From dccc17eb6956a9a09485b90198219559acd3a209 Mon Sep 17 00:00:00 2001 From: GomathiselviS Date: Thu, 22 Apr 2021 13:16:39 -0400 Subject: VYOS: Mask sensitive key values from module result (#151) VYOS: Mask sensitive key values from module result Reviewed-by: https://github.com/apps/ansible-zuul --- .../network/vyos/argspec/bgp_global/bgp_global.py | 2 +- .../network/vyos/argspec/ospf_interfaces/ospf_interfaces.py | 12 +++++++++--- plugins/module_utils/network/vyos/argspec/ospfv2/ospfv2.py | 10 ++++++++-- .../module_utils/network/vyos/facts/bgp_global/bgp_global.py | 8 ++++++-- .../network/vyos/facts/ospf_interfaces/ospf_interfaces.py | 11 ++++++++--- .../network/vyos/rm_templates/bgp_address_family.py | 4 ++-- plugins/module_utils/network/vyos/rm_templates/bgp_global.py | 4 ++-- .../network/vyos/rm_templates/ospf_interfaces.py | 4 ++-- 8 files changed, 38 insertions(+), 17 deletions(-) (limited to 'plugins') diff --git a/plugins/module_utils/network/vyos/argspec/bgp_global/bgp_global.py b/plugins/module_utils/network/vyos/argspec/bgp_global/bgp_global.py index 4192a844..da56aa9e 100644 --- a/plugins/module_utils/network/vyos/argspec/bgp_global/bgp_global.py +++ b/plugins/module_utils/network/vyos/argspec/bgp_global/bgp_global.py @@ -174,7 +174,7 @@ class Bgp_globalArgs(object): # pylint: disable=R0903 }, "disable_connected_check": {"type": "bool"}, "address": {"type": "str"}, - "password": {"type": "str"}, + "password": {"type": "str", "no_log": True}, "disable_send_community": { "type": "str", "choices": ["extended", "standard"], diff --git a/plugins/module_utils/network/vyos/argspec/ospf_interfaces/ospf_interfaces.py b/plugins/module_utils/network/vyos/argspec/ospf_interfaces/ospf_interfaces.py index e7dd10c7..71ba63b6 100644 --- a/plugins/module_utils/network/vyos/argspec/ospf_interfaces/ospf_interfaces.py +++ b/plugins/module_utils/network/vyos/argspec/ospf_interfaces/ospf_interfaces.py @@ -71,12 +71,18 @@ class Ospf_interfacesArgs(object): # pylint: disable=R0903 "authentication": { "type": "dict", "options": { - "plaintext_password": {"type": "str"}, + "plaintext_password": { + "type": "str", + "no_log": True, + }, "md5_key": { "type": "dict", + "no_log": False, "options": { - "key_id": {"type": "int"}, - "key": {"type": "str"}, + "key_id": { + "type": "int", + }, + "key": {"type": "str", "no_log": True}, }, }, }, diff --git a/plugins/module_utils/network/vyos/argspec/ospfv2/ospfv2.py b/plugins/module_utils/network/vyos/argspec/ospfv2/ospfv2.py index b8e915c7..0061e797 100644 --- a/plugins/module_utils/network/vyos/argspec/ospfv2/ospfv2.py +++ b/plugins/module_utils/network/vyos/argspec/ospfv2/ospfv2.py @@ -174,11 +174,17 @@ class Ospfv2Args(object): # pylint: disable=R0903 "elements": "dict", "options": { "key_id": {"type": "int"}, - "md5_key": {"type": "str"}, + "md5_key": { + "type": "str", + "no_log": True, + }, }, "type": "list", }, - "plaintext_password": {"type": "str"}, + "plaintext_password": { + "type": "str", + "no_log": True, + }, }, "type": "dict", }, diff --git a/plugins/module_utils/network/vyos/facts/bgp_global/bgp_global.py b/plugins/module_utils/network/vyos/facts/bgp_global/bgp_global.py index 3cfa83ce..1efd877f 100644 --- a/plugins/module_utils/network/vyos/facts/bgp_global/bgp_global.py +++ b/plugins/module_utils/network/vyos/facts/bgp_global/bgp_global.py @@ -59,7 +59,9 @@ class Bgp_globalFacts(object): if "address-family" not in resource: config_lines.append(re.sub("'", "", resource)) - bgp_global_parser = Bgp_globalTemplate(lines=config_lines) + bgp_global_parser = Bgp_globalTemplate( + lines=config_lines, module=self._module + ) objs = bgp_global_parser.parse() if "neighbor" in objs: @@ -79,7 +81,9 @@ class Bgp_globalFacts(object): ansible_facts["ansible_network_resources"].pop("bgp_global", None) params = utils.remove_empties( - utils.validate_config(self.argument_spec, {"config": objs}) + bgp_global_parser.validate_config( + self.argument_spec, {"config": objs}, redact=True + ) ) facts["bgp_global"] = params.get("config", []) diff --git a/plugins/module_utils/network/vyos/facts/ospf_interfaces/ospf_interfaces.py b/plugins/module_utils/network/vyos/facts/ospf_interfaces/ospf_interfaces.py index 15ac92a8..7ef05cb6 100644 --- a/plugins/module_utils/network/vyos/facts/ospf_interfaces/ospf_interfaces.py +++ b/plugins/module_utils/network/vyos/facts/ospf_interfaces/ospf_interfaces.py @@ -69,6 +69,9 @@ class Ospf_interfacesFacts(object): """ facts = {} objs = [] + ospf_interfaces_parser = Ospf_interfacesTemplate( + lines=[], module=self._module + ) if not data: data = self.get_device_data(connection) @@ -78,7 +81,7 @@ class Ospf_interfacesFacts(object): resources = self.get_config_set(data) for resource in resources: ospf_interfaces_parser = Ospf_interfacesTemplate( - lines=resource.split("\n") + lines=resource.split("\n"), module=self._module ) objs = ospf_interfaces_parser.parse() for key, sortv in [("address_family", "afi")]: @@ -89,8 +92,10 @@ class Ospf_interfacesFacts(object): ansible_facts["ansible_network_resources"].pop("ospf_interfaces", None) facts = {"ospf_interfaces": []} params = utils.remove_empties( - utils.validate_config( - self.argument_spec, {"config": ospf_interfaces_facts} + ospf_interfaces_parser.validate_config( + self.argument_spec, + {"config": ospf_interfaces_facts}, + redact=True, ) ) if params.get("config"): diff --git a/plugins/module_utils/network/vyos/rm_templates/bgp_address_family.py b/plugins/module_utils/network/vyos/rm_templates/bgp_address_family.py index 55e22001..ae953e4b 100644 --- a/plugins/module_utils/network/vyos/rm_templates/bgp_address_family.py +++ b/plugins/module_utils/network/vyos/rm_templates/bgp_address_family.py @@ -282,10 +282,10 @@ def _tmplt_bgp_af_neighbor(config_data): class Bgp_address_familyTemplate(NetworkTemplate): - def __init__(self, lines=None): + def __init__(self, lines=None, module=None): prefix = {"set": "set", "remove": "delete"} super(Bgp_address_familyTemplate, self).__init__( - lines=lines, tmplt=self, prefix=prefix + lines=lines, tmplt=self, prefix=prefix, module=module ) # fmt: off diff --git a/plugins/module_utils/network/vyos/rm_templates/bgp_global.py b/plugins/module_utils/network/vyos/rm_templates/bgp_global.py index aff62581..cb9907b9 100644 --- a/plugins/module_utils/network/vyos/rm_templates/bgp_global.py +++ b/plugins/module_utils/network/vyos/rm_templates/bgp_global.py @@ -218,10 +218,10 @@ def _tmplt_bgp_params_distance(config_data): class Bgp_globalTemplate(NetworkTemplate): - def __init__(self, lines=None): + def __init__(self, lines=None, module=None): prefix = {"set": "set", "remove": "delete"} super(Bgp_globalTemplate, self).__init__( - lines=lines, tmplt=self, prefix=prefix + lines=lines, tmplt=self, prefix=prefix, module=module ) # fmt: off diff --git a/plugins/module_utils/network/vyos/rm_templates/ospf_interfaces.py b/plugins/module_utils/network/vyos/rm_templates/ospf_interfaces.py index 460e6b0a..1e3afbef 100644 --- a/plugins/module_utils/network/vyos/rm_templates/ospf_interfaces.py +++ b/plugins/module_utils/network/vyos/rm_templates/ospf_interfaces.py @@ -302,10 +302,10 @@ def _tmplt_ospf_int_passive(config_data): class Ospf_interfacesTemplate(NetworkTemplate): - def __init__(self, lines=None): + def __init__(self, lines=None, module=None): prefix = {"set": "set", "remove": "delete"} super(Ospf_interfacesTemplate, self).__init__( - lines=lines, tmplt=self, prefix=prefix + lines=lines, tmplt=self, prefix=prefix, module=module ) # fmt: off -- cgit v1.2.3