simplified vault password functions

also fixes #12864

lib/ansible/cli/__init__.py

@@ -107,25 +107,18 @@ class CLI(object):
                 self.display.display("No config file found; using defaults")
 
     @staticmethod
-    def ask_vault_passwords(ask_vault_pass=False, ask_new_vault_pass=False, confirm_vault=False, confirm_new=False):
+    def ask_vault_passwords(ask_new_vault_pass=False, rekey=False):
         ''' prompt for vault password and/or password change '''
 
         vault_pass = None
         new_vault_pass = None
 
         try:
-            if ask_vault_pass:
+            if rekey or not ask_new_vault_pass:
                 vault_pass = getpass.getpass(prompt="Vault password: ")
 
-            if ask_vault_pass and confirm_vault:
-                vault_pass2 = getpass.getpass(prompt="Confirm Vault password: ")
-                if vault_pass != vault_pass2:
-                    raise AnsibleError("Passwords do not match")
-
             if ask_new_vault_pass:
                 new_vault_pass = getpass.getpass(prompt="New Vault password: ")
-
-            if ask_new_vault_pass and confirm_new:
                 new_vault_pass2 = getpass.getpass(prompt="Confirm New Vault password: ")
                 if new_vault_pass != new_vault_pass2:
                     raise AnsibleError("Passwords do not match")
@@ -138,6 +131,9 @@ class CLI(object):
         if new_vault_pass:
             new_vault_pass = to_bytes(new_vault_pass, errors='strict', nonstring='simplerepr').strip()
 
+        if ask_new_vault_pass and not rekey:
+            vault_pass = new_vault_pass
+
         return vault_pass, new_vault_pass