ansible

Commit Graph

Author	SHA1	Message	Date
Sloane Hertel	4cc4c44dd0	Add a representer for AnsibleUnsafeBytes (#62598 ) * Add a representer for AnsibleUnsafeBytes * changelog * Add unit tests Remove native string test until we have time to evaluate how this the function should work Add non-ASCII characters to test cases * Compare to the string on Python 2 Add a comment in the test about this behavior	5 years ago
Sloane Hertel	826f224f02	Handle vaulted non-ascii characters for Python2 (#58503 ) * Handle vaulted non-ascii characters for Python2 * Add a test to ensure str() no longer raises UnicodeEncodeError	5 years ago
Matt Clay	3033fd96b0	Move unit test compat code out of `lib/ansible/`. (#46996 ) * Move ansible.compat.tests to test/units/compat/. * Fix unit test references to ansible.compat.tests. * Move builtins compat to separate file. * Fix classification of test/units/compat/ dir.	6 years ago
Matt Clay	a11f631ee4	Python 3.8 collections compatibility fixes. Includes a new pylint blacklist plugin to prevent regressions.	6 years ago
Adrian Likins	1613a739ad	fix decrypted vault utf8 values (#37539 ) * Fix errors decrypted non-ascii vault vars AnsibleVaultEncryptedUnicode was just using b"".decode() instead of to_text() on the bytestrings returned from vault.decrypt() and could cause errors on python2 if non-ascii since decode() defaults to ascii. Use to_text() to default to decoding utf-8. add intg and unit tests for value of vaulted vars being non-ascii utf8 based on https://github.com/ansible/ansible/issues/37258 Fixes #37258 * yamllint fixups	7 years ago
Michael Vermaes	fad3a4dc83	Fix typo in vault decrypt error message (#31335 )	7 years ago
Adrian Likins	934b645191	Support multiple vault passwords (#22756 ) Fixes #13243 Add --vault-id to name/identify multiple vault passwords Use --vault-id to indicate id and path/type --vault-id=prompt # prompt for default vault id password --vault-id=myorg@prompt # prompt for a vault_id named 'myorg' --vault-id=a_password_file # load ./a_password_file for default id --vault-id=myorg@a_password_file # load file for 'myorg' vault id vault_id's are created implicitly for existing --vault-password-file and --ask-vault-pass options. Vault ids are just for UX purposes and bookkeeping. Only the vault payload and the password bytestring is needed to decrypt a vault blob. Replace passing password around everywhere with a VaultSecrets object. If we specify a vault_id, mention that in password prompts Specifying multiple -vault-password-files will now try each until one works Rev vault format in a backwards compatible way The 1.2 vault format adds the vault_id to the header line of the vault text. This is backwards compatible with older versions of ansible. Old versions will just ignore it and treat it as the default (and only) vault id. Note: only 2.4+ supports multiple vault passwords, so while earlier ansible versions can read the vault-1.2 format, it does not make them magically support multiple vault passwords. use 1.1 format for 'default' vault_id Vaulted items that need to include a vault_id will be written in 1.2 format. If we set a new DEFAULT_VAULT_IDENTITY, then the default will use version 1.2 vault will only use a vault_id if one is specified. So if none is specified and C.DEFAULT_VAULT_IDENTITY is 'default' we use the old format. Changes/refactors needed to implement multiple vault passwords raise exceptions on decrypt fail, check vault id early split out parsing the vault plaintext envelope (with the sha/original plaintext) to _split_plaintext_envelope() some cli fixups for specifying multiple paths in the unfrack_paths optparse callback fix py3 dict.keys() 'dict_keys object is not indexable' error pluralize cli.options.vault_password_file -> vault_password_files pluralize cli.options.new_vault_password_file -> new_vault_password_files pluralize cli.options.vault_id -> cli.options.vault_ids Add a config option (vault_id_match) to force vault id matching. With 'vault_id_match=True' and an ansible vault that provides a vault_id, then decryption will require that a matching vault_id is required. (via --vault-id=my_vault_id@password_file, for ex). In other words, if the config option is true, then only the vault secrets with matching vault ids are candidates for decrypting a vault. If option is false (the default), then all of the provided vault secrets will be selected. If a user doesn't want all vault secrets to be tried to decrypt any vault content, they can enable this option. Note: The vault id used for the match is not encrypted or cryptographically signed. It is just a label/id/nickname used for referencing a specific vault secret.	7 years ago
Abhijeet Kasurde	b89cb95609	Fix spelling mistakes (comments only) (#25564 ) Original Author : klemens <ka7@github.com> Taking over previous PR as per https://github.com/ansible/ansible/pull/23644#issuecomment-307334525 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>	8 years ago
Dag Wieers	4efec414e7	test/: PEP8 compliancy (#24803 ) * test/: PEP8 compliancy - Make PEP8 compliant * Python3 chokes on casting int to bytes (#24952) But if we tell the formatter that the var is a number, it works	8 years ago
Toshio Kuratomi	2fff690caa	Update module_utils.six to latest (#22855 ) * Update module_utils.six to latest We've been held back on the version of six we could use on the module side to 1.4.x because of python-2.4 compatibility. Now that our minimum is Python-2.6, we can update to the latest version of six in module_utils and get rid of the second copy in lib/ansible/compat.	8 years ago
Matt Martz	87aa59af79	Legacy pep8 updates for setup.py and tests	8 years ago
Brian Coca	a2c38c47aa	added docs for vault and made trigger shorter: !vault (#20985 ) * added docs for vault and made trigger shorter: !vault * added single var valuting * Update playbooks_vault.rst Edit pass for spelling and grammar. Ship it! * Update playbooks_vault.rst Typo fixes.	8 years ago
Adrian Likins	c771ab34c7	Add a encode() to AnsibleVaultEncryptedUnicode (#19840 ) * Add a encode() to AnsibleVaultEncryptedUnicode Without it, calling encode() on it results in a bytestring of the encrypted !vault-encrypted string. ssh connection plugin triggers this if ansible_password is from a var using !vault-encrypted. That path ends up calling .encode() instead of using the __str__. Fixes #19795 * Fix str.encode() errors on py2.6 py2.6 str.encode() does not take keyword arguments.	8 years ago
Adrian Likins	51e3ef89a9	Add error info if tabs are found in the yaml (#18343 ) If a yaml file fails to load because of tabs being used for formatting, detect that and show a error message with more details.	8 years ago
Toshio Kuratomi	4ed88512e4	Move uses of to_bytes, to_text, to_native to use the module_utils version (#17423 ) We couldn't copy to_unicode, to_bytes, to_str into module_utils because of licensing. So once created it we had two sets of functions that did the same things but had different implementations. To remedy that, this change removes the ansible.utils.unicode versions of those functions.	8 years ago
Adrian Likins	e396d5d508	Implement vault encrypted yaml variables. (#16274 ) Make !vault-encrypted create a AnsibleVaultUnicode yaml object that can be used as a regular string object. This allows a playbook to include a encrypted vault blob for the value of a yaml variable. A 'secret_password' variable can have it's value encrypted instead of having to vault encrypt an entire vars file. Add __ENCRYPTED__ to the vault yaml types so template.Template can treat it similar to __UNSAFE__ flags. vault.VaultLib api changes: - Split VaultLib.encrypt to encrypt and encrypt_bytestring - VaultLib.encrypt() previously accepted the plaintext data as either a byte string or a unicode string. Doing the right thing based on the input type would fail on py3 if given a arg of type 'bytes'. To simplify the API, vaultlib.encrypt() now assumes input plaintext is a py2 unicode or py3 str. It will encode to utf-8 then call the new encrypt_bytestring(). The new methods are less ambiguous. - moved VaultLib.is_encrypted logic to vault module scope and split to is_encrypted() and is_encrypted_file(). Add a test/unit/mock/yaml_helper.py It has some helpers for testing parsing/yaml Integration tests added as roles test_vault and test_vault_embedded	8 years ago
Toshio Kuratomi	7cb29cdbec	Workaround py2.6's StringIO	9 years ago
Toshio Kuratomi	b70bf3b056	Use io.StringIO and io.BytesIO instead of StringIO.StringIO for compat with py3	9 years ago
Matt Martz	2cd3a1be00	assertRaises should be given an exception type. Fixes 11441	9 years ago
James Cammarata	ce3ef7f4c1	Making the switch to v2	10 years ago

20 Commits (4bc298af8395310031ad20b45cbc8815b20fd5ec)