Templating: make sure only one variable results are cached (#67429)

* Make sure only one variable results are cached.

* Add changelog.

* Add test.
This commit is contained in:
Felix Fontein 2020-02-20 00:04:01 +01:00 committed by GitHub
parent c61c0f7ad5
commit c520d70bf4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 18 additions and 1 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- "Templating - Ansible was caching results of Jinja2 expressions in some cases where these expressions could have dynamic results, like password generation (https://github.com/ansible/ansible/issues/34144)."

View file

@ -628,7 +628,7 @@ class Templar:
# we only cache in the case where we have a single variable
# name, to make sure we're not putting things which may otherwise
# be dynamic in the cache (filters, lookups, etc.)
if cache:
if cache and only_one:
self._cached_result[sha1_hash] = result
return result

View file

@ -71,3 +71,18 @@
- name: set with_dict
shell: echo "{{ item.key + '=' + item.value }}"
with_dict: "{{ mydict }}"
# BUG #34144 bad template caching
- name: generate two random passwords
set_fact:
password1: "{{ lookup('password', '/dev/null length=20') }}"
password2: "{{ lookup('password', '/dev/null length=20') }}"
# If the passwords are generated randomly, the chance that they
# coincide is neglectable (< 1e-18 assuming 120 bits of randomness
# per password).
- name: make sure passwords are not the same
assert:
that:
- password1 != password2