chore(gpg_secretstore): add warning if running as root

famedly · Jan 2, 2024 · 2e5bc1d · 2e5bc1d
1 parent fecbcc6
commit 2e5bc1d
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/plugins/modules/gpg_secretstore.py b/plugins/modules/gpg_secretstore.py
@@ -183,6 +183,7 @@
     returned: failed or successful but with warnings
 """
 
+import os
 import hashlib
 from pathlib import Path
 
@@ -351,12 +352,18 @@ def main():
 
     errors = []
     traceback = []
+    warnings = []
+
+    # Warn if running as root
+    if os.geteuid() == 0:
+        warnings.append("Running as root, ensure GPG keyring is present for root user")
+
     error_map = check_secretstore_import_errors() | check_module_import_errors()
     for lib, exception in error_map.items():
         errors.append(missing_required_lib(lib))
         traceback.append(exception)
     if errors:
-        module.fail_json(errors=errors, traceback="\n".join(traceback))
+        module.fail_json(warning=',\n'.join(warnings), errors=errors, traceback="\n".join(traceback))
 
     store = SecretStore(
         password_store_path=module.params["password_store_path"],
@@ -382,7 +389,7 @@ def main():
     result = dict(
         changed=False,
         message="",
-        warning="",
+        warning=warnings,
         password_slug=module.params["password_slug"],
         secret="",
         ansible_facts={},
@@ -486,7 +493,7 @@ def main():
         module.log(result["message"])
 
     if result["warning"]:
-        module.warn(result["warning"])
+        module.warn(',\n'.join(result["warning"]))
 
     result["diff"]["before"] = "\n".join(result["diff"]["before"]) + "\n"
     result["diff"]["after"] = "\n".join(result["diff"]["after"]) + "\n"