Vhx<ddlmZmZmZeZddlZddlZddlZddl Z ddl m Z m Z ddl mZmZiddddd d d d d ddddddddddddddddddd d!d"d#d$d%d&d'd(d)d*d+d,d-d.d/Ze j"d0Zd1ZdZd2ZdZd3ZdZd4ZdZd5Zd6Zed7ed8ed9ed:ed;ed<ed=ed>d?@edAedBdC ZedDedEedFedGedHedIedJedKedLedMedNedOdP ZGdQdReZej:dSdTgZGdUdVeZ e!Z"GdWdXZ#dZdYZ$y)[)absolute_importdivisionprint_functionN)to_text to_native)PopenPIPE ErrorGenericCouldNotReadInputFileCouldNotWriteOutputFileErrorDumpingTreeErrorReadingConfig&ErrorInvalidKMSEncryptionContextFormatErrorInvalidSetFormatErrorConflictingParametersErrorEncryptingMacErrorEncryptingTreeErrorDecryptingMacErrorDecryptingTree1#CannotChangeKeysFromNonExistentFile3 MacMismatch4 MacNotFound=ConfigFileNotFoundUKeyboardInterruptInvalidTreePathFormatNoFileSpecifiedCouldNotRetrieveKeyNoEncryptionKeyFoundFileHasNotBeenModified NoEditorFoundFailedToCompareVersionsFileAlreadyEncrypted)[doz"^sops ([0-9]+)\.([0-9]+)\.([0-9]+)cR|jdd}|r|n|j|y)NpreF)popextend) arguments_prearguments_postargskwargsr=s l/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/sops/plugins/module_utils/sops.py _add_argumentrE5s$ **UE "C]~55d;cfd}|S)Nc8t||t|yNr=rErvaluer@rAenvversion argument_namer=s rDfz_create_single_arg..f;sm^]IeDTZ]^rFrPr=rQs`` rD_create_single_argrT:s_ HrFcfd}|S)Ncdj|Dcgc] }t|c}}t|||ycc}w)N,rJ)joinrrErMr@rArNrOvrPr=s rDrQz"_create_comma_separated..fBs561)A,67m^]EsS7s;rRrSs`` rD_create_comma_separatedr[AsT HrFcfd}|S)Nc F|D]}t||t|yrIrKrYs rDrQz_create_repeated..fJs* _A - RS Z] ^ _rFrRrSs`` rD_create_repeatedr^Is_ HrFcfd}|S)Nc*|rt||yyrI)rErLs rDrQz_create_boolean..fRs  -C P rFrRrSs`` rD_create_booleanraQsQ HrFcfd}|S)Nc||<yNrR)rMr@rArNrOrPs rDrQz_create_env_variable..fZs "MrFrR)rPrQs` rD_create_env_variablereYs# HrF SOPS_AGE_KEYSOPS_AGE_KEY_FILESOPS_AGE_SSH_PRIVATE_KEY_FILEz --aws-profileAWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYAWS_SESSION_TOKENz--configTrJz--enable-local-keyservicez --keyservice) age_key age_keyfileage_ssh_private_keyfile aws_profileaws_access_key_idaws_secret_access_keyaws_session_token config_pathenable_local_keyservice keyservicez--agez--kmsz --gcp-kmsz --azure-kvz--hc-vault-transitz--pgpz--unencrypted-suffixz--encrypted-suffixz--unencrypted-regexz--encrypted-regexz--encryption-contextz!--shamir-secret-sharing-threshold agekmsgcp_kmsazure_kvhc_vault_transitpgpunencrypted_suffixencrypted_suffixunencrypted_regexencrypted_regexencryption_contextshamir_secret_sharing_thresholdc$eZdZdZdfd ZxZS) SopsErrorz7 Extend Exception class with sops specific information c ||rdnd}|tvrt|}d|||t|fz}nd|d|d|dt|}tt||y)Ndecryptencryptz.error with file %s: %s exited with code %d: %sz could not z file z; Unknown sops error code: z ; message: )SOPS_ERROR_CODESrsuperr__init__)selffilename exit_codemessage decryption operationexception_name __class__s rDrzSopsError.__init__sq  %/ YI ( (-i8NF.)Yw5GJIIG ) 8Y '0BDG i'0rF)TN)__name__ __module__ __qualname____doc__r __classcell__)rs@rDrr~sA 1 1rFrSopsFileStatus encryptedcNeZdZdZdZdZd dZd dZ d dZddZ d Z d Z y) SopsRunnerc||y|jD]&\}}||}|||||||j(yrd)itemsrO) r command_pre command_postrNget_option_valueoptionsoptionrQrZs rD _add_optionszSopsRunner._add_optionssI  #   CIFA (A}![,T\\B CrFc|jr|jj|y|jr|jj|yyrd)displayvvvvmoduledebugrrs rD_debugzSopsRunner._debugs9 << LL  g & [[ KK  g &rFc|jr|jj|y|jr|jj|yyrd)rwarningrwarnrs rD_warnzSopsRunner._warns9 << LL  ) [[ KK  W %rFNcL||_||_||_d|_d|_|j |jddg\}}}|dk(rt j|jd}|rt|jdt|jdt|jd f|_d |jz|_|jd |jy|jd t|zy|jd y)N)rrrz(before 3.8.0)z --versionz--disable-version-checkrzutf-8r r rz%d.