If decryption of a vaulted file failed, include the filename in the error. (#16329)

Fixes #16327
This commit is contained in:
jctanner 2016-06-18 09:30:08 -04:00 committed by GitHub
parent 8ee851cd95
commit 1db02dfb71
2 changed files with 11 additions and 5 deletions

View file

@ -169,7 +169,7 @@ class DataLoader():
with open(b_file_name, 'rb') as f: with open(b_file_name, 'rb') as f:
data = f.read() data = f.read()
if self._vault.is_encrypted(data): if self._vault.is_encrypted(data):
data = self._vault.decrypt(data) data = self._vault.decrypt(data, filename=b_file_name)
show_content = False show_content = False
data = to_unicode(data, errors='strict') data = to_unicode(data, errors='strict')
@ -339,7 +339,7 @@ class DataLoader():
if not self._vault_password: if not self._vault_password:
raise AnsibleParserError("A vault password must be specified to decrypt %s" % file_path) raise AnsibleParserError("A vault password must be specified to decrypt %s" % file_path)
data = self._vault.decrypt(data) data = self._vault.decrypt(data, filename=real_path)
# Make a temp file # Make a temp file
real_path = self._create_content_tempfile(data) real_path = self._create_content_tempfile(data)
self._tempfiles.add(real_path) self._tempfiles.add(real_path)

View file

@ -144,7 +144,7 @@ class VaultLib:
b_tmp_data = self._format_output(b_enc_data) b_tmp_data = self._format_output(b_enc_data)
return b_tmp_data return b_tmp_data
def decrypt(self, data): def decrypt(self, data, filename=None):
"""Decrypt a piece of vault encrypted data. """Decrypt a piece of vault encrypted data.
:arg data: a string to decrypt. Since vault encrypted data is an :arg data: a string to decrypt. Since vault encrypted data is an
@ -157,7 +157,10 @@ class VaultLib:
raise AnsibleError("A vault password must be specified to decrypt data") raise AnsibleError("A vault password must be specified to decrypt data")
if not self.is_encrypted(b_data): if not self.is_encrypted(b_data):
raise AnsibleError("input is not encrypted") msg = "input is not encrypted"
if filename:
msg += "%s is not encrypted" % filename
raise AnsibleError(msg)
# clean out header # clean out header
b_data = self._split_header(b_data) b_data = self._split_header(b_data)
@ -173,7 +176,10 @@ class VaultLib:
# try to unencrypt data # try to unencrypt data
b_data = this_cipher.decrypt(b_data, self.b_password) b_data = this_cipher.decrypt(b_data, self.b_password)
if b_data is None: if b_data is None:
raise AnsibleError("Decryption failed") msg = "Decryption failed"
if filename:
msg += " on %s" % filename
raise AnsibleError(msg)
return b_data return b_data