diff options
author | James Cammarata <jimi@sngx.net> | 2014-09-19 15:08:38 -0500 |
---|---|---|
committer | James Cammarata <jimi@sngx.net> | 2014-09-24 13:55:37 -0500 |
commit | 6e9d45e2b121dac35bffceb5d319482d999ffa8f (patch) | |
tree | 5ff21e992938afa244b51de9e97ffc2b4237d5b1 | |
parent | f5a6c36dcb2678bb164bce33d2234519cfbb1d9a (diff) | |
download | ansible-6e9d45e2b121dac35bffceb5d319482d999ffa8f.tar.gz |
Before decrypting check if vault password is set or error early
Fixes #8926
-rw-r--r-- | lib/ansible/utils/__init__.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/ansible/utils/__init__.py b/lib/ansible/utils/__init__.py index 0a86e3b047..ff1d8d8104 100644 --- a/lib/ansible/utils/__init__.py +++ b/lib/ansible/utils/__init__.py @@ -669,6 +669,11 @@ def parse_yaml_from_file(path, vault_password=None): vault = VaultLib(password=vault_password) if vault.is_encrypted(data): + # if the file is encrypted and no password was specified, + # the decrypt call would throw an error, but we check first + # since the decrypt function doesn't know the file name + if vault_password is None: + raise errors.AnsibleError("A vault password must be specified to decrypt %s" % path) data = vault.decrypt(data) show_content = False |