Updated AnsibleUnsafe notes (rest)
Alex Willmer
parent
5b61655560
commit
a46836daba
|
|
@ -31,8 +31,8 @@ Origin Where unsafe is applied
|
|||
=================== =========================================================
|
||||
|
||||
|
||||
Implementation internals
|
||||
------------------------
|
||||
Implementation details
|
||||
----------------------
|
||||
|
||||
``AnsibleUnsafe`` objects are marked by the attribute ``__UNSAFE__=True``.
|
||||
In Ansible <= 6 (ansible-core <= 2.13) casting to the base type removes it
|
||||
|
|
@ -191,18 +191,24 @@ Run ansible and view the file contents
|
|||
File ".../ansible/utils/unsafe_proxy.py", line 208, in _strip_unsafe
|
||||
traceback.print_stack(file=f)
|
||||
|
||||
Discussion
|
||||
----------
|
||||
|
||||
Observations
|
||||
------------
|
||||
|
||||
- ``ansible.utils.unsafe_proxy.*`` is only available on the Ansible controller.
|
||||
The module isn't part of ``ansible.module_utils``, so not available on targets.
|
||||
- Pickling/unpickling does not strip the unsafe marker.
|
||||
- JSON encoding/decoding strips the unsafe marker. This happens to
|
||||
``AnsibleModule`` arguments serialised in
|
||||
``ansible.executor.module_common._find_module_utils()``.
|
||||
|
||||
Discussion
|
||||
----------
|
||||
|
||||
Informed guesses of rules/design principals
|
||||
|
||||
- The Ansible controller is the most valued security boundary, then targets.
|
||||
- The Ansible controller is the most valued security perimeter.
|
||||
- Targets are required/assumed to trust all input from the controller.
|
||||
By design they execute any arbitrary code that it sends.
|
||||
- All templating should/does happen on the controller (80% sure).
|
||||
- Ansible targets cannot/should not try to mark a value as safe or unsafe.
|
||||
The controller couldn't trust that determination anyway.
|
||||
|
|
|
|||
Loading…
Reference in New Issue