Allow template files to be vaulted (#22951)

* Allow template files to be vaulted * Make sure to import exceptions we need * get_real_file can't take bytes, since it looks specifically for string_types * Now that we aren't using open() we don't need b_source * Expand playbooks_vault docs to include modules that support vaulted src files * Add vaulted template test
2025-07-22 21:00:22 -07:00 · 2017-06-07 13:16:03 -05:00 · 2017-06-07 13:16:03 -05:00 · 004e99316c
commit 004e99316c
parent 24f2a616dd
6 changed files with 47 additions and 6 deletions
--- a/test/integration/targets/vault/roles/test_vaulted_template/tasks/main.yml
+++ b/test/integration/targets/vault/roles/test_vaulted_template/tasks/main.yml
@ -0,0 +1,19 @@
+---
+- name: Template from a vaulted template file
+  template:
+    src: vaulted_template.j2
+    dest: "{{ output_dir }}/vaulted_template.out"
+  vars:
+    vaulted_template_var: "here_i_am"
+
+- name: Get output template contents
+  slurp:
+    path: "{{ output_dir }}/vaulted_template.out"
+  register: vaulted_tempalte_out
+
+- debug:
+    msg: "{{ vaulted_tempalte_out.content|b64decode }}"
+
+- assert:
+    that:
+      - vaulted_tempalte_out.content|b64decode == 'here_i_am\n'
--- a/test/integration/targets/vault/roles/test_vaulted_template/templates/vaulted_template.j2
+++ b/test/integration/targets/vault/roles/test_vaulted_template/templates/vaulted_template.j2
@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+65626437623461633630303033303939616334373263633438623938396564376435366534303865
+6363663439346464336437346263343235626463663130640a373233623733653830306262376430
+31666538323132343039613537323761343234613531353035373434666632333932623064316564
+3532363462643736380a303136353830636635313662663065343066323631633562356663633536
+31343265376433633234656432393066393865613235303165666338663930303035
--- a/test/integration/targets/vault/runme.sh
+++ b/test/integration/targets/vault/runme.sh
@ -57,4 +57,4 @@ ansible-playbook test_vault.yml          -i ../../inventory -v "$@" --vault-pass
 ansible-playbook test_vault_embedded.yml -i ../../inventory -v "$@" --vault-password-file vault-password --syntax-check
 ansible-playbook test_vault_embedded.yml -i ../../inventory -v "$@" --vault-password-file vault-password
 ansible-playbook test_vaulted_inventory.yml -i vaulted.inventory -v "$@" --vault-password-file vault-password
-
+ansible-playbook test_vaulted_template.yml -i ../../inventory -v "$@" --vault-password-file vault-password
--- a/test/integration/targets/vault/test_vaulted_template.yml
+++ b/test/integration/targets/vault/test_vaulted_template.yml
@ -0,0 +1,6 @@
+- hosts: testhost
+  gather_facts: False
+  vars:
+    - output_dir: .
+  roles:
+    - { role: test_vaulted_template, tags: test_vaulted_template}