o

�N�g��@sVdZd
dl
Z
d
dlm
mZ
d
dlZd
dlmZ
e
�	e
�
ZdZdd�Z
d	dd�
ZdS)
am
tISM - the Immutable Secrets Manager SDB Module

:maintainer:    tISM
:maturity:      New
:platform:      all

.. versionadded:: 2017.7.0

This module will decrypt PGP encrypted secrets against a tISM server.

.. code::

  sdb://<profile>/<encrypted secret>

  sdb://tism/hQEMAzJ+GfdAB3KqAQf9E3cyvrPEWR1sf1tMvH0nrJ0bZa9kDFLPxvtwAOqlRiNp0F7IpiiVRF+h+sW5Mb4ffB1TElMzQ+/G5ptd6CjmgBfBsuGeajWmvLEi4lC6/9v1rYGjjLeOCCcN4Dl5AHlxUUaSrxB8akTDvSAnPvGhtRTZqDlltl5UEHsyYXM8RaeCrBw5Or1yvC9Ctx2saVp3xmALQvyhzkUv5pTb1mH0I9Z7E0ian07ZUOD+pVacDAf1oQcPpqkeNVTQQ15EP0fDuvnW+a0vxeLhkbFLfnwqhqEsvFxVFLHVLcs2ffE5cceeOMtVo7DS9fCtkdZr5hR7a+86n4hdKfwDMFXiBwSIPMkmY980N/H30L/r50+CBkuI/u4M2pXDcMYsvvt4ajCbJn91qaQ7BDI=

A profile must be setup in the minion configuration or pillar. If you want to
use sdb in a runner or pillar you must also place a profile in the master
configuration.

.. code-block:: yaml

    tism:
      driver: tism
      url: https://my.tismd:8080/decrypt
      token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhZG1pbiI6MSwiZXhwIjoxNTg1MTExNDYwLCJqdGkiOiI3NnA5cWNiMWdtdmw4Iiwia2V5cyI6WyJBTEwiXX0.RtAhG6Uorf5xnSf4Ya_GwJnoHkCsql4r1_hiOeDSLzo
�N)
�SaltConfigurationErrorZtismc
CstS)
z6
    This module has no other system dependencies
    )
�__virtualname__�rr�A/opt/saltstack/salt/lib/python3.10/site-packages/salt/sdb/tism.py�__virtual__)srcCs�|�d
�
r
|�d�
st
d�
�
|d|d�}tj|d
dtjj�|�
d�}|�d�
}|s?t�	d|�d	d
��
dt
|�dd
��
S|S)
z3
    Get a decrypted secret from the tISMd API
    �url�tokenz2url and/or token missing from the tism sdb profile)rZ	encsecret�POST)�method�data�bodyz4tism.get sdb decryption request failed with error %s�error�unknown�ERROR�status)�getr�http�query�salt�utils�json�dumps�log�warning�str)�keyZserviceZprofile�request�resultZ	decryptedrrrr0s$

�


�




�r)NN)�__doc__�loggingZsalt.utils.httprrZsalt.utils.jsonrZsalt.exceptionsr�	getLogger�__name__rrrrrrrr�<module>
s