Write secrets to tmpfs
So that we may avoid writing the decrypted contents of secrets to
disk, write them to a file in a tmpfs.
Change-Id: I7c029b67d0fc2fa3827dc811137dd4f3a90706d8
diff --git a/tests/unit/test_bubblewrap.py b/tests/unit/test_bubblewrap.py
index bb1be73..661d868 100644
--- a/tests/unit/test_bubblewrap.py
+++ b/tests/unit/test_bubblewrap.py
@@ -39,8 +39,8 @@
ssh_agent.start()
po = context.getPopen(work_dir=work_dir,
ssh_auth_sock=ssh_agent.env['SSH_AUTH_SOCK'])
- self.assertTrue(po.passwd_r > 2)
- self.assertTrue(po.group_r > 2)
+ self.assertTrue(po.fds[0] > 2)
+ self.assertTrue(po.fds[1] > 2)
self.assertTrue(work_dir in po.command)
# Now run /usr/bin/id to verify passwd/group entries made it in
true_proc = po(['/usr/bin/id'], stdout=subprocess.PIPE,
@@ -51,8 +51,7 @@
# And that it did not print things on stderr
self.assertEqual(0, len(errs.strip()))
# Make sure the _r's are closed
- self.assertIsNone(po.passwd_r)
- self.assertIsNone(po.group_r)
+ self.assertEqual([], po.fds)
def test_bubblewrap_leak(self):
bwrap = bubblewrap.BubblewrapDriver()
diff --git a/tests/unit/test_v3.py b/tests/unit/test_v3.py
index 2293ca0..eb11edf 100755
--- a/tests/unit/test_v3.py
+++ b/tests/unit/test_v3.py
@@ -1283,8 +1283,7 @@
], ordered=False)
matches = self.searchForContent(self.history[0].jobdir.root,
b'test-password')
- self.assertEqual(set(['/ansible/playbook_0/secrets.yaml',
- '/work/secret-file.txt']),
+ self.assertEqual(set(['/work/secret-file.txt']),
set(matches))
def test_secret_file(self):
@@ -1319,8 +1318,7 @@
], ordered=False)
matches = self.searchForContent(self.history[0].jobdir.root,
b'test-password')
- self.assertEqual(set(['/ansible/playbook_0/secrets.yaml',
- '/work/failure-file.txt']),
+ self.assertEqual(set(['/work/failure-file.txt']),
set(matches))
def test_secret_file_fail(self):