blob: bef9a4b4500e29a3b06d6d9e6023ef7b42cc81a8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
- hosts: localhost
gather_facts: false
vars:
nottemplated: this should not be seen
imunsafe: !unsafe '{{ nottemplated }}'
tasks:
- set_fact:
this_was_unsafe: >
{{ imunsafe }}
- set_fact:
this_always_safe: '{{ imunsafe }}'
- name: ensure nothing was templated
assert:
that:
- this_always_safe == imunsafe
- imunsafe == this_was_unsafe.strip()
- hosts: localhost
gather_facts: false
vars:
output_dir: "{{ lookup('env', 'OUTPUT_DIR') }}"
tasks:
- set_fact:
unsafe_foo: "{{ lookup('list', var0) }}"
vars:
var0: "{{ var1 }}"
var1:
- unsafe
- assert:
that:
- "{{ unsafe_foo[0] | type_debug == 'AnsibleUnsafeText' }}"
- block:
- copy:
dest: "{{ file_name }}"
content: !unsafe "{{ i_should_not_be_templated }}"
- set_fact:
file_content: "{{ lookup('file', file_name) }}"
- assert:
that:
- not file_content is contains('unsafe')
- set_fact:
file_content: "{{ lookup('file', file_name_tmpl) }}"
vars:
file_name_tmpl: "{{ file_name }}"
- assert:
that:
- not file_content is contains('unsafe')
vars:
file_name: "{{ output_dir }}/unsafe_file"
i_should_not_be_templated: unsafe
always:
- file:
dest: "{{ file_name }}"
state: absent
|
