diff options
author | Rick Elrod <rick@elrod.me> | 2021-02-05 12:31:32 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-02-05 11:31:32 -0600 |
commit | 96f84566801b37d64572a1bd6d463982b7a925e8 (patch) | |
tree | ab2cfffd1e4ba066c752d24f5ca6b1f1004d6d9d | |
parent | d74a1b1d1325af2a24848044cf2858987f5a3ecc (diff) | |
download | ansible-96f84566801b37d64572a1bd6d463982b7a925e8.tar.gz |
no_log keycloak_client's registration_access_token (#73502)
Change:
- Address missing no_log change from #73489.
Tickets:
- Refs #73489
Signed-off-by: Rick Elrod <rick@elrod.me>
-rw-r--r-- | changelogs/fragments/new-nolog-entries.yml | 1 | ||||
-rw-r--r-- | lib/ansible/modules/identity/keycloak/keycloak_client.py | 2 |
2 files changed, 2 insertions, 1 deletions
diff --git a/changelogs/fragments/new-nolog-entries.yml b/changelogs/fragments/new-nolog-entries.yml index 00a0b38601..10fc3ca212 100644 --- a/changelogs/fragments/new-nolog-entries.yml +++ b/changelogs/fragments/new-nolog-entries.yml @@ -32,6 +32,7 @@ security_fixes: - iap_start_workflow - `token_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). - ibm_sa_host - `iscsi_chap_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). - keycloak_client - `auth_client_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + - keycloak_client - `registration_access_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). - keycloak_clienttemplate - `auth_client_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). - keycloak_group - `auth_client_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). - librato_annotation - `api_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). diff --git a/lib/ansible/modules/identity/keycloak/keycloak_client.py b/lib/ansible/modules/identity/keycloak/keycloak_client.py index dcbccc5c03..ee3d73f10a 100644 --- a/lib/ansible/modules/identity/keycloak/keycloak_client.py +++ b/lib/ansible/modules/identity/keycloak/keycloak_client.py @@ -681,7 +681,7 @@ def main(): enabled=dict(type='bool'), client_authenticator_type=dict(type='str', choices=['client-secret', 'client-jwt'], aliases=['clientAuthenticatorType']), secret=dict(type='str', no_log=True), - registration_access_token=dict(type='str', aliases=['registrationAccessToken']), + registration_access_token=dict(type='str', aliases=['registrationAccessToken'], no_log=True), default_roles=dict(type='list', aliases=['defaultRoles']), redirect_uris=dict(type='list', aliases=['redirectUris']), web_origins=dict(type='list', aliases=['webOrigins']), |