10d9318de7
PEP 8 indent cleanup. ( #20800 )
...
* PEP 8 E121 cleanup.
* PEP 8 E126 cleanup.
* PEP 8 E122 cleanup.
2017-01-29 07:28:53 +00:00
188c3c608a
Don't restrict local jinja2 variables to those that start with l_
...
Per a change in jinja2 2.9, local variables no longer are prefixed
with l_, so this updates AnsibleJ2Vars to pull in all locals (while
excluding some) regardless of name.
Fixes #20063
(cherry picked from commit 4d49b317929b86e1fc1b0cbace825ff73b372dc7)
2017-01-20 07:15:51 -06:00
b7cdc21aee
Additional security fixes for CVE-2016-9587
2017-01-13 16:22:53 -06:00
f078946ed3
no calls plz
2017-01-12 10:35:26 -05:00
a94a48f85f
Partial revert of 76f7ce55
2017-01-11 15:53:04 -06:00
d316068831
Additional fixes for security related to CVE-2016-9587
2017-01-11 15:53:04 -06:00
bcceada5d9
Fixing another corner case for security related to CVE-2016-9587
2017-01-11 15:52:58 -06:00
80357e07de
Add some comments about how we're cleaning callables
2017-01-11 13:16:08 -08:00
027b126b42
Remove _clean_data_struct() advice as that was a 1.x design
...
data now goes through this extra cleaning in the template rather than
being an explicit other step.
2017-01-11 11:43:56 -08:00
a6fff93967
Fixing security bugs for CVE-2016-9587
2017-01-09 10:43:03 -06:00
85bbce9d6b
Wrap unhandled errors from lookups in an AnsibleError
...
This provides better error handling, and prevents errors like KeyError
from bubbliing up to code in odd places.
Fixes #17482
2016-12-21 11:48:18 -06:00
84544ee8fd
Fix AST nodes for Python 3 and enable dependent test_uri ( #18597 )
...
* Enable tests on python 3 for uri
* Added one more node type to SAFE_NODES into safe_eval module.
ast.USub represents unary operators. This is necessary for
parsing some unusual but still valid JSON files during testing
with Python 3.
2016-12-13 07:37:39 -08:00
bd70397e24
always template when called from template ( #18490 )
...
* Have template action plugin call do_template
Avoids all the magic done for 'inline templating' for ansible plays.
renamed _do_template to do_template in templar to make externally accessible.
fixes #18192
* added backwards compat as per feedback
2016-11-15 15:16:46 -05:00
cd784cd345
Remove unnecessary warnings ( #18121 )
2016-10-20 22:49:49 -04:00
d52a9cee46
Support late evaluation, suppress warnings on SyntaxError ( #17462 )
...
See #14304 comments (https://github.com/ansible/ansible/pull/14304#issuecomment-245453209 ) for more information.
2016-09-09 09:33:23 -04:00
4ed88512e4
Move uses of to_bytes, to_text, to_native to use the module_utils version ( #17423 )
...
We couldn't copy to_unicode, to_bytes, to_str into module_utils because
of licensing. So once created it we had two sets of functions that did
the same things but had different implementations. To remedy that, this
change removes the ansible.utils.unicode versions of those functions.
2016-09-06 22:54:17 -07:00
ff34f5548d
Dynamic role include ( #17401 )
...
* dynamic role_include
* more fixes for dynamic include roles
* set play yfrom iterator when dynamic
* changes from jimi-c
* avoid modules that break ad hoc
TODO: should really be a config
2016-09-05 20:07:58 -04:00
e396d5d508
Implement vault encrypted yaml variables. ( #16274 )
...
Make !vault-encrypted create a AnsibleVaultUnicode
yaml object that can be used as a regular string object.
This allows a playbook to include a encrypted vault
blob for the value of a yaml variable. A 'secret_password'
variable can have it's value encrypted instead of having
to vault encrypt an entire vars file.
Add __ENCRYPTED__ to the vault yaml types so
template.Template can treat it similar
to __UNSAFE__ flags.
vault.VaultLib api changes:
- Split VaultLib.encrypt to encrypt and encrypt_bytestring
- VaultLib.encrypt() previously accepted the plaintext data
as either a byte string or a unicode string.
Doing the right thing based on the input type would fail
on py3 if given a arg of type 'bytes'. To simplify the
API, vaultlib.encrypt() now assumes input plaintext is a
py2 unicode or py3 str. It will encode to utf-8 then call
the new encrypt_bytestring(). The new methods are less
ambiguous.
- moved VaultLib.is_encrypted logic to vault module scope
and split to is_encrypted() and is_encrypted_file().
Add a test/unit/mock/yaml_helper.py
It has some helpers for testing parsing/yaml
Integration tests added as roles test_vault and test_vault_embedded
2016-08-23 20:03:11 -04:00
56148291e9
Emit warnings when safe_eval() raises a SyntaxError or other Exception ( #14304 )
...
This change is related to reported issue #14291 and pull request #14293 .
Without the fix from #14293 , this change will emit a warning as shown below, on the following playbook:
``yaml
---
- hosts: localhost
gather_facts: no
vars:
works:
key1: 'string'
key2: 1234
fails:
key1: 'string'
key2: 1234
key3: false
tasks:
- debug: msg={{ works | to_json }}
- debug: msg={{ fails | to_json }}
```
On error, this results in a proper warning:
```
[dag@moria ansible.dag]$ ansible-playbook test49.yml
PLAY ***************************************************************************
TASK [debug] *******************************************************************
ok: [localhost] => {
"msg": {
"key1": "string",
"key2": 1234
}
}
TASK [debug] *******************************************************************
[WARNING]: Error in expression "{"key3": false, "key2": 1234, "key1": "string"}". (name 'false' is not defined)
ok: [localhost] => {
"msg": "{\"key3\": false, \"key2\": 1234, \"key1\": \"string\"}"
}
PLAY RECAP *********************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=0
```
2016-08-12 09:29:54 -04:00
5a2b34e159
allow spaces before the filter string ( #16312 )
2016-06-15 14:17:17 -04:00
005dc84aa7
moved last utils.debug to display.debug
2016-04-08 16:00:36 -04:00
0b2f631197
Merge pull request #14504 from bcoca/template_comments
...
template also when only comments present
2016-03-06 10:45:18 -05:00
b901b15d3b
Merge pull request #14537 from Yannig/devel_better_error_handling
...
Improve message content to get more hint about the raised error.
2016-03-03 18:11:04 -05:00
c022a43a47
fixed str to to_str
2016-03-03 14:40:35 -05:00
4cfd042839
more complete and informative errors
...
mostly templating issues now all return data templated and actual error
fixes #14781
2016-03-03 13:52:09 -05:00
1dbbd2a80c
Remove debugging and fix the place where bytes are being handed to StringIO
2016-03-02 09:31:06 -08:00
093b3422ec
more information
2016-03-02 08:58:15 -08:00
5aef65edcd
Testing whether this fixes jenkins
2016-03-02 07:47:32 -08:00
3247390123
Conditionally import StringIO in template so we only use io.StringIO on py3
2016-03-02 09:34:43 -05:00
b70bf3b056
Use io.StringIO and io.BytesIO instead of StringIO.StringIO for compat with py3
2016-02-26 16:43:05 -08:00
439a385215
Catch TypeError on join, and if caught just return a single item, or a list of many
2016-02-20 16:17:58 -06:00
588045cc46
Improve message content to get more hint about the raised error.
2016-02-17 21:30:34 +01:00
6102a4b9b4
template also when only comments present
2016-02-16 09:42:33 -05:00
0792983ec8
Display the string which is causing an exception to be raised.
...
In the ansible template module, when there is an error while
expanding a templated string, displaying the string causing the
exception is very useful.
2016-02-11 15:42:50 -05:00
6149685652
Merge pull request #14293 from dagwieers/fix-eval-json-booleans
...
Defined JSON booleans in global context for python eval()
2016-02-04 11:33:30 -05:00
2e171610e0
Also add 'null' as a possible JSON value
2016-02-04 14:19:46 +01:00
dc48d27dd2
Defined JSON booleans in global context for python eval()
...
We define 'false' and 'true' as variables so that python eval() recognizes them as False and True.
This fixes #14291 .
2016-02-03 19:11:55 +01:00
dc15eb806e
deprecate all bare variable conversions (not debug)
...
now deprecation message appears with variable name in all spots where this occurs
debug's var= option is excluded as this is only place where bare variables shold actually
be accepted.
2016-02-01 18:59:14 -05:00
d82d65ee7b
keep string type filters as strings
...
now we don't try to convert types if using a filter that outputs a specifically formated string
made list of filters configurable
2015-12-08 12:52:20 -08:00
f926e81782
Re-implement lookup wantlist
...
Fixes #13285
2015-11-29 23:45:54 -05:00
0c360d17cb
New parameter for template method.
...
We do not compute hash when we know that the result does not need to be cached (like with_items loop).
It also result in a small speed improvement.
2015-11-10 07:19:19 +01:00
7e04947599
Be more selective about what variables we cache during templating
...
Fixes #13087
2015-11-09 14:07:48 -05:00
5040abaaf2
Merge branch 'devel_cache_for_do_template_call' of https://github.com/Yannig/ansible into Yannig-devel_cache_for_do_template_call
2015-11-06 22:04:52 -05:00
1027abd596
Cleaning up bugs related to perf improvement changes
2015-11-05 16:42:12 -05:00
63c47fb271
Fixing up performance
2015-11-05 16:22:37 -05:00
ccbdd6229a
Use static vars when computing host vars known to be static (inventory_hostname, inventory_dir etc.).
2015-11-04 22:16:14 +01:00
30f827d92d
Fix python3 test.
2015-11-03 11:52:09 +01:00
130139dc80
Fix unicode issue introduced by previous commit.
2015-11-02 21:32:49 +01:00
4a8d1703d4
New patch against hostvars.py. With this patch, Ansible run lose 50% of time.
...
Little rewrite of previous patch to use sha1 signature.
Use fail_on_undefined to compute sha1 signature.
2015-11-02 21:04:20 +01:00
79bf66336b
switched clean_data from hardcoded delimiters to actual currently set jinja2 environment delimiters
2015-11-02 09:00:56 -05:00
Matt Clay
James Cammarata
Brian Coca
Computest
Toshio Kuratomi
Lumír 'Frenzy' Balhar
Brian Coca
Dag Wieers
Adrian Likins
Colin Hoglund
Brian Coca
Toshio Kuratomi
Matt Martz
Yannig Perré
Marc Poirier