ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-10-02 22:43:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

[PR #10784/062b63bd backport][stable-11] Add filters to_yaml and to_nice_yaml (#10802)

Browse source 
Add filters to_yaml and to_nice_yaml (#10784)

* Add filters to_yaml and to_nice_yaml.

* Allow to redact sensitive values.

* Add basic tests.

* Work around https://github.com/ansible/ansible/issues/85783.

* Cleanup.

(cherry picked from commit 062b63bda5)

Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
patchback[bot] 2025-09-08 18:54:47 +02:00 committed by GitHub
commit 5fca1f641b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
10 changed files with 532 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
tests/integration/targets/filter_to_yaml/aliases Normal file
View file

@ -0,0 +1,5 @@
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
azp/posix/3

188
tests/integration/targets/filter_to_yaml/main.yml Normal file
View file

@ -0,0 +1,188 @@
---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- hosts: localhost
gather_facts: false
vars_files:
- vaulted_vars.yml
vars:
timestamp: 2025-01-02T03:04:05Z
bar: foobarbaz
tasks:
- name: Print vaulted values
debug:
msg:
foo: "{{ foo }}"
- name: Convert values to YAML
set_fact:
vstr: "{{ 'foo' | community.general.to_yaml }}"
vvstr: "{{ foo | community.general.to_yaml }}"
vvstr_redact: "{{ foo | community.general.to_yaml(redact_sensitive_values=true) }}"
vint: "{{ 42 | community.general.to_yaml }}"
vfloat: "{{ -3.1415 | community.general.to_yaml }}"
vbool: "{{ true | community.general.to_yaml }}"
vtimestamp: "{{ timestamp | community.general.to_yaml }}"
vlist: "{{ [1, false, 'bar'] | community.general.to_yaml }}"
vdict: "{{ {'a': 'b', 1: 2} | community.general.to_yaml }}"
- name: Check values
assert:
that:
- 'vstr == "foo\n"'
- 'vvstr == "bar\n"'
- 'vvstr_redact == "<redacted>\n"'
- 'vint == "42\n"'
- 'vfloat == "-3.1415\n"'
- 'vbool == "true\n"'
- 'vtimestamp == "2025-01-02 03:04:05+00:00\n"'
- 'vlist == "[1, false, bar]\n"'
- 'vdict == "{a: b, 1: 2}\n"'
- name: Convert values to nice YAML
set_fact:
vstr: "{{ 'foo' | community.general.to_nice_yaml }}"
vvstr: "{{ foo | community.general.to_nice_yaml }}"
vvstr_redact: "{{ foo | community.general.to_nice_yaml(redact_sensitive_values=true) }}"
vint: "{{ 42 | community.general.to_nice_yaml }}"
vfloat: "{{ -3.1415 | community.general.to_nice_yaml }}"
vbool: "{{ true | community.general.to_nice_yaml }}"
vtimestamp: "{{ timestamp | community.general.to_nice_yaml }}"
vlist: "{{ [1, false, 'bar'] | community.general.to_nice_yaml }}"
vdict: "{{ {'a': 'b', 1: 2} | community.general.to_nice_yaml }}"
- name: Check values
assert:
that:
- 'vstr == "foo\n"'
- 'vvstr == "bar\n"'
- 'vvstr_redact == "<redacted>\n"'
- 'vint == "42\n"'
- 'vfloat == "-3.1415\n"'
- 'vbool == "true\n"'
- 'vtimestamp == "2025-01-02 03:04:05+00:00\n"'
- 'vlist == "- 1\n- false\n- bar\n"'
- 'vdict == "a: b\n1: 2\n"'
- name: Convert more complex data structure (from vars file)
set_fact:
complex: "{{ foobar | community.general.to_yaml }}"
complex_redact: "{{ foobar | community.general.to_yaml(redact_sensitive_values=true) }}"
complex_nice: "{{ foobar | community.general.to_nice_yaml }}"
complex_nice_redact: "{{ foobar | community.general.to_nice_yaml(redact_sensitive_values=true) }}"
- assert:
that:
- complex == exp_complex
- complex_redact == exp_complex_redact
- complex_nice == exp_complex_nice
- complex_nice_redact == exp_complex_nice_redact
vars:
exp_complex: |
a_list: [bar, ! '2025-02-03 04:05:06', Hello!, true, false]
a_value: 123
exp_complex_redact: |
a_list: [<redacted>, ! '2025-02-03 04:05:06', Hello!, true, false]
a_value: 123
exp_complex_nice: |
a_list:
- bar
- 2025-02-03 04:05:06
- Hello!
- true
- false
a_value: 123
exp_complex_nice_redact: |
a_list:
- <redacted>
- 2025-02-03 04:05:06
- Hello!
- true
- false
a_value: 123
- name: Convert more complex data structure (from vars)
set_fact:
complex: "{{ data | community.general.to_yaml }}"
complex_redact: "{{ data | community.general.to_yaml(redact_sensitive_values=true) }}"
complex_nice: "{{ data | community.general.to_nice_yaml }}"
complex_nice_redact: "{{ data | community.general.to_nice_yaml(redact_sensitive_values=true) }}"
vars:
data:
foo: 123
bar: 1.23
baz: true
bam: foobar
bang:
- "{{ timestamp }}"
- "{{ bar }}"
- "{{ foo }}"
- when: ansible_version.full is version("2.19", "<")
assert:
that:
- complex == exp_complex
# With ansible-core 2.18 and before, the vaulted string is decryped before it reaches the filter,
# so the redaction does not work there.
- complex_redact == exp_complex
- complex_nice == exp_complex_nice
# With ansible-core 2.18 and before, the vaulted string is decryped before it reaches the filter,
# so the redaction does not work there.
- complex_nice_redact == exp_complex_nice
vars:
exp_complex: |
bam: foobar
bang: ['2025-01-02 03:04:05+00:00', foobarbaz, bar]
bar: 1.23
baz: true
foo: 123
exp_complex_nice: |
bam: foobar
bang:
- '2025-01-02 03:04:05+00:00'
- foobarbaz
- bar
bar: 1.23
baz: true
foo: 123
- when: ansible_version.full is version("2.19", ">=")
assert:
that:
- complex == exp_complex
- complex_redact == exp_complex_redact
- complex_nice == exp_complex_nice
- complex_nice_redact == exp_complex_nice_redact
vars:
exp_complex: |
bam: foobar
bang: [! '2025-01-02 03:04:05+00:00', foobarbaz, bar]
bar: 1.23
baz: true
foo: 123
exp_complex_redact: |
bam: foobar
bang: [! '2025-01-02 03:04:05+00:00', foobarbaz, <redacted>]
bar: 1.23
baz: true
foo: 123
exp_complex_nice: |
bam: foobar
bang:
- 2025-01-02 03:04:05+00:00
- foobarbaz
- bar
bar: 1.23
baz: true
foo: 123
exp_complex_nice_redact: |
bam: foobar
bang:
- 2025-01-02 03:04:05+00:00
- foobarbaz
- <redacted>
bar: 1.23
baz: true
foo: 123