%d.%dzSOPS version detected as z$Cannot extract SOPS version from: %szECannot detect SOPS version efficiently, likely a version before 3.8.0)binaryrrrOversion_string _run_command _SOPS_VERSIONmatchdecodeintgrouprrrepr)rrrrroutputerrms rDrzSopsRunner.__init__s     .!%!2!2DKKNg3h!i 63 >##FMM'$:;A"1771:AGGAJQWWQZP &04<<&?# T\\LM ADLPQ KK_ `rFc|jr!|jj|||d|dSt||dnttt||}|j |\}}|j ||fS)NT)environ_updatecwdencodingdata binary_data)stdinstdoutstderrrrN)input)r run_commandrr communicate returncode)rcommandrNrrprocessrrs rDrzSopsRunner._run_commandsu ;;;;**73CZ^eiw{*| |t|td[_ehnqr)))5 !!63..rFc |jg} g} tjj} |j | | | |t |j dk\r| jd| j| || jd|g|| jd|g|j dkr| jd|| jd|g|d}| j||j| | |\} } }|r t| d } |r|jd t|d z| d k7rt|| |d |r| j} | S)Nr rr --input-type --output-typez --decryptz --extract /dev/stdin)rNrsurrogate_or_stricterrorsUnexpected stderr: rTr)rosenvironcopyrGENERAL_OPTIONSrOappendr?rrrrrstrip)rencrypted_filecontent decode_outputr input_type output_typerextractrrrNrrrs rDrzSopsRunner.decryptsK;;- jjoo '<6FX <<9 $ NN9 %|$  ! NNNJ7 8  " NNO[9 : <<) # NN; '   NNK1 2  )N~&!%!2!27'!2!R 63 V,ABF  KK/'#F[2\\ ] >NIstL L ]]_F rFc|jg}g}tjj} |j ||| |t |j ||| |t |jdk\r|jd|j|||jd|g||jd|g|jdkr|jd|jdk\r|r|jd|g|jd|j|| ||\} } } | r|jd t| d z| d k7rtd | | d| S)Nrrrrz --encryptz--filename-overrider)rNrrrrrrz to stdoutFr)rrrrrrENCRYPT_OPTIONSrOrr?rrrr) rrrrrrrrrrNrrrs rDrzSopsRunner.encryptsC;;- jjoo '<6FX '<6FX <<9 $ NN9 %|$  ! NNNJ7 8  " NNO[9 : <<) # NN; ' <<9 $ NN18< =|$!%!2!27$TW!2!X 63  KK/'#F[2\\ ] >KCEJ J rFc |jdk\S)Nr)rO)rs rDhas_filestatuszSopsRunner.has_filestatus s||y((rFc|jd|g}|j|\}}}|r|jdt|dz|dk7rt |||d t j |}t|dS#t$r6}|jd t|dzt |dd |zdd}~wwxYw) N filestatusrrrrinspect)rrzUnexpected stdout: z#Cannot decode filestatus result: %s) rrrrrjsonloadsr Exception)rpathrrrrresultexcs rDget_filestatuszSopsRunner.get_filestatuss;; d3!%!2!27!; 63  KK/'#F[2\\ ] >D)SIF F gZZ'F!&"56 6 g KK/'&I^2__ `D!%JS%P\ef f gs"A>> B=1B88B=NN)NNN)NTTNNNN)NNNNN) rrrrrrrrrrrrrRrFrDrrs<C' & a(//3sw(T@)grFrcleZdZdZedZeddZeddZe d dZed dZ y) Sopsz+ Utility class to perform sops CLI actions c&|r|dnd}|d}|S)N sops_binarysopsrR)rcmds rDget_sops_binaryzSops.get_sops_binary*s 1A}-t ;C rFNctj|g}|D] \}}||us |cSt|||}|j||f|t|<|SNrr)_SOPS_RUNNER_CACHEgetrr)rrr candidates cand_module cand_runnerrunners rDget_sops_runner_from_binaryz Sops.get_sops_runner_from_binary1si'++K< (2 # $Kf$"" #KH66*+*4;' rFcXtjtj|||Sr)rrr)rrrs rDget_sops_runner_from_optionsz!Sops.get_sops_runner_from_options<s(//0D0DEU0V_eov/wwrFc dtj|||} | j|||||||| S)Nr)rrrrrrr)rrr) rrrrrrrrrrrs rDrz Sops.decrypt@sK223CF\c2d~~ '!#-  rFc`tj|||}|j||||||S)Nr)rrrrr)rrr) rrrrrrrrrs rDrz Sops.encryptOsC223CF\c2d~~ !#-   rFr) NNTTNNNNN)NNNNNNN) rrrr staticmethodrrrrrrRrFrDrr'ss5 xx(,OS        rFrcddidddddiddiddiddiddddddddidddd dd d }|r>|jd dd d dd d dd d dd d dd d dd ddiddiddiddid dd d ddd |S)NtyperstrT)rno_logboolF)rdefaultlist)relements) rrlrmrnrorprqrrrsrtrurrv)update)add_encrypt_specific argument_specs rDget_sops_argument_specr\sL F  F  F$  E  E "  F $  G'MP! ! ! ! !! ! #!" !# 0S- - \ rF)F)% __future__rrrr __metaclass__ collectionsrrre+ansible.module_utils.common.text.convertersrr subprocessrr rcompilerrErTr[r^rarerrrr namedtuplerobjectrdictrrrrRrFrDrsy A@  J# ~     / #-   !"#$    !  " 38 @A <      $N3'(;<34ST%o6-.AB12IJ-.AB%jd;./JK">2  #7 + "7 +&{3' 5/0DE "7 +,-CD*+?@+,AB)*=>12HI'9:]'^  1 1 (''(8;-HPgPgfV2 2 jXrF