Before decrypting check if vault password is set or error early

Fixes ansible#8926
ayanes · Sep 19, 2014 · 9d45f3a · 9d45f3a
1 parent 5850467
commit 9d45f3a
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/lib/ansible/utils/__init__.py b/lib/ansible/utils/__init__.py
@@ -738,6 +738,11 @@ def parse_yaml_from_file(path, vault_password=None):
 
     vault = VaultLib(password=vault_password)
     if vault.is_encrypted(data):
+        # if the file is encrypted and no password was specified,
+        # the decrypt call would throw an error, but we check first
+        # since the decrypt function doesn't know the file name
+        if vault_password is None:
+            raise errors.AnsibleError("A vault password must be specified to decrypt %s" % path)
         data = vault.decrypt(data)
         show_content = False