Opened 3 years ago

Last modified 2 years ago

#3085 new enhancement

use some Jinja2 fanciness to make sure secrets exist

Reported by: dustin Owned by:
Priority: patches-accepted Milestone: sys - other
Version: 0.8.9 Keywords: ansible
Cc:

Description

We're currently writing things like

  - password: "{{ some_password }}"

with the assumption that some_password is in secrets.yml. But for folks trying to reproduce externally, they have no good way to know to set that value -- and Jinja2 will helpfully substitute an empty string in this case.

I bet we could use a Jinja2 filter or function to look up secrets. This could avoid empty values and also make it easy to grep the codebase for required secrets.

Change History (2)

comment:1 Changed 3 years ago by sa2ajj

To avoid empty strings I added the following to our ansible.cfg:

error_on_undefined_vars = True

comment:2 Changed 2 years ago by skelly

The default in ansible is to fail if the variable is undefined. This can be disabled but there is a filter available, mandatory, that makes the variable required to be set.

Note: See TracTickets for help on using tickets.