ansible/test/integration/targets/module_utils/module_utils_vvvvv.yml
Jordan Borean 0cdc410dce
no_log mask suboption fallback values and defaults CVE-2021-20228 ()
* no_log mask suboption fallback values and defaults

* Added changelog

* Remove lambda expression
2021-02-05 09:11:55 +10:00

30 lines
1.5 KiB
YAML

- hosts: testhost
gather_facts: no
tasks:
- name: Use a specially crafted module to see if things were imported correctly
test:
# Invocation usually is output with 3vs or more, our callback plugin displays it anyway
- name: Check no_log invocation results
command: ansible-playbook -i {{ inventory_file }} module_utils_test_no_log.yml
environment:
ANSIBLE_CALLBACK_PLUGINS: callback
ANSIBLE_STDOUT_CALLBACK: pure_json
SECRET_ENV: ghi
SECRET_SUB_ENV: jkl
register: no_log_invocation
- set_fact:
no_log_invocation: '{{ no_log_invocation.stdout | trim | from_json }}'
- name: check no log values from fallback or default are masked
assert:
that:
- no_log_invocation.invocation.module_args.default_pass == 'VALUE_SPECIFIED_IN_NO_LOG_PARAMETER'
- no_log_invocation.invocation.module_args.explicit_pass == 'VALUE_SPECIFIED_IN_NO_LOG_PARAMETER'
- no_log_invocation.invocation.module_args.fallback_pass == 'VALUE_SPECIFIED_IN_NO_LOG_PARAMETER'
- no_log_invocation.invocation.module_args.normal == 'plaintext'
- no_log_invocation.invocation.module_args.suboption.default_sub_pass == 'VALUE_SPECIFIED_IN_NO_LOG_PARAMETER'
- no_log_invocation.invocation.module_args.suboption.explicit_sub_pass == 'VALUE_SPECIFIED_IN_NO_LOG_PARAMETER'
- no_log_invocation.invocation.module_args.suboption.fallback_sub_pass == 'VALUE_SPECIFIED_IN_NO_LOG_PARAMETER'
- no_log_invocation.invocation.module_args.suboption.normal == 'plaintext'