Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

modules/terraform: Quote the variable values in the command line #43493

Merged
merged 2 commits into from
Aug 27, 2018
Merged

modules/terraform: Quote the variable values in the command line #43493

merged 2 commits into from
Aug 27, 2018

Conversation

rrey
Copy link
Contributor

@rrey rrey commented Jul 31, 2018

SUMMARY

The variables values are not quoted and it can result in an interpretation by the shell during command line execution.
Example of possible failure available in #43492

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

terraform.py

ANSIBLE VERSION
ansible 2.6.0
  config file = /Users/remirey/dev/grtgaz/avignon/ansible.cfg
  configured module search path = [u'/Users/remirey/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/remirey/.virtualenvs/avignon/lib/python2.7/site-packages/ansible
  executable location = /Users/remirey/.virtualenvs/avignon/bin/ansible
  python version = 2.7.13 (default, Jul 18 2017, 09:17:00) [GCC 4.2.1 Compatible Apple LLVM 8.1.0 (clang-802.0.42)]
ADDITIONAL INFORMATION

Fixes: #43492

@rrey
Copy link
Contributor Author

rrey commented Jul 31, 2018

cc @ryansb

@ansibot ansibot added affects_2.7 This issue/PR affects Ansible v2.7 bug This issue/PR relates to a bug. cloud community_review In order to be merged, this PR must follow the community review workflow. module This issue/PR relates to a module. needs_ci This PR requires CI testing to be performed. Please close and re-open this PR to trigger CI. needs_triage Needs a first human triage before being processed. small_patch stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. support:community This issue/PR relates to code supported by the Ansible community. and removed needs_ci This PR requires CI testing to be performed. Please close and re-open this PR to trigger CI. stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. labels Jul 31, 2018
ryansb
ryansb suggested changes Jul 31, 2018
View reviewed changes
lib/ansible/modules/cloud/misc/terraform.py Outdated
@@ -233,7 +233,7 @@ def main():
for k, v in variables.items():
variables_args.extend([
'-var',
'{0}={1}'.format(k, v)
'{0}="{1}"'.format(k, v)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm, quoting was a major oversight when I wrote this module. Thanks for catching it! I have some thoughts on how to make this better: first, we want to quote the full value (before and after the =), and second I think a value might also contain quotes such as if the variable contents is a bash command for some reason.

To best handle this, we should use the shlex library's quote function. But to work on both python 2 and 3 we'd need from six.moves import shlex_quote and then this line could be:

shlex_quote('{0}={1}'.format(k, v))

@ansibot ansibot added needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. and removed community_review In order to be merged, this PR must follow the community review workflow. needs_triage Needs a first human triage before being processed. labels Jul 31, 2018
@ansibot ansibot added the stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. label Aug 8, 2018
@rrey
Copy link
Contributor Author

rrey commented Aug 9, 2018

Hi @ryansb,

I did the suggested change.

I'm a bit worried that the module is not covered with tests, or at least I don't see were the tests are.
Is there a documentation about how a contributor can add tests in the ansible project ?

@ansibot
Copy link
Contributor

ansibot commented Aug 9, 2018

The test ansible-test sanity --test import --python 2.6 [explain] failed with 1 error:

lib/ansible/modules/cloud/misc/terraform.py:148:0: ImportError: No module named six.moves

The test ansible-test sanity --test import --python 2.7 [explain] failed with 1 error:

lib/ansible/modules/cloud/misc/terraform.py:148:0: ImportError: No module named six.moves

The test ansible-test sanity --test import --python 3.5 [explain] failed with 1 error:

lib/ansible/modules/cloud/misc/terraform.py:148:0: ImportError: No module named 'six'

The test ansible-test sanity --test import --python 3.6 [explain] failed with 1 error:

lib/ansible/modules/cloud/misc/terraform.py:148:0: ModuleNotFoundError: No module named 'six'

The test ansible-test sanity --test import --python 3.7 [explain] failed with 1 error:

lib/ansible/modules/cloud/misc/terraform.py:148:0: ModuleNotFoundError: No module named 'six'

The test ansible-test sanity --test use-compat-six [explain] failed with 1 error:

lib/ansible/modules/cloud/misc/terraform.py:148:1: use `ansible.module_utils.six` instead of `six`

click here for bot help

@ansibot ansibot added ci_verified Changes made in this PR are causing tests to fail. and removed stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. labels Aug 9, 2018
@ansibot ansibot added the stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. label Aug 17, 2018
@ansibot ansibot removed ci_verified Changes made in this PR are causing tests to fail. small_patch stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. labels Aug 27, 2018
@ryansb
Copy link
Contributor

ryansb commented Aug 27, 2018

@rrey there aren't integration tests right now, but I'd be very open to adding some.

@ryansb ryansb merged commit 26be68d into ansible:devel Aug 27, 2018
alikins added a commit that referenced this pull request Aug 27, 2018
@alikins
Merge branch 'devel' into mazer_role_loader
1f55cf4 
* devel: (513 commits)
  Fix systemd service is already masked issue (#44730)
  fix issue with no_log in py3
  modules/terraform: Quote the variable values in the command line (#43493)
  YUM4/DNF compatibility via yum action plugin (#44322)
  BOTMETA.yml: remove superfluous labels (#44628)
  Share the implementation of hashing for both vars_prompt and password_hash (#21215)
  one_host environment variables, Fixes #44163 (#44568)
  ec2: add "IAM Role" to instance_profile_name
  ios_vrf speed fix (#43765)
  fix typo (#44712)
  junos cli_config idempotence fix (#44706)
  Switch to LiteralPath instead of Path. Closes #44508 (#44509)
  Module win_domain_computer fix delete computer with child (#44500)
  ACME: improve documentation (#44691)
  doc: fixed typo (#44685)
  IPA: Add option to specify timeout (#44572)
  Added nios_txt_record module (#39264)
  adds the bigip_cli_script module (#44674)
  Clean up BOTMETA.yml (#44574)
  Change validate-modules for removed modules
  ...
@rrey rrey deleted the fix-43492 branch September 1, 2018 14:08
@ansible ansible locked and limited conversation to collaborators Jul 22, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ryansb ryansb ryansb approved these changes

Assignees
No one assigned
Labels
affects_2.7 This issue/PR affects Ansible v2.7 bug This issue/PR relates to a bug. cloud module This issue/PR relates to a module. needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. support:community This issue/PR relates to code supported by the Ansible community.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

module/terraform: variable values are interpreted by the shell
3 participants
@rrey @ansibot @ryansb