def set_common_cloud_provider_options(provider_args):
provider_args.add_argument('-m', '--master-key', help="The Cloud specific master key name or alias that should be "
"used when creating new envelope encryption keys.")
provider_args.add_argument('--silent', action='store_true', help="Suppress all print statements from Messer.")
provider_args.add_argument('-e', '--tier', help="The service tier you are operating on. dev | stage | prod")
provider_args.add_argument('-p', '--print-config', action='store_true', help="Print the current configuration")
provider_args.add_argument('-c', '--config', default=messer.get_default_config(), type=argparse.FileType('a'),
help="The configuration file to use.")
def add_common_cloud_provider_options(cloud_provider):
cloud_provider.add_argument('key_name',
help="The name of the encryption key.")
cloud_provider.add_argument('-c',
'--config',
default=messer.get_default_config(),
type=argparse.FileType('r'),
help="The configuration file to use.")
def test_parse_use_default_config():
"""
Ensures that when no config is specified as an argument it attempts to use the file installed via pip
"""
args = parse_args(['data', 'bag', 'create', 'aws', DATA_BAG])
assert isinstance(args.config, types.FileType) is True
assert args.config.name == get_default_config()
def delete_options(data_bag_parser):
"""
Adds the 'data bag delete' command along with it's options.
:param data_bag_parser: The 'data bag' parser
:return: None
"""
delete = data_bag_parser.add_parser('delete',
help="Delete a date bag item")
cloud_specific_delete = delete.add_subparsers(
help='Cloud Provider specific configuration.')
# Azure specific delete
delete_in_azure = cloud_specific_delete.add_parser(
'azure', help='DataBag deletion in Azure')
delete_in_azure.set_defaults(command=delete_data_bag_azure)
delete_in_azure.add_argument('name', help="The name of the data bag")
delete_in_azure.add_argument('item',
nargs='?',
help="The data bag item to delete")
delete_in_azure.add_argument('-c',
'--config',
default=messer.get_default_config(),
type=argparse.FileType('r'),
help="The configuration file to use.")
# AWS specific delete
delete_in_aws = cloud_specific_delete.add_parser(
'aws', help='DataBag deletion in AWS')
delete_in_aws.set_defaults(command=delete_data_bag_aws)
delete_in_aws.add_argument('name', help="The name of the data bag")
delete_in_aws.add_argument('item',
nargs='?',
help="The data bag item to delete")
delete_in_aws.add_argument('-c',
'--config',
default=messer.get_default_config(),
type=argparse.FileType('r'),
help="The configuration file to use.")
def create_options(data_bag_parser):
"""
Adds the 'data bag create' command along with it's options.
:param data_bag_parser: The 'data bag' parser
:return: None
"""
create = data_bag_parser.add_parser(
'create',
help="Create a new directory in S3 to store the data bag for AWS. "
"Do nothing for Azure.")
cloud_specific_create = create.add_subparsers(
help='Cloud Provider specific configuration.')
# AWS specific configuration options.
create_in_aws = cloud_specific_create.add_parser(
'aws', help='DataBag creation in AWS')
create_in_aws.set_defaults(command=create_data_bag_aws)
create_in_aws.add_argument('name', help="The name of the data bag")
create_in_aws.add_argument('-c',
'--config',
default=messer.get_default_config(),
type=argparse.FileType('r'),
help="The configuration file to use.")
# Azure specific configuration options.
create_in_azure = cloud_specific_create.add_parser(
'azure', help='DataBag creation in Azure')
create_in_azure.set_defaults(command=create_data_bag_azure)
create_in_azure.add_argument('name', help="The name of the data bag")
create_in_azure.add_argument('-c',
'--config',
default=messer.get_default_config(),
type=argparse.FileType('r'),
help="The configuration file to use.")
def options(subparser):
"""
Defines the options for the 'messer encryption' commands. Arguments that call the set_defaults method, will call a
function with the specified name and pass the parsed args to it. Anything that the method returns is assigned to
the property 'command'.
:param subparser: A sub parser object that these options can be added to.
