jinja[invalid] thrown when unsafe text is in !unsafe anchor

[StopMotionCuber]

Summary

When placing a text with !unsafe anchor, this should be ignored by jinja and not raise any warnings.
For more details see reproducer

Issue Type

• Bug Report

OS / ENVIRONMENT

ansible-lint --version
ansible-lint 25.6.0 using ansible-core:2.16.14 ansible-compat:25.6.0 ruamel-yaml:0.18.14 ruamel-yaml-clib:0.2.12

STEPS TO REPRODUCE

1. Use following playbook as playbook.yaml:

- name: Test
  hosts:
   - localhost
  tasks:
   - name: Debug task
     ansible.builtin.debug:
      msg: !unsafe "{{ $testvar }}"

2. Execute ansible-lint playbook.yaml

Desired Behavior

No jinja[invalid] violation, as the !unsafe text is not templated

Actual Behavior

I'm getting the following output:

playbook.yml:7 unexpected char '$' at 3

Read documentation for instructions on how to ignore specific rule violations.

# Rule Violation Summary

  1 jinja profile:basic tags:formatting

Failed: 1 failure(s), 0 warning(s) on 1 files. Last profile that met the validation criteria was 'min'.

Additional context

In the actual example I was encountering, the !unsafe anchor was in an inventory var file and seemed to be a regression between 25.1.3 and 25.2.0. With the minimal reproducer, the behavior is also present with 25.1.3. As I think it's a bug either way (with the same root cause), it's probably not worth making a bigger reproducer where !unsafe is handled differently between these versions. Let me know if you are interested in another reproducer that aligns closer to this.

[alisonlhart]

Hello @StopMotionCuber, another reproducer that you mentioned would be great.

[StopMotionCuber]

Okay, the second reproducer is this one (actually also quite small):

1. Create file group_vars/test.yaml with following content in your current directory:

summary: !unsafe 'Disallowed jinja2 text: {{ $labels.instance }}'

2. Execute ansible-lint group_vars/test.yaml.

For this reproducer I can confirm that it runs just fine on 25.1.3, but throws the following error on 25.2.0:

$ ansible-lint group_vars/test.yaml
WARNING  Project directory /.ansible cannot be used for caching as it is not writable.
WARNING  Listing 1 violation(s) that are fatal
jinja[invalid]: Syntax error in jinja2 template: Disallowed jinja2 text: {{ $labels.instance }}
group_vars/test.yaml:1 unexpected char '$' at 27

Read documentation for instructions on how to ignore specific rule violations.

# Rule Violation Summary

  1 jinja profile:basic tags:formatting

Failed: 1 failure(s), 0 warning(s) on 1 files. Last profile that met the validation criteria was 'min'.

Something else I forgot to mention earlier, replacing the !unsafe anchor with {% raw %} blocks works just fine for us, so there is a workaround.