6452a82452
* fix vault tmpe file handling * use local temp dir instead of system temp * ensure each worker clears dataloader temp files * added test for dangling temp files * added notes to data loader CVE-2020-10685
34 lines
983 B
YAML
34 lines
983 B
YAML
- hosts: localhost
|
|
gather_facts: False
|
|
vars:
|
|
od: "{{output_dir|default('/tmp')}}/test_vault_assemble"
|
|
tasks:
|
|
- name: create target directory
|
|
file:
|
|
path: "{{od}}"
|
|
state: directory
|
|
|
|
- name: assemble_file file with secret
|
|
assemble:
|
|
src: files/test_assemble
|
|
dest: "{{od}}/dest_file"
|
|
remote_src: no
|
|
mode: 0600
|
|
|
|
- name: remove assembled file with secret (so nothing should have unencrypted secret)
|
|
file: path="{{od}}/dest_file" state=absent
|
|
|
|
- name: find temp files with secrets
|
|
find:
|
|
paths: '{{temp_paths}}'
|
|
contains: 'VAULT TEST IN WHICH BAD THING HAPPENED'
|
|
recurse: yes
|
|
register: badthings
|
|
vars:
|
|
temp_paths: "{{[lookup('env', 'TMP'), lookup('env', 'TEMP'), hardcoded]|flatten(1)|unique|list}}"
|
|
hardcoded: ['/tmp', '/var/tmp']
|
|
|
|
- name: ensure we failed to find any
|
|
assert:
|
|
that:
|
|
- badthings['matched'] == 0
|