B `|@szddlmZmZmZeZddlZddlZddlZddl Z ddl m Z ddl m Z ddl mZddlmZddlmZddlmZdd lmZdd lmZdd lmZdd lmZdd lmZddlmZddlmZddlmZdZyddlZddl ZdZ!Wn"e"k re #ZdZ!YnXdZ$yddl%Z%ddl&Z&dZ'Wn"e"k r^e #Z$dZ'YnXyddl(m)Z)dZ*Wne"k rdZ*YnXGddde+Z,ddZ-GdddeZ.dHddZ/dIddZ0e0Z1dd Z2d!d"Z3d#d$Z4dJd%d&Z5dKd'd(Z6d)d*Z7d+d,Z8d-d.Z9d/d0Z:d1d2Z;dLd3d4Zd;d<Z?d=d>Z@dOd@dAZAdBdCZBdDdEZCdPdFdGZDdS)Q)absolute_importdivisionprint_functionN) to_native)to_text) __version__) env_fallback)missing_required_lib) binary_type) string_types) text_type) integer_types)_camel_to_snake)_snake_to_camel)camel_dict_to_snake_dict)snake_dict_to_camel_dict) CloudRetryTF) cmp_to_keyc@s eZdZdS)AnsibleAWSErrorN)__name__ __module__ __qualname__rrf/home/dcms/DCMS/lib/python3.7/site-packages/ansible_collections/amazon/aws/plugins/module_utils/ec2.pyrQsrcCstr tjjStdS)z Allow for boto3 not being installed when using these utils by wrapping botocore.exceptions instead of assigning from it directly. N) HAS_BOTO3botocore exceptionsZ ClientErrortyperrrr_botocore_exception_maybeUsrc@s,eZdZeZeddZedddZdS)AWSRetrycCs|jddS)NErrorZCode)response)errorrrrstatus_code_from_exceptionbsz#AWSRetry.status_code_from_exceptionNcCs(dddddddg}|r ||||kS)NZRequestLimitExceededZ UnavailableZServiceUnavailableZInternalFailureZ InternalErrorZTooManyRequestsExceptionZ Throttling)extend)Z response_codeZcatch_extra_error_codesZretry_onrrrfoundfs  zAWSRetry.found)N)rrrrZ base_class staticmethodr$r&rrrrr _s r c Ksytf||||d|Stk rN}z|jdt|dWdd}~XYntjjtjjtjjtjj fk r}z|jt|dWdd}~XYn8tjj k r}z|jd|j dWdd}~XYnXdS)N) conn_typeresourceregionendpointzCouldn't connect to AWS: %s)msgzoThe %s module requires a region and none was found in configuration, environment variables or module parameters) _boto3_conn ValueError fail_jsonrrrProfileNotFoundZPartialCredentialsErrorZNoCredentialsErrorZConfigParseErrorZ NoRegionError_name)moduler(r)r*r+paramserrr boto3_conn}s$ r5c Ks|dd}|dkrtdtjjdtd}|ddk rN||d}|ddk rl||d}t j j |d}|d kr|j |f|||d |S|d kr|j |f|||d |S|j |f||d |}|j |f||d |}||fSdS) N profile_name)Zbothr)clientzThere is an issue in the calling code. You must specify either both, resource, or client to the conn_type parameter in the boto3_conn function callz Ansible/{0})Zuser_agent_extraconfig aws_config)r6r))r8 region_name endpoint_urlr7)r:r;)popr.rr8Configformatrgetmergeboto3sessionSessionr)r7) r(r)r*r+r3profiler8rBr7rrrr-s$ r-cCsTt|dr|j}n>t|drDt|jdt|dtt|}n dt|f}|S)z{ Extracts the error message from a boto exception. :param err: Exception from boto :return: Error message error_messagemessage z - z%s: %s)hasattrrEstrrFr Exception)errr#rrrboto_exceptions   ( rLc Csrtttdgfdddtddgdtdd gdtd d gd d tddgd d td ddtddtdgdtddd S)NZANSIBLE_DEBUG_BOTOCORE_LOGSFbool)fallbackdefaultrZaws_endpoint_urlr;)aliasesZec2_access_key access_keyZec2_secret_key secret_keyT)rPZno_logZ access_tokenaws_security_token)rOrpath)rZ aws_profiledict) Zdebug_botocore_endpoint_logsec2_urlaws_access_keyaws_secret_keysecurity_tokenvalidate_certs aws_ca_bundlerDr9)rUrrrrraws_common_argument_specs    r\cCs$t}|ttddgdd|S)N aws_region ec2_region)rP)r*)r\updaterU)specrrrec2_argument_specs rac Cs|jd}|r|Sdtjkr(tjdSdtjkrsz"connect_to_aws..zRegion %s does not seem to be available for aws module %s. If the region definitely exists, you may need to upgrade boto or extend with endpoints_pathz:Unknown problem connecting to region %s for aws module %s.r6) Zconnect_to_regionrbrzProfileNotFoundErrorrZregionsrr?r|)Z aws_moduler*r3r{rrrconnect_to_awss rc Cst|\}}}|rhytj|f|}Wqtjjttjjfk rd}z|jt |dWdd}~XYqXnh|ryt tj |f|}Wqtjjttjjfk r}z|jt |dWdd}~XYqXn |jdd|S)z Return an ec2 connection)r,Nz*Either region or ec2_url must be specified) rwrbZconnect_ec2_endpointrcZNoAuthHandlerFoundrrzrr/rIrec2)r2r*rVrtrr4rrr ec2_connects$$ rcCsg}x||D]p\}}d|i}t|tr>> filters = {'some-aws-id': 'i-01234567'} >>> ansible_dict_to_boto3_filter_list(filters) { 'some-aws-id': 'i-01234567' } Returns: List: List of AWS filters and their values [ { 'Name': 'some-aws-id', 'Values': [ 'i-01234567', ] } ] NameValues)rrrsrMrIlowerr r append)Z filters_dictZ filters_listkvZ filter_dictrrr!ansible_dict_to_boto3_filter_lists    rcs|r|r||i}n ddd}|r2tdd|Ds6iSxD|D]8\|dkr@|dkr@tfdd|DSq@Wtdt|t|fd S) a Convert a boto3 list of resource tags to a flat dict of key:value pairs Args: tags_list (list): List of dicts representing AWS tags. tag_name_key_name (str): Value to use as the key for all tag keys (useful because boto3 doesn't always use "Key") tag_value_key_name (str): Value to use as the key for all tag values (useful because boto3 doesn't always use "Value") Basic Usage: >>> tags_list = [{'Key': 'MyTagKey', 'Value': 'MyTagValue'}] >>> boto3_tag_list_to_ansible_dict(tags_list) [ { 'Key': 'MyTagKey', 'Value': 'MyTagValue' } ] Returns: Dict: Dict of key:value pairs representing AWS tags { 'MyTagKey': 'MyTagValue', } rvValue)keyKeycss|] }|VqdS)Nr)r~tagrrr sz1boto3_tag_list_to_ansible_dict..rc3s|]}||fVqdS)Nr)r~r)rrrrrsz4Couldn't find tag key (candidates %s) in tag list %sN)anyrrrUr.rI) tags_listtag_name_key_nametag_value_key_nameZtag_candidatesr)rrrboto3_tag_list_to_ansible_dicts  rrrcCs4g}x*|D]\}}||||t|iqW|S)a Convert a flat dict of key:value pairs representing AWS resource tags to a boto3 list of dicts Args: tags_dict (dict): Dict representing AWS resource tags. tag_name_key_name (str): Value to use as the key for all tag keys (useful because boto3 doesn't always use "Key") tag_value_key_name (str): Value to use as the key for all tag values (useful because boto3 doesn't always use "Value") Basic Usage: >>> tags_dict = {'MyTagKey': 'MyTagValue'} >>> ansible_dict_to_boto3_tag_list(tags_dict) { 'MyTagKey': 'MyTagValue' } Returns: List: List of dicts containing tag keys and values [ { 'Key': 'MyTagKey', 'Value': 'MyTagValue' } ] )rrrr)Z tags_dictrrrrrrrransible_dict_to_boto3_tag_listsrc sddddg}t|tr$|g}rZ|rLd|gdg}|j|dd}q||d}n"|rtd|i}|j|d }n|}t|fd d |D}tt|t|t|d krd d|D|dd<dd|D}t|d krtdd ||fdd|D7}|S)ay Return list of security group IDs from security group names. Note that security group names are not unique across VPCs. If a name exists across multiple VPCs and no VPC ID is supplied, all matching IDs will be returned. This will probably lead to a boto exception if you attempt to assign both IDs to a resource so ensure you wrap the call in a try block cSs|r |dS|jSdS)NZ GroupName)r})sgrArrr get_sg_namesz:get_ec2_security_group_ids_from_names..get_sg_namecSs|r |dS|jSdS)NZGroupId)id)rrArrr get_sg_id#sz8get_ec2_security_group_ids_from_names..get_sg_idzvpc-id)rr)ZFiltersZSecurityGroups)filtersc3s|]}t|VqdS)N)rI)r~all_sg)rArrrrDsz8get_ec2_security_group_ids_from_names..rcSsg|]}td|r|qS)zsg-[a-fA-F0-9]+$)rematch)r~rrrrrIsz9get_ec2_security_group_ids_from_names..NcSsg|]}td|s|qS)zsg-[a-fA-F0-9]+$)rr)r~rrrrrJsz+The following group names are not valid: %sz, cs,g|]$}t|krt|qSr)rI)r~r)rArrsec_group_name_listrrrNs) rsr Zdescribe_security_groupsZget_all_security_groupsset differencelistlenr.join) Zsec_group_listZec2_connectionZvpc_idrAZsec_group_id_listrZall_sec_groups unmatchedZstill_unmatchedr)rArrrr%get_ec2_security_group_ids_from_namess0    rcCst|trtt|gSt|tr4tt|gSt|trtx|D]*}t|g}t|trdt|}||qDWnt|t st|t rt |}| dr| dr|dd}|gSt|tr:t|}|x`|D]X}||}|dkr ||dkr ddi}t|g}t|tr(t|}|||fqWt|dkr`t|d tr`|d }t|trtr|jttd n||S) a Takes a policy and returns a list, the contents of which are all hashable and sorted. Example input policy: {'Version': '2012-10-17', 'Statement': [{'Action': 's3:PutObjectAcl', 'Sid': 'AddCannedAcl2', 'Resource': 'arn:aws:s3:::test_policy/*', 'Effect': 'Allow', 'Principal': {'AWS': ['arn:aws:iam::XXXXXXXXXXXX:user/username1', 'arn:aws:iam::XXXXXXXXXXXX:user/username2']} }]} Returned value: [('Statement', ((('Action', (u's3:PutObjectAcl',)), ('Effect', (u'Allow',)), ('Principal', ('AWS', ((u'arn:aws:iam::XXXXXXXXXXXX:user/username1',), (u'arn:aws:iam::XXXXXXXXXXXX:user/username2',)))), ('Resource', (u'arn:aws:s3:::test_policy/*',)), ('Sid', (u'AddCannedAcl2',)))), ('Version', (u'2012-10-17',)))] z arn:aws:iam::z:root:)Z NotPrincipalZ Principal*ZAWSrr)r)rsrMtuplerIrintr_hashable_policyrr r r startswithendswithsplitrUkeyssortrPY3_COMPARISONrpy3cmp)policyZ policy_listZeachZ tupleifiedZ sorted_keysrelementrrrrSsB            rc Csy ||krdS||krdSdSWndtk r}zFt|d}t|d}d||fkrr||krfdS||krrdSWdd}~XYnXdS)zh Python 2 can sort lists of mixed types. Strings < tuples. Without this function this fails on Python 3.rrrIrN) TypeErrorrfind)abr4Zstr_indZtup_indrrrrs r 2008-10-17cCs\|r@t|tr"|}|d|t|tr@|}|d|tt|gtt|gkS)zy