correctly catch facts with vault and other ansible-specific data

changelogs/fragments/1769-callback-vault-facts.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - callback plugin - correctly catch facts with vault data and replace it with ``ENCRYPTED_VAULT_VALUE_NOT_REPORTED``, preventing ``Object of type AnsibleVaultEncryptedUnicode is not JSON serializable`` errors

plugins/callback/foreman.py

@@ -118,6 +118,7 @@
     HAS_REQUESTS = False
 
 from ansible.module_utils._text import to_text
+from ansible.module_utils.common.json import AnsibleJSONEncoder
 from ansible.module_utils.parsing.convert_bool import boolean as to_bool
 from ansible.plugins.callback import CallbackBase
 
@@ -172,6 +173,15 @@ def get_now():
     return datetime.utcnow().strftime("%Y-%m-%d %H:%M:%S+00:00")
 
 
+class AnsibleNoVaultJSONEncoder(AnsibleJSONEncoder):
+    def default(self, o):
+        if getattr(o, '__ENCRYPTED__', False):
+            value = 'ENCRYPTED_VAULT_VALUE_NOT_REPORTED'
+        else:
+            value = super(AnsibleNoVaultJSONEncoder, self).default(o)
+        return value
+
+
 class CallbackModule(CallbackBase):
     CALLBACK_VERSION = 2.0
     CALLBACK_TYPE = 'notification'
@@ -243,14 +253,17 @@ def _send_data(self, data_type, report_type, host, data):
         else:
             self._display.warning(u'Unknown report_type: {rt}'.format(rt=report_type))
 
+        json_data = json.dumps(data, indent=2, sort_keys=True, cls=AnsibleNoVaultJSONEncoder)
+
         if len(self.dir_store) > 0:
             filename = u'{host}-{dt}.json'.format(host=to_text(host), dt=data_type)
             filename = os.path.join(self.dir_store, filename)
             with open(filename, 'w') as f:
-                json.dump(data, f, indent=2, sort_keys=True)
+                f.write(json_data)
         else:
             try:
-                response = self.session.post(url=url, json=data)
+                headers = {'content-type': 'application/json'}
+                response = self.session.post(url=url, data=json_data, headers=headers)
                 response.raise_for_status()
             except requests.exceptions.RequestException as err:
                 self._display.warning(u'Sending data to Foreman at {url} failed for {host}: {err}'.format(

tests/callback/three_hosts.yml

@@ -47,6 +47,15 @@
     - name: Vault fact
       set_fact:
         geheim: "{{ crypt }}"
+        crypt: !vault |
+              $ANSIBLE_VAULT;1.1;AES256
+              62343962363339363461373565656663663734393265636161313466326163666638333735303061
+              6134346238366533616262663462396332363535363662660a323339326635373330633230336332
+              38363334373037356466383063616532656632303636333839313831626264386132386661303535
+              3864663564356332390a633631363962353163316236323038363861623763616265343762366435
+              6237
+        unsafe: !unsafe |
+          THIS IS {{ crypt }}
 
   handlers:
     - name: Test handler 1

tests/fixtures/callback/dir_store/foreman/testhost-facts.json

@@ -3,7 +3,9 @@
     "_timestamp": "2000-01-01 12:00:00+00:00",
     "_type": "ansible",
     "ansible_facts": {
-      "geheim": "admin"
+      "crypt": "ENCRYPTED_VAULT_VALUE_NOT_REPORTED",
+      "geheim": "admin",
+      "unsafe": "THIS IS {{ crypt }}\n"
     }
   },
   "name": "testhost"

tests/fixtures/callback/dir_store/proxy/testhost-report.json

@@ -296,7 +296,9 @@
       "failed": false,
       "result": {
         "ansible_facts": {
-          "geheim": "admin"
+          "crypt": "ENCRYPTED_VAULT_VALUE_NOT_REPORTED",
+          "geheim": "admin",
+          "unsafe": "THIS IS {{ crypt }}\n"
         },
         "changed": false
       },