Fix verification of parameters for modifying `salt` attribute.

When modifying an existing vault to change the value of `salt`, the password must also change. It is fine to "change" the password to the same value, thus only changing the salt value.

Fix verification of parameters for modifying `salt` attribute.
daee6a6c · Rafael Guterres Jeffman · d52364ba · daee6a6c
Commit daee6a6c authored 4 years ago by Rafael Guterres Jeffman
--- a/plugins/modules/ipavault.py
+++ b/plugins/modules/ipavault.py
@@ -517,6 +517,16 @@ def check_encryption_params(module, state, action, vault_type, salt,
            module.fail_json(
                msg="Cannot modify password of inexistent vault.")

+        if (
+            salt is not None
+            and not(
+                any([password, password_file])
+                and any([new_password, new_password_file])
+            )
+        ):
+            module.fail_json(
+                msg="Vault `salt` can only change when changing the password.")
+
    if vault_type == "asymmetric":
        vault_type_invalid = [
            'password', 'password_file', 'new_password', 'new_password_file'