o :F¶dÅã @szddlmZddlZddlmZddlmZmZmZm Z m Z m Z m Z m Z ddlmZddlmZddlmZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlmZdd lm Z dd l!m"Z"m#Z#m$Z$ddl%Z%dd l&m'Z'dd l(m)Z)d Z*dj+e e dZ,dZ-dZ.dZ/dZ0dZ1dZ2dZ3dZ4dZ5ej6 7ej6 8d¡d¡Z9dZ:dZ;ej6 7e9d¡Zej6 8ej6 7dd ¡¡Z?ej6 8ej6 7dd!d"¡¡Z@ej%d#kråd$nd%ZAejBd&d'd(ejCd)d*„ƒƒZDeDjEd+d,d(ejFd-e:d.d/ejFd0e9d1e G¡d2ejFd3d4d(ejFd5d6ejHd7d8d9ejFd:d;dejId?d@„ƒƒƒƒƒƒƒZJeDjEddAd(ejIdBdC„ƒƒZKeDjEdDdEd(ejIejLejMdFdG„ƒƒƒƒZNeDjEdHdId(ejFdJd=e ejHdKd=dLdMdNejIdOdP„ƒƒƒZOeDjEdQdRd(ejIdSdT„ƒƒZPdUdV„ZQdWdX„ZRGdYdZ„dZeSƒZTd d[d\„ZUd]d^„ZVd_d`„ZWd¡dbdc„ZXddde„ZYdfdg„ZZdhdi„Z[eDjEdjdkd(ejFdJd=dldmejIdndo„ƒƒƒZ\dpdq„Z]dddddde;dfdrds„Z^d¢dtdu„Z_d¢dvdw„Z`dxdy„Zadzd{„Zbd|d}„Zcd~d„Zdd€d„Zed‚dƒ„Zfd„d…„Zgd†d‡„Zhdˆd‰„ZidŠd‹„Zjd£dŒd„ZkdŽd„Zldd‘„Zmd’d“„Znd”d•„Zod–d—„Zpd˜d™„Zqdšd›„ZreDjEdœdd(ejIejLejMdždŸ„ƒƒƒƒZsdS)¤é)Úprint_functionN)Úcli)Ú"CLI_RC_CANNED_QUERIES_SECTION_NAMEÚ#CLI_RC_COMMAND_ALIASES_SECTION_NAMEÚ!CLI_RC_PARAM_ALIASES_SECTION_NAMEÚCLI_RC_DEFAULT_LOCATIONÚOCI_CLI_AUTH_API_KEYÚOCI_CLI_AUTH_SESSION_TOKENÚOCI_CLI_AUTH_INSTANCE_PRINCIPALÚOCI_CLI_AUTH_RESOURCE_PRINCIPAL)Úcli_util)Ú identity_cli)Úpymd5)Ú is_region)ÚREGIONS)ÚconfigÚ exceptionsÚsigner)Ú serialization)Údefault_backenda This command provides a walkthrough of creating a valid CLI config file. The following links explain where to find the information required by this script: User API Signing Key, OCID and Tenancy OCID:  https://docs.cloud.oracle.com/Content/API/Concepts/apisigningkey.htm#Other Region:  https://docs.cloud.oracle.com/Content/General/Concepts/regions.htm General config documentation:  https://docs.cloud.oracle.com/Content/API/Concepts/sdkconfig.htm aR This command provides a walkthrough of setting up instance principal authentication for an OCI compute instance. The following links provide information about topics and resources referenced by this script: Resource OCIDs:  https://docs.oracle.com/en-us/iaas/Content/General/Concepts/identifiers.htm Compute Instances:  https://docs.oracle.com/en-us/iaas/Content/Compute/Concepts/computeoverview.htm Dynamic Groups:  https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm Policies:  https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policies.htm In order to successfully run this command, you must: - have an existing instance from which you want to run commands using instance principal authentication - be an administrator in your tenancy so that you can create/update the necessary dynamic group and policy used to enable instance principal authentication for your instance This script also requires an existing form of valid authentication to successfully run. If you do not have an existing config file and you ran this command using {api_key_auth} or {security_token_auth} auth, you will be prompted to create a new config file to use for authentication during this instance principal setup process. )Z api_key_authZsecurity_token_authaë If you haven't already, you can install the CLI on your instance by connecting to your instance using SSH and running the following command:  bash -c "$(curl -L https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh)" After you have installed the CLI on your instance, you can test out your instance principal authentication by