search

ansible / awx

AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is one of the upstream projects for Red Hat Ansible Automation Platform.
Other
14k stars 3.42k forks source link

Support all Ansible core YAML-isms across app, API / UI #1954

Open AlanCoding opened 6 years ago

AlanCoding commented 6 years ago
ISSUE TYPE
COMPONENT NAME
SUMMARY

Ansible core accepts YAML that we do not

ENVIRONMENT
STEPS TO REPRODUCE

Attempt to save this to a job template

---
my_unsafe_array:
    - !unsafe 'unsafe element'
    - 'safe element'

See https://docs.ansible.com/ansible/2.4/playbooks_advanced_syntax.html

EXPECTED RESULTS

Feature request is to accept this, and accept any other syntax that Ansible core documents that it accepts.

ACTUAL RESULTS

Demo of UI rejection in their parser:

screen shot 2018-06-05 at 9 07 05 am

screen shot 2018-06-05 at 9 07 13 am

Demo of API rejection:

{
    "extra_vars": [
        "Cannot parse as JSON (error: No JSON object could be decoded) or YAML (error: could not determine a constructor for the tag '!unsafe'\n  in \"<unicode string>\", line 1, column 6:\n    foo: !unsafe 'unsafe element'\n         ^)."
    ]
}
ADDITIONAL INFORMATION
AlanCoding commented 6 years ago

Related https://github.com/ansible/awx/issues/223

AlanCoding commented 6 years ago

Related https://github.com/ansible/awx/issues/2148

AlanCoding commented 6 years ago

Some feature research has been put in:

https://github.com/AlanCoding/Ansible-inventory-file-examples/tree/master/vault/parsers

jbartko commented 6 years ago

I believe this may be another example of this issue...

Given an inventory variable like:

awx1954_dict:
  comment: !unsafe '{#NOTACOMMENT#}'
  statement: !unsafe '{%NOTASTATEMENT%}'
  expression: !unsafe '{{NOTANEXPRESSION}}'
  zabbix: !unsafe net.if.out[{#IFNAME}]

and a playbook like:

---
- hosts: all
  gather_facts: false
  tasks:
    - debug:
        var: awx1954_dict
      when: awx1954_dict is defined

Expected results: (executed locally)

$ ansible-playbook -i inventories/hosts -l my-awesome-host -v awx1954.yml
PLAY [all] *********************************************************************

TASK [debug] *******************************************************************
ok: [my-awesome-host] => 
  awx1954_dict:
    comment: '{#NOTACOMMENT#}'
    expression: '{{NOTANEXPRESSION}}'
    statement: '{%NOTASTATEMENT%}'
    zabbix: net.if.out[{#IFNAME}]

PLAY RECAP *********************************************************************
my-awesome-host                 : ok=1    changed=0    unreachable=0    failed=0

Actual results: (executed via AWX)

TASK [debug] *******************************************************************20:19:39
task path: /var/lib/awx/projects/_7__my_awesome_project/awx1954.yml:520:19:39
fatal: [my-awesome-host]: FAILED! => {"msg": "The conditional check 'awx1954_dict is defined' failed. The error was: An unhandled exception occurred while templating '{u'comment': u'{#NOTACOMMENT#}', u'zabbix': u'net.if.out[{#IFNAME}]', u'expression': u'{{NOTANEXPRESSION}}', u'statement': u'{%NOTASTATEMENT%}'}'. Error was a <class 'ansible.errors.AnsibleError'>, original message: template error while templating string: Missing end of comment tag. String: net.if.out[{#IFNAME}]\n\nThe error appears to have been in '/var/lib/awx/projects/_7__my_awesome_project/awx1954.yml': line 5, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n  tasks:\n    - debug:\n      ^ here\n"}

Environment: Affects AWX versions: 1.0.5.32, 1.0.6.x, 1.0.7.2, 1.0.8.0

Alternative: Variables in playbooks with the !unsafe tag appear to work:

---
- hosts: all
  gather_facts: false
  vars:
    awx1954_dict:
      comment: !unsafe '{#NOTACOMMENT#}'
      statement: !unsafe '{%NOTASTATEMENT%}'
      expression: !unsafe '{{NOTANEXPRESSION}}'
      zabbix: !unsafe net.if.out[{#IFNAME}]
  tasks:
    - debug:
        var: awx1954_dict
      when: awx1954_dict is defined
AlanCoding commented 6 years ago

@jbartko I don't quite have all the information I need to make a determination. In particular, I need to know exactly how you set those inventory variables inside of AWX. You can't save them in the UI, it will error. But there are ways to save them in a converted JSON form.

If you did pull those variables in through the method I am speculating about, then the fix:

https://github.com/ansible/awx/pull/2297

could be used to resolve it, but we would have to add processing for unsafe types (which would be relatively trivial).

jbartko commented 6 years ago

Hello @AlanCoding ! In the example above, variables are being set in from an AWX project using static inventory files:

inventories/hosts.ini           # contains my-awesome-host
inventories/group_vars/all.yml  # defines awx1954_dict
awx1954.yml                     # prints awx1954_dict

When an AWX job template executes the awx1954.yml playbook, it fails with "template error while templating string: Missing end of comment tag".

AlanCoding commented 6 years ago

Thank you for the info. It took some finagling, but I was able to reproduce the error that you reported.

I will ping you after I distill this into the source bug that causes the problem. I also need to first confirm that it exists with development Ansible, I have only tested 2.7.0 so far. It will be filed as a separate issue.