Fix configuration dump with inline encrypted variables
If inline Ansible vault encryption is used to define an encrypted variable in kayobe-config, running 'kayobe configuration dump -l <host>' fails with the following: Failed to decode config dump YAML file /tmp/tmp_fg1bv_j/localhost.yml: ConstructorError(None, None, "could not determine a constructor for the tag '!vault'", <yaml.error.Mark object at 0x7f1e5c7404c0>) This change fixes the error by using the Ansible YAML loader which supports the vault tag. Any vault encrypted variables are sanitised in the dump output. Note that variables in vault encrypted files are not sanitised. Change-Id: I4830500d3c927b0689b6f0bca32c28137916420b Closes-Bug: #2031390
Showing
- kayobe/ansible.py 16 additions, 2 deletionskayobe/ansible.py
- kayobe/tests/unit/test_ansible.py 65 additions, 1 deletionkayobe/tests/unit/test_ansible.py
- kayobe/tests/unit/test_utils.py 54 additions, 0 deletionskayobe/tests/unit/test_utils.py
- kayobe/utils.py 19 additions, 1 deletionkayobe/utils.py
- releasenotes/notes/config-dump-vault-edc615e475f234ac.yaml 7 additions, 0 deletionsreleasenotes/notes/config-dump-vault-edc615e475f234ac.yaml
Loading
Please register or sign in to comment