using json as a password for docker_login module

41 views
Skip to first unread message

Сергей Демурин

unread,
Oct 25, 2019, 3:16:13 AM10/25/19
to Ansible Development
I am trying to log into private docker container registry and I need to use a json-string as a password. So I do the following
docker_login:
  registry: cr.yandex
  username: json_key
  password: "{{ lookup('file', 'key.json') }}"
  reauthorize: yes
And I got an error "Get https://cr.yandex/v2/: unauthorized: Password is invalid - must be JSON key".

When I ran "ansible-playbook" in verbose mode I saw that the content of the file "key.json" was transcoded – double quotes were changed to single quotes so it have become an invalid json string.

Luckily I found a code that caused this behaviour: https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/cloud/docker/docker_login.py#L318. The "password" is of type "string". Then I changed "type='str'" to "type='json'" in my local file and everything worked!

I don't know if I am doing something wrong or it is a real bug and I should create an issue on github. Could someone please help me?

Felix Fontein

unread,
Oct 26, 2019, 4:36:33 AM10/26/19
to ansibl...@googlegroups.com
Hi,

> Luckily I found a code that caused this
> behaviour:
> https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/cloud/docker/docker_login.py#L318.
> The "password" is of type "string". Then I changed "type='str'" to
> "type='json'" in my local file and everything worked!

that's not what "caused" this. The problem is that Ansible interprets
your JSON file as a dictionary, parses it and passes it on as a
dictionary. What you've done is telling the docker_login module to no
longer convert it back to a string, but to keep it as a dictionary.
This will be passed on to the docker daemon as a dictionary (since
docker-py says it wants the password to be a string, but won't check
it). I don't know what the docker daemon will do with it. But this
rather looks like accidental behavior than what is intended.

So your question should be: how do I pass the contents of a JSON file
into the string parameter of a module without Ansible "destroying" it
(by interpreting it as a dictionary)? That's a question better for the
ansible-project google groups / mailing list.

Best regards,
Felix Fontein
Reply all
Reply to author
Forward
0 new messages