpasswd``, ``group_authentication_secret``, ``ppk_secret``, ``psksecret``, and ``psksecret_remote`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_vpn_ssl_web_portal - ``logon_password`` and ``sso_password`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_wireless_controller_vap - ``captive_portal_macauth_radius_secret``, ``captive_portal_radius_secret``, ``key``, and ``passphrase`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_wireless_controller_wtp - ``login_passwd`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- fortios_wireless_controller_wtp_profile - ``fortipresence_secret`` and ``login_passwd`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- gcp_compute_instance - ``raw_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- gcp_container_cluster - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- gcp_sql_instance - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- ios_ntp - ``auth_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- logentries_msg - ``token`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- na_elementsw_cluster_snmp - ``password`` and ``passphrase`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- netscaler_lb_monitor - ``password`` and ``secondarypassword`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- nxos_aaa_server_host - ``key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- ovirt_auth - ``token`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- pingdom - ``key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- rollbar_deployment - ``token` no longer appears in logs (``no_log``) (CVE-2021-3447)
- stackdriver - ``key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- tower_credential - ``security_token`` and ``secret`` no longer appears in logs (``no_log``) (CVE-2021-3447)
- zabbix_action - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447)

3
lib/ansible/modules/cloud/azure/azure_rm_devtestlabartifactsource.py
Unescape Escape View File

@ -164,7 +164,8 @@ class AzureRMDevTestLabArtifactsSource(AzureRMModuleBase):
type='str'
),
security_token=dict(
type='str'
type='str',
no_log=True
),
is_enabled=dict(
type='bool'

7
lib/ansible/modules/cloud/google/gcp_compute_instance.py
Unescape Escape View File

@ -889,7 +889,10 @@ def main():
auto_delete=dict(type='bool'),
boot=dict(type='bool'),
device_name=dict(type='str'),
disk_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'), rsa_encrypted_key=dict(type='str'))),
disk_encryption_key=dict(
type='dict',
options=dict(raw_key=dict(type='str', no_log=True), rsa_encrypted_key=dict(type='str', no_log=True))
),
index=dict(type='int'),
initialize_params=dict(
type='dict',
@ -898,7 +901,7 @@ def main():
disk_size_gb=dict(type='int'),
disk_type=dict(type='str'),
source_image=dict(type='str', aliases=['image', 'image_family']),
source_image_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'))),
source_image_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str', no_log=True))),
),
),
interface=dict(type='str', choices=['SCSI', 'NVME']),

2
lib/ansible/modules/cloud/google/gcp_sql_instance.py
Unescape Escape View File

@ -630,7 +630,7 @@ def main():
connect_retry_interval=dict(type='int'),
dump_file_path=dict(type='str'),
master_heartbeat_period=dict(type='int'),
password=dict(type='str'),
password=dict(type='str', no_log=True),
ssl_cipher=dict(type='str'),
username=dict(type='str'),
verify_server_certificate=dict(type='bool'),

2
lib/ansible/modules/cloud/ovirt/ovirt_auth.py
Unescape Escape View File

@ -223,7 +223,7 @@ def main():
kerberos=dict(required=False, type='bool', default=False),
headers=dict(required=False, type='dict'),
state=dict(default='present', choices=['present', 'absent']),
token=dict(default=None),
token=dict(default=None, no_log=True),
ovirt_auth=dict(required=None, type='dict'),
),
required_if=[

2
lib/ansible/modules/monitoring/pingdom.py
Unescape Escape View File

@ -113,7 +113,7 @@ def main():
checkid=dict(required=True),
uid=dict(required=True),
passwd=dict(required=True, no_log=True),
key=dict(required=True)
key=dict(required=True, no_log=True)
)
)

2
lib/ansible/modules/monitoring/rollbar_deployment.py
Unescape Escape View File

@ -83,7 +83,7 @@ def main():
module = AnsibleModule(
argument_spec=dict(
token=dict(required=True),
token=dict(required=True, no_log=True),
environment=dict(required=True),
revision=dict(required=True),
user=dict(required=False),

2
lib/ansible/modules/monitoring/stackdriver.py
Unescape Escape View File

@ -144,7 +144,7 @@ def main():
module = AnsibleModule(
argument_spec=dict(
key=dict(required=True),
key=dict(required=True, no_log=True),
event=dict(required=True, choices=['deploy', 'annotation']),
msg=dict(),
revision_id=dict(),

6
lib/ansible/modules/monitoring/zabbix/zabbix_action.py
Unescape Escape View File

@ -1735,7 +1735,7 @@ def main():
required=False,
choices=['agent', 'server', 'proxy']
),
password=dict(type='str', required=False),
password=dict(type='str', required=False, no_log=True),
port=dict(type='int', required=False),
run_on_groups=dict(type='list', required=False),
run_on_hosts=dict(type='list', required=False),
@ -1827,7 +1827,7 @@ def main():
required=False,
choices=['agent', 'server', 'proxy']
),
password=dict(type='str', required=False),
password=dict(type='str', required=False, no_log=True),
port=dict(type='int', required=False),
run_on_groups=dict(type='list', required=False),
run_on_hosts=dict(type='list', required=False),
@ -1911,7 +1911,7 @@ def main():
required=False,
choices=['agent', 'server', 'proxy']
),
password=dict(type='str', required=False),
password=dict(type='str', required=False, no_log=True),
port=dict(type='int', required=False),
run_on_groups=dict(type='list', required=False),
run_on_hosts=dict(type='list', required=False),

2
lib/ansible/modules/network/f5/bigip_device_license.py
Unescape Escape View File

@ -847,7 +847,7 @@ class ArgumentSpec(object):
def __init__(self):
self.supports_check_mode = True
argument_spec = dict(
license_key=dict(),
license_key=dict(no_log=True),
license_server=dict(
default='activate.f5.com'
),

2
lib/ansible/modules/network/f5/bigip_dns_nameserver.py
Unescape Escape View File

@ -433,7 +433,7 @@ class ArgumentSpec(object):
address=dict(),
service_port=dict(),
route_domain=dict(),
tsig_key=dict(),
tsig_key=dict(no_log=True),
state=dict(
default='present',
choices=['present', 'absent']

2
lib/ansible/modules/network/f5/bigip_dns_zone.py
Unescape Escape View File

@ -579,7 +579,7 @@ class ArgumentSpec(object):
)
),
nameservers=dict(type='list'),
tsig_server_key=dict(),
tsig_server_key=dict(no_log=True),
partition=dict(
default='Common',
fallback=(env_fallback, ['F5_PARTITION'])

4
lib/ansible/modules/network/f5/bigip_profile_client_ssl.py
Unescape Escape View File

@ -1053,9 +1053,9 @@ class ArgumentSpec(object):
type='list',
options=dict(
cert=dict(required=True),
key=dict(required=True),
key=dict(required=True, no_log=True),
chain=dict(),
passphrase=dict()
passphrase=dict(no_log=True)
)
),
state=dict(

2
lib/ansible/modules/network/fortios/fortios_dlp_fp_doc_source.py
Unescape Escape View File

@ -345,7 +345,7 @@ def main():
"keep-modified": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"name": {"required": True, "type": "str"},
"password": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"period": {"required": False, "type": "str",
"choices": ["none", "daily", "weekly",
"monthly"]},

2
lib/ansible/modules/network/fortios/fortios_endpoint_control_forticlient_ems.py
Unescape Escape View File

@ -280,7 +280,7 @@ def main():
"state": {"required": True, "type": "str",
"choices": ["present", "absent"]},
"address": {"required": False, "type": "str"},
"admin-password": {"required": False, "type": "str"},
"admin-password": {"required": False, "type": "str", "no_log": True},
"admin-type": {"required": False, "type": "str",
"choices": ["Windows", "LDAP"]},
"admin-username": {"required": False, "type": "str"},

4
lib/ansible/modules/network/fortios/fortios_endpoint_control_profile.py
Unescape Escape View File

