Bootstrap FreeKB - Ansible - Resolve "AnsibleVaultEncryptedUnicode object has no attribute split"
Ansible - Resolve "AnsibleVaultEncryptedUnicode object has no attribute split"

Updated:   |  Ansible articles

Let's say you use the ansible-vault create command to create a file named locker.yml that contains the following.

test_password itsasecret
prod_password hGn4!kD98A

 

And then you have a playbook that decrypts locker.yml, like this.

---
- hosts: localhost
  vars:
    passwords: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          66303833643731313633343266616162613965636161313534376563383639646463376630626635
          3136316663626536303061333531303234616562323637330a373633393736393863373566623261
          65643764336263613730666665663763383063386137383331386136366232666637626566653032
          3933393061666138650a656238386665343838613833643435623932306539633138376533613039
          6531
  tasks:
    - name: display the content of the 'passwords' variable
      debug:
        var: passwords
...

 

Something like this should be returned.

TASK [display the content of the 'passwords' variable]
ok: [localhost] => {
    "vault": "test_password itsasecret\nprod_password hGn4!kD98A"
}

 

However, if you try to split the content of the "passwords" variable.

- name: display the content of the 'passwords' variable
  debug:
    msg: "{{ passwords.split() }}"

 

The following fatal error should be returned.

TASK [display the content of the 'passwords' variable]
fatal: [localhost]: FAILED! => {"msg": "
The task includes an option with an undefined variable.
The error was: 'ansible.parsing.yaml.objects.AnsibleVaultEncryptedUnicode object' has no attribute 'split'\n\n
The error appears to be in '/usr/local/ansible/testing.yml': line 17, column 7, but may be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: display the contents of the 'passwords' variable
        ^ here

 

This occurs because the object type of the "passwords" variable is AnsibleVaultEncryptedUnicode, which can be seen in the error message, or with the type_debug filter, and the split filter cannot be used on object type AnsibleVaultEncryptedUnicode. To resolve this, the set_fact module and string filter can be used to convert the "passwords" variable from AnsibleVaultEncryptedUnicode to AnsibleUnsafeText.

- name: convert the 'passwords' variable from AnsibleVaultEncryptedUnicode to AnsibleUnsafeText
  set_fact:
    passwords: "{{ passwords | string }}"

 

Now the "passwords" variable can be split.

- name: display the content of the 'passwords' variable
  debug:
    msg: "{{ passwords.split() }}"

 

Now the following should be returned.

TASK [display vault.yml]
ok: [localhost] => {
    "msg": [
        "test_password itsasecret",
        "prod_password hGn4!kD98A"
    ]
}

 

And here is how you would create variables containing the test password and prod password.

- set_fact:
    dev_password: "{{ passwords.split('\n')[0].split(' ')[1] }}"

- set_fact:
    prod_password: "{{ passwords.split('\n')[1].split(' ')[1] }}"

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter 25c47e in the box below so that we can be sure you are a human.