cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

fix tempating issues with no_log and loops (#44468)

Browse source 
* fix tempating issues with no_log and loops

 - task is no log if any item is
 - added test cases

fixes #43294
This commit is contained in:
Brian Coca 2018-08-21 21:53:56 -04:00 committed by GitHub
parent 6982dfc756
commit bda074d34e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 46 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/fix_no_log_loop.yml Normal file
View file

@ -0,0 +1,2 @@
bugfixes:
- always correctly template no log for tasks https://github.com/ansible/ansible/issues/43294

11
lib/ansible/executor/task_executor.py
View file

@ -171,9 +171,10 @@ class TaskExecutor:
display.debug("done dumping result, returning") display.debug("done dumping result, returning")
return res return res
except AnsibleError as e: except AnsibleError as e:
return dict(failed=True, msg=wrap_var(to_text(e, nonstring='simplerepr'))) return dict(failed=True, msg=wrap_var(to_text(e, nonstring='simplerepr')), _ansible_no_log=self._task.no_log)
except Exception as e: except Exception as e:
return dict(failed=True, msg='Unexpected failure during module execution.', exception=to_text(traceback.format_exc()), stdout='') return dict(failed=True, msg='Unexpected failure during module execution.', exception=to_text(traceback.format_exc()),
stdout='', _ansible_no_log=self._task.no_log)
finally: finally:
try: try:
self._connection.close() self._connection.close()
@ -303,6 +304,7 @@ class TaskExecutor:
# Only squash with 'with_:' not with the 'loop:', 'magic' squashing can be removed once with_ loops are # Only squash with 'with_:' not with the 'loop:', 'magic' squashing can be removed once with_ loops are
items = self._squash_items(items, loop_var, task_vars) items = self._squash_items(items, loop_var, task_vars)
no_log = False
for item_index, item in enumerate(items): for item_index, item in enumerate(items):
task_vars[loop_var] = item task_vars[loop_var] = item
if index_var: if index_var:
@ -337,6 +339,9 @@ class TaskExecutor:
(self._task, tmp_task) = (tmp_task, self._task) (self._task, tmp_task) = (tmp_task, self._task)
(self._play_context, tmp_play_context) = (tmp_play_context, self._play_context) (self._play_context, tmp_play_context) = (tmp_play_context, self._play_context)
# update 'general no_log' based on specific no_log
no_log = no_log or tmp_task.no_log
# now update the result with the item info, and append the result # now update the result with the item info, and append the result
# to the list of results # to the list of results
res[loop_var] = item res[loop_var] = item
@ -360,6 +365,8 @@ class TaskExecutor:
results.append(res) results.append(res)
del task_vars[loop_var] del task_vars[loop_var]
self._task.no_log = no_log
return results return results
def _squash_items(self, items, loop_var, variables): def _squash_items(self, items, loop_var, variables):

2
lib/ansible/executor/task_result.py
View file

@ -111,7 +111,7 @@ class TaskResult:
else: else:
ignore = _IGNORE ignore = _IGNORE
if self._task.no_log or self._result.get('_ansible_no_log', False): if isinstance(self._task.no_log, bool) and self._task.no_log or self._result.get('_ansible_no_log', False):
x = {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result"} x = {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result"}
# preserve full # preserve full

27
test/integration/targets/no_log/dynamic.yml Normal file
View file

@ -0,0 +1,27 @@
- name: test dynamic no log
hosts: testhost
gather_facts: no
ignore_errors: yes
tasks:
- name: no loop, task fails, dynamic no_log
debug:
msg: "SHOW {{ var_does_not_exist }}"
no_log: "{{ not (unsafe_show_logs|bool) }}"
- name: loop, task succeeds, dynamic does no_log
debug:
msg: "SHOW {{ item }}"
loop:
- a
- b
- c
no_log: "{{ not (unsafe_show_logs|bool) }}"
- name: loop, task fails, dynamic no_log
debug:
msg: "SHOW {{ var_does_not_exist }}"
loop:
- a
- b
- c
no_log: "{{ not (unsafe_show_logs|bool) }}"

8
test/integration/targets/no_log/runme.sh
View file

@ -4,6 +4,12 @@ set -eux
# This test expects 7 loggable vars and 0 non-loggable ones. # This test expects 7 loggable vars and 0 non-loggable ones.
# If either mismatches it fails, run the ansible-playbook command to debug. # If either mismatches it fails, run the ansible-playbook command to debug.
[ "$(ansible-playbook no_log_local.yml -i ../../inventory -vvvvv "$@" | awk \ [ "$(ansible-playbook no_log_local.yml -i ../../inventory -vvvvv "$@" | awk \
'BEGIN { logme = 0; nolog = 0; } /LOG_ME/ { logme += 1;} /DO_NOT_LOG/ { nolog += 1;} END { printf "%d/%d", logme, nolog; }')" = "26/0" ] 'BEGIN { logme = 0; nolog = 0; } /LOG_ME/ { logme += 1;} /DO_NOT_LOG/ { nolog += 1;} END { printf "%d/%d", logme, nolog; }')" = "26/0" ]
# deal with corner cases with no log and loops
# no log enabled, should produce 6 censored messages
[ "$(ansible-playbook dynamic.yml -i ../../inventory -vvvvv "$@" -e unsafe_show_logs=no|grep -c 'output has been hidden')" = "6" ]
# no log disabled, should produce 0 censored
[ "$(ansible-playbook dynamic.yml -i ../../inventory -vvvvv "$@" -e unsafe_show_logs=yes|grep -c 'output has been hidden')" = "0" ]