Fix using vault encrypted data with jinja2_native (#49025)
Fixes #48950
This commit is contained in:
parent
694c505452
commit
d4568d97d4
5 changed files with 28 additions and 1 deletions
|
@ -0,0 +1,2 @@
|
||||||
|
bugfixes:
|
||||||
|
- Fix using vault encrypted data with jinja2_native (https://github.com/ansible/ansible/issues/48950)
|
|
@ -12,6 +12,8 @@ import types
|
||||||
|
|
||||||
from jinja2._compat import text_type
|
from jinja2._compat import text_type
|
||||||
|
|
||||||
|
from ansible.parsing.yaml.objects import AnsibleVaultEncryptedUnicode
|
||||||
|
|
||||||
|
|
||||||
def ansible_native_concat(nodes):
|
def ansible_native_concat(nodes):
|
||||||
"""Return a native Python type from the list of compiled nodes. If the
|
"""Return a native Python type from the list of compiled nodes. If the
|
||||||
|
@ -30,8 +32,13 @@ def ansible_native_concat(nodes):
|
||||||
|
|
||||||
if len(head) == 1:
|
if len(head) == 1:
|
||||||
out = head[0]
|
out = head[0]
|
||||||
|
|
||||||
|
# TODO send unvaulted data to literal_eval?
|
||||||
|
if isinstance(out, AnsibleVaultEncryptedUnicode):
|
||||||
|
return out.data
|
||||||
|
|
||||||
# short circuit literal_eval when possible
|
# short circuit literal_eval when possible
|
||||||
if not isinstance(out, list): # FIXME is this needed?
|
if not isinstance(out, list):
|
||||||
return out
|
return out
|
||||||
else:
|
else:
|
||||||
if isinstance(nodes, types.GeneratorType):
|
if isinstance(nodes, types.GeneratorType):
|
||||||
|
|
|
@ -3,3 +3,4 @@
|
||||||
set -eux
|
set -eux
|
||||||
|
|
||||||
ANSIBLE_JINJA2_NATIVE=1 ansible-playbook -i inventory.jinja2_native_types runtests.yml -v "$@"
|
ANSIBLE_JINJA2_NATIVE=1 ansible-playbook -i inventory.jinja2_native_types runtests.yml -v "$@"
|
||||||
|
ANSIBLE_JINJA2_NATIVE=1 ansible-playbook -i inventory.jinja2_native_types --vault-password-file test_vault_pass test_vault.yml -v "$@"
|
||||||
|
|
16
test/integration/targets/jinja2_native_types/test_vault.yml
Normal file
16
test/integration/targets/jinja2_native_types/test_vault.yml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
- hosts: localhost
|
||||||
|
gather_facts: no
|
||||||
|
vars:
|
||||||
|
# ansible-vault encrypt_string root
|
||||||
|
# vault_password_file = test_vault_pass
|
||||||
|
vaulted_root_string: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
39333565666430306232343266346635373235626564396332323838613063646132653436303239
|
||||||
|
3133363232306334393863343563366131373565616338380a666339383162333838653631663131
|
||||||
|
36633637303862353435643930393664386365323164643831363332666435303436373365393162
|
||||||
|
6535383134323539380a613663366631626534313837313565666665336164353362373431666366
|
||||||
|
3464
|
||||||
|
tasks:
|
||||||
|
- name: make sure group root exists
|
||||||
|
group:
|
||||||
|
name: "{{ vaulted_root_string }}"
|
|
@ -0,0 +1 @@
|
||||||
|
test
|
Loading…
Reference in a new issue