added password prompting and become/sudo/su collapsing
This commit is contained in:
parent
9d3a63945d
commit
edb1bd25dd
3 changed files with 65 additions and 11 deletions
|
@ -24,9 +24,11 @@ import optparse
|
|||
import os
|
||||
import time
|
||||
import yaml
|
||||
import getpass
|
||||
|
||||
from ansible import __version__
|
||||
from ansible import constants as C
|
||||
from ansible.utils.unicode import to_bytes
|
||||
|
||||
# FIXME: documentation for methods here, which have mostly been
|
||||
# copied directly over from the old utils/__init__.py
|
||||
|
@ -231,6 +233,51 @@ def _gitinfo():
|
|||
f.close()
|
||||
return result
|
||||
|
||||
|
||||
def ask_passwords(options):
|
||||
sshpass = None
|
||||
becomepass = None
|
||||
vaultpass = None
|
||||
become_prompt = ''
|
||||
|
||||
if options.ask_pass:
|
||||
sshpass = getpass.getpass(prompt="SSH password: ")
|
||||
become_prompt = "%s password[defaults to SSH password]: " % options.become_method.upper()
|
||||
if sshpass:
|
||||
sshpass = to_bytes(sshpass, errors='strict', nonstring='simplerepr')
|
||||
else:
|
||||
become_prompt = "%s password: " % options.become_method.upper()
|
||||
|
||||
if options.become_ask_pass:
|
||||
becomepass = getpass.getpass(prompt=become_prompt)
|
||||
if options.ask_pass and becomepass == '':
|
||||
becomepass = sshpass
|
||||
if becomepass:
|
||||
becomepass = to_bytes(becomepass)
|
||||
|
||||
if options.ask_vault_pass:
|
||||
vaultpass = getpass.getpass(prompt="Vault password: ")
|
||||
if vaultpass:
|
||||
vaultpass = to_bytes(vaultpass, errors='strict', nonstring='simplerepr').strip()
|
||||
|
||||
return (sshpass, becomepass, vaultpass)
|
||||
|
||||
|
||||
def normalize_become_options(options):
|
||||
''' this keeps backwards compatibility with sudo/su options '''
|
||||
options.become_ask_pass = options.become_ask_pass or options.ask_sudo_pass or options.ask_su_pass or C.DEFAULT_BECOME_ASK_PASS
|
||||
options.become_user = options.become_user or options.sudo_user or options.su_user or C.DEFAULT_BECOME_USER
|
||||
|
||||
if options.become:
|
||||
pass
|
||||
elif options.sudo:
|
||||
options.become = True
|
||||
options.become_method = 'sudo'
|
||||
elif options.su:
|
||||
options.become = True
|
||||
options.become_method = 'su'
|
||||
|
||||
|
||||
def validate_conflicts(parser, options):
|
||||
|
||||
# Check for vault related conflicts
|
||||
|
|
|
@ -29,7 +29,7 @@ from ansible.inventory import Inventory
|
|||
from ansible.parsing import DataLoader
|
||||
from ansible.parsing.splitter import parse_kv
|
||||
from ansible.playbook.play import Play
|
||||
from ansible.utils.cli import base_parser, validate_conflicts
|
||||
from ansible.utils.cli import base_parser, validate_conflicts, normalize_become_options, ask_passwords
|
||||
from ansible.vars import VariableManager
|
||||
|
||||
########################################################
|
||||
|
@ -79,11 +79,14 @@ class Cli(object):
|
|||
#-------------------------------------------------------------------------------
|
||||
# FIXME: the password asking stuff needs to be ported over still
|
||||
#-------------------------------------------------------------------------------
|
||||
#sshpass = None
|
||||
#sudopass = None
|
||||
#su_pass = None
|
||||
#vault_pass = None
|
||||
#
|
||||
sshpass = None
|
||||
becomepass = None
|
||||
vault_pass = None
|
||||
|
||||
normalize_become_options(options)
|
||||
(sshpass, becomepass, vault_pass) = ask_passwords(options)
|
||||
|
||||
|
||||
#options.ask_pass = options.ask_pass or C.DEFAULT_ASK_PASS
|
||||
## Never ask for an SSH password when we run with local connection
|
||||
#if options.connection == "local":
|
||||
|
|
|
@ -12,7 +12,7 @@ from ansible.parsing import DataLoader
|
|||
from ansible.parsing.splitter import parse_kv
|
||||
from ansible.playbook import Playbook
|
||||
from ansible.playbook.task import Task
|
||||
from ansible.utils.cli import base_parser, validate_conflicts
|
||||
from ansible.utils.cli import base_parser, validate_conflicts, normalize_become_options, ask_passwords
|
||||
from ansible.utils.unicode import to_unicode
|
||||
from ansible.utils.vars import combine_vars
|
||||
from ansible.utils.vault import read_vault_file
|
||||
|
@ -55,11 +55,15 @@ def main(args):
|
|||
|
||||
validate_conflicts(parser,options)
|
||||
|
||||
# Manage passwords
|
||||
sshpass = None
|
||||
becomepass = None
|
||||
vault_pass = None
|
||||
if options.ask_vault_pass:
|
||||
# FIXME: prompt here
|
||||
pass
|
||||
elif options.vault_password_file:
|
||||
|
||||
normalize_become_options(options)
|
||||
(sshpass, becomepass, vault_pass) = ask_passwords(options)
|
||||
|
||||
if options.vault_password_file:
|
||||
# read vault_pass from a file
|
||||
vault_pass = read_vault_file(options.vault_password_file)
|
||||
|
||||
|
|
Loading…
Add table
Reference in a new issue