forked from ansible/ansible
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Connection error messages are unsafe: wrap them (ansible#37329)
* Check that connection error msg are not unsafe * Connection error messages are unsafe: wrap them For example, in case of error, docker connection plugin returns exception message containing Go template. These messages weren't tagged as unsafe and were consequently rendered: The conditional check 'result is failed' failed. The error was: { 'msg': u'Docker version check ([\'/usr/bin/docker\', \'version\', \'--format\', "\'{{.Server.Version}}\'"]) failed: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.35/version: dial unix /var/run/docker.sock: connect: permission denied\n', 'failed': True }: template error while templating string: unexpected '.'. String: Docker version check (['/usr/bin/docker', 'version', '--format', "'{{.Server.Version}}'"]) failed: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.35/version: dial unix /var/run/docker.sock: connect: permission denied (cherry picked from commit 4378542)
- Loading branch information
Showing
6 changed files
with
74 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
posix/ci/group2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
[local] | ||
testhost |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
- hosts: testhost | ||
gather_facts: false | ||
tasks: | ||
- name: "use a connection plugin raising an exception, exception message contains Jinja template." | ||
connection: dummy | ||
command: /bin/true # command won't be executed | ||
register: result | ||
ignore_errors: True | ||
|
||
- name: "check that Jinja template embedded in exception message isn't rendered" | ||
debug: | ||
msg: 'ok' | ||
when: result is failed | ||
register: debug_task | ||
|
||
- assert: | ||
that: | ||
- result is failed | ||
- debug_task is success |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
from __future__ import (absolute_import, division, print_function) | ||
__metaclass__ = type | ||
|
||
DOCUMENTATION = """ | ||
author: | ||
- John Doe | ||
connection: dummy | ||
short_description: defective connection plugin | ||
description: | ||
- defective connection plugin | ||
version_added: "2.0" | ||
options: {} | ||
""" | ||
import ansible.constants as C | ||
from ansible.errors import AnsibleError | ||
from ansible.plugins.connection import ConnectionBase | ||
|
||
|
||
class Connection(ConnectionBase): | ||
|
||
transport = 'dummy' | ||
has_pipelining = True | ||
become_methods = frozenset(C.BECOME_METHODS) | ||
|
||
def __init__(self, play_context, new_stdin, *args, **kwargs): | ||
super(Connection, self).__init__(play_context, new_stdin, *args, **kwargs) | ||
|
||
raise AnsibleError('an error with {{ some Jinja }}') | ||
|
||
def transport(self): | ||
pass | ||
|
||
def _connect(self): | ||
pass | ||
|
||
def exec_command(self, cmd, in_data=None, sudoable=True): | ||
pass | ||
|
||
def put_file(self, in_path, out_path): | ||
pass | ||
|
||
def fetch_file(self, in_path, out_path): | ||
pass | ||
|
||
def close(self): | ||
pass |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
#!/usr/bin/env bash | ||
|
||
set -o nounset -o errexit -o xtrace | ||
|
||
ANSIBLE_CONNECTION_PLUGINS="$(pwd)/plugin" ansible-playbook -i inventory "$(pwd)/play.yml" -v "$@" |