From 6c0559bffeb3fd9f06d68b360852745bf5a74f12 Mon Sep 17 00:00:00 2001 From: Carsten Grohmann Date: Wed, 18 Jan 2023 09:37:33 +0100 Subject: [PATCH] Show filename additionally if missing secrets prevents decryption (#79732) Fixes #79723 --- changelogs/fragments/79732-filename_in_decrypt_error.yml | 2 ++ lib/ansible/parsing/vault/__init__.py | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/79732-filename_in_decrypt_error.yml diff --git a/changelogs/fragments/79732-filename_in_decrypt_error.yml b/changelogs/fragments/79732-filename_in_decrypt_error.yml new file mode 100644 index 00000000000..32a58829f2d --- /dev/null +++ b/changelogs/fragments/79732-filename_in_decrypt_error.yml @@ -0,0 +1,2 @@ +bugfixes: + - vault - show filename additionally if missing secrets prevents decryption (https://github.com/ansible/ansible/issues/79723) diff --git a/lib/ansible/parsing/vault/__init__.py b/lib/ansible/parsing/vault/__init__.py index 9e5afd00cdd..5d7efeb08dc 100644 --- a/lib/ansible/parsing/vault/__init__.py +++ b/lib/ansible/parsing/vault/__init__.py @@ -658,7 +658,10 @@ class VaultLib: b_vaulttext = to_bytes(vaulttext, errors='strict', encoding='utf-8') if self.secrets is None: - raise AnsibleVaultError("A vault password must be specified to decrypt data") + msg = "A vault password must be specified to decrypt data" + if filename: + msg += " in file %s" % to_native(filename) + raise AnsibleVaultError(msg) if not is_encrypted(b_vaulttext): msg = "input is not vault encrypted data. "