added password prompting and become/sudo/su collapsing

edb1bd25 · Brian Coca · 9d3a6394 · edb1bd25 · edb1bd25 · edb1bd25
Commit edb1bd25 authored Mar 21, 2015 by Brian Coca
Show whitespace changes
Inline Side-by-side

Showing with 65 additions and 11 deletions

v2/ansible/utils/cli.py
+47 -0

v2/bin/ansible
+9 -6

v2/bin/ansible-playbook
+9 -5

No files found.
--- a/v2/ansible/utils/cli.py
+++ b/v2/ansible/utils/cli.py
@@ -24,9 +24,11 @@ import optparse
 import os
 import time
 import yaml
+import getpass
 from ansible import __version__
 from ansible import constants as C
+from ansible.utils.unicode import to_bytes
 # FIXME: documentation for methods here, which have mostly been
 #        copied directly over from the old utils/__init__.py
@@ -231,6 +233,51 @@ def _gitinfo():
    f.close()
    return result
+def ask_passwords(options):
+    sshpass = None
+    becomepass = None
+    vaultpass = None
+    become_prompt = ''
+    if options.ask_pass:
+        sshpass = getpass.getpass(prompt="SSH password: ")
+        become_prompt = "%s password[defaults to SSH password]: " % options.become_method.upper()
+        if sshpass:
+            sshpass = to_bytes(sshpass, errors='strict', nonstring='simplerepr')
+    else:
+        become_prompt = "%s password: " % options.become_method.upper()
+    if options.become_ask_pass:
+        becomepass = getpass.getpass(prompt=become_prompt)
+        if options.ask_pass and becomepass == '':
+            becomepass = sshpass
+        if becomepass:
+            becomepass = to_bytes(becomepass)
+    if options.ask_vault_pass:
+        vaultpass = getpass.getpass(prompt="Vault password: ")
+        if vaultpass:
+            vaultpass = to_bytes(vaultpass, errors='strict', nonstring='simplerepr').strip()
+    return (sshpass, becomepass, vaultpass)
+def normalize_become_options(options):
+    ''' this keeps backwards compatibility with sudo/su options '''
+    options.become_ask_pass = options.become_ask_pass or options.ask_sudo_pass or options.ask_su_pass or C.DEFAULT_BECOME_ASK_PASS
+    options.become_user = options.become_user or options.sudo_user or options.su_user or C.DEFAULT_BECOME_USER
+    if options.become:
+        pass
+    elif options.sudo:
+        options.become = True
+        options.become_method = 'sudo'
+    elif options.su:
+        options.become = True
+        options.become_method = 'su'
 def validate_conflicts(parser, options):
    # Check for vault related conflicts

--- a/v2/bin/ansible
+++ b/v2/bin/ansible
@@ -29,7 +29,7 @@ from ansible.inventory import Inventory
 from ansible.parsing import DataLoader
 from ansible.parsing.splitter import parse_kv
 from ansible.playbook.play import Play
-from ansible.utils.cli import base_parser, validate_conflicts
+from ansible.utils.cli import base_parser, validate_conflicts, normalize_become_options, ask_passwords
 from ansible.vars import VariableManager
 ########################################################
@@ -79,11 +79,14 @@ class Cli(object):
        #-------------------------------------------------------------------------------
        # FIXME: the password asking stuff needs to be ported over still
        #-------------------------------------------------------------------------------
-        #sshpass    = None
+        sshpass    = None
-        #sudopass   = None
+        becomepass    = None
-        #su_pass    = None
+        vault_pass = None
-        #vault_pass = None
-        #
+        normalize_become_options(options)
+        (sshpass, becomepass, vault_pass) = ask_passwords(options)
        #options.ask_pass = options.ask_pass or C.DEFAULT_ASK_PASS
        ## Never ask for an SSH password when we run with local connection
        #if options.connection == "local":

--- a/v2/bin/ansible-playbook
+++ b/v2/bin/ansible-playbook
@@ -12,7 +12,7 @@ from ansible.parsing import DataLoader
 from ansible.parsing.splitter import parse_kv
 from ansible.playbook import Playbook
 from ansible.playbook.task import Task
-from ansible.utils.cli import base_parser, validate_conflicts
+from ansible.utils.cli import base_parser, validate_conflicts, normalize_become_options, ask_passwords
 from ansible.utils.unicode import to_unicode
 from ansible.utils.vars import combine_vars
 from ansible.utils.vault import read_vault_file
@@ -55,11 +55,15 @@ def main(args):
    validate_conflicts(parser,options)
+    # Manage passwords
+    sshpass    = None
+    becomepass    = None
    vault_pass = None
-    if options.ask_vault_pass:
-        # FIXME: prompt here
+    normalize_become_options(options)
-        pass
+    (sshpass, becomepass, vault_pass) = ask_passwords(options)
-    elif options.vault_password_file:
+    if options.vault_password_file:
        # read vault_pass from a file
        vault_pass = read_vault_file(options.vault_password_file)