mirror of https://github.com/ansible/ansible.git
Mirror of https://github.com/ansible/ansible.git
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
625a99aa32
This patch fixes a bug which under certain conditions results in data
returned from lookups not being marked as unsafe.
Each time Templar.do_template is invoked a new AnsibleContext is
created and stored effectively at two places:
1) as an instance variable in templar_obj.cur_context
2) as a local variable called new_context in do_template method of Templar
Due to custom functionality in Ansible's Context that allows for nested
templating it is possible that during resolving variable's value
template/do_template method is called recursively again, again creating
a new context. At that point the problem manifests itself because as
mentioned in 1) above the context is overwriten on the templar object
which means that any subsequent calls to _lookup will use the new
context to mark it as unsafe which is now different to the local
new_context which is used for testing for unsafe property.
The solution to the problem appears to be to restore the original
context inside do_template and also to eliminate the local variable
new_context to prevent problems in the future.
It appears that we don't have a better way of storing the context other
than as some form of global variable and so this appears to be the
"best" solution possible at this point. Hopefully data tagging will be
the solution here.
For more examples see unit and integration tests included in this patch.
Fixes #77535
(cherry picked from commit
|
4 years ago | |
|---|---|---|
| .azure-pipelines | 4 years ago | |
| .github | 4 years ago | |
| bin | 4 years ago | |
| changelogs | 4 years ago | |
| docs | 4 years ago | |
| examples | 4 years ago | |
| hacking | 4 years ago | |
| lib/ansible | 4 years ago | |
| licenses | 7 years ago | |
| packaging | 5 years ago | |
| test | 4 years ago | |
| .cherry_picker.toml | 8 years ago | |
| .gitattributes | 5 years ago | |
| .gitignore | 5 years ago | |
| .mailmap | 8 years ago | |
| COPYING | 14 years ago | |
| MANIFEST.in | 4 years ago | |
| Makefile | 4 years ago | |
| README.rst | 4 years ago | |
| requirements.txt | 5 years ago | |
| setup.py | 4 years ago | |
README.rst
|PyPI version| |Docs badge| |Chat badge| |Build Status| |Code Of Conduct| |Mailing Lists| |License| |CII Best Practices| ******* Ansible ******* Ansible is a radically simple IT automation system. It handles configuration management, application deployment, cloud provisioning, ad-hoc task execution, network automation, and multi-node orchestration. Ansible makes complex changes like zero-downtime rolling updates with load balancers easy. More information on the Ansible `website <https://ansible.com/>`_. Design Principles ================= * Have an extremely simple setup process with a minimal learning curve. * Manage machines quickly and in parallel. * Avoid custom-agents and additional open ports, be agentless by leveraging the existing SSH daemon. * Describe infrastructure in a language that is both machine and human friendly. * Focus on security and easy auditability/review/rewriting of content. * Manage new remote machines instantly, without bootstrapping any software. * Allow module development in any dynamic language, not just Python. * Be usable as non-root. * Be the easiest IT automation system to use, ever. Use Ansible =========== You can install a released version of Ansible with ``pip`` or a package manager. See our `installation guide <https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html>`_ for details on installing Ansible on a variety of platforms. Power users and developers can run the ``devel`` branch, which has the latest features and fixes, directly. Although it is reasonably stable, you are more likely to encounter breaking changes when running the ``devel`` branch. We recommend getting involved in the Ansible community if you want to run the ``devel`` branch. Get Involved ============ * Read `Community Information <https://docs.ansible.com/ansible/latest/community>`_ for all kinds of ways to contribute to and interact with the project, including mailing list information and how to submit bug reports and code to Ansible. * Join a `Working Group <https://github.com/ansible/community/wiki>`_, an organized community devoted to a specific technology domain or platform. * Submit a proposed code update through a pull request to the ``devel`` branch. * Talk to us before making larger changes to avoid duplicate efforts. This not only helps everyone know what is going on, but it also helps save time and effort if we decide some changes are needed. * For a list of email lists, IRC channels and Working Groups, see the `Communication page <https://docs.ansible.com/ansible/latest/community/communication.html>`_ Coding Guidelines ================= We document our Coding Guidelines in the `Developer Guide <https://docs.ansible.com/ansible/devel/dev_guide/>`_. We particularly suggest you review: * `Contributing your module to Ansible <https://docs.ansible.com/ansible/devel/dev_guide/developing_modules_checklist.html>`_ * `Conventions, tips, and pitfalls <https://docs.ansible.com/ansible/devel/dev_guide/developing_modules_best_practices.html>`_ Branch Info =========== * The ``devel`` branch corresponds to the release actively under development. * The ``stable-2.X`` branches correspond to stable releases. * Create a branch based on ``devel`` and set up a `dev environment <https://docs.ansible.com/ansible/latest/dev_guide/developing_modules_general.html#common-environment-setup>`_ if you want to open a PR. * See the `Ansible release and maintenance <https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html>`_ page for information about active branches. Roadmap ======= Based on team and community feedback, an initial roadmap will be published for a major or minor version (ex: 2.7, 2.8). The `Ansible Roadmap page <https://docs.ansible.com/ansible/devel/roadmap/>`_ details what is planned and how to influence the roadmap. Authors ======= Ansible was created by `Michael DeHaan <https://github.com/mpdehaan>`_ and has contributions from over 5000 users (and growing). Thanks everyone! `Ansible <https://www.ansible.com>`_ is sponsored by `Red Hat, Inc. <https://www.redhat.com>`_ License ======= GNU General Public License v3.0 or later See `COPYING <COPYING>`_ to see the full text. .. |PyPI version| image:: https://img.shields.io/pypi/v/ansible-core.svg :target: https://pypi.org/project/ansible-core .. |Docs badge| image:: https://img.shields.io/badge/docs-latest-brightgreen.svg :target: https://docs.ansible.com/ansible/latest/ .. |Build Status| image:: https://dev.azure.com/ansible/ansible/_apis/build/status/CI?branchName=devel :target: https://dev.azure.com/ansible/ansible/_build/latest?definitionId=20&branchName=devel .. |Chat badge| image:: https://img.shields.io/badge/chat-IRC-brightgreen.svg :target: https://docs.ansible.com/ansible/latest/community/communication.html .. |Code Of Conduct| image:: https://img.shields.io/badge/code%20of%20conduct-Ansible-silver.svg :target: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html :alt: Ansible Code of Conduct .. |Mailing Lists| image:: https://img.shields.io/badge/mailing%20lists-Ansible-orange.svg :target: https://docs.ansible.com/ansible/latest/community/communication.html#mailing-list-information :alt: Ansible mailing lists .. |License| image:: https://img.shields.io/badge/license-GPL%20v3.0-brightgreen.svg :target: COPYING :alt: Repository License .. |CII Best Practices| image:: https://bestpractices.coreinfrastructure.org/projects/2372/badge :target: https://bestpractices.coreinfrastructure.org/projects/2372 :alt: Ansible CII Best Practices certification