HEX

File: //opt/saltstack/salt/lib/python3.10/site-packages/salt/states/__pycache__/vault.cpython-310.pyc
o

�N�g��@s:dZddlZddlZe�e�Zdd�Zdd�Zdd�ZdS)	z�
States for managing Hashicorp Vault.
Currently handles policies. Configuration instructions are documented in the execution module docs.

:maintainer:    SaltStack
:maturity:      new
:platform:      all

.. versionadded:: 2017.7.0

�Nc
Cs�d|��}tdd|�}z"|jdkrt|||��d�WS|jdkr(t||�WS|��Wd
StyJ}z|idd|��d	�WYd
}~Sd
}~ww)a�
    Ensure a Vault policy with the given name and rules is present.

    name
        The name of the policy

    rules
        Rules formatted as in-line HCL


    .. code-block:: yaml

        demo-policy:
          vault.policy_present:
            - name: foo/bar
            - rules: |
                path "secret/top-secret/*" {
                  policy = "deny"
                }
                path "secret/not-very-secret/*" {
                  policy = "write"
                }

    �v1/sys/policy/�vault.make_requestZGET���rulesi�FzFailed to get policy: ��name�changes�result�commentN)�	__utils__�status_code�_handle_existing_policy�json�_create_new_policyZraise_for_status�	Exception)rr�url�response�e�r�E/opt/saltstack/salt/lib/python3.10/site-packages/salt/states/vault.py�policy_presents 


���rcCs|tdr||d|d�iddd�Sd|i}d|��}tdd	||d
�}|jdvr2|idd
|j��d�S|d|d|d�idd�S)N�test�)�old�newzPolicy would be createdrrrr�PUT�r�r��FzFailed to create policy: TzPolicy was created)rr	rr
)�__opts__rr�reason)rr�payloadrrrrrr>s(�


��rcCs�d|i}||krd|d<i|d<d|d<|Sd�t�|�d�|�d���}tdr;d|d<|d	|ii|d<d
|d<|Sd|i}d|��}td
d||d�}|jdvr]|idd|j��d�Sd|d<|d	|ii|d<d|d<|S)NrTr	rz*Policy exists, and has the correct contentr
rr�changezPolicy would be changedrrrrrrFzFailed to change policy: rzPolicy was updated)�join�difflibZunified_diff�
splitlinesrrrr )rZ	new_rulesZexisting_rules�retr"r!rrrrrr
Zs:��


�r
)	�__doc__r$�logging�	getLogger�__name__�logrrr
rrrr�<module>s
+