Make yaml specific AnsibleVaultEncryptedUnicode more generic and add JSON serialization support #37531
Labels
affects_2.4
This issue/PR affects Ansible v2.4
feature
This issue/PR relates to a feature request.
support:core
This issue/PR relates to code supported by the Ansible Engineering Team.
ISSUE TYPE
COMPONENT NAME
lib/ansible/parsing/vault/init.py
lib/ansible/parsing/yaml/objects.py
ANSIBLE VERSION
CONFIGURATION
OS / ENVIRONMENT
SUMMARY
Right now, support for vault encrypted variables is YAML specific (!vault yaml tag).
And really, ansible YAML specific.
There is no equivalent way to load/dump a vaulted variable to or from JSON.
For tools that 'translate' ansible yaml into JSON (namely 'ansible-inventory') this is gap.
Tools like 'ansible-inventory' could be updated to serialize AnsibleVaultEncryptedUnicode to
a json object independently of ansible core supporting it.
But it would be best if ansible core would learn to load that format as well, to avoid any
incompatibilities.
Primary use is related to inventory and vaulted vars in playbooks or vars files in the short term.
Longer term it may be useful to support it in the json serialization schema used between controller
and ansible modules running on remote nodes. (ie, let controller send vault encrypted strings to
tasks and support the format in module_utils). But that is another feature, mentioned here just for context.
A rough idea example
Or even just:
Related:
ansible/awx#223
#32160
#31141
#37029
STEPS TO REPRODUCE
Try to load a vaulted variable from a JSON file.
Or from json-style data in a yaml file.
You cant, it doesn't exist yet.
Ditto with persisting/serializing a AnsibleVaultEncryptedUnicode to JSON.
The text was updated successfully, but these errors were encountered: