%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /usr/lib/python2.7/site-packages/salt/modules/
Upload File :
Create Path :
Current File : //usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyc

�
���^c	@@sdZddlmZmZmZddlZddlZddlj	j
Z
ddlZddlZej
e�Zy;ddlZddlZej
d�jej�eZWneefk
r�eZnXd�Zd�Zddddd�Zddddddddd�Zdddddddd	�Zddddddd
�Zddddd�Z ddddd�Z!ddddd
�Z"ddddd�Z#ddddd�Z$ddddd�Z%ddddd�Z&ddddddd�Z'ddddddddd�Z(ddddddddd�Z)dddddd�Z*ddddd�Z+ddddd�Z,ddddddd�Z-ddddddd�Z.ddddd�Z/dddddddd�Z0ddddd�Z1ddddd�Z2dS(ur
Connection module for Amazon KMS

.. versionadded:: 2015.8.0

:configuration: This module accepts explicit kms credentials but can also utilize
    IAM roles assigned to the instance through Instance Profiles. Dynamic
    credentials are then automatically obtained from AWS API and no further
    configuration is necessary. More Information available at::

       http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

    If IAM roles are not used you need to specify them either in a pillar or
    in the minion's config file::

        kms.keyid: GKTADJGHEIQSXMKKRBJ08H
        kms.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

    A region may also be specified in the configuration::

        kms.region: us-east-1

    If a region is not specified, the default is us-east-1.

    It's also possible to specify key, keyid and region via a profile, either
    as a passed in dict, or as a string to pull from pillars or minion config:

        myprofile:
            keyid: GKTADJGHEIQSXMKKRBJ08H
            key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
            region: us-east-1

:depends: boto
i(tabsolute_importtprint_functiontunicode_literalsNubotocC@stjjjdddt�S(u,
    Only load if boto libraries exist.
    tboto_veru2.38.0tcheck_boto3(tsalttutilstversionstcheck_boto_reqstFalse(((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyt__virtual__@scC@s7tjjjt�tr3tdtddt�ndS(Nuboto.assign_funcsukmstpack(RRtcompattpack_dundert__name__tHAS_BOTOt	__utils__t__salt__(topts((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyt__init__Jsc		C@s�td|d|d|d|�}i}y|j||�t|d<Wn7tjjk
r~}t|d<td|�|d<nX|S(u
    Create a display name for a key.

    CLI example::

        salt myminion boto_kms.create_alias 'alias/mykey' key_id
    tregiontkeytkeyidtprofileuresultuboto.get_erroruerror(t	_get_conntcreate_aliastTruetbotot	exceptiontBotoServerErrorR	R(	t
alias_namet
target_key_idRRRRtconntrte((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyRPs	!
c

C@s�td|d|d|d|	�}
|jd�r?t|�}ni}y2|
j||d|d|d|d	|�|d
<Wn-tjjk
r�}td|�|d<nX|S(
u�
    Adds a grant to a key to specify who can access the key and under what
    conditions.

    CLI example::

        salt myminion boto_kms.create_grant 'alias/mykey' 'arn:aws:iam::1111111:/role/myrole' operations='["Encrypt","Decrypt"]'
    RRRRualias/tretiring_principalt
operationstconstraintstgrant_tokensugrantuboto.get_erroruerror(Rt
startswitht_get_key_idtcreate_grantRRRR(
tkey_idtgrantee_principalR#R$R%R&RRRRR R!R"((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyR)es!c	C@s�td|d|d|d|�}i}tjjj|�}	y-|j|	d|d|�}
|
d|d<Wn-tjjk
r�}t	d	|�|d
<nX|S(u�
    Creates a master key.

    CLI example::

        salt myminion boto_kms.create_key '{"Statement":...}' "My master key"
    RRRRtdescriptiont	key_usageuKeyMetadataukey_metadatauboto.get_erroruerror(
RRtserializerstjsont	serializet
create_keyRRRR(tpolicyR,R-RRRRR R!t_policytkey_metadataR"((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyR1�s	!	c	C@s�td|d|d|d|�}i}y-|j|d|d|�}	|	d|d<Wn-tjjk
r�}
td	|
�|d
<nX|S(um
    Decrypt ciphertext.

    CLI example::

        salt myminion boto_kms.decrypt encrypted_ciphertext
    RRRRtencryption_contextR&u	Plaintextu	plaintextuboto.get_erroruerror(RtdecryptRRRR(tciphertext_blobR5R&RRRRR R!t	plaintextR"((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyR6�s	!	c	C@s�td|d|d|d|�}i}y|j|�}t|d<WnStjjk
r�}t|tjjj	�r�t
|d<|Std|�|d<nX|S(uw
    Check for the existence of a key.

