Feature Request: Allow 'file' module to optionally shred directory/files

[dkarakas1]

ISSUE TYPE

• Feature Idea

COMPONENT NAME

File Module

ANSIBLE VERSION

ansible --version
ansible 2.2.0.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = Default w/o overrid

CONFIGURATION

OS / ENVIRONMENT

Linux Host OS

SUMMARY

Please add a secure delete option to the File Module

STEPS TO REPRODUCE

- file:
    path: /etc/foo.conf
    state: absent_secure

EXPECTED RESULTS

I would like 'absent_secure' to recursively delete directores/files using Linux 'shred' command.
I would like 'absent_secure' to delete file using Linux 'shred' command.

ACTUAL RESULTS

Securely delete directories and files

[jctanner]

needs_contributor

[Alexander198961]

I try to solve this

[jhawkesworth]

Rather than overloading the file module with more functionality, how about a fileshred module? Not looked at the code, but I like modules that do one thing well to modules that have masses of parameters and options.

[bcoca]

+10 to shred module
-1 to 'more stuff in file'

[tstone2077]

shredding a file isn't really a separate function. the file module manages files and it already deletes the file. IMO, Making the delete secure:

1. should be standard (default?)
2. manages the file

-10 to shred module
+1 to 'more secure implementation of already existing functionality in file module'

[Alexander198961]

so what is decision can someone review pull request ?

[quater]

I believe this feature logically belongs to the file module rather than it being a separate module on its own. While a year has past, I hope @bcoca may see it the same now?

It would be great if we can securely delete files and directories with Ansible. However, @tstone2077, this should only be optional since shred is much slower than a regular delete, is in the majority of cases not required and would therefore only slow down operations.

The PR provided by @Alexander198961 looks WIP but it would be great if one of the official Ansible maintainers could review it so we get some progress here?

[jhawkesworth]

@quater , @Alexander198961 I suggest raising this at an ansible core team meeting - see https://github.com/ansible/community/tree/master/meetings

I am still -1 having shred in the file module, but have no objection to a separate shred module. Shred is an edge case whereas file is very generally applicable, file shouldn't be forced to carry around code that is rarely invoked.

[Alexander198961]

so we decide module implementation ?

[jhawkesworth]

@Alexander198961 it is best to ask at a core team meeting, or chat with ansible core developers on #ansible-devel irc channel since there is no consensus yet on how to implement this.

[ansibot]

Thank you very much for your submission to Ansible. It means a lot to us that you've taken time to contribute.

Unfortunately, this issue has been open for some time while waiting for a contributor to take it up but there does not seem to have been anyone that did so. So we are going to close this issue to clear up the queues and make it easier for contributors to browse possible implementation targets.

However, we're absolutely always up for discussion. Because this project is very active, we're unlikely to see comments made on closed tickets and we lock them after some time. If you or anyone else has any further questions, please let us know by using any of the communication methods listed in the page below:

• https://docs.ansible.com/ansible/latest/community/communication.html

In the future, sometimes starting a discussion on the development list prior to proposing or implementing a feature can make getting things included a little easier, but it's not always necessary.

Thank you once again for this and your interest in Ansible!

click here for bot help