ansible-collections/community.docker
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.docker.git synced 2025-12-16 11:58:43 +00:00
Code Packages Projects Releases Wiki Activity
e2e1bc796b
community.docker/tests/integration/targets/inventory_docker_containers/runme.sh
Felix Fontein e2e1bc796b
Prevent RCE via inventory plugins (#815) (#818) 
* Prevent RCE via inventory plugins.

* Do not make ansible_connection unsafe.

* Add test.

(cherry picked from commit bf1281ae7f)
2024-03-14 22:09:57 +01:00

29 lines
870 B
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
[[ -n "$DEBUG" || -n "$ANSIBLE_DEBUG" ]] && set -x
set -euo pipefail
cleanup() {
echo "Cleanup"
ansible-playbook playbooks/docker_cleanup.yml "$@"
echo "Done"
}
trap cleanup INT TERM EXIT
echo "Setup"
ANSIBLE_ROLES_PATH=.. ansible-playbook playbooks/docker_setup.yml "$@"
echo "Test docker_containers inventory 1"
ansible-playbook -i inventory_1.docker.yml playbooks/test_inventory_1.yml "$@"
echo "Test docker_containers inventory 2"
rm -f /tmp/ansible-docker-test-docker-inventory-container-*-labels.txt
ansible-playbook -i inventory_2.docker.yml playbooks/test_inventory_2.yml "$@"
echo "Validate that 'EVALUATED' does not appear in the labels"
for FILENAME in /tmp/ansible-docker-test-docker-inventory-container-*-labels.txt; do
grep -qv EVALUATED "${FILENAME}" || ( echo "${FILENAME} contains EVALUATED!" && exit 1 )
done
View Git Blame Copy Permalink