Vault: Remove tmp decrypted file when experiencing error while writing (#14835)

* Vault edit: Erase tmp file if error while writing to it * Close the FDs returned by mkstemp()
8 years ago · 1bc5527c69
parent 8e0c11ebc4
commit 1bc5527c69
1 changed files with 6 additions and 5 deletions
--- a/lib/ansible/parsing/vault/init.py
+++ b/lib/ansible/parsing/vault/init.py
@ -372,13 +372,14 @@ class VaultEditor:
    def _edit_file_helper(self, filename, existing_data=None, force_save=False):

        # Create a tempfile
-        _, tmp_path = tempfile.mkstemp()
+        fd, tmp_path = tempfile.mkstemp()
+        os.close(fd)

-        if existing_data:
-            self.write_data(existing_data, tmp_path, shred=False)
-
-        # drop the user into an editor on the tmp file
        try:
+            if existing_data:
+                self.write_data(existing_data, tmp_path, shred=False)
+
+            # drop the user into an editor on the tmp file
            call(self._editor_shell_command(tmp_path))
        except:
            # whatever happens, destroy the decrypted file