cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
ansible/test/integration/targets/copy/tasks/no_log.yml
Sloane Hertel 991714b9d1
copy - redact 'content' from invocation in check mode (#71033) 
* sanitize copy module invocation secrets in check mode
2020-08-03 11:41:45 -04:00

82 lines
2.3 KiB
YAML
Raw Blame History

- block:
- set_fact:
dest: "{{ local_temp_dir }}/test_no_log"
- name: ensure playbook and dest files don't exist yet
file:
path: "{{ item }}"
state: absent
loop:
- "{{ local_temp_dir }}/test_no_log.yml"
- "{{ dest }}"
- name: create a playbook to run with command
copy:
dest: "{{local_temp_dir}}/test_no_log.yml"
content: !unsafe |
---
- hosts: localhost
gather_facts: no
tasks:
- copy:
dest: "{{ dest }}"
content: "{{ secret }}"
- name: copy the secret while using -vvv and check mode
command: "ansible-playbook {{local_temp_dir}}/test_no_log.yml -vvv -e secret=SECRET -e dest={{dest}} --check"
register: result
- assert:
that:
- "'SECRET' not in result.stdout"
- name: copy the secret while using -vvv
command: "ansible-playbook {{local_temp_dir}}/test_no_log.yml -vvv -e secret=SECRET -e dest={{dest}}"
register: result
- assert:
that:
- "'SECRET' not in result.stdout"
- name: copy the secret while using -vvv and check mode again
command: "ansible-playbook {{local_temp_dir}}/test_no_log.yml -vvv -e secret=SECRET -e dest={{dest}} --check"
register: result
- assert:
that:
- "'SECRET' not in result.stdout"
- name: copy the secret while using -vvv again
command: "ansible-playbook {{local_temp_dir}}/test_no_log.yml -vvv -e secret=SECRET -e dest={{dest}}"
register: result
- assert:
that:
- "'SECRET' not in result.stdout"
- name: copy a new secret while using -vvv and check mode
command: "ansible-playbook {{local_temp_dir}}/test_no_log.yml -vvv -e secret=NEWSECRET -e dest={{dest}} --check"
register: result
- assert:
that:
- "'NEWSECRET' not in result.stdout"
- name: copy a new secret while using -vvv
command: "ansible-playbook {{local_temp_dir}}/test_no_log.yml -vvv -e secret=NEWSECRET -e dest={{dest}}"
register: result
- assert:
that:
- "'NEWSECRET' not in result.stdout"
always:
- name: remove temp test files
file:
path: "{{ item }}"
state: absent
loop:
- "{{ local_temp_dir }}/test_no_log.yml"
- "{{ dest }}"
Reference in a new issue View git blame Copy permalink