From e2dad75a990268fd80312c4501ebc1ac3be2f2c6 Mon Sep 17 00:00:00 2001 From: "Ian H. Pittwood" Date: Fri, 13 Sep 2019 08:15:59 -0500 Subject: [PATCH] Default to non-interactive passphrase generation This change disables and skips input prompts for generate passphrases. Using the -i option will now only enable prompts for passphrases that are set to prompt=True. Change-Id: Ia932305891259d9d1430e1d184dbf39892d4a5d3 --- doc/source/cli/cli.rst | 4 +++- pegleg/cli.py | 2 +- pegleg/engine/generators/passphrase_generator.py | 13 ++++++++----- pegleg/engine/secrets.py | 2 +- 4 files changed, 13 insertions(+), 8 deletions(-) diff --git a/doc/source/cli/cli.rst b/doc/source/cli/cli.rst index dd0f2656..66f0b81d 100644 --- a/doc/source/cli/cli.rst +++ b/doc/source/cli/cli.rst @@ -888,7 +888,9 @@ are placed in the following folder structure under ``save_location``: **-i / --interactive** (Optional). False by default. -Generate passphrases interactively, not automatically. +Enables input prompts for "prompt: true" passphrases. Input prompts are +otherwise disabled by default and prompted passphrases will be +skipped. **--force-cleartext** (Optional). False by default. diff --git a/pegleg/cli.py b/pegleg/cli.py index 9e558d5c..57a903fc 100644 --- a/pegleg/cli.py +++ b/pegleg/cli.py @@ -632,7 +632,7 @@ def generate(): 'interactive', is_flag=True, default=False, - help='Generate passphrases interactively, not automatically') + help='Enables input prompts for "prompt: true" passphrases') @click.option( '--force-cleartext', 'force_cleartext', diff --git a/pegleg/engine/generators/passphrase_generator.py b/pegleg/engine/generators/passphrase_generator.py index 4ca511a0..8adee2d0 100644 --- a/pegleg/engine/generators/passphrase_generator.py +++ b/pegleg/engine/generators/passphrase_generator.py @@ -65,7 +65,7 @@ class PassphraseGenerator(BaseGenerator): passphrase. Write the wrapped and encrypted document in a file at /site//secrets/passphrases/passphrase_name.yaml. - :param bool interactive: If true, run interactively + :param bool interactive: If true, allow input :param bool force_cleartext: If true, don't encrypt """ for p_name in self._catalog.get_passphrase_names: @@ -80,8 +80,8 @@ class PassphraseGenerator(BaseGenerator): passphrase = None passphrase_type = self._catalog.get_passphrase_type(p_name) prompt = self._catalog.is_passphrase_prompt(p_name) - if interactive or prompt: - auto_allowed = not (prompt and not regenerable) # nosec + if interactive and prompt: + auto_allowed = regenerable if passphrase_type == 'uuid': # nosec passphrase = self._prompt_user_passphrase_and_validate( @@ -103,6 +103,9 @@ class PassphraseGenerator(BaseGenerator): 'passphrase', self.validate_passphrase, auto_allowed=auto_allowed) + elif not interactive and prompt: + LOG.debug('Skipping interactive input for %s', p_name) + continue if not passphrase: if passphrase_type == 'uuid': # nosec @@ -192,8 +195,8 @@ class PassphraseGenerator(BaseGenerator): def validate_auto(passphrase, auto_allowed): if not passphrase and not auto_allowed: click.echo( - 'Documents cannot have autogenerated passphrases when prompt ' - 'is true and regenerable is false.') + 'Documents cannot have autogenerated passphrases when ' + 'regenerable is false.') return False else: return True diff --git a/pegleg/engine/secrets.py b/pegleg/engine/secrets.py index 08b42b98..a09b4f0d 100644 --- a/pegleg/engine/secrets.py +++ b/pegleg/engine/secrets.py @@ -148,7 +148,7 @@ def generate_passphrases( :param str site_name: The site to read from :param str save_location: Location to write files to :param str author: Author who's generating the files - :param bool interactive: Whether to generate the results interactively + :param bool interactive: Whether to allow user input for passphrases :param bool force_cleartext: Whether to generate results in clear text """