[stable-2.10] Ensure single vaulted values aren't counted as sequences. Fixes #70784 (#70786) (#70791)
(cherry picked from commit 96b74d3
)
Co-authored-by: Matt Martz <matt@sivel.net>
This commit is contained in:
parent
1eb2afac63
commit
7eb5f53294
3 changed files with 14 additions and 2 deletions
3
changelogs/fragments/70784-vault-is-string.yml
Normal file
3
changelogs/fragments/70784-vault-is-string.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
bugfixes:
|
||||||
|
- JSON Encoder - Ensure we treat single vault encrypted values as strings
|
||||||
|
(https://github.com/ansible/ansible/issues/70784)
|
|
@ -15,15 +15,23 @@ from ansible.module_utils.common._collections_compat import Mapping
|
||||||
from ansible.module_utils.common.collections import is_sequence
|
from ansible.module_utils.common.collections import is_sequence
|
||||||
|
|
||||||
|
|
||||||
|
def _is_unsafe(value):
|
||||||
|
return getattr(value, '__UNSAFE__', False) and not getattr(value, '__ENCRYPTED__', False)
|
||||||
|
|
||||||
|
|
||||||
|
def _is_vault(value):
|
||||||
|
return getattr(value, '__ENCRYPTED__', False)
|
||||||
|
|
||||||
|
|
||||||
def _preprocess_unsafe_encode(value):
|
def _preprocess_unsafe_encode(value):
|
||||||
"""Recursively preprocess a data structure converting instances of ``AnsibleUnsafe``
|
"""Recursively preprocess a data structure converting instances of ``AnsibleUnsafe``
|
||||||
into their JSON dict representations
|
into their JSON dict representations
|
||||||
|
|
||||||
Used in ``AnsibleJSONEncoder.iterencode``
|
Used in ``AnsibleJSONEncoder.iterencode``
|
||||||
"""
|
"""
|
||||||
if getattr(value, '__UNSAFE__', False) and not getattr(value, '__ENCRYPTED__', False):
|
if _is_unsafe(value):
|
||||||
value = {'__ansible_unsafe': to_text(value, errors='surrogate_or_strict', nonstring='strict')}
|
value = {'__ansible_unsafe': to_text(value, errors='surrogate_or_strict', nonstring='strict')}
|
||||||
elif is_sequence(value):
|
elif is_sequence(value) and not _is_vault(value):
|
||||||
value = [_preprocess_unsafe_encode(v) for v in value]
|
value = [_preprocess_unsafe_encode(v) for v in value]
|
||||||
elif isinstance(value, Mapping):
|
elif isinstance(value, Mapping):
|
||||||
value = dict((k, _preprocess_unsafe_encode(v)) for k, v in value.items())
|
value = dict((k, _preprocess_unsafe_encode(v)) for k, v in value.items())
|
||||||
|
|
|
@ -158,6 +158,7 @@ class TestAnsibleJSONEncoder:
|
||||||
Test for passing AnsibleVaultEncryptedUnicode to AnsibleJSONEncoder.default().
|
Test for passing AnsibleVaultEncryptedUnicode to AnsibleJSONEncoder.default().
|
||||||
"""
|
"""
|
||||||
assert ansible_json_encoder.default(test_input) == {'__ansible_vault': expected}
|
assert ansible_json_encoder.default(test_input) == {'__ansible_vault': expected}
|
||||||
|
assert json.dumps(test_input, cls=AnsibleJSONEncoder, preprocess_unsafe=True) == '{"__ansible_vault": "%s"}' % expected.replace('\n', '\\n')
|
||||||
|
|
||||||
@pytest.mark.parametrize(
|
@pytest.mark.parametrize(
|
||||||
'test_input,expected',
|
'test_input,expected',
|
||||||
|
|
Loading…
Reference in a new issue