mirror of https://github.com/ansible/ansible.git
Bkprt conn err msg no template (#37381)
* Connection error messages are unsafe: wrap them (#37329)
* Check that connection error msg are not unsafe
* Connection error messages are unsafe: wrap them
For example, in case of error, docker connection plugin returns exception
message containing Go template. These messages weren't tagged as unsafe
and were consequently rendered:
The conditional check 'result is failed' failed. The error was:
{
'msg': u'Docker version check ([\'/usr/bin/docker\', \'version\', \'--format\', "\'{{.Server.Version}}\'"]) failed: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.35/version: dial unix /var/run/docker.sock: connect: permission denied\n',
'failed': True
}:
template error while templating string: unexpected '.'.
String: Docker version check (['/usr/bin/docker', 'version', '--format', "'{{.Server.Version}}'"]) failed: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.35/version: dial unix /var/run/docker.sock: connect: permission denied
(cherry picked from commit 4378542ac7)
* Add a changelog for the no-template error message fix
pull/37299/merge
Toshio Kuratomi
7 years ago
committed by
Matt Davis
parent
36186c3a04
commit
c264061272
@ -0,0 +1,4 @@
|
||||
bugfixes:
|
||||
- Connection error messages may contain characters that jinja2 would
|
||||
interpret as a template. Wrap the error string so this doesn't happen
|
||||
(https://github.com/ansible/ansible/pull/37329)
|
||||
@ -0,0 +1 @@
|
||||
posix/ci/group2
|
||||
@ -0,0 +1,2 @@
|
||||
[local]
|
||||
testhost
|
||||
@ -0,0 +1,19 @@
|
||||
- hosts: testhost
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: "use a connection plugin raising an exception, exception message contains Jinja template."
|
||||
connection: dummy
|
||||
command: /bin/true # command won't be executed
|
||||
register: result
|
||||
ignore_errors: True
|
||||
|
||||
- name: "check that Jinja template embedded in exception message isn't rendered"
|
||||
debug:
|
||||
msg: 'ok'
|
||||
when: result is failed
|
||||
register: debug_task
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
- debug_task is success
|
||||
@ -0,0 +1,46 @@
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
__metaclass__ = type
|
||||
|
||||
DOCUMENTATION = """
|
||||
author:
|
||||
- John Doe
|
||||
connection: dummy
|
||||
short_description: defective connection plugin
|
||||
description:
|
||||
- defective connection plugin
|
||||
version_added: "2.0"
|
||||
options: {}
|
||||
"""
|
||||
import ansible.constants as C
|
||||
from ansible.errors import AnsibleError
|
||||
from ansible.plugins.connection import ConnectionBase
|
||||
|
||||
|
||||
class Connection(ConnectionBase):
|
||||
|
||||
transport = 'dummy'
|
||||
has_pipelining = True
|
||||
become_methods = frozenset(C.BECOME_METHODS)
|
||||
|
||||
def __init__(self, play_context, new_stdin, *args, **kwargs):
|
||||
super(Connection, self).__init__(play_context, new_stdin, *args, **kwargs)
|
||||
|
||||
raise AnsibleError('an error with {{ some Jinja }}')
|
||||
|
||||
def transport(self):
|
||||
pass
|
||||
|
||||
def _connect(self):
|
||||
pass
|
||||
|
||||
def exec_command(self, cmd, in_data=None, sudoable=True):
|
||||
pass
|
||||
|
||||
def put_file(self, in_path, out_path):
|
||||
pass
|
||||
|
||||
def fetch_file(self, in_path, out_path):
|
||||
pass
|
||||
|
||||
def close(self):
|
||||
pass
|
||||
@ -0,0 +1,5 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -o nounset -o errexit -o xtrace
|
||||
|
||||
ANSIBLE_CONNECTION_PLUGINS="$(pwd)/plugin" ansible-playbook -i inventory "$(pwd)/play.yml" -v "$@"
|
||||
Loading…
Reference in New Issue