@ -826,7 +826,7 @@ def main():
"auth-method": {"required": False, "type": "str",
"choices": ["psk", "certificate"]},
"name": {"required": True, "type": "str"},
"preshared-key": {"required": False, "type": "str"},
"preshared-key": {"required": False, "type": "str", "no_log": True},
"remote-gw": {"required": False, "type": "str"},
"sslvpn-access-port": {"required": False, "type": "int"},
"sslvpn-require-certificate": {"required": False, "type": "str",
@ -847,7 +847,7 @@ def main():
"auth-method": {"required": False, "type": "str",
"choices": ["psk", "certificate"]},
"name": {"required": True, "type": "str"},
"preshared-key": {"required": False, "type": "str"},
"preshared-key": {"required": False, "type": "str", "no_log": True},
"remote-gw": {"required": False, "type": "str"},
"sslvpn-access-port": {"required": False, "type": "int"},
"sslvpn-require-certificate": {"required": False, "type": "str",

2
lib/ansible/modules/network/fortios/fortios_endpoint_control_settings.py
Unescape Escape View File

@ -299,7 +299,7 @@ def main():
"forticlient-offline-grace": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"forticlient-offline-grace-interval": {"required": False, "type": "int"},
"forticlient-reg-key": {"required": False, "type": "str"},
"forticlient-reg-key": {"required": False, "type": "str", "no_log": True},
"forticlient-reg-key-enforce": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"forticlient-reg-timeout": {"required": False, "type": "int"},

8
lib/ansible/modules/network/fortios/fortios_extender_controller_extender.py
Unescape Escape View File

@ -442,7 +442,7 @@ def main():
"options": {
"state": {"required": True, "type": "str",
"choices": ["present", "absent"]},
"aaa-shared-secret": {"required": False, "type": "str"},
"aaa-shared-secret": {"required": False, "type": "str", "no_log": True},
"access-point-name": {"required": False, "type": "str"},
"admin": {"required": False, "type": "str",
"choices": ["disable", "discovered", "enable"]},
@ -457,14 +457,14 @@ def main():
"choices": ["dial-on-demand", "always-connect"]},
"dial-status": {"required": False, "type": "int"},
"ext-name": {"required": False, "type": "str"},
"ha-shared-secret": {"required": False, "type": "str"},
"ha-shared-secret": {"required": False, "type": "str", "no_log": True},
"id": {"required": True, "type": "str"},
"ifname": {"required": False, "type": "str"},
"initiated-update": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"mode": {"required": False, "type": "str",
"choices": ["standalone", "redundant"]},
"modem-passwd": {"required": False, "type": "str"},
"modem-passwd": {"required": False, "type": "str", "no_log": True},
"modem-type": {"required": False, "type": "str",
"choices": ["cdma", "gsm/lte", "wimax"]},
"multi-mode": {"required": False, "type": "str",
@ -474,7 +474,7 @@ def main():
"choices": ["auto", "pap", "chap"]},
"ppp-echo-request": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ppp-password": {"required": False, "type": "str"},
"ppp-password": {"required": False, "type": "str", "no_log": True},
"ppp-username": {"required": False, "type": "str"},
"primary-ha": {"required": False, "type": "str"},
"quota-limit-mb": {"required": False, "type": "int"},

4
lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_ca.py
Unescape Escape View File

@ -256,8 +256,8 @@ def main():
"state": {"required": True, "type": "str",
"choices": ["present", "absent"]},
"name": {"required": True, "type": "str"},
"password": {"required": False, "type": "str"},
"private-key": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"private-key": {"required": False, "type": "str", "no_log": True},
"public-key": {"required": False, "type": "str"},
"source": {"required": False, "type": "str",
"choices": ["built-in", "user"]}

4
lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_key.py
Unescape Escape View File

@ -256,8 +256,8 @@ def main():
"state": {"required": True, "type": "str",
"choices": ["present", "absent"]},
"name": {"required": True, "type": "str"},
"password": {"required": False, "type": "str"},
"private-key": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"private-key": {"required": False, "type": "str", "no_log": True},
"public-key": {"required": False, "type": "str"},
"source": {"required": False, "type": "str",
"choices": ["built-in", "user"]}

2
lib/ansible/modules/network/fortios/fortios_log_disk_setting.py
Unescape Escape View File

@ -422,7 +422,7 @@ def main():
"disable"]},
"uploaddir": {"required": False, "type": "str"},
"uploadip": {"required": False, "type": "str"},
"uploadpass": {"required": False, "type": "str"},
"uploadpass": {"required": False, "type": "str", "no_log": True},
"uploadport": {"required": False, "type": "int"},
"uploadsched": {"required": False, "type": "str",
"choices": ["disable", "enable"]},

