VhE5ddlmZmZmZeZdZdZdZddl Z ddl Z ddl Z ddl m Z mZddlmZmZddlmZmZmZdd lmZmZGd d eZd Zed k(reyy#e$rY=wxYw))absolute_importdivisionprint_functiona module: docker_secret short_description: Manage docker secrets description: - Create and remove Docker secrets in a Swarm environment. Similar to C(docker secret create) and C(docker secret rm). - Adds to the metadata of new secrets C(ansible_key), an encrypted hash representation of the data, which is then used in future runs to test if a secret has changed. If C(ansible_key) is not present, then a secret will not be updated unless the O(force) option is set. - Updates to secrets are performed by removing the secret and creating it again. extends_documentation_fragment: - community.docker.docker - community.docker.docker.docker_py_2_documentation - community.docker.attributes - community.docker.attributes.actiongroup_docker attributes: check_mode: support: full diff_mode: support: none idempotent: support: partial details: - If O(force=true) the module is not idempotent. options: data: description: - The value of the secret. - Mutually exclusive with O(data_src). One of O(data) and O(data_src) is required if O(state=present). type: str data_is_b64: description: - If set to V(true), the data is assumed to be Base64 encoded and will be decoded before being used. - To use binary O(data), it is better to keep it Base64 encoded and let it be decoded by this option. type: bool default: false data_src: description: - The file on the target from which to read the secret. - Mutually exclusive with O(data). One of O(data) and O(data_src) is required if O(state=present). type: path version_added: 1.10.0 labels: description: - A map of key:value meta data, where both key and value are expected to be strings. - If new meta data is provided, or existing meta data is modified, the secret will be updated by removing it and creating it again. type: dict force: description: - Use with O(state=present) to always remove and recreate an existing secret. - If V(true), an existing secret will be replaced, even if it has not changed. type: bool default: false rolling_versions: description: - If set to V(true), secrets are created with an increasing version number appended to their name. - Adds a label containing the version number to the managed secrets with the name C(ansible_version). type: bool default: false version_added: 2.2.0 versions_to_keep: description: - When using O(rolling_versions), the number of old versions of the secret to keep. - Extraneous old secrets are deleted after the new one is created. - Set to V(-1) to keep everything or to V(0) or V(1) to keep only the current one. type: int default: 5 version_added: 2.2.0 name: description: - The name of the secret. type: str required: true state: description: - Set to V(present), if the secret should exist, and V(absent), if it should not. type: str default: present choices: - absent - present requirements: - "L(Docker SDK for Python,https://docker-py.readthedocs.io/en/stable/) >= 2.1.0" - "Docker API >= 1.25" author: - Chris Houseknecht (@chouseknecht) a --- - name: Create secret foo (from a file on the control machine) community.docker.docker_secret: name: foo # If the file is JSON or binary, Ansible might modify it (because # it is first decoded and later re-encoded). Base64-encoding the # file directly after reading it prevents this to happen. data: "{{ lookup('file', '/path/to/secret/file') | b64encode }}" data_is_b64: true state: present - name: Create secret foo (from a file on the target machine) community.docker.docker_secret: name: foo data_src: /path/to/secret/file state: present - name: Change the secret data community.docker.docker_secret: name: foo data: Goodnight everyone! labels: bar: baz one: '1' state: present - name: Add a new label community.docker.docker_secret: name: foo data: Goodnight everyone! labels: bar: baz one: '1' # Adding a new label will cause a remove/create of the secret two: '2' state: present - name: No change community.docker.docker_secret: name: foo data: Goodnight everyone! labels: bar: baz one: '1' # Even though 'two' is missing, there is no change