From 21341d2d47a3896f5ec0c027f7ff2a4dd0022234 Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Thu, 17 Mar 2022 09:11:26 -0700
Subject: [PATCH] Fix encrypt files stat validation

The input to encrypt files may be a list of paths so our validation has
to evaluate and state each list entry separately. Without this we fail
beacuse the list of paths is treated like a single path and that does
not stat resulting in early failure.

Change-Id: Ibe3f6b162c3adad928708464ea03ddded2f4c683
---
 roles/encrypt-file/tasks/main.yaml | 15 +++++++++++++--
 test-playbooks/encrypt-file.yaml   | 28 ++++++++++++++++++++++++++--
 2 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/roles/encrypt-file/tasks/main.yaml b/roles/encrypt-file/tasks/main.yaml
index 07b701cc3..05028d90c 100644
--- a/roles/encrypt-file/tasks/main.yaml
+++ b/roles/encrypt-file/tasks/main.yaml
@@ -1,7 +1,18 @@
+- name: Stat input file
+  stat:
+    path: '{{ zj_encrypt_file }}'
+  loop: '{{ [ encrypt_file ] if encrypt_file is string else encrypt_file }}'
+  loop_control:
+    loop_var: zj_encrypt_file
+  register: _stat_result
+
 - name: Validate input file
   fail:
-    msg: 'Must define "encrypt_file"'
-  when: encrypt_file is undefined
+    msg: '{{ zj_stat_result.stat.path }} : file does not exist'
+  when: not zj_stat_result.stat.exists
+  loop: '{{ _stat_result.results }}'
+  loop_control:
+    loop_var: zj_stat_result
 
 - name: Ensure gpg2 installed
   package:
diff --git a/test-playbooks/encrypt-file.yaml b/test-playbooks/encrypt-file.yaml
index 89b801065..a72f7ecb8 100644
--- a/test-playbooks/encrypt-file.yaml
+++ b/test-playbooks/encrypt-file.yaml
@@ -130,12 +130,25 @@
         path: '{{ _tempfile.path }}.gpg'
         state: absent
 
-    # Do it again to exercise already imported keys path
+    - name: Make a second fake file
+      tempfile:
+        state: file
+      register: _tempfile2
+
+    - name: Add some data to second fake file
+      copy:
+        content: 'Hello, I am encrypted. This is the second file.'
+        dest: '{{ _tempfile2.path }}'
+
+    # Do it again to exercise already imported keys path and check we can
+    # encrypt multiple files.
     - name: Encrypt file
       include_role:
         name: encrypt-file
       vars:
-        encrypt_file: '{{ _tempfile.path }}'
+        encrypt_file:
+          - '{{ _tempfile.path }}'
+          - '{{ _tempfile2.path }}'
         encrypt_file_recipients:
           - zuul-jobs-test-2
           - zuul-jobs-test-3
@@ -151,3 +164,14 @@
       file:
         path: '{{ _tempfile.path }}.gpg'
         state: absent
+
+    - name: Remove second temporary file
+      file:
+        path: '{{ _tempfile2.path }}'
+        state: absent
+      when: _tempfile2.path is defined
+
+    - name: Remove second encrypted output file
+      file:
+        path: '{{ _tempfile2.path }}.gpg'
+        state: absent