test/integration/targets/ansible-vault/test_dangling_temp.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

- hosts: localhost
  gather_facts: False
  vars:
    od: "{{output_dir|default('/tmp')}}/test_vault_assemble"
  tasks:
    - name: create target directory
      file:
        path: "{{od}}"
        state: directory

    - name: assemble_file file with secret
      assemble:
        src: files/test_assemble
        dest: "{{od}}/dest_file"
        remote_src: no
        mode: 0600

    - name: remove assembled file with secret (so nothing should have unencrypted secret)
      file: path="{{od}}/dest_file" state=absent

    - name: find temp files with secrets
      find:
        paths: '{{temp_paths}}'
        contains: 'VAULT TEST IN WHICH BAD THING HAPPENED'
        recurse: yes
      register: badthings
      vars:
        temp_paths: "{{[lookup('env', 'TMP'), lookup('env', 'TEMP'), hardcoded]|flatten(1)|unique|list}}"
        hardcoded: ['/tmp', '/var/tmp']

    - name: ensure we failed to find any
      assert:
        that:
            - badthings['matched'] == 0