diff options
author | Matt Martz <matt@sivel.net> | 2021-07-09 10:48:30 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-07-09 10:48:30 -0500 |
commit | 9b2040521004eafaf207fa8c3dc386f4d4cff84c (patch) | |
tree | 7462ed91dd6b103898dd13dec8135d0fbbae028a | |
parent | 7a5c66fe143b1e8d033ba5a1595017899c93c7fd (diff) | |
download | ansible-9b2040521004eafaf207fa8c3dc386f4d4cff84c.tar.gz |
[stable-2.9] Prevent ansible_failed_task from further templating (#74290) (#75220)
* Prevent ansible_failed_task from further templating
Fixes #74036
* Add changelog.
(cherry picked from commit 664531d7d6253d5bdb182727501c08e3b5aea0c1)
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
-rw-r--r-- | changelogs/fragments/74036-unsafe-ansible_failed_task.yml | 2 | ||||
-rw-r--r-- | lib/ansible/plugins/strategy/__init__.py | 3 | ||||
-rwxr-xr-x | test/integration/targets/blocks/runme.sh | 4 | ||||
-rw-r--r-- | test/integration/targets/blocks/unsafe_failed_task.yml | 17 |
4 files changed, 24 insertions, 2 deletions
diff --git a/changelogs/fragments/74036-unsafe-ansible_failed_task.yml b/changelogs/fragments/74036-unsafe-ansible_failed_task.yml new file mode 100644 index 0000000000..5e69e4cf8a --- /dev/null +++ b/changelogs/fragments/74036-unsafe-ansible_failed_task.yml @@ -0,0 +1,2 @@ +bugfixes: + - Prevent ``ansible_failed_task`` from further templating (https://github.com/ansible/ansible/issues/74036) diff --git a/lib/ansible/plugins/strategy/__init__.py b/lib/ansible/plugins/strategy/__init__.py index dacd204a41..9afad71d46 100644 --- a/lib/ansible/plugins/strategy/__init__.py +++ b/lib/ansible/plugins/strategy/__init__.py @@ -49,6 +49,7 @@ from ansible.playbook.task_include import TaskInclude from ansible.plugins import loader as plugin_loader from ansible.template import Templar from ansible.utils.display import Display +from ansible.utils.unsafe_proxy import wrap_var from ansible.utils.vars import combine_vars from ansible.vars.clean import strip_internal_keys, module_response_deepcopy @@ -577,7 +578,7 @@ class StrategyBase: self._variable_manager.set_nonpersistent_facts( original_host.name, dict( - ansible_failed_task=original_task.serialize(), + ansible_failed_task=wrap_var(original_task.serialize()), ansible_failed_result=task_result._result, ), ) diff --git a/test/integration/targets/blocks/runme.sh b/test/integration/targets/blocks/runme.sh index 8b7d568f32..3515afc3c0 100755 --- a/test/integration/targets/blocks/runme.sh +++ b/test/integration/targets/blocks/runme.sh @@ -94,4 +94,6 @@ cat rc_test.out [ "$(grep -c 'failed=0' rc_test.out)" -eq 1 ] rm -f rc_test.out -ansible-playbook finalized_task.yml "$@" +ansible-playbook unsafe_failed_task.yml "$@" + +ansible-playbook finalized_task.yml "$@"
\ No newline at end of file diff --git a/test/integration/targets/blocks/unsafe_failed_task.yml b/test/integration/targets/blocks/unsafe_failed_task.yml new file mode 100644 index 0000000000..adfa492ad9 --- /dev/null +++ b/test/integration/targets/blocks/unsafe_failed_task.yml @@ -0,0 +1,17 @@ +- hosts: localhost + gather_facts: false + vars: + - data: {} + tasks: + - block: + - name: template error + debug: + msg: "{{ data.value }}" + rescue: + - debug: + msg: "{{ ansible_failed_task.action }}" + + - assert: + that: + - ansible_failed_task.name == "template error" + - ansible_failed_task.action == "debug" |