Passing a '(' in a variable string

38 views
Skip to first unread message

Stephen Feyrer

unread,
Oct 21, 2019, 12:34:22 PM10/21/19
to Ansible Project
Hi there,

I have a password vault and a script to which I am passing a password.

The vault looks kind of like this:
---
vault_password: abc(123


The script in the playbook is called like this:
---
tasks:
 - name: my-script
   script: My-Script.ps1 -secret {{ vault_password }}


The error which is reported is quite long though the operative part looks like:
(Missing closing ')' in expression.:String) []


When the '(' is removed from the sample password the script runs as expected.

I have tried putting the Jinja2 into quotes and escaping the quotes and researching this issue.

I don't have control of the passwords needed by the script.

Thank you


--
Stephen.

Vladimir Botka

unread,
Oct 21, 2019, 1:51:46 PM10/21/19
to Stephen Feyrer, ansible...@googlegroups.com
On Mon, 21 Oct 2019 09:34:22 -0700 (PDT)
Stephen Feyrer <sf.gre...@gmail.com> wrote:

> vault_password: abc(123
> tasks:
> - name: my-script
> script: My-Script.ps1 -secret {{ vault_password }}
>
> (Missing closing ')' in expression.:String) []

Use "quote" filter
https://docs.ansible.com/ansible/devel/user_guide/playbooks_filters.html#id8

- name: my-script
script: My-Script.ps1 -secret {{ vault_password|quote }}

Cheers,

-vlado

Stephen Feyrer

unread,
Oct 23, 2019, 3:24:27 AM10/23/19
to Ansible Project
Hi Vlado,

Apologies for the delayed reply.  Unfortunately, that hasn't worked.  In the documentation that you linked to, that syntax is described in connection with the shell operator rather than the script.

I tried this:

 - name: my-script
      script: My-Script.ps1 -secret {{ vault_password | quote }}

and

 - name: my-script
      script: My-Script.ps1 -secret {{ vault_password | join("") }}

Both produced the same result as before.

Thank you.

Vladimir Botka

unread,
Oct 23, 2019, 4:07:33 AM10/23/19
to Stephen Feyrer, ansible...@googlegroups.com
Hi Stephen,

> > > vault_password: abc(123
> > > tasks:
> > > - name: my-script
> > > script: My-Script.ps1 -secret {{ vault_password }}
> > >
> > > (Missing closing ')' in expression.:String) []
> >
> > Use "quote" filter
> > https://docs.ansible.com/ansible/devel/user_guide/playbooks_filters.html#id8
> >
> > - name: my-script
> > script: My-Script.ps1 -secret {{ vault_password|quote }}

On Wed, 23 Oct 2019 00:24:26 -0700 (PDT)
Stephen Feyrer <sf.gre...@gmail.com> wrote:
> Apologies for the delayed reply. Unfortunately, that hasn't worked. In
> the documentation that you linked to, that syntax is described in
> connection with the shell operator rather than the script.
>
> I tried this:
> - name: my-script
> script: My-Script.ps1 -secret {{ vault_password | quote }}
> and
> - name: my-script
> script: My-Script.ps1 -secret {{ vault_password | join("") }}
> Both produced the same result as before.

This is strange. It works for me.

$ cat my-script.sh
#!/bin/sh
echo $1
exit 0

$ cat play.yml
- hosts: localhost
vars:
vault_password: abc(123
tasks:
- script: 'my-script.sh {{ vault_password|quote }}'
register: result
- debug:
var: result.stdout

$ ansible-playbook play.yml
[...]
ok: [localhost] => {
"result.stdout": "abc(123\n"
}

Without quoted argument I see this error:

fatal: [localhost]: FAILED! => {"changed": true, "msg": "non-zero return
code", "rc": 2, "stderr": "/bin/sh: 1: Syntax error: \"(\" unexpected\n",
"stderr_lines": ["/bin/sh: 1: Syntax error: \"(\" unexpected"], "stdout":
"", "stdout_lines": []}

Cheers,

-vlado

Vladimir Botka

unread,
Oct 23, 2019, 4:19:46 AM10/23/19
to Stephen Feyrer, ansible...@googlegroups.com
On Mon, 21 Oct 2019 09:34:22 -0700 (PDT)
Stephen Feyrer <sf.gre...@gmail.com> wrote:

> vault_password: abc(123
> ---
> tasks:
> - name: my-script
> script: My-Script.ps1 -secret {{ vault_password }}
>
> The error which is reported is quite long though the operative part looks
> like:
> (Missing closing ')' in expression.:String) []

The error "Missing closing ')'..." is very probably reported by the script.
Find out how to pass the argument to the script from the command-line before
you proceed with Ansible.

Cheers,

-vlado

Stephen Feyrer

unread,
Oct 23, 2019, 4:51:27 AM10/23/19
to Ansible Project
Hi Vlado,

You are right, it is the Powershell parameter interpretation.  I have previously tried quoting in the Ansible playbook like:

    - name: my-script
      script: My-Script.ps1 -svc_password '{{ vault_password }}'

and
    - name: my-script
      script: My-Script.ps1 -svc_password "{{ vault_password }}"

Neither of these worked.  Per your suggestion I tried:

    - name: my-script
      script: My-Script.ps1 -svc_password {{ 'vault_password' }}

This worked, I'll admit, I'm a little surprised.  I have to do some reading on Jinja2.

Thank you!


--
Kind regards

Stephen.

Vladimir Botka

unread,
Oct 23, 2019, 5:32:17 AM10/23/19
to Stephen Feyrer, ansible...@googlegroups.com
Hi Stephen,

On Wed, 23 Oct 2019 01:51:26 -0700 (PDT)
Stephen Feyrer <sf.gre...@gmail.com> wrote:

> - name: my-script
> script: My-Script.ps1 -svc_password '{{ vault_password }}'
>
> and
> - name: my-script
> script: My-Script.ps1 -svc_password "{{ vault_password }}"

Quoting from *Gotchas*: "If your value starts with a quote the entire value
must be quoted, not just part of it..."
https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html#gotchas

Correct syntax is

- name: my-script
script: 'My-Script.ps1 -svc_password {{ vault_password }}'

and
- name: my-script
script: "My-Script.ps1 -svc_password {{ vault_password }}"

> - name: my-script
> script: My-Script.ps1 -svc_password {{ 'vault_password' }}
>
> This worked, I'll admit, I'm a little surprised...

I'm surprised too. In my case

- script: my-script.sh {{ 'vault_password' }}
register: result

the result was

ok: [localhost] => {
"result.stdout": "vault_password\n"
}

Cheers,

-vlado

Stephen Feyrer

unread,
Oct 24, 2019, 6:31:43 AM10/24/19
to Ansible Project
Hi Vlado,

That does make more sense.  Thank you.
Reply all
Reply to author
Forward
0 new messages