diff options
Diffstat (limited to 'test/integration/targets/ansible-vault/test_dangling_temp.yml')
-rw-r--r-- | test/integration/targets/ansible-vault/test_dangling_temp.yml | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/test/integration/targets/ansible-vault/test_dangling_temp.yml b/test/integration/targets/ansible-vault/test_dangling_temp.yml new file mode 100644 index 0000000..71a9d73 --- /dev/null +++ b/test/integration/targets/ansible-vault/test_dangling_temp.yml @@ -0,0 +1,34 @@ +- hosts: localhost + gather_facts: False + vars: + od: "{{output_dir|default('/tmp')}}/test_vault_assemble" + tasks: + - name: create target directory + file: + path: "{{od}}" + state: directory + + - name: assemble_file file with secret + assemble: + src: files/test_assemble + dest: "{{od}}/dest_file" + remote_src: no + mode: 0600 + + - name: remove assembled file with secret (so nothing should have unencrypted secret) + file: path="{{od}}/dest_file" state=absent + + - name: find temp files with secrets + find: + paths: '{{temp_paths}}' + contains: 'VAULT TEST IN WHICH BAD THING HAPPENED' + recurse: yes + register: badthings + vars: + temp_paths: "{{[lookup('env', 'TMP'), lookup('env', 'TEMP'), hardcoded]|flatten(1)|unique|list}}" + hardcoded: ['/tmp', '/var/tmp'] + + - name: ensure we failed to find any + assert: + that: + - badthings['matched'] == 0 |