B&dZddlmZddlmZddlmZddlmZddlmZddlm Z ddl m Z dd l m Z dd lmZdd lmZdd lmZdd lmZddlmZddlmZddlmZddlmZdZdZdZdZ dZ!dZ"dZ#dZ$dZ%dZ&eejOdzejOdze jOdze!jOdzdzZ(ddjSe"e#e$e%e&gzZ*ee(e*Z+dd gZ,d!Z-eee"Z.eee#Z/eee$Z0ee e%Z1ee!e&Z2d"Z3d#Z4d$ejjzd%zd&zd'zZ6d$ejjzd(zd)zd*zd+zd,zd-zd.zd/zd0zZ7d1Z8ed2Z9ed3d4d5e6gd6e9i7Z:egd8d6e9i7Z;ed3d4d9e7gd6e9i7Z<ed3d4d:e8ged;ed<e9d=7Z=ed3d4d:e7ged;ed>ed<e9d?7Z>ed3d4d@e7gedAdBdCedDe9dE7Z?GdFdGeZ@yH)Iz Implementation of HMAC key management command for GCS. NOTE: Any modification to this file or corresponding HMAC logic should be submitted in its own PR and release to avoid concurrency issues in testing. )absolute_import)division)print_function)unicode_literals)Command)CommandArgument) ApiSelectorCommandException)CreateHelpText)LogCommandParams)PopulateProjectId)GetCloudApiInstance)GcloudStorageFlag)GcloudStorageMap) InsistAscii) shim_utilz= gsutil hmac create [-p ] z1 gsutil hmac delete [-p ] z. gsutil hmac get [-p ] zJ gsutil hmac list [-a] [-l] [-p ] [-u ] zR gsutil hmac update -s (ACTIVE|INACTIVE) [-e ] [-p ] a CREATE The ``hmac create`` command creates an HMAC key for the specified service account: gsutil hmac create test.service.account@test_project.iam.gserviceaccount.com The secret key material is only available upon creation, so be sure to store the returned secret along with the access_id. CREATE OPTIONS The ``create`` sub-command has the following option -p Specify the ID or number of the project in which to create a key. a DELETE The ``hmac delete`` command permanently deletes the specified HMAC key: gsutil hmac delete GOOG56JBMFZX6PMPTQ62VD2 Note that keys must be updated to be in the ``INACTIVE`` state before they can be deleted. DELETE OPTIONS The ``delete`` sub-command has the following option -p Specify the ID or number of the project from which to delete a key. a GET The ``hmac get`` command retrieves the specified HMAC key's metadata: gsutil hmac get GOOG56JBMFZX6PMPTQ62VD2 Note that there is no option to retrieve a key's secret material after it has been created. GET OPTIONS The ``get`` sub-command has the following option -p Specify the ID or number of the project from which to get a key. a LIST The ``hmac list`` command lists the HMAC key metadata for keys in the specified project. If no project is specified in the command, the default project is used. LIST OPTIONS The ``list`` sub-command has the following options -a Show all keys, including recently deleted keys. -l Use long listing format. Shows each key's full metadata excluding the secret. -p Specify the ID or number of the project from which to list keys. -u Filter keys for a single service account. a UPDATE The ``hmac update`` command sets the state of the specified key: gsutil hmac update -s INACTIVE -e M42da= GOOG56JBMFZX6PMPTQ62VD2 Valid state arguments are ``ACTIVE`` and ``INACTIVE``. To set a key to state ``DELETED``, use the ``hmac delete`` command on an ``INACTIVE`` key. If an etag is set in the command, it will only succeed if the provided etag matches the etag of the stored key. UPDATE OPTIONS The ``update`` sub-command has the following options -s Sets the state of the specified key to either ``ACTIVE`` or ``INACTIVE``. -e If provided, the update will only be performed if the specified etag matches the etag of the stored key. -p Specify the ID or number of the project in which to update a key.  z z You can use the ``hmac`` command to interact with service account `HMAC keys `_. The ``hmac`` command has five sub-commands: INACTIVEACTIVEz%a, %d %b %Y %H:%M:%S GMTc(t|d|d|S)N z= requires an Access ID to be specified as the last argument. r ) command_name subcommandsynopsiss &platform/gsutil/gslib/commands/hmac.py_AccessIdExceptionrs Z+ ,,cd d}d|jz}||d|jz }||d|jz }||d|jz }||d|jj t z }||d|jj t z }||d|jd z }|S) z4Format the key metadata for printing to the console.c.d}d||dz|fz}|r|dz }|S)z=Format the metadata name-value pair into two aligned columns.z %-*s %s:r)namevaluenew_linewidthinfo_strs r FormatInfoz&_KeyMetadataOutput..FormatInfos. EeTCZ77H$h