Encrypt: never strip with --infile

If the user is specifying --infile, it is very unlikely that they want the input stripped. This can cause pem-encoded private key formatting errors. Also, we shouldn't make it difficult to just encrypt a whole file as a secret and get the exact same content out when decrypting it. Change-Id: Ifd1d95d72ba2b2bf8038fd6313b30207d2cba14b
2021-04-22 14:36:52 -07:00 · 2021-04-22 14:36:52 -07:00 · c30eddcd4d
commit c30eddcd4d
parent cd375aedeb
1 changed files with 5 additions and 2 deletions
--- a/zuulclient/cmd/init.py
+++ b/zuulclient/cmd/init.py
@ -478,7 +478,8 @@ class ZuulClient():
                                 required=False, default=None)
        cmd_encrypt.add_argument('--no-strip', action='store_true',
                                 help='Do not strip whitespace from beginning '
-                                      'or end of input.',
+                                      'or end of input.  Ignored when '
+                                      '--infile is used.',
                                 default=False)
        cmd_encrypt.add_argument('--secret-name',
                                 default=None,
@ -511,7 +512,9 @@ class ZuulClient():
            raise ArgumentException(
                'Either provide a public key or a project to continue'
            )
+        strip = not self.args.no_strip
        if self.args.infile:
+            strip = False
            try:
                with open(self.args.infile) as f:
                    plaintext = f.read()
@ -522,7 +525,7 @@ class ZuulClient():
                    'Insufficient rights to open %s' % self.args.infile)
        else:
            plaintext = sys.stdin.read()
-        if not self.args.no_strip:
+        if strip:
            plaintext = plaintext.strip()
        pubkey_file = tempfile.NamedTemporaryFile(delete=False)
        self.log.debug('Creating temporary key file %s' % pubkey_file.name)