a 'Dg" @sdUdZddlZddlZddlmZmZmZddlmZddl m Z ddl m Z ddl mZeeZddd d d gd Zd d dddgd dddddgd dddddgd ddddd gd dd dddgd dZdD]Zedee<qdD]Zedee<qgdZdeed d!gd"Ze ed#<d$d%Zd&d'Zd(d)Zd*d+Zd,d-Zd.d/Zee eedd0d1d2Z dS)3zCA Certs: Add ca certificates.N) lifecyclesubputil)Cloud)Config) MetaSchema) PER_INSTANCEz!/usr/local/share/ca-certificates/z#cloud-init-ca-cert-{cert_index}.crtz/etc/ca-certificates.confzupdate-ca-certificates) ca_cert_pathca_cert_local_pathca_cert_filenameca_cert_configca_cert_update_cmdz/etc/ssl/certs/z#cloud-init-ca-cert-{cert_index}.pemz+/etc/ca-certificates/conf.d/cloud-init.confzupdate-ca-bundlez/etc/pki/ca-trust/z/usr/share/pki/ca-trust-source/z+anchors/cloud-init-ca-cert-{cert_index}.crtzupdate-ca-trustz/etc/pki/trust/z/usr/share/pki/trust/z/etc/pki/tls/certs/zrehash_ca_certificates.sh)aoscfedorarhelopensusephoton)opensuse-microosopensuse-tumbleweed opensuse-leapsle_hpc sle-microslesr) almalinux cloudlinuxr)rrralpinedebianrrrrrrrrrubunturZ cc_ca_certsca_certsca-certs)iddistrosZ frequencyZactivate_by_schema_keysmetacCs*t|t}tj|d|d|d<|S)zReturn a distro-specific ca_certs config dictionary @param distro_name: String providing the distro class name. @returns: Dict of distro configurations for ca_cert. r r ca_cert_full_path)DISTRO_OVERRIDESgetDEFAULT_CONFIGospathjoin) distro_namecfgr,@/usr/lib/python3.9/site-packages/cloudinit/config/cc_ca_certs.py_distro_ca_certs_configsjs   r.cCstj|ddddS)z Updates the CA certificate cache on the current machine. @param distro_cfg: A hash providing _distro_ca_certs_configs function. r F)ZcaptureN)r distro_cfgr,r,r-update_ca_certswsr1cCsH|sdSt|dD]0\}}t|}|dj|d}tj||ddqdS)a- Adds certificates to the system. To actually apply the new certificates you must also call the appropriate distro-specific utility such as L{update_ca_certs}. @param distro_cfg: A hash providing _distro_ca_certs_configs function. @param certs: A list of certificate strings. Nr#) cert_indexi)mode) enumeratestrformatr write_file)r0Zcertsr3cZcert_file_contentsZcert_file_namer,r,r- add_ca_certss r:cCs@|dvrt|n*|dvrs,      r>cCs:|ddurdStdt|dt|ddS)z Removes all default trusted CA certificates from the system. @param distro_cfg: A hash providing _distro_ca_certs_configs function. r NzDeleting system CA certificatesr )LOGdebugrZdelete_dir_contentsr/r,r,r-r=s   r=)namer+cloudargsreturncCsd|vrtjddddnd|vr2td|dSd|vrLd|vrLtd |d|d}t|jj}d |vrtjd dd d|d |d drtdt |jj|d|vrt |d}|rtdt |t ||tdt|dS)au Call to handle ca_cert sections in cloud-config file. @param name: The module name "ca_cert" from cloud.cfg @param cfg: A nested dict containing the entire cloud config contents. @param cloud: The L{CloudInit} object in use. @param log: Pre-initialized Python logger object to use for logging. @param args: Any module arguments from cloud.cfg rzKey 'ca-certs'z22.1zUse 'ca_certs' instead.)Z deprecatedZdeprecated_versionZ extra_messagerzr=r6listrSr,r,r,r-s|      &  '