kayobe

kayobe configuration dump fails with vault encrypted variables

Bug #2031390 reported by Mark Goddard
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kayobe
Fix Released
Low
Mark Goddard
Antelope
Fix Released
Low
Mark Goddard
Bobcat
Fix Released
Low
Mark Goddard
Yoga
Fix Released
Low
Unassigned
Zed
Fix Released
Low
Unassigned

Bug Description

# Steps to reproduce

Use inline Ansible vault encryption to define an encrypted variable in kayobe-config.

  kayobe configuration dump -l <host>

# Expected results

Configuration dump is successful

# Actual results

Configuration dump fails with the following:

  Failed to decode config dump YAML file /tmp/tmp_fg1bv_j/localhost.yml: ConstructorError(None, None, "could not determine a constructor for the tag '!vault'", <yaml.error.Mark object at 0x7f1e5c7404c0>)

See original description
Mark Goddard (mgoddard)
Changed in kayobe:
importance: Undecided → Low
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kayobe (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/kayobe/+/891399

Changed in kayobe:
status: New → In Progress
Maksim Malchuk (mmalchuk)
no longer affects: kayobe/xena
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kayobe (master)

Reviewed: https://review.opendev.org/c/openstack/kayobe/+/891399
Committed: https://opendev.org/openstack/kayobe/commit/78702d0e3094e6d6a16a31eaf2517d4e0f25d1c7
Submitter: "Zuul (22348)"
Branch: master

commit 78702d0e3094e6d6a16a31eaf2517d4e0f25d1c7
Author: Mark Goddard <email address hidden>
Date: Tue Aug 15 11:19:41 2023 +0100

    Fix configuration dump with inline encrypted variables

    If inline Ansible vault encryption is used to define an encrypted
    variable in kayobe-config, running 'kayobe configuration dump -l <host>'
    fails with the following:

      Failed to decode config dump YAML file /tmp/tmp_fg1bv_j/localhost.yml:
      ConstructorError(None, None, "could not determine a constructor for
      the tag '!vault'", <yaml.error.Mark object at 0x7f1e5c7404c0>)

    This change fixes the error by using the Ansible YAML loader which
    supports the vault tag. Any vault encrypted variables are sanitised in
    the dump output. Note that variables in vault encrypted files are not
    sanitised.

    Change-Id: I4830500d3c927b0689b6f0bca32c28137916420b
    Closes-Bug: #2031390

Changed in kayobe:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kayobe (stable/2023.1)

Fix proposed to branch: stable/2023.1
Review: https://review.opendev.org/c/openstack/kayobe/+/902234

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kayobe (stable/zed)

Fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/kayobe/+/902235

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kayobe (stable/yoga)

Fix proposed to branch: stable/yoga
Review: https://review.opendev.org/c/openstack/kayobe/+/902311

Maksim Malchuk (mmalchuk)
no longer affects: kayobe/wallaby
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kayobe 15.0.0.0rc1

This issue was fixed in the openstack/kayobe 15.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kayobe (stable/2023.1)

Reviewed: https://review.opendev.org/c/openstack/kayobe/+/902234
Committed: https://opendev.org/openstack/kayobe/commit/a23cde010d3d9b57dfc20ebcf09b70784d10aeed
Submitter: "Zuul (22348)"
Branch: stable/2023.1

commit a23cde010d3d9b57dfc20ebcf09b70784d10aeed
Author: Mark Goddard <email address hidden>
Date: Tue Aug 15 11:19:41 2023 +0100

    Fix configuration dump with inline encrypted variables

    If inline Ansible vault encryption is used to define an encrypted
    variable in kayobe-config, running 'kayobe configuration dump -l <host>'
    fails with the following:

      Failed to decode config dump YAML file /tmp/tmp_fg1bv_j/localhost.yml:
      ConstructorError(None, None, "could not determine a constructor for
      the tag '!vault'", <yaml.error.Mark object at 0x7f1e5c7404c0>)

    This change fixes the error by using the Ansible YAML loader which
    supports the vault tag. Any vault encrypted variables are sanitised in
    the dump output. Note that variables in vault encrypted files are not
    sanitised.

    Change-Id: I4830500d3c927b0689b6f0bca32c28137916420b
    Closes-Bug: #2031390
    (cherry picked from commit 78702d0e3094e6d6a16a31eaf2517d4e0f25d1c7)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kayobe (stable/zed)

Reviewed: https://review.opendev.org/c/openstack/kayobe/+/902235
Committed: https://opendev.org/openstack/kayobe/commit/d0ac777651bee78077f1abeab07ad42927f20d1b
Submitter: "Zuul (22348)"
Branch: stable/zed

commit d0ac777651bee78077f1abeab07ad42927f20d1b
Author: Mark Goddard <email address hidden>
Date: Tue Aug 15 11:19:41 2023 +0100

    Fix configuration dump with inline encrypted variables

    If inline Ansible vault encryption is used to define an encrypted
    variable in kayobe-config, running 'kayobe configuration dump -l <host>'
    fails with the following:

      Failed to decode config dump YAML file /tmp/tmp_fg1bv_j/localhost.yml:
      ConstructorError(None, None, "could not determine a constructor for
      the tag '!vault'", <yaml.error.Mark object at 0x7f1e5c7404c0>)

    This change fixes the error by using the Ansible YAML loader which
    supports the vault tag. Any vault encrypted variables are sanitised in
    the dump output. Note that variables in vault encrypted files are not
    sanitised.

    Change-Id: I4830500d3c927b0689b6f0bca32c28137916420b
    Closes-Bug: #2031390
    (cherry picked from commit 78702d0e3094e6d6a16a31eaf2517d4e0f25d1c7)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kayobe (stable/yoga)

Reviewed: https://review.opendev.org/c/openstack/kayobe/+/902311
Committed: https://opendev.org/openstack/kayobe/commit/2711492262c4d31dbe6b336a502665346bce63e7
Submitter: "Zuul (22348)"
Branch: stable/yoga

commit 2711492262c4d31dbe6b336a502665346bce63e7
Author: Mark Goddard <email address hidden>
Date: Tue Aug 15 11:19:41 2023 +0100

    Fix configuration dump with inline encrypted variables

    If inline Ansible vault encryption is used to define an encrypted
    variable in kayobe-config, running 'kayobe configuration dump -l <host>'
    fails with the following:

      Failed to decode config dump YAML file /tmp/tmp_fg1bv_j/localhost.yml:
      ConstructorError(None, None, "could not determine a constructor for
      the tag '!vault'", <yaml.error.Mark object at 0x7f1e5c7404c0>)

    This change fixes the error by using the Ansible YAML loader which
    supports the vault tag. Any vault encrypted variables are sanitised in
    the dump output. Note that variables in vault encrypted files are not
    sanitised.

    Change-Id: I4830500d3c927b0689b6f0bca32c28137916420b
    Closes-Bug: #2031390
    (cherry picked from commit 78702d0e3094e6d6a16a31eaf2517d4e0f25d1c7)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kayobe 14.3.0

This issue was fixed in the openstack/kayobe 14.3.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kayobe 12.10.0

This issue was fixed in the openstack/kayobe 12.10.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kayobe 13.4.0

This issue was fixed in the openstack/kayobe 13.4.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.