The Ansible "markUnsafe" option should mark more things as unsafe #5160
Comments
kensipe
added
language/ansible
|
Encountered also this issue with fields inside annotations. So I would also mark as unsafe all the CR fields, and not only the spec. PS: The markUnsafe parameter doesn't seem to be documented today. |
|
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
openshift-ci
bot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
openshift-ci
bot
removed
the
lifecycle/stale
|
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
openshift-ci
bot
added
the
lifecycle/stale
|
/lifecycle frozen |
openshift-ci
bot
added
lifecycle/frozen
|
I think we hit this same issue. |
Bug Report
What did you do?
I added
markUnsafe: truetowatches.yamland created a k8s resource containing strings that look like Jinja templates. I tried to access the_<group>_<kind>var to retrieve a field understatusthat I had previously written.What did you expect to see?
I should be able to access data normally in the operator-provided
_<group>_<kind>var when it contains Jinja-like data and havemarkUnsafe: trueset.What did you see instead? Under which circumstances?
Ansible blows up with a template error when it encounters the Jinja-like data contained in the k8s resource.
Environment
Operator type:
Kubernetes cluster type:
EKS
$ operator-sdk versionv1.7.2Possible Solution
Make
markUnsafe: truealso apply to the_<group>_<kind>magic variable (and perhaps any other magic variables).Additional context
I was able to work around this by using the
k8s_infomodule to query the resource rather than using the operator-provided_<group>_<kind>var. Values returned from module invocations are treated as unsafe by default by Ansible.The text was updated successfully, but these errors were encountered: