fixed rekey password handling

2024-09-14 20:13:21 +02:00 · 2015-10-31 14:12:36 -04:00 · 2015-10-31 14:12:36 -04:00 · d341ba14a5
commit d341ba14a5
parent 00bc74404a
2 changed files with 7 additions and 10 deletions
--- a/lib/ansible/cli/init.py
+++ b/lib/ansible/cli/init.py
@ -112,7 +112,6 @@ class CLI(object):

        vault_pass = None
        new_vault_pass = None
-
        try:
            if rekey or not ask_new_vault_pass:
                vault_pass = getpass.getpass(prompt="Vault password: ")
@ -251,12 +250,10 @@ class CLI(object):
        if vault_opts:
            parser.add_option('--ask-vault-pass', default=False, dest='ask_vault_pass', action='store_true',
                help='ask for vault password')
-            parser.add_option('--vault-password-file', default=C.DEFAULT_VAULT_PASSWORD_FILE,
-                dest='vault_password_file', help="vault password file", action="callback",
-                callback=CLI.expand_tilde, type=str)
-            parser.add_option('--new-vault-password-file',
-                dest='new_vault_password_file', help="new vault password file for rekey", action="callback",
-                callback=CLI.expand_tilde, type=str)
+            parser.add_option('--vault-password-file', default=C.DEFAULT_VAULT_PASSWORD_FILE, dest='vault_password_file',
+                help="vault password file", action="callback", callback=CLI.expand_tilde, type=str)
+            parser.add_option('--new-vault-password-file', dest='new_vault_password_file',
+                help="new vault password file for rekey", action="callback", callback=CLI.expand_tilde, type=str)
            parser.add_option('--output', default=None, dest='output_file',
                help='output file name for encrypt or decrypt; use - for stdout')

--- a/lib/ansible/cli/vault.py
+++ b/lib/ansible/cli/vault.py
@ -95,9 +95,9 @@ class VaultCLI(CLI):
        else:
            newpass = False
            rekey = False
-            if self.options.new_vault_password_file:
-                newpass = self.action in ['create', 'rekey', 'encrypt']
-                rekey = self.action == 'rekey'
+            if not self.options.new_vault_password_file:
+                newpass = (self.action in ['create', 'rekey', 'encrypt'])
+                rekey = (self.action == 'rekey')
            self.vault_pass, self.new_vault_pass = self.ask_vault_passwords(ask_new_vault_pass=newpass, rekey=rekey)

        if self.options.new_vault_password_file: