Merge pull request #50810 from DSRCorporation/bugs/50809_gpg_renderer…

…_fix Don't try to decrypt values without PGP header line
saltstack · Dec 11, 2018 · e9167f7 · e9167f7
2 parents 1bc8b35 + d13f320
commit e9167f7
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 9 deletions.
diff --git a/salt/renderers/gpg.py b/salt/renderers/gpg.py
@@ -372,8 +372,7 @@ def _decrypt_ciphertexts(cipher, translate_newlines=False):
         # it will conain unexpected trailing newline.
         return ret.rstrip('\n')
     else:
-        # Possibly just encrypted data without begin/end marks
-        return _decrypt_ciphertext(cipher)
+        return cipher
 
 
 def _decrypt_object(obj, translate_newlines=False):

diff --git a/tests/unit/renderers/test_gpg.py b/tests/unit/renderers/test_gpg.py
@@ -44,11 +44,10 @@ def test__decrypt_ciphertext(self):
         '''
         key_dir = '/etc/salt/gpgkeys'
         secret = 'Use more salt.'
-        crypted_long = '-----BEGIN PGP MESSAGE-----!@#$%^&*()_+-----END PGP MESSAGE-----'
-        crypted_short = '!@#$%^&*()_+'
+        crypted = '-----BEGIN PGP MESSAGE-----!@#$%^&*()_+-----END PGP MESSAGE-----'
 
         multisecret = 'password is {0} and salt is {0}'.format(secret)
-        multicrypted = 'password is {0} and salt is {0}'.format(crypted_long)
+        multicrypted = 'password is {0} and salt is {0}'.format(crypted)
 
         class GPGDecrypt(object):
             def communicate(self, *args, **kwargs):
@@ -61,13 +60,11 @@ def communicate(self, *args, **kwargs):
         with patch('salt.renderers.gpg._get_key_dir', MagicMock(return_value=key_dir)), \
                 patch('salt.utils.path.which', MagicMock()):
             with patch('salt.renderers.gpg.Popen', MagicMock(return_value=GPGDecrypt())):
-                self.assertEqual(gpg._decrypt_ciphertexts(crypted_short), secret)
-                self.assertEqual(gpg._decrypt_ciphertexts(crypted_long), secret)
+                self.assertEqual(gpg._decrypt_ciphertexts(crypted), secret)
                 self.assertEqual(
                     gpg._decrypt_ciphertexts(multicrypted), multisecret)
             with patch('salt.renderers.gpg.Popen', MagicMock(return_value=GPGNotDecrypt())):
-                self.assertEqual(gpg._decrypt_ciphertexts(crypted_short), crypted_short)
-                self.assertEqual(gpg._decrypt_ciphertexts(crypted_long), crypted_long)
+                self.assertEqual(gpg._decrypt_ciphertexts(crypted), crypted)
                 self.assertEqual(
                     gpg._decrypt_ciphertexts(multicrypted), multicrypted)