feat(ansible): use raw strings

knowledge base/ansible.md

@@ -10,6 +10,7 @@
 1. [Templating](#templating)
    1. [Tests](#tests)
    1. [Loops](#loops)
+1. [Use raw strings](#use-raw-strings)
 1. [Validation](#validation)
    1. [Assertions](#assertions)
 1. [Asynchronous actions](#asynchronous-actions)
@@ -601,6 +602,38 @@ Return a boolean result.
     - ['inner1', 'inner2']
 ```
 
+## Use raw strings
+
+Refer [Advanced playbook syntax].
+
+Ansible uses the custom `!unsafe` data type to mark data as unsafe, and block Jinja2 templating in YAML.<br/>
+This prevents abusing Jinja2 templates to execute arbitrary code on target machines, with the Ansible implementation
+ensuring that unsafe values are never templated.
+
+```yml
+mypassword: !unsafe '234%234{435lkj{{lkjsdf'
+
+vars:
+  my_unsafe_variable: !unsafe 'unsafe % value'
+  my_unsafe_array:
+    - !unsafe 'unsafe element'
+    - 'safe element'
+  my_unsafe_hash:
+    unsafe_key: !unsafe 'unsafe value'
+```
+
+The most common use cases include:
+
+- Allowing passwords containing special characters like `{` or `%`.
+- Allowing JSON arguments that look like templates but should not be templated.
+
+The same result can be achieved by surrounding the Jinja2 code with the `{% raw %}` and `{% endraw %}` tags, though this
+makes it less readable.
+
+```yml
+mypassword: "{% raw -%} 234%234{435lkj{{lkjsdf {%- endraw %}"
+```
+
 ## Validation
 
 ### Assertions
@@ -1761,6 +1794,7 @@ Another _better (?)_ solution in playbooks/roles would be to sanitize the input
 - [Ansible v2.14 CHANGELOG]
 - [How can I pass variable to ansible playbook in the command line?]
 - [Ansible Map Examples - Filter List and Dictionaries]
+- [Advanced playbook syntax]
 
 <!--
   Reference
@@ -1783,6 +1817,7 @@ Another _better (?)_ solution in playbooks/roles would be to sanitize the input
 
 <!-- Upstream -->
 [8 ways to speed up your Ansible playbooks]: https://www.redhat.com/sysadmin/faster-ansible-playbook-execution
+[Advanced playbook syntax]: https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_advanced_syntax.html
 [ansible galaxy user guide]: https://docs.ansible.com/ansible/latest/galaxy/user_guide.html
 [ansible navigator documentation]: https://ansible.readthedocs.io/projects/navigator/
 [ansible runner]: https://ansible.readthedocs.io/projects/runner/en/stable/

snippets/ansible/awx.fish

@@ -1,4 +1,4 @@
-#!/usr/bin/env
+#!/usr/bin/env fish
 
 # configure access
 set -x 'TOWER_HOST' 'https://awx.example.com/'

snippets/ansible/tasks/manipulate data.yml

@@ -305,6 +305,8 @@
           '--exclude-schema=transient_views',
         ] | flatten | unique
       }}
+    raw_string: !unsafe "{{ this template is not executed, but given as-is as string }}"
+    raw_string_via_jinja_specification: "{% raw -%} 234%234{435lkj{{lkjsdf {%- endraw %}"
 
 - name: Return data types
   tags:

snippets/awx.sh

@@ -43,6 +43,10 @@ curl -fs --user 'admin:password' 'https://awx.example.org/api/v2/job_templates/'
 awx job_templates modify '1' --extra_vars "@vars.yml"
 awx job_templates modify '5' --extra_vars "@vars.json"
 
+# Show workflow job templates
+awx workflow_job_templates get 'some workflow job template'
+awx workflow_job_templates get -f 'yaml' 'some workflow job template returned as yaml'
+
 # Show notification templates
 awx notification_templates list
 curl -fs --user 'admin:password' 'https://awx.example.org/api/v2/notification_templates/' | jq '.' -