blob: 71a9d73aaf68df88a204e25b7dfb0fdce595b3d4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
- hosts: localhost
gather_facts: False
vars:
od: "{{output_dir|default('/tmp')}}/test_vault_assemble"
tasks:
- name: create target directory
file:
path: "{{od}}"
state: directory
- name: assemble_file file with secret
assemble:
src: files/test_assemble
dest: "{{od}}/dest_file"
remote_src: no
mode: 0600
- name: remove assembled file with secret (so nothing should have unencrypted secret)
file: path="{{od}}/dest_file" state=absent
- name: find temp files with secrets
find:
paths: '{{temp_paths}}'
contains: 'VAULT TEST IN WHICH BAD THING HAPPENED'
recurse: yes
register: badthings
vars:
temp_paths: "{{[lookup('env', 'TMP'), lookup('env', 'TEMP'), hardcoded]|flatten(1)|unique|list}}"
hardcoded: ['/tmp', '/var/tmp']
- name: ensure we failed to find any
assert:
that:
- badthings['matched'] == 0
|