New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Locked gpg keychain can cause salt to corrupt rendered data #41846
Comments
Just to be clear, still fails with |
Agreed we should not write to the file if the decryption fails. This is not a regression. I can see this behavior in 2016.3 as well. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue. |
this is still a problem. |
Thank you for updating this issue. It is no longer marked as stale. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue. |
this is still a problem. |
Thank you for updating this issue. It is no longer marked as stale. |
Description of Issue/Question
Given the gpg-encrypted pillar, salt must abort any state involving encrypted keys, if they cannot be decrypted.
Setup
Add an encrypted key to pillar, add a file state with
contents_pillar
.Steps to Reproduce Issue
Run the state. The expected result is for a file to have the decrypted contents or for the state to fail if contents cannot be decrypted. Instead, the GPG blob is written into the file.
Versions Report
$ salt --versions-report
Salt Version:
Salt: 2016.11.0
Dependency Versions:
cffi: 1.10.0
cherrypy: Not Installed
dateutil: 2.6.0
docker-py: Not Installed
gitdb: Not Installed
gitpython: Not Installed
ioflo: Not Installed
Jinja2: 2.9.6
libgit2: 0.25.1
libnacl: Not Installed
M2Crypto: Not Installed
Mako: Not Installed
msgpack-pure: Not Installed
msgpack-python: 0.4.8
mysql-python: Not Installed
pycparser: 2.17
pycrypto: 2.6.1
pycryptodome: Not Installed
pygit2: 0.25.0
Python: 2.7.13 (default, Apr 20 2017, 12:13:37)
python-gnupg: Not Installed
PyYAML: 3.12
PyZMQ: 16.0.2
RAET: Not Installed
smmap: Not Installed
timelib: Not Installed
Tornado: 4.5.1
ZMQ: 4.2.2
System Versions:
dist:
machine: x86_64
release: 4.10.0-22-generic
system: Linux
version: Not Installed
The text was updated successfully, but these errors were encountered: