RidZddlZddlZddlZddlZddlmZddlmZddlm Z ejjde ee jjjZe eedz dz d z Zd ZGd d e ZGd de ZGdde ZGdde ZdededefdZde defdZde deddfdZdeeddfdZdeedefdZdej<fdZd!dZ e!d k(re yy)"u시크릿 로테이션 체크 스크립트. 인벤토리 JSON을 읽어 각 시크릿의 만료 상태를 확인하고 보고한다. N)datetime)Path) TypedDictWORKSPACE_ROOTmemorysecurityzsecret-inventory.jsonc^eZdZUeed<eed<eed<eed<eed<eed<eed<eed<y ) SecretEntryname source_fileowner created_date last_rotated expires_datecategoryrotation_notesN)__name__ __module__ __qualname__str__annotations__N/home/jay/workspace/.worktrees/task-2117-dev1/scripts/secret-rotation-check.pyr r s/ I JMrr c6eZdZUeed<eed<eed<eed<y) CheckResultr statusrdays_remainingN)rrrrrintrrrrrs I Krrc6eZdZUeed<eed<eed<eed<y)SummarytotalokwarningexpiredN)rrrr rrrrr"r"&s J G L Lrr"c(eZdZUeeed<eed<y) JsonOutputresultssummaryN)rrrlistrrr"rrrr(r(-s +  rr(secrettodayreturnctj|dd}||z j}|dkrd}n|tkrd}nd}|d||d|dS) u?단일 시크릿의 만료 상태를 계산하여 반환한다.rz%Y-%m-%drEXPIREDWARNINGOKr )r rrr)rstrptimedays WARNING_DAYS)r,r-expiresrrs r check_secretr72sh~ 6 CGo++N < 'v~.(  rinventory_pathctt|dd5}tj|cdddS#1swYyxYw)u6인벤토리 JSON 파일을 로드하여 반환한다.rutf-8encodingN)openjsonload)r8fs rload_inventoryrBFs0 ncG 4yy|s.7 inventoryctjj|d<t|dd5}t j ||dddddy#1swYyxYw) uXlast_checked 타임스탬프를 현재 시각으로 갱신하고 파일에 저장한다. last_checkedwr;r<F)indent ensure_asciiN)rnow isoformatr>r?dump)r8rCrAs rupdate_last_checkedrMLsP (  8 8 :In ncG 4> )Qqu=>>>s AA r)c |D]s}|d}|ddk(r%td|dd|ddt|d 5|dd k(rtd |dd|dd |d Ytd|dd|dd |d uy)u8텍스트 형식으로 결과를 stdout에 출력한다.rrr0z [EXPIRED] r z - expires_date: rz (overdue zd)r1z [WARNING] z (z d remaining)z [OK] N)printabs)r)r:r4s rprint_text_reportrQSs d!" X;) # Jqyk):1^;L:MZX[\`XaWbbde f x[I % Jqyk):1^;L:MRPTvUab c Jqyk):1^;L:MRPTvUab cdrctd|D}td|D}td|D}|t||||ddS)u0JSON 출력 구조를 생성하여 반환한다.c32K|]}|ddk(s dyw)rr2Nr.0r:s r z$build_json_output..as=8)<1= c32K|]}|ddk(s dyw)rr1rTNrrUs rrWz$build_json_output..bGaakY.FGrXc32K|]}|ddk(s dyw)rr0rTNrrUs rrWz$build_json_output..crZrX)r#r$r%r&)r)r*)sumlen)r)ok_count warning_count expired_counts rbuild_json_outputra_sV=g==HG7GGMG7GGM\$$   rctjd}|jdtd|jdddd |jd dd |j S)u(CLI 인자를 파싱하여 반환한다.u.시크릿 로테이션 상태를 확인한다.) descriptionz --inventoryu8인벤토리 JSON 파일 경로 (기본값: %(default)s))defaulthelpz--json json_output store_trueu(결과를 JSON 형식으로 출력한다)destactionrez--update-checkedu@last_checked 타임스탬프를 현재 시각으로 갱신한다)rire)argparseArgumentParser add_argumentDEFAULT_INVENTORY parse_args)parsers rrnrnps  $ $1a bF ! G    7    O    rct}t|j}|jdg}t j j dddd}|Dcgc]}t||}}|jr,t|}ttj|dn t||jrt|j|t!d|D}t#j$|rdydycc}w) u메인 진입점.secretsr)hourminutesecond microsecondF)rIc3*K|] }|ddv yw)r)r0r1NrrUs rrWzmain..sKaAhK#99KsrTN)rnrBrCgetrrJreplacer7rfrarOr?dumpsrQupdate_checkedrManysysexit)argsrCrqr-sr)output has_issues rmainrs rsN  **..!13tH~7M7M7O7V7V7]7]3^__-8:EH__` ))i X+(34 >>>> dtK0 dT dtK0Z"H&&,$. zFr