Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

load-failure on vault files #1442

Closed
aminvakil opened this issue Mar 7, 2021 · 4 comments · Fixed by #1443
Closed

load-failure on vault files #1442

aminvakil opened this issue Mar 7, 2021 · 4 comments · Fixed by #1443
Labels
bug

Comments

@aminvakil
Copy link
Contributor

Summary

ansible-lint (https://github.com/ansible-community/ansible-lint/releases/tag/v5.0.3rc1) tries to lint vault files and cannot parse them, therefore it fails with this error:

Error: load-failure Failed to load or parse file

More details can be seen on this CI run:
https://github.com/aminvakil/ansible-role-mysql_add_user/runs/2050941514?check_suite_focus=true

Issue Type
  • Bug Report
Ansible and Ansible Lint details
ansible --version
ansible-3.0.0 ansible-base-2.10.6

ansible-lint --version
ansible-lint-5.0.3rc1
  • ansible installation method: pip
  • ansible-lint installation method: pip
OS / ENVIRONMENT

GH Actions using ubuntu-latest (currently ubuntu-20.04)

STEPS TO REPRODUCE
git clone https://github.com/aminvakil/ansible-role-mysql_add_user
pip3 install yamllint ansible-base ansible-lint ansible --pre
ansible-lint .
Desired Behaviour

Skip vault files

Actual Behaviour
Error: load-failure Failed to load or parse file
@aminvakil aminvakil added the bug label Mar 7, 2021
@ssbarnea
Copy link
Member

ssbarnea commented Mar 7, 2021
edited
Loading

Have you tried defining ANSIBLE_VAULT_PASSWORD_FILE on your setup? If that points to the password, the linting should pass.

The reality is that ansible-playbook --syntax-check gives an error like below, which means it cannot load the file.

ERROR! Attempting to decrypt but no vault secrets found

For sure this counts as a valid bug, mainly because it fails to report it as a specific error about the vaults. Users should be allowed to ignore vault loading issues, as they may consider unsafe to enable the vaults where the linter runs.

@aminvakil
Copy link
Contributor Author

I have defined it in molecule:
https://github.com/aminvakil/ansible-role-mysql_add_user/blob/8c92270657ac0f2b03f86d392d86511501b94f03/molecule/default/molecule.yml#L18

So if ANSIBLE_VAULT_PASSWORD_FILE doesn't get passed ansible-lint won't pass no more?

@ssbarnea
Copy link
Member

ssbarnea commented Mar 7, 2021

The linter will not load anything related to molecule, you must expose that to the environment where you run it. I am not even sure how to do this for github actions because the variable itself is not the secret. For sure it would work with ANSIBLE_VAULT_PASSWORD, which is the lesser secure option.

@aminvakil
Copy link
Contributor Author

Yes, I'm aware that this is not related to molecule, just said that as a matter of speech :)

I have encrypted the vault with a simple password written in a file to test molecule, it does not matter, but for sure I would rather skip vault when I run ansible-lint ..

ssbarnea added a commit that referenced this issue Mar 7, 2021
@ssbarnea
Avoid reporting loading errors with vaulted files
d8fcf0e 
Fixes: #1442
@ssbarnea ssbarnea mentioned this issue Mar 7, 2021
Merged
ssbarnea added a commit that referenced this issue Mar 7, 2021
@ssbarnea
Avoid reporting loading errors with vaulted files (#1443)
dd4bf59 
Fixes: #1442
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Avoid reporting loading errors with vaulted files ansible/ansible-lint
2 participants
@ssbarnea @aminvakil