Compares the existing policy and the updated policy Returns True if there is a difference between policies. Version)rsrUcopy setdefaultrr)Zcurrent_policyZ new_policyZdefault_versionrrrcompare_policiess    rcsbfddi}xL|D]@\}}t|tr:t|||<qt|trR|||<q|||<qW|S)a1 Sort any lists in an IAM JSON policy so that comparison of two policies with identical values but different orders will return true Args: policy_dict (dict): Dict representing IAM JSON policy. Basic Usage: >>> my_iam_policy = {'Principle': {'AWS':["31","7","14","101"]} >>> sort_json_policy_dict(my_iam_policy) Returns: Dict: Will return a copy of the policy as a Dict but any List will be sorted { 'Principle': { 'AWS': [ '7', '14', '31', '101' ] } } csdg}xJ|D]B}t|tr(|t|q t|trB||q ||q W|jddd|S)NcSst|trt|S|S)N)rsrUsortedrr)xrrrz>sort_json_policy_dict..value_is_list..)r)rsrUrsort_json_policy_dictrr)Zmy_listZ checked_listitem) value_is_listrrrs   z,sort_json_policy_dict..value_is_list)rrrsrUrr)Z policy_dictZordered_policy_dictrrvr)rrrs    rcCs|dkr dSt|}t|tr~x|D]R}||krtt||tr\t||||d||<qxt||||||<q&|Sq&WnLt|trx@tt|D]}|t|||qWn|rtd||S|S)a Allows to cast elements within a dictionary to a specific type Example of usage: DEPLOYMENT_CONFIGURATION_TYPE_MAP = { 'maximum_percent': 'int', 'minimum_healthy_percent': 'int' } deployment_configuration = map_complex_type(module.params['deployment_configuration'], DEPLOYMENT_CONFIGURATION_TYPE_MAP) This ensures all keys within the root element are casted and valid integers Nr __builtins__) rrsrUrmap_complex_typerangerrglobals)Z complex_typeZtype_mapnew_typerirrrrs,     rcCsxi}g}x&|D]}||kr|r||qWx>t|t|D]&}t||||krF||||<qFW||fS)a Compare two dicts of AWS tags. Dicts are expected to of been created using 'boto3_tag_list_to_ansible_dict' helper function. Two dicts are returned - the first is tags to be set, the second is any tags to remove. Since the AWS APIs differ these may not be able to be used out of the box. :param current_tags_dict: :param new_tags_dict: :param purge_tags: :return: tag_key_value_pairs_to_set: a dict of key value pairs that need to be set in AWS. If all tags are identical this dict will be empty :return: tag_keys_to_unset: a list of key names (type str) that need to be unset in AWS. If no tags need to be unset this list will be empty )rrrrr?)Zcurrent_tags_dictZ new_tags_dictZ purge_tagsZtag_key_value_pairs_to_setZtag_keys_to_unsetrrrrcompare_aws_tagss  r)NNNN)NNNN)F)F)NN)rr)NT)r)T)E __future__rrrr __metaclass__rdrrp tracebackZansible.module_utils._textrrZ$ansible.module_utils.ansible_releaserZansible.module_utils.basicrr Zansible.module_utils.sixr r r r Z0ansible.module_utils.common.dict_transformationsrrrrZcloudrrgrbZboto.ec2rf ImportError format_excrhrArr functoolsrrrJrrr r5r-Zboto3_inventory_connrLr\rarirwrxr|rrrrrrrrrrrrrrrrs                     ! {( %  ?> .*