You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
task: encode various Jinja variables as JSON for manifests
We use Jinja2 to template our manifest files, but Jinja itself is
unaware of the output format (e.g., YAML). It simply renders text, so
it's up to us to ensure that variable values result in valid YAML.
In most cases, this means setting a Jinja variable to something that is
a valid YAML value. For example:
name: {{ pod_name }}
port: {{ ingress_port }}
YAML is a superset of JSON, so encoding simple values with json.dumps()
ensures they are safe and valid in most contexts.
However, not all uses are simple. Consider {{ port }} in different
roles:
manifests/svc-cluster-ip.yaml.j2: - name: tft-clusterip-service-udp-{{ port }}
manifests/svc-cluster-ip.yaml.j2- protocol: UDP
manifests/svc-cluster-ip.yaml.j2: port: {{ port }}
manifests/svc-cluster-ip.yaml.j2- selector:
manifests/svc-cluster-ip.yaml.j2: tft-port: "{{ port }}"
Here, "port" is used as a string fragment, a raw int, and a quoted
string—so no single encoding works everywhere.
This commit ensures that, where variables are used in simple,
well-defined ways, we encode them as JSON to reduce risk. We must still
reason about each template's context to set variables correctly.
Signed-off-by: Thomas Haller <thaller@redhat.com>
0 commit comments