connecting to your instance using SSH and running the following example command (Note: if you entered a custom policy that does not allow your dynamic group to view all compute instances in your instance's compartment, then the following example command will not work):  oci compute instance list --compartment-id {compartment_id} --auth {auth} a If you haven't already uploaded your API Signing public key through the console, follow the instructions on the page linked below in the section 'How to upload the public key':  https://docs.cloud.oracle.com/Content/API/Concepts/apisigningkey.htm#How2 a [OCI_CLI_CANNED_QUERIES] # For list results, this gets the ID and display-name of each item in the list. Note that when the names of attirbutes have # dashes in them they need to be surrounded with double quotes. This query knows to look for a list because of the # [*] syntax get_id_and_display_name_from_list=data[*].{id: id, "display-name": "display-name"} get_id_and_display_name_from_single_result=data.{id: id, "display-name": "display-name"} # Retrieves a comma separated string, for example: # ocid1.instance.oc1.phx.xyz....,cli_test_instance_675195,RUNNING get_id_display_name_and_lifecycle_state_from_single_result_as_csv=data.[id, "display-name", "lifecycle-state"] | join(`,`, @) # Retrieves comma separated strings from a list of results get_id_display_name_and_lifecycle_state_from_list_as_csv=data[*].[join(`,`, [id, "display-name", "lifecycle-state"])][] # Filters where the display name contains some text filter_by_display_name_contains_text=data[?contains("display-name", `your_text_here`)] # Filters where the display name contains some text and pull out certain attributes(id and time-created) filter_by_display_name_contains_text_and_get_attributes=data[?contains("display-name", `your_text_here`)].{id: id, timeCreated: "time-created"} # Get the top 5 results from a list operation get_top_5_results=data[:5] # Get the last 2 results from a list operation get_last_2_results=data[-2:] # List instance public IPs from list vnics response # Example: oci compute instance list-vnics --instance-id $I --query query://list_public_ips list_public_ips=data[?"public-ip" != null]."public-ip" # Get first public IP from list vnics response # Example: oci compute instance list-vnics --instance-id $I --query query://get_public_ip get_public_ip=data[?"public-ip" != null]."public-ip" | [0] az [OCI_CLI_COMMAND_ALIASES] # This lets you use "ls" instead of "list" for any list command in the CLI ls = list # This lets you do "oci os object rm" rather than "oci os object delete". This is an example of a "command sequence alias", where the alias on the left # hand side only applies when the command sequence on the right hand side is invoked. You can think of these as being of the form: # = . # # So in our example, = rm, = os object, = delete rm = os.object.delete a- [OCI_CLI_PARAM_ALIASES] # Parameter aliases either need to start with a double dash (--) or be a single dash (-) followed by a single letter. For example: --foo, -f --ad = --availability-domain --dn = --display-name --egress-rules = --egress-security-rules --ingress-rules = --ingress-security-rules zN/Az _public.pemz.pemzConfig creation canceled.