2
lib/ansible/modules/network/fortios/fortios_router_bgp.py
Unescape Escape View File

@ -1794,7 +1794,7 @@ def main():
"choices": ["enable", "disable"]},
"passive": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"password": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"prefix-list-in": {"required": False, "type": "str"},
"prefix-list-in6": {"required": False, "type": "str"},
"prefix-list-out": {"required": False, "type": "str"},

6
lib/ansible/modules/network/fortios/fortios_router_ospf.py
Unescape Escape View File

@ -841,7 +841,7 @@ def main():
"options": {
"authentication": {"required": False, "type": "str",
"choices": ["none", "text", "md5"]},
"authentication-key": {"required": False, "type": "str"},
"authentication-key": {"required": False, "type": "str", "no_log": True},
"dead-interval": {"required": False, "type": "int"},
"hello-interval": {"required": False, "type": "int"},
"md5-key": {"required": False, "type": "str"},
@ -898,7 +898,7 @@ def main():
"options": {
"authentication": {"required": False, "type": "str",
"choices": ["none", "text", "md5"]},
"authentication-key": {"required": False, "type": "str"},
"authentication-key": {"required": False, "type": "str", "no_log": True},
"bfd": {"required": False, "type": "str",
"choices": ["global", "enable", "disable"]},
"cost": {"required": False, "type": "int"},
@ -909,7 +909,7 @@ def main():
"hello-multiplier": {"required": False, "type": "int"},
"interface": {"required": False, "type": "str"},
"ip": {"required": False, "type": "str"},
"md5-key": {"required": False, "type": "str"},
"md5-key": {"required": False, "type": "str", "no_log": True},
"mtu": {"required": False, "type": "int"},
"mtu-ignore": {"required": False, "type": "str",
"choices": ["enable", "disable"]},

2
lib/ansible/modules/network/fortios/fortios_router_rip.py
Unescape Escape View File

@ -522,7 +522,7 @@ def main():
"auth-keychain": {"required": False, "type": "str"},
"auth-mode": {"required": False, "type": "str",
"choices": ["none", "text", "md5"]},
"auth-string": {"required": False, "type": "str"},
"auth-string": {"required": False, "type": "str", "no_log": True},
"flags": {"required": False, "type": "int"},
"name": {"required": True, "type": "str"},
"receive-version": {"required": False, "type": "str",

4
lib/ansible/modules/network/fortios/fortios_system_admin.py
Unescape Escape View File

@ -763,7 +763,7 @@ def main():
"email-to": {"required": False, "type": "str"},
"force-password-change": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"fortitoken": {"required": False, "type": "str"},
"fortitoken": {"required": False, "type": "str", "no_log": True},
"guest-auth": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"guest-lang": {"required": False, "type": "str"},
@ -855,7 +855,7 @@ def main():
"usr-name": {"required": True, "type": "str"}
}},
"name": {"required": True, "type": "str"},
"password": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"password-expire": {"required": False, "type": "str"},
"peer-auth": {"required": False, "type": "str",
"choices": ["enable", "disable"]},

2
lib/ansible/modules/network/fortios/fortios_system_api_user.py
Unescape Escape View File

@ -320,7 +320,7 @@ def main():
"state": {"required": True, "type": "str",
"choices": ["present", "absent"]},
"accprofile": {"required": False, "type": "str"},
"api-key": {"required": False, "type": "str"},
"api-key": {"required": False, "type": "str", "no_log": True},
"comments": {"required": False, "type": "str"},
"cors-allow-origin": {"required": False, "type": "str"},
"name": {"required": True, "type": "str"},

4
lib/ansible/modules/network/fortios/fortios_system_interface.py
Unescape Escape View File

@ -2050,7 +2050,7 @@ def main():
"both"]},
"outbandwidth": {"required": False, "type": "int"},
"padt-retry-timeout": {"required": False, "type": "int"},
"password": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"ping-serv-status": {"required": False, "type": "int"},
"polling-interval": {"required": False, "type": "int"},
"pppoe-unnumbered-negotiate": {"required": False, "type": "str",
@ -2060,7 +2060,7 @@ def main():
"mschapv1", "mschapv2"]},
"pptp-client": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"pptp-password": {"required": False, "type": "str"},
"pptp-password": {"required": False, "type": "str", "no_log": True},
"pptp-server-ip": {"required": False, "type": "str"},
"pptp-timeout": {"required": False, "type": "int"},
"pptp-user": {"required": False, "type": "str"},