    CLI example::

        salt myminion boto_kms.key_exists 'alias/mykey'
    RRRRuresultuboto.get_erroruerror(Rtdescribe_keyRRRRt
isinstancetkmst
exceptionstNotFoundExceptionR	R(R*RRRRR R!R"((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyt
key_exists�s!
cC@s$t|||||�d}|dS(u&
    From an alias, get a key_id.
    ukey_metadatauKeyId(R9(taliasRRRRR4((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyR(�sc	C@s|td|d|d|d|�}i}y!|j|�}|d|d<Wn-tjjk
rw}td|�|d<nX|S(	u}
    Get detailed information about a key.

    CLI example::

        salt myminion boto_kms.describe_key 'alias/mykey'
    RRRRuKeyMetadataukey_metadatauboto.get_erroruerror(RR9RRRR(R*RRRRR R!R"((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyR9�s!c	C@s�td|d|d|d|�}i}y|j|�}t|d<Wn7tjjk
r}}t|d<td|�|d<nX|S(ul
    Mark key as disabled.

    CLI example::

        salt myminion boto_kms.disable_key 'alias/mykey'
    RRRRuresultuboto.get_erroruerror(Rtdisable_keyRRRRR	R(R*RRRRR R!R"((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyR@�s!
c	C@s�td|d|d|d|�}i}y|j|�}t|d<Wn7tjjk
r}}t|d<td|�|d<nX|S(u�
    Disable key rotation for specified key.

    CLI example::

        salt myminion boto_kms.disable_key_rotation 'alias/mykey'
    RRRRuresultuboto.get_erroruerror(Rtdisable_key_rotationRRRRR	R(R*RRRRR R!R"((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyRA�s	!
c	C@s�td|d|d|d|�}i}y|j|�}t|d<Wn7tjjk
r}}t|d<td|�|d<nX|S(uj
    Mark key as enabled.

    CLI example::

        salt myminion boto_kms.enable_key 'alias/mykey'
    RRRRuresultuboto.get_erroruerror(Rt
enable_keyRRRRR	R(R*RRRRR R!R"((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyRBs!
c	C@s�td|d|d|d|�}i}y|j|�}t|d<Wn7tjjk
r}}t|d<td|�|d<nX|S(u�
    Disable key rotation for specified key.

    CLI example::

        salt myminion boto_kms.enable_key_rotation 'alias/mykey'
    RRRRuresultuboto.get_erroruerror(Rtenable_key_rotationRRRRR	R(R*RRRRR R!R"((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyRC&s	!
c	C@s�td|d|d|d|�}i}	y0|j||d|d|�}
|
d|	d<Wn-tjjk
r�}td	|�|	d
<nX|	S(u�
    Encrypt plaintext into cipher text using specified key.

    CLI example::

        salt myminion boto_kms.encrypt 'alias/mykey' 'myplaindata' '{"aws:username":"myuser"}'
    RRRRR5R&uCiphertextBlobu
ciphertextuboto.get_erroruerror(RtencryptRRRR(R*R8R5R&RRRRR R!t
ciphertextR"((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyRD;s	!	c	

C@s�td|d|d|d|�}	i}
y5|	j|d|d|d|d|�}||
d	<Wn-tjjk
r�}td
|�|
d<nX|
S(u�
    Generate a secure data key.

    CLI example::

        salt myminion boto_kms.generate_data_key 'alias/mykey' number_of_bytes=1024 key_spec=AES_128
    RRRRR5tnumber_of_bytestkey_specR&udata_keyuboto.get_erroruerror(Rtgenerate_data_keyRRRR(
R*R5RFRGR&RRRRR R!tdata_keyR"((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyRHTs
!	c	

C@s�td|d|d|d|�}	i}
y5|	j|d|d|d|d|�}||
d	<Wn-tjjk
r�}td
|�|
d<nX|
S(u�
    Generate a secure data key without a plaintext copy of the key.

    CLI example::

        salt myminion boto_kms.generate_data_key_without_plaintext 'alias/mykey' number_of_bytes=1024 key_spec=AES_128
    RRRRR5RFRGR&udata_keyuboto.get_erroruerror(Rt#generate_data_key_without_plaintextRRRR(
R*R5RFRGR&RRRRR R!RIR"((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyRJos!	c		C@s|td|d|d|d|�}i}y!|j|�}|d|d<Wn-tjjk
rw}td|�|d<nX|S(	u{
    Generate a random string.

    CLI example::

        salt myminion boto_kms.generate_random number_of_bytes=1024
    RRRRu	Plaintexturandomuboto.get_erroruerror(Rtgenerate_randomRRRR(	RFRRRRR R!trandomR"((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyRK�s	!c
	C@s�td|d|d|d|�}i}y<|j||�}tjjj|ddtj�|d<Wn-tj	j
k
r�}	td|	�|d	<nX|S(
u�
    Get the policy for the specified key.