:type subparser: SubArgumentParser
:return: None
"""
encryption_parser = subparser.add_parser('encryption',
help='Encryption Commands')
encryption_parser = encryption_parser.add_subparsers(
help="Encryption Sub Commands")
create_parser = encryption_parser.add_parser(
'create', help="Create a new encryption key with the given name.")
cloud_specific_encryption_create = create_parser.add_subparsers(
help='Cloud Provider specific key creation.')
rotate_parser = encryption_parser.add_parser(
'increment', help="Generate new version of specified encryption key.")
cloud_specific_encryption_rotate = rotate_parser.add_subparsers(
help='Cloud Provider specific key rotation.')
list_parser = encryption_parser.add_parser(
'list', help="List the current encryption keys available.")
cloud_specific_encryption_list = list_parser.add_subparsers(
help='Cloud Provider specific key listing.')
delete_parser = encryption_parser.add_parser(
'delete', help="Delete an encryption key or key version.")
cloud_specific_encryption_delete = delete_parser.add_subparsers(
help='Cloud Provider specific configuration.')
# Encryption Services for AWS
create_aws = cloud_specific_encryption_create.add_parser(
'aws', help='Create Encryption Key on AWS')
create_aws.set_defaults(command=create_key_aws)
add_common_cloud_provider_options(create_aws)
rotate_aws = cloud_specific_encryption_rotate.add_parser(
'aws', help='Rotate Encryption Key on AWS')
rotate_aws.set_defaults(command=increment_key_version_aws)
add_common_cloud_provider_options(rotate_aws)
list_aws = cloud_specific_encryption_list.add_parser(
'aws', help='List Encryption Keys on AWS')
list_aws.set_defaults(command=list_keys_aws)
list_aws.add_argument('key_name',
help="The name of the encryption key.",
nargs="?",
default=None)
list_aws.add_argument('-c',
'--config',
default=messer.get_default_config(),
type=argparse.FileType('r'),
help="The configuration file to use.")
delete_aws = cloud_specific_encryption_delete.add_parser(
'aws', help='Delete Encryption Key on AWS')
delete_aws.set_defaults(command=delete_key_aws)
add_common_cloud_provider_options(delete_aws)
delete_aws.add_argument('key_version',
nargs='?',
help="The version of the key to delete.")
delete_aws.add_argument(
'--no-prompt',
action='store_true',
help="Do not prompt user for confirmation. Just do it.")
# Encryption Services for Azure
create_azure = cloud_specific_encryption_create.add_parser(
'azure', help='Create Encryption Key on Azure')
create_azure.set_defaults(command=create_key_azure)
add_common_cloud_provider_options(create_azure)
rotate_azure = cloud_specific_encryption_rotate.add_parser(
'azure', help='Rotate Encryption Key on Azure')
rotate_azure.set_defaults(command=increment_key_version_azure)
add_common_cloud_provider_options(rotate_azure)
list_azure = cloud_specific_encryption_list.add_parser(
'azure', help='List Encryption Keys on Azure')
list_azure.set_defaults(command=list_keys_azure)
list_azure.add_argument('key_name',
help="The name of the encryption key.",
nargs="?",
default=None)
list_azure.add_argument('-c',
'--config',
default=messer.get_default_config(),
type=argparse.FileType('r'),
help="The configuration file to use.")
delete_azure = cloud_specific_encryption_delete.add_parser(
'azure', help='Delete Encryption Key on Azure')
delete_azure.set_defaults(command=delete_key_azure)
add_common_cloud_provider_options(delete_azure)
delete_azure.add_argument('key_version',
nargs='?',
help="The version of the key to delete.")
delete_azure.add_argument(
'--no-prompt',
action='store_true',
help="Do not prompt user for confirmation. Just do it.")
def from_file_options(data_bag_parser):
"""
Adds the 'data bag from file' command along with it's options.
:param data_bag_parser: The 'data bag' parser
:return: None
"""
from_parser = data_bag_parser.add_parser(
'from', help="from the {file} to the destination {name}")
from_subparser = from_parser.add_subparsers(help="From File Parser")
from_file = from_subparser.add_parser('file', help="From File")
cloud_specific_upload = from_file.add_subparsers(
help='Cloud Provider specific configuration.')
