diff options
| author | Kate Case <ncase@redhat.com> | 2022-08-03 11:55:16 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-08-03 10:55:16 -0500 |
| commit | 3379a7e32d0ddb582a73d5ff9e93aa71cdb608a9 (patch) | |
| tree | 22d52d2b09f8db0c7412a07dedba21d6cdbc5eeb | |
| parent | 1cfda125ed6b1ff7005c32cc0df3340a1e153e49 (diff) | |
| download | ansible-3379a7e32d0ddb582a73d5ff9e93aa71cdb608a9.tar.gz | |
Decode vaulted args before sending over ansible-connection. (#78236) (#78247)
I'm not aware of a way to easily get vault secrets decoded on the
ansible-connection side without sending the vault secrets over the
connection in the same way, so just decode them for transport.
(cherry picked from commit fff14d7c1ddec30a8645a622f1742c927a18f059)
| -rw-r--r-- | changelogs/fragments/ansible-connection_decode.yml | 3 | ||||
| -rw-r--r-- | lib/ansible/module_utils/connection.py | 2 |
2 files changed, 4 insertions, 1 deletions
diff --git a/changelogs/fragments/ansible-connection_decode.yml b/changelogs/fragments/ansible-connection_decode.yml new file mode 100644 index 0000000000..7e13dc9826 --- /dev/null +++ b/changelogs/fragments/ansible-connection_decode.yml @@ -0,0 +1,3 @@ +bugfixes: + - ansible-connection - decrypt vaulted parameters before sending over the socket, as + vault secrets are not available on the other side. diff --git a/lib/ansible/module_utils/connection.py b/lib/ansible/module_utils/connection.py index fd0b134087..1396c1c151 100644 --- a/lib/ansible/module_utils/connection.py +++ b/lib/ansible/module_utils/connection.py @@ -144,7 +144,7 @@ class Connection(object): ) try: - data = json.dumps(req, cls=AnsibleJSONEncoder) + data = json.dumps(req, cls=AnsibleJSONEncoder, vault_to_text=True) except TypeError as exc: raise ConnectionError( "Failed to encode some variables as JSON for communication with ansible-connection. " |