Issue willthames/ansible-lint#263

[mozz100]

Ansible 2.3+ allows variables to be encrypted within YAML files. Pass vault_password (even if it's wrong) to the functions that parse YAML.

[willthames]

This is failing tests. It should also come with its own tests, to prove that ansible-lint still works with older versions of ansible after this change. ansible-lint still works with 1.9, but if you break 1.9 support now, that's fine, but I'd like to support 2.1 onwards at the very least.

[mozz100]

Yeah, Travis is pretty unequivocal about that, eh? It's weird, though, because tox tests passed for me on py27, py36 (I didn't have python3.4 handy) and ansible19, ansible20, ansible21, ansible22, plus ansibledevel or I wouldn't have troubled you with a pull request!

Having worked out that it's the vault password that needs passing in, and that it doesn't matter if it's an incorrect password (for the purposes of ansible-lint), there is probably a much lighter touch solution. If I have time, I'll pare the pull request down to the minimal set of changes.

If I don't get to it, maybe this will be of use in pointing the way to a solution.

What I was actually trying to do was write a rule that warned me about things that looked like passwords and secrets that weren't encrypted inside the .yml files.

[mozz100]

So I checked out my branch, and ran tox again on a completely different machine and it passed again. Looking at the build logs for that run, it ran tox against https://github.com/willthames/ansible-lint.git@8c377ce558eecddb66862bf8eeb45ed3a35b0ba7 not against my branch.

Every time I run tox from a checked-out copy of my branch, locally, it prints congratulations :) and exits with status code 0. I've checked on both macOS and CentOS now.

[willthames]

That is weird. Closing and reopening in the hope of triggering a better travis build

[willthames]

Again, it's done a (different) wrong commit

[willthames]

I can run it independently too, it sounds like it's good to merge, will get this sorted soon

[mozz100]

I haven't got time to do the code change quickly, but my earlier comment still stands. Since ansible-lint isn't concerned with the decrypted contents, it's probably unnecessary to have the --ask-vault-pass option at the script level and hand the password all the way through the function calls. It's probably sufficient just to supply a password of 'x' whenever ansible will accept one (2.3+).

[mozz100]

OK - have now added a test and minimised the number of changes, in a different pull request. See #270

[willthames]

Fixed through #332

[willthames]

Thanks for your work on this @mozz100, sorry it took so long to get merged.

[mozz100]

No worries. I understood - you can't merge unless tests go green :-) I've still no idea why "it worked for me". Glad to see it go in. I have found ansible-lint very valuable. Keep up the good work

[willthames]

@fetzerch has what might be the answer in c9aa77e#commitcomment-28231581 - presumably Travis's YAML library is different to yours and mine (as it worked on my machine too!).