From 5c992fcc3f911d52c9c5512c178bc27e0236e30f Mon Sep 17 00:00:00 2001 From: Abhijeet Kasurde Date: Tue, 12 Feb 2019 16:13:51 +0530 Subject: [PATCH] ansible-vault: handle utf-8 filename in vault (#50341) Signed-off-by: Abhijeet Kasurde --- ...16-ansible-vault_utf-8_in_vault_filename.yaml | 3 +++ lib/ansible/parsing/vault/__init__.py | 2 +- test/integration/targets/vault/runme.sh | 8 +++++++- .../vault/test_utf8_value_in_filename.yml | 16 ++++++++++++++++ test/integration/targets/vault/vault-café.yml | 6 ++++++ 5 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/50316-ansible-vault_utf-8_in_vault_filename.yaml create mode 100644 test/integration/targets/vault/test_utf8_value_in_filename.yml create mode 100644 test/integration/targets/vault/vault-café.yml diff --git a/changelogs/fragments/50316-ansible-vault_utf-8_in_vault_filename.yaml b/changelogs/fragments/50316-ansible-vault_utf-8_in_vault_filename.yaml new file mode 100644 index 0000000000..b69a6ef9f1 --- /dev/null +++ b/changelogs/fragments/50316-ansible-vault_utf-8_in_vault_filename.yaml @@ -0,0 +1,3 @@ +--- +minor_changes: + - Handle vault filename with UTF-8 while decrypting vault file using ansible-vault. diff --git a/lib/ansible/parsing/vault/__init__.py b/lib/ansible/parsing/vault/__init__.py index 8aca1cf217..f4057f896e 100644 --- a/lib/ansible/parsing/vault/__init__.py +++ b/lib/ansible/parsing/vault/__init__.py @@ -737,7 +737,7 @@ class VaultLib: file_slug = '' if filename: file_slug = ' of "%s"' % filename - display.vvvvv('Decrypt%s successful with secret=%s and vault_id=%s' % (to_text(file_slug), vault_secret, vault_secret_id)) + display.vvvvv(u'Decrypt%s successful with secret=%s and vault_id=%s' % (to_text(file_slug), vault_secret, vault_secret_id)) break except AnsibleVaultFormatError as exc: msg = "There was a vault format error" diff --git a/test/integration/targets/vault/runme.sh b/test/integration/targets/vault/runme.sh index 1dee54a9e5..56a327a523 100755 --- a/test/integration/targets/vault/runme.sh +++ b/test/integration/targets/vault/runme.sh @@ -35,7 +35,7 @@ echo "This is a test file for edit3" > "${TEST_FILE_EDIT3}" # ansible-config view ansible-config view -# ansisle-config +# ansible-config ansible-config dump --only-changed ansible-vault encrypt "$@" --vault-id vault-password "${TEST_FILE_EDIT3}" # EDITOR=./faux-editor.py ansible-vault edit "$@" "${TEST_FILE_EDIT3}" @@ -266,6 +266,9 @@ echo "rc was $WRONG_RC (2 is expected)" ansible-vault view "$@" --vault-password-file "${NEW_VAULT_PASSWORD}" "${TEST_FILE}" +# view file with unicode in filename +ansible-vault view "$@" --vault-password-file vault-password vault-café.yml + # view with old password file and new password file ansible-vault view "$@" --vault-password-file "${NEW_VAULT_PASSWORD}" --vault-password-file vault-password "${TEST_FILE}" @@ -487,3 +490,6 @@ ansible-playbook "$@" -i invalid_format/inventory --vault-id invalid_format/vaul EXPECTED_ERROR='Vault format unhexlify error: Odd-length string' ansible-playbook "$@" -i invalid_format/inventory --vault-id invalid_format/vault-secret invalid_format/broken-group-vars-tasks.yml 2>&1 | grep "${EXPECTED_ERROR}" + +# Run playbook with vault file with unicode in filename (https://github.com/ansible/ansible/issues/50316) +ansible-playbook -i ../../inventory -v "$@" --vault-password-file vault-password test_utf8_value_in_filename.yml diff --git a/test/integration/targets/vault/test_utf8_value_in_filename.yml b/test/integration/targets/vault/test_utf8_value_in_filename.yml new file mode 100644 index 0000000000..9bd394dc1b --- /dev/null +++ b/test/integration/targets/vault/test_utf8_value_in_filename.yml @@ -0,0 +1,16 @@ +- name: "Test that the vaulted file with UTF-8 in filename decrypts correctly" + gather_facts: false + hosts: testhost + vars: + expected: "my_secret" + vars_files: + - vault-café.yml + tasks: + - name: decrypt vaulted file with utf8 in filename and show it in debug + debug: + var: vault_string + + - name: assert decrypted value matches expected + assert: + that: + - "vault_string == expected" diff --git a/test/integration/targets/vault/vault-café.yml b/test/integration/targets/vault/vault-café.yml new file mode 100644 index 0000000000..0d179aecad --- /dev/null +++ b/test/integration/targets/vault/vault-café.yml @@ -0,0 +1,6 @@ +$ANSIBLE_VAULT;1.1;AES256 +63363732353363646661643038636339343263303161346533393636336562336465396265373834 +6366313833613236356666646532613636303532366231340a316238666435306332656662613731 +31623433613434633539333564613564656439343661363831336364376266653462366161383038 +6530386533363933350a336631653833666663643166303932653261323431623333356539666265 +37316464303231366163333430346537353631376538393939646362313337363866