Add no_log to some module arguments (#1725) (#1729)

* Add no_log to some module arguments This will prevent potentially sensitive information from being printed to the console. See: CVE-2021-20191 * Update changelogs/fragments/CVE-2021-20191_no_log.yml Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit ae8edc02e1) Co-authored-by: David Moreau Simard <dmsimard@redhat.com>
2025-04-24 03:11:24 -07:00 · 2021-02-04 21:54:09 +01:00 · 2021-02-04 21:54:09 +01:00 · ad5b8a813f
commit ad5b8a813f
parent 9cccc9f0cd
4 changed files with 8 additions and 4 deletions
--- a/plugins/module_utils/identity/keycloak/keycloak.py
+++ b/plugins/module_utils/identity/keycloak/keycloak.py
@ -58,7 +58,7 @@ def keycloak_argument_spec():
        auth_keycloak_url=dict(type='str', aliases=['url'], required=True),
        auth_client_id=dict(type='str', default='admin-cli'),
        auth_realm=dict(type='str', required=True),
-        auth_client_secret=dict(type='str', default=None),
+        auth_client_secret=dict(type='str', default=None, no_log=True),
        auth_username=dict(type='str', aliases=['username'], required=True),
        auth_password=dict(type='str', aliases=['password'], required=True, no_log=True),
        validate_certs=dict(type='bool', default=True)