to the existing secret state: present - name: Update an existing label community.docker.docker_secret: name: foo data: Goodnight everyone! labels: bar: monkey # Changing a label will cause a remove/create of the secret one: '1' state: present - name: Force the removal/creation of the secret community.docker.docker_secret: name: foo data: Goodnight everyone! force: true state: present - name: Remove secret foo community.docker.docker_secret: name: foo state: absent a\ secret_id: description: - The ID assigned by Docker to the secret object. returned: success and O(state=present) type: str sample: 'hzehrmyjigmcp2gb6nlhmjqcv' secret_name: description: - The name of the created secret object. returned: success and O(state=present) type: str sample: 'awesome_secret' version_added: 2.2.0 N)DockerExceptionAPIError)AnsibleDockerClientRequestException)DockerBaseClasscompare_genericsanitize_labels) to_nativeto_bytescNeZdZfdZdZdZdZdZdZdZ dZ d Z xZ S) SecretManagerc tt| ||_||_|jj |_|jj j}|jd|_ |jd|_ |jd|_ |jP|jdr%tj|j|_ nt|j|_ |jd}|+ t|d5}|j!|_ ddd|jd |_|jd |_|jd |_|jd |_|j.rd |_d|_g|_y#1swYxYw#t"$r?}|jj%dj'|t)|Yd}~d}~wwxYw)Nnamestatedata data_is_b64data_srcrbz"Error while reading {src}: {error})srcerrorlabelsforcerolling_versionsversions_to_keepr)superr__init__clientresults check_modemoduleparamsgetrrrbase64 b64decoderopenread Exceptionfailformatr rrrrversiondata_keysecrets)selfr r! parametersrfexc __class__s r/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/docker/plugins/modules/docker_secret.pyrzSecretManager.__init__s mT+-  ++00[[''.. NN6* ^^G, NN6* 99 ~~m,",,TYY7 $TYY/ >>*-   r(D))Q !DI)!nnX. ^^G, */A B */A B  DL  )) r   !E!L!LQYajknao!L!pqq rs0 F?F31F?3F<8F?? H5HHc(|j|jdk(rStj|jj |_|j|jy|jdk(r|jyy)Npresentabsent) get_secretrhashlibsha224r hexdigestr.r7remove_old_versionsr8r0s r5__call__zSecretManager.__call__sd  :: "#NN4995??ADM LLN  $ $ & ZZ8 # KKM$c t|jdijdijddS#t$rYywxYw)NSpecLabelsansible_versionr)intr% ValueErrorr0secrets r5 get_versionzSecretManager.get_versionsK vzz&"-11(B?CCDUWXYZ Z  s:= A A c^|jr|jdkry|jst|jt |jdkDrX|j |jjdt|jt |jdkDrWyyy)Nr)rrr"lenr/max remove_secretpopr>s r5r=z!SecretManager.remove_old_versionss$$(=(=(A dll#c$*?*?&CC""4<<#3#3A#67dll#c$*?*?&CCr@c F |jjd|ji}|j rmDcgc]5}|ddjdj|j r|7c}|_|jj|j yDcgc]}|dd|jk(s|c}|_y#t$r>}|jj d|jdt |Yd}~d}~wwxYwcc}wcc}w) z Find an existing secret. rfilterszError accessing secret : NrBNamez{name}_v)r)key) r r/rrr+r r startswithr,sortrI)r0r/r3rHs r5r9zSecretManager.get_secrets \kk))64992E)FG  &&>&)44Z5F5FDII5F5VWDL LL  $"2"2  3&-!vv0F$))0SDL \ KK   9UX>Z [ [ \s((C:D'DD D4DDcd}d|ji}|jrY|xjdz c_t|j|d<dj |j |j|_|j r|j|j  |jsc|jj|j |j|}|xj|jjd|i z c_ t!|t"r|d }|S#t$r1}|jjd t|zYd}~Ld}~wwxYw) z Create a new secret N ansible_keyrKrDz{name}_v{version})rr-)ridrQzError creating secret: %sID)r.rr-strr,rrupdater"r create_secretrr/rr+r isinstancedict)r0 secret_idrr3s r5r^zSecretManager.create_secret"s   4==   LLA L(+DLL(9F$ %+22 4<<2XDI ;; MM$++ & K?? KK55diiSY5Z   3 3T9I J J KsA/D$$ E-'EEc  |js|jj|dyy#t$r:}|jj d|dddt |Yd}~yd}~wwxYw)Nr[zError removing secret rBrTrS)r"r rNrr+r )r0rHr3s r5rNzSecretManager.remove_secret<sf h?? ))&,7# h KK  vf~f?UW`adWef g g hs*. A10A,,A1c|jrs|jd}|d|jd<|dd|jd<d}|jdi}|jdijd r|dd |jk7r4d }n1|js%|j j jd t|j|jdd d  }|jr|j||_ |s|s |jrd|js|j|j}d |jd<||jd<|j|jd<yyd |jd<|j|jd<|j|jd<y)z= Handles state == 'present', creating or updating the secret r[rarBrT secret_nameFrCrYTze'ansible_key' label not found. Secret will not be changed unless the force parameter is set to 'true'allow_more_presentr`changedN)r/r!r%r.rr r#warnr rrrIr-r8r^r)r0rH data_changedattrslabels_changedras r5r7zSecretManager.presentCs <<\\"%F(.t DLL %*0.*@DLL ' LJJvr*Eyy2&**=9?=1T]]B#'LzzKK&&++-TU!0eii>QSgio!ppN$$#//7 ~,,KKM ..0 *. Y',5 [).2ii ]+2<'+DLL #(,(:(:(EEiPQlS_h_s_s_u vv . v } }HIJK L**,  . ..s$:;C66 F?=E F =FF__main__) __future__rrrrr __metaclass__ DOCUMENTATIONEXAMPLESRETURNr&r:r docker.errorsrr ImportError@ansible_collections.community.docker.plugins.module_utils.commonrr >ansible_collections.community.docker.plugins.module_utils.utilr r r +ansible.module_utils.common.text.convertersr rrrrmrr@r5rsA@ \ |D L   7  LQ+OQ+h,.^ zFg  sAA&%A&