From a22f7b883dbe89f67bec2ce9b05904809b77652f Mon Sep 17 00:00:00 2001 From: James Cammarata Date: Tue, 22 Sep 2015 02:13:46 -0400 Subject: [PATCH] Restrict role param vars to tasks within that role Fixes #12460 --- lib/ansible/playbook/role/__init__.py | 14 ++++++++------ lib/ansible/vars/__init__.py | 2 +- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/lib/ansible/playbook/role/__init__.py b/lib/ansible/playbook/role/__init__.py index 5e529ca1904..f760245bceb 100644 --- a/lib/ansible/playbook/role/__init__.py +++ b/lib/ansible/playbook/role/__init__.py @@ -254,22 +254,24 @@ class Role(Base, Become, Conditional, Taggable): default_vars = combine_vars(default_vars, self._default_vars) return default_vars - def get_inherited_vars(self, dep_chain=[]): + def get_inherited_vars(self, dep_chain=[], include_params=True): inherited_vars = dict() for parent in dep_chain: inherited_vars = combine_vars(inherited_vars, parent._role_vars) - inherited_vars = combine_vars(inherited_vars, parent._role_params) + if include_params: + inherited_vars = combine_vars(inherited_vars, parent._role_params) return inherited_vars - def get_vars(self, dep_chain=[]): - all_vars = self.get_inherited_vars(dep_chain) + def get_vars(self, dep_chain=[], include_params=True): + all_vars = self.get_inherited_vars(dep_chain, include_params=include_params) for dep in self.get_all_dependencies(): - all_vars = combine_vars(all_vars, dep.get_vars()) + all_vars = combine_vars(all_vars, dep.get_vars(include_params=include_params)) all_vars = combine_vars(all_vars, self._role_vars) - all_vars = combine_vars(all_vars, self._role_params) + if include_params: + all_vars = combine_vars(all_vars, self._role_params) return all_vars diff --git a/lib/ansible/vars/__init__.py b/lib/ansible/vars/__init__.py index 132c6ffb82c..48c103d124e 100644 --- a/lib/ansible/vars/__init__.py +++ b/lib/ansible/vars/__init__.py @@ -256,7 +256,7 @@ class VariableManager: if not C.DEFAULT_PRIVATE_ROLE_VARS: for role in play.get_roles(): - all_vars = combine_vars(all_vars, role.get_vars()) + all_vars = combine_vars(all_vars, role.get_vars(include_params=False)) if task: if task._role: