Default to non-interactive passphrase generation

This change disables and skips input prompts for generate passphrases.
Using the -i option will now only enable prompts for passphrases that
are set to prompt=True.

Change-Id: Ia932305891259d9d1430e1d184dbf39892d4a5d3
This commit is contained in:
Ian H. Pittwood 2019-09-13 08:15:59 -05:00 committed by Ian H Pittwood
parent 2d88f48989
commit e2dad75a99
4 changed files with 13 additions and 8 deletions

View File

@ -888,7 +888,9 @@ are placed in the following folder structure under ``save_location``:
**-i / --interactive** (Optional). False by default.
Generate passphrases interactively, not automatically.
Enables input prompts for "prompt: true" passphrases. Input prompts are
otherwise disabled by default and prompted passphrases will be
skipped.
**--force-cleartext** (Optional). False by default.

View File

@ -632,7 +632,7 @@ def generate():
'interactive',
is_flag=True,
default=False,
help='Generate passphrases interactively, not automatically')
help='Enables input prompts for "prompt: true" passphrases')
@click.option(
'--force-cleartext',
'force_cleartext',

View File

@ -65,7 +65,7 @@ class PassphraseGenerator(BaseGenerator):
passphrase. Write the wrapped and encrypted document in a file at
<repo_name>/site/<site_name>/secrets/passphrases/passphrase_name.yaml.
:param bool interactive: If true, run interactively
:param bool interactive: If true, allow input
:param bool force_cleartext: If true, don't encrypt
"""
for p_name in self._catalog.get_passphrase_names:
@ -80,8 +80,8 @@ class PassphraseGenerator(BaseGenerator):
passphrase = None
passphrase_type = self._catalog.get_passphrase_type(p_name)
prompt = self._catalog.is_passphrase_prompt(p_name)
if interactive or prompt:
auto_allowed = not (prompt and not regenerable) # nosec
if interactive and prompt:
auto_allowed = regenerable
if passphrase_type == 'uuid': # nosec
passphrase = self._prompt_user_passphrase_and_validate(
@ -103,6 +103,9 @@ class PassphraseGenerator(BaseGenerator):
'passphrase',
self.validate_passphrase,
auto_allowed=auto_allowed)
elif not interactive and prompt:
LOG.debug('Skipping interactive input for %s', p_name)
continue
if not passphrase:
if passphrase_type == 'uuid': # nosec
@ -192,8 +195,8 @@ class PassphraseGenerator(BaseGenerator):
def validate_auto(passphrase, auto_allowed):
if not passphrase and not auto_allowed:
click.echo(
'Documents cannot have autogenerated passphrases when prompt '
'is true and regenerable is false.')
'Documents cannot have autogenerated passphrases when '
'regenerable is false.')
return False
else:
return True

View File

@ -148,7 +148,7 @@ def generate_passphrases(
:param str site_name: The site to read from
:param str save_location: Location to write files to
:param str author: Author who's generating the files
:param bool interactive: Whether to generate the results interactively
:param bool interactive: Whether to allow user input for passphrases
:param bool force_cleartext: Whether to generate results in clear text
"""