File: //usr/lib/python3.6/site-packages/cloudinit/config/__pycache__/cc_ca_certs.cpython-36.pyc
3
�xh�$�������������������@���s����U�d�Z�d�d�l�Z�d�d�l�Z�d�d�l�m�Z���d�d�l�m�Z�m�Z���d�d�l�m Z ��d�d�l
m�Z���d�d�l�m
Z
m�Z���d�d�l�m�Z���e�j�e���Z�d�d d
d�d�g�d
��Z�d�d�d�d�d�g�d
��d�d�d�d�d�g�d
��d�d�d�d�d�g�d
��d���Z�x�d:D�]�Z�e�d���e�e�<�q�W�x�d;D�]�Z�e�d���e�e�<�q�W�d�Z�d�d�d d!d"d�d�d�d�d�d�d�d�d#g�Z�d$d%d&e�e�e�e�d'��g�d(d)g�d*��Z�e
�e�e���Z�d+d,��Z�d-d.��Z�d/d0��Z�d1d2��Z�d3d4��Z�d5d6��Z�e e�e e!d�d7��d8d9��Z"d�S�)<z�CA Certs: Add ca certificates.�����N)���dedent)���subp��util)���Cloud)���Config)��
MetaSchema��get_meta_doc)���PER_INSTANCEz!/usr/local/share/ca-certificates/z#cloud-init-ca-cert-{cert_index}.crtz�/etc/ca-certificates.confz�update-ca-certificates)���ca_cert_path��ca_cert_local_path��ca_cert_filename��ca_cert_config��ca_cert_update_cmdz�/etc/pki/ca-trust/z�/usr/share/pki/ca-trust-source/z+anchors/cloud-init-ca-cert-{cert_index}.crtz�update-ca-trustz�/etc/pki/trust/z�/usr/share/pki/trust/)���fedora��rhel��opensuse��opensuse-microos��opensuse-tumbleweed�
opensuse-leap��sle_hpc� sle-micro��slesr����� almalinux�
cloudlinuxr����a/���This module adds CA certificates to the system's CA store and updates any
related files using the appropriate OS-specific utility. The default CA
certificates can be disabled/deleted from use by the system with the
configuration option ``remove_defaults``.
.. note::
certificates must be specified using valid yaml. in order to specify a
multiline certificate, the yaml multiline list syntax must be used
.. note::
Alpine Linux requires the ca-certificates package to be installed in
order to provide the ``update-ca-certificates`` command.
��alpine��debianr������ubuntuZ�cc_ca_certsz�CA Certificatesz�Add ca certificatesa���� ca_certs:
remove_defaults: true
trusted:
- single_line_cert
- |
-----BEGIN CERTIFICATE-----
YOUR-ORGS-TRUSTED-CA-CERT-HERE
-----END CERTIFICATE-----
��ca_certsz�ca-certs)���id��name��title��description��distrosZ frequencyZ�examplesZ�activate_by_schema_keysc����������������C���s*���t�j�|�t���}�t�j�j�|�d���|�d�����|�d�<�|�S�)�z�Return a distro-specific ca_certs config dictionary
@param distro_name: String providing the distro class name.
@returns: Dict of distro configurations for ca_cert.
r����r������ca_cert_full_path)���DISTRO_OVERRIDES��get��DEFAULT_CONFIG��os��path��join)���distro_name��cfg��r,����!/usr/lib/python3.6/cc_ca_certs.py��_distro_ca_certs_configs|���s������������r.���c����������������C���s����t�j�|�d���d�d�����d�S�)�z�
Updates the CA certificate cache on the current machine.
@param distro_cfg: A hash providing _distro_ca_certs_configs function.
r����F)�Z�captureN)�r����)��
distro_cfgr,���r,���r-�����update_ca_certs����s������r0���c����������������C���sL���|�s�d�S�x>t�|�d���D�]0\�}�}�t�|���}�|�d���j�|�d���}�t�j�|�|�d�d�����q�W�d�S�)�a-���
Adds certificates to the system. To actually apply the new certificates
you must also call the appropriate distro-specific utility such as
L{update_ca_certs}.
@param distro_cfg: A hash providing _distro_ca_certs_configs function.
@param certs: A list of certificate strings.
N�����r#���)��
cert_indexi����)���mode)�� enumerate��str��formatr�����
write_file)�r/���Z�certsr2�����cZ�cert_file_contentsZ�cert_file_namer,���r,���r-�����add_ca_certs����s����� ������������r9���c����������������C���s@���|�d�k�r�t�|�����n*|�d�k�r<t�|�����|�d�k�r<d
}�t�j�d�|�d ����d
S�)�a.���
Disables all default trusted CA certificates. For Alpine, Debian and
Ubuntu to actually apply the changes you must also call
L{update_ca_certs}.
@param distro_name: String providing the distro class name.
@param distro_cfg: A hash providing _distro_ca_certs_configs function.
r����r����r����r����z/ca-certificates ca-certificates/trust_new_crts z select no��debconf-set-selections��-)���dataN)�r����r����r����)�r����r����z8ca-certificates ca-certificates/trust_new_crts select no)�r:���r;���)���remove_default_ca_certs��disable_system_ca_certsr����)�r*���r/���Z�debconf_selr,���r,���r-�����disable_default_ca_certs����s����� ��
���������r?���c����������������C���s����|�d���}�|���s�t�j�j�|�����r d�S�d�}�d�}�t�j�|���j�r�t�j�|���}�g�}�xh|�j���D�]\}�|�|�k�rhd�}�|�j�|�����qL|�d�k�s||�d���d
k�r�|�j�|�����qL|�s�|�j�|�����d�}�|�j�d |�������qLW�t�j |�d
j
|���d
��d�d�����d�S�)�z�
For every entry in the CA_CERT_CONFIG file prefix the entry with a "!"
in order to disable it.
@param distro_cfg: A hash providing _distro_ca_certs_configs function.
r
���Nz;# Modified by cloud-init to deselect certs due to user-dataFT��r������#��!��
��wb)�Z�omode)�rA���rB���)�r'���r(�����exists��stat��st_sizer����Z load_file�
splitlines��appendr7���r)���)�r/���Z�ca_cert_cfg_fnZ�header_commentZ�added_headerZ�origZ out_lines��liner,���r,���r-���r>�������s(�����������������
�����������������
�������r>���c����������������C���s:���|�d���d�k�r�d�S�t�j�d�����t�j�|�d�������t�j�|�d�������d�S�)�z�
Removes all default trusted CA certificates from the system.
@param distro_cfg: A hash providing _distro_ca_certs_configs function.
r
���Nz�Deleting system CA certificatesr����)���LOG��debugr����Z�delete_dir_contents)�r/���r,���r,���r-���r=�������s
���������
���r=���)�r����r+�����cloud��args��returnc����������������C���s����d�|�k�r�t�j�d�d�d�d�����n�d�|�k�r2t�j�d�|�����d�S�d�|�k�rLd�|�k�rLt�j�d ����|�j�d�|�j�d�����}�t�|�j�j���}�d
|�k�r�t�j�d�d�d�d�����|�j�d
|�j�d
d�����r�t�j�d�����t |�j�j�|�����d�|�k�r�t�j
|�d���}�|�r�t�j�d�t�|�������t�|�|�����t�j�d�����t
|�����d�S�)�au���
Call to handle ca_cert sections in cloud-config file.
@param name: The module name "ca_cert" from cloud.cfg
@param cfg: A nested dict containing the entire cloud config contents.
@param cloud: The L{CloudInit} object in use.
@param log: Pre-initialized Python logger object to use for logging.
@param args: Any module arguments from cloud.cfg
z�ca-certsz�Key 'ca-certs'z�22.1z�Use 'ca_certs' instead.)�Z
deprecatedZ�deprecated_versionZ
extra_messager����z<Skipping module named %s, no 'ca_certs' key in configurationNzMFound both ca-certs (deprecated) and ca_certs config keys. Ignoring ca-certs.z�remove-defaultsz�Key 'remove-defaults'z�Use 'remove_defaults' instead.Z�remove_defaultsFz'Disabling/removing default certificatesZ�trustedz�Adding %d certificatesz�Updating certificates)�r����Z deprecaterK���rL���Z�warningr%���r.�����distror����r?���Z�get_cfg_option_list��lenr9���r0���)�r����r+���rM���rN���Z�ca_cert_cfgr/���Z
trusted_certsr,���r,���r-�����handle����s>����
��������
�����������������������������������
�����������
�
�rR���)�r����r����r����r����r����r����)�r����r����)#��__doc__Z�loggingr'�����textwrapr����Z cloudinitr����r����Z�cloudinit.cloudr����Z�cloudinit.configr����Z�cloudinit.config.schemar����r����Z�cloudinit.settingsr ���Z getLogger��__name__rK���r&���r$���rP���Z�MODULE_DESCRIPTIONr"�����metar.���r0���r9���r?���r>���r=���r5�����listrR���r,���r,���r,���r-�����<module>����s����������������������
���������
��������������������������������������������������������������������������������������������������
�������
� �����'��