o

�N�g��@s:dZd
dl
Z
e
�e�
Z						ddd�
Zdd	d
�
ZdS)
a�
Opening of Encrypted Devices
============================

Ensure that an encrypted device is mapped with the `mapped` function:

.. code-block:: yaml

    mappedname:
      cryptdev.mapped:
        - device: /dev/sdb1
        - keyfile: /etc/keyfile.key
        - opts:
          - size=256

    swap:
      crypted.mapped:
        - device: /dev/sdx4
        - keyfile: /dev/urandom
        - opts: swap,cipher=aes-cbc-essiv:sha256,size=256

    mappedbyuuid:
      crypted.mapped:
        - device: UUID=066e0200-2867-4ebe-b9e6-f30026ca2314
        - keyfile: /etc/keyfile.key
        - config: /etc/alternate-crypttab

.. versionadded:: 2018.3.0
�N�
/etc/crypttabTF�namecCsR
|id
dd�}|s|sd|d<d|d<|S|r.|dus#|d	ks#|d
kr.d|d<d|dd
<n<|rjtd�}	||	�
�v
rj|rBt�d�

tdrOd|d<d|d<ntd||
|�}
|
r`d|dd
<n
d|dd
<d|d<|r�tds�td||
||||d�}|r�|dkr�d|��|dd<|dkr�d�|�
|dd<|Sd|��|dd<d|d<|S)ak
    Verify that a device is mapped

    name
        The name under which the device is to be mapped

    device
        The device name, typically the device node, such as ``/dev/sdb1``
        or ``UUID=066e0200-2867-4ebe-b9e6-f30026ca2314``.

    keyfile
        Either ``None`` if the password is to be entered manually on boot, or
        an absolute path to a keyfile. If the password is to be asked
        interactively, the mapping cannot be performed with ``immediate=True``.

    opts
        A list object of options or a comma delimited list

    config
        Set an alternative location for the crypttab, if the map is persistent,
        Default is ``/etc/crypttab``

    persist
        Set if the map should be saved in the crypttab, Default is ``True``

    immediate
        Set if the device mapping should be executed immediately. Requires that
        the keyfile not be ``None``, because the password cannot be asked
        interactively. Note that options are not passed through on the initial
        mapping.  Default is ``False``.

    match_on
        A name or list of crypttab properties on which this state should be applied.
        Default is ``name``, meaning that the line is matched only by the name
        parameter. If the desired configuration requires two devices mapped to
        the same name, supply a list of parameters to match on.
    T��r�changes�result�commentFrzJEither persist or immediate must be set, otherwise this state does nothingrNZnone�
-z5Device cannot be mapped immediately without a keyfiler�
cryptsetup�cryptdev.activez6Ignore cryptdev configuration when mapping immediately�testz"Device would be mapped immediately�commmentz
cryptdev.openzDevice mapped using cryptsetupz%Device failed to map using cryptsetupzcryptdev.set_crypttab)�password�options�config�match_on�newzEntry added in �crypttab�changezExisting entry in {} changedzUnable to set entry in )�__salt__�keys�log�warning�__opts__�format)rZdevice�keyfile�optsr�persist�	immediater�ret�active�cryptsetup_result�crypttab_result�r#�H/opt/saltstack/salt/lib/python3.10/site-packages/salt/states/cryptdev.py�mapped$s`/
�
�
�








�
�






�



��
r%cCs�|id
dd�}|r:td�}||�
�vr:tdr!d|d<d|d	<ntd
|�
}|r0d|dd
<n
d|dd
<d|d<|rftdsftd||
d�}|rY|dkrWd|
��|dd<|Sd|
��|dd<d|d<|S)a�

    Ensure that a device is unmapped

    name
        The name to ensure is not mapped

    config
        Set an alternative location for the crypttab, if the map is persistent,
        Default is ``/etc/crypttab``

    persist
        Set if the map should be removed from the crypttab. Default is ``True``

    immediate
        Set if the device should be unmapped immediately. Default is ``False``.
    TrrrrNrz$Device would be unmapped immediatelyr
zcryptdev.closez Device unmapped using cryptsetuprr
z'Device failed to unmap using cryptsetupFzcryptdev.rm_crypttab)
rrzEntry removed from rzUnable to remove entry in )rrr)rrrrrr r!r"r#r#r$�unmapped�s0






�
�



�
r&)NNrTFr)rTF)�__doc__�logging�	getLogger�__name__rr%r&r#r#r#r$�<module>
s






�m