Default to non-interactive passphrase generation
This change disables and skips input prompts for generate passphrases. Using the -i option will now only enable prompts for passphrases that are set to prompt=True. Change-Id: Ia932305891259d9d1430e1d184dbf39892d4a5d3
This commit is contained in:
parent
2d88f48989
commit
e2dad75a99
@ -888,7 +888,9 @@ are placed in the following folder structure under ``save_location``:
|
||||
|
||||
**-i / --interactive** (Optional). False by default.
|
||||
|
||||
Generate passphrases interactively, not automatically.
|
||||
Enables input prompts for "prompt: true" passphrases. Input prompts are
|
||||
otherwise disabled by default and prompted passphrases will be
|
||||
skipped.
|
||||
|
||||
**--force-cleartext** (Optional). False by default.
|
||||
|
||||
|
@ -632,7 +632,7 @@ def generate():
|
||||
'interactive',
|
||||
is_flag=True,
|
||||
default=False,
|
||||
help='Generate passphrases interactively, not automatically')
|
||||
help='Enables input prompts for "prompt: true" passphrases')
|
||||
@click.option(
|
||||
'--force-cleartext',
|
||||
'force_cleartext',
|
||||
|
@ -65,7 +65,7 @@ class PassphraseGenerator(BaseGenerator):
|
||||
passphrase. Write the wrapped and encrypted document in a file at
|
||||
<repo_name>/site/<site_name>/secrets/passphrases/passphrase_name.yaml.
|
||||
|
||||
:param bool interactive: If true, run interactively
|
||||
:param bool interactive: If true, allow input
|
||||
:param bool force_cleartext: If true, don't encrypt
|
||||
"""
|
||||
for p_name in self._catalog.get_passphrase_names:
|
||||
@ -80,8 +80,8 @@ class PassphraseGenerator(BaseGenerator):
|
||||
passphrase = None
|
||||
passphrase_type = self._catalog.get_passphrase_type(p_name)
|
||||
prompt = self._catalog.is_passphrase_prompt(p_name)
|
||||
if interactive or prompt:
|
||||
auto_allowed = not (prompt and not regenerable) # nosec
|
||||
if interactive and prompt:
|
||||
auto_allowed = regenerable
|
||||
|
||||
if passphrase_type == 'uuid': # nosec
|
||||
passphrase = self._prompt_user_passphrase_and_validate(
|
||||
@ -103,6 +103,9 @@ class PassphraseGenerator(BaseGenerator):
|
||||
'passphrase',
|
||||
self.validate_passphrase,
|
||||
auto_allowed=auto_allowed)
|
||||
elif not interactive and prompt:
|
||||
LOG.debug('Skipping interactive input for %s', p_name)
|
||||
continue
|
||||
|
||||
if not passphrase:
|
||||
if passphrase_type == 'uuid': # nosec
|
||||
@ -192,8 +195,8 @@ class PassphraseGenerator(BaseGenerator):
|
||||
def validate_auto(passphrase, auto_allowed):
|
||||
if not passphrase and not auto_allowed:
|
||||
click.echo(
|
||||
'Documents cannot have autogenerated passphrases when prompt '
|
||||
'is true and regenerable is false.')
|
||||
'Documents cannot have autogenerated passphrases when '
|
||||
'regenerable is false.')
|
||||
return False
|
||||
else:
|
||||
return True
|
||||
|
@ -148,7 +148,7 @@ def generate_passphrases(
|
||||
:param str site_name: The site to read from
|
||||
:param str save_location: Location to write files to
|
||||
:param str author: Author who's generating the files
|
||||
:param bool interactive: Whether to generate the results interactively
|
||||
:param bool interactive: Whether to allow user input for passphrases
|
||||
:param bool force_cleartext: Whether to generate results in clear text
|
||||
"""
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user