File: //opt/saltstack/salt/lib/python3.10/site-packages/salt/pillar/__pycache__/confidant.cpython-310.pyc
o
�����N�g$
�����������������������@���sh���d�Z�d�d�l�Z�d�d�l�Z�z�d�d�l�Z�d�d�l�Z�d�Z�W�n���e�y!������d�Z�Y�n�w�e���e ��Z
d�Z�d�d���Z�d
d�d ��Z
d�S�)�a����
An external pillar module for getting credentials from confidant.
Configuring the Confidant module
================================
The module can be configured via ext_pillar in the minion config:
.. code-block:: yaml
ext_pillar:
- confidant:
profile:
# The URL of the confidant web service
url: 'https://confidant-production.example.com'
# The context to use for KMS authentication
auth_context:
from: example-production-iad
to: confidant-production-iad
user_type: service
# The KMS master key to use for authentication
auth_key: "alias/authnz"
# Cache file for KMS auth token
token_cache_file: /run/confidant/confidant_token
# The duration of the validity of a token, in minutes
token_duration: 60
# key, keyid and region can be defined in the profile, but it's
# generally best to use IAM roles or environment variables for AWS
# auth.
keyid: 98nh9h9h908h09kjjk
key: jhf908gyeghehe0he0g8h9u0j0n0n09hj09h0
region: us-east-1
:depends: confidant-common, confidant-client
Module Documentation
====================
�����NTF� confidantc��������������������C���s����t�r�t�S�d�S�)�z9
Only return if requests and boto are installed.
F)���HAS_LIBS��__virtualname__��r����r�����I/opt/saltstack/salt/lib/python3.10/site-packages/salt/pillar/confidant.py��__virtual__;���s����������r����c��������������������C���s>���|�d�u�r�i�}�d�d�d�d���}�t���|���}�|���d�d���r�d�|�d�<�|�S�|���d�d���}�z�|�d ��}�|�d
��}�|�d���}�|�d���} W�n���t�t�f�yI������d
}
t���|
����|���Y�S�w�|���d�d���}�|���d�d���}�|���d�d���}
|���d���}�|���d�d���}�t�j�j |�|�|�|�|�|�|�|
|�d�� }�z |�j
| d�d���}�W�n
��t�j�j�y�������|���Y�S�w�|�d���s�|�S�t�j��
|���}�d�|�d�<�|�S�)�z6
Read pillar data from Confidant via its API.
NF)���credentials_resultZ�credentialsZ�credentials_metadata��disabledT��result�
token_version�������url��auth_key��auth_context��fromz3profile has undefined url, auth_key or auth_context��regionz us-east-1��token_duration�<�����retries�������token_cache_file��backoff)�Z�token_lifetimer����r����r����r����r����)�Z
decrypt_blindr����)���copy��deepcopy��get��KeyError� TypeError��log��debugr������clientZ�ConfidantClientZ�get_serviceZ�TokenCreationError� formatterZ�combined_credential_pair_format)�Z minion_idZ�pillarZ�profile��retZ�profile_datar����r
���r����r����Z�role��msgr����r����r����r����r����r������datar����r����r�����
ext_pillarE���s^���������������
�����������������������
�����������
���������������������������������������������r$���)�N)���__doc__r������loggingZ�confidant.clientr����Z�confidant.formatterr������ImportError� getLogger��__name__r����r����r����r$���r����r����r����r������<module>����s�������'����������������
������