From 8c560719a5eb120a599d2dcbfc294a2aec5b02f8 Mon Sep 17 00:00:00 2001
From: Jack Ivanov <17044561+jackivanov@users.noreply.github.com>
Date: Tue, 8 Dec 2020 10:23:24 +0000
Subject: [PATCH] skip pre tasks in update-users (#1921)

---
 config.cfg                                | 2 ++
 playbooks/cloud-pre.yml                   | 4 ++--
 roles/ssh_tunneling/tasks/main.yml        | 4 ++--
 roles/strongswan/tasks/client_configs.yml | 2 +-
 roles/wireguard/tasks/keys.yml            | 6 +++---
 tests/ca-password-fix.sh                  | 2 +-
 tests/local-deploy.sh                     | 2 +-
 tests/update-users.sh                     | 2 +-
 8 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/config.cfg b/config.cfg
index 3840732..f46f77f 100644
--- a/config.cfg
+++ b/config.cfg
@@ -132,6 +132,8 @@ wireguard_network_ipv6: 2001:db8:a160::/48
 local_service_ip: "{{ '172.16.0.1' | ipmath(1048573 | random(seed=algo_server_name + ansible_fqdn)) }}"
 local_service_ipv6: "{{ 'fd00::1' | ipmath(1048573 | random(seed=algo_server_name + ansible_fqdn)) }}"
 
+# Hide sensetive data
+no_log: true
 
 congrats:
   common: |
diff --git a/playbooks/cloud-pre.yml b/playbooks/cloud-pre.yml
index 44259bd..2e07d24 100644
--- a/playbooks/cloud-pre.yml
+++ b/playbooks/cloud-pre.yml
@@ -18,9 +18,9 @@
 
   - name: Install the requirements
     pip:
-      state: latest
+      state: present
       name:
-        - pyOpenSSL
+        - pyOpenSSL>=0.15
         - jinja2==2.8
         - segno
     tags:
diff --git a/roles/ssh_tunneling/tasks/main.yml b/roles/ssh_tunneling/tasks/main.yml
index 2226bbe..ae9b25f 100644
--- a/roles/ssh_tunneling/tasks/main.yml
+++ b/roles/ssh_tunneling/tasks/main.yml
@@ -66,7 +66,7 @@
         passphrase: "{{ p12_export_password }}"
         cipher: aes256
         force: false
-      no_log: true
+      no_log: "{{ no_log|bool }}"
       when: not item.stat.exists
       with_items: "{{ privatekey.results }}"
       register: openssl_privatekey
@@ -78,7 +78,7 @@
         privatekey_passphrase: "{{ p12_export_password }}"
         format: OpenSSH
         force: true
-      no_log: true
+      no_log: "{{ no_log|bool }}"
       when: item.changed
       with_items: "{{ openssl_privatekey.results }}"
 
diff --git a/roles/strongswan/tasks/client_configs.yml b/roles/strongswan/tasks/client_configs.yml
index 8798950..74021d9 100644
--- a/roles/strongswan/tasks/client_configs.yml
+++ b/roles/strongswan/tasks/client_configs.yml
@@ -23,7 +23,7 @@
   with_together:
     - "{{ users }}"
     - "{{ PayloadContent.results }}"
-  no_log: True
+  no_log: "{{ no_log|bool }}"
 
 - name: Build the client ipsec config file
   template:
diff --git a/roles/wireguard/tasks/keys.yml b/roles/wireguard/tasks/keys.yml
index 8c9bbdc..19f3c1e 100644
--- a/roles/wireguard/tasks/keys.yml
+++ b/roles/wireguard/tasks/keys.yml
@@ -23,7 +23,7 @@
       dest: "{{ wireguard_pki_path }}/private/{{ item['item'] }}"
       content: "{{ item['stdout'] }}"
       mode: "0600"
-    no_log: true
+    no_log: "{{ no_log|bool }}"
     when: item.changed
     with_items: "{{ wg_genkey['results'] }}"
     delegate_to: localhost
@@ -62,7 +62,7 @@
       dest: "{{ wireguard_pki_path }}/preshared/{{ item['item'] }}"
       content: "{{ item['stdout'] }}"
       mode: "0600"
-    no_log: true
+    no_log: "{{ no_log|bool }}"
     when: item.changed
     with_items: "{{ wg_genpsk['results'] }}"
     delegate_to: localhost
@@ -95,7 +95,7 @@
     dest: "{{ wireguard_pki_path }}/public/{{ item['item'] }}"
     content: "{{ item['stdout'] }}"
     mode: "0600"
-  no_log: true
+  no_log: "{{ no_log|bool }}"
   with_items: "{{ wg_pubkey['results'] }}"
   delegate_to: localhost
   become: false
diff --git a/tests/ca-password-fix.sh b/tests/ca-password-fix.sh
index 427fed6..43a9c9c 100644
--- a/tests/ca-password-fix.sh
+++ b/tests/ca-password-fix.sh
@@ -4,7 +4,7 @@
 
 set -ex
 
-DEPLOY_ARGS="provider=local server=10.0.8.100 ssh_user=ubuntu endpoint=10.0.8.100 ondemand_cellular=true ondemand_wifi=true ondemand_wifi_exclude=test dns_adblocking=true ssh_tunneling=true store_pki=true install_headers=false tests=true local_service_ip=172.16.0.1"
+DEPLOY_ARGS="provider=local server=10.0.8.100 ssh_user=ubuntu endpoint=10.0.8.100 ondemand_cellular=true ondemand_wifi=true ondemand_wifi_exclude=test dns_adblocking=true ssh_tunneling=true store_pki=true install_headers=false tests=true local_service_ip=172.16.0.1 no_log=false"
 
 CA_PASSWORD="test123"
 
diff --git a/tests/local-deploy.sh b/tests/local-deploy.sh
index e3acc6c..6c7df69 100755
--- a/tests/local-deploy.sh
+++ b/tests/local-deploy.sh
@@ -2,7 +2,7 @@
 
 set -ex
 
-DEPLOY_ARGS="provider=local server=10.0.8.100 ssh_user=ubuntu endpoint=10.0.8.100 ondemand_cellular=true ondemand_wifi=true ondemand_wifi_exclude=test dns_adblocking=true ssh_tunneling=true store_pki=true install_headers=false tests=true local_service_ip=172.16.0.1"
+DEPLOY_ARGS="provider=local server=10.0.8.100 ssh_user=ubuntu endpoint=10.0.8.100 ondemand_cellular=true ondemand_wifi=true ondemand_wifi_exclude=test dns_adblocking=true ssh_tunneling=true store_pki=true install_headers=false tests=true local_service_ip=172.16.0.1 no_log=false"
 
 if [ "${DEPLOY}" == "docker" ]
 then
diff --git a/tests/update-users.sh b/tests/update-users.sh
index baa8c82..c34cd0c 100755
--- a/tests/update-users.sh
+++ b/tests/update-users.sh
@@ -2,7 +2,7 @@
 
 set -ex
 
-USER_ARGS="{ 'server': '10.0.8.100', 'users': ['desktop', 'user1', 'user2'], 'local_service_ip': '172.16.0.1' }"
+USER_ARGS="{ 'server': '10.0.8.100', 'users': ['desktop', 'user1', 'user2'], 'local_service_ip': '172.16.0.1', 'no_log': false }"
 
 if [ "${DEPLOY}" == "docker" ]
 then