Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make yaml specific AnsibleVaultEncryptedUnicode more generic and add JSON serialization support #37531

Closed
alikins opened this issue Mar 16, 2018 · 4 comments
Closed

Make yaml specific AnsibleVaultEncryptedUnicode more generic and add JSON serialization support #37531

alikins opened this issue Mar 16, 2018 · 4 comments
Labels
affects_2.4 This issue/PR affects Ansible v2.4 feature This issue/PR relates to a feature request. support:core This issue/PR relates to code supported by the Ansible Engineering Team.

Comments

@alikins
Copy link
Contributor

alikins commented Mar 16, 2018

ISSUE TYPE
  • Feature Idea
COMPONENT NAME

lib/ansible/parsing/vault/init.py
lib/ansible/parsing/yaml/objects.py

ANSIBLE VERSION
ansible 2.4.3.0
  config file = None
  configured module search path = [u'/home/adrian/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /home/adrian/.local/lib/python2.7/site-packages/ansible
  executable location = /home/adrian/.local/bin/ansible
  python version = 2.7.14 (default, Feb 27 2018, 20:43:24) [GCC 7.3.1 20180130 (Red Hat 7.3.1-2)]
CONFIGURATION
OS / ENVIRONMENT
SUMMARY

Right now, support for vault encrypted variables is YAML specific (!vault yaml tag).
And really, ansible YAML specific.

There is no equivalent way to load/dump a vaulted variable to or from JSON.

For tools that 'translate' ansible yaml into JSON (namely 'ansible-inventory') this is gap.
Tools like 'ansible-inventory' could be updated to serialize AnsibleVaultEncryptedUnicode to
a json object independently of ansible core supporting it.

But it would be best if ansible core would learn to load that format as well, to avoid any
incompatibilities.

Primary use is related to inventory and vaulted vars in playbooks or vars files in the short term.

Longer term it may be useful to support it in the json serialization schema used between controller
and ansible modules running on remote nodes. (ie, let controller send vault encrypted strings to
tasks and support the format in module_utils). But that is another feature, mentioned here just for context.

A rough idea example

{"_ansible_type": "AnsibleVaultEncryptedUnicode",
 "data": {
      "_vault_version": 1.3,
      "_vault_id": "dev",
      "_vault_format": "AES256",
      "_vault_text": "$ANSIBLE_VAULT;1.1;AES256
66393964663765613335633461643334393234346231666665306635323635333137306339356232
3533306631646431663239623762366365663137383435380a393139303161383561303336623962
35373663663036333863373666326634616532376335333133326163376136353636633763623739
3736343064326662390a306438356239386665306437646665323836393032393565666136643362
3663"
}

Or even just:

{"_ansible_type": "AnsibleVaultEncryptedUnicode",
  "_vault_text": "$ANSIBLE_VAULT;1.1;AES256
66393964663765613335633461643334393234346231666665306635323635333137306339356232
3533306631646431663239623762366365663137383435380a393139303161383561303336623962
35373663663036333863373666326634616532376335333133326163376136353636633763623739
3736343064326662390a306438356239386665306437646665323836393032393565666136643362
3"}

Related:

ansible/awx#223
#32160
#31141
#37029

STEPS TO REPRODUCE

Try to load a vaulted variable from a JSON file.
Or from json-style data in a yaml file.

You cant, it doesn't exist yet.

Ditto with persisting/serializing a AnsibleVaultEncryptedUnicode to JSON.
@ansibot
Copy link
Contributor

ansibot commented Mar 16, 2018

Files identified in the description:

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

@ansibot ansibot added affects_2.4 This issue/PR affects Ansible v2.4 feature This issue/PR relates to a feature request. needs_triage Needs a first human triage before being processed. support:core This issue/PR relates to code supported by the Ansible Engineering Team. labels Mar 16, 2018
@alikins alikins mentioned this issue Mar 16, 2018
Closed
@AlanCoding AlanCoding mentioned this issue Mar 16, 2018
Closed
@alikins alikins removed the needs_triage Needs a first human triage before being processed. label Mar 19, 2018
@AlanCoding AlanCoding mentioned this issue Apr 18, 2018
Closed
@bcoca
Copy link
Member

bcoca commented Apr 30, 2018

an implementation #38759 , just using a __ansible_X keys

@AlanCoding
Copy link
Member

@bcoca I think this issue is resolved now?

@bcoca
Copy link
Member

bcoca commented Sep 25, 2018

closed via #38759

@bcoca bcoca closed this as completed Sep 25, 2018
@ansible ansible locked and limited conversation to collaborators Jul 22, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
affects_2.4 This issue/PR affects Ansible v2.4 feature This issue/PR relates to a feature request. support:core This issue/PR relates to code supported by the Ansible Engineering Team.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@alikins @bcoca @AlanCoding @ansibot