ejson_secret_provisioner.rb in tobsch-krane-1.0.2

- old
+ new

@@ -130,13 +130,18 @@
         yield decrypted
       end
     end
 
     def decrypt_ejson(key_dir)
-      # ejson seems to dump both errors and output to STDOUT
-      out_err, st = Open3.capture2e("EJSON_KEYDIR=#{key_dir} ejson decrypt #{@ejson_file}")
-      raise EjsonSecretError, out_err unless st.success?
-      JSON.parse(out_err)
+      out, err, st = Open3.capture3("EJSON_KEYDIR=#{key_dir} ejson decrypt #{@ejson_file}")
+      unless st.success?
+        # older ejson versions dump some errors to STDOUT
+        msg = err.presence || out
+        raise EjsonSecretError, msg
+      end
+      JSON.parse(out)
+    rescue JSON::ParserError
+      raise EjsonSecretError, "Failed to parse decrypted ejson"
     end
 
     def fetch_private_key_from_secret
       encoded_private_key = @ejson_keys_secret["data"][public_key]
       unless encoded_private_key