in src/aws_encryption_sdk_cli/internal/arg_parsing.py [0:0]
def _build_parser():
# type: () -> CommentIgnoringArgumentParser
"""Builds the argument parser.
:returns: Constructed argument parser
:rtype: argparse.ArgumentParser
"""
parser = CommentIgnoringArgumentParser(
description="Encrypt or decrypt data using the AWS Encryption SDK",
epilog="For more usage instructions and examples, see: http://aws-encryption-sdk-cli.readthedocs.io/en/latest/",
fromfile_prefix_chars="@",
)
# For each argument added to this group, a dummy redirect argument must
# be added to the parent parser for each long form option string.
version_or_action = parser.add_mutually_exclusive_group(required=True)
version_or_action.add_argument("--version", action="version", version=_version_report())
parser.add_dummy_redirect_argument("--version")
# For each argument added to this group, a dummy redirect argument must
# be added to the parent parser for each long form option string.
operating_action = version_or_action.add_mutually_exclusive_group()
operating_action.add_argument(
"-e", "--encrypt", dest="action", action="store_const", const="encrypt", help="Encrypt data"
)
parser.add_dummy_redirect_argument("--encrypt")
operating_action.add_argument(
"-d", "--decrypt", dest="action", action="store_const", const="decrypt", help="Decrypt data"
)
parser.add_dummy_redirect_argument("--decrypt")
operating_action.add_argument(
"--decrypt-unsigned",
dest="action",
action="store_const",
const="decrypt-unsigned",
help="Decrypt data and enforce messages are unsigned during decryption.",
)
parser.add_dummy_redirect_argument("--decrypt-unsigned")
# For each argument added to this group, a dummy redirect argument must
# be added to the parent parser for each long form option string.
metadata_group = parser.add_mutually_exclusive_group(required=True)
metadata_group.add_argument(
"-S",
"--suppress-metadata",
action="store_const",
const=MetadataWriter(suppress_output=True)(),
dest="metadata_output",
help="Suppress metadata output.",
)
parser.add_dummy_redirect_argument("--suppress-metadata")
metadata_group.add_argument(
"--metadata-output", type=MetadataWriter(), help="File to which to write metadata records"
)
parser.add_dummy_redirect_argument("--metadata-output")
parser.add_argument(
"--overwrite-metadata",
action="store_true",
help="Force metadata output to overwrite contents of file rather than appending to file",
)
parser.add_argument(
"-w",
"--wrapping-keys",
nargs="+",
dest="wrapping_keys",
action="append",
required=True,
help=(
"Identifying information for a wrapping key provider and wrapping keys. Each instance must include "
"a wrapping key provider identifier and identifiers for one or more wrapping key supplied by that "
" provider. ex: "
"--wrapping-keys provider=aws-kms key=$AWS_KMS_KEY_ARN"
),
)
parser.add_argument(
"--commitment-policy",
type=CommitmentPolicyArgs,
choices=list(CommitmentPolicyArgs),
default=CommitmentPolicyArgs.REQUIRE_ENCRYPT_REQUIRE_DECRYPT,
help=(
"Specifies the commitment policy for key commitment. "
"ex: "
"--commitment-policy=forbid-encrypt-allow-decrypt"
),
)
parser.add_argument(
"--caching",
nargs="+",
required=False,
action=UniqueStoreAction,
help=(
"Configuration options for a caching cryptographic materials manager and local cryptographic materials "
'cache. Must consist of "key=value" pairs. If caching, at least "capacity" and "max_age" must be defined. '
"ex: "
"--caching capacity=10 max_age=100.0"
),
)
parser.add_argument(
"-b", "--buffer", action="store_true", help="Buffer result in memory before releasing to output"
)
parser.add_argument(
"-i",
"--input",
required=True,
action=UniqueStoreAction,
help='Input file or directory for encrypt/decrypt operation, or "-" for stdin.',
)
parser.add_argument(
"-o",
"--output",
required=True,
action=UniqueStoreAction,
help="Output file or directory for encrypt/decrypt operation, or - for stdout.",
)
parser.add_argument("--encode", action="store_true", help="Base64-encode output after processing")
parser.add_argument("--decode", action="store_true", help="Base64-decode input before processing")
parser.add_argument(
"-c",
"--encryption-context",
nargs="+",
action=UniqueStoreAction,
help=(
'key-value pair encryption context values (encryption only). Must a set of "key=value" pairs. '
"ex: "
"-c key1=value1 key2=value2"
),
)
# Note: This is added as an argument for argparse API consistency, but it should not be used directly.
parser.add_argument(
"--required-encryption-context-keys", nargs="+", action=UniqueStoreAction, help=argparse.SUPPRESS
)
parser.add_argument(
"--algorithm", action=UniqueStoreAction, help="Algorithm name (encryption only)", choices=ALGORITHM_NAMES
)
parser.add_argument(
"--frame-length",
dest="frame_length",
type=int,
action=UniqueStoreAction,
help="Frame length in bytes (encryption only)",
)
parser.add_argument(
"--max-length",
type=int,
action=UniqueStoreAction,
help=(
"Maximum frame length (for framed messages) or content length (for "
"non-framed messages) (decryption only)"
),
)
parser.add_argument(
"--max-encrypted-data-keys",
type=int,
action=UniqueStoreAction,
help="Maximum number of encrypted data keys to wrap (during encryption) or to unwrap (during decryption)",
)
parser.add_argument(
"--suffix",
nargs="?",
const="",
action=UniqueStoreAction,
help="Custom suffix to use when target filename is not specified (empty if specified but no value provided)",
)
parser.add_argument(
"--interactive",
action="store_true",
help="Force aws-encryption-cli to prompt you for verification before overwriting existing files",
)
parser.add_argument("--no-overwrite", action="store_true", help="Never overwrite existing files")
parser.add_argument("-r", "-R", "--recursive", action="store_true", help="Allow operation on directories as input")
parser.add_argument(
"-v",
dest="verbosity",
action="count",
help="Enables logging and sets detail level. Multiple -v options increases verbosity (max: 4).",
)
parser.add_argument("-q", "--quiet", action="store_true", help="Suppresses most warning and diagnostic messages")
return parser