From 68c033dffe75778733c8b781761b83b29020778a Mon Sep 17 00:00:00 2001 From: jeanluc Date: Mon, 5 Dec 2022 14:25:29 +0100 Subject: [PATCH] Fix keyring restore_ownership, cleanup --- salt/modules/gpg.py | 56 +++++++++++++++++++++------------------------ 1 file changed, 26 insertions(+), 30 deletions(-) diff --git a/salt/modules/gpg.py b/salt/modules/gpg.py index 1987de110de..309356373ee 100644 --- a/salt/modules/gpg.py +++ b/salt/modules/gpg.py @@ -156,10 +156,8 @@ def _restore_ownership(func): Wrap gpg function calls to fix permissions """ user = kwargs.get("user") - gnupghome = kwargs.get("gnupghome") - - if not gnupghome: - gnupghome = _get_user_gnupghome(user) + gnupghome = kwargs.get("gnupghome", _get_user_gnupghome(user)) + keyring = kwargs.get("keyring") userinfo = _get_user_info(user) run_user = _get_user_info() @@ -172,10 +170,10 @@ def _restore_ownership(func): group = __salt__["file.gid_to_group"](run_user["gid"]) for path in [gnupghome] + __salt__["file.find"](gnupghome): __salt__["file.chown"](path, run_user["name"], group) - if "keyring" in kwargs and os.path.exists(kwargs["keyring"]): + if keyring and os.path.exists(keyring): if group is None: group = __salt__["file.gid_to_group"](run_user["gid"]) - __salt__["file.chown"](path, run_user["name"], group) + __salt__["file.chown"](keyring, run_user["name"], group) # Filter special kwargs for key in list(kwargs): @@ -188,8 +186,8 @@ def _restore_ownership(func): group = __salt__["file.gid_to_group"](userinfo["gid"]) for path in [gnupghome] + __salt__["file.find"](gnupghome): __salt__["file.chown"](path, user, group) - if "keyring" in kwargs and os.path.exists(kwargs["keyring"]): - __salt__["file.chown"](path, user, group) + if keyring and os.path.exists(keyring): + __salt__["file.chown"](keyring, user, group) return ret return func_wrapper @@ -966,9 +964,7 @@ def export_key( if result: if not bare: if output: - ret["comment"] = "Exported key data has been written to {}".format( - output - ) + ret["comment"] = f"Exported key data has been written to {output}" else: ret["comment"] = result else: @@ -1114,20 +1110,24 @@ def trust_key( "ERROR: Valid trust levels - {}".format(",".join(NUM_TRUST_DICT.keys())) ) - if not fingerprint: - key = get_key(keyid, user=user, gnupghome=gnupghome, keyring=keyring) - if key: - if "fingerprint" not in key: - ret["res"] = False - ret["message"] = f"Fingerprint not found for keyid {keyid}" - return ret - fingerprint = key["fingerprint"] - else: - ret["res"] = False - ret["message"] = f"KeyID {keyid} not in GPG keychain" - return ret - + key = get_key( + keyid=keyid, + fingerprint=fingerprint, + user=user, + gnupghome=gnupghome, + keyring=keyring, + ) + if not key: + ret["res"] = False + ret["message"] = f"KeyID {keyid} not in GPG keychain" + return ret + if not fingerprint and "fingerprint" not in key: + ret["res"] = False + ret["message"] = f"Fingerprint not found for keyid {keyid}" + return ret + fingerprint = fingerprint or key["fingerprint"] gpg = _create_gpg(user=user, gnupghome=gnupghome, keyring=keyring) + try: res = gpg.trust_keys(fingerprint, TRUST_KEYS_TRUST_LEVELS[trust_level]) except AttributeError: @@ -1573,9 +1573,7 @@ def encrypt( else: if not bare: ret["res"] = False - ret["comment"] = "{}.\nPlease check the salt-minion log.".format( - result.status - ) + ret["comment"] = f"{result.status}.\nPlease check the salt-minion log." else: ret = False @@ -1669,9 +1667,7 @@ def decrypt( else: if not bare: ret["res"] = False - ret["comment"] = "{}.\nPlease check the salt-minion log.".format( - result.status - ) + ret["comment"] = f"{result.status}.\nPlease check the salt-minion log." else: ret = False