OrzAccess ID %s: StatezService AccountProjectz Time CreatedzTime Last UpdatedEtagF)r&)T) accessIdstateserviceAccountEmail projectId timeCreatedstrftime _TIME_FORMATupdatedetag)metadatar)messages r_KeyMetadataOutputr8s  1 1 1' Z 00' Z)8+G+G HH' Z 8#5#5 66' Z ,,55lCEE' Z+ ((11,?AA' Z  >>' .rz--format=value[separator="z"](z-format("Access ID: {}", metadata.accessId),z"format("Secret: {}", secret))z%"](format("Access ID {}:", accessId),z,format(" State: {}", state),z:format(" Service Account: {}", serviceAccountEmail),z0format(" Project: {}", projectId),z$format(" Time Created: {}",z9 timeCreated.date(format="%a',' %d %b %Y %H:%M:%S GMT")),z$format(" Time Last Updated: {}",z5 updated.date(format="%a',' %d %b %Y %H:%M:%S GMT")),z+format(" Etag: {}", etag))zW--format=table[no-heading](format("{} {:<12} {}",accessId, state, serviceAccountEmail))z --projectstoragehmaccreate-pgcloud_commandflag_map)r9r:deletedescribelistz--allz--service-account)-a-ur<z--long)rC-lrDr<updatez --activatez --deactivate)rrz--etag)-s-er<ceZdZdZej ddddddejgejee jge jge jge jge jgd Z ejdgd d e eeeeed Zfd Zdd ZddZddZddZddZdZxZS) HmacCommandz&Implementation of gsutil hmac command.r:z ae:lp:s:u:Tr;r@getrBrF) min_argsmax_argssupported_sub_args file_url_okurls_start_arggs_api_supportgs_default_apiusage_synopsisargparse_arguments command_helpz-CRUD operations on service account HMAC keys.) help_namehelp_name_aliases help_typehelp_one_line_summary help_textsubcommand_help_textc|jddk(r"d|jvrtdtii}n'tttt t tdi}t|%|S)NrrBrEr=)r;r@rFrNrB) argsrLIST_COMMAND_LONG_FORMATCREATE_COMMANDDELETE_COMMANDUPDATE_COMMAND GET_COMMAND LIST_COMMANDsuperget_gcloud_storage_args)selfgcloud_storage_map __class__s rrhz#HmacCommand.get_gcloud_storage_args<sn yy|v$$))"3+ ":; ,&&& "    7 *+= >>rc|jr|jd|_n+d}t||j|jt fzt ||}|j|j|jd}tddd|jjtd dd|jy ) z'Creates HMAC key for a service account.rzI%s %s requires a service account to be specified as the last argument. %s thread_stategsproviderz Access ID:12rzSecret:N) r`service_account_emailr raction_subcommand_CREATE_SYNOPSISr CreateHmacKey project_idprintr6r-secret)rirnerr_msg gsutil_apiresponses r_CreateHmacKeyzHmacCommand._CreateHmacKeyPs yy#'99Q> yy))A,i t00$2H2H/ 11%T EJ''(1(, (, 15 (7H  X &'rc|jjdtjk7r t d|j j d|_|jdt|jd|_ d|_ d |_ d |_d|_|jrn|jD]_\}}|d k(r||_ |d k(rt!|d ||_,|d k(r||_ 9|dk(rd|_ F|dk(rd|_S|dk(sY||_a|j"st%d|_|j&|j(|j*|j,|j.d}|j|vr&t d|jd|j0dt|jg||jy)z)Command entry point for the hmac command.rorpz9The "hmac" command can only be used with the GCS JSON APIrT) check_args)sub_optsNFrDr<z/Invalid non-ASCII character found in project IDrGrCrErHrMzInvalid subcommand "z " for the z! command. See "gsutil help hmac".) subcommands)r{GetApiSelectorr JSONr r`poprt ParseSubOptsr rrsr.rrr5rrwrr}rrrrr)rioamethod_for_args r RunCommandzHmacCommand.RunCommands %%t%4 8H8HH  E GG"YY]]1-D&dmm,!%DDJDMDNDI }}--$!Q 9'($ $ $Y aJ K$/ $Y$* $Y$- $Y$. $Y$) ??)$/do%%%%""%% N ^3 "44d6G6GI JJ$"8"8!9:*N4))*, r)N)__name__ __module__ __qualname____doc__rCreateCommandSpecr r _SYNOPSISr%MakeZeroOrMoreCloudOrFileURLsArgument command_specHelpSpec_DETAILED_HELP_TEXT_create_help_text_delete_help_text_get_help_text_list_help_text_update_help_text help_specrhr}rrrrr __classcell__)rks@rrJrJs.*** %!&&' %%J_JJLMJ_JJLMG/GGIJH?HHJKJ_JJLM ,&gL#%%!%   )?(5( H (E0(26 rrJN)Ar __future__rrrr gslib.commandrgslib.command_argumentrgslib.cs_api_mapr gslib.exceptionr gslib.help_providerr gslib.metricsr gslib.project_idrgslib.utils.cloud_api_helperrgslib.utils.shim_utilrrgslib.utils.text_utilr gslib.utilsrrurrrr_CREATE_DESCRIPTION_DELETE_DESCRIPTION_GET_DESCRIPTION_LIST_DESCRIPTION_UPDATE_DESCRIPTIONlstriprr _DESCRIPTIONrrr3rrrrrrr8get_format_flag_newline_CREATE_COMMAND_FORMAT_DESCRIBE_COMMAND_FORMAT_LIST_COMMAND_SHORT_FORMAT _PROJECT_FLAGrbrcrerfrardrJr#rrrsZ'%'!2(,.*.<32-! "  (2 0 7 7 = =  ! !$ '(*8*?*?*EF  $ $T *+-34   ii   %Y ="H-* "#35HI"#35HI /?@ 1BC"#35HI, .7;);;=>@EFIJ?? !#D9#D#D#FF+,34BB8 8 , , B B,,>>3 3-"+. !vx1GH m "1N&*M,$% vz3KLM "$  vv/IJ( 34 ,vv/GH() 34 "vx1IJ &*  h '   L 'L r