# Upload DataBags to Azure
from_file_azure = cloud_specific_upload.add_parser(
'azure', help='DataBag upload in Azure')
from_file_azure.set_defaults(command=upload_data_bag_azure)
from_file_azure.add_argument('name', help="The name of the data bag")
from_file_azure.add_argument(
'item',
type=argparse.FileType('r'),
help="DataBag to upload (should be json format)")
from_file_azure.add_argument(
'--force',
action='store_true',
help="Force overwrite the existing data bag item")
from_file_azure.add_argument(
'--secret-file',
required=True,
help="The name of the encryption key to use when encrypting the secret"
)
from_file_azure.add_argument('-v',
'--key-version',
default='latest',
help="Version of the encryption key to use.")
from_file_azure.add_argument('-c',
'--config',
default=messer.get_default_config(),
type=argparse.FileType('r'),
help="The configuration file to use.")
# Upload DataBags to AWS
from_file_aws = cloud_specific_upload.add_parser(
'aws', help='DataBag upload in AWS')
from_file_aws.set_defaults(command=upload_data_bag_aws)
from_file_aws.add_argument('name', help="The name of the data bag")
from_file_aws.add_argument(
'item',
type=argparse.FileType('r'),
help="DataBag to upload (should be json format)")
from_file_aws.add_argument(
'--force',
action='store_true',
help="Force overwrite the existing data bag item")
from_file_aws.add_argument(
'--secret-file',
required=True,
help="The name of the encryption key to use when encrypting the secret"
)
from_file_aws.add_argument('-v',
'--key-version',
default='latest',
help="Version of the encryption key to use.")
from_file_aws.add_argument('-c',
'--config',
default=messer.get_default_config(),
type=argparse.FileType('r'),
help="The configuration file to use.")
def show_options(data_bag_parser):
"""
Adds the 'data bag show' command along with it's options.
:param data_bag_parser: The 'data bag' parser
:return: None
"""
show = data_bag_parser.add_parser('show',
help="List the items or databags")
cloud_specific_show = show.add_subparsers(
help='Cloud Provider specific configuration.')
# Azure specific show
show_in_azure = cloud_specific_show.add_parser(
'azure', help='DataBag creation in Azure')
show_in_azure.set_defaults(command=show_data_bag_azure)
show_in_azure.add_argument('name',
nargs='?',
help="The name of the data bag")
show_in_azure.add_argument('item',
help="The data bag item to show",
nargs='?')
show_in_azure.add_argument(
'--decrypt',
action='store_true',
help=
"Decrypt the secret. Default is to use the embedded key_name and key_version."
)
show_in_azure.add_argument(
'--secret-file',
help="The version of the encryption key to use. "
"Note till version 1.2.0 this is not necessary as the name of the key & version are"
"embedded in the secret itself.Specifying this parameter however,on secrets created"
"before 1.2.0 will still require this parameter. "
"In versions > 1.2.0 it will override the embedded key_version in the secret."
)
show_in_azure.add_argument(
'--key-version',
help="The version of the encryption key to use. "
"Note till version 1.2.0 this is not necessary as the name of the key & version are"
"embedded in the secret itself.Specifying this parameter however,on secrets created"
"before 1.2.0 will still require this parameter. "
"In versions > 1.2.0 it will override the embedded key_version in the secret."
)
show_in_azure.add_argument('-c',
'--config',
default=messer.get_default_config(),
type=argparse.FileType('r'),
help="The configuration file to use.")
# AWS specific show
show_in_aws = cloud_specific_show.add_parser('aws',
help='DataBag show in AWS')
show_in_aws.set_defaults(command=show_data_bag_aws)
show_in_aws.add_argument('name',
nargs='?',
help="The name of the data bag")
show_in_aws.add_argument('item',
help="The data bag item to show",
nargs='?')
show_in_aws.add_argument(
'--decrypt',
action='store_true',
help=
"Decrypt the secret. Default is to use the embedded key_name and key_version."
)
show_in_aws.add_argument('-c',
'--config',
default=messer.get_default_config(),
type=argparse.FileType('r'),
help="The configuration file to use.")