From 5cd4afaa1dcb0bbfebae20712b9e2f5f23582e89 Mon Sep 17 00:00:00 2001 From: Matt Martz Date: Thu, 4 Feb 2016 11:10:30 -0600 Subject: [PATCH] Add documentation about the unsafe YAML tag --- docsite/rst/playbooks_advanced_syntax.rst | 59 +++++++++++++++++++++++ docsite/rst/playbooks_special_topics.rst | 1 + docsite/rst/playbooks_variables.rst | 5 ++ 3 files changed, 65 insertions(+) create mode 100644 docsite/rst/playbooks_advanced_syntax.rst diff --git a/docsite/rst/playbooks_advanced_syntax.rst b/docsite/rst/playbooks_advanced_syntax.rst new file mode 100644 index 0000000000..932cfc87b9 --- /dev/null +++ b/docsite/rst/playbooks_advanced_syntax.rst @@ -0,0 +1,59 @@ +Advanced Syntax +=============== + +.. contents:: Topics + +This page describes advanced YAML syntax that enables you to have more control over the data placed in YAML files used by Ansible. + +.. _yaml_tags_and_python_types + +YAML tags and Python types +`````````````````````````` + +The documentation covered here is an extension of the documentation that can be found in the `PyYAML Documentation `_ + +.. _unsafe_strings + +Unsafe or Raw Strings +~~~~~~~~~~~~~~~~~~~~~ + +As of Ansible 2.0, there is an internal data type for declaring variable values as "unsafe". This means that the data held within the variables value should be treated as unsafe preventing unsafe character subsitition and information disclosure. + +Jinja2 contains functionality for escaping, or telling Jinja2 to not template data by means of functionality such as ``{% raw %} ... {% endraw %}``, however this uses a more comprehensive implementation to ensure that the value is never templated. + +Using YAML tags, you can also mark a value as "unsafe" by using the ``!unsafe`` tag such as:: + + --- + my_unsafe_variable: !unsafe 'this variable has {{ characters that shouldn't be treated as a jinja2 template' + +In a playbook, this may look like:: + + --- + hosts: all + vars: + my_unsafe_variable: !unsafe 'unsafe value' + tasks: + ... + +For complex variables such as hashes or arrays, ``!unsafe`` should be used on the individual elements such as:: + + --- + my_unsafe_array: + - !unsafe 'unsafe element' + - 'safe element' + + my_unsafe_hash: + unsafe_key: !unsafe 'unsafe value' + + + +.. seealso:: + + :doc:`playbooks_variables` + All about variables + `User Mailing List `_ + Have a question? Stop by the google group! + `irc.freenode.net `_ + #ansible IRC chat channel + + diff --git a/docsite/rst/playbooks_special_topics.rst b/docsite/rst/playbooks_special_topics.rst index 74974cad10..943f2674eb 100644 --- a/docsite/rst/playbooks_special_topics.rst +++ b/docsite/rst/playbooks_special_topics.rst @@ -14,6 +14,7 @@ and adopt these only if they seem relevant or useful to your environment. playbooks_delegation playbooks_environment playbooks_error_handling + playbooks_advanced_syntax playbooks_lookups playbooks_prompts playbooks_tags diff --git a/docsite/rst/playbooks_variables.rst b/docsite/rst/playbooks_variables.rst index 122c0ef923..9a9b7c6451 100644 --- a/docsite/rst/playbooks_variables.rst +++ b/docsite/rst/playbooks_variables.rst @@ -932,6 +932,11 @@ how all of these things can work together. .. _ansible-examples: https://github.com/ansible/ansible-examples .. _builtin filters: http://jinja.pocoo.org/docs/templates/#builtin-filters +Advanced Syntax +``````````````` + +For information about advanced YAML syntax used to declare variables and have more control over the data placed in YAML files used by Ansible, see `playbooks_advanced_syntax`_ + .. seealso:: :doc:`playbooks`