ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-04-05 10:10:31 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

[PR #9621/fb4f7248 backport][stable-10] keycloak_client: sanitize saml.encryption.private.key (#9630)

Browse source 
keycloak_client: sanitize `saml.encryption.private.key` (#9621)

* sanitize saml.encryption.private.key in module output

* add changelog fragment

* Re-categorize changelog fragment.

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit fb4f7248c9)

Co-authored-by: fgruenbauer <gruenbauer@b1-systems.de>
This commit is contained in:
patchback[bot] 2025-01-26 13:22:56 +01:00 committed by GitHub
parent c7ac7fbefd
commit 8e2fa624e0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/9621-keycloak_client-sanitize-saml-encryption-key.yml Normal file
View file

@ -0,0 +1,2 @@
security_fixes:
- keycloak_client - Sanitize ``saml.encryption.private.key`` so it does not show in the logs (https://github.com/ansible-collections/community.general/pull/9621).

7
plugins/modules/keycloak_client.py
View file

@ -775,8 +775,11 @@ def sanitize_cr(clientrep):
result['secret'] = 'no_log'
if 'attributes' in result:
attributes = result['attributes']
if isinstance(attributes, dict) and 'saml.signing.private.key' in attributes:
attributes['saml.signing.private.key'] = 'no_log'
if isinstance(attributes, dict):
if 'saml.signing.private.key' in attributes:
attributes['saml.signing.private.key'] = 'no_log'
if 'saml.encryption.private.key' in attributes:
attributes['saml.encryption.private.key'] = 'no_log'
return normalise_cr(result)