From c81d9e8b2c887171fbf5e62a1cd66051fc295bd9 Mon Sep 17 00:00:00 2001
From: Alex-Welsh <alex@stackhpc.com>
Date: Thu, 22 Sep 2022 14:16:27 +0100
Subject: [PATCH] Fix bug trying to decrypt a plaintext file

Story: 2010315
Task: 46382
Change-Id: I840a56339c826d05da663f8cc8eb0623ad12c468
---
 ansible/roles/kolla-ansible/library/kolla_passwords.py      | 6 ++++++
 .../fix-unnecessary-decryption-bug-adaf2f6385a77f48.yaml    | 5 +++++
 2 files changed, 11 insertions(+)
 create mode 100644 releasenotes/notes/fix-unnecessary-decryption-bug-adaf2f6385a77f48.yaml

diff --git a/ansible/roles/kolla-ansible/library/kolla_passwords.py b/ansible/roles/kolla-ansible/library/kolla_passwords.py
index 4b3c0491d..733f5e038 100644
--- a/ansible/roles/kolla-ansible/library/kolla_passwords.py
+++ b/ansible/roles/kolla-ansible/library/kolla_passwords.py
@@ -76,6 +76,12 @@ def vault_encrypt(module, file_path):
 
 def vault_decrypt(module, file_path):
     """Decrypt a file using Ansible vault"""
+
+    # Return immediately if file not encrypted
+    with open(file_path, 'r') as f:
+        if not f.readline()[:15] == "$ANSIBLE_VAULT;":
+            return
+
     password_path = create_vault_password_file(module)
     try:
         cmd = ["ansible-vault", "decrypt",
diff --git a/releasenotes/notes/fix-unnecessary-decryption-bug-adaf2f6385a77f48.yaml b/releasenotes/notes/fix-unnecessary-decryption-bug-adaf2f6385a77f48.yaml
new file mode 100644
index 000000000..70fc5804f
--- /dev/null
+++ b/releasenotes/notes/fix-unnecessary-decryption-bug-adaf2f6385a77f48.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Fixes an error when generating passwords.yml if an unencrypted file exists
+    but a password has been supplied.