From 2e0229a4b69e2d263a1f98526c0caf53d1e9c72f Mon Sep 17 00:00:00 2001
From: Sam Doran <sdoran@redhat.com>
Date: Mon, 3 Jun 2019 06:14:07 -0400
Subject: [PATCH] ansible-vault: convert vault_password_files to list to
 prevent traceback (#57186)

* Convert vault_password_files to a list

* Add changelog and tests
---
 .../fragments/vault-ensure-vault-password-files-are-list.yaml | 2 ++
 lib/ansible/cli/vault.py                                      | 2 +-
 test/integration/targets/vault/runme.sh                       | 4 ++++
 3 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/fragments/vault-ensure-vault-password-files-are-list.yaml

diff --git a/changelogs/fragments/vault-ensure-vault-password-files-are-list.yaml b/changelogs/fragments/vault-ensure-vault-password-files-are-list.yaml
new file mode 100644
index 00000000000..513cae7adf3
--- /dev/null
+++ b/changelogs/fragments/vault-ensure-vault-password-files-are-list.yaml
@@ -0,0 +1,2 @@
+bugfixes:
+  - ansible-vault - fix error when multiple vault password files are specified (https://github.com/ansible/ansible/issues/57172)
diff --git a/lib/ansible/cli/vault.py b/lib/ansible/cli/vault.py
index 194a2184a78..1b4b69db90a 100644
--- a/lib/ansible/cli/vault.py
+++ b/lib/ansible/cli/vault.py
@@ -177,7 +177,7 @@ class VaultCLI(CLI):
             vault_secrets = \
                 self.setup_vault_secrets(loader,
                                          vault_ids=vault_ids,
-                                         vault_password_files=context.CLIARGS['vault_password_files'],
+                                         vault_password_files=list(context.CLIARGS['vault_password_files']),
                                          ask_vault_pass=context.CLIARGS['ask_vault_pass'],
                                          create_new_password=True)
 
diff --git a/test/integration/targets/vault/runme.sh b/test/integration/targets/vault/runme.sh
index f9f3434af0f..0f1de3bd422 100755
--- a/test/integration/targets/vault/runme.sh
+++ b/test/integration/targets/vault/runme.sh
@@ -317,6 +317,10 @@ echo "rc was $WRONG_RC (1 is expected)"
 
 ansible-vault encrypt_string "$@" --vault-password-file "${NEW_VAULT_PASSWORD}" "a test string"
 
+# Test with multiple vault password files
+# https://github.com/ansible/ansible/issues/57172
+env ANSIBLE_VAULT_PASSWORD_FILE=vault-password ansible-vault encrypt_string "$@" --vault-password-file "${NEW_VAULT_PASSWORD}" --encrypt-vault-id default "a test string"
+
 ansible-vault encrypt_string "$@" --vault-password-file "${NEW_VAULT_PASSWORD}" --name "blippy" "a test string names blippy"
 
 ansible-vault encrypt_string "$@" --vault-id "${NEW_VAULT_PASSWORD}" "a test string"