Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] Excluded certain include_role and include_tasks attributes from post_validate #75719

Draft
wants to merge 5 commits into
base: devel
Choose a base branch
from

Conversation

egmar
Copy link
Contributor

@egmar egmar commented Sep 16, 2021

SUMMARY

Fixes #75240.

This PR makes some of IncludeRole and IncludeTasks attributes to be exempt from post_validate based on value of always_post_validate property and aims to remove unnecessary template validation at include_role or include_tasks task level (not their content). E.g.: when using include_role with a role which has only one task, and if remote_user is templated, then it should not be validated at include_role level, but validated on the tasks inside the included role.

I'm not fully sure this is a complete fix though, hence the WIP/Draft status, as I'm looking for feedback.

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

lib/ansible/playbook/base.py
lib/ansible/playbook/play_context.py

ADDITIONAL INFORMATION

Example playbook/role: https://github.com/egmar/include_role_example/blob/main/validate.yml

Before fix:

/Users/egor/Projects/Development/Github.Public/ansible/venv/bin/python /Users/egor/Projects/Development/Github.Public/ansible/bin/ansible-playbook -i inventories/inventory.yaml -l server1 validate.yml
[WARNING]: You are running the development version of Ansible. You should only
run Ansible from "devel" if you are modifying the Ansible engine, or trying out
features under development. This is a rapidly changing source of code and can
become unstable at any point.

PLAY [test] ********************************************************************

TASK [test] ********************************************************************
fatal: [server1]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'url'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Received HTTP error for https://ip-ranges.amazonaws.com/ip-ranges.json2 : HTTP Error 403: Forbidden. Received HTTP error for https://ip-ranges.amazonaws.com/ip-ranges.json2 : HTTP Error 403: Forbidden"}

TASK [1.1. Error handler] ******************************************************
fatal: [server1]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'url'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Received HTTP error for https://ip-ranges.amazonaws.com/ip-ranges.json2 : HTTP Error 403: Forbidden. Received HTTP error for https://ip-ranges.amazonaws.com/ip-ranges.json2 : HTTP Error 403: Forbidden"}

PLAY RECAP *********************************************************************
server1                    : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=1    ignored=0   


Process finished with exit code 2

After fix:

/Users/egor/Projects/Development/Github.Public/ansible/venv/bin/python /Users/egor/Projects/Development/Github.Public/ansible/bin/ansible-playbook -i inventories/inventory.yaml -l server1 validate.yml
[WARNING]: You are running the development version of Ansible. You should only
run Ansible from "devel" if you are modifying the Ansible engine, or trying out
features under development. This is a rapidly changing source of code and can
become unstable at any point.

PLAY [test] ********************************************************************

TASK [test] ********************************************************************
fatal: [server1]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'url'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Received HTTP error for https://ip-ranges.amazonaws.com/ip-ranges.json2 : HTTP Error 403: Forbidden. Received HTTP error for https://ip-ranges.amazonaws.com/ip-ranges.json2 : HTTP Error 403: Forbidden"}

TASK [1.1. Error handler] ******************************************************

TASK [sample_role : 1.1. Error handler] ****************************************
ok: [server1 -> localhost] => {
    "msg": [
        "Task: test",
        "Ansible Action: setup",
        "Error Message: An unhandled exception occurred while running the lookup plugin 'url'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Received HTTP error for https://ip-ranges.amazonaws.com/ip-ranges.json2 : HTTP Error 403: Forbidden. Received HTTP error for https://ip-ranges.amazonaws.com/ip-ranges.json2 : HTTP Error 403: Forbidden"
    ]
}

TASK [sample_role : 1.2. Run a command on remote to prove post_validate still works here] ***
fatal: [server1]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'url'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Received HTTP error for https://ip-ranges.amazonaws.com/ip-ranges.json2 : HTTP Error 403: Forbidden. Received HTTP error for https://ip-ranges.amazonaws.com/ip-ranges.json2 : HTTP Error 403: Forbidden"}

PLAY RECAP *********************************************************************
server1                    : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=1    ignored=0   

@ansibot ansibot added WIP This issue/PR is a work in progress. Nevertheless it was shared for getting input from peers. affects_2.12 bug This issue/PR relates to a bug. needs_triage Needs a first human triage before being processed. support:core This issue/PR relates to code supported by the Ansible Engineering Team. labels Sep 16, 2021
@nitzmahone nitzmahone removed the needs_triage Needs a first human triage before being processed. label Sep 16, 2021
@egmar
Copy link
Contributor Author

egmar commented Sep 20, 2021

After having a look at #75715 I think the correct way to handle this is to use always_post_validate property of each FieldAttribute in PlayContext. Since always_post_validate is defaulting to False in FieldAttribute, it may require explicit definition as in the case of LoopControl in #75715.

@ansibot ansibot added the support:community This issue/PR relates to code supported by the Ansible community. label Sep 21, 2021
@ansibot ansibot added the stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. label Sep 30, 2021
@ansibot ansibot added the needs_rebase https://docs.ansible.com/ansible/devel/dev_guide/developing_rebasing.html label May 21, 2022
@ansibot ansibot added the needs_ci This PR requires CI testing to be performed. Please close and re-open this PR to trigger CI. label Jul 25, 2023
@ansibot ansibot added needs_rebase https://docs.ansible.com/ansible/devel/dev_guide/developing_rebasing.html and removed needs_rebase https://docs.ansible.com/ansible/devel/dev_guide/developing_rebasing.html needs_ci This PR requires CI testing to be performed. Please close and re-open this PR to trigger CI. labels Oct 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
affects_2.12 bug This issue/PR relates to a bug. has_issue needs_rebase https://docs.ansible.com/ansible/devel/dev_guide/developing_rebasing.html stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. support:community This issue/PR relates to code supported by the Ansible community. support:core This issue/PR relates to code supported by the Ansible Engineering Team. WIP This issue/PR is a work in progress. Nevertheless it was shared for getting input from peers.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

include_role fails, when evaluating inventory variables with template as value also fails
3 participants