fix(gpg_secretstore): clear exception on unknown subkey

2024-11-10 06:24:17 +00:00 · 2023-12-31 17:20:58 +01:00 · 2023-12-31 17:20:58 +01:00 · af7cd13af9
commit af7cd13af9
parent 8bcc12dfd1
2 changed files with 12 additions and 3 deletions
--- a/plugins/module_utils/gpg_utils.py
+++ b/plugins/module_utils/gpg_utils.py
@ -162,9 +162,13 @@ class SecretStore:
            with open(file, "rb") as f:
                recipient_subkeys = self.__gpg.get_recipients(f.read())
            for recipient_subkey in recipient_subkeys:
-                recipients.append(
-                    self.__gpg.list_keys(keys=recipient_subkey).fingerprints[0]
-                )
+                found_keys = self.__gpg.list_keys(keys=recipient_subkey)
+                if found_keys and found_keys.fingerprints and len(found_keys.fingerprints) > 0:
+                    recipients.append(
+                        found_keys.fingerprints[0]
+                    )
+                else:
+                    raise GPGException(f"Can not find primary key in keyring for encryption subkey {recipient_subkey}")
            return recipients
        except FileNotFoundError:
            raise FileNotFoundError
--- a/plugins/modules/gpg_secretstore.py
+++ b/plugins/modules/gpg_secretstore.py
@ -190,6 +190,7 @@ from ansible.module_utils.basic import AnsibleModule, missing_required_lib
 from ansible_collections.famedly.base.plugins.module_utils.gpg_utils import (
    SecretStore,
    RecipientsMismatchError,
+    GPGException,
    check_secretstore_import_errors,
 )

@ -438,6 +439,10 @@ def main():
                result["action"] = "update"
                result["changed"] = True

+            except GPGException as e:
+                result["msg"] = "GPG Exception: " + str(e)
+                failed = True
+
            if module.params["secret_fact"]:
                result["ansible_facts"][module.params["secret_fact"]] = result["secret"]