Commit Graph

60 Commits (e2c6e6511b1172f4b0d09132c8c53a176bb77394)

Author SHA1 Message Date
Matt Martz 7239d2d371
Ensure that unsafe is more difficult to lose [stable-2.14] (#82295)
* Ensure that unsafe is more difficult to lose

* Add Task.untemplated_args, and switch assert over to use it
* Don't use re in first_found, switch to using native string methods
* If nested templating results in unsafe, just error, don't continue

(cherry picked from commit 586f1924512b01305f896d9ae4732773023013a3)

* ci_complete
1 year ago
Brian Coca 0de4480467
allow multiple types for null representation (#78451)
* allow multiple types for null representation

  '' is not Nonetype
  fixes #76493
2 years ago
Matt Clay 02e98810a9
Re-organize CI test groups for POSIX tests. (#77420)
* `context/target` tests must be in groups 1 - 2.
* `context/controller` tests must be in groups 3 - 5.

This makes it easier to efficiently organize groups and balance test runtimes.
2 years ago
Martin Krizek d070b03ad8
Fix templating nested vars with convert_data=False (#78273)
Regression introduced in #78259.
2 years ago
Martin Krizek 9afdb7fec1
template module/lookup: fix convert_data for macros (#78259)
Fixes #78141
2 years ago
Martin Krizek 17d52c8d64
Move undefined check from concat to finalize (#78165)
* Move undefined check from concat to finalize

In the classic Jinja2's Environment str() is called on the return value of the
finalize method to potentially trigger the undefined error. That is not
the case in NativeEnvironment where string conversion of the return value is
not desired. We workaround that by checking for Undefined in all of our concat
functions. It seems simpler to do it earlier in the finalize method(s) instead.
As a side-effect it fixes an undefined variable detection in imported templates.

Fixes #78156

ci_complete

* Fix sanity

* ...

* sigh
2 years ago
Martin Krizek 572bc1354a Fix lazy eval version in integration tests 3 years ago
Martin Krizek 3980eb8c09
Prevent losing unsafe from lookups (#77609)
* Prevent losing unsafe from lookups

This patch fixes a bug which under certain conditions results in data
returned from lookups not being marked as unsafe.

Each time Templar.do_template is invoked a new AnsibleContext is
created and stored effectively at two places:
1) as an instance variable in templar_obj.cur_context
2) as a local variable called new_context in do_template method of Templar

Due to custom functionality in Ansible's Context that allows for nested
templating it is possible that during resolving variable's value
template/do_template method is called recursively again, again creating
a new context. At that point the problem manifests itself because as
mentioned in 1) above the context is overwriten on the templar object
which means that any subsequent calls to _lookup will use the new
context to mark it as unsafe which is now different to the local
new_context which is used for testing for unsafe property.

The solution to the problem appears to be to restore the original
context inside do_template and also to eliminate the local variable
new_context to prevent problems in the future.

It appears that we don't have a better way of storing the context other
than as some form of global variable and so this appears to be the
"best" solution possible at this point. Hopefully data tagging will be
the solution here.

For more examples see unit and integration tests included in this patch.

Fixes #77535
3 years ago
Martin Krizek cbe42bff7f
Allow for lazy evaluation of Jinja2 expressions (#56116) 3 years ago
Corubba 94138cf608
template override colon bugfixes (#77495)
* Proper error on missing jinja2 override separator

Properly catch the case when no (or a wrong) separator is used in a
jinja2 override, and return a useful error message to the user.

* Support colons in jinja2 override value

By limiting the split to 1, any colons in the value are preserved and
passed on.
3 years ago
Matt Clay c1a271c792 Remove unused task from template integration test. 3 years ago
Martin Krizek 094a0746b3
ansible_concat: return strings only unless eval (#76634)
Fixes #76610
3 years ago
Martin Krizek 26707a3c6b
Heisen jinja2_native (#75587)
* Use NativeEnvironment for all templating

ci_complete

* Keep Templar.copy_with_new_env for backwards compat

* Mention that AnsibleUndefined.__repr__ changed in the porting guide

* Templar.copy_with_new_env backwards compat

* ci_complete
3 years ago
Martin Krizek 7621784b94
Require Jinja2 3.0.0 (#75881)
* Require Jinja2 3.0.0

ci_complete

* Fix sanity

* Remove Jinja min/max tests

* ansible-test changes

* ci_complete

* More cleanup

ci_complete

* Revert _count_newlines_from_end :( and other stuff

* Fix sanity

* It's using host_vars ...

* Unused import

* Remove overridden groupby filter

* environmentfilter -> pass_environment

* Explain preserve_trailing_newlines

* Add changelog

* ci_complete

* Deprecated ANSIBLE_JINJA2_NATIVE_WARNING

* native_helpers.py cleanup

* More cleanup in the find intgration test
3 years ago
Matt Clay 4ea8d9a782
ansible-test - split controller/target testing (#75605) 3 years ago
Daniel Goldman 989eeb243f
Add an `undef` global Jinja function (#75435)
* add tests for fail filter

also tests that fail does not block inspectability

* add fail filter

fallback message is a bit clunky,
since you can't invoke a filter without specifying an input.
That is, "{{ fail }}" doesn't work,
so you have to do "{{ None | fail }}"

* document 'fail' filter

* add changelog fragment

* fail filter uses default message on Undefined or emptystring

makes it slightly easier to use the default message:
```diff
- "{{ None | fail }}"
+ "{{ '' | fail }}"
```

and the user sees a slightly more relevant message
if the message itself is undefined:

```diff
- The error was: {{ failmsg | fail }}: 'failmsg' is undefined
+ The error was: {{ failmsg | fail }}: Mandatory variable has not been overridden
```

* rebuild as the builtin `Undefined`

* harmonise `hint` parameter for make_undefined with jinja

* use code block for documentation item

[ref](https://github.com/ansible/ansible/pull/75435#discussion_r707661035)

* rename to `undef` to expose less Python into the Jinja

[ref](https://github.com/ansible/ansible/pull/75435#pullrequestreview-757799031)

* explicitly instantiate undefined value now that it's possible

see I knew we would break something with reflection

* preserve test coverage of undefined variable

Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>
3 years ago
Hossein Zolfi 3d872fb5e8
Add new comment attribute to template plugin (#69253)
* Add new comment attribute to template plugin

Add comment_start_string and comment_end_string attribute to template
plugin


Co-authored-by: Hossein Zolfi <h.zolfi@inside.sahab.ir>
3 years ago
Martin Krizek 5a38076568
Globals should be accessible when importing a template without the context (#75384)
Fixes #75371
3 years ago
Martin Krizek 767b2f07b0
Ensure Jinja2 template header overrides are used (#75306)
Fixes #75275
3 years ago
Brian Coca 4c8c40fd3d
fix unsafe preservation across newlines (#74960)
* fix unsafe preservation across newlines

  CVE-2021-3583
  ensure we always have unsafe

Co-authored-by: Rick Elrod <rick@elrod.me>
4 years ago
David Shrewsbury d44eb03f49
Remove include from tests (#74330) 4 years ago
Martin Krizek a2af8432f3
Local vars should have highest precedence in AnsibleJ2Vars (#72830)
Ability to add local variables into AnsibleJ2Vars was added in
18a9eff11f to fix #6653. Local variables
are added using ``AnsibleJ2Vars.add_locals()`` method when creating a
new context - typically when including/importing a template with
context. For that use case local template variables created using
``set`` should override variables from higher contexts - either from the
play or any parent template, or both; Jinja behaves the same way.

Also removes AnsibleJ2Vars.extras instance variable which is not used.

Also adds missing test for #6653.

