Fix verification of parameters for modifying salt attribute.

When modifying an existing vault to change the value of `salt`, the password must also change. It is fine to "change" the password to the same value, thus only changing the salt value.
2026-05-07 05:43:26 +00:00 · 2020-07-31 11:33:47 -03:00
parent d52364bac9
commit daee6a6c74
1 changed files with 10 additions and 0 deletions
--- a/plugins/modules/ipavault.py
+++ b/plugins/modules/ipavault.py
@@ -517,6 +517,16 @@ def check_encryption_params(module, state, action, vault_type, salt,
            module.fail_json(
                msg="Cannot modify password of inexistent vault.")

+        if (
+            salt is not None
+            and not(
+                any([password, password_file])
+                and any([new_password, new_password_file])
+            )
+        ):
+            module.fail_json(
+                msg="Vault `salt` can only change when changing the password.")
+
    if vault_type == "asymmetric":
        vault_type_invalid = [
            'password', 'password_file', 'new_password', 'new_password_file'