Check-yaml exception for Ansible Vault #273
Comments
|
Might be with adding a "check-yaml-unsafe" which just attempts to validate syntax (and thus allowing extensions and unsafe constructs) instead of loading. Wouldn't be able to do some of the more advanced ideas I have for check-yaml such as duplicate key checking but it would enable this use case. Thoughts? |
|
Made a patch for this, please try it out! #274 (via |
|
Working like a charm for me and this use case ! Thank you for this quick patch :). Looking at the PR, there is a small typo error on line 55 in the |
|
woops, that's what I get for not copy pasting /me fixes |
|
This has been (finally!) released as part of v1.3.0! 🎉 |
|
I am not sure that is the best approach but thanks for implementig that workaround. |
|
@ssbarnea do you have any suggestions? |
|
This is old, but the ability to ignore a single line would be one way to handle this and is a fairly common feature for linters. |
|
@ViViDboarder did you try the solution that's been released above in 2018? |
|
Yes, that works but it apparently prevents the other handy features such as checking for duplicate keys, no? |
|
yeah, yaml loading is all-or-nothing |
See pre-commit/pre-commit-hooks#273 The check currently fails because we use the `!!` syntax in the current `mkdocs.yml` configuration.
See pre-commit/pre-commit-hooks#273 The check currently fails because we use the `!!` syntax in the current `mkdocs.yml` configuration. `--unsafe` refers to the YAML compliance: it doesn't load the file, merely checks the syntax: > Instead of loading the files, simply parse them for syntax. > A syntax-only check enables extensions and unsafe constructs which would otherwise be forbidden. > Using this option removes all guarantees of portability to other yaml implementations. https://github.com/pre-commit/pre-commit-hooks/blob/98c88b23b7ea9a42f920adc1d7c8790f39772021/README.md This is still better than failing completely because: * a complete failure requires a committer to use `--no-verify` * there is still a rudimentary check of this YAML In practice, it gets loaded by MkDocs, which tells us if it's broken anyway.
See pre-commit/pre-commit-hooks#273 The check currently fails because we use the `!!` syntax in the current `mkdocs.yml` configuration. `--unsafe` refers to the YAML compliance: it doesn't load the file, merely checks the syntax: > Instead of loading the files, simply parse them for syntax. > A syntax-only check enables extensions and unsafe constructs which would otherwise be forbidden. > Using this option removes all guarantees of portability to other yaml implementations. https://github.com/pre-commit/pre-commit-hooks/blob/98c88b23b7ea9a42f920adc1d7c8790f39772021/README.md#check-yaml This is still better than failing completely because: * a complete failure requires a committer to use `--no-verify` * there is still a rudimentary check of this YAML In practice, it gets loaded by MkDocs, which tells us if it's broken anyway.
See pre-commit/pre-commit-hooks#273 The check currently fails because we use the `!!` syntax in the current `mkdocs.yml` configuration. `--unsafe` refers to the YAML compliance: it doesn't load the file, merely checks the syntax: > Instead of loading the files, simply parse them for syntax. > A syntax-only check enables extensions and unsafe constructs which would otherwise be forbidden. > Using this option removes all guarantees of portability to other yaml implementations. https://github.com/pre-commit/pre-commit-hooks/blob/98c88b23b7ea9a42f920adc1d7c8790f39772021/README.md#check-yaml This is still better than the current situation because: * a complete failure requires a committer to use `--no-verify` or spend time trying to work out what's wrong with the pre-commit failure * there is still a rudimentary check of this YAML, which doesn't happen in the current broken state In practice, this YAML file gets loaded by MkDocs, which tells us if it's broken anyway. Other YAML files in this repository are still checked fully.
This new option for the yaml checker modify ruamel to remove the "!" from the "!vault" tag if it is found. Removing that part allows the file to be parsed correctly, so other errors could be found. fixes: pre-commit#273
This new option for the yaml checker modify ruamel to remove the "!" from the "!vault" tag if it is found. Removing that part allows the file to be parsed correctly, so other errors could be found. fixes: pre-commit#273
Also this adds `--unsafe` to the `check-yaml` pre-commit hook. This is because we are using `!reference` in `.gitlab-ci.yml` and without `--unsafe`, it bombs out: ``` could not determine a constructor for the tag '!reference' ``` See: pre-commit/pre-commit-hooks#273
Hi,
I've recently used the embed encrypt variables in my Ansible repos, and the check-yaml hook is failing because of the specific
!vaultusage.Do you think it's possible to add this as an exception inside the hook (and make it pass for everyone who's using encypted variables in their playbooks) ?
Or should I add explicit exception inside my
.pre-commit-config.yaml, for each files where I use those encrypted variables ?The text was updated successfully, but these errors were encountered: