From 81a0410b81dc85c13ad18a7ac7ee2afb17e1a0b1 Mon Sep 17 00:00:00 2001 From: Jack Ivanov Date: Fri, 13 Jul 2018 12:20:22 +0300 Subject: [PATCH] Dont ask for the credentials if specified in the environment vars --- roles/cloud-azure/tasks/prompts.yml | 24 ++++++++++++++-------- roles/cloud-digitalocean/tasks/main.yml | 2 +- roles/cloud-digitalocean/tasks/prompts.yml | 6 ++++-- roles/cloud-ec2/tasks/prompts.yml | 12 +++++++---- roles/cloud-gce/tasks/prompts.yml | 6 ++++-- roles/cloud-lightsail/tasks/prompts.yml | 12 +++++++---- 6 files changed, 41 insertions(+), 21 deletions(-) diff --git a/roles/cloud-azure/tasks/prompts.yml b/roles/cloud-azure/tasks/prompts.yml index 68f3374c..aadffd61 100644 --- a/roles/cloud-azure/tasks/prompts.yml +++ b/roles/cloud-azure/tasks/prompts.yml @@ -5,7 +5,9 @@ You can skip this step if you want to use your defaults credentials from ~/.azure/credentials echo: false register: _azure_secret - when: azure_secret is undefined + when: + - azure_secret is undefined + - lookup('env','AZURE_SECRET')|length <= 0 - pause: prompt: | @@ -13,7 +15,9 @@ You can skip this step if you want to use your defaults credentials from ~/.azure/credentials echo: false register: _azure_tenant - when: azure_tenant is undefined + when: + - azure_tenant is undefined + - lookup('env','AZURE_TENANT')|length <= 0 - pause: prompt: | @@ -21,7 +25,9 @@ You can skip this step if you want to use your defaults credentials from ~/.azure/credentials echo: false register: _azure_client_id - when: azure_client_id is undefined + when: + - azure_client_id is undefined + - lookup('env','AZURE_CLIENT_ID')|length <= 0 - pause: prompt: | @@ -29,13 +35,15 @@ You can skip this step if you want to use your defaults credentials from ~/.azure/credentials echo: false register: _azure_subscription_id - when: azure_subscription_id is undefined + when: + - azure_subscription_id is undefined + - lookup('env','AZURE_SUBSCRIPTION_ID')|length <= 0 - set_fact: - secret: "{{ azure_secret | default(_azure_secret.user_input|default(omit)) }}" - tenant: "{{ azure_tenant | default(_azure_tenant.user_input|default(omit)) }}" - client_id: "{{ azure_client_id | default(_aazure_client_id.user_input|default(omit)) }}" - subscription_id: "{{ azure_subscription_id | default(_azure_subscription_id.user_input|default(omit)) }}" + secret: "{{ azure_secret | default(_azure_secret.user_input|default(None)) | default(lookup('env','AZURE_SECRET'), true) }}" + tenant: "{{ azure_tenant | default(_azure_tenant.user_input|default(None)) | default(lookup('env','AZURE_TENANT'), true) }}" + client_id: "{{ azure_client_id | default(_azure_client_id.user_input|default(None)) | default(lookup('env','AZURE_CLIENT_ID'), true) }}" + subscription_id: "{{ azure_subscription_id | default(_azure_subscription_id.user_input|default(None)) | default(lookup('env','AZURE_SUBSCRIPTION_ID'), true) }}" - block: - name: Set facts about the regions diff --git a/roles/cloud-digitalocean/tasks/main.yml b/roles/cloud-digitalocean/tasks/main.yml index fb90a47c..aca66b7b 100644 --- a/roles/cloud-digitalocean/tasks/main.yml +++ b/roles/cloud-digitalocean/tasks/main.yml @@ -2,7 +2,7 @@ - name: Include prompts import_tasks: prompts.yml - - name: Set the DigitalOcean Access Token fact + - name: Set additional facts set_fact: algo_do_region: >- {% if region is defined %}{{ region }} diff --git a/roles/cloud-digitalocean/tasks/prompts.yml b/roles/cloud-digitalocean/tasks/prompts.yml index 8ea5bdf4..f2804ca8 100644 --- a/roles/cloud-digitalocean/tasks/prompts.yml +++ b/roles/cloud-digitalocean/tasks/prompts.yml @@ -4,11 +4,13 @@ Enter your API token. The token must have read and write permissions (https://cloud.digitalocean.com/settings/api/tokens): echo: false register: _do_token - when: do_token is undefined + when: + - do_token is undefined + - lookup('env','DO_API_TOKEN')|length <= 0 - name: Set the token as a fact set_fact: - algo_do_token: "{{ do_token | default(_do_token.user_input) | default(lookup('env','DO_API_TOKEN'), true) }}" + algo_do_token: "{{ do_token | default(_do_token.user_input|default(None)) | default(lookup('env','DO_API_TOKEN'), true) }}" - name: Get regions uri: diff --git a/roles/cloud-ec2/tasks/prompts.yml b/roles/cloud-ec2/tasks/prompts.yml index b7988ace..2993f694 100644 --- a/roles/cloud-ec2/tasks/prompts.yml +++ b/roles/cloud-ec2/tasks/prompts.yml @@ -5,18 +5,22 @@ Note: Make sure to use an IAM user with an acceptable policy attached (see https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md) echo: false register: _aws_access_key - when: aws_access_key is undefined + when: + - aws_access_key is undefined + - lookup('env','AWS_ACCESS_KEY_ID')|length <= 0 - pause: prompt: | Enter your aws_secret_key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html) echo: false register: _aws_secret_key - when: aws_secret_key is undefined + when: + - aws_secret_key is undefined + - lookup('env','AWS_SECRET_ACCESS_KEY')|length <= 0 - set_fact: - access_key: "{{ aws_access_key | default(_aws_access_key.user_input|default(omit)) | default(lookup('env','AWS_ACCESS_KEY_ID'), true) }}" - secret_key: "{{ aws_secret_key | default(_aws_secret_key.user_input|default(omit)) | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true) }}" + access_key: "{{ aws_access_key | default(_aws_access_key.user_input|default(None)) | default(lookup('env','AWS_ACCESS_KEY_ID'), true) }}" + secret_key: "{{ aws_secret_key | default(_aws_secret_key.user_input|default(None)) | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true) }}" - block: - name: Get regions diff --git a/roles/cloud-gce/tasks/prompts.yml b/roles/cloud-gce/tasks/prompts.yml index 944714b2..0fb279bb 100644 --- a/roles/cloud-gce/tasks/prompts.yml +++ b/roles/cloud-gce/tasks/prompts.yml @@ -4,10 +4,12 @@ Enter the local path to your credentials JSON file (https://support.google.com/cloud/answer/6158849?hl=en&ref_topic=6262490#serviceaccounts) register: _gce_credentials_file - when: gce_credentials_file is undefined + when: + - gce_credentials_file is undefined + - lookup('env','GCE_CREDENTIALS_FILE_PATH')|length <= 0 - set_fact: - credentials_file_path: "{{ gce_credentials_file | default(_gce_credentials_file.user_input|default(omit)) | default(lookup('env','GCE_CREDENTIALS_FILE_PATH'), true) }}" + credentials_file_path: "{{ gce_credentials_file | default(_gce_credentials_file.user_input|default(None)) | default(lookup('env','GCE_CREDENTIALS_FILE_PATH'), true) }}" ssh_public_key_lookup: "{{ lookup('file', '{{ SSH_keys.public }}') }}" - set_fact: diff --git a/roles/cloud-lightsail/tasks/prompts.yml b/roles/cloud-lightsail/tasks/prompts.yml index fbe34290..26d50a57 100644 --- a/roles/cloud-lightsail/tasks/prompts.yml +++ b/roles/cloud-lightsail/tasks/prompts.yml @@ -5,18 +5,22 @@ Note: Make sure to use an IAM user with an acceptable policy attached (see https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md) echo: false register: _aws_access_key - when: aws_access_key is undefined + when: + - aws_access_key is undefined + - lookup('env','AWS_ACCESS_KEY_ID')|length <= 0 - pause: prompt: | Enter your aws_secret_key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html) echo: false register: _aws_secret_key - when: aws_secret_key is undefined + when: + - aws_secret_key is undefined + - lookup('env','AWS_SECRET_ACCESS_KEY')|length <= 0 - set_fact: - access_key: "{{ aws_access_key | default(_aws_access_key.user_input|default(omit)) | default(lookup('env','AWS_ACCESS_KEY_ID'), true) }}" - secret_key: "{{ aws_secret_key | default(_aws_secret_key.user_input|default(omit)) | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true) }}" + access_key: "{{ aws_access_key | default(_aws_access_key.user_input|default(None)) | default(lookup('env','AWS_ACCESS_KEY_ID'), true) }}" + secret_key: "{{ aws_secret_key | default(_aws_secret_key.user_input|default(None)) | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true) }}" - block: - name: Get regions