Add a bunch of missing ones. Ref: ansible-collections/community.gener…

…al#1725

Signed-off-by: Rick Elrod <rick@elrod.me>

changelogs/fragments/new-nolog-entries.yml

@@ -28,13 +28,30 @@ security_fixes:
   - gcp_compute_ssl_certificate - `private_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
   - gcp_compute_vpn_tunnel - `shared_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
   - gcp_sql_instance - `client_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
+  - gitlab_runner - `registration_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
   - iap_start_workflow - `token_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
+  - ibm_sa_host - `iscsi_chap_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
   - keycloak_client - `auth_client_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
   - keycloak_clienttemplate - `auth_client_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
   - keycloak_group - `auth_client_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
+  - librato_annotation - `api_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
   - na_elementsw_account - `initiator_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
   - na_elementsw_account - `target_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
   - netscaler_lb_monitor - `radkey` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
+  - nios_nsgroup - `tsig_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
   - nxos_aaa_server - `global_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
   - nxos_pim_interface - `hello_auth_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
+  - oneandone_firewall_policy - `auth_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
+  - oneandone_load_balancer - `auth_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
+  - oneandone_monitoring_policy - `auth_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
+  - oneandone_private_network - `auth_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
+  - oneandone_public_ip - `auth_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
+  - ovirt - `instance_rootpw` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
+  - pagerduty_alert - `api_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
+  - pagerduty_alert - `integration_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
+  - pagerduty_alert - `service_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
+  - pulp_repo - `feed_client_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
+  - rax_clb_ssl - `private_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
+  - spotinst_aws_elastigroup - `multai_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
+  - spotinst_aws_elastigroup - `token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).
   - utm_proxy_auth_profile - `frontend_cookie_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191).

lib/ansible/modules/cloud/misc/ovirt.py

@@ -380,7 +380,7 @@ def main():
             instance_gateway=dict(type='str', aliases=['gateway']),
             instance_domain=dict(type='str', aliases=['domain']),
             instance_dns=dict(type='str', aliases=['dns']),
-            instance_rootpw=dict(type='str', aliases=['rootpw']),
+            instance_rootpw=dict(type='str', aliases=['rootpw'], no_log=True),
             instance_key=dict(type='str', aliases=['key']),
             sdomain=dict(type='str'),
             region=dict(type='str'),

lib/ansible/modules/cloud/oneandone/oneandone_firewall_policy.py

@@ -504,7 +504,8 @@ def main():
         argument_spec=dict(
             auth_token=dict(
                 type='str',
-                default=os.environ.get('ONEANDONE_AUTH_TOKEN')),
+                default=os.environ.get('ONEANDONE_AUTH_TOKEN'),
+                no_log=True),
             api_url=dict(
                 type='str',
                 default=os.environ.get('ONEANDONE_API_URL')),

lib/ansible/modules/cloud/oneandone/oneandone_load_balancer.py

@@ -595,7 +595,8 @@ def main():
         argument_spec=dict(
             auth_token=dict(
                 type='str',
-                default=os.environ.get('ONEANDONE_AUTH_TOKEN')),
+                default=os.environ.get('ONEANDONE_AUTH_TOKEN'),
+                no_log=True),
             api_url=dict(
                 type='str',
                 default=os.environ.get('ONEANDONE_API_URL')),

lib/ansible/modules/cloud/oneandone/oneandone_monitoring_policy.py

@@ -950,7 +950,8 @@ def main():
         argument_spec=dict(
             auth_token=dict(
                 type='str',
-                default=os.environ.get('ONEANDONE_AUTH_TOKEN')),
+                default=os.environ.get('ONEANDONE_AUTH_TOKEN'),
+                no_log=True),
             api_url=dict(
                 type='str',
                 default=os.environ.get('ONEANDONE_API_URL')),

lib/ansible/modules/cloud/oneandone/oneandone_private_network.py

@@ -384,7 +384,8 @@ def main():
         argument_spec=dict(
             auth_token=dict(
                 type='str',
-                default=os.environ.get('ONEANDONE_AUTH_TOKEN')),
+                default=os.environ.get('ONEANDONE_AUTH_TOKEN'),
+                no_log=True),
             api_url=dict(
                 type='str',
                 default=os.environ.get('ONEANDONE_API_URL')),

lib/ansible/modules/cloud/oneandone/oneandone_public_ip.py

@@ -277,7 +277,8 @@ def main():
         argument_spec=dict(
             auth_token=dict(
                 type='str',
-                default=os.environ.get('ONEANDONE_AUTH_TOKEN')),
+                default=os.environ.get('ONEANDONE_AUTH_TOKEN'),
+                no_log=True),
             api_url=dict(
                 type='str',
                 default=os.environ.get('ONEANDONE_API_URL')),

lib/ansible/modules/cloud/rackspace/rax_clb_ssl.py

@@ -236,7 +236,7 @@ def main():
         loadbalancer=dict(required=True),
         state=dict(default='present', choices=['present', 'absent']),
         enabled=dict(type='bool', default=True),
-        private_key=dict(),
+        private_key=dict(no_log=True),
         certificate=dict(),
         intermediate_certificate=dict(),
         secure_port=dict(type='int', default=443),

lib/ansible/modules/cloud/spotinst/spotinst_aws_elastigroup.py

@@ -1438,7 +1438,7 @@ def main():
         min_size=dict(type='int', required=True),
         monitoring=dict(type='str'),
         multai_load_balancers=dict(type='list'),
-        multai_token=dict(type='str'),
+        multai_token=dict(type='str', no_log=True),
         name=dict(type='str', required=True),
         network_interfaces=dict(type='list'),
         on_demand_count=dict(type='int'),
@@ -1462,7 +1462,7 @@ def main():
         target_group_arns=dict(type='list'),
         tenancy=dict(type='str'),
         terminate_at_end_of_billing_hour=dict(type='bool'),
-        token=dict(type='str'),
+        token=dict(type='str', no_log=True),
         unit=dict(type='str'),
         user_data=dict(type='str'),
         utilize_reserved_instances=dict(type='bool'),

lib/ansible/modules/monitoring/librato_annotation.py

@@ -146,7 +146,7 @@ def main():
     module = AnsibleModule(
         argument_spec=dict(
             user=dict(required=True),
-            api_key=dict(required=True),
+            api_key=dict(required=True, no_log=True),
             name=dict(required=False),
             title=dict(required=True),
             source=dict(required=False),

lib/ansible/modules/monitoring/pagerduty_alert.py

@@ -190,9 +190,9 @@ def main():
         argument_spec=dict(
             name=dict(required=False),
             service_id=dict(required=True),
-            service_key=dict(required=False),
-            integration_key=dict(required=False),
-            api_key=dict(required=True),
+            service_key=dict(required=False, no_log=True),
+            integration_key=dict(required=False, no_log=True),
+            api_key=dict(required=True, no_log=True),
             state=dict(required=True,
                        choices=['triggered', 'acknowledged', 'resolved']),
             client=dict(required=False, default=None),

lib/ansible/modules/net_tools/nios/nios_nsgroup.py

@@ -305,7 +305,7 @@ def grid_secondaries_preferred_primaries_transform(module):
         address=dict(required=True, ib_req=True),
         name=dict(required=True, ib_req=True),
         stealth=dict(type='bool', default=False),
-        tsig_key=dict(),
+        tsig_key=dict(no_log=True),
         tsig_key_alg=dict(choices=['HMAC-MD5', 'HMAC-SHA256'], default='HMAC-MD5'),
         tsig_key_name=dict(required=True)
     )

lib/ansible/modules/packaging/os/pulp_repo.py

@@ -544,7 +544,7 @@ def main():
         generate_sqlite=dict(default=False, type='bool'),
         feed_ca_cert=dict(aliases=['importer_ssl_ca_cert', 'ca_cert'], deprecated_aliases=[dict(name='ca_cert', version='2.14')]),
         feed_client_cert=dict(aliases=['importer_ssl_client_cert']),
-        feed_client_key=dict(aliases=['importer_ssl_client_key']),
+        feed_client_key=dict(aliases=['importer_ssl_client_key'], no_log=True),
         name=dict(required=True, aliases=['repo']),
         proxy_host=dict(),
         proxy_port=dict(),

lib/ansible/modules/source_control/gitlab_runner.py

@@ -304,7 +304,7 @@ def main():
         locked=dict(type='bool', default=False),
         access_level=dict(type='str', default='ref_protected', choices=["not_protected", "ref_protected"]),
         maximum_timeout=dict(type='int', default=3600),
-        registration_token=dict(type='str', required=True),
+        registration_token=dict(type='str', required=True, no_log=True),
         state=dict(type='str', default="present", choices=["absent", "present"]),
     ))
 

lib/ansible/modules/storage/ibm/ibm_sa_host.py

@@ -95,7 +95,7 @@ def main():
             cluster=dict(),
             domain=dict(),
             iscsi_chap_name=dict(),
-            iscsi_chap_secret=dict()
+            iscsi_chap_secret=dict(no_log=True)
         )
     )