Improve the warning msg and tests

lib/ansible/cli/__init__.py

@@ -215,7 +215,7 @@ def setup_vault_secrets(loader, vault_ids, vault_password_files=None,
                                                           vault_id=vault_id_name,
                                                           loader=loader)
             except AnsibleError as exc:
-                display.warning('Error getting secret from vault password file (%s): %s' % (vault_id_name, to_text(exc)))
+                display.warning('Error getting vault password file (%s): %s' % (vault_id_name, to_text(exc)))
                 last_exception = exc
                 continue
 

test/integration/targets/ansible-vault/runme.sh

@@ -524,7 +524,26 @@ ansible-playbook -v "$@" --vault-password-file vault-password test_dangling_temp
 ansible-playbook "$@" --vault-password-file vault-password single_vault_as_string.yml
 
 # Test that only one accessible vault password is required
+export ANSIBLE_VAULT_IDENTITY_LIST="id1@./nonexistent, id2@${MYTMPDIR}/unreadable, id3@./vault-password"
+
 touch "${MYTMPDIR}/unreadable"
 sudo chmod 000 "${MYTMPDIR}/unreadable"
-ANSIBLE_VAULT_IDENTITY_LIST="id1@./nonexistent, id2@${MYTMPDIR}/unreadable, id3@./vault-password" ansible-vault encrypt_string content
-[ "$?" -eq 0 ]
+
+ansible-vault encrypt_string content
+ansible-vault encrypt_string content --encrypt-vault-id id3
+
+set +e
+
+# Try to use a missing vault password file
+ansible-vault encrypt_string content --encrypt-vault-id id1 2>&1 | tee out.txt
+test $? -ne 0
+grep out.txt -e '[WARNING]: Error getting vault password file (id1)'
+grep out.txt -e "ERROR! Did not find a match for --encrypt-vault-id=id2 in the known vault-ids ['id3']"
+
+# Try to use an inaccessible vault password file
+ansible-vault encrypt_string content --encrypt-vault-id id2 2>&1 | tee out.txt
+test $? -ne 0
+grep out.txt -e "[WARNING]: Error in vault password file loading (id2)"
+grep out.txt -e "ERROR! Did not find a match for --encrypt-vault-id=id2 in the known vault-ids ['id3']"
+
+set -e