ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-30 08:31:28 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

better error messages when failing to decrypt

Browse source
This commit is contained in:
Brian Coca 2016-02-18 08:56:25 -08:00
commit 0f73fb0d6f
1 changed files with 19 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

25
lib/ansible/parsing/vault/__init__.py
View file

@ -328,7 +328,10 @@ class VaultEditor:
check_prereqs() check_prereqs()
ciphertext = self.read_data(filename) ciphertext = self.read_data(filename)
plaintext = self.vault.decrypt(ciphertext) try:
plaintext = self.vault.decrypt(ciphertext)
except AnsibleError as e:
raise AnsibleError("%s for %s" % (to_bytes(e),to_bytes(filename)))
self.write_data(plaintext, output_file or filename, shred=False) self.write_data(plaintext, output_file or filename, shred=False)
def create_file(self, filename): def create_file(self, filename):
@ -348,7 +351,10 @@ class VaultEditor:
check_prereqs() check_prereqs()
ciphertext = self.read_data(filename) ciphertext = self.read_data(filename)
plaintext = self.vault.decrypt(ciphertext) try:
plaintext = self.vault.decrypt(ciphertext)
except AnsibleError as e:
raise AnsibleError("%s for %s" % (to_bytes(e),to_bytes(filename)))
if self.vault.cipher_name not in CIPHER_WRITE_WHITELIST: if self.vault.cipher_name not in CIPHER_WRITE_WHITELIST:
# we want to get rid of files encrypted with the AES cipher # we want to get rid of files encrypted with the AES cipher
@ -359,9 +365,12 @@ class VaultEditor:
def plaintext(self, filename): def plaintext(self, filename):
check_prereqs() check_prereqs()
ciphertext = self.read_data(filename) ciphertext = self.read_data(filename)
plaintext = self.vault.decrypt(ciphertext)
try:
plaintext = self.vault.decrypt(ciphertext)
except AnsibleError as e:
raise AnsibleError("%s for %s" % (to_bytes(e),to_bytes(filename)))
return plaintext return plaintext
@ -371,7 +380,10 @@ class VaultEditor:
prev = os.stat(filename) prev = os.stat(filename)
ciphertext = self.read_data(filename) ciphertext = self.read_data(filename)
plaintext = self.vault.decrypt(ciphertext) try:
plaintext = self.vault.decrypt(ciphertext)
except AnsibleError as e:
raise AnsibleError("%s for %s" % (to_bytes(e),to_bytes(filename)))
new_vault = VaultLib(new_password) new_vault = VaultLib(new_password)
new_ciphertext = new_vault.encrypt(plaintext) new_ciphertext = new_vault.encrypt(plaintext)
@ -383,6 +395,7 @@ class VaultEditor:
os.chown(filename, prev.st_uid, prev.st_gid) os.chown(filename, prev.st_uid, prev.st_gid)
def read_data(self, filename): def read_data(self, filename):
try: try:
if filename == '-': if filename == '-':
data = sys.stdin.read() data = sys.stdin.read()
@ -471,7 +484,7 @@ class VaultFile(object):
this_vault = VaultLib(self.password) this_vault = VaultLib(self.password)
dec_data = this_vault.decrypt(tmpdata) dec_data = this_vault.decrypt(tmpdata)
if dec_data is None: if dec_data is None:
raise AnsibleError("Decryption failed") raise AnsibleError("Failed to decrypt: %s" % self.filename)
else: else:
self.tmpfile.write(dec_data) self.tmpfile.write(dec_data)
return self.tmpfile return self.tmpfile