e88f592c4d
Change I8e7bc38c68c224795630b90a1b989098a7661491 switched the "Validate input file" task to use a path stat, but when a list of files is passed into encrypt_file this fails because the list is treated as a string. Switch back to the more naive "is undefined" check until it can be properly redone with a loop or similar and appropriate tests added. Change-Id: I83e665bc890aec42462776e0079457bb4506552f
39 lines
1.1 KiB
YAML
39 lines
1.1 KiB
YAML
- name: Validate input file
|
|
fail:
|
|
msg: 'Must define "encrypt_file"'
|
|
when: encrypt_file is undefined
|
|
|
|
- name: Ensure gpg2 installed
|
|
package:
|
|
name: gnupg2
|
|
state: present
|
|
become: yes
|
|
|
|
- name: Check for required keys
|
|
fail:
|
|
msg: 'Name {{ zj_recipient_name }} not in encrypt_file_keys'
|
|
when: zj_recipient_name not in encrypt_file_keys | map(attribute="name")
|
|
loop: '{{ encrypt_file_recipients }}'
|
|
loop_control:
|
|
loop_var: zj_recipient_name
|
|
|
|
- name: Build recipient list
|
|
set_fact:
|
|
_recipients: '{{ encrypt_file_keys | selectattr("name", "in", encrypt_file_recipients) | list }}'
|
|
|
|
- name: Install keys
|
|
include_tasks: import-key.yaml
|
|
loop: '{{ _recipients }}'
|
|
loop_control:
|
|
loop_var: zj_encrypt_file
|
|
|
|
- name: Build recipient list
|
|
set_fact:
|
|
_recipients_cmd: '--recipient={{ _recipients | map(attribute="key_id") | join(" --recipient=") }}'
|
|
|
|
- name: Encrypt file
|
|
command: 'gpg2 --encrypt --output {{ zj_encrypt_file }}.gpg {{ _recipients_cmd }} {{ zj_encrypt_file }}'
|
|
loop: '{{ [ encrypt_file ] if encrypt_file is string else encrypt_file }}'
|
|
loop_control:
|
|
loop_var: zj_encrypt_file
|