)dZddlmZddlmZddlmZddlZddlmZddlm Z ddl m Z dd l m Z d Zdd Zd Zd ZdZdZdZdZdZdZy)z0Common utilities and shared helpers for secrets.)absolute_import)division)unicode_literalsN) exceptions)yaml) console_io)filesic:|sy|xst} tj||}t||kDr&t j dj |||S#tj$r+}t j dj ||d}~wwxYw)aRead data from the given file path or from stdin. This is similar to the cloudsdk built in ReadFromFileOrStdin, except that it limits the total size of the file and it returns None if given a None path. This makes the API in command surfaces a bit cleaner. Args: path (str): path to the file on disk or "-" for stdin max_bytes (int): maximum number of bytes is_binary (bool): if true, data will be read as binary Returns: result (str): result of reading the file N)binaryzGThe file [{path}] is larger than the maximum size of {max_bytes} bytes.)path max_bytesz!Failed to read file [{path}]: {e}r e) DEFAULT_MAX_BYTESrReadFromFileOrStdinlenrBadFileExceptionformatr Error)r r is_binarydatars .lib/googlecloudsdk/command_lib/secrets/util.pyReadFileOrStdinrs  ,,) D  ) )$y AD 4y9  ' ' 6ty69 ;; K D  % %+222B DDDsA AB/&BBc|sy tj||dy#tj$r+}tjdj ||d}~wwxYw)zWrites the given binary contents to the file at given path. Args: path (str): The file path to write to. content (str): The byte string to write. Raises: Error: If the file cannot be written. NT)privatez"Unable to write file [{path}]: {e}r)r WriteBinaryFileContentsrrrr)r contentrs rWriteBinaryFiler?s`  E !!$> E  % %,333C EEEsA&AAcd|vs|dstjdg}g}|dD]}d|vrtjd|j|dd|vr4d|dvr|j|ddntjd|skt|t|k7stjdd ||fS) aL"Reads user managed replication policy file and returns its data. Args: user_managed_policy (str): The json user managed message Returns: result (str): "user-managed" locations (list): Locations that are part of the user-managed replication keys (list): list of kms keys to be used for each replica. replicasz3Failed to find any replicas in user_managed policy.locationz*Failed to find a location in all replicas.customerManagedEncryption kmsKeyNamezZFailed to find a kmsKeyName in customerManagedEncryption for replica at least one replica.zOnly some replicas have customerManagedEncryption. Please either add the missing field to the remaining replicas or remove it from all replicas.z user-managed)rrappendr)user_managed_policykeys locationsreplicas r_ParseUserManagedPolicyr)Ss**2E3  % %= ?? $)$Z0g  ' ' 6 88 WZ()"g- !<= = G78FG)) ,- - D S^+  ' '  1" D ((c|sdggfSd|vrtjd|d}d|vrtjddg|dgfS)a!"Reads automatic replication policy file and returns its data. Args: automatic_policy (str): The json user managed message Returns: result (str): "automatic" locations (list): empty list keys (list): 0 or 1 KMS keys depending on whether the policy has CMEK automaticr"znFailed to parse replication policy. Expected automatic to contain either nothing or customerManagedEncryption.r#z9Failed to find a kmsKeyName in customerManagedEncryption.)rr)automatic_policycmeks r_ParseAutomaticPolicyr/xsw  B  (88  % % 7 88 5 6$  % %C EE b4 -. ..r*ctd|vrt|dSd|vrt|dStjd)z9Reads replication policy dictionary and returns its data. userManagedr,zWExpected to find either "userManaged" or "automatic" in replication, but found neither.)r)r/rr)replication_policys r_ParseReplicationDictr3sN(( "#5m#D EE&& !3K!