File fix-ansible.playbooks-extra-vars-quoting-bsc-1257831.patch of Package salt

From ec032815e3748e34ebd4848d097de4a871828214 Mon Sep 17 00:00:00 2001
From: Victor Zhestkov <vzhestkov@suse.com>
Date: Fri, 13 Mar 2026 14:36:12 +0100
Subject: [PATCH] Fix ansible.playbooks extra-vars quoting
 (bsc#1257831)

* Fix ansible.playbooks extra-vars quoting (bsc#1257831)

* Add test for passing complex extra-vars to ansible.playbooks
---
 salt/modules/ansiblegate.py                   |  5 ++--
 .../pytests/unit/modules/test_ansiblegate.py  | 30 +++++++++++++++++++
 2 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/salt/modules/ansiblegate.py b/salt/modules/ansiblegate.py
index 9dd878665f0..8d6a80b930a 100644
--- a/salt/modules/ansiblegate.py
+++ b/salt/modules/ansiblegate.py
@@ -18,6 +18,7 @@ import fnmatch
 import json
 import logging
 import os
+import shlex
 import subprocess
 import sys
 from tempfile import NamedTemporaryFile
@@ -367,9 +368,9 @@ def playbooks(
     if diff:
         command.append("--diff")
     if isinstance(extra_vars, dict):
-        command.append(f"--extra-vars='{json.dumps(extra_vars)}'")
+        command.append(f"--extra-vars={shlex.quote(json.dumps(extra_vars))}")
     elif isinstance(extra_vars, str) and extra_vars.startswith("@"):
-        command.append(f"--extra-vars={extra_vars}")
+        command.append(f"--extra-vars={shlex.quote(extra_vars)}")
     if flush_cache:
         command.append("--flush-cache")
     if inventory:
diff --git a/tests/pytests/unit/modules/test_ansiblegate.py b/tests/pytests/unit/modules/test_ansiblegate.py
index d8bdd1140ea..b12b0bea4e1 100644
--- a/tests/pytests/unit/modules/test_ansiblegate.py
+++ b/tests/pytests/unit/modules/test_ansiblegate.py
@@ -1,6 +1,8 @@
 # Author: Bo Maryniuk <bo@suse.de>
 
+import json
 import os
+import shlex
 
 import pytest
 
@@ -351,3 +353,31 @@ def test_ansible_discover_playbooks_multiple_locations():
         "fullpath": os.path.join(playbooks_dir, "example-playbook2/site.yml"),
         "custom_inventory": os.path.join(playbooks_dir, "example-playbook2/hosts"),
     }
+
+
+def test_ansible_playbooks_with_complex_extra_vars():
+    """
+    Test ansible.playbooks execution module function can pass comples extra-vars.
+    """
+    extra_vars = {
+        "test_key1": {
+            "test_subkey1": "single'quote",
+            "test_subkey2": 'double"quote',
+        },
+        "test_key2": {
+            "backquote": "`",
+        },
+    }
+    cmd_run_all = MagicMock(return_value={"retcode": 0, "stdout": '{"foo": "bar"}'})
+    with patch.dict(ansiblegate.__salt__, {"cmd.run_all": cmd_run_all}), patch(
+        "salt.utils.path.which", MagicMock(return_value=True)
+    ):
+        ret = ansiblegate.playbooks("fake-playbook.yml", extra_vars=extra_vars)
+        assert "retcode" in ret
+        cmd_run_all.assert_called_once()
+        passed_extra_vars = {}
+        for arg in shlex.split(cmd_run_all.call_args.kwargs["cmd"]):
+            if arg.startswith("--extra-vars="):
+                passed_extra_vars = arg[13:]
+        passed_extra_vars = json.loads(passed_extra_vars)
+        assert passed_extra_vars == extra_vars
-- 
2.53.0