Refactor Ansible vault argument handling to support local and Docker runs. The set_ansible_vault_args function now accepts a run_type parameter, allowing for different vault password file paths based on the execution context. This improves flexibility and clarity in vault management.

Author: jaydrogers

lib/actions/vault.sh

@@ -6,9 +6,6 @@ action_vault(){
         "${vault_run_command[@]}" --help | sed 's/ansible-vault/spin vault/g'
     }
 
-    # Read the vault arguments into an array
-    read -r -a vault_args < <(set_ansible_vault_args)
-
     # Check if ansible-vault is installed locally
     if [[ $(command -v ansible-vault)  ]]; then
         vault_run_command=("ansible-vault")
@@ -18,6 +15,9 @@ action_vault(){
         run_type="docker"
     fi
 
+    # Read the vault arguments into an array
+    read -r -a vault_args < <(set_ansible_vault_args "$run_type")
+
     # Check if any argument is '--help'
     for arg in "$@"; do
         if [[ "$arg" == "--help" ]]; then

lib/functions.sh

@@ -1330,6 +1330,7 @@ send_to_upgrade_script () {
 set_ansible_vault_args() {
   local vault_args=()
   local variable_file=".spin.yml"
+  local run_type="${1:-docker}"
 
   if [[ -f .vault-password ]]; then
     # Validate the vault password file using Docker
@@ -1351,7 +1352,11 @@ set_ansible_vault_args() {
       fi
     fi
 
-    vault_args+=("--vault-password-file" "/ansible/.vault-password")
+    if [[ "$run_type" == "local" ]]; then
+      vault_args+=("--vault-password-file" ".vault-password")
+    else
+      vault_args+=("--vault-password-file" "/ansible/.vault-password")
+    fi
   elif is_encrypted_with_ansible_vault "$variable_file" || is_encrypted_with_ansible_vault ".spin-inventory.ini"; then
     echo "${BOLD}${YELLOW}🔐 '.vault-password' file not found. You will be prompted to enter your vault password.${RESET}" >&2
     vault_args+=("--ask-vault-pass")