Make sure v2 playbook classes validate attributes

Also removing cruft code from earlier iteration on task.py and fixing
a bug where 'shell' was not removed from the task ds after munge()
cleaned things up
This commit is contained in:
James Cammarata 2014-10-30 16:04:34 -05:00
parent 3b0e64127d
commit 7cd5b13e34
3 changed files with 23 additions and 195 deletions

View file

@ -24,6 +24,7 @@ from io import FileIO
from six import iteritems, string_types
from ansible.errors import AnsibleParserError
from ansible.playbook.attribute import Attribute, FieldAttribute
from ansible.parsing.yaml import DataLoader
@ -73,14 +74,18 @@ class Base:
if isinstance(ds, string_types) or isinstance(ds, FileIO):
ds = self._loader.load(ds)
# we currently don't do anything with private attributes but may
# later decide to filter them out of 'ds' here.
# call the munge() function to massage the data into something
# we can more easily parse, and then call the validation function
# on it to ensure there are no incorrect key values
ds = self.munge(ds)
self._validate_attributes(ds)
# Walk all attributes in the class.
#
# FIXME: we currently don't do anything with private attributes but
# may later decide to filter them out of 'ds' here.
# walk all attributes in the class
for (name, attribute) in iteritems(self._get_base_attributes()):
# copy the value over unless a _load_field method is defined
if name in ds:
method = getattr(self, '_load_%s' % name, None)
@ -96,6 +101,17 @@ class Base:
def get_loader(self):
return self._loader
def _validate_attributes(self, ds):
'''
Ensures that there are no keys in the datastructure which do
not map to attributes for this object.
'''
valid_attrs = [name for (name, attribute) in iteritems(self._get_base_attributes())]
for key in ds:
if key not in valid_attrs:
raise AnsibleParserError("'%s' is not a valid attribute for a %s" % (key, self.__class__), obj=ds)
def validate(self):
''' validation that is done at parse time, not load time '''

View file

@ -21,7 +21,7 @@ __metaclass__ = type
from six import iteritems, string_types
from ansible.errors import AnsibleError, AnsibleParserError
from ansible.errors import AnsibleParserError
from ansible.playbook.attribute import Attribute, FieldAttribute
from ansible.playbook.base import Base
from ansible.playbook.role.include import RoleInclude
@ -56,16 +56,6 @@ class RoleMetadata(Base):
m = RoleMetadata().load_data(data, loader=loader)
return m
def munge(self, ds):
# make sure there are no keys in the datastructure which
# do not map to attributes for this object
valid_attrs = [name for (name, attribute) in iteritems(self._get_base_attributes())]
for name in ds:
if name not in valid_attrs:
print("'%s' is not a valid attribute" % name)
raise AnsibleParserError("'%s' is not a valid attribute" % name, obj=ds)
return ds
def _load_dependencies(self, attr, ds):
'''
This is a helper loading function for the dependencis list,

View file

@ -160,7 +160,7 @@ class Task(Base):
new_ds['delegate_to'] = delegate_to
for (k,v) in ds.iteritems():
if k in ('action', 'local_action', 'args', 'delegate_to') or k == action:
if k in ('action', 'local_action', 'args', 'delegate_to') or k == action or k == 'shell':
# we don't want to re-assign these values, which were
# determined by the ModuleArgsParser() above
continue
@ -171,181 +171,3 @@ class Task(Base):
return new_ds
# ==================================================================================
# BELOW THIS LINE
# info below this line is "old" and is before the attempt to build Attributes
# use as reference but plan to replace and radically simplify
# ==================================================================================
LEGACY = """
def _load_action(self, ds, k, v):
''' validate/transmogrify/assign the module and parameters if used in 'action/local_action' format '''
results = dict()
module_name, params = v.strip().split(' ', 1)
if module_name not in module_finder:
raise AnsibleError("the specified module '%s' could not be found, check your module path" % module_name)
results['_module_name'] = module_name
results['_parameters'] = parse_kv(params)
if k == 'local_action':
if 'delegate_to' in ds:
raise AnsibleError("delegate_to cannot be specified with local_action in task: %s" % ds.get('name', v))
results['_delegate_to'] = '127.0.0.1'
if not 'transport' in ds and not 'connection' in ds:
results['_transport'] = 'local'
return results
def _load_module(self, ds, k, v):
''' validate/transmogrify/assign the module and parameters if used in 'module:' format '''
results = dict()
if self._module_name:
raise AnsibleError("the module name (%s) was already specified, '%s' is a duplicate" % (self._module_name, k))
elif 'action' in ds:
raise AnsibleError("multiple actions specified in task: '%s' and '%s'" % (k, ds.get('name', ds['action'])))
results['_module_name'] = k
if isinstance(v, dict) and 'args' in ds:
raise AnsibleError("can't combine args: and a dict for %s: in task %s" % (k, ds.get('name', "%s: %s" % (k, v))))
results['_parameters'] = self._load_parameters(v)
return results
def _load_loop(self, ds, k, v):
''' validate/transmogrify/assign the module any loop directives that have valid action plugins as names '''
results = dict()
if isinstance(v, basestring):
param = v.strip()
if (param.startswith('{{') and param.find('}}') == len(ds[x]) - 2 and param.find('|') == -1):
utils.warning("It is unnecessary to use '{{' in loops, leave variables in loop expressions bare.")
plugin_name = k.replace("with_","")
if plugin_name in utils.plugins.lookup_loader:
results['_lookup_plugin'] = plugin_name
results['_lookup_terms'] = v
else:
raise errors.AnsibleError("cannot find lookup plugin named %s for usage in with_%s" % (plugin_name, plugin_name))
return results
def _load_legacy_when(self, ds, k, v):
''' yell about old when syntax being used still '''
utils.deprecated("The 'when_' conditional has been removed. Switch to using the regular unified 'when' statements as described on docs.ansible.com.","1.5", removed=True)
if self._when:
raise errors.AnsibleError("multiple when_* statements specified in task %s" % (ds.get('name', ds.get('action'))))
when_name = k.replace("when_","")
return dict(_when = "%s %s" % (when_name, v))
def _load_when(self, ds, k, v):
''' validate/transmogrify/assign a conditional '''
conditionals = self._when.copy()
conditionals.push(v)
return dict(_when=conditionals)
def _load_changed_when(self, ds, k, v):
''' validate/transmogrify/assign a changed_when conditional '''
conditionals = self._changed_when.copy()
conditionals.push(v)
return dict(_changed_when=conditionals)
def _load_failed_when(self, ds, k, v):
''' validate/transmogrify/assign a failed_when conditional '''
conditionals = self._failed_when.copy()
conditionals.push(v)
return dict(_failed_when=conditionals)
# FIXME: move to BaseObject
def _load_tags(self, ds, k, v):
''' validate/transmogrify/assign any tags '''
new_tags = self.tags.copy()
tags = v
if isinstance(v, basestring):
tags = v.split(',')
new_tags.push(v)
return dict(_tags=v)
def _load_invalid_key(self, ds, k, v):
''' handle any key we do not recognize '''
raise AnsibleError("%s is not a legal parameter in an Ansible task or handler" % k)
def _load_other_valid_key(self, ds, k, v):
''' handle any other attribute we DO recognize '''
results = dict()
k = "_%s" % k
results[k] = v
return results
def _loader_for_key(self, k):
''' based on the name of a datastructure element, find the code to handle it '''
if k in ('action', 'local_action'):
return self._load_action
elif k in utils.plugins.module_finder:
return self._load_module
elif k.startswith('with_'):
return self._load_loop
elif k == 'changed_when':
return self._load_changed_when
elif k == 'failed_when':
return self._load_failed_when
elif k == 'when':
return self._load_when
elif k == 'tags':
return self._load_tags
elif k not in self.VALID_KEYS:
return self._load_invalid_key
else:
return self._load_other_valid_key
# ==================================================================================
# PRE-VALIDATION - expected to be uncommonly used, this checks for arguments that
# are aliases of each other. Most everything else should be in the LOAD block
# or the POST-VALIDATE block.
def _pre_validate(self, ds):
''' rarely used function to see if the datastructure has items that mean the same thing '''
if 'action' in ds and 'local_action' in ds:
raise AnsibleError("the 'action' and 'local_action' attributes can not be used together")
# =================================================================================
# POST-VALIDATION: checks for internal inconsistency between fields
# validation can result in an error but also corrections
def _post_validate(self):
''' is the loaded datastructure sane? '''
if not self._name:
self._name = self._post_validate_fixed_name()
# incompatible items
self._validate_conflicting_su_and_sudo()
self._validate_conflicting_first_available_file_and_loookup()
def _post_validate_fixed_name(self):
'' construct a name for the task if no name was specified '''
flat_params = " ".join(["%s=%s" % (k,v) for k,v in self._parameters.iteritems()])
return = "%s %s" % (self._module_name, flat_params)
def _post_validate_conflicting_su_and_sudo(self):
''' make sure su/sudo usage doesn't conflict '''
conflicting = (self._sudo or self._sudo_user or self._sudo_pass) and (self._su or self._su_user or self._su_pass):
if conflicting:
raise AnsibleError('sudo params ("sudo", "sudo_user", "sudo_pass") and su params ("su", "su_user", "su_pass") cannot be used together')
def _post_validate_conflicting_first_available_file_and_lookup(self):
''' first_available_file (deprecated) predates lookup plugins, and cannot be used with those kinds of loops '''
if self._first_available_file and self._lookup_plugin:
raise AnsibleError("with_(plugin), and first_available_file are mutually incompatible in a single task")
"""