From 9d45f3a65e7d94e9d25ee861d5c1a68257b69952 Mon Sep 17 00:00:00 2001
From: James Cammarata <jimi@sngx.net>
Date: Fri, 19 Sep 2014 15:08:38 -0500
Subject: [PATCH] Before decrypting check if vault password is set or error
 early

Fixes #8926
---
 lib/ansible/utils/__init__.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/ansible/utils/__init__.py b/lib/ansible/utils/__init__.py
index 6da1f9a0301..647a61d6963 100644
--- a/lib/ansible/utils/__init__.py
+++ b/lib/ansible/utils/__init__.py
@@ -738,6 +738,11 @@ def parse_yaml_from_file(path, vault_password=None):
 
     vault = VaultLib(password=vault_password)
     if vault.is_encrypted(data):
+        # if the file is encrypted and no password was specified,
+        # the decrypt call would throw an error, but we check first
+        # since the decrypt function doesn't know the file name
+        if vault_password is None:
+            raise errors.AnsibleError("A vault password must be specified to decrypt %s" % path)
         data = vault.decrypt(data)
         show_content = False