diff --git a/examples/playbooks/prompts.yml b/examples/playbooks/prompts.yml index 08742430cb4..fc9797f1083 100644 --- a/examples/playbooks/prompts.yml +++ b/examples/playbooks/prompts.yml @@ -32,6 +32,14 @@ - name: "release_version" prompt: "Product release version" private: False + + - name: "my_password2" + prompt: "Enter password2" + private: True + encrypt: "md5_crypt" + confirm: True + salt_size: 7 + salt: "foo" # this is just a simple example to show that vars_prompt works, but # you might ask for a tag to use with the git module or perhaps diff --git a/lib/ansible/callbacks.py b/lib/ansible/callbacks.py index af09f02e307..10452d40ae5 100644 --- a/lib/ansible/callbacks.py +++ b/lib/ansible/callbacks.py @@ -380,15 +380,32 @@ class PlaybookCallbacks(object): msg = "NOTIFIED: [%s]" % name print banner(msg) - def on_vars_prompt(self, varname, private=True, prompt=None): + def on_vars_prompt(self, varname, private=True, prompt=None, encrypt=None, confirm=False, salt_size=None, salt=None): if prompt: msg = prompt else: msg = 'input for %s: ' % varname - if private: - return getpass.getpass(msg) - return raw_input(msg) + + def prompt(prompt, private): + if private: + return getpass.getpass(prompt) + return raw_input(prompt) + + + if confirm: + while True: + result = prompt(msg, private) + second = prompt("confirm " + msg, private) + if result == second: break + print "***** VALUES ENTERED DO NOT MATCH ****" + else: + result = prompt(msg, private) + + if encrypt: + result = utils.do_encrypt(result,encrypt,salt_size,salt) + + return result def on_setup(self): diff --git a/lib/ansible/playbook/play.py b/lib/ansible/playbook/play.py index d05e68f2384..ac8695dc5c4 100644 --- a/lib/ansible/playbook/play.py +++ b/lib/ansible/playbook/play.py @@ -129,7 +129,7 @@ class Play(object): return self._tasks def handlers(self): - ''' return handler objects for this play ''' + ''' return handler objects for this play ''' return self._handlers # ************************************************* @@ -159,14 +159,23 @@ class Play(object): for var in self.vars_prompt: if not 'name' in var: raise errors.AnsibleError("'vars_prompt' item is missing 'name:'") + vname = var['name'] prompt = "%s: " % var.get("prompt", vname) private = var.get("private", True) - vars[vname] = self.playbook.callbacks.on_vars_prompt(vname, private, prompt) + + confirm = var.get("confirm", False) + encrypt = var.get("encrypt", None) + salt_size = var.get("salt_size", None) + salt = var.get("salt", None) + + vars[vname] = self.playbook.callbacks.on_vars_prompt(vname, private, prompt,encrypt, confirm, salt_size, salt) + elif type(self.vars_prompt) == dict: for (vname, prompt) in self.vars_prompt.iteritems(): - prompt = "%s: " % prompt - vars[vname] = self.playbook.callbacks.on_vars_prompt(vname, False, prompt) + prompt_msg = "%s: " % prompt + vars[vname] = self.playbook.callbacks.on_vars_prompt(varname=vname, private=False, prompt=prompt_msg) + else: raise errors.AnsibleError("'vars_prompt' section is malformed, see docs") diff --git a/lib/ansible/utils.py b/lib/ansible/utils.py index 5dc04316254..b248ce8182e 100644 --- a/lib/ansible/utils.py +++ b/lib/ansible/utils.py @@ -42,6 +42,15 @@ try: except ImportError: from md5 import md5 as _md5 +# vars_prompt_encrypt +PASSLIB_AVAILABLE = False + +try: + import passlib.hash + PASSLIB_AVAILABLE = True +except: + pass + ############################################################### # UTILITY FUNCTIONS FOR COMMAND LINE TOOLS ############################################################### @@ -383,5 +392,21 @@ def base_parser(constants=C, usage="", output_opts=False, runas_opts=False, asyn return parser +def do_encrypt(result, encrypt, salt_size=None, salt=None): + if PASSLIB_AVAILABLE: + try: + crypt = getattr(passlib.hash, encrypt) + except: + raise errors.AnsibleError("passlib does not support '%s' algorithm" % encrypt) + if salt_size: + result = crypt.encrypt(result, salt_size=salt_size) + elif salt: + result = crypt.encrypt(result, salt=salt) + else: + result = crypt.encrypt(result) + else: + raise errors.AnsibleError("passlib must be installed to encrypt vars_prompt values") + + return result