You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible/test/integration/targets/vault
Adrian Likins 042079aa87 Use vault_id when encrypted via vault-edit (#30772)
* Use vault_id when encrypted via vault-edit

On the encryption stage of
'ansible-vault edit --vault-id=someid@passfile somefile',
the vault id was not being passed to encrypt() so the files were
always saved with the default vault id in the 1.1 version format.

When trying to edit that file a second time, also with a --vault-id,
the file would be decrypted with the secret associated with the
provided vault-id, but since the encrypted file had no vault id
in the envelope there would be no match for 'default' secrets.
(Only the --vault-id was included in the potential matches, so
the vault id actually used to decrypt was not).

If that list was empty, there would be an IndexError when trying
to encrypted the changed file. This would result in the displayed
error:

ERROR! Unexpected Exception, this is probably a bug: list index out of range

Fix is two parts:

1) use the vault id when encrypting from edit

2) when matching the secret to use for encrypting after edit,
include the vault id that was used for decryption and not just
the vault id (or lack of vault id) from the envelope.

add unit tests for #30575 and intg tests for 'ansible-vault edit'

Fixes #30575

(cherry picked from commit a14d0f3586)
7 years ago
..
roles Support multiple vault passwords (#22756) 7 years ago
aliases Initial ansible-test implementation. (#18556) 8 years ago
empty-password Vault secrets empty password (#28186) 7 years ago
encrypted_file_encrypted_var_password Support multiple vault passwords (#22756) 7 years ago
example1_password Support multiple vault passwords (#22756) 7 years ago
example2_password Support multiple vault passwords (#22756) 7 years ago
example3_password Support multiple vault passwords (#22756) 7 years ago
faux-editor.py Use vault_id when encrypted via vault-edit (#30772) 7 years ago
format_1_0_AES.yml Cyptography pr 20566 rebase (#25560) 8 years ago
format_1_1_AES.yml Cyptography pr 20566 rebase (#25560) 8 years ago
format_1_1_AES256.yml Cyptography pr 20566 rebase (#25560) 8 years ago
format_1_2_AES256.yml Support multiple vault passwords (#22756) 7 years ago
password-script.py Support multiple vault passwords (#22756) 7 years ago
runme.sh Use vault_id when encrypted via vault-edit (#30772) 7 years ago
runme_change_pip_installed.sh Cyptography pr 20566 rebase (#25560) 8 years ago
test_vault.yml Split integration tests out from Makefile. (#17976) 8 years ago
test_vault_embedded.yml Split integration tests out from Makefile. (#17976) 8 years ago
test_vault_embedded_ids.yml Support multiple vault passwords (#22756) 7 years ago
test_vault_file_encrypted_embedded.yml Support multiple vault passwords (#22756) 7 years ago
test_vaulted_inventory.yml add a intg test for vault encrypted inventory (#18550) 8 years ago
test_vaulted_template.yml Allow template files to be vaulted (#22951) 8 years ago
vault-password Split integration tests out from Makefile. (#17976) 8 years ago
vault-password-ansible Cyptography pr 20566 rebase (#25560) 8 years ago
vault-password-wrong Cyptography pr 20566 rebase (#25560) 8 years ago
vault-secret.txt Split integration tests out from Makefile. (#17976) 8 years ago
vaulted.inventory add a intg test for vault encrypted inventory (#18550) 8 years ago