Skip to content

Commit bbdf4c3

Browse files
jaydrogersjaydrogers
committed
Refactor Ansible vault password validation in functions.sh to improve error handling and user feedback. The script now checks if the variable file is encrypted before validating the password, and provides clearer error messages for invalid passwords.
1 parent 9b891d9 commit bbdf4c3

File tree

1 file changed

+18
-10
lines changed

1 file changed

+18
-10
lines changed

lib/functions.sh

+18-10
Original file line numberDiff line numberDiff line change
@@ -1333,18 +1333,26 @@ set_ansible_vault_args() {
13331333

13341334
if [[ -f .vault-password ]]; then
13351335
# Validate the vault password file using Docker
1336-
if ! docker run --rm -i \
1337-
-e "PUID=${SPIN_USER_ID}" \
1338-
-e "PGID=${SPIN_GROUP_ID}" \
1339-
-e "RUN_AS_USER=$(whoami)" \
1340-
-v "$(pwd):/ansible" \
1341-
"$SPIN_ANSIBLE_IMAGE" \
1342-
ansible-vault view --vault-password-file=".vault-password" "$variable_file" >/dev/null 2>&1; then
1343-
echo "${BOLD}${RED}❌ Invalid vault password provided for file .vault-password${RESET}" >&2
1344-
exit 1
1336+
if is_encrypted_with_ansible_vault "$variable_file"; then
1337+
set +e # Disable error checking for the duration of this block
1338+
docker run --rm -i \
1339+
-e "PUID=${SPIN_USER_ID}" \
1340+
-e "PGID=${SPIN_GROUP_ID}" \
1341+
-e "RUN_AS_USER=$(whoami)" \
1342+
-v "$(pwd):/ansible" \
1343+
"$SPIN_ANSIBLE_IMAGE" \
1344+
ansible-vault view --vault-password-file="/ansible/.vault-password" "$variable_file" > /dev/null 2>&1
1345+
1346+
validation_result=$?
1347+
set -e # Re-enable error checking
1348+
if [ $validation_result -ne 0 ]; then
1349+
echo "${BOLD}${RED}❌ Invalid password provided in '.vault-password' file. Please check your password and try again.${RESET}" >&2
1350+
exit $validation_result
1351+
fi
13451352
fi
1353+
13461354
vault_args+=("--vault-password-file" ".vault-password")
1347-
elif is_encrypted_with_ansible_vault "$variable_file" && is_encrypted_with_ansible_vault ".spin-inventory.ini"; then
1355+
elif is_encrypted_with_ansible_vault "$variable_file" || is_encrypted_with_ansible_vault ".spin-inventory.ini"; then
13481356
echo "${BOLD}${YELLOW}🔐 '.vault-password' file not found. You will be prompted to enter your vault password.${RESET}" >&2
13491357
vault_args+=("--ask-vault-pass")
13501358
fi

0 commit comments

Comments
 (0)