a-c-m
/
community.general
mirror of https://github.com/ansible-collections/community.general.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixes #6579 allow for vault passwords ending with newline chars 

Also add a unit test for vaulteditor to verify 1.0 passwords with newline chars.
pull/4420/head
James Tanner 2014-03-19 14:36:52 -04:00
parent 2998466811
commit 409044155d
5 changed files with 30 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
bin/ansible
View File

@ -133,9 +133,6 @@ class Cli(object):
except (OSError, IOError), e: except (OSError, IOError), e:
raise errors.AnsibleError("Could not read %s: %s" % (this_path, e)) raise errors.AnsibleError("Could not read %s: %s" % (this_path, e))
# get rid of newline chars
tmp_vault_pass = tmp_vault_pass.strip()
if not options.ask_vault_pass: if not options.ask_vault_pass:
vault_pass = tmp_vault_pass vault_pass = tmp_vault_pass

3
bin/ansible-playbook
View File

@ -127,9 +127,6 @@ def main(args):
except (OSError, IOError), e: except (OSError, IOError), e:
raise errors.AnsibleError("Could not read %s: %s" % (this_path, e)) raise errors.AnsibleError("Could not read %s: %s" % (this_path, e))
# get rid of newline chars
tmp_vault_pass = tmp_vault_pass.strip()
if not options.ask_vault_pass: if not options.ask_vault_pass:
vault_pass = tmp_vault_pass vault_pass = tmp_vault_pass

2
bin/ansible-vault
View File

@ -105,8 +105,6 @@ def _read_password(filename):
f = open(filename, "rb") f = open(filename, "rb")
data = f.read() data = f.read()
f.close f.close
# get rid of newline chars
data = data.strip()
return data return data
def execute_create(args, options, parser): def execute_create(args, options, parser):

26
test/units/TestVaultEditor.py
View File

@ -75,6 +75,32 @@ class TestVaultEditor(TestCase):
assert error_hit == False, "error decrypting 1.0 file" assert error_hit == False, "error decrypting 1.0 file"
assert fdata.strip() == "foo", "incorrect decryption of 1.0 file: %s" % fdata.strip() assert fdata.strip() == "foo", "incorrect decryption of 1.0 file: %s" % fdata.strip()
def test_decrypt_1_0_newline(self):
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2:
raise SkipTest
dirpath = tempfile.mkdtemp()
filename = os.path.join(dirpath, "foo-ansible-1.0-ansible-newline-ansible.yml")
shutil.rmtree(dirpath)
shutil.copytree("vault_test_data", dirpath)
ve = VaultEditor(None, "ansible\nansible\n", filename)
# make sure the password functions for the cipher
error_hit = False
try:
ve.decrypt_file()
except errors.AnsibleError, e:
error_hit = True
# verify decrypted content
f = open(filename, "rb")
fdata = f.read()
f.close()
shutil.rmtree(dirpath)
assert error_hit == False, "error decrypting 1.0 file with newline in password"
#assert fdata.strip() == "foo", "incorrect decryption of 1.0 file: %s" % fdata.strip()
def test_decrypt_1_1(self): def test_decrypt_1_1(self):
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2: if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2:
raise SkipTest raise SkipTest

4
test/units/vault_test_data/foo-ansible-1.0-ansible-newline-ansible.yml Normal file
View File

@ -0,0 +1,4 @@
$ANSIBLE_VAULT;1.0;AES
53616c7465645f5ff0442ae8b08e2ff316d0d6512013185df7aded44f3c0eeef1b7544d078be1fe7
ed88d0fedcb11928df45558f4b7f80fce627fbb08c5288885ab053f4129175779a8f24f5c1113731
7d22cee14284670953c140612edf62f92485123fc4f15099ffe776e906e08145