From ab8bbe269de93d2e7ce511b4f8d0bd635f917223 Mon Sep 17 00:00:00 2001 From: Alexander Sowitzki Date: Mon, 8 Mar 2021 11:15:28 +0100 Subject: [PATCH] [stable-2.10] Let vault lookup output unicode string. (#73571) (#73573) Until now, the lookup plugin returned a byte string. Changed this to output a unicode string instead. (cherry picked from commit d0fda3e9011ece1be85e08835550f5063823f087) Co-authored-by: Alexander Sowitzki --- .../fragments/73456-let-vault-lookup-output-string.yml | 2 ++ lib/ansible/plugins/lookup/unvault.py | 2 +- test/integration/targets/unvault/aliases | 1 + test/integration/targets/unvault/main.yml | 9 +++++++++ test/integration/targets/unvault/password | 1 + test/integration/targets/unvault/runme.sh | 6 ++++++ test/integration/targets/unvault/vault | 6 ++++++ 7 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/73456-let-vault-lookup-output-string.yml create mode 100644 test/integration/targets/unvault/aliases create mode 100644 test/integration/targets/unvault/main.yml create mode 100644 test/integration/targets/unvault/password create mode 100755 test/integration/targets/unvault/runme.sh create mode 100644 test/integration/targets/unvault/vault diff --git a/changelogs/fragments/73456-let-vault-lookup-output-string.yml b/changelogs/fragments/73456-let-vault-lookup-output-string.yml new file mode 100644 index 00000000000..5d079a81095 --- /dev/null +++ b/changelogs/fragments/73456-let-vault-lookup-output-string.yml @@ -0,0 +1,2 @@ +bugfixes: + - the unvault lookup plugin returned a byte string. Now returns a real string. diff --git a/lib/ansible/plugins/lookup/unvault.py b/lib/ansible/plugins/lookup/unvault.py index 234a52a7917..16c1d71d564 100644 --- a/lib/ansible/plugins/lookup/unvault.py +++ b/lib/ansible/plugins/lookup/unvault.py @@ -56,7 +56,7 @@ class LookupModule(LookupBase): actual_file = self._loader.get_real_file(lookupfile, decrypt=True) with open(actual_file, 'rb') as f: b_contents = f.read() - ret.append(b_contents) + ret.append(to_text(b_contents)) else: raise AnsibleParserError('Unable to find file matching "%s" ' % term) diff --git a/test/integration/targets/unvault/aliases b/test/integration/targets/unvault/aliases new file mode 100644 index 00000000000..765b70da796 --- /dev/null +++ b/test/integration/targets/unvault/aliases @@ -0,0 +1 @@ +shippable/posix/group2 diff --git a/test/integration/targets/unvault/main.yml b/test/integration/targets/unvault/main.yml new file mode 100644 index 00000000000..a0f97b4bc17 --- /dev/null +++ b/test/integration/targets/unvault/main.yml @@ -0,0 +1,9 @@ +- hosts: localhost + tasks: + - set_fact: + unvaulted: "{{ lookup('unvault', 'vault') }}" + - debug: + msg: "{{ unvaulted }}" + - assert: + that: + - "unvaulted == 'foo: bar\n'" diff --git a/test/integration/targets/unvault/password b/test/integration/targets/unvault/password new file mode 100644 index 00000000000..d97c5eada5d --- /dev/null +++ b/test/integration/targets/unvault/password @@ -0,0 +1 @@ +secret diff --git a/test/integration/targets/unvault/runme.sh b/test/integration/targets/unvault/runme.sh new file mode 100755 index 00000000000..df4585e3221 --- /dev/null +++ b/test/integration/targets/unvault/runme.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +set -eux + + +ansible-playbook --vault-password-file password main.yml diff --git a/test/integration/targets/unvault/vault b/test/integration/targets/unvault/vault new file mode 100644 index 00000000000..828d3696baf --- /dev/null +++ b/test/integration/targets/unvault/vault @@ -0,0 +1,6 @@ +$ANSIBLE_VAULT;1.1;AES256 +33386337343963393533343039333563323733646137636162346266643134323539396237646333 +3663363965336335663161656236616532346363303832310a393264356663393330346137613239 +34633765333936633466353932663166343531616230326161383365323966386434366431353839 +3838623233373231340a303166666433613439303464393661363365643765666137393137653138 +3631