Fixes #6579 allow for vault passwords ending with newline chars

Also add a unit test for vaulteditor to verify 1.0 passwords with newline chars.
11 years ago · 409044155d
parent 2998466811
commit 409044155d
5 changed files with 30 additions and 8 deletions
--- a/bin/ansible
+++ b/bin/ansible
@ -133,9 +133,6 @@ class Cli(object):
            except (OSError, IOError), e:
                raise errors.AnsibleError("Could not read %s: %s" % (this_path, e))
            # get rid of newline chars        
            tmp_vault_pass = tmp_vault_pass.strip()
            if not options.ask_vault_pass:
                vault_pass = tmp_vault_pass
--- a/bin/ansible-playbook
+++ b/bin/ansible-playbook
@ -127,9 +127,6 @@ def main(args):
            except (OSError, IOError), e:
                raise errors.AnsibleError("Could not read %s: %s" % (this_path, e))
            # get rid of newline chars
            tmp_vault_pass = tmp_vault_pass.strip()
            if not options.ask_vault_pass:
                vault_pass = tmp_vault_pass
--- a/bin/ansible-vault
+++ b/bin/ansible-vault
@ -105,8 +105,6 @@ def _read_password(filename):
    f = open(filename, "rb")
    data = f.read()
    f.close
    # get rid of newline chars
    data = data.strip()
    return data
 def execute_create(args, options, parser):
--- a/test/units/TestVaultEditor.py
+++ b/test/units/TestVaultEditor.py
@ -75,6 +75,32 @@ class TestVaultEditor(TestCase):
        assert error_hit == False, "error decrypting 1.0 file"            
        assert fdata.strip() == "foo", "incorrect decryption of 1.0 file: %s" % fdata.strip() 
    def test_decrypt_1_0_newline(self):
        if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2:
            raise SkipTest
        dirpath = tempfile.mkdtemp()
        filename = os.path.join(dirpath, "foo-ansible-1.0-ansible-newline-ansible.yml")
        shutil.rmtree(dirpath)
        shutil.copytree("vault_test_data", dirpath)
        ve = VaultEditor(None, "ansible\nansible\n", filename)
        # make sure the password functions for the cipher
        error_hit = False
        try:        
            ve.decrypt_file()
        except errors.AnsibleError, e:
            error_hit = True
        # verify decrypted content
        f = open(filename, "rb")
        fdata = f.read()
        f.close()
        shutil.rmtree(dirpath)
        assert error_hit == False, "error decrypting 1.0 file with newline in password"            
        #assert fdata.strip() == "foo", "incorrect decryption of 1.0 file: %s" % fdata.strip() 
    def test_decrypt_1_1(self):
        if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2:
            raise SkipTest
--- a/test/units/vault_test_data/foo-ansible-1.0-ansible-newline-ansible.yml
+++ b/test/units/vault_test_data/foo-ansible-1.0-ansible-newline-ansible.yml
@ -0,0 +1,4 @@
 $ANSIBLE_VAULT;1.0;AES
 53616c7465645f5ff0442ae8b08e2ff316d0d6512013185df7aded44f3c0eeef1b7544d078be1fe7
 ed88d0fedcb11928df45558f4b7f80fce627fbb08c5288885ab053f4129175779a8f24f5c1113731
 7d22cee14284670953c140612edf62f92485123fc4f15099ffe776e906e08145