If decryption of a vaulted file failed, include the filename in the error. (#16329)
Fixes #16327
This commit is contained in:
parent
8ee851cd95
commit
1db02dfb71
2 changed files with 11 additions and 5 deletions
|
@ -169,7 +169,7 @@ class DataLoader():
|
||||||
with open(b_file_name, 'rb') as f:
|
with open(b_file_name, 'rb') as f:
|
||||||
data = f.read()
|
data = f.read()
|
||||||
if self._vault.is_encrypted(data):
|
if self._vault.is_encrypted(data):
|
||||||
data = self._vault.decrypt(data)
|
data = self._vault.decrypt(data, filename=b_file_name)
|
||||||
show_content = False
|
show_content = False
|
||||||
|
|
||||||
data = to_unicode(data, errors='strict')
|
data = to_unicode(data, errors='strict')
|
||||||
|
@ -339,7 +339,7 @@ class DataLoader():
|
||||||
if not self._vault_password:
|
if not self._vault_password:
|
||||||
raise AnsibleParserError("A vault password must be specified to decrypt %s" % file_path)
|
raise AnsibleParserError("A vault password must be specified to decrypt %s" % file_path)
|
||||||
|
|
||||||
data = self._vault.decrypt(data)
|
data = self._vault.decrypt(data, filename=real_path)
|
||||||
# Make a temp file
|
# Make a temp file
|
||||||
real_path = self._create_content_tempfile(data)
|
real_path = self._create_content_tempfile(data)
|
||||||
self._tempfiles.add(real_path)
|
self._tempfiles.add(real_path)
|
||||||
|
|
|
@ -144,7 +144,7 @@ class VaultLib:
|
||||||
b_tmp_data = self._format_output(b_enc_data)
|
b_tmp_data = self._format_output(b_enc_data)
|
||||||
return b_tmp_data
|
return b_tmp_data
|
||||||
|
|
||||||
def decrypt(self, data):
|
def decrypt(self, data, filename=None):
|
||||||
"""Decrypt a piece of vault encrypted data.
|
"""Decrypt a piece of vault encrypted data.
|
||||||
|
|
||||||
:arg data: a string to decrypt. Since vault encrypted data is an
|
:arg data: a string to decrypt. Since vault encrypted data is an
|
||||||
|
@ -157,7 +157,10 @@ class VaultLib:
|
||||||
raise AnsibleError("A vault password must be specified to decrypt data")
|
raise AnsibleError("A vault password must be specified to decrypt data")
|
||||||
|
|
||||||
if not self.is_encrypted(b_data):
|
if not self.is_encrypted(b_data):
|
||||||
raise AnsibleError("input is not encrypted")
|
msg = "input is not encrypted"
|
||||||
|
if filename:
|
||||||
|
msg += "%s is not encrypted" % filename
|
||||||
|
raise AnsibleError(msg)
|
||||||
|
|
||||||
# clean out header
|
# clean out header
|
||||||
b_data = self._split_header(b_data)
|
b_data = self._split_header(b_data)
|
||||||
|
@ -173,7 +176,10 @@ class VaultLib:
|
||||||
# try to unencrypt data
|
# try to unencrypt data
|
||||||
b_data = this_cipher.decrypt(b_data, self.b_password)
|
b_data = this_cipher.decrypt(b_data, self.b_password)
|
||||||
if b_data is None:
|
if b_data is None:
|
||||||
raise AnsibleError("Decryption failed")
|
msg = "Decryption failed"
|
||||||
|
if filename:
|
||||||
|
msg += " on %s" % filename
|
||||||
|
raise AnsibleError(msg)
|
||||||
|
|
||||||
return b_data
|
return b_data
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue