Merge pull request #37087 from vutny/gpg-fix-short-keyid

salt.modules.gpg: allow getting keys by short key ID
2025-04-17 10:10:20 +00:00 · 2016-10-20 14:49:32 +09:00 · 2016-10-20 14:49:32 +09:00 · 38fdd28962
commit 38fdd28962
parent 3a37a22366 c589cba8a9
1 changed files with 29 additions and 27 deletions
--- a/salt/modules/gpg.py
+++ b/salt/modules/gpg.py
@ -1,13 +1,14 @@
 # -*- coding: utf-8 -*-
 '''
-Manage a GPG keychains, add keys, create keys, retrieve keys
-from keyservers.  Sign, encrypt and sign & encrypt text and files.
+Manage a GPG keychains, add keys, create keys, retrieve keys from keyservers.
+Sign, encrypt and sign plus encrypt text and files.

 .. versionadded:: 2015.5.0

 .. note::
-    The ``python-gnupg`` library and gpg binary are
-    required to be installed.
+
+    The ``python-gnupg`` library and ``gpg`` binary are required to be
+    installed.

 '''

@ -32,10 +33,6 @@ try:
 except ImportError:
    from pipes import quote as _cmd_quote

-from salt.exceptions import (
-    SaltInvocationError
-)
-
 # Set up logging
 log = logging.getLogger(__name__)

@ -562,7 +559,7 @@ def get_key(keyid=None, fingerprint=None, user=None, gnupghome=None):
    Get a key from the GPG keychain

    keyid
-        The keyid of the key to be retrieved.
+        The key ID (short or long) of the key to be retrieved.

    fingerprint
        The fingerprint of the key to be retrieved.
@ -588,7 +585,9 @@ def get_key(keyid=None, fingerprint=None, user=None, gnupghome=None):
    '''
    tmp = {}
    for _key in _list_keys(user, gnupghome):
-        if _key['fingerprint'] == fingerprint or _key['keyid'] == keyid:
+        if (_key['fingerprint'] == fingerprint or
+                _key['keyid'] == keyid or
+                _key['keyid'][8:] == keyid):
            tmp['keyid'] = _key['keyid']
            tmp['fingerprint'] = _key['fingerprint']
            tmp['uids'] = _key['uids']
@ -619,7 +618,7 @@ def get_secret_key(keyid=None, fingerprint=None, user=None, gnupghome=None):
    Get a key from the GPG keychain

    keyid
-        The keyid of the key to be retrieved.
+        The key ID (short or long) of the key to be retrieved.

    fingerprint
        The fingerprint of the key to be retrieved.
@ -645,7 +644,9 @@ def get_secret_key(keyid=None, fingerprint=None, user=None, gnupghome=None):
    '''
    tmp = {}
    for _key in _list_keys(user, gnupghome, secret=True):
-        if _key['fingerprint'] == fingerprint or _key['keyid'] == keyid:
+        if (_key['fingerprint'] == fingerprint or
+                _key['keyid'] == keyid or
+                _key['keyid'][8:] == keyid):
            tmp['keyid'] = _key['keyid']
            tmp['fingerprint'] = _key['fingerprint']
            tmp['uids'] = _key['uids']
@ -672,24 +673,24 @@ def get_secret_key(keyid=None, fingerprint=None, user=None, gnupghome=None):


@_restore_ownership
-def import_key(user=None,
-               text=None,
+def import_key(text=None,
               filename=None,
+               user=None,
               gnupghome=None):
    r'''
    Import a key from text or file

-    user
-        Which user's keychain to access, defaults to user Salt is running as.
-        Passing the user as ``salt`` will set the GnuPG home directory to the
-        ``/etc/salt/gpgkeys``.
-
    text
        The text containing to import.

    filename
        The filename containing the key to import.

+    user
+        Which user's keychain to access, defaults to user Salt is running as.
+        Passing the user as ``salt`` will set the GnuPG home directory to the
+        ``/etc/salt/gpgkeys``.
+
    gnupghome
        Specify the location where GPG keyring and related files are stored.

@ -702,9 +703,9 @@ def import_key(user=None,

    '''
    ret = {
-           'res': True,
-           'message': ''
-          }
+        'res': True,
+        'message': ''
+        }

    gpg = _create_gpg(user, gnupghome)

@ -752,12 +753,13 @@ def export_key(keyids=None, secret=False, user=None, gnupghome=None):
    Export a key from the GPG keychain

    keyids
-        The keyid(s) of the key(s) to be exported.  Can be specified as a comma
-        separated string or a list.  Anything which GnuPG itself accepts to
-        identify a key - for example, the keyid or the fingerprint could be used.
+        The key ID(s) of the key(s) to be exported. Can be specified as a comma
+        separated string or a list. Anything which GnuPG itself accepts to
+        identify a key - for example, the key ID or the fingerprint could be
+        used.

    secret
-        Export the secret key identified by the keyid information passed.
+        Export the secret key identified by the ``keyids`` information passed.

    user
        Which user's keychain to access, defaults to user Salt is running as.
@ -775,7 +777,7 @@ def export_key(keyids=None, secret=False, user=None, gnupghome=None):

        salt '*' gpg.export_key keyids=3FAD9F1E secret=True

-        salt '*' gpg.export_key keyid="['3FAD9F1E','3FBD8F1E']" user=username
+        salt '*' gpg.export_key keyids="['3FAD9F1E','3FBD8F1E']" user=username

    '''
    gpg = _create_gpg(user, gnupghome)