Being prompted twice for password and sudo-password when they are the same value is annoying

[lucywyman]

Use Case

Users often want to use the same value for password and sudo-password, and want to use the prompt plugin to get the value. Right now that means using the prompt plugin in 2 places, and having to enter the same value twice, which is annoying.

Describe the Solution You Would Like

I have a few idea for how we could solve this:

1. Provide a config option to use the password value for sudo-password, if sudo-password is needed.
2. Create a new plugin or sigil that will load another config value as the value for that option:

password:
  _plugin: prompt
  message: Please enter your password:
sudo-password:
  _plugin: reuse
  config_option: password

3. Add a name attribute to the prompt plugin and only prompt once for each named prompt. This would mean that a prompt could be used throughout the inventory.

Additional Context

Slack convos: 1, 2, 3

Solution

The sudo-password should default to the value for password in all cases. This should be gated on future.

[adreyer]

I don't think it's possible to create a new plugin that references other values without opening up a lot of unwanted complexity to the plugin API.

I do think we could allow named references as a general extension to the resolve_reference functionality. Given that references are lazy and can be recursive it would be easy for users to create broken inventories that are difficult to debug but it should be possible.

I'm open to suggestions but the best way I can think to implement this is probably a new _reference(bikeshed) special key.

- config:
   password:
     _plugin: prompt
     _reference: password
    message: "enter passworf
  sudopassword:
    _reference: password

• A better interface for this would allow users to define references outside any section of the inventory and then use them anywhere.
• It makes sense intuitively for references to be scopeable to a section but I suspect this will make the error cases too opaque so references probably need to be global.

[nmaludy]

It would be really nice to reference other config values, without it we have a lot of copy/paste in our inventory files:

groups:
  - name: windows
    config:
      transport: winrm
      winrm:
        user: patching_svc@domain.tld
        password: xxx
        ssl: true
        ssl-verify: false
    groups:
      - name: windows_servers_a
        vars:
          patching_order: 1
        targets:
          - _plugin: wsus_inventory
            host: 'sql01.domain.tld'
            database: 'SUSDB'
            username: 'DOMAIN\bolt_sql_svc'
            password: 'xxx'
            group: Servers_A

      - name: windows_servers_b
        vars:
          patching_order: 2
        targets:
          - _plugin: wsus_inventory
            host: 'sql01.domain.tld'
            database: 'SUSDB'
            username: 'DOMAIN\bolt_sql_svc'
            password: 'xxx'
            group: Servers_B

      - name: windows_servers_c
        vars:
          patching_order: 3
        targets:
          - _plugin: wsus_inventory
            host: 'sql01.domain.tld'
            database: 'SUSDB'
            username: 'DOMAIN\bolt_sql_svc'
            password: 'xxx'
            group: Servers_C

So, if this service account password changes, i now have 3x places i need to update it.