Allow some plugins to read from playbook dir

Currently the lookup plugins are only permitted to read data
from the work dir.  Some of them expect to read files based on
the CWD which Ansible sets to be the playbook directory.  In the
case that the lookup plugins are being run by a playbook in a
project which is in the dependency chain, that will work fine.
But if the playbook project is not in the dependency chain, it
is checked out into the "trusted/" directory in the jobdir, which
is outside of the work dir.  In this case, the lookup plugin will
fail.

Alter the lookup plugins to permit access to the "trusted/"
directory as well as "work/".  This is safe because these plugins
only read files, not write.  And the only content in the "trusted/"
directory is git repository checkouts which the user already has
access to.

Also allow the include_vars and synchronize action modules access
to read files from these directories.

The current tests are sufficient to show that current behavior is
not broken by this change.  A followup change moves all playbook
project checkouts outside of the work directory, so that case will
be tested then.

Change-Id: Ie2e5b0d1c099d4f9cf59c1e67fb0603d7c5f757b

zuul/ansible/lookup/csvfile.py

@@ -27,7 +27,7 @@ class LookupModule(csvfile.LookupModule):
     def read_csv(
             self, filename, key, delimiter, encoding='utf-8',
             dflt=None, col=1):
-        paths._fail_if_unsafe(filename)
+        paths._fail_if_unsafe(filename, allow_trusted=True)
 
         # upstream csvfile read_csv does not work with python3 so
         # carry our own version.

zuul/ansible/lookup/file.py

@@ -24,5 +24,5 @@ class LookupModule(file_mod.LookupModule):
         for term in terms:
             lookupfile = self.find_file_in_search_path(
                 variables, 'files', term)
-            paths._fail_if_unsafe(lookupfile)
+            paths._fail_if_unsafe(lookupfile, allow_trusted=True)
         return super(LookupModule, self).run(terms, variables, **kwargs)

zuul/ansible/lookup/fileglob.py

@@ -35,7 +35,7 @@ class LookupModule(LookupBase):
             dwimmed_path = self.find_file_in_search_path(
                 variables, 'files', os.path.dirname(term))
             if dwimmed_path:
-                paths._fail_if_unsafe(dwimmed_path)
+                paths._fail_if_unsafe(dwimmed_path, allow_trusted=True)
                 globbed = glob.glob(to_bytes(
                     os.path.join(dwimmed_path, term_file),
                     errors='surrogate_or_strict'))

zuul/ansible/lookup/filetree.py

@@ -28,5 +28,5 @@ class LookupModule(filetree.LookupModule):
             dwimmed_path = self._loader.path_dwim_relative(
                 basedir, 'files', os.path.dirname(term))
             path = os.path.join(dwimmed_path, term_file)
-            paths._fail_if_unsafe(path)
+            paths._fail_if_unsafe(path, allow_trusted=True)
         return super(LookupModule, self).run(terms, variables, **kwargs)

zuul/ansible/lookup/first_found.py

@@ -178,7 +178,7 @@ class LookupModule(LookupBase):
             total_search = self._flatten(terms)
 
         for fn in total_search:
-            zuul_paths._fail_if_unsafe(fn)
+            zuul_paths._fail_if_unsafe(fn, allow_trusted=True)
             try:
                 fn = self._templar.template(fn)
             except (AnsibleUndefinedVariable, UndefinedError):

zuul/ansible/lookup/ini.py

@@ -21,11 +21,11 @@ ini = paths._import_ansible_lookup_plugin("ini")
 class LookupModule(ini.LookupModule):
 
     def read_properties(self, filename, *args, **kwargs):
-        paths._fail_if_unsafe(filename)
+        paths._fail_if_unsafe(filename, allow_trusted=True)
         return super(LookupModule, self).read_properties(
             filename, *args, **kwargs)
 
     def read_ini(self, filename, *args, **kwargs):
-        paths._fail_if_unsafe(filename)
+        paths._fail_if_unsafe(filename, allow_trusted=True)
         return super(LookupModule, self).read_ini(
             filename, *args, **kwargs)