12
lib/ansible/modules/network/fortios/fortios_system_sdn_connector.py
Unescape Escape View File

@ -450,19 +450,19 @@ def main():
"options": {
"state": {"required": True, "type": "str",
"choices": ["present", "absent"]},
"access-key": {"required": False, "type": "str"},
"access-key": {"required": False, "type": "str", "no_log": True},
"azure-region": {"required": False, "type": "str",
"choices": ["global", "china", "germany",
"usgov"]},
"client-id": {"required": False, "type": "str"},
"client-secret": {"required": False, "type": "str"},
"client-secret": {"required": False, "type": "str", "no_log": True},
"compartment-id": {"required": False, "type": "str"},
"external-ip": {"required": False, "type": "list",
"options": {
"name": {"required": True, "type": "str"}
}},
"gcp-project": {"required": False, "type": "str"},
"key-passwd": {"required": False, "type": "str"},
"key-passwd": {"required": False, "type": "str", "no_log": True},
"name": {"required": True, "type": "str"},
"nic": {"required": False, "type": "list",
"options": {
@ -478,8 +478,8 @@ def main():
"oci-region": {"required": False, "type": "str",
"choices": ["phoenix", "ashburn", "frankfurt",
"london"]},
"password": {"required": False, "type": "str"},
"private-key": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"private-key": {"required": False, "type": "str", "no_log": True},
"region": {"required": False, "type": "str"},
"resource-group": {"required": False, "type": "str"},
"route": {"required": False, "type": "list",
@ -495,7 +495,7 @@ def main():
"next-hop": {"required": False, "type": "str"}
}}
}},
"secret-key": {"required": False, "type": "str"},
"secret-key": {"required": False, "type": "str", "no_log": True},
"server": {"required": False, "type": "str"},
"server-port": {"required": False, "type": "int"},
"service-account": {"required": False, "type": "str"},

2
lib/ansible/modules/network/fortios/fortios_system_virtual_wan_link.py
Unescape Escape View File

@ -812,7 +812,7 @@ def main():
}},
"name": {"required": True, "type": "str"},
"packet-size": {"required": False, "type": "int"},
"password": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "no_log": True},
"port": {"required": False, "type": "int"},
"protocol": {"required": False, "type": "str",
"choices": ["ping", "tcp-echo", "udp-echo",

8
lib/ansible/modules/network/fortios/fortios_user_radius.py
Unescape Escape View File

@ -575,7 +575,7 @@ def main():
"options": {
"id": {"required": True, "type": "int"},
"port": {"required": False, "type": "int"},
"secret": {"required": False, "type": "str"},
"secret": {"required": False, "type": "str", "no_log": True},
"server": {"required": False, "type": "str"},
"source-ip": {"required": False, "type": "str"},
"status": {"required": False, "type": "str",
@ -637,11 +637,11 @@ def main():
"rsso-radius-response": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"rsso-radius-server-port": {"required": False, "type": "int"},
"rsso-secret": {"required": False, "type": "str"},
"rsso-secret": {"required": False, "type": "str", "no_log": True},
"rsso-validate-request-secret": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"secondary-secret": {"required": False, "type": "str"},
"secondary-server": {"required": False, "type": "str"},
"secondary-server": {"required": False, "type": "str", "no_log": True},
"secret": {"required": False, "type": "str"},
"server": {"required": False, "type": "str"},
"source-ip": {"required": False, "type": "str"},
@ -657,7 +657,7 @@ def main():
"sso-attribute-key": {"required": False, "type": "str"},
"sso-attribute-value-override": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"tertiary-secret": {"required": False, "type": "str"},
"tertiary-secret": {"required": False, "type": "str", "no_log": True},
"tertiary-server": {"required": False, "type": "str"},
"timeout": {"required": False, "type": "int"},
"use-management-vdom": {"required": False, "type": "str",

6
lib/ansible/modules/network/fortios/fortios_user_tacacsplus.py
Unescape Escape View File

@ -292,14 +292,14 @@ def main():
"ascii", "auto"]},
"authorization": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"key": {"required": False, "type": "str"},
"key": {"required": False, "type": "str", "no_log": True},
"name": {"required": True, "type": "str"},
"port": {"required": False, "type": "int"},
"secondary-key": {"required": False, "type": "str"},
"secondary-key": {"required": False, "type": "str", "no_log": True},
"secondary-server": {"required": False, "type": "str"},
"server": {"required": False, "type": "str"},
"source-ip": {"required": False, "type": "str"},
"tertiary-key": {"required": False, "type": "str"},
"tertiary-key": {"required": False, "type": "str", "no_log": True},
"tertiary-server": {"required": False, "type": "str"}
}

4
lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey.py
Unescape Escape View File

@ -307,8 +307,8 @@ def main():
"authentication": {"required": False, "type": "str",
"choices": ["null", "md5", "sha1",
"sha256", "sha384", "sha512"]},
"authkey": {"required": False, "type": "str"},
"enckey": {"required": False, "type": "str"},
"authkey": {"required": False, "type": "str", "no_log": True},
"enckey": {"required": False, "type": "str", "no_log": True},
"encryption": {"required": False, "type": "str",
"choices": ["null", "des"]},
"interface": {"required": False, "type": "str"},

4
lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey_interface.py
Unescape Escape View File

@ -332,10 +332,10 @@ def main():
"auth-alg": {"required": False, "type": "str",
"choices": ["null", "md5", "sha1",
"sha256", "sha384", "sha512"]},
"auth-key": {"required": False, "type": "str"},
"auth-key": {"required": False, "type": "str", "no_log": True},
"enc-alg": {"required": False, "type": "str",
"choices": ["null", "des"]},
"enc-key": {"required": False, "type": "str"},
"enc-key": {"required": False, "type": "str", "no_log": True},
"interface": {"required": False, "type": "str"},
"ip-version": {"required": False, "type": "str",
"choices": ["4", "6"]},

8
lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1.py
Unescape Escape View File

@ -924,7 +924,7 @@ def main():
"choices": ["psk", "signature"]},
"authmethod-remote": {"required": False, "type": "str",
"choices": ["psk", "signature"]},
"authpasswd": {"required": False, "type": "str"},
"authpasswd": {"required": False, "type": "str", "no_log": True},
"authusr": {"required": False, "type": "str"},
"authusrgrp": {"required": False, "type": "str"},
"auto-negotiate": {"required": False, "type": "str",
@ -977,7 +977,7 @@ def main():
"fragmentation-mtu": {"required": False, "type": "int"},
"group-authentication": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"group-authentication-secret": {"required": False, "type": "password-3"},
"group-authentication-secret": {"required": False, "type": "password-3", "no_log": True},
"ha-sync-esp-seqno": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"idle-timeout": {"required": False, "type": "str",
@ -1048,12 +1048,12 @@ def main():
"ppk": {"required": False, "type": "str",
"choices": ["disable", "allow", "require"]},
"ppk-identity": {"required": False, "type": "str"},
"ppk-secret": {"required": False, "type": "password-3"},
"ppk-secret": {"required": False, "type": "password-3", "no_log": True},
"priority": {"required": False, "type": "int"},
"proposal": {"required": False, "type": "str",
"choices": ["des-md5", "des-sha1", "des-sha256",
"des-sha384", "des-sha512"]},
"psksecret": {"required": False, "type": "password-3"},
"psksecret": {"required": False, "type": "password-3", "no_log": True},
"psksecret-remote": {"required": False, "type": "password-3"},
"reauth": {"required": False, "type": "str",
"choices": ["disable", "enable"]},

8
lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1_interface.py
Unescape Escape View File

