Check number of vault secrets after setup. (#30520)

This is to catch vault secrets from config and cli. Previously vault_password_file in config was missed since it was added by setup_vault_secrets, so check after setup_vault_secrets.
author: Adrian Likins <alikins@redhat.com> 2017-09-20 10:31:36 -0400
committer: GitHub <noreply@github.com> 2017-09-20 10:31:36 -0400
commit: 174cb1f33cdac126adc11dea81043914e8b127e0 (patch)
tree: 026b0545754341407b8d64034f1f504142289d8e /lib/ansible/cli/vault.py
parent: 18582295e315e5648dcc947baa14db28da6bbc8c (diff)
download: ansible-174cb1f33cdac126adc11dea81043914e8b127e0.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/ansible/cli/vault.py b/lib/ansible/cli/vault.py
index 762ba82b98..29b5404974 100644
--- a/lib/ansible/cli/vault.py
+++ b/lib/ansible/cli/vault.py
@@ -184,6 +184,10 @@ class VaultCLI(CLI):
                                          vault_password_files=self.options.vault_password_files,
                                          ask_vault_pass=self.options.ask_vault_pass,
                                          create_new_password=True)
+
+            if len(vault_secrets) > 1:
+                raise AnsibleOptionsError("Only one --vault-id can be used for encryption. This includes passwords from configuration and cli.")
+
             if not vault_secrets:
                 raise AnsibleOptionsError("A vault password is required to use Ansible's Vault")
author	Adrian Likins <alikins@redhat.com>	2017-09-20 10:31:36 -0400
committer	GitHub <noreply@github.com>	2017-09-20 10:31:36 -0400
commit	174cb1f33cdac126adc11dea81043914e8b127e0 (patch)
tree	026b0545754341407b8d64034f1f504142289d8e /lib/ansible/cli/vault.py
parent	18582295e315e5648dcc947baa14db28da6bbc8c (diff)
download	ansible-174cb1f33cdac126adc11dea81043914e8b127e0.tar.gz