Fix using vault encrypted data with jinja2_native (#49025)

Fixes #48950

(cherry picked from commit d4568d97d4)
This commit is contained in:
Martin Krizek 2018-11-27 22:44:22 +01:00 committed by Toshio Kuratomi
parent 4b3244427e
commit 660f46be13
5 changed files with 28 additions and 1 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- Fix using vault encrypted data with jinja2_native (https://github.com/ansible/ansible/issues/48950)

View file

@ -12,6 +12,8 @@ import types
from jinja2._compat import text_type
from ansible.parsing.yaml.objects import AnsibleVaultEncryptedUnicode
def ansible_native_concat(nodes):
"""Return a native Python type from the list of compiled nodes. If the
@ -30,8 +32,13 @@ def ansible_native_concat(nodes):
if len(head) == 1:
out = head[0]
# TODO send unvaulted data to literal_eval?
if isinstance(out, AnsibleVaultEncryptedUnicode):
return out.data
# short circuit literal_eval when possible
if not isinstance(out, list): # FIXME is this needed?
if not isinstance(out, list):
return out
else:
if isinstance(nodes, types.GeneratorType):

View file

@ -3,3 +3,4 @@
set -eux
ANSIBLE_JINJA2_NATIVE=1 ansible-playbook -i inventory.jinja2_native_types runtests.yml -v "$@"
ANSIBLE_JINJA2_NATIVE=1 ansible-playbook -i inventory.jinja2_native_types --vault-password-file test_vault_pass test_vault.yml -v "$@"

View file

@ -0,0 +1,16 @@
- hosts: localhost
gather_facts: no
vars:
# ansible-vault encrypt_string root
# vault_password_file = test_vault_pass
vaulted_root_string: !vault |
$ANSIBLE_VAULT;1.1;AES256
39333565666430306232343266346635373235626564396332323838613063646132653436303239
3133363232306334393863343563366131373565616338380a666339383162333838653631663131
36633637303862353435643930393664386365323164643831363332666435303436373365393162
6535383134323539380a613663366631626534313837313565666665336164353362373431666366
3464
tasks:
- name: make sure group root exists
group:
name: "{{ vaulted_root_string }}"

View file

@ -0,0 +1 @@
test