wbrawner/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible/test/units/parsing/vault
History
Adrian Likins 31e28a04a5 Fix 'New Vault password' on vault 'edit' (#35923) (#38003) 
* Fix 'New Vault password' on vault 'edit'

ffe0ddea96 introduce a
change on 'ansible-vault edit' that tried to check
for --encrypt-vault-id in that mode. But '--encrypt-vault-id'
is not intended for 'edit' since the 'edit' should always
reuse the vault secret that was used to decrypt the text.

Change cli to not check for --encrypt-vault-id on 'edit'.

VaultLib.decrypt_and_get_vault_id() was change to return
the vault secret used to decrypt (in addition to vault_id
and the plaintext).

VaultEditor.edit_file() will now use 'vault_secret_used'
as returned from decrypt_and_get_vault_id() so that
an edited file always gets reencrypted with the same
secret, regardless of any vault id configuration or
cli options.

Fixes #35834

(cherry picked from commit 6e737c8cb6)
2018-04-09 14:57:34 -07:00
..
__init__.py
test_vault.py Fix 'New Vault password' on vault 'edit' (#35923) (#38003) 2018-04-09 14:57:34 -07:00
test_vault_editor.py Use vault_id when encrypted via vault-edit (#30772) 2017-09-26 12:28:31 -04:00