Raise a nicer error when we cannot execute the editor (#44423)

* Raise a nicer error when we cannot execute the editor. Fixes #44419

* Don't use to_bytes when constructing an exception

* Add changelog fragment
pull/44062/merge
Matt Martz 6 years ago committed by GitHub
parent 613a53c114
commit 81ca04512d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -0,0 +1,2 @@
bugfixes:
- vault - fix error message encoding, and ensure we present a friendlier error when the EDITOR is missing (https://github.com/ansible/ansible/pull/44423)

@ -853,16 +853,17 @@ class VaultEditor:
fd, tmp_path = tempfile.mkstemp(suffix=ext) fd, tmp_path = tempfile.mkstemp(suffix=ext)
os.close(fd) os.close(fd)
cmd = self._editor_shell_command(tmp_path)
try: try:
if existing_data: if existing_data:
self.write_data(existing_data, tmp_path, shred=False) self.write_data(existing_data, tmp_path, shred=False)
# drop the user into an editor on the tmp file # drop the user into an editor on the tmp file
subprocess.call(self._editor_shell_command(tmp_path)) subprocess.call(cmd)
except: except Exception as e:
# whatever happens, destroy the decrypted file # whatever happens, destroy the decrypted file
self._shred_file(tmp_path) self._shred_file(tmp_path)
raise raise AnsibleError('Unable to execute the command "%s": %s' % (' '.join(cmd), to_native(e)))
b_tmpdata = self.read_data(tmp_path) b_tmpdata = self.read_data(tmp_path)
@ -917,7 +918,7 @@ class VaultEditor:
try: try:
plaintext = self.vault.decrypt(ciphertext, filename=filename) plaintext = self.vault.decrypt(ciphertext, filename=filename)
except AnsibleError as e: except AnsibleError as e:
raise AnsibleError("%s for %s" % (to_bytes(e), to_bytes(filename))) raise AnsibleError("%s for %s" % (to_native(e), to_native(filename)))
self.write_data(plaintext, output_file or filename, shred=False) self.write_data(plaintext, output_file or filename, shred=False)
def create_file(self, filename, secret, vault_id=None): def create_file(self, filename, secret, vault_id=None):
@ -951,7 +952,7 @@ class VaultEditor:
# TODO: return the vault_id that worked? # TODO: return the vault_id that worked?
plaintext, vault_id_used, vault_secret_used = self.vault.decrypt_and_get_vault_id(vaulttext) plaintext, vault_id_used, vault_secret_used = self.vault.decrypt_and_get_vault_id(vaulttext)
except AnsibleError as e: except AnsibleError as e:
raise AnsibleError("%s for %s" % (to_bytes(e), to_bytes(filename))) raise AnsibleError("%s for %s" % (to_native(e), to_native(filename)))
# Figure out the vault id from the file, to select the right secret to re-encrypt it # Figure out the vault id from the file, to select the right secret to re-encrypt it
# (duplicates parts of decrypt, but alas...) # (duplicates parts of decrypt, but alas...)
@ -980,7 +981,7 @@ class VaultEditor:
plaintext = self.vault.decrypt(vaulttext, filename=filename) plaintext = self.vault.decrypt(vaulttext, filename=filename)
return plaintext return plaintext
except AnsibleError as e: except AnsibleError as e:
raise AnsibleVaultError("%s for %s" % (to_bytes(e), to_bytes(filename))) raise AnsibleVaultError("%s for %s" % (to_native(e), to_native(filename)))
# FIXME/TODO: make this use VaultSecret # FIXME/TODO: make this use VaultSecret
def rekey_file(self, filename, new_vault_secret, new_vault_id=None): def rekey_file(self, filename, new_vault_secret, new_vault_id=None):
@ -997,7 +998,7 @@ class VaultEditor:
try: try:
plaintext, vault_id_used, _dummy = self.vault.decrypt_and_get_vault_id(vaulttext) plaintext, vault_id_used, _dummy = self.vault.decrypt_and_get_vault_id(vaulttext)
except AnsibleError as e: except AnsibleError as e:
raise AnsibleError("%s for %s" % (to_bytes(e), to_bytes(filename))) raise AnsibleError("%s for %s" % (to_native(e), to_native(filename)))
# This is more or less an assert, see #18247 # This is more or less an assert, see #18247
if new_vault_secret is None: if new_vault_secret is None:

Loading…
Cancel
Save