0ad11aef75
- Update to version 2.8.3: Full changelog is packaged, but also at https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst - (bsc#1142690) Adds CVE-2019-10206-data-disclosure.patch fixing CVE-2019-10206: ansible-playbook -k and ansible cli tools prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them. - (bsc#1144453) Adds CVE-2019-10217-gcp-modules-sensitive-fields.patch CVE-2019-10217: Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks. OBS-URL: https://build.opensuse.org/request/show/721576 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=143
40 lines
1.8 KiB
Diff
40 lines
1.8 KiB
Diff
From 642a3b4d3133d0cff3ea5b8300757045b2bda09d Mon Sep 17 00:00:00 2001
|
|
From: Abhijeet Kasurde <akasurde@redhat.com>
|
|
Date: Tue, 23 Jul 2019 14:14:13 +0530
|
|
Subject: [PATCH] gcp_utils: Handle JSON decode exception
|
|
|
|
Handle json.loads exception rather than providing stacktrace
|
|
|
|
Fixes: #56269
|
|
|
|
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
|
|
---
|
|
lib/ansible/module_utils/gcp_utils.py | 9 +++++++--
|
|
1 file changed, 7 insertions(+), 2 deletions(-)
|
|
|
|
--- a/lib/ansible/module_utils/gcp_utils.py
|
|
+++ b/lib/ansible/module_utils/gcp_utils.py
|
|
@@ -18,7 +18,7 @@ except ImportError:
|
|
|
|
from ansible.module_utils.basic import AnsibleModule, env_fallback
|
|
from ansible.module_utils.six import string_types
|
|
-from ansible.module_utils._text import to_text
|
|
+from ansible.module_utils._text import to_text, to_native
|
|
import ast
|
|
import os
|
|
import json
|
|
@@ -157,7 +157,12 @@ class GcpSession(object):
|
|
path = os.path.realpath(os.path.expanduser(self.module.params['service_account_file']))
|
|
return service_account.Credentials.from_service_account_file(path).with_scopes(self.module.params['scopes'])
|
|
elif cred_type == 'serviceaccount' and self.module.params.get('service_account_contents'):
|
|
- cred = json.loads(self.module.params.get('service_account_contents'))
|
|
+ try:
|
|
+ cred = json.loads(self.module.params.get('service_account_contents'))
|
|
+ except json.decoder.JSONDecodeError as e:
|
|
+ self.module.fail_json(
|
|
+ msg="Unable to decode service_account_contents as JSON : %s" % to_native(e)
|
|
+ )
|
|
return service_account.Credentials.from_service_account_info(cred).with_scopes(self.module.params['scopes'])
|
|
elif cred_type == 'machineaccount':
|
|
return google.auth.compute_engine.Credentials(
|