From fff14d7c1ddec30a8645a622f1742c927a18f059 Mon Sep 17 00:00:00 2001 From: Kate Case Date: Tue, 12 Jul 2022 11:40:47 -0400 Subject: [PATCH] Decode vaulted args before sending over ansible-connection. (#78236) I'm not aware of a way to easily get vault secrets decoded on the ansible-connection side without sending the vault secrets over the connection in the same way, so just decode them for transport. --- changelogs/fragments/ansible-connection_decode.yml | 3 +++ lib/ansible/module_utils/connection.py | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/ansible-connection_decode.yml diff --git a/changelogs/fragments/ansible-connection_decode.yml b/changelogs/fragments/ansible-connection_decode.yml new file mode 100644 index 00000000000..7e13dc98265 --- /dev/null +++ b/changelogs/fragments/ansible-connection_decode.yml @@ -0,0 +1,3 @@ +bugfixes: + - ansible-connection - decrypt vaulted parameters before sending over the socket, as + vault secrets are not available on the other side. diff --git a/lib/ansible/module_utils/connection.py b/lib/ansible/module_utils/connection.py index fd0b134087c..1396c1c1510 100644 --- a/lib/ansible/module_utils/connection.py +++ b/lib/ansible/module_utils/connection.py @@ -144,7 +144,7 @@ class Connection(object): ) try: - data = json.dumps(req, cls=AnsibleJSONEncoder) + data = json.dumps(req, cls=AnsibleJSONEncoder, vault_to_text=True) except TypeError as exc: raise ConnectionError( "Failed to encode some variables as JSON for communication with ansible-connection. "