ú~z.ociZ oci_api_keyÚDEFAULTZsessionsrz.bashrcz .bash_profileÚlibz oracle-cliÚwin32zoci.exeÚociÚsetupzSetup commands for CLI)ÚhelpcCsdS©N©rrrú5usr/lib/python3.10/site-packages/oci_cli/cli_setup.pyÚ setup_groupÕsr ÚkeyszçGenerates an API Signing RSA key pair. A passphrase for the private key can be provided using either the 'passphrase' or 'passphrase-file' option. If neither option is provided, the user will be prompted for a passphrase via stdin.z --key-namezdA name for the API Signing key. Generated key files will be {key-name}.pem and {key-name}_public.pem)Údefaultrz --output-dirz?An optional directory to output the generated API Signing keys.)r"rÚtypez --passphrasez>An optional passphrase to encrypt the private API Signing key.z--passphrase-filez€An optional file with the first line specifying a passphrase to encrypt the API Signing private key (or '-' to read from stdin).Úr©Úmode)rr#z --overwriteFzDAn option to overwrite existing files without a confirmation prompt.T)r"rZis_flagcCsÖ|r |r t d¡‚|r| ¡}|r| ¡rt d¡‚|stƒ}tj |¡}tj |¡s0t   |¡t   ¡}|  ¡}t tj ||t¡||ƒttj ||t¡|||ƒt|ƒ}t d |¡¡t tjtdd¡dS)Nz:Cannot specify both passphrase and passphrase-file optionszEpassphrase-file must specify a password in the first line of the filezPublic key fingerprint: {}T©Úpreserve_paragraphs)ÚclickÚ UsageErrorÚreadlineÚisspaceÚprompt_for_passphraseÚosÚpathÚ expanduserÚexistsr Úcreate_directoryÚ generate_keyÚ public_keyÚwrite_public_key_to_fileÚjoinÚPUBLIC_KEY_FILENAME_SUFFIXÚwrite_private_key_to_fileÚPRIVATE_KEY_FILENAME_SUFFIXÚpublic_key_to_fingerprintÚechoÚformatÚ wrap_textÚupload_public_key_instructions)Úkey_nameÚ output_dirÚ passphraseZpassphrase_fileÚ overwriteÚ private_keyr4Ú fingerprintrrrÚgenerate_key_pairÛs$      rEz/Interactive script to generate oci config file.c sæt tjtdd¡tƒ\}}|st t¡t d¡tjddd„d}tjdd d„d}t ƒ}tj d dd r˜t j   t j  tjd td ¡¡}t j  |¡sQt |¡t ¡}| ¡}t dt¡}tt j  ||t¡|ƒsrt t¡dStƒ} t j  ||t¡‰tˆ|| ƒs‹t t¡dSt|ƒ} t d | ¡¡n0tjdtd\‰} }t j   ˆ¡‰d} | rºtjdd‡fdd„d\} }t| ¡ƒ} t d | ¡¡| rÓtj ddd sÓd} t||| ˆ||| |dt d |¡¡t tjt dd¡dS)NT©Útextr(rzEnter a user OCIDcSót|tjdƒS)NÚuser©Ú validate_ocidrZPATTERNS©ÚocidrrrÚóz%generate_oci_config..©Ú value_proczEnter a tenancy OCIDcSrH)NÚtenancyrJrLrrrrN rOzDo you want to generate a new API Signing RSA key pair? (If you decline you will be asked to supply the path to an existing key.)©r"z-Enter a directory for your keys to be created)rGr"zEnter a name for your keyzFingerprint: {}z7Enter the location of your API Signing private key file©rGrQz)Enter the passphrase for your private keycs tˆ|ƒSr)Úvalidate_private_key_passphrase©rA©Zprivate_key_filerrrN(ó )rGÚ hide_inputrQz‹Do you want to write your passphrase to the config file? (If not, you will need to enter it when prompted each time you run an oci command)F)Ú pass_phraseÚ profile_namezConfig written to {}r')!r)r;r=Ú generate_oci_config_instructionsÚprompt_for_config_locationÚ"config_generation_canceled_messageÚsysÚexitÚpromptÚprompt_for_regionÚconfirmr.r/Úabspathr0ÚDEFAULT_DIRECTORYr1r r2r3r4ÚDEFAULT_KEY_NAMEr5r6r7r-r9r8r:r<Úvalidate_private_key_fileÚ write_configr>) Úconfig_locationr[Úuser_idZ tenant_idÚregionZ key_locationrCr4r?Zkey_passphraserDZhas_passphraserrWrÚgenerate_oci_configþs\           ø rlzinstance-principalz`Interactive script to set up instance principal authentication for an existing compute instance.csPt tjtdd¡d‰|jdtks|jdtkrt|ƒ‰ˆr)‡fdd„}|t_ t  dd|¡}t  dd|¡}d}|jdt krM|jdt krMt  |j¡}tjd dd s^t d ¡t d ¡td |jƒ\}}|jj}| |¡}|jj}tjddd r td|jƒ\} }|jj} t d¡|jj} || vr—| } n!d| vr¯d| |  d¡|  d¡…d |¡} n d| d |¡} tjd| d } |jtjd| | dtjddd rÓd}nd}|stjddd rtd|j ƒ\}}t d¡t! "|jj#¡}tjd|dd „d!