ensure facts marked as unsafe (#55326)

dont rely on plugin layer to do so
This commit is contained in:
Brian Coca 2019-04-16 15:50:52 -04:00 committed by GitHub
parent ca83a5c110
commit aa8d23b42f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 4 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- ensure facts are always unsafe objects and don't rely on plugin returns

View file

@ -692,9 +692,10 @@ class TaskExecutor:
vars_copy.update(result['ansible_facts']) vars_copy.update(result['ansible_facts'])
else: else:
# TODO: cleaning of facts should eventually become part of taskresults instead of vars # TODO: cleaning of facts should eventually become part of taskresults instead of vars
vars_copy.update(namespace_facts(result['ansible_facts'])) af = wrap_var(result['ansible_facts'])
vars_copy.update(namespace_facts(af))
if C.INJECT_FACTS_AS_VARS: if C.INJECT_FACTS_AS_VARS:
vars_copy.update(clean_facts(result['ansible_facts'])) vars_copy.update(clean_facts(af))
# set the failed property if it was missing. # set the failed property if it was missing.
if 'failed' not in result: if 'failed' not in result:
@ -754,9 +755,10 @@ class TaskExecutor:
variables.update(result['ansible_facts']) variables.update(result['ansible_facts'])
else: else:
# TODO: cleaning of facts should eventually become part of taskresults instead of vars # TODO: cleaning of facts should eventually become part of taskresults instead of vars
variables.update(namespace_facts(result['ansible_facts'])) af = wrap_var(result['ansible_facts'])
variables.update(namespace_facts(af))
if C.INJECT_FACTS_AS_VARS: if C.INJECT_FACTS_AS_VARS:
variables.update(clean_facts(result['ansible_facts'])) variables.update(clean_facts(af))
# save the notification target in the result, if it was specified, as # save the notification target in the result, if it was specified, as
# this task may be running in a loop in which case the notification # this task may be running in a loop in which case the notification