mirror of https://github.com/ansible/ansible.git
Prevent losing unsafe from lookups (#77609)
* Prevent losing unsafe from lookups This patch fixes a bug which under certain conditions results in data returned from lookups not being marked as unsafe. Each time Templar.do_template is invoked a new AnsibleContext is created and stored effectively at two places: 1) as an instance variable in templar_obj.cur_context 2) as a local variable called new_context in do_template method of Templar Due to custom functionality in Ansible's Context that allows for nested templating it is possible that during resolving variable's value template/do_template method is called recursively again, again creating a new context. At that point the problem manifests itself because as mentioned in 1) above the context is overwriten on the templar object which means that any subsequent calls to _lookup will use the new context to mark it as unsafe which is now different to the local new_context which is used for testing for unsafe property. The solution to the problem appears to be to restore the original context inside do_template and also to eliminate the local variable new_context to prevent problems in the future. It appears that we don't have a better way of storing the context other than as some form of global variable and so this appears to be the "best" solution possible at this point. Hopefully data tagging will be the solution here. For more examples see unit and integration tests included in this patch. Fixes #77535pull/77646/head
parent
6fdec4a6ab
commit
3980eb8c09
@ -0,0 +1,2 @@
|
|||||||
|
bugfixes:
|
||||||
|
- Prevent losing unsafe on results returned from lookups (https://github.com/ansible/ansible/issues/77535)
|
Loading…
Reference in New Issue