}|jtj$d||d"n=|r|d#}ntd#|j%ƒ\}}tjd$d%d „d&} t d'¡}t d¡d( |¡} tjd| d } |jtj&d|| | |d)d}|r’tjd*d+d „d&}t d,¡}t d-¡t d¡d. | |¡}tjd|d/d „d!}|}tjd0 |¡dd r†td1|jƒ\}}|jtj'd||||d2t d3¡t tjt(j|t d4dd¡dS)5NTrFÚauthcsˆSrrrrVrrÚpassphrase_providerKsz5setup_instance_principal..passphrase_providerÚcoreZcomputeZidentityznDo you have an existing compute instance for which you would like to set up instance principal authentication?rSzØPlease create a compute instance and then run this command again. For information regarding how to create a compute instance, please visit https://docs.oracle.com/en-us/iaas/Content/GSG/Reference/overviewworkflow.htméÚinstancez>Do you want to add this instance to an existing dynamic group?Fz dynamic groupz¢For information about dynamic group matching rule syntax, please visit https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm#WritingÚ{zAny Ú}z, instance.id = '{}'}}zAny {zGEnter the matching rule(s) you would like to set for this dynamic groupZACTIVE)Úwait_for_stateZdynamic_group_idÚ matching_rulez2Do you want to create a new policy for this group?z.Do you want to update a policy for this group?ÚpolicyzFor information about policy syntax, please visit https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policysyntax.htmz‘Enter the statement(s) you would like to set for this policy (please enter your statements in JSON format, as a bracket-enclosed list of strings)cSót|ƒSr©Úvalidate_statements©Ú statementsrrrrN{óz*setup_instance_principal..©r"rQ)rtZ policy_idr{rRz'Enter a name for your new dynamic groupcSrwr©Úvalidate_resource_name©ÚnamerrrrNƒr|rPz.Enter a description for your new dynamic groupzAny {{instance.id = '{}'}})rtÚcompartment_idrruÚ descriptionzEEnter a name for the new policy to be used for your new dynamic groupcSrwrr~r€rrrrNr|zLEnter a description for the new policy to be used for your new dynamic groupaWARNING: Using the default policy at the prompt below will grant all permissions for all your OCI resources to every instance in the dynamic group. Please ensure that this is the policy you want to use. If not, you can enter your custom policy statement(s) at the prompt.zD["Allow dynamic-group {} to manage all-resources in compartment {}"]cSrwrrxrzrrrrN”r|zªThis policy is currently set to be put in compartment {}, which is the compartment that your instance is in. Do you want to create this policy in a different compartment?Z compartment)rtr‚rr{rƒzHSuccessfully set up instance principal authentication for your instance!)r‚rm))r)r;r=Ú%instance_principal_setup_instructionsÚobjrr Úget_passphraser r-Z build_clientr r Ú build_configrcr_r`Ú get_resourceZ get_instanceÚdatar‚Zget_compartmentrZget_dynamic_groupruÚindexÚrindexr<raZinvoker Zupdate_dynamic_groupZ get_policyÚjsonÚdumpsr{Z update_policyZ get_tenancyZcreate_dynamic_groupZ create_policyÚ$instance_principal_setup_end_message)ÚctxrnZcompute_clientZidentity_clientZ config_objZ instance_ocidÚresultZinstance_compartment_ocidZinstance_compartment_nameZ group_ocidZ group_nameZ current_ruleZdefault_group_ruleZ group_ruleZ new_policyZ policy_ocidZdefault_policy_statementZpolicy_statementZ tenancy_ocidZgroup_descriptionZ policy_nameZpolicy_descriptionZpolicy_compartment_ocidrrVrÚsetup_instance_principal?s€      ( €         "r‘z oci-cli-rczñGenerates a oci_cli_rc file that can contain parameter default values and other configuration information such as command aliases and predefined queries. This command will populate the file with some default aliases and predefined queries. z--fileza+b)r&ZlazyzIThe file into which default aliases and predefined queries will be loaded)Ú show_defaultr"r#rc CsPt|dƒr|jdkrt d¡‚tj |j¡s=z t tj |j¡¡Wnt y<}z|j t j kr1n‚WYd}~nd}~ww|  d¡|  ¡ ¡}t|vrUtjdtjdn| d t¡ ¡¡t d t¡¡t|vrttjd tjdn| d t¡ ¡¡t d  t¡¡t|vr”tjd tjddS| d t¡ ¡¡t d  t¡¡dS) Nrzz4This command does not support writing data to stdoutrziPredefined queries will not be written as the specified file already contains a section for these queries©Úfilez {}z+Predefined queries written under section {}zhCommand aliases will not be written as the specified file already contains a section for command aliasesz(Command aliases written under section {}zlParameter aliases will not be written as the specified file already contains a section for parameter aliasesz*Parameter aliases written under section {})Úhasattrrr)r*r.r/r1ÚmakedirsÚdirnameÚOSErrorÚerrnoÚEEXISTÚseekÚreadÚdecoderr;r_ÚstderrÚwriter<Údefault_canned_queriesÚencoderÚdefault_command_aliasesrÚdefault_param_aliases)r”Úexcr‰rrrÚ setup_cli_rcžs4   þ€þ  r¥Z autocompletezHInteractive script to set up tab completion for commands and parameters.cCs6tjdkr t d¡dStjdkrtƒdStƒdS)NÚcygwinz?Tab completion only available on Windows when using Powershell.r)r_Úplatformr)r;Úsetup_autocomplete_windowsÚsetup_autocomplete_non_windowsrrrrÚsetup_autocompleteÇs     rªcCshd}tj d|¡}tj tj t¡¡}tj ||¡}tj |¡s-t d  |¡¡t   d¡t d  |¡¡t   gd¢¡ t jj¡ ¡}d  |¡}tj|dd r­tj tj |¡¡sbt tj |¡¡t|d d ;}| d ¡| ¡}||vr‰t d j ||d¡ WdƒdS| d  |¡¡t d¡t d¡WdƒdS1s¦wYdSt d¡dS)NzOciTabExpansion.ps1Úbinú;Could not locate autocomplete script at {}. Exiting script.rpú"Using tab completion script at: {})Z powershellz -NoProfilez echo $profilezmTo set up autocomplete, we need to add a few lines to your Powershell profile: {}. Please confirm this is ok.TrSúa+r%rzÙIt looks like tab completion for oci is already configured in {ps_profile_file_path}. If you want to re-run the setup command please remove any lines containing '{oci_tab_completion_file}' from {ps_profile_file_path}.)Úoci_tab_completion_fileÚps_profile_file_pathz . {} z]Success! Reload your Powershell profile or restart your shell for the changes to take effect.z×In order to run the autocomplete script, you may also need to set your Powershell execution policy to allow for running local scripts (as an Administrator run Set-ExecutionPolicy RemoteSigned in a Powershell prompt)ú*Exiting script. Tab completion not set up.)r.r/r6r—rdÚ__file__r1r)r;r<r_r`Ú subprocessÚ check_outputrÚstdoutÚencodingÚstriprcr–Úopenr›rœrŸ)r¯Úscript_relative_pathÚpath_to_install_dirÚcompletion_script_filer°Úconfirm_promptÚfÚcontentrrrr¨Õs4    ú  "ö r¨cCsLtj t¡}tj t¡}|s|rtS|r |r t ¡ ¡dkr tS|r$tSdS)NÚdarwin)r.r/ÚisfileÚ USER_BASH_RCÚUSER_BASH_PROFILEr§ÚsystemÚlower)Z bashrc_existsZbash_profile_existsrrrÚ_get_default_rc_fileùs   rÅc@s eZdZdS)ÚCLIInstallErrorN)Ú__name__Ú __module__Ú __qualname__rrrrrÆsrÆcCs‚|dvrtdƒ‚|dkrdnd}|dkrdnd} td |||¡ƒ}| ¡| ¡kr,d S| ¡| ¡kr6dS|r@|s@|| ¡kSq) N)NÚyÚnz-Valid values for default are 'y', 'n' or NonerÊÚYrËÚNTz {} ({}/{}): F)Ú ValueErrorÚ prompt_inputr<rÄ)Úmsgr"rÊrËZansrrrÚ prompt_y_ns ùrÑcCsDt ¡ ¡dkr tnt}td |¡dd}|r t|dƒ ¡|SdS)Nr¿zCCould not automatically find a suitable file to use. Create {} now?rÊrSÚa) r§rÃrÄrÂrÁrÑr<r¸Úclose)ZrcfileZans_yesrrrÚ_default_rc_file_creation_steps rÔcCs\d}tƒ}|s tƒ}|ptd|ƒ}|r,tj tj |¡¡}tj |¡s*td  |¡ƒ|SdS)NzPEnter a path to an rc file to update (file will be created if it does not exist)z%Automatically created rc file at '{}') rÅrÔÚprompt_input_with_defaultr.r/Úrealpathr0rÀÚ print_statusr<)Zrc_fileZdefault_rc_fileÚ rc_file_pathrrrÚget_rc_file_path s rÙÚcCstd|ƒdS)Nz-- )Úprint©rÐrrrr×.sr×cCs"tjdkr td|ƒStd|ƒS)N)érz ===> )r_Ú version_infoÚinputZ raw_inputrÜrrrrÏ2s   rÏcCs&|r td ||¡ƒp |Std |¡ƒS)Nz{} (leave blank to use '{}'): z{}: )rÏr<)rÐr"rrrrÕ9srÕc CsÌt d¡tƒ}|stdƒ‚tj dd¡}tj tj t ¡¡}tj ||¡}tj  |¡s9t d  |¡¡t   d¡t d  |¡¡tj d¡}|}d j |d }d j |d }tj|d drßtj  |¡rmt |d¡t |¡z|}|} tj tj | ¡¡s…t tj | ¡¡t || ¡WntyŸt d  ||¡¡YdSwt|dd'} |  d¡|  ¡} d| vr½|  d  |¡¡n t dj |d ¡Wdƒn1sÐwYt d  |¡¡dSt d¡dS)NzJTo set up autocomplete, we would update few lines in rc/bash_profile file.zNo suitable profile file found.r«zoci_autocomplete.shr¬rpr­z~/lib/oci_autocomplete.shz\[[ -e "{soft_link_completion_script_file}" ]] && source "{soft_link_completion_script_file}")Ú soft_link_completion_script_filezRWe need to add a few lines to your {rc_file_path} file. Please confirm this is ok.)rØTrSi¤z†Unable to symlink ~/lib/oci_autocomplete.sh to {}. Add '{}' to your rc file and restart your terminal for the changes to take effect.r®r%rzlib/oci_autocomplete.shz {} zèIt looks like tab completion for oci is already configured in {rc_file_path}. If you want to re-run the setup command please remove the line containing 'oci_autocomplete.sh' from {rc_file_path} and run oci setup authenticate again. zLSuccess! Restart your terminal or Run '{}' for the changes to take effect.r±)r)r;rÙrÆr.r/r6r—rdr²r1r<r_r`r0rcÚchmodÚremoveÚisdirr–ÚsymlinkÚ Exceptionr¸r›rœrŸ) rØr¹rºr»Z soft_linkràZbash_profile_liner¼ÚsrcÚdstr½r¾rrrr©@sX          ÿÿü €ø r©zrepair-file-permissionsahResets permissions on a given file to an appropriate access level for sensitive files. Generally this is used to fix permissions on a private key file or config file to meet the requirements of the CLI. On Windows, full control will be given to System, Administrators, and the current user. On Unix, Read / Write permissions will be given to the current user.z"The file to repair permissions on.)ÚrequiredrcCsLtj |¡}tj |¡st d |¡¡‚tj |¡st d¡‚t  |¡dS)NzCould not find file: {}z)This command is only supported for files.) r.r/r0r1r)r*r<rÀr Ú"apply_user_only_access_permissionsr“rrrÚrepair_file_permissionsvs    rêc Cs€|jtjjtjjd}d}d}| |d¡ |d¡ dd¡}t |¡}t   |¡  ¡}d  dd„t |ddd …|d dd …ƒDƒ¡S) N)r¶r<s-----BEGIN PUBLIC KEY-----s-----END PUBLIC KEY-----óó ú:css|] \}}||VqdSrr)Ú.0rÒÚbrrrÚ s€z,public_key_to_fingerprint..