    CLI example::

        salt myminion boto_kms.get_key_policy 'alias/mykey' mypolicy
    RRRRuPolicytobject_pairs_hooku
key_policyuboto.get_erroruerror(Rtget_key_policyRR.R/tdeserializetodicttOrderedDictRRRR(
R*tpolicy_nameRRRRR R!t
key_policyR"((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyRN�s	!
c		C@s|td|d|d|d|�}i}y!|j|�}|d|d<Wn-tjjk
rw}td|�|d<nX|S(	u�
    Get status of whether or not key rotation is enabled for a key.

    CLI example::

        salt myminion boto_kms.get_key_rotation_status 'alias/mykey'
    RRRRuKeyRotationEnableduresultuboto.get_erroruerror(Rtget_key_rotation_statusRRRR(	R*RRRRR R!tkey_rotation_statusR"((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyRT�s	!c	C@s�td|d|d|d|�}|jd�r?t|�}ni}y~g}	d
}
xatr�|j|d|d|
�}x|dD]}|	j|�q�Wd	|kr�|d	}
qWPqWW|	|d
<Wn-tjj	k
r�}
t
d|
�|d<nX|S(uy
    List grants for the specified key.

    CLI example::

        salt myminion boto_kms.list_grants 'alias/mykey'
    RRRRualias/tlimittmarkeruGrantsu
NextMarkerugrantsuboto.get_erroruerrorN(RR'R(tNoneRtlist_grantstappendRRRR(R*RVRWRRRRR R!t_grantstnext_markertgrantstgrantR"((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyRY�s*	!		
c	C@s�td|d|d|d|�}|jd�r?t|�}ni}y-|j|d|d|�}	|	d|d	<Wn-tjjk
r�}
td
|
�|d<nX|S(u�
    List key_policies for the specified key.

    CLI example::

        salt myminion boto_kms.list_key_policies 'alias/mykey'
    RRRRualias/RVRWuPolicyNamesukey_policiesuboto.get_erroruerror(RR'R(tlist_key_policiesRRRR(R*RVRWRRRRR R!tkey_policiesR"((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyR_�s	!	c
	C@s�td|d|d|d|�}i}y0|j||tjjj|��t|d<Wn7tjj	k
r�}	t
|d<td|	�|d<nX|S(u�
    Attach a key policy to the specified key.

    CLI example::

        salt myminion boto_kms.put_key_policy 'alias/mykey' default '{"Statement":...}'
    RRRRuresultuboto.get_erroruerror(Rtput_key_policyRR.R/R0RRRRR	R(
R*RRR2RRRRR R!R"((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyRas	!"
c	
	C@s�td|d|d|d|�}	i}
y)|	j|||||�}||
d<Wn-tjjk
r}td|�|
d<nX|
S(u�
    Reencrypt encrypted data with a new master key.

    CLI example::

        salt myminion boto_kms.re_encrypt 'encrypted_data' 'alias/mynewkey' default '{"Statement":...}'
    RRRRu
ciphertextuboto.get_erroruerror(Rt
re_encryptRRRR(
R7tdestination_key_idtsource_encryption_contexttdestination_encryption_contextR&RRRRR R!RER"((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyRbs		c		C@s�td|d|d|d|�}|jd�r?t|�}ni}y|j||�t|d<Wn7tjjk
r�}t|d<t	d|�|d<nX|S(	u�
    Revoke a grant from a key.

    CLI example::

        salt myminion boto_kms.revoke_grant 'alias/mykey' 8u89hf-j09j...
    RRRRualias/uresultuboto.get_erroruerror(
RR'R(trevoke_grantRRRRR	R(	R*tgrant_idRRRRR R!R"((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyRf;s	!
c		C@s�td|d|d|d|�}i}y|j||�t|d<Wn7tjjk
r~}t|d<td|�|d<nX|S(u�
    Update a key's description.

    CLI example::

        salt myminion boto_kms.update_key_description 'alias/mykey' 'My key'
    RRRRuresultuboto.get_erroruerror(Rtupdate_key_descriptionRRRRR	R(	R*R,RRRRR R!R"((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyRhRs	!
(3t__doc__t
__future__RRRtloggingtsalt.utils.compatRtsalt.utils.odictRRPtsalt.serializers.jsontsalt.utils.versionst	getLoggerRtlogRtboto.kmstsetLeveltCRITICALRRtImportErrortAttributeErrorR	R
RRXRR)R1R6R>R(R9R@RARBRCRDRHRJRKRNRTRYR_RaRbRfRh(((s9/usr/lib/python2.7/site-packages/salt/modules/boto_kms.pyt<module>#sx

	
			
					"	

Zerion Mini Shell 1.0