Added auto seeding of credentials

cli/integration/deploy_localhost.py

@@ -0,0 +1,126 @@
+#!/usr/bin/env python3
+"""
+Run the full localhost integration flow entirely inside the cymais Docker container,
+without writing any artifacts to the host filesystem.
+Catches missing schema/config errors during credential vaulting and skips those apps.
+"""
+import subprocess
+import os
+import sys
+
+def main():
+    repo = os.path.abspath(os.getcwd())
+
+    bash_script = '''
+set -e
+
+ART=/integration-artifacts
+mkdir -p "$ART"
+echo testpassword > "$ART/vaultpw.txt"
+
+# 1) Generate inventory
+python3 -m cli.build.inventory.full \
+  --host localhost \
+  --inventory-style hostvars \
+  --format yaml \
+  --output "$ART/inventory.yml"
+
+# 2) Credentials per-app
+apps=$(python3 <<EOF
+import yaml
+inv = yaml.safe_load(open('/integration-artifacts/inventory.yml'))
+print(' '.join(inv['_meta']['hostvars']['localhost']['invokable_applications']))
+EOF
+)
+for app in $apps; do
+  echo "⏳ Vaulting credentials for $app..."
+  output=$(python3 -m cli.create.credentials \
+    --role-path "/repo/roles/$app" \
+    --inventory-file "$ART/inventory.yml" \
+    --vault-password-file "$ART/vaultpw.txt" \
+    --force 2>&1) || rc=$?; rc=${rc:-0}
+
+  if [ "$rc" -eq 0 ]; then
+    echo "✅ Credentials generated for $app"
+  elif echo "$output" | grep -q "No such file or directory"; then
+    echo "⚠️  Skipping $app (no schema/config)"
+  elif echo "$output" | grep -q "Plain algorithm for"; then
+    # Collect all plain-algo keys
+    keys=( $(echo "$output" | grep -oP "Plain algorithm for '\K[^']+") )
+    overrides=()
+    for key in "${keys[@]}"; do
+      if [[ "$key" == *api_key ]]; then
+        val=$(python3 - << 'PY'
+import random, string
+print(''.join(random.choices(string.ascii_letters+string.digits, k=32)))
+PY
+)
+      elif [[ "$key" == *password ]]; then
+        val=$(python3 - << 'PY'
+import random, string
+print(''.join(random.choices(string.ascii_letters+string.digits, k=12)))
+PY
+)
+      else
+        val=$(python3 - << 'PY'
+import random, string
+print(''.join(random.choices(string.ascii_letters+string.digits, k=16)))
+PY
+)
+      fi
+      echo "  → Overriding $key=$val"
+      overrides+=("--set" "$key=$val")
+    done
+    # Retry with overrides
+    echo "🔄 Retrying with overrides..."
+    retry_out=$(python3 -m cli.create.credentials \
+      --role-path "/repo/roles/$app" \
+      --inventory-file "$ART/inventory.yml" \
+      --vault-password-file "$ART/vaultpw.txt" \
+      "${overrides[@]}" \
+      --force 2>&1) || retry_rc=$?; retry_rc=${retry_rc:-0}
+    if [ "$retry_rc" -eq 0 ]; then
+      echo "✅ Credentials generated for $app (with overrides)"
+    else
+      echo "❌ Override failed for $app:"
+      echo "$retry_out"
+    fi
+  else
+    echo "❌ Credential error for $app:"
+    echo "$output"
+  fi
+done
+
+# 3) Show generated files
+ls -R "$ART" 2>/dev/null
+
+echo "
+===== inventory.yml ====="
+cat "$ART/inventory.yml"
+
+echo "
+===== vaultpw.txt ====="
+cat "$ART/vaultpw.txt"
+
+# 4) Deploy
+python3 -m cli.deploy \
+  "$ART/inventory.yml" \
+  --limit localhost \
+  --vault-password-file "$ART/vaultpw.txt" \
+  --verbose
+'''
+
+    cmd = [
+        "docker", "run", "--rm",
+        "-v", f"{repo}:/repo",
+        "-w", "/repo",
+        "--entrypoint", "bash",
+        "cymais:latest",
+        "-c", bash_script
+    ]
+    print(f"\033[96m> {' '.join(cmd)}\033[0m")
+    rc = subprocess.call(cmd)
+    sys.exit(rc)
+
+if __name__ == '__main__':
+    main()

roles/web-app-attendize/schema/main.yml

@@ -1 +0,0 @@
-credentials: