Browse Source

executor: do not blacklist host-vars for trusted context

This change lifts the host-vars blacklist for trusted context.

Change-Id: I59c2829adf2a641dc6761aed930ab28471432a9a
changes/90/710890/1 3.18.0
Tristan Cacqueray 2 years ago
parent
commit
3acc00a30e
  1. 5
      releasenotes/notes/trusted-blacklist-removal-14c8434d70ab99f2.yaml
  2. 3
      zuul/executor/server.py

5
releasenotes/notes/trusted-blacklist-removal-14c8434d70ab99f2.yaml

@ -0,0 +1,5 @@
---
security:
- |
The add_host host-vars blacklist is no longer effective for trusted
playbook.

3
zuul/executor/server.py

@ -2450,7 +2450,8 @@ class AnsibleJob(object):
if self.executor_variables_file is not None:
cmd.extend(['-e@%s' % self.executor_variables_file])
cmd.extend(['-e', '@' + self.jobdir.ansible_vars_blacklist])
if not playbook.trusted:
cmd.extend(['-e', '@' + self.jobdir.ansible_vars_blacklist])
self.emitPlaybookBanner(playbook, 'START', phase)

Loading…
Cancel
Save