Vault: Remove tmp decrypted file when experiencing error while writing (

ansible#14835) * Vault edit: Erase tmp file if error while writing to it * Close the FDs returned by mkstemp()
vperron · Mar 27, 2017 · 1bc5527 · 1bc5527
1 parent 8e0c11e
commit 1bc5527
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/lib/ansible/parsing/vault/__init__.py b/lib/ansible/parsing/vault/__init__.py
@@ -372,13 +372,14 @@ def _shred_file(self, tmp_path):
     def _edit_file_helper(self, filename, existing_data=None, force_save=False):
 
         # Create a tempfile
-        _, tmp_path = tempfile.mkstemp()
+        fd, tmp_path = tempfile.mkstemp()
+        os.close(fd)
 
-        if existing_data:
-            self.write_data(existing_data, tmp_path, shred=False)
-
-        # drop the user into an editor on the tmp file
         try:
+            if existing_data:
+                self.write_data(existing_data, tmp_path, shred=False)
+
+            # drop the user into an editor on the tmp file
             call(self._editor_shell_command(tmp_path))
         except:
             # whatever happens, destroy the decrypted file