let user control "auto-de-vault" (#22739)

* added option to toggle off autodevaulting

* fixes per feedbazck

lib/ansible/plugins/action/assemble.py

@@ -36,7 +36,7 @@ class ActionModule(ActionBase):
 
     TRANSFERS_FILES = True
 
-    def _assemble_from_fragments(self, src_path, delimiter=None, compiled_regexp=None, ignore_hidden=False):
+    def _assemble_from_fragments(self, src_path, delimiter=None, compiled_regexp=None, ignore_hidden=False, decrypt=True):
         ''' assemble a file from a directory of fragments '''
 
         tmpfd, temp_path = tempfile.mkstemp()
@@ -51,7 +51,7 @@ class ActionModule(ActionBase):
             if not os.path.isfile(fragment) or (ignore_hidden and os.path.basename(fragment).startswith('.')):
                 continue
 
-            fragment_content = open(self._loader.get_real_file(fragment), 'rb').read()
+            fragment_content = open(self._loader.get_real_file(fragment, decrypt=decrypt), 'rb').read()
 
             # always put a newline between fragments if the previous fragment didn't end with a newline.
             if add_newline:
@@ -97,6 +97,7 @@ class ActionModule(ActionBase):
         regexp     = self._task.args.get('regexp', None)
         follow     = self._task.args.get('follow', False)
         ignore_hidden = self._task.args.get('ignore_hidden', False)
+        decrypt    = self._task.args.get('decrypt', True)
 
         if src is None or dest is None:
             result['failed'] = True
@@ -127,7 +128,7 @@ class ActionModule(ActionBase):
             _re = re.compile(regexp)
 
         # Does all work assembling the file
-        path = self._assemble_from_fragments(src, delimiter, _re, ignore_hidden)
+        path = self._assemble_from_fragments(src, delimiter, _re, ignore_hidden, decrypt)
 
         path_checksum = checksum_s(path)
         dest = self._remote_expand_user(dest)
@@ -139,7 +140,7 @@ class ActionModule(ActionBase):
         new_module_args = self._task.args.copy()
 
         # clean assemble specific options
-        for opt in ['remote_src', 'regexp', 'delimiter', 'ignore_hidden']:
+        for opt in ['remote_src', 'regexp', 'delimiter', 'ignore_hidden', 'decrypt']:
             if opt in new_module_args:
                 del new_module_args[opt]
 

lib/ansible/plugins/action/copy.py

@@ -50,6 +50,7 @@ class ActionModule(ActionBase):
         force   = boolean(self._task.args.get('force', 'yes'))
         remote_src = boolean(self._task.args.get('remote_src', False))
         follow  = boolean(self._task.args.get('follow', False))
+        decrypt = boolean(self._task.args.get('decrypt', True))
 
         result['failed'] = True
         if (source is None and content is None) or dest is None:
@@ -157,7 +158,7 @@ class ActionModule(ActionBase):
 
             # If the local file does not exist, get_real_file() raises AnsibleFileNotFound
             try:
-                source_full = self._loader.get_real_file(source_full)
+                source_full = self._loader.get_real_file(source_full, decrypt=decrypt)
             except AnsibleFileNotFound as e:
                 result['failed'] = True
                 result['msg'] = "could not find src=%s, %s" % (source_full, e)
@@ -255,8 +256,11 @@ class ActionModule(ActionBase):
                         original_basename=source_rel,
                     )
                 )
-                if 'content' in new_module_args:
-                    del new_module_args['content']
+
+                # remove action plugin only keys
+                for key in ('content', 'decrypt'):
+                    if key in new_module_args:
+                        del new_module_args[key]
 
                 module_return = self._execute_module(module_name='copy',
                         module_args=new_module_args, task_vars=task_vars,

lib/ansible/plugins/action/script.py

@@ -69,7 +69,7 @@ class ActionModule(ActionBase):
         args   = ' '.join(parts[1:])
 
         try:
-            source = self._loader.get_real_file(self._find_needle('files', source))
+            source = self._loader.get_real_file(self._find_needle('files', source), decrypt=self._task.args.get('decrypt', True))
         except AnsibleError as e:
             return dict(failed=True, msg=to_native(e))
 

lib/ansible/plugins/action/unarchive.py

@@ -42,6 +42,7 @@ class ActionModule(ActionBase):
         dest    = self._task.args.get('dest', None)
         remote_src = boolean(self._task.args.get('remote_src', False))
         creates = self._task.args.get('creates', None)
+        decrypt = self._task.args.get('decrypt', True)
 
         # "copy" is deprecated in favor of "remote_src".
         if 'copy' in self._task.args:
@@ -77,7 +78,7 @@ class ActionModule(ActionBase):
 
         if not remote_src:
             try:
-                source = self._loader.get_real_file(self._find_needle('files', source))
+                source = self._loader.get_real_file(self._find_needle('files', source), decrypt=decrypt)
             except AnsibleError:
                 result['failed'] = True
                 result['msg'] = to_native(get_exception())
@@ -126,6 +127,11 @@ class ActionModule(ActionBase):
                 ),
             )
 
+        # remove action plugin only key
+        for key in ('remote_src', 'decrypt'):
+            if key in new_module_args:
+                del new_module_args[key]
+
         # execute the unarchive module now, with the updated args
         result.update(self._execute_module(module_args=new_module_args, task_vars=task_vars))
         self._remove_tmp_path(tmp)