Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Escape salts and keys to avoid templating errors #548

Merged
merged 1 commit into from
Apr 4, 2016
Merged

Escape salts and keys to avoid templating errors #548

merged 1 commit into from
Apr 4, 2016

Conversation

fullyint
Copy link
Contributor

@fullyint fullyint commented Apr 3, 2016

This PR adds a new vars plugin built from Ansible's noop.py example. The new plugin escapes WP env salts and keys (group_vars/<environment>/vault.yml) by wrapping them in {% raw %} to prevent the problem that arises when the strings include {{ or {% (e.g., #484).

Here is an excerpt of the remote's .env produced by a deploy. No longer causes errors on deploy.

AUTH_KEY='gene{%rateme'
AUTH_SALT='g{{enerateme'
LOGGED_IN_KEY='generatem{%e'
LOGGED_IN_SALT='gene{%rateme'
NONCE_KEY='{{generateme'
NONCE_SALT='generateme'
SECURE_AUTH_KEY='generat{{eme'
SECURE_AUTH_SALT='g{%enerateme'

This PR adds one vars plugin file, still mirroring Ansible project's structure.

lib/
  trellis/
    modules/
    plugins/
      callback/
      filter/
      vars/             <-- new
        vars.py         <-- new
    utils/

Note. The lib/ansible/plugins/vars dir is there in Ansible, but the example vars plugin they offer is in lib/ansible/inventory/vars_plugins.

The new plugin uses host.vars[key] = value to override var, because vars returned by host.get_group_vars are only a copy. Changing the latter (the copy) would have no effect.

Note. Don't be alarmed if you test this in a debug task and it doesn't work. This works for Trellis usage of wordpress_sites[site].env in template module. The {% raw %} tags are indeed being added. The debug module can print vault_wordpress_sites['example.com'].env.nonce_key but not item.value.env.nonce_key using with_dict. It seems the debug module sometimes doesn't honor the {% raw %} tags (?).

swalkinshaw
swalkinshaw reviewed Apr 4, 2016
View reviewed changes
lib/trellis/plugins/vars/vars.py
''' Creates and modifies host variables '''

def __init__(self, inventory):

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔥 this blank line for consistency

@swalkinshaw
Copy link
Member

👍 other than minor nitpick

@swalkinshaw swalkinshaw merged commit 9527520 into roots:master Apr 4, 2016
@fullyint fullyint deleted the raw-salts branch April 4, 2016 02:27
@fullyint fullyint mentioned this pull request Jul 13, 2016
Merged
@fullyint fullyint mentioned this pull request Dec 10, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fullyint @swalkinshaw