Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error with Vault single-variable encryption #263

Closed
bootswithdefer opened this issue May 1, 2017 · 5 comments
Closed

Error with Vault single-variable encryption #263

bootswithdefer opened this issue May 1, 2017 · 5 comments

Comments

@bootswithdefer
Copy link

Issue Type

  • Bug report

Ansible and Ansible Lint details

ansible-ansible 2.3.0.0
config file = /home/jldefer/ansible/ansible.cfg
configured module search path = [u'/usr/share/ansible']
python version = 2.7.13 (default, Jan 12 2017, 17:59:37) [GCC 6.3.1 20161221 (Red Hat 6.3.1-1)]

ansible-lint 3.4.12
  • ansible installation method: pip
  • ansible-lint installation method: pip

Desired Behaviour

No error

Actual Behaviour (Bug report only)

When run against new vault string encryption (https://docs.ansible.com/ansible/playbooks_vault.html#single-encrypted-variable) files it fails with a YAML syntax error:

$ ansible-lint test.yml 
Syntax Error while loading YAML.


The error appears to have been in '/home/user/test.yml': line 2, column 15, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

---
vault_string: !vault |
              ^ here

test.yml:

vault_string: !vault |
              $ANSIBLE_VAULT;1.1;AES256
              646637383932633933266643636373936936373964366536636639643136646530666531663365
              64653765356234396336133343937386276664353861640a303730366362366266303864346235
plain_string: test
@willthames
Copy link
Contributor

I'll need to look into this works in Ansible. If anyone already knows and wants to fix this, just let me know.

mozz100 added a commit to mozz100/ansible-lint that referenced this issue Jun 8, 2017
@mozz100
Issue ansible#263
68f9853 
Ansible 2.3+ allows variables to be encrypted *within* YAML files.  Pass vault_password (even if it's wrong) to the functions that parse YAML.
mozz100 added a commit to mozz100/ansible-lint that referenced this issue Jun 13, 2017
@mozz100
Issue ansible#263
9781209 
Ansible 2.3+ allows variables to be encrypted *within* YAML files. Pass a default vault_password to the functions that parse YAML.
Include a test to check this raises no exceptions under Ansible 2.3+
willthames pushed a commit that referenced this issue Nov 23, 2017
@mozz100 @willthames
Issue #263
fa25b75 
Ansible 2.3+ allows variables to be encrypted *within* YAML files. Pass a default vault_password to the functions that parse YAML.
Include a test to check this raises no exceptions under Ansible 2.3+
@kouk
Copy link
Contributor

kouk commented Jan 16, 2018

@willthames I added a fix upon your minimal-vault branch in order to use it here: https://github.com/kouk/ansible-lint/tree/minimal-vault
feel free to use it.
if I find time I would also like to work on #115. Using ansible 2.3 here.

willthames pushed a commit that referenced this issue Jan 31, 2018
@mozz100 @willthames
Issue #263
fc8012b 
Ansible 2.3+ allows variables to be encrypted *within* YAML files. Pass a default vault_password to the functions that parse YAML.
Include a test to check this raises no exceptions under Ansible 2.3+
fetzerch referenced this issue Mar 22, 2018
@willthames
Potential fix for weird unreproducible travis error
c9aa77e
willthames pushed a commit that referenced this issue Mar 22, 2018
@mozz100 @willthames
Issue #263
6dfaa08 
Ansible 2.3+ allows variables to be encrypted *within* YAML files. Pass a default vault_password to the functions that parse YAML.
Include a test to check this raises no exceptions under Ansible 2.3+
willthames pushed a commit that referenced this issue Mar 22, 2018
@mozz100 @willthames
Issue #263
79ea057 
Ansible 2.3+ allows variables to be encrypted *within* YAML files. Pass a default vault_password to the functions that parse YAML.
Include a test to check this raises no exceptions under Ansible 2.3+
@willthames willthames mentioned this issue Mar 22, 2018
Merged
@deekayen
Copy link
Contributor

deekayen commented Jun 5, 2018

I found when I put the vault string into Tower using the JSON formatter, that it converted the output YAML format as follows, which ansible-review approves of.

vault_string: >-
              !vault | $ANSIBLE_VAULT;1.1;AES256
              646637383932633933266643636373936936373964366536636639643136646530666531663365
              64653765356234396336133343937386276664353861640a303730366362366266303864346235
plain_string: test

@willthames
Copy link
Contributor

@deekayen I think it's that we use Ansible's YAML parser properly now, so both ansible-lint and ansible-review should now handle !vault better than previously. Good to know it works though.

@deekayen
Copy link
Contributor

deekayen commented Jun 6, 2018

Yeah, disregard my comment from yesterday. I ran it today and it inserts the literal vault string into the template output instead of the parsed value. I upgraded to 3.5.0rc1 instead.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@deekayen @willthames @bootswithdefer @kouk