ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-08-04 21:24:24 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

Before decrypting check if vault password is set or error early

Browse source 
Fixes #8926
This commit is contained in:
James Cammarata 2014-09-19 15:08:38 -05:00
commit 9d45f3a65e
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
lib/ansible/utils/__init__.py
View file

@ -738,6 +738,11 @@ def parse_yaml_from_file(path, vault_password=None):
vault = VaultLib(password=vault_password) vault = VaultLib(password=vault_password)
if vault.is_encrypted(data): if vault.is_encrypted(data):
# if the file is encrypted and no password was specified,
# the decrypt call would throw an error, but we check first
# since the decrypt function doesn't know the file name
if vault_password is None:
raise errors.AnsibleError("A vault password must be specified to decrypt %s" % path)
data = vault.decrypt(data) data = vault.decrypt(data)
show_content = False show_content = False