From 8aed53c177aea024d4f24d1fbb4d6e0881f04eab Mon Sep 17 00:00:00 2001
From: Tim Gross <tgross@hashicorp.com>
Date: Thu, 22 Oct 2020 13:00:08 -0400
Subject: [PATCH] e2e: fix destination of templates in VaultSecrets test
 (#9146)

The `$NOMAD_SECRETS_DIR` environment variable is rendered as `/secrets`, which
prior to the recent security patch would unintentionally escape the file
sandbox and get dropped in a directory named `/secrets` where the Nomad client
binary was running. The `VaultSecrets` test was accidentally relying on this
behavior and that causes the test to fail.
---
 e2e/vaultsecrets/input/secrets.nomad | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/e2e/vaultsecrets/input/secrets.nomad b/e2e/vaultsecrets/input/secrets.nomad
index 0fa2b63e3..0f79c21cb 100644
--- a/e2e/vaultsecrets/input/secrets.nomad
+++ b/e2e/vaultsecrets/input/secrets.nomad
@@ -33,7 +33,7 @@ job "secrets" {
 {{ end }}
 EOT
 
-        destination = "${NOMAD_SECRETS_DIR}/certificate.crt"
+        destination = "secrets/certificate.crt"
         change_mode = "noop"
       }
 
@@ -42,7 +42,7 @@ EOT
 SOME_SECRET={{ with secret "secrets-TESTID/data/myapp" }}{{- .Data.data.key -}}{{end}}
 EOT
 
-        destination = "${NOMAD_SECRETS_DIR}/access.key"
+        destination = "secrets/access.key"
       }
 
       resources {