Dont ask for the credentials if specified in the environment vars

2025-09-02 10:03:01 +02:00 · 2018-07-13 12:20:22 +03:00 · 2018-07-13 12:20:22 +03:00 · 81a0410b81
commit 81a0410b81
parent a51534f5bc
6 changed files with 41 additions and 21 deletions
--- a/roles/cloud-azure/tasks/prompts.yml
+++ b/roles/cloud-azure/tasks/prompts.yml
@ -5,7 +5,9 @@
      You can skip this step if you want to use your defaults credentials from ~/.azure/credentials
    echo: false
  register: _azure_secret
-  when: azure_secret is undefined
+  when:
+    - azure_secret is undefined
+    - lookup('env','AZURE_SECRET')|length <= 0

 - pause:
    prompt: |
@ -13,7 +15,9 @@
      You can skip this step if you want to use your defaults credentials from ~/.azure/credentials
    echo: false
  register: _azure_tenant
-  when: azure_tenant is undefined
+  when:
+    - azure_tenant is undefined
+    - lookup('env','AZURE_TENANT')|length <= 0

 - pause:
    prompt: |
@ -21,7 +25,9 @@
      You can skip this step if you want to use your defaults credentials from ~/.azure/credentials
    echo: false
  register: _azure_client_id
-  when: azure_client_id is undefined
+  when:
+    - azure_client_id is undefined
+    - lookup('env','AZURE_CLIENT_ID')|length <= 0

 - pause:
    prompt: |
@ -29,13 +35,15 @@
      You can skip this step if you want to use your defaults credentials from ~/.azure/credentials
    echo: false
  register: _azure_subscription_id
-  when: azure_subscription_id is undefined
+  when:
+    - azure_subscription_id is undefined
+    - lookup('env','AZURE_SUBSCRIPTION_ID')|length <= 0

 - set_fact:
-    secret: "{{ azure_secret | default(_azure_secret.user_input|default(omit)) }}"
-    tenant: "{{ azure_tenant | default(_azure_tenant.user_input|default(omit)) }}"
-    client_id: "{{ azure_client_id | default(_aazure_client_id.user_input|default(omit)) }}"
-    subscription_id: "{{ azure_subscription_id | default(_azure_subscription_id.user_input|default(omit)) }}"
+    secret: "{{ azure_secret | default(_azure_secret.user_input|default(None)) | default(lookup('env','AZURE_SECRET'), true) }}"
+    tenant: "{{ azure_tenant | default(_azure_tenant.user_input|default(None)) | default(lookup('env','AZURE_TENANT'), true) }}"
+    client_id: "{{ azure_client_id | default(_azure_client_id.user_input|default(None)) | default(lookup('env','AZURE_CLIENT_ID'), true) }}"
+    subscription_id: "{{ azure_subscription_id | default(_azure_subscription_id.user_input|default(None)) | default(lookup('env','AZURE_SUBSCRIPTION_ID'), true) }}"

 - block:
  - name: Set facts about the regions
--- a/roles/cloud-digitalocean/tasks/main.yml
+++ b/roles/cloud-digitalocean/tasks/main.yml
@ -2,7 +2,7 @@
    - name: Include prompts
      import_tasks: prompts.yml

-    - name: Set the DigitalOcean Access Token fact
+    - name: Set additional facts
      set_fact:
        algo_do_region: >-
          {% if region is defined %}{{ region }}
--- a/roles/cloud-digitalocean/tasks/prompts.yml
+++ b/roles/cloud-digitalocean/tasks/prompts.yml
@ -4,11 +4,13 @@
      Enter your API token. The token must have read and write permissions (https://cloud.digitalocean.com/settings/api/tokens):
    echo: false
  register: _do_token
-  when: do_token is undefined
+  when:
+    - do_token is undefined
+    - lookup('env','DO_API_TOKEN')|length <= 0

 - name: Set the token as a fact
  set_fact:
-    algo_do_token: "{{ do_token | default(_do_token.user_input) | default(lookup('env','DO_API_TOKEN'), true) }}"
+    algo_do_token: "{{ do_token | default(_do_token.user_input|default(None)) | default(lookup('env','DO_API_TOKEN'), true) }}"

 - name: Get regions
  uri:
--- a/roles/cloud-ec2/tasks/prompts.yml
+++ b/roles/cloud-ec2/tasks/prompts.yml
@ -5,18 +5,22 @@
      Note: Make sure to use an IAM user with an acceptable policy attached (see https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md)
    echo: false
  register: _aws_access_key
-  when: aws_access_key is undefined
+  when:
+     - aws_access_key is undefined
+     - lookup('env','AWS_ACCESS_KEY_ID')|length <= 0

 - pause:
    prompt: |
      Enter your aws_secret_key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html)
    echo: false
  register: _aws_secret_key
-  when: aws_secret_key is undefined
+  when:
+    - aws_secret_key is undefined
+    - lookup('env','AWS_SECRET_ACCESS_KEY')|length <= 0

 - set_fact:
-    access_key: "{{ aws_access_key | default(_aws_access_key.user_input|default(omit)) | default(lookup('env','AWS_ACCESS_KEY_ID'), true) }}"
-    secret_key: "{{ aws_secret_key | default(_aws_secret_key.user_input|default(omit)) | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true) }}"
+    access_key: "{{ aws_access_key | default(_aws_access_key.user_input|default(None)) | default(lookup('env','AWS_ACCESS_KEY_ID'), true) }}"
+    secret_key: "{{ aws_secret_key | default(_aws_secret_key.user_input|default(None)) | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true) }}"

 - block:
  - name: Get regions
--- a/roles/cloud-gce/tasks/prompts.yml
+++ b/roles/cloud-gce/tasks/prompts.yml
@ -4,10 +4,12 @@
      Enter the local path to your credentials JSON file
      (https://support.google.com/cloud/answer/6158849?hl=en&ref_topic=6262490#serviceaccounts)
  register: _gce_credentials_file
-  when: gce_credentials_file is undefined
+  when:
+    - gce_credentials_file is undefined
+    - lookup('env','GCE_CREDENTIALS_FILE_PATH')|length <= 0

 - set_fact:
-    credentials_file_path: "{{ gce_credentials_file | default(_gce_credentials_file.user_input|default(omit)) | default(lookup('env','GCE_CREDENTIALS_FILE_PATH'), true) }}"
+    credentials_file_path: "{{ gce_credentials_file | default(_gce_credentials_file.user_input|default(None)) | default(lookup('env','GCE_CREDENTIALS_FILE_PATH'), true) }}"
    ssh_public_key_lookup: "{{ lookup('file', '{{ SSH_keys.public }}') }}"

 - set_fact:
--- a/roles/cloud-lightsail/tasks/prompts.yml
+++ b/roles/cloud-lightsail/tasks/prompts.yml
@ -5,18 +5,22 @@
      Note: Make sure to use an IAM user with an acceptable policy attached (see https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md)
    echo: false
  register: _aws_access_key
-  when: aws_access_key is undefined
+  when:
+     - aws_access_key is undefined
+     - lookup('env','AWS_ACCESS_KEY_ID')|length <= 0

 - pause:
    prompt: |
      Enter your aws_secret_key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html)
    echo: false
  register: _aws_secret_key
-  when: aws_secret_key is undefined
+  when:
+    - aws_secret_key is undefined
+    - lookup('env','AWS_SECRET_ACCESS_KEY')|length <= 0

 - set_fact:
-    access_key: "{{ aws_access_key | default(_aws_access_key.user_input|default(omit)) | default(lookup('env','AWS_ACCESS_KEY_ID'), true) }}"
-    secret_key: "{{ aws_secret_key | default(_aws_secret_key.user_input|default(omit)) | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true) }}"
+    access_key: "{{ aws_access_key | default(_aws_access_key.user_input|default(None)) | default(lookup('env','AWS_ACCESS_KEY_ID'), true) }}"
+    secret_key: "{{ aws_secret_key | default(_aws_secret_key.user_input|default(None)) | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true) }}"

 - block:
  - name: Get regions