Default to non-interactive passphrase generation

This change disables and skips input prompts for generate passphrases.
Using the -i option will now only enable prompts for passphrases that
are set to prompt=True.

Change-Id: Ia932305891259d9d1430e1d184dbf39892d4a5d3

doc/source/cli/cli.rst

@@ -888,7 +888,9 @@ are placed in the following folder structure under ``save_location``:
 
 **-i / --interactive** (Optional). False by default.
 
-Generate passphrases interactively, not automatically.
+Enables input prompts for "prompt: true" passphrases. Input prompts are
+otherwise disabled by default and prompted passphrases will be
+skipped.
 
 **--force-cleartext** (Optional). False by default.
 

pegleg/cli.py

@@ -632,7 +632,7 @@ def generate():
     'interactive',
     is_flag=True,
     default=False,
-    help='Generate passphrases interactively, not automatically')
+    help='Enables input prompts for "prompt: true" passphrases')
 @click.option(
     '--force-cleartext',
     'force_cleartext',

pegleg/engine/generators/passphrase_generator.py

@@ -65,7 +65,7 @@ class PassphraseGenerator(BaseGenerator):
         passphrase. Write the wrapped and encrypted document in a file at
         <repo_name>/site/<site_name>/secrets/passphrases/passphrase_name.yaml.
 
-        :param bool interactive: If true, run interactively
+        :param bool interactive: If true, allow input
         :param bool force_cleartext: If true, don't encrypt
         """
         for p_name in self._catalog.get_passphrase_names:
@@ -80,8 +80,8 @@ class PassphraseGenerator(BaseGenerator):
             passphrase = None
             passphrase_type = self._catalog.get_passphrase_type(p_name)
             prompt = self._catalog.is_passphrase_prompt(p_name)
-            if interactive or prompt:
+            if interactive and prompt:
-                auto_allowed = not (prompt and not regenerable)  # nosec
+                auto_allowed = regenerable
 
                 if passphrase_type == 'uuid':  # nosec
                     passphrase = self._prompt_user_passphrase_and_validate(
@@ -103,6 +103,9 @@ class PassphraseGenerator(BaseGenerator):
                         'passphrase',
                         self.validate_passphrase,
                         auto_allowed=auto_allowed)
+            elif not interactive and prompt:
+                LOG.debug('Skipping interactive input for %s', p_name)
+                continue
 
             if not passphrase:
                 if passphrase_type == 'uuid':  # nosec
@@ -192,8 +195,8 @@ class PassphraseGenerator(BaseGenerator):
     def validate_auto(passphrase, auto_allowed):
         if not passphrase and not auto_allowed:
             click.echo(
-                'Documents cannot have autogenerated passphrases when prompt '
+                'Documents cannot have autogenerated passphrases when '
-                'is true and regenerable is false.')
+                'regenerable is false.')
             return False
         else:
             return True

pegleg/engine/secrets.py

@@ -148,7 +148,7 @@ def generate_passphrases(
     :param str site_name: The site to read from
     :param str save_location: Location to write files to
     :param str author: Author who's generating the files
-    :param bool interactive: Whether to generate the results interactively
+    :param bool interactive: Whether to allow user input for passphrases
     :param bool force_cleartext: Whether to generate results in clear text
     """