Fix config value type for VAULT_IDENTITY_LIST (#28678)

Was using the 'value_type' key, but didn't get updated
to the new 'type' key in merge.

Fix playbooks cli so it uses VAULT_IDENTITY_LIST as well.

lib/ansible/cli/__init__.py

@@ -756,8 +756,12 @@ class CLI(with_metaclass(ABCMeta, object)):
         # all needs loader
         loader = DataLoader()
 
+        vault_ids = options.vault_ids
+        default_vault_ids = C.DEFAULT_VAULT_IDENTITY_LIST
+        vault_ids = default_vault_ids + vault_ids
+
         vault_secrets = CLI.setup_vault_secrets(loader,
-                                                vault_ids=options.vault_ids,
+                                                vault_ids=vault_ids,
                                                 vault_password_files=options.vault_password_files,
                                                 ask_vault_pass=options.ask_vault_pass)
         loader.set_vault_secrets(vault_secrets)

lib/ansible/config/base.yml

@@ -1067,7 +1067,7 @@ DEFAULT_VAULT_IDENTITY_LIST:
   env: [{name: ANSIBLE_VAULT_IDENTITY_LIST}]
   ini:
   - {key: vault_identity_list, section: defaults}
-  value_type: list
+  type: list
   vars: []
   yaml: {key: defaults.vault_identity_list}
 DEFAULT_VAULT_PASSWORD_FILE:

test/integration/targets/vault/runme.sh

@@ -15,6 +15,7 @@ echo "This is a test file for format 1.2" > "${TEST_FILE_1_2}"
 TEST_FILE_OUTPUT="${MYTMPDIR}/test_file_output"
 
 
+
 # old format
 ansible-vault view "$@" --vault-password-file vault-password-ansible format_1_0_AES.yml
 
@@ -64,6 +65,9 @@ ansible-vault view "$@" --vault-password-file password-script.py format_1_2_AES2
 # new 1.2 format, view, using password script with vault-id
 ansible-vault view "$@" --vault-id password-script.py format_1_2_AES256.yml
 
+# newish 1.1 format, view, using a vault-id list from config env var
+ANSIBLE_VAULT_IDENTITY_LIST='wrong-password@vault-password-wrong,default@vault-password' ansible-vault view "$@" --vault-id password-script.py format_1_1_AES256.yml
+
 # new 1.2 format, view, ENFORCE_IDENTITY_MATCH=true, should fail, no 'test_vault_id' vault_id
 ANSIBLE_VAULT_ID_MATCH=1 ansible-vault view "$@" --vault-password-file vault-password format_1_2_AES256.yml && :
 WRONG_RC=$?
@@ -255,6 +259,9 @@ ansible-playbook test_vault_embedded.yml -i ../../inventory -v "$@" --vault-pass
 # test with a default vault password file set in config
 ANSIBLE_VAULT_PASSWORD_FILE=vault-password ansible-playbook test_vault_embedded.yml -i ../../inventory -v "$@" --vault-password-file vault-password-wrong
 
+# test using vault_identity_list config
+ANSIBLE_VAULT_IDENTITY_LIST='wrong-password@vault-password-wrong,default@vault-password' ansible-playbook test_vault.yml -i ../../inventory -v "$@"
+
 # test that we can have a vault encrypted yaml file that includes embedded vault vars
 # that were encrypted with a different vault secret
 ansible-playbook test_vault_file_encrypted_embedded.yml -i ../../inventory "$@" --vault-id encrypted_file_encrypted_var_password --vault-id vault-password