Default to non-interactive passphrase generation

This change disables and skips input prompts for generate passphrases. Using the -i option will now only enable prompts for passphrases that are set to prompt=True. Change-Id: Ia932305891259d9d1430e1d184dbf39892d4a5d3
2019-09-13 08:15:59 -05:00 · 2019-09-13 08:15:59 -05:00 · e2dad75a99
parent 2d88f48989
commit e2dad75a99
4 changed files with 13 additions and 8 deletions
--- a/doc/source/cli/cli.rst
+++ b/doc/source/cli/cli.rst
@ -888,7 +888,9 @@ are placed in the following folder structure under ``save_location``:

 **-i / --interactive** (Optional). False by default.

-Generate passphrases interactively, not automatically.
+Enables input prompts for "prompt: true" passphrases. Input prompts are
+otherwise disabled by default and prompted passphrases will be
+skipped.

 **--force-cleartext** (Optional). False by default.

--- a/pegleg/cli.py
+++ b/pegleg/cli.py
@ -632,7 +632,7 @@ def generate():
    'interactive',
    is_flag=True,
    default=False,
-    help='Generate passphrases interactively, not automatically')
+    help='Enables input prompts for "prompt: true" passphrases')
@click.option(
    '--force-cleartext',
    'force_cleartext',
--- a/pegleg/engine/generators/passphrase_generator.py
+++ b/pegleg/engine/generators/passphrase_generator.py
@ -65,7 +65,7 @@ class PassphraseGenerator(BaseGenerator):
        passphrase. Write the wrapped and encrypted document in a file at
        <repo_name>/site/<site_name>/secrets/passphrases/passphrase_name.yaml.

-        :param bool interactive: If true, run interactively
+        :param bool interactive: If true, allow input
        :param bool force_cleartext: If true, don't encrypt
        """
        for p_name in self._catalog.get_passphrase_names:
@ -80,8 +80,8 @@ class PassphraseGenerator(BaseGenerator):
            passphrase = None
            passphrase_type = self._catalog.get_passphrase_type(p_name)
            prompt = self._catalog.is_passphrase_prompt(p_name)
-            if interactive or prompt:
-                auto_allowed = not (prompt and not regenerable)  # nosec
+            if interactive and prompt:
+                auto_allowed = regenerable

                if passphrase_type == 'uuid':  # nosec
                    passphrase = self._prompt_user_passphrase_and_validate(
@ -103,6 +103,9 @@ class PassphraseGenerator(BaseGenerator):
                        'passphrase',
                        self.validate_passphrase,
                        auto_allowed=auto_allowed)
+            elif not interactive and prompt:
+                LOG.debug('Skipping interactive input for %s', p_name)
+                continue

            if not passphrase:
                if passphrase_type == 'uuid':  # nosec
@ -192,8 +195,8 @@ class PassphraseGenerator(BaseGenerator):
    def validate_auto(passphrase, auto_allowed):
        if not passphrase and not auto_allowed:
            click.echo(
-                'Documents cannot have autogenerated passphrases when prompt '
-                'is true and regenerable is false.')
+                'Documents cannot have autogenerated passphrases when '
+                'regenerable is false.')
            return False
        else:
            return True
--- a/pegleg/engine/secrets.py
+++ b/pegleg/engine/secrets.py
@ -148,7 +148,7 @@ def generate_passphrases(
    :param str site_name: The site to read from
    :param str save_location: Location to write files to
    :param str author: Author who's generating the files
-    :param bool interactive: Whether to generate the results interactively
+    :param bool interactive: Whether to allow user input for passphrases
    :param bool force_cleartext: Whether to generate results in clear text
    """