Allowing args: "{{some_var}}" for task params again

This is unsafe and we debated re-adding it to the v2/2.0 codebase,
however it is a common-enough feature that we will simply mark it
as deprecated for now and remove it at some point in the future.

Fixes #11718
This commit is contained in:
James Cammarata 2015-07-24 10:31:14 -04:00
parent 681eab1158
commit e526743b4f
4 changed files with 27 additions and 4 deletions

View file

@ -60,6 +60,13 @@ class TaskExecutor:
self._loader = loader self._loader = loader
self._shared_loader_obj = shared_loader_obj self._shared_loader_obj = shared_loader_obj
try:
from __main__ import display
self._display = display
except ImportError:
from ansible.utils.display import Display
self._display = Display()
def run(self): def run(self):
''' '''
The main executor entrypoint, where we determine if the specified The main executor entrypoint, where we determine if the specified
@ -229,6 +236,12 @@ class TaskExecutor:
prev_var = self._task.args.pop('var') prev_var = self._task.args.pop('var')
self._task.post_validate(templar=templar) self._task.post_validate(templar=templar)
if '_variable_params' in self._task.args:
variable_params = self._task.args.pop('_variable_params')
if isinstance(variable_params, dict):
self._display.deprecated("Using variables for task params is unsafe, especially if the variables come from an external source like facts")
variable_params.update(self._task.args)
self._task.args = variable_params
if prev_var is not None: if prev_var is not None:
self._task.args['var'] = prev_var self._task.args['var'] = prev_var

View file

@ -24,6 +24,7 @@ from six import iteritems, string_types
from ansible.errors import AnsibleParserError from ansible.errors import AnsibleParserError
from ansible.plugins import module_loader from ansible.plugins import module_loader
from ansible.parsing.splitter import parse_kv, split_args from ansible.parsing.splitter import parse_kv, split_args
from ansible.template import Templar
# For filtering out modules correctly below # For filtering out modules correctly below
RAW_PARAM_MODULES = ([ RAW_PARAM_MODULES = ([
@ -278,6 +279,11 @@ class ModuleArgsParser:
if action is None: if action is None:
raise AnsibleParserError("no action detected in task", obj=self._task_ds) raise AnsibleParserError("no action detected in task", obj=self._task_ds)
elif args.get('_raw_params', '') != '' and action not in RAW_PARAM_MODULES: elif args.get('_raw_params', '') != '' and action not in RAW_PARAM_MODULES:
templar = Templar(loader=None)
raw_params = args.pop('_raw_params')
if templar._contains_vars(raw_params):
args['_variable_params'] = raw_params
else:
raise AnsibleParserError("this task '%s' has extra params, which is only allowed in the following modules: %s" % (action, ", ".join(RAW_PARAM_MODULES)), obj=self._task_ds) raise AnsibleParserError("this task '%s' has extra params, which is only allowed in the following modules: %s" % (action, ", ".join(RAW_PARAM_MODULES)), obj=self._task_ds)
# shell modules require special handling # shell modules require special handling

View file

@ -56,10 +56,14 @@ class Templar:
def __init__(self, loader, shared_loader_obj=None, variables=dict()): def __init__(self, loader, shared_loader_obj=None, variables=dict()):
self._loader = loader self._loader = loader
self._basedir = loader.get_basedir()
self._filters = None self._filters = None
self._available_variables = variables self._available_variables = variables
if loader:
self._basedir = loader.get_basedir()
else:
self._basedir = './'
if shared_loader_obj: if shared_loader_obj:
global _basedirs global _basedirs
_basedirs = shared_loader_obj.basedirs[:] _basedirs = shared_loader_obj.basedirs[:]

View file

@ -130,9 +130,9 @@ class Display:
if not removed: if not removed:
if version: if version:
new_msg = "\n[DEPRECATION WARNING]: %s. This feature will be removed in version %s." % (msg, version) new_msg = "[DEPRECATION WARNING]: %s. This feature will be removed in version %s." % (msg, version)
else: else:
new_msg = "\n[DEPRECATION WARNING]: %s. This feature will be removed in a future release." % (msg) new_msg = "[DEPRECATION WARNING]: %s. This feature will be removed in a future release." % (msg)
new_msg = new_msg + " Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.\n\n" new_msg = new_msg + " Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.\n\n"
else: else:
raise AnsibleError("[DEPRECATED]: %s. Please update your playbooks." % msg) raise AnsibleError("[DEPRECATED]: %s. Please update your playbooks." % msg)