Escape salts and keys to avoid templating errors

fullyint · fullyint · commit 11065c8fa15d · 2016-04-03T18:18:51.000-07:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,5 @@
 ### HEAD
+* Escape salts and keys to avoid templating errors ([#548](https://github.com/roots/trellis/pull/548))
 * Add plugin to pretty print Ansible msg output ([#544](https://github.com/roots/trellis/pull/544))
 * Fix #482 - Multisite is-installed deploy check ([#543](https://github.com/roots/trellis/pull/543))
 * Skip setting permalink for multisite installs ([#546](https://github.com/roots/trellis/pull/546))
diff --git a/ansible.cfg b/ansible.cfg
@@ -6,6 +6,7 @@ force_handlers = True
 inventory = hosts
 library = /usr/share/ansible:lib/trellis/modules
 roles_path = vendor/roles
+vars_plugins = ~/.ansible/plugins/vars_plugins/:/usr/share/ansible_plugins/vars_plugins:lib/trellis/plugins/vars
 
 [ssh_connection]
 ssh_args = -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s
diff --git a/group_vars/production/vault.yml b/group_vars/production/vault.yml
@@ -12,7 +12,6 @@ vault_wordpress_sites:
     env:
       db_password: example_dbpassword
       # Generate your keys here: https://api.wordpress.org/secret-key/1.1/salt/
-      # These CANNOT contain the characters "{%" or "{{" in succession
       auth_key: "generateme"
       secure_auth_key: "generateme"
       logged_in_key: "generateme"
diff --git a/group_vars/staging/vault.yml b/group_vars/staging/vault.yml
@@ -12,7 +12,6 @@ vault_wordpress_sites:
     env:
       db_password: example_dbpassword
       # Generate your keys here: https://api.wordpress.org/secret-key/1.1/salt/
-      # These CANNOT contain the characters "{%" or "{{" in succession
       auth_key: "generateme"
       secure_auth_key: "generateme"
       logged_in_key: "generateme"
diff --git a/lib/trellis/plugins/vars/vars.py b/lib/trellis/plugins/vars/vars.py
@@ -0,0 +1,22 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+class VarsModule(object):
+    ''' Creates and modifies host variables '''
+
+    def __init__(self, inventory):
+        self.inventory = inventory
+        self.inventory_basedir = inventory.basedir()
+
+    # Wrap salts and keys variables in {% raw %} to prevent jinja templating errors
+    def wrap_salts_in_raw(self, host, hostvars):
+        if 'vault_wordpress_sites' in hostvars:
+            for name, site in hostvars['vault_wordpress_sites'].iteritems():
+                for key, value in site['env'].iteritems():
+                    if key.endswith(('_key', '_salt')) and not value.startswith(('{% raw', '{%raw')):
+                        hostvars['vault_wordpress_sites'][name]['env'][key] = ''.join(['{% raw %}', value, '{% endraw %}'])
+            host.vars['vault_wordpress_sites'] = hostvars['vault_wordpress_sites']
+
+    def get_host_vars(self, host, vault_password=None):
+        self.wrap_salts_in_raw(host, host.get_group_vars())
+        return {}

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`### HEAD`
	`2`	`+* Escape salts and keys to avoid templating errors ([#548](https://github.com/roots/trellis/pull/548))`
`2`	`3`	`* Add plugin to pretty print Ansible msg output ([#544](https://github.com/roots/trellis/pull/544))`
`3`	`4`	`* Fix #482 - Multisite is-installed deploy check ([#543](https://github.com/roots/trellis/pull/543))`
`4`	`5`	`* Skip setting permalink for multisite installs ([#546](https://github.com/roots/trellis/pull/546))`