diff --git a/lib/ansible/parsing/dataloader.py b/lib/ansible/parsing/dataloader.py index 1882e24585..c2c9bd63f2 100644 --- a/lib/ansible/parsing/dataloader.py +++ b/lib/ansible/parsing/dataloader.py @@ -380,11 +380,11 @@ class DataLoader(): try: with open(to_bytes(real_path), 'rb') as f: - data = f.read() - if self._vault.is_encrypted(data): + if self._vault.is_encrypted(f): # if the file is encrypted and no password was specified, # the decrypt call would throw an error, but we check first # since the decrypt function doesn't know the file name + data = f.read() if not self._vault_password: raise AnsibleParserError("A vault password must be specified to decrypt %s" % file_path) diff --git a/lib/ansible/parsing/vault/__init__.py b/lib/ansible/parsing/vault/__init__.py index aa4cb7c16a..d174e71073 100644 --- a/lib/ansible/parsing/vault/__init__.py +++ b/lib/ansible/parsing/vault/__init__.py @@ -115,6 +115,12 @@ class VaultLib: :returns: True if it is recognized. Otherwise, False. """ + if hasattr(data, 'read'): + current_position = data.tell() + header_part = data.read(len(b_HEADER)) + data.seek(current_position) + return self.is_encrypted(header_part) + if to_bytes(data, errors='strict', encoding='utf-8').startswith(b_HEADER): return True return False