e2e: fix destination of templates in VaultSecrets test (#9146)

The `$NOMAD_SECRETS_DIR` environment variable is rendered as `/secrets`, which prior to the recent security patch would unintentionally escape the file sandbox and get dropped in a directory named `/secrets` where the Nomad client binary was running. The `VaultSecrets` test was accidentally relying on this behavior and that causes the test to fail.
hashicorp · Oct 22, 2020 · 8aed53c · 8aed53c
1 parent 3347b40
commit 8aed53c
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/e2e/vaultsecrets/input/secrets.nomad b/e2e/vaultsecrets/input/secrets.nomad
@@ -33,7 +33,7 @@ job "secrets" {
 {{ end }}
 EOT
 
-        destination = "${NOMAD_SECRETS_DIR}/certificate.crt"
+        destination = "secrets/certificate.crt"
         change_mode = "noop"
       }
 
@@ -42,7 +42,7 @@ EOT
 SOME_SECRET={{ with secret "secrets-TESTID/data/myapp" }}{{- .Data.data.key -}}{{end}}
 EOT
 
-        destination = "${NOMAD_SECRETS_DIR}/access.key"
+        destination = "secrets/access.key"
       }
 
       resources {