Merge pull request #6058 from jctanner/vault_squashed_2

Ansible vault: a framework for encrypting any playbook or var file.

lib/ansible/runner/__init__.py

@@ -144,6 +144,7 @@ class Runner(object):
         su=False,                           # Are we running our command via su?
         su_user=None,                       # User to su to when running command, ex: 'root'
         su_pass=C.DEFAULT_SU_PASS,
+        vault_pass=None,
         run_hosts=None,                     # an optional list of pre-calculated hosts to run on
         no_log=False,                       # option to enable/disable logging for a given task
         ):
@@ -197,6 +198,7 @@ class Runner(object):
         self.su_user_var      = su_user
         self.su_user          = None
         self.su_pass          = su_pass
+        self.vault_pass       = vault_pass
         self.no_log           = no_log
 
         if self.transport == 'smart':
@@ -534,7 +536,7 @@ class Runner(object):
     def _executor_internal(self, host, new_stdin):
         ''' executes any module one or more times '''
 
-        host_variables = self.inventory.get_variables(host)
+        host_variables = self.inventory.get_variables(host, vault_password=self.vault_pass)
         host_connection = host_variables.get('ansible_connection', self.transport)
         if host_connection in [ 'paramiko', 'paramiko_alt', 'ssh', 'ssh_old', 'accelerate' ]:
             port = host_variables.get('ansible_ssh_port', self.remote_port)

lib/ansible/runner/action_plugins/include_vars.py

@@ -43,7 +43,7 @@ class ActionModule(object):
             source = utils.path_dwim(self.runner.basedir, source)
 
         if os.path.exists(source):
-            data = utils.parse_yaml_from_file(source)
+            data = utils.parse_yaml_from_file(source, vault_password=self.runner.vault_pass)
             if type(data) != dict:
                 raise errors.AnsibleError("%s must be stored as a dictionary/hash" % source)
             result = dict(ansible_facts=data)