Locked gpg keychain can cause salt to corrupt rendered data #41846
Description
Description of Issue/Question
Given the gpg-encrypted pillar, salt must abort any state involving encrypted keys, if they cannot be decrypted.
Setup
Add an encrypted key to pillar, add a file state with contents_pillar.
Steps to Reproduce Issue
Run the state. The expected result is for a file to have the decrypted contents or for the state to fail if contents cannot be decrypted. Instead, the GPG blob is written into the file.
Versions Report
$ salt --versions-report
Salt Version:
Salt: 2016.11.0
Dependency Versions:
cffi: 1.10.0
cherrypy: Not Installed
dateutil: 2.6.0
docker-py: Not Installed
gitdb: Not Installed
gitpython: Not Installed
ioflo: Not Installed
Jinja2: 2.9.6
libgit2: 0.25.1
libnacl: Not Installed
M2Crypto: Not Installed
Mako: Not Installed
msgpack-pure: Not Installed
msgpack-python: 0.4.8
mysql-python: Not Installed
pycparser: 2.17
pycrypto: 2.6.1
pycryptodome: Not Installed
pygit2: 0.25.0
Python: 2.7.13 (default, Apr 20 2017, 12:13:37)
python-gnupg: Not Installed
PyYAML: 3.12
PyZMQ: 16.0.2
RAET: Not Installed
smmap: Not Installed
timelib: Not Installed
Tornado: 4.5.1
ZMQ: 4.2.2
System Versions:
dist:
machine: x86_64
release: 4.10.0-22-generic
system: Linux
version: Not Installed