diff --git a/changelogs/fragments/73456-let-vault-lookup-output-string.yml b/changelogs/fragments/73456-let-vault-lookup-output-string.yml new file mode 100644 index 00000000000..5d079a81095 --- /dev/null +++ b/changelogs/fragments/73456-let-vault-lookup-output-string.yml @@ -0,0 +1,2 @@ +bugfixes: + - the unvault lookup plugin returned a byte string. Now returns a real string. diff --git a/lib/ansible/plugins/lookup/unvault.py b/lib/ansible/plugins/lookup/unvault.py index 152dc95ee3f..3712ba5be43 100644 --- a/lib/ansible/plugins/lookup/unvault.py +++ b/lib/ansible/plugins/lookup/unvault.py @@ -56,7 +56,7 @@ class LookupModule(LookupBase): actual_file = self._loader.get_real_file(lookupfile, decrypt=True) with open(actual_file, 'rb') as f: b_contents = f.read() - ret.append(b_contents) + ret.append(to_text(b_contents)) else: raise AnsibleParserError('Unable to find file matching "%s" ' % term) diff --git a/test/integration/targets/unvault/aliases b/test/integration/targets/unvault/aliases new file mode 100644 index 00000000000..765b70da796 --- /dev/null +++ b/test/integration/targets/unvault/aliases @@ -0,0 +1 @@ +shippable/posix/group2 diff --git a/test/integration/targets/unvault/main.yml b/test/integration/targets/unvault/main.yml new file mode 100644 index 00000000000..a0f97b4bc17 --- /dev/null +++ b/test/integration/targets/unvault/main.yml @@ -0,0 +1,9 @@ +- hosts: localhost + tasks: + - set_fact: + unvaulted: "{{ lookup('unvault', 'vault') }}" + - debug: + msg: "{{ unvaulted }}" + - assert: + that: + - "unvaulted == 'foo: bar\n'" diff --git a/test/integration/targets/unvault/password b/test/integration/targets/unvault/password new file mode 100644 index 00000000000..d97c5eada5d --- /dev/null +++ b/test/integration/targets/unvault/password @@ -0,0 +1 @@ +secret diff --git a/test/integration/targets/unvault/runme.sh b/test/integration/targets/unvault/runme.sh new file mode 100755 index 00000000000..df4585e3221 --- /dev/null +++ b/test/integration/targets/unvault/runme.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +set -eux + + +ansible-playbook --vault-password-file password main.yml diff --git a/test/integration/targets/unvault/vault b/test/integration/targets/unvault/vault new file mode 100644 index 00000000000..828d3696baf --- /dev/null +++ b/test/integration/targets/unvault/vault @@ -0,0 +1,6 @@ +$ANSIBLE_VAULT;1.1;AES256 +33386337343963393533343039333563323733646137636162346266643134323539396237646333 +3663363965336335663161656236616532346363303832310a393264356663393330346137613239 +34633765333936633466353932663166343531616230326161383365323966386434366431353839 +3838623233373231340a303166666433613439303464393661363365643765666137393137653138 +3631