Commit Graph

8 Commits (fa7f84217b865350ee518a9af3a6d33c0b8527b4)

Author SHA1 Message Date
Adrian Likins c771ab34c7 Add a encode() to AnsibleVaultEncryptedUnicode (#19840)
* Add a encode() to AnsibleVaultEncryptedUnicode

Without it, calling encode() on it results in a bytestring
of the encrypted !vault-encrypted string.

ssh connection plugin triggers this if ansible_password
is from a var using !vault-encrypted. That path ends up
calling .encode() instead of using the __str__.

Fixes #19795

* Fix str.encode() errors on py2.6

py2.6 str.encode() does not take keyword arguments.
8 years ago
Adrian Likins 51e3ef89a9 Add error info if tabs are found in the yaml (#18343)
If a yaml file fails to load because of tabs being used
for formatting, detect that and show a error message
with more details.
8 years ago
Toshio Kuratomi 4ed88512e4 Move uses of to_bytes, to_text, to_native to use the module_utils version (#17423)
We couldn't copy to_unicode, to_bytes, to_str into module_utils because
of licensing.  So once created it we had two sets of functions that did
the same things but had different implementations.  To remedy that, this
change removes the ansible.utils.unicode versions of those functions.
8 years ago
Adrian Likins e396d5d508 Implement vault encrypted yaml variables. (#16274)
Make !vault-encrypted create a AnsibleVaultUnicode
yaml object that can be used as a regular string object.

This allows a playbook to include a encrypted vault
blob for the value of a yaml variable. A 'secret_password'
variable can have it's value encrypted instead of having
to vault encrypt an entire vars file.

Add __ENCRYPTED__ to the vault yaml types so
template.Template can treat it similar
to __UNSAFE__ flags.

vault.VaultLib api changes:
    - Split VaultLib.encrypt to encrypt and encrypt_bytestring

    - VaultLib.encrypt() previously accepted the plaintext data
      as either a byte string or a unicode string.
      Doing the right thing based on the input type would fail
      on py3 if given a arg of type 'bytes'. To simplify the
      API, vaultlib.encrypt() now assumes input plaintext is a
      py2 unicode or py3 str. It will encode to utf-8 then call
      the new encrypt_bytestring(). The new methods are less
      ambiguous.

    - moved VaultLib.is_encrypted logic to vault module scope
      and split to is_encrypted() and is_encrypted_file().

Add a test/unit/mock/yaml_helper.py
It has some helpers for testing parsing/yaml

Integration tests added as roles test_vault and test_vault_embedded
8 years ago
Toshio Kuratomi 7cb29cdbec Workaround py2.6's StringIO 9 years ago
Toshio Kuratomi b70bf3b056 Use io.StringIO and io.BytesIO instead of StringIO.StringIO for compat with py3 9 years ago
Matt Martz 2cd3a1be00 assertRaises should be given an exception type. Fixes 11441 10 years ago
James Cammarata ce3ef7f4c1 Making the switch to v2 10 years ago