diff --git a/lib/ansible/parsing/vault/__init__.py b/lib/ansible/parsing/vault/__init__.py index 432609d14f9..08242e31190 100644 --- a/lib/ansible/parsing/vault/__init__.py +++ b/lib/ansible/parsing/vault/__init__.py @@ -61,8 +61,8 @@ display = Display() b_HEADER = b'$ANSIBLE_VAULT' -CIPHER_WHITELIST = frozenset((u'AES256',)) -CIPHER_WRITE_WHITELIST = frozenset((u'AES256',)) +CIPHER_ALLOWLIST = frozenset((u'AES256',)) +CIPHER_WRITE_ALLOWLIST = frozenset((u'AES256',)) # See also CIPHER_MAPPING at the bottom of the file which maps cipher strings # (used in VaultFile header) to a cipher class @@ -606,7 +606,7 @@ class VaultLib: if is_encrypted(b_plaintext): raise AnsibleError("input is already encrypted") - if not self.cipher_name or self.cipher_name not in CIPHER_WRITE_WHITELIST: + if not self.cipher_name or self.cipher_name not in CIPHER_WRITE_ALLOWLIST: self.cipher_name = u"AES256" try: @@ -671,7 +671,7 @@ class VaultLib: # create the cipher object, note that the cipher used for decrypt can # be different than the cipher used for encrypt - if cipher_name in CIPHER_WHITELIST: + if cipher_name in CIPHER_ALLOWLIST: this_cipher = CIPHER_MAPPING[cipher_name]() else: raise AnsibleError("{0} cipher could not be found".format(cipher_name)) @@ -958,7 +958,7 @@ class VaultEditor: # (vault_id=default, while a different vault-id decrypted) # we want to get rid of files encrypted with the AES cipher - force_save = (cipher_name not in CIPHER_WRITE_WHITELIST) + force_save = (cipher_name not in CIPHER_WRITE_ALLOWLIST) # Keep the same vault-id (and version) as in the header self._edit_file_helper(filename, vault_secret_used, existing_data=plaintext, force_save=force_save, vault_id=vault_id) diff --git a/test/integration/targets/collections/custom_vars_plugins/v1_vars_plugin.py b/test/integration/targets/collections/custom_vars_plugins/v1_vars_plugin.py index b9e2925ba43..ce79baa7f25 100644 --- a/test/integration/targets/collections/custom_vars_plugins/v1_vars_plugin.py +++ b/test/integration/targets/collections/custom_vars_plugins/v1_vars_plugin.py @@ -22,7 +22,7 @@ DOCUMENTATION = ''' version_added: "2.10" short_description: load host and group vars description: - - 3rd party vars plugin to test loading host and group vars without requiring whitelisting and without a plugin-specific stage option + - Third-party vars plugin to test loading host and group vars without enabling and without a plugin-specific stage option options: ''' diff --git a/test/integration/targets/collections/custom_vars_plugins/v2_vars_plugin.py b/test/integration/targets/collections/custom_vars_plugins/v2_vars_plugin.py index c946e440e1a..a6894ac9124 100644 --- a/test/integration/targets/collections/custom_vars_plugins/v2_vars_plugin.py +++ b/test/integration/targets/collections/custom_vars_plugins/v2_vars_plugin.py @@ -22,7 +22,7 @@ DOCUMENTATION = ''' version_added: "2.10" short_description: load host and group vars description: - - 3rd party vars plugin to test loading host and group vars without requiring whitelisting and with a plugin-specific stage option + - Third party vars plugin to test loading host and group vars without enabling and with a plugin-specific stage option options: stage: choices: ['all', 'inventory', 'task'] diff --git a/test/integration/targets/rel_plugin_loading/subdir/inventory_plugins/notyaml.py b/test/integration/targets/rel_plugin_loading/subdir/inventory_plugins/notyaml.py index 32b48299909..50e1e2bf6dd 100644 --- a/test/integration/targets/rel_plugin_loading/subdir/inventory_plugins/notyaml.py +++ b/test/integration/targets/rel_plugin_loading/subdir/inventory_plugins/notyaml.py @@ -15,7 +15,7 @@ DOCUMENTATION = ''' - File MUST have a valid extension, defined in configuration. notes: - If you want to set vars for the C(all) group inside the inventory file, the C(all) group must be the first entry in the file. - - Whitelisted in configuration by default. + - Enabled in configuration by default. options: yaml_extensions: description: list of 'valid' extensions for files containing YAML