Updated AnsibleUnsafe notes (rest)
parent
5b61655560
commit
a46836daba
|
@ -31,8 +31,8 @@ Origin Where unsafe is applied
|
||||||
=================== =========================================================
|
=================== =========================================================
|
||||||
|
|
||||||
|
|
||||||
Implementation internals
|
Implementation details
|
||||||
------------------------
|
----------------------
|
||||||
|
|
||||||
``AnsibleUnsafe`` objects are marked by the attribute ``__UNSAFE__=True``.
|
``AnsibleUnsafe`` objects are marked by the attribute ``__UNSAFE__=True``.
|
||||||
In Ansible <= 6 (ansible-core <= 2.13) casting to the base type removes it
|
In Ansible <= 6 (ansible-core <= 2.13) casting to the base type removes it
|
||||||
|
@ -191,18 +191,24 @@ Run ansible and view the file contents
|
||||||
File ".../ansible/utils/unsafe_proxy.py", line 208, in _strip_unsafe
|
File ".../ansible/utils/unsafe_proxy.py", line 208, in _strip_unsafe
|
||||||
traceback.print_stack(file=f)
|
traceback.print_stack(file=f)
|
||||||
|
|
||||||
Discussion
|
|
||||||
----------
|
|
||||||
|
|
||||||
Observations
|
Observations
|
||||||
|
------------
|
||||||
|
|
||||||
- ``ansible.utils.unsafe_proxy.*`` is only available on the Ansible controller.
|
- ``ansible.utils.unsafe_proxy.*`` is only available on the Ansible controller.
|
||||||
The module isn't part of ``ansible.module_utils``, so not available on targets.
|
The module isn't part of ``ansible.module_utils``, so not available on targets.
|
||||||
- Pickling/unpickling does not strip the unsafe marker.
|
- Pickling/unpickling does not strip the unsafe marker.
|
||||||
|
- JSON encoding/decoding strips the unsafe marker. This happens to
|
||||||
|
``AnsibleModule`` arguments serialised in
|
||||||
|
``ansible.executor.module_common._find_module_utils()``.
|
||||||
|
|
||||||
|
Discussion
|
||||||
|
----------
|
||||||
|
|
||||||
Informed guesses of rules/design principals
|
Informed guesses of rules/design principals
|
||||||
|
|
||||||
- The Ansible controller is the most valued security boundary, then targets.
|
- The Ansible controller is the most valued security perimeter.
|
||||||
|
- Targets are required/assumed to trust all input from the controller.
|
||||||
|
By design they execute any arbitrary code that it sends.
|
||||||
- All templating should/does happen on the controller (80% sure).
|
- All templating should/does happen on the controller (80% sure).
|
||||||
- Ansible targets cannot/should not try to mark a value as safe or unsafe.
|
- Ansible targets cannot/should not try to mark a value as safe or unsafe.
|
||||||
The controller couldn't trust that determination anyway.
|
The controller couldn't trust that determination anyway.
|
||||||
|
|
Loading…
Reference in New Issue