Fix inline vaults for plugins in ensure_type (#67492)

* Fix implicit string - only looked right because of the vault __repr__
* Add tests for strings and implicit strings
pull/67744/head
Sloane Hertel 5 years ago committed by GitHub
parent b950d18912
commit 8eb00dd14c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -0,0 +1,2 @@
bugfixes:
- plugins - Allow ensure_type to decrypt the value for string types (and implicit string types) when value is an inline vault.

@ -145,13 +145,13 @@ def ensure_type(value, value_type, origin=None):
errmsg = 'pathlist' errmsg = 'pathlist'
elif value_type in ('str', 'string'): elif value_type in ('str', 'string'):
if isinstance(value, string_types): if isinstance(value, (string_types, AnsibleVaultEncryptedUnicode)):
value = unquote(to_text(value, errors='surrogate_or_strict')) value = unquote(to_text(value, errors='surrogate_or_strict'))
else: else:
errmsg = 'string' errmsg = 'string'
# defaults to string type # defaults to string type
elif isinstance(value, string_types): elif isinstance(value, (string_types, AnsibleVaultEncryptedUnicode)):
value = unquote(to_text(value, errors='surrogate_or_strict')) value = unquote(to_text(value, errors='surrogate_or_strict'))
if errmsg: if errmsg:

@ -131,3 +131,15 @@ class TestConfigManager:
actual_value, actual_origin = self.manager._loop_entries({'name': vault_var}, [{'name': 'name'}]) actual_value, actual_origin = self.manager._loop_entries({'name': vault_var}, [{'name': 'name'}])
assert actual_value == "vault text" assert actual_value == "vault text"
assert actual_origin == "name" assert actual_origin == "name"
@pytest.mark.parametrize("value_type", ("str", "string", None))
def test_ensure_type_with_vaulted_str(self, value_type):
class MockVault:
def decrypt(self, value):
return value
vault_var = AnsibleVaultEncryptedUnicode(b"vault text")
vault_var.vault = MockVault()
actual_value = ensure_type(vault_var, value_type)
assert actual_value == "vault text"

Loading…
Cancel
Save