From 1f666609950c6ce048ffacd56c569464c20baa7f Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Thu, 3 Sep 2020 15:59:34 -0300
Subject: [PATCH] Fixed log of vault data return when retrieving to a file.
When retrieving data from a vault using `out` to store the data in a
file resulted is random characters being returned and logged. These
characters could generate a traceback print from Ansible's logger,
without breaking the script.
The reason for that is that the result from `vault_retrive` was being
processed when it was not needed, and data was beeing returned, when
it shouldn't.
This patch fixes this behavior by supressing the return data when `data`
is not available, and only raising an error if it should be available.
---
README-vault.md | 2 +-
plugins/modules/ipavault.py | 12 +++++-------
tests/vault/test_vault_asymmetric.yml | 2 +-
tests/vault/test_vault_standard.yml | 2 +-
tests/vault/test_vault_symmetric.yml | 2 +-
5 files changed, 9 insertions(+), 11 deletions(-)
diff --git a/README-vault.md b/README-vault.md
index c5dfa6a4..9098b049 100644
--- a/README-vault.md
+++ b/README-vault.md
@@ -246,7 +246,7 @@ There is only a return value if `state` is `retrieved`.
Variable | Description | Returned When
-------- | ----------- | -------------
-`vault` | Vault dict with archived data. (dict) <br>Options: | If `state` is `retrieved`.
+`vault` | Vault dict with archived data. (dict) <br>Options: | If `state` is `retrieved` and `out` is not defined.
| `data` - The vault data. | Always
diff --git a/plugins/modules/ipavault.py b/plugins/modules/ipavault.py
index 78ca8a54..fef5b69c 100644
--- a/plugins/modules/ipavault.py
+++ b/plugins/modules/ipavault.py
@@ -923,14 +923,12 @@ def main():
elif command == 'vault_retrieve':
if 'result' not in result:
raise Exception("No result obtained.")
- if 'data' in result['result']:
- data_return = exit_args.setdefault('vault', {})
- data_return['data'] = result['result']['data']
- elif 'vault_data' in result['result']:
- data_return = exit_args.setdefault('vault', {})
- data_return['data'] = result['result']['vault_data']
+ if "data" in result["result"]:
+ data_return = exit_args.setdefault("vault", {})
+ data_return["data"] = result["result"]["data"]
else:
- raise Exception("No data retrieved.")
+ if not datafile_out:
+ raise Exception("No data retrieved.")
changed = False
else:
if "completed" in result:
diff --git a/tests/vault/test_vault_asymmetric.yml b/tests/vault/test_vault_asymmetric.yml
index 268922c1..1e675a04 100644
--- a/tests/vault/test_vault_asymmetric.yml
+++ b/tests/vault/test_vault_asymmetric.yml
@@ -52,7 +52,7 @@
private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
state: retrieved
register: result
- failed_when: result.changed
+ failed_when: result.changed or result.failed or (result.vault.data | default(false))
- name: Verify retrieved data.
slurp:
diff --git a/tests/vault/test_vault_standard.yml b/tests/vault/test_vault_standard.yml
index 6ccb0d5f..4a9d9904 100644
--- a/tests/vault/test_vault_standard.yml
+++ b/tests/vault/test_vault_standard.yml
@@ -48,7 +48,7 @@
out: "{{ ansible_env.HOME }}/data.txt"
state: retrieved
register: result
- failed_when: result.changed
+ failed_when: result.changed or result.failed or (result.vault.data | default(false))
- name: Verify retrieved data.
slurp:
diff --git a/tests/vault/test_vault_symmetric.yml b/tests/vault/test_vault_symmetric.yml
index 5394c710..966bc557 100644
--- a/tests/vault/test_vault_symmetric.yml
+++ b/tests/vault/test_vault_symmetric.yml
@@ -53,7 +53,7 @@
out: "{{ ansible_env.HOME }}/data.txt"
state: retrieved
register: result
- failed_when: result.changed
+ failed_when: result.changed or result.failed or (result.vault.data | default(false))
- name: Verify retrieved data.
slurp:
--
GitLab