diff options
| author | Martin Krizek <martin.krizek@gmail.com> | 2021-04-27 15:35:39 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-04-27 08:35:39 -0500 |
| commit | 316dbd50edac10d7c6ab2a7eb001f43ee5408adf (patch) | |
| tree | b41619d2501e77d770c4393eee2820e875406096 | |
| parent | cd81eddb807cf8accab97c35ad3e82ed0d04f4b9 (diff) | |
| download | ansible-316dbd50edac10d7c6ab2a7eb001f43ee5408adf.tar.gz | |
Prevent ansible_failed_task from further templating (#74290) (#74307)
(cherry picked from commit 664531d7d6253d5bdb182727501c08e3b5aea0c1)
| -rw-r--r-- | changelogs/fragments/74036-unsafe-ansible_failed_task.yml | 2 | ||||
| -rw-r--r-- | lib/ansible/plugins/strategy/__init__.py | 3 | ||||
| -rwxr-xr-x | test/integration/targets/blocks/runme.sh | 2 | ||||
| -rw-r--r-- | test/integration/targets/blocks/unsafe_failed_task.yml | 17 |
4 files changed, 23 insertions, 1 deletions
diff --git a/changelogs/fragments/74036-unsafe-ansible_failed_task.yml b/changelogs/fragments/74036-unsafe-ansible_failed_task.yml new file mode 100644 index 0000000000..5e69e4cf8a --- /dev/null +++ b/changelogs/fragments/74036-unsafe-ansible_failed_task.yml @@ -0,0 +1,2 @@ +bugfixes: + - Prevent ``ansible_failed_task`` from further templating (https://github.com/ansible/ansible/issues/74036) diff --git a/lib/ansible/plugins/strategy/__init__.py b/lib/ansible/plugins/strategy/__init__.py index 9c91ea3877..d9997c81f6 100644 --- a/lib/ansible/plugins/strategy/__init__.py +++ b/lib/ansible/plugins/strategy/__init__.py @@ -49,6 +49,7 @@ from ansible.playbook.task_include import TaskInclude from ansible.plugins import loader as plugin_loader from ansible.template import Templar from ansible.utils.display import Display +from ansible.utils.unsafe_proxy import wrap_var from ansible.utils.vars import combine_vars from ansible.vars.clean import strip_internal_keys, module_response_deepcopy @@ -579,7 +580,7 @@ class StrategyBase: self._variable_manager.set_nonpersistent_facts( original_host.name, dict( - ansible_failed_task=original_task.serialize(), + ansible_failed_task=wrap_var(original_task.serialize()), ansible_failed_result=task_result._result, ), ) diff --git a/test/integration/targets/blocks/runme.sh b/test/integration/targets/blocks/runme.sh index 8b7d568f32..768ebf16ac 100755 --- a/test/integration/targets/blocks/runme.sh +++ b/test/integration/targets/blocks/runme.sh @@ -94,4 +94,6 @@ cat rc_test.out [ "$(grep -c 'failed=0' rc_test.out)" -eq 1 ] rm -f rc_test.out +ansible-playbook unsafe_failed_task.yml "$@" + ansible-playbook finalized_task.yml "$@" diff --git a/test/integration/targets/blocks/unsafe_failed_task.yml b/test/integration/targets/blocks/unsafe_failed_task.yml new file mode 100644 index 0000000000..adfa492ad9 --- /dev/null +++ b/test/integration/targets/blocks/unsafe_failed_task.yml @@ -0,0 +1,17 @@ +- hosts: localhost + gather_facts: false + vars: + - data: {} + tasks: + - block: + - name: template error + debug: + msg: "{{ data.value }}" + rescue: + - debug: + msg: "{{ ansible_failed_task.action }}" + + - assert: + that: + - ansible_failed_task.name == "template error" + - ansible_failed_task.action == "debug" |