search

ansible-collections / community.hashi_vault

Ansible collection for managing and working with HashiCorp Vault.
https://docs.ansible.com/ansible/devel/collections/community/hashi_vault/index.html
GNU General Public License v3.0
80 stars 59 forks source link

Fix "Unsafe" token values that originate from lookups #291

Closed briantist closed 2 years ago

briantist commented 2 years ago
SUMMARY

Fixes #289

Right now this is only applies to the token but the groundwork is in place to apply this to other options as needed. The current issue affects things that will end up in headers, like the token.

ISSUE TYPE
COMPONENT NAME

_hashi_vault_common

ADDITIONAL INFORMATION
codecov[bot] commented 2 years ago

Codecov Report

Merging #291 (ab47eaf) into main (b053a08) will increase coverage by 0.05%. The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main     #291      +/-   ##
==========================================
+ Coverage   98.41%   98.46%   +0.05%     
==========================================
  Files          68       71       +3     
  Lines        3343     3458     +115     
  Branches      290      301      +11     
==========================================
+ Hits         3290     3405     +115     
  Misses         44       44              
  Partials        9        9
Flag Coverage Δ
env_docker-default 98.46% <100.00%> (+0.05%) :arrow_up:
integration 81.62% <64.70%> (-0.25%) :arrow_down:
sanity 39.28% <41.17%> (+<0.01%) :arrow_up:
target_ansible-doc 100.00% <ø> (ø)
target_auth_approle 89.47% <ø> (ø)
target_auth_aws_iam 50.00% <ø> (ø)
target_auth_cert 86.36% <ø> (ø)
target_auth_jwt 91.30% <ø> (ø)
target_auth_ldap 89.47% <ø> (ø)
target_auth_none 100.00% <ø> (ø)
target_auth_token 73.07% <100.00%> (ø)
target_auth_userpass 85.71% <ø> (ø)
target_connection_options 74.76% <ø> (ø)
target_controller 83.67% <100.00%> (+1.19%) :arrow_up:
target_filter_vault_login_token 77.77% <ø> (ø)
target_import 39.28% <41.17%> (+<0.01%) :arrow_up:
target_lookup_hashi_vault 81.33% <ø> (ø)
target_lookup_vault_ansible_settings 57.16% <64.70%> (+0.05%) :arrow_up:
target_lookup_vault_kv1_get 91.30% <ø> (ø)
target_lookup_vault_kv2_get 91.66% <ø> (ø)
target_lookup_vault_login 88.57% <ø> (ø)
target_lookup_vault_read 90.00% <ø> (ø)
target_lookup_vault_token_create 78.18% <ø> (ø)
target_lookup_vault_write 59.26% <64.70%> (+0.01%) :arrow_up:
target_module_utils 96.71% <84.37%> (-0.31%) :arrow_down:
target_module_vault_kv1_get 87.23% <ø> (ø)
target_module_vault_kv2_get 86.95% <ø> (ø)
target_module_vault_login 83.33% <ø> (ø)
target_module_vault_pki_generate_certificate 78.26% <ø> (ø)
target_module_vault_read 85.36% <ø> (ø)
target_module_vault_token_create 90.00% <ø> (ø)
target_module_vault_write 58.24% <64.70%> (+0.04%) :arrow_up:
target_modules 78.66% <41.17%> (-0.41%) :arrow_down:
units 95.60% <100.00%> (+0.15%) :arrow_up:

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
plugins/module_utils/_auth_method_token.py 98.07% <100.00%> (ø)
plugins/module_utils/_hashi_vault_common.py 100.00% <100.00%> (ø)
...uthentication/test_hashi_vault_auth_method_base.py 100.00% <100.00%> (ø)
...it/plugins/module_utils/test_hashi_vault_helper.py 100.00% <100.00%> (ø)
...ins/plugin_utils/authentication/test_auth_token.py 100.00% <100.00%> (ø)
.../plugin_utils/test_hashi_vault_common_stringify.py 100.00% <100.00%> (ø)
...it/plugins/plugin_utils/test_hashi_vault_helper.py 100.00% <100.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

briantist commented 2 years ago

@felixfontein thanks for reviewing this!