@ AA## r*c tj|}t|S#t$rYnwxYw t j |}t|S#tj $rtjdwxYw)aReads replication policy file contents and returns its data. Reads the contents of a json or yaml replication policy file which conforms to https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets#replication and returns data needed to create a Secret with that policy. If the file doesn't conform to the expected format, a BadFileException is raised. For Secrets with an automtic policy, locations is empty and keys has either 0 or 1 entry depending on whether the policy includes CMEK. For Secrets with a user managed policy, the number of keys returns is either 0 or is equal to the number of locations returned with the Nth key corresponding to the Nth location. Args: file_contents (str): The unvalidated contents fo the replication file. Returns: result (str): Either "user-managed" or "automatic". locations (list): Locations that are part of the user-managed replication keys (list): list of kms keys to be used for each replica. z8Failed to parse replication policy file as json or yaml.) jsonloadsr3 ValueErrorrloadYAMLParseErrorrr) file_contentsr2s rParseReplicationFileContentsr;s, M2 !3 44   D=1 !3 44  D  % %B DDDs" ..A)A;c|jdrgSt}|D]}|j|j|jdrW|jD]}|j |g}|D],}|j|vs|j |j.|S|jdrMg}|D]}|j |j|jD]}||vs|j ||Sy)aNApplies updates to the list of topics on a secret. Preserves the original order of topics. Args: args (argparse.Namespace): The collection of user-provided arguments. original_topics (list): Topics configured on the secret prior to update. Returns: result (list): List of strings of topic names after update. clear_topics remove_topics add_topicsN) IsSpecifiedsetaddnamer>discardr$r?)argsoriginal_topics topics_settopic topic_name new_topicss rApplyTopicsUpdaterKs n% Iu*eNN5:: o&(( $)J  z !%**%!  l#J  #!oo : %*%& $r*c|jdriSt}|j|Dcic]}|j|jc}|jdrO|j D]}||=t}|D]*}|j|vs|j||j<,|S|jdr}t}|j|Dcic]}|j|jc}|j|j jDcic]\}}|| c}}|Sycc}wcc}wcc}}w)a{Applies updates to the list of version-aliases on a secret. Makes no alterations to the original version aliases Args: args (argparse.Namespace): The collection of user-provided arguments. original_version_aliases (list): version-aliases configured on the secret prior to update. Returns: result (dict): dict of version_aliases pairs after update. clear_version_aliasesremove_version_aliasesupdate_version_aliasesN)r@dictupdatekeyvaluerNrOitems)rEoriginal_version_aliasesversion_aliases_dictpairaliasnew_version_aliasesversion_alias_pairversions rApplyAliasUpdater\s_ -. I(@A(@txx(@AC ./,, u %-&6   #7 76H6N6N.2237  01&*BC*B$4:: *BCE $ ; ; A A C  C UG w C  2B D EE) E c|jdriSt}|j|Dcic]}|j|jc}|jdrO|j D]}||=t}|D]*}|j|vs|j||j<,|S|jdr}t}|j|Dcic]}|j|jc}|j|j jDcic]\}}|| c}}|Sycc}wcc}wcc}}w)agApplies updates to the list of annotations on a secret. Makes no alterations to the original annotations Args: args (argparse.Namespace): The collection of user-provided arguments. original_annotations (list): annotations configured on the secret prior to update. Returns: result (dict): dict of annotations pairs after update. clear_annotationsremove_annotationsupdate_annotationsN)r@rPrQrRrSr`rarT)rEoriginal_annotationsannotations_dictrW annotationnew_annotationsannotation_pairmetadatas rApplyAnnotationsUpdaterh sY )* IV(<=(<txx(<=? *+-- : &.fO/    0 0/>/D/D++,0  ,-fO*>?*>$4:: *>?A&*&=&=&C&C&E&E "Z H&E .> @r])NT)__doc__ __future__rrrr5googlecloudsdk.calliopergooglecloudsdk.corergooglecloudsdk.core.consolergooglecloudsdk.core.utilr rrrr)r/r3r;rKr\rhr*rrps]7&' .$2*D@E(")J/0!DH#L$N$r*