@ -1080,7 +1080,7 @@ def main():
"choices": ["psk", "signature"]},
"authmethod-remote": {"required": False, "type": "str",
"choices": ["psk", "signature"]},
"authpasswd": {"required": False, "type": "str"},
"authpasswd": {"required": False, "type": "str", "no_log": True},
"authusr": {"required": False, "type": "str"},
"authusrgrp": {"required": False, "type": "str"},
"auto-discovery-forwarder": {"required": False, "type": "str",
@ -1153,7 +1153,7 @@ def main():
"fragmentation-mtu": {"required": False, "type": "int"},
"group-authentication": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"group-authentication-secret": {"required": False, "type": "password-3"},
"group-authentication-secret": {"required": False, "type": "password-3", "no_log": True},
"ha-sync-esp-seqno": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"idle-timeout": {"required": False, "type": "str",
@ -1240,12 +1240,12 @@ def main():
"ppk": {"required": False, "type": "str",
"choices": ["disable", "allow", "require"]},
"ppk-identity": {"required": False, "type": "str"},
"ppk-secret": {"required": False, "type": "password-3"},
"ppk-secret": {"required": False, "type": "password-3", "no_log": True},
"priority": {"required": False, "type": "int"},
"proposal": {"required": False, "type": "str",
"choices": ["des-md5", "des-sha1", "des-sha256",
"des-sha384", "des-sha512"]},
"psksecret": {"required": False, "type": "password-3"},
"psksecret": {"required": False, "type": "password-3", "no_log": True},
"psksecret-remote": {"required": False, "type": "password-3"},
"reauth": {"required": False, "type": "str",
"choices": ["disable", "enable"]},

4
lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_portal.py
Unescape Escape View File

@ -911,7 +911,7 @@ def main():
"host": {"required": False, "type": "str"},
"listening-port": {"required": False, "type": "int"},
"load-balancing-info": {"required": False, "type": "str"},
"logon-password": {"required": False, "type": "str"},
"logon-password": {"required": False, "type": "str", "no_log": True},
"logon-user": {"required": False, "type": "str"},
"name": {"required": True, "type": "str"},
"port": {"required": False, "type": "int"},
@ -935,7 +935,7 @@ def main():
"sso-credential-sent-once": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"sso-password": {"required": False, "type": "str"},
"sso-username": {"required": False, "type": "str"},
"sso-username": {"required": False, "type": "str", "no_log": True},
"url": {"required": False, "type": "str"}
}},
"name": {"required": True, "type": "str"}

10
lib/ansible/modules/network/fortios/fortios_wireless_controller_vap.py
Unescape Escape View File

@ -1074,9 +1074,9 @@ def main():
"netbios-ds", "ipv6", "all-other-mc",
"all-other-bc"]},
"captive-portal-ac-name": {"required": False, "type": "str"},
"captive-portal-macauth-radius-secret": {"required": False, "type": "str"},
"captive-portal-macauth-radius-secret": {"required": False, "type": "str", "no_log": True},
"captive-portal-macauth-radius-server": {"required": False, "type": "str"},
"captive-portal-radius-secret": {"required": False, "type": "str"},
"captive-portal-radius-secret": {"required": False, "type": "str", "no_log": True},
"captive-portal-radius-server": {"required": False, "type": "str"},
"captive-portal-session-timeout-interval": {"required": False, "type": "int"},
"dhcp-lease-time": {"required": False, "type": "int"},
@ -1114,7 +1114,7 @@ def main():
"intra-vap-privacy": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"ip": {"required": False, "type": "str"},
"key": {"required": False, "type": "str"},
"key": {"required": False, "type": "str", "no_log": True},
"keyindex": {"required": False, "type": "int"},
"ldpc": {"required": False, "type": "str",
"choices": ["disable", "rx", "tx",
@ -1155,7 +1155,7 @@ def main():
"comment": {"required": False, "type": "str"},
"concurrent-clients": {"required": False, "type": "str"},
"key-name": {"required": True, "type": "str"},
"passphrase": {"required": False, "type": "str"}
"passphrase": {"required": False, "type": "str", "no_log": True}
}},
"multicast-enhance": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@ -1165,7 +1165,7 @@ def main():
"name": {"required": True, "type": "str"},
"okc": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"passphrase": {"required": False, "type": "str"},
"passphrase": {"required": False, "type": "str", "no_log": True},
"pmf": {"required": False, "type": "str",
"choices": ["disable", "enable", "optional"]},
"pmf-assoc-comeback-timeout": {"required": False, "type": "int"},

2
lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp.py
Unescape Escape View File

@ -873,7 +873,7 @@ def main():
"led-state": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"location": {"required": False, "type": "str"},
"login-passwd": {"required": False, "type": "str"},
"login-passwd": {"required": False, "type": "str", "no_log": True},
"login-passwd-change": {"required": False, "type": "str",
"choices": ["yes", "default", "no"]},
"mesh-bridge-enable": {"required": False, "type": "str",

4
lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp_profile.py
Unescape Escape View File

@ -1560,7 +1560,7 @@ def main():
"fortipresence-project": {"required": False, "type": "str"},
"fortipresence-rogue": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"fortipresence-secret": {"required": False, "type": "str"},
"fortipresence-secret": {"required": False, "type": "str", "no_log": True},
"fortipresence-server": {"required": False, "type": "str"},
"fortipresence-unassoc": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
@ -1575,7 +1575,7 @@ def main():
"choices": ["enable", "disable"]},
"lldp": {"required": False, "type": "str",
"choices": ["enable", "disable"]},
"login-passwd": {"required": False, "type": "str"},
"login-passwd": {"required": False, "type": "str", "no_log": True},
"login-passwd-change": {"required": False, "type": "str",
"choices": ["yes", "default", "no"]},
"max-clients": {"required": False, "type": "int"},

4
lib/ansible/modules/network/ios/ios_ntp.py
Unescape Escape View File

@ -38,7 +38,7 @@ options:
default: False
auth_key:
description:
- md5 NTP authentication key of tye 7.
- md5 NTP authentication key of type 7.
key_id:
description:
- auth_key id. Data type string
@ -272,7 +272,7 @@ def main():
acl=dict(),
logging=dict(type='bool', default=False),
auth=dict(type='bool', default=False),
auth_key=dict(),
auth_key=dict(no_log=True),
key_id=dict(),
state=dict(choices=['absent', 'present'], default='present')
)

4
lib/ansible/modules/network/netscaler/netscaler_lb_monitor.py
Unescape Escape View File

@ -982,8 +982,8 @@ def main():
dispatcherip=dict(type='str'),
dispatcherport=dict(type='int'),
username=dict(type='str'),
password=dict(type='str'),
secondarypassword=dict(type='str'),
password=dict(type='str', no_log=True),
secondarypassword=dict(type='str', no_log=True),
logonpointname=dict(type='str'),
lasversion=dict(type='str'),
radkey=dict(type='str', no_log=True),

2
lib/ansible/modules/network/nxos/nxos_aaa_server_host.py
Unescape Escape View File

@ -246,7 +246,7 @@ def main():
argument_spec = dict(
server_type=dict(choices=['radius', 'tacacs'], required=True),
address=dict(type='str', required=True),
key=dict(type='str'),
key=dict(type='str', no_log=True),
encrypt_type=dict(type='str', choices=['0', '7']),
host_timeout=dict(type='str'),
auth_port=dict(type='str'),

2
lib/ansible/modules/notification/logentries_msg.py
Unescape Escape View File

@ -73,7 +73,7 @@ def send_msg(module, token, msg, api, port):
def main():
module = AnsibleModule(
argument_spec=dict(
token=dict(type='str', required=True),
token=dict(type='str', required=True, no_log=True),
msg=dict(type='str', required=True),
api=dict(type='str', default="data.logentries.com"),
port=dict(type='int', default=80)),

4
lib/ansible/modules/storage/netapp/na_elementsw_cluster_snmp.py
Unescape Escape View File

@ -177,8 +177,8 @@ class ElementSWClusterSnmp(object):
options=dict(
access=dict(type='str', choices=['rouser', 'rwuser', 'rosys']),
name=dict(type='str', default=None),
password=dict(type='str', default=None),
passphrase=dict(type='str', default=None),
password=dict(type='str', default=None, no_log=True),
passphrase=dict(type='str', default=None, no_log=True),
secLevel=dict(type='str', choices=['auth', 'noauth', 'priv'])
)
),

4
lib/ansible/modules/web_infrastructure/ansible_tower/tower_credential.py
Unescape Escape View File

@ -245,8 +245,8 @@ def main():
authorize=dict(type='bool', default=False),
authorize_password=dict(no_log=True),
client=dict(),
security_token=dict(),
secret=dict(),
security_token=dict(no_log=True),
secret=dict(no_log=True),
tenant=dict(),
subscription=dict(),
domain=dict(),

Write Preview
Loading…
Cancel
Save