From afb389e5880bf37bb5b0b07f8b31a57297129e18 Mon Sep 17 00:00:00 2001 From: Sloane Hertel Date: Mon, 2 Mar 2020 20:14:42 -0500 Subject: [PATCH] Fix inline vaults for plugins in ensure_type (#67492) (#67741) * Fix implicit string - only looked right because of the vault __repr__ * Add tests for strings and implicit strings (cherry picked from commit 8eb00dd14cc9cc896a7cfd8719ffa325f2f98f23) --- .../67492-fix-decrypting-str-types-for-plugins.yaml | 2 ++ lib/ansible/config/manager.py | 4 ++-- test/units/config/test_manager.py | 12 ++++++++++++ 3 files changed, 16 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/67492-fix-decrypting-str-types-for-plugins.yaml diff --git a/changelogs/fragments/67492-fix-decrypting-str-types-for-plugins.yaml b/changelogs/fragments/67492-fix-decrypting-str-types-for-plugins.yaml new file mode 100644 index 00000000000..26c564ded5a --- /dev/null +++ b/changelogs/fragments/67492-fix-decrypting-str-types-for-plugins.yaml @@ -0,0 +1,2 @@ +bugfixes: + - plugins - Allow ensure_type to decrypt the value for string types (and implicit string types) when value is an inline vault. diff --git a/lib/ansible/config/manager.py b/lib/ansible/config/manager.py index 1731906b311..5310c7eb044 100644 --- a/lib/ansible/config/manager.py +++ b/lib/ansible/config/manager.py @@ -145,13 +145,13 @@ def ensure_type(value, value_type, origin=None): errmsg = 'pathlist' elif value_type in ('str', 'string'): - if isinstance(value, string_types): + if isinstance(value, (string_types, AnsibleVaultEncryptedUnicode)): value = unquote(to_text(value, errors='surrogate_or_strict')) else: errmsg = 'string' # defaults to string type - elif isinstance(value, string_types): + elif isinstance(value, (string_types, AnsibleVaultEncryptedUnicode)): value = unquote(to_text(value, errors='surrogate_or_strict')) if errmsg: diff --git a/test/units/config/test_manager.py b/test/units/config/test_manager.py index 0a0a71af97f..d103e5e6618 100644 --- a/test/units/config/test_manager.py +++ b/test/units/config/test_manager.py @@ -131,3 +131,15 @@ class TestConfigManager: actual_value, actual_origin = self.manager._loop_entries({'name': vault_var}, [{'name': 'name'}]) assert actual_value == "vault text" assert actual_origin == "name" + + @pytest.mark.parametrize("value_type", ("str", "string", None)) + def test_ensure_type_with_vaulted_str(self, value_type): + class MockVault: + def decrypt(self, value): + return value + + vault_var = AnsibleVaultEncryptedUnicode(b"vault text") + vault_var.vault = MockVault() + + actual_value = ensure_type(vault_var, value_type) + assert actual_value == "vault text"