Fixes #72262
Fixes #72615

ci_complete
4 years ago
Martin Krizek 00b22ab55e
Provide more information in AnsibleUndefinedVariable (#71666)
* Provide more information in AnsibleUndefinedVariable

Fixes #55152
4 years ago
Martin Krizek bf7276a4e8
Emit proper error for `x in y` when y is undefined (#70990)
Fixes #70984
4 years ago
Matt Clay 4816bb4f43
More boilerplate fixes. (#70224)
* Fix boilerplate in hacking dir.
* Fix boilerplate in docs dir.
* Fix boilerplate in integration tests.
* Fix boilerplate in examples.
5 years ago
Martin Krizek ff1ba39c8a
Prevent templating unused variables for {%include%} (#68749)
Fixes #68699
5 years ago
Yanis Guenane 4fd2dce7f3
Testing: Add support for AIX platform (#65802) 5 years ago
Matt Clay 479845a05c
Expand Shippable test matrix. (#66912)
* Add 2 CI groups for AWS.
* Add 1 CI group for vmware.
* Add 1 CI group for CS.
* Add 1 CI group for posix.
5 years ago
Matt Clay 0c74ee4352
Clean up various integration tests. (#60613)
* Fix var_blending test temp dir usage.

* Fix filters integration test:

- Fix use of `output_dir`.
- Use `localhost` instead of `testhost` since we're only testing filters.
- Fix `fileglob` test to actually test a directory that exists.

* Fix lookups integration test:

- Fix use of `output_dir`.
- Use `localhost` instead of `testhost` since we're only testing lookups.

* Fix ansible-runner test temp dir usage.

* Fix template and template_jinja2_latest test.

Use the `OUTPUT_DIR` env var to get the output directory for the tests.

* Fix Python version compat in filters test.

* Skip filters test on Python 2.6.
5 years ago
Martin Krizek b7868529ee
Revert "Speed up VariableManager by preserving Templar state. (#45572)" (#59280)
This reverts commit 6069d09b9d.

Fixes #57351
5 years ago
Brian Coca b9b0b23015
safe_eval fix (#57188)
* just dont pass locals

 - also fix globals
 - added tests

* fixed tests
6 years ago
Matt Martz e89f8bae86
Extend jinja2 nested undefined support to keys/indices (#55094) 6 years ago
Abhijeet Kasurde 142732dba9 dataloader: check exact value of dir (#52021)
Include path in role with directory which has 'tasks' as end.
For example, roles/sometasks/templates is now considered while searching path.

Fixes: #42585

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
6 years ago
Jordan Borean 17bfc60423
test - add setup target that creates the nobody user (#52750)
* test - add setup target that creates the nobody user

* do not set explicit gid/uid for nobody user

* Do no create group and only touch basic attributes
6 years ago
Abhijeet Kasurde 24d1886499
template: add additional variable for dest path (#52015)
Signed-off-by: Dustin Spicuzza <dustin@virtualroadside.com>
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
6 years ago
Andrew Gaffney 9c35f18dd6 Custom jinja Undefined class for handling nested undefined attributes (#51768)
This commit creates a custom Jinja2 Undefined class that returns
Undefined for any further accesses, rather than raising an exception
6 years ago
Adam Miller 6c61336a4b enable template target integration tests on rhel8 beta (#48940)
Signed-off-by: Adam Miller <admiller@redhat.com>
6 years ago
Matt Clay a41c0405a7
Add CI platform: rhel/8.0 (#48835) 6 years ago
Julien Champseix 19dc267e4c Allow specifying the output encoding in the template module (#42171)
Allow specifying the source and destination files' encodings in the template module

* Added output_encoding to the template module, default to utf-8
* Added documentation for the new variables
* Leveraged the encoding argument on to_text() and to_bytes() to keep the implementation as simple as possible
* Added integration tests with files in utf-8 and windows-1252 encodings, testing all combinations
* fix bad smell test by excluding windows-1252 files from the utf8 checks
* fix bad smell test by excluding valid files from the smart quote test
6 years ago
Matt Clay 4e489d1be8
Update Shippable integration test groups. (#43118)
* Update Shippable integration test groups.
* Update integration test group aliases.
* Rebalance AWS and Azure tests with extra group.
* Rebalance Windows tests with another group.
6 years ago
Toshio Kuratomi 81b2529159 Fix when template paths contain non-ascii chars and using the path in ansible_managed
Fixes #27262
7 years ago
Toshio Kuratomi f91d961cb4 Add tests for template with non-ascii filenames
This is a test in response to #27262 but I could not provoke the error
so it only shows that the current code is working with non-ascii
filenames in this case.  It doesn't show whether there's some other bug
somewhere.
7 years ago
Toshio Kuratomi 83c1cba511
Fixes for mode=preserve (#39343)
* Fixes for mode=preserve