érp)Z public_bytesrZEncodingZPEMZ PublicFormatZSubjectPublicKeyInfoÚreplaceÚbase64Ú b64decoderZmd5Ú hexdigestr6Úzip)r4ÚbytesÚheaderZfooterÚkeyZfp_plainrrrr:…sþ .r:c KsÞtj |¡} t|dƒU} | r|  d¡|  d |¡¡|r%|  d |¡¡|  d |¡¡|  d |¡¡|  d |¡¡|  d |¡¡|rO|  d  |¡¡|rY|  d  |¡¡Wdƒn1scwYt |¡dS) NrÒz z[{}] zuser={} zfingerprint={} z key_file={} z tenancy={} z region={} zpass_phrase={} zsecurity_token_file={} )r.r/r1r¸rŸr<r ré) ÚfilenamerjrDÚkey_filerRrkrZr[Zsecurity_token_fileÚkwargsZ existing_filer½rrrrh“s$   €îrhcCs‚|stj |¡rt d |¡¡sdSt|dƒ}| tj |d¡Wdƒn1s+wYt  |¡|s?t  d |¡¡dS)Nú1File {} already exists, do you want to overwrite?FÚwb)r4zPublic key written to: {}T© r.r/rÀr)rcr<r¸rŸr Z serialize_keyrér;)rúr4rBÚsilentr½rrrr5­s  ÿ r5cCs„|stj |¡rt d |¡¡sdSt|dƒ}| tj ||d¡Wdƒn1s,wYt  |¡|s@t  d |¡¡dS)NrýFrþ)rCrAzPrivate key written to: {}Trÿ)rúrCrArBrr½rrrr8¼s  ÿ r8c Csnt|dƒ(}ztj| ¡| d¡tƒd}||fWWdƒSty,t d¡‚w1s0wYdS)NÚrbÚascii©r‰ÚpasswordZbackendz3Incorrect passphrase, could not decrypt private key) r¸rÚload_pem_private_keyrœr¡rrÎr)Ú BadParameter)rúrAr½rCrrrrUËs ý  þürUc CsÀtj |¡}tj |¡st d |¡¡‚t|dƒ=}ztj |  ¡dt ƒd}|d|fWWdƒSt yG|ddfYWdƒSt yUt d |¡¡‚w1sYwYdS)NzNo file found at: {}rrFTz,Could not load file as private key. File: {})r.r/r0rÀr)rr<r¸rrrœrÚ TypeErrorrÎ)rúr½rCrrrrgÕs    ý  ú ÿùrgcCs&t| d¡ƒdkrt d |¡¡‚dS)NríézInvalid fingerprint: {})ÚlenÚsplitr)rr<)rDrrrÚvalidate_fingerprintåsÿr cCs8t|ƒst|ƒst d |ttƒ¡¡t d¡sdS|S)Nz¦Unrecognized region: {}. Please enter a number between 1 to {}, or valid regions can be found here: https://docs.cloud.oracle.com/Content/General/Concepts/regions.htmzAContinue with unrecognized region? (Enter 'n' to re-enter region))rÚis_valid_region_indexr)r;r<r rrc©rkrrrÚvalidate_regionês  rcCs(| ¡ottƒt|ƒkodkSS)Nrp)Úisdigitr rÚintr rrrr ós(r cCs&tj |¡}tj |¡rt d¡‚|S)Nz2Config location must be a filename not a directory)r.r/r0rãr)r)rúZfilename_expandedrrrÚprocess_config_filenameøs   rcCs| |¡s t d¡‚|S)Nz{Invalid OCID format. Instructions to find OCIDs: https://docs.cloud.oracle.com/Content/API/Concepts/apisigningkey.htm#Other)Úmatchr)r©rMÚpatternrrrrKs  rKcCó"t d¡}| |¡st d¡‚|S)NzF^(ocid1.)([0-9a-zA-Z-_]+.)(oc[1-3].)([0-9a-zA-Z-_]*.)([0-9a-zA-Z-_]+)$z†Invalid OCID format. OCID syntax can be found here: https://docs.oracle.com/en-us/iaas/Content/General/Concepts/identifiers.htm#Oracle©ÚreÚcompilerr)rrrrrÚvalidate_resource_ocids   rcCs*zt |¡W|Styt d¡‚w)NzRPlease enter your statements in JSON format, as a bracket-enclosed list of strings)rŒÚloadsrÎr)rrzrrrrys   ý ÿrycCr)Nz^[a-zA-Z0-9._-]+$z|Invalid resource name. The name cannot contain spaces; only letters, numerals, hyphens, periods, or underscores are allowed.r)rrrrrrs   rcCsp|s t d¡dSdd„| ¡Dƒ}|dr| d¡|r!| ¡}||vr6|s6t dj|d |¡d¡d}|S)Nz!Cannot specify blank profile namecSsg|]}| ¡‘qSr)Úupper)rîÚsectionrrrÚ 'sz)validate_profile_name..rz|Profile {section} already exists in config. Cannot specify a profile that conflicts with any existing profile(s): {sections}ú, )rÚsections)r)r;rÚappendrr<r6)ÚvalueÚ config_parserrBZ makeUpperrrrrÚvalidate_profile_name"s   þr#c stj tjdtj td¡td¡}tj |¡rit   ¡‰z'ˆ  |¡tj d  |¡ddrAd}|s.rPzQFile: {} already exists. Do you want to overwrite (Removes existing profiles!!!)?)NN)r.r/rdr)rar6rerr1Ú configparserÚ ConfigParserrœrcr<ÚErrorrâr—r r2ÚDEFAULT_PROFILE_NAME)rir[Úer—rr'rr]8s0"  ÿ û €ÿ  ú r]c svt ¡‰z tj t¡sttfWSˆ t¡tj d‡fdd„d}Wt|fStj y:}z WYd}~t|fSd}~ww)Nr$cst|ˆddƒS)NTFr%r&r'rrrN]sz,prompt_session_for_profile..rP) r(r)r.r/r1ÚDEFAULT_CONFIG_LOCATIONr+rœr)rar*)r[r,rr'rÚprompt_session_for_profileVs    ÿý €ýr.csŽd}d‰ttƒ}dd„t|ƒDƒ‰‡‡fdd„tdtˆƒˆƒDƒ}d dd„|Dƒ¡}|s9tjd |¡t d }|r-t |ƒrE|t |ƒd S|S) NécSs g|] \}}d |d|¡‘qS)z{}: {}rp)r<)rîrŠZnumeric_regionrrrrjs z%prompt_for_region..csg|] }ˆ||ˆ…‘qSrr)rîrŠ©Z CHUNK_LENGTHZnumeric_region_listrrrksrz, cSsg|]}d |¡‘qS)r)r6)rîZchunked_regionrrrrlsz(Enter a region by index or name(e.g. {})rTrp) ÚsortedrÚ enumerateÚranger r6r)rar<rr r)rkZsorted_region_listZchunked_region_listZ region_listrr0rrbds ÿrbcCs*tjd t¡ddddd}|tkrdS|S)Nz@Enter a passphrase for your private key ("{}" for no passphrase)TF)rGr"rYr’Zconfirmation_prompt)r)rar<Ú NO_PASSPHRASErVrrrr-ss þr-cCsZtjdd}| |¡| |¡t|dƒ}| |¡WdƒdS1s&wYdS)NrÚ)Údefault_sectionÚw)r(r)rœÚremove_sectionr¸rŸ)Ú config_fileZprofile_name_to_terminaterZconfig_file_handlerrrÚremove_profile_from_config{s     "ÿr9c Csžd}|rKtjdj|ddd„d}z||ƒ}d}Wn/tjyH}z"|jdkr1t d j|d¡n t d |j¡t  d ¡WYd}~nd}~ww|s||fS) NTzEnter the {resource} OCID)ÚresourcecSrwr)rrLrrrrNˆr|zget_resource..rPFZNotAuthorizedOrNotFoundzªError: Could not find {resource} with the given OCID; please ensure that you have entered the correct {resource} OCID and that you are authorized to access the {resource}zError: rp) r)rar<rZ ServiceErrorÚcoder;Úmessager_r`)Z resource_typeZget_funcZ prompt_ocidZ resource_ocidrr,rrrrˆ…s  €ûû rˆcCslzt |j¡}t |d|d¡}WdStjyYdStjy5t ¡}t |d|¡}|YSw)NrûrZ) r r‡r…rZload_private_key_from_filerZConfigFileNotFoundZMissingPrivateKeyPassphraser-)rZ client_configrCrArrrr†–s  õúr†zfind-installationsz:Finds and lists locations of all default OCI CLI installs.c Cs^g}g}t d¡tj t¡rt}| d|f¡t d¡tjdgdtj tj dd}|j dkrjd|j vrjg}tjd gdtj tj dd}| |j   ¡¡tjd gdtj tj dd}| |j   ¡¡| d d   |¡f¡t d ¡tjdgdtj tj dd}|j dkr«d|j vr«t d|j ¡}t d|d¡}d  t|dƒ¡}dj|d}| d|f¡t d¡tjdgdtj tj dd}|j dkrÝt d|j ¡}tj  |d ¡dd¡}| d|f¡t d¡z6dtjvrtjd} t d | ¡¡|  tj¡D]} tj  | dt¡} | tj| dd¡qünt d ¡Wnty+} zWYd} ~ nd} ~ wwt ¡t|ƒdkr=t d!¡n$t d"¡tt|ƒƒD]} t d#j| d|| d|| dd$¡qHt ¡t|ƒdkrrt d%¡nt d&¡tt|ƒƒD]} t d'j| d|| d(¡q}t ¡t tjd)dd*¡d+}t tj|dd*¡| ¡dS),Nz9Checking for CLI installer script default installation...zCLI Installer Scriptz%Checking for Homebrew installation...z brew listT)ÚshellrµržÚuniversal_newlinesrzoci-clizbrew --cellar oci-clizbrew --prefix oci-cliZHomebrewrz Checking for yum installation...zyum list installedzpython[0-9]+-oci-cliz[0-9]+Ú.z./usr/lib/python{version}/site-packages/oci_cli)ÚversionZyumz Checking for pip installation...zpip3 show oci-cliz Location: .* rpÚoci_cliZpip3z.Searching for CLI executables on your $PATH...ÚPATHzYour current $PATH is {}z**)Ú recursivez*No PATH variable found in your environmentz+No OCI CLI package installations were foundz8The following OCI CLI package installations were found: z [{index}] {method}: {location})rŠÚmethodÚlocationz/No OCI CLI executables were found on your $PATHzr r¢r£r4r7r9r^r/r6r0rerfr+ZDEFAULT_TOKEN_DIRECTORYr-rÁrÂrFrNÚgroupZhelp_option_groupr ÚcommandÚoptionÚPathZFileÚ help_optionrErlZ pass_contextZwrap_exceptionsr‘r¥rªr¨rÅrårÆrÑrÔrÙr×rÏrÕr©rêr:rhr5r8rUrgr rr rrKrryrr#r]r.rbr-r9rˆr†rVrrrrÚsà  (       -Ó/ %         ? [ #  $   6