From edb1bd25ddb9b63eb9a8c8d3224277489d13de4f Mon Sep 17 00:00:00 2001
From: Brian Coca <brian.coca+git@gmail.com>
Date: Sat, 21 Mar 2015 01:19:07 -0400
Subject: [PATCH] added password prompting and become/sudo/su collapsing

---
 v2/ansible/utils/cli.py | 47 +++++++++++++++++++++++++++++++++++++++++
 v2/bin/ansible          | 15 +++++++------
 v2/bin/ansible-playbook | 14 +++++++-----
 3 files changed, 65 insertions(+), 11 deletions(-)

diff --git a/v2/ansible/utils/cli.py b/v2/ansible/utils/cli.py
index 3b899e49c5..09f5ef4a30 100644
--- a/v2/ansible/utils/cli.py
+++ b/v2/ansible/utils/cli.py
@@ -24,9 +24,11 @@ import optparse
 import os
 import time
 import yaml
+import getpass
 
 from ansible import __version__
 from ansible import constants as C
+from ansible.utils.unicode import to_bytes
 
 # FIXME: documentation for methods here, which have mostly been
 #        copied directly over from the old utils/__init__.py
@@ -231,6 +233,51 @@ def _gitinfo():
     f.close()
     return result
 
+
+def ask_passwords(options):
+    sshpass = None
+    becomepass = None
+    vaultpass = None
+    become_prompt = ''
+
+    if options.ask_pass:
+        sshpass = getpass.getpass(prompt="SSH password: ")
+        become_prompt = "%s password[defaults to SSH password]: " % options.become_method.upper()
+        if sshpass:
+            sshpass = to_bytes(sshpass, errors='strict', nonstring='simplerepr')
+    else:
+        become_prompt = "%s password: " % options.become_method.upper()
+
+    if options.become_ask_pass:
+        becomepass = getpass.getpass(prompt=become_prompt)
+        if options.ask_pass and becomepass == '':
+            becomepass = sshpass
+        if becomepass:
+            becomepass = to_bytes(becomepass)
+
+    if options.ask_vault_pass:
+        vaultpass = getpass.getpass(prompt="Vault password: ")
+        if vaultpass:
+            vaultpass = to_bytes(vaultpass, errors='strict', nonstring='simplerepr').strip()
+
+    return (sshpass, becomepass, vaultpass)
+
+
+def normalize_become_options(options):
+    ''' this keeps backwards compatibility with sudo/su options '''
+    options.become_ask_pass = options.become_ask_pass or options.ask_sudo_pass or options.ask_su_pass or C.DEFAULT_BECOME_ASK_PASS
+    options.become_user = options.become_user or options.sudo_user or options.su_user or C.DEFAULT_BECOME_USER
+
+    if options.become:
+        pass
+    elif options.sudo:
+        options.become = True
+        options.become_method = 'sudo'
+    elif options.su:
+        options.become = True
+        options.become_method = 'su'
+
+
 def validate_conflicts(parser, options):
 
     # Check for vault related conflicts
diff --git a/v2/bin/ansible b/v2/bin/ansible
index 1e298623f5..74ee46121a 100755
--- a/v2/bin/ansible
+++ b/v2/bin/ansible
@@ -29,7 +29,7 @@ from ansible.inventory import Inventory
 from ansible.parsing import DataLoader
 from ansible.parsing.splitter import parse_kv
 from ansible.playbook.play import Play
-from ansible.utils.cli import base_parser, validate_conflicts
+from ansible.utils.cli import base_parser, validate_conflicts, normalize_become_options, ask_passwords
 from ansible.vars import VariableManager
 
 ########################################################
@@ -79,11 +79,14 @@ class Cli(object):
         #-------------------------------------------------------------------------------
         # FIXME: the password asking stuff needs to be ported over still
         #-------------------------------------------------------------------------------
-        #sshpass    = None
-        #sudopass   = None
-        #su_pass    = None
-        #vault_pass = None
-        #
+        sshpass    = None
+        becomepass    = None
+        vault_pass = None
+
+        normalize_become_options(options)
+        (sshpass, becomepass, vault_pass) = ask_passwords(options)
+
+
         #options.ask_pass = options.ask_pass or C.DEFAULT_ASK_PASS
         ## Never ask for an SSH password when we run with local connection
         #if options.connection == "local":
diff --git a/v2/bin/ansible-playbook b/v2/bin/ansible-playbook
index 26bbe14c7a..f1b590958b 100755
--- a/v2/bin/ansible-playbook
+++ b/v2/bin/ansible-playbook
@@ -12,7 +12,7 @@ from ansible.parsing import DataLoader
 from ansible.parsing.splitter import parse_kv
 from ansible.playbook import Playbook
 from ansible.playbook.task import Task
-from ansible.utils.cli import base_parser, validate_conflicts
+from ansible.utils.cli import base_parser, validate_conflicts, normalize_become_options, ask_passwords
 from ansible.utils.unicode import to_unicode
 from ansible.utils.vars import combine_vars
 from ansible.utils.vault import read_vault_file
@@ -55,11 +55,15 @@ def main(args):
 
     validate_conflicts(parser,options)
 
+    # Manage passwords
+    sshpass    = None
+    becomepass    = None
     vault_pass = None
-    if options.ask_vault_pass:
-        # FIXME: prompt here
-        pass
-    elif options.vault_password_file:
+
+    normalize_become_options(options)
+    (sshpass, becomepass, vault_pass) = ask_passwords(options)
+
+    if options.vault_password_file:
         # read vault_pass from a file
         vault_pass = read_vault_file(options.vault_password_file)