1
tests/integration/targets/filter_to_yaml/password Normal file
View file

@ -0,0 +1 @@
secret

3
tests/integration/targets/filter_to_yaml/password.license Normal file
View file

@ -0,0 +1,3 @@
Copyright (c) Ansible Project
GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
SPDX-License-Identifier: GPL-3.0-or-later

8
tests/integration/targets/filter_to_yaml/runme.sh Executable file
View file

@ -0,0 +1,8 @@
#!/usr/bin/env bash
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
set -eux
ansible-playbook --vault-password-file password main.yml "$@"

27
tests/integration/targets/filter_to_yaml/vaulted_vars.yml Normal file
View file

@ -0,0 +1,27 @@
---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
foo: !vault |
$ANSIBLE_VAULT;1.1;AES256
32336431346561346535396563363438333131636539653331376466383331663838303835353862
3536306130663166393533626530646435383938323066320a303366613035323835373030303262
35633636653362393531653961396665663965356562346538643863336562393734376234313134
3562663234326435390a376464633234373636643538353562326133316439343863373333363265
6239
foobar:
a_value: 123
a_list:
- !vault |
$ANSIBLE_VAULT;1.1;AES256
32336431346561346535396563363438333131636539653331376466383331663838303835353862
3536306130663166393533626530646435383938323066320a303366613035323835373030303262
35633636653362393531653961396665663965356562346538643863336562393734376234313134
3562663234326435390a376464633234373636643538353562326133316439343863373333363265
6239
- 2025-02-03 04:05:06
- Hello!
- true
- false