search

saltstack / salt

Software to automate the management and configuration of any infrastructure or application at scale. Get access to the Salt software package repository here:
https://repo.saltproject.io/
Apache License 2.0
14.13k stars 5.47k forks source link

smtp returner: encryption via gpgowner option not working #54721

Open mschiff opened 5 years ago

mschiff commented 5 years ago

Description of Issue

The smtp.gpgowner option is not working (anymore).

First error is that gpg will not accept the option "--trust-model always" this way:

2019-09-23 15:53:19,567 [salt.utils.event :1249][ERROR   ][28910] Could not store events - returner 'smtp.event_return' raised exception: Error invoking gpg: 2: [GNUPG:] FAILURE option-parser 33554433
gpg: invalid option "--trust-model always"

When changing the code so it reads "--trust-model=always" (added the "=") then it seems to work, but then this error occurs:

2019-09-23 16:23:02,499 [salt.utils.event :1249][ERROR   ][20550] Could not store events - returner 'smtp.event_return' raised exception: StringIO instance has no attribute 'encode'

Setup

GnuPG Version: 2.2.17 python gnupg: 0.4.3

master config snipped

event_return: smtp

event_return_whitelist:
  - salt/job/*/ret/*

smtp.fields: id,fun
...
smtp.gpgowner: /etc/salt

Anf with a valid gnupg home being in /etc/salt/.gnupg

Steps to Reproduce Issue

salt-call state.highstate

Versions Report

 # salt --versions-report
Salt Version:
           Salt: 2019.2.0

Dependency Versions:
           cffi: 1.11.4
       cherrypy: Not Installed
       dateutil: Not Installed
      docker-py: Not Installed
          gitdb: 0.6.4
      gitpython: 1.0.2
          ioflo: Not Installed
         Jinja2: 2.10.1
        libgit2: 0.28.3
        libnacl: 1.6.1
       M2Crypto: Not Installed
           Mako: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.6.1
   mysql-python: Not Installed
      pycparser: 2.14
       pycrypto: 3.6.6
   pycryptodome: Not Installed
         pygit2: 0.28.2
         Python: 2.7.15 (default, Aug 11 2019, 03:43:36)
   python-gnupg: 0.4.3
         PyYAML: 5.1
          PyZMQ: 16.0.2
           RAET: Not Installed
          smmap: 0.9.0
        timelib: Not Installed
        Tornado: 4.5.3
            ZMQ: 4.3.2

System Versions:
           dist: gentoo 2.6
         locale: UTF-8
        machine: x86_64
        release: 4.9.74-grsecurity
         system: Linux
        version: Gentoo Base System 2.6
mschiff commented 5 years ago

No time for a PR, but for me this diff fixes the returner:

--- a/salt/returners/smtp_return.py     2019-02-25 15:53:14.000000000 +0100
+++ b/salt/returners/smtp_return.py     2019-09-24 01:43:03.469536287 +0200
@@ -217,10 +217,13 @@
                                    input_data=template,
                                    **ret)

+    if isinstance(content, six.moves.StringIO):
+        content = content.read()
+
     if gpgowner:
         if HAS_GNUPG:
             gpg = gnupg.GPG(gnupghome=os.path.expanduser('~{0}/.gnupg'.format(gpgowner)),
-                            options=['--trust-model always'])
+                            options=['--trust-model=always'])
             encrypted_data = gpg.encrypt(content, to_addrs)
             if encrypted_data.ok:
                 log.debug('smtp_return: Encryption successful')
cmcmarrow commented 5 years ago

Thanks for bring this up