* Document mode=preserve for template and copy
* Make mode=preserve work with remote_src for copy
* Make mode=preserve work for template
* Integration tests for copy & template mode=preserve

Fixes #39279

* Changed mode option in win_copy to hidden option as it doesn't reflect copy mode
7 years ago
Alex Tsitsimpis c3ab6cb9b1 template: Add option to `lstrip_blocks' and fix setting`trim_blocks` inline (#37478)
* template: Add integration tests for `lstrip_blocks'

Signed-off-by: Alex Tsitsimpis <alextsi@arrikto.com>

* template: Fix passing `trim_blocks' inline

Fix passing `trim_blocks' option to the template module as inline
argument. Previously passing the `trim_blocks' option inline instead of
using the YAML dictionary format resulted in it always being set to
`True', even if `trim_blocks=False' was used.

Signed-off-by: Alex Tsitsimpis <alextsi@arrikto.com>

* template: Add option to `lstrip_blocks'

Add option to set `lstrip_blocks' when using the template module to
render Jinja templates. The Jinja documentation suggests that
`trim_blocks' and `lstrip_blocks' is a great combination and the
template module already provides an option for `trim_blocks'.

Note that although `trim_blocks' in Ansible is enabled by default since
version 2.4, in order to avoid breaking things keep `lstrip_blocks'
disabled by default. Maybe in a future version it could be enabled by
default.

This seems to address issue #10725 in a more appropriate way than the
suggested.

Signed-off-by: Alex Tsitsimpis <alextsi@arrikto.com>

* template: Add integration tests for `trim_blocks'

Signed-off-by: Alex Tsitsimpis <alextsi@arrikto.com>

* template: Check Jinja2 support for `lstrip_blocks'

Since the `lstrip_blocks' option was added in Jinja2 version 2.7, raise
an exception when `lstrip_blocks' is set but Jinja2 does not support it.
Check support for `lstrip_blocks' option by checking `jinja2.defaults'
for `LSTRIP_BLOCKS' and do not use `jinja2.__version__' because the
latter is set to `unknown' in some cases, perhaps due to bug in
`pkg_resources' in Python 2.6.6.

Also update option description to state that Jinja2 version >=2.7 is
required.

Signed-off-by: Alex Tsitsimpis <alextsi@arrikto.com>
7 years ago
Martin Krizek 63fdc3f08f
Fix jinja2>=2.9 nested include vars (#35099)
This fixes a bug when parent's local vars where not available in nested
includes. The bug can only be seen with jinja>=2.9 which changes
how the variable scopes work.

Fixes #34886
7 years ago
Pilou d608eb9530 Check that AnsibleUndefinedVariable doesn't occur when an unused variable references an undefined variable (#35571)
* Check that AnsibleUndefinedVariable doesn't occur

* AnsibleUndefinedVariable exc.: don't modify type
7 years ago
Matt Martz 4fe08441be Deprecate tests used as filters (#32361)
* Warn on tests used as filters

* Update docs, add aliases for tests that fit more gramatically with test syntax

* Fix rst formatting

* Add successful filter, alias of success

* Remove renamed_deprecation, it was overkill

* Make directory alias for is_dir

* Update tests to use proper jinja test syntax

* Update additional documentation, living outside of YAML files, to reflect proper jinja test syntax

* Add conversion script, porting guide updates, and changelog updates

* Update newly added uses of tests as filters

* No underscore variable

* Convert recent tests as filter changes to win_stat

* Fix some changes related to rebasing a few integration tests

* Make tests_as_filters_warning explicitly accept the name of the test, instead of inferring the name

* Add test for tests_as_filters_warning

* Update tests as filters in newly added/modified tests

* Address recent changes to several integration tests

* Address recent changes in cs_vpc
7 years ago
Toshio Kuratomi bc66faa328 Add more tests for copy/file/template with harlinks 7 years ago
Andrew Erickson 2b14fdbce3 add test for template, file, and copy with hardlinks 7 years ago
Adrian Likins 359ced3833 rm unused test template in template intg tests
introduced in 501fc7a248
based on my patch.
7 years ago