Decrypt ansible-vault strings in nb_inventory #1114
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This allows storing secrets in config context data.
Related Issue
#551
New Behavior
This allows storing ansible-vault secrets in a NetBox config context, like this:
Contrast to Current Behavior
Currently encrypted values are returned as is, and cannot be used directly in Ansible playbooks or templates without the workaround described in #551.
Discussion: Benefits and Drawbacks
The change should have no effect on existing installations; the workaround in #551 will still work but do nothing, as the values are now decrpyted earlier. Other possible workarounds (e.g. decrypting values in a playbook) might break if they expect an ansible-vault string.
Replacing
json.loads
withself.loader.load
makesnb_inventory
work more like the builtinscript
plugin, so I believe it is a better solution. If additional functionality is added to theDataLoader
class in Ansible, it should work withnb_inventory
with no changes to the plugin.Changes to the Documentation
No changes. Please let me know if I should add a note somewhere.
Proposed Release Note Entry
Support ansible-vault encrypted values in NetBox config contexts
Double Check
devel
branch.