%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python2.7/site-packages/salt/modules/
Upload File :
Create Path :
Current File : //lib/python2.7/site-packages/salt/modules/boto_secgroup.pyc

�
���^c@@s�dZddlmZmZmZddlZddlmZmZddl	j
jZddlZ
eje�ZddlmZy;ddlZddlZejd�jej�eZWnek
r�eZnXd�Zddddddddd�Zddddddd	�Zd
�Zdddddddddd�	Z d�Z!dddddddd
�Z"ddddddd�Z#ddddddd�Z$ddddddddd�Z%ddddddd�Z&ddddddddd�Z'ddddddddddddddded�Z(ddddddddddddddded�Z)ddddddddd�Z*ddddddddd�Z+ddddddddd�Z,dS(u�
Connection module for Amazon Security Groups

.. versionadded:: 2014.7.0

:configuration: This module accepts explicit ec2 credentials but can
    also utilize IAM roles assigned to the instance through Instance Profiles.
    Dynamic credentials are then automatically obtained from AWS API and no
    further configuration is necessary. More Information available at:

    .. code-block:: text

        http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

    If IAM roles are not used you need to specify them either in a pillar or
    in the minion's config file:

    .. code-block:: yaml

        secgroup.keyid: GKTADJGHEIQSXMKKRBJ08H
        secgroup.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

    A region may also be specified in the configuration:

    .. code-block:: yaml

        secgroup.region: us-east-1

    If a region is not specified, the default is us-east-1.

    It's also possible to specify key, keyid and region via a profile, either
    as a passed in dict, or as a string to pull from pillars or minion config:

    .. code-block:: yaml

        myprofile:
            keyid: GKTADJGHEIQSXMKKRBJ08H
            key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
            region: us-east-1

:depends: boto
i(tabsolute_importtprint_functiontunicode_literalsN(tCommandExecutionErrortSaltInvocationError(tsixubotocC@sHtjjjdddt�}|tkrDtdtddt�n|S(ug
    Only load if boto libraries exist and if boto libraries are greater than
    a given version.
    tboto_veru2.4.0tcheck_boto3uboto.assign_funcsuec2tpack(	tsalttutilstversionstcheck_boto_reqstFalsetTruet	__utils__t__name__t__salt__(t
has_boto_reqs((s>/usr/lib/python2.7/site-packages/salt/modules/boto_secgroup.pyt__virtual__Hs
	c
C@sotd|d|d|d|�}t|d|d|d|d|d|d|d|d|�}	|	rgtStSd	S(
u|
    Check to see if a security group exists.

    CLI example::

        salt myminion boto_secgroup.exists mysecgroup
    tregiontkeytkeyidtprofiletnametvpc_idtvpc_nametgroup_idN(t	_get_connt
_get_groupRR
(
RRRRRRRRtconntgroup((s>/usr/lib/python2.7/site-packages/salt/modules/boto_secgroup.pytexists[s	!	cC@s8tdd|d|d|d|d|�}|jd�S(Nuboto_vpc.get_idRRRRRuid(Rtget(RRRRRRtdata((s>/usr/lib/python2.7/site-packages/salt/modules/boto_secgroup.pyt_vpc_name_to_idoscC@s�g}x�|D]�}|jd�}|jd�}|jd�}|jd�}x`|D]X}i|d6|d6|d6}x'tj|�D]\}	}
|
||	<q�W|j|�qVWq
W|S(u7
    Split rules with combined grants into individual rules.

    Amazon returns a set of rules with the same protocol, from and to ports
    together as a single rule with a set of grants. Authorizing and revoking
    rules, however, is done as a split set of rules. This function splits the
    rules up.
    uip_protocoluto_portu	from_portugrants(R!Rt	iteritemstappend(trulestsplittruletip_protocoltto_portt	from_porttgrantstgrantt_ruleRtval((s>/usr/lib/python2.7/site-packages/salt/modules/boto_secgroup.pyt_split_rulesvs	



c	C@s�|r|rtd��n|ry1td|d|d|d|d|d|�}Wqtjjk
r{}	tj|	�dSXn|r�|dkr#tjd|�i|d	6}
|jd
|
�}x!|D]}|j	dkr�|Sq�Wt
|�dkrtd��nt
|�dkr|d
SdS|r�tjd||�i|d	6|d6}
|jd
|
�}t
|�dkr||d
SdSq�dSnn|r�y|jd|g�}
Wn'tjjk
r�}	tj|	�dSXt
|
�dkr�|
d
SdSndSdS(u�
    Get a group object given a name, name and vpc_id/vpc_name or group_id. Return
    a boto.ec2.securitygroup.SecurityGroup object if the group is found, else
    return None.
    u:The params 'vpc_id' and 'vpc_name' are mutually exclusive.RRRRRRugetting group for %su
group-nametfiltersiu8Security group belongs to more VPCs, specify the VPC ID!iu!getting group for %s in vpc_id %suvpc_idt	group_idsN(RR#tbotot	exceptiontBotoServerErrortlogtdebugtNonetget_all_security_groupsRtlenR(RRRRRRRRRtetgroup_filtertfiltered_groupsRtgroups((s>/usr/lib/python2.7/site-packages/salt/modules/boto_secgroup.pyR�sP



cC@s�g}x�|D]{}tjd||j�ddddg}tj�}x1|D])}t||�}|soqNn|dkr/g}x�|D]�}	tjd|	�idd6d	d
6dd6d
d
6}
tj�}xBtj|
�D]1\}}
t|	|�}|sq�n|||
<q�W|j|�q�W||d<qN|dkrNt	|�||<qN|dkrmt	|�||<qN|||<qNW|j|�q
W|S(Nuexamining rule %s for group %suip_protocolu	from_portuto_portugrantsuexamining grant %s forusource_group_nameunameusource_group_owner_iduowner_idusource_group_group_idugroup_iducidr_ip(
R6R7tidtodicttOrderedDicttgetattrRR$R%tint(tsgR&t_rulesR(tattrsR.tattrR/t_grantsR-tg_attrst_granttg_attrt
g_attr_maptg_val((s>/usr/lib/python2.7/site-packages/salt/modules/boto_secgroup.pyt_parse_rules�s@





c
C@s�td|d|d|d|�}t|tj�r?|g}nt|tj�r]|g}nddddd	d
ddd
dg
}g}	y�|jd|d|d|�}
x�|
D]�}i}x�|D]�}
t||
d�}|
d
kr�|j}nL|
dkrt||�}n.|
dkr>g|�D]}|j	^q&}n|||
<q�W|	|g7}	q�W|	SWn't
jjk
r�}t
j|�gSXdS(u�
    Return a list of all Security Groups matching the given criteria and filters.

    Note that the 'groupnames' argument only functions correctly for EC2 Classic
    and default VPC Security Groups.  To find groups by name in other VPCs you'll
    want to use the 'group-name' filter instead.

    Valid keys for the filters argument are:
        description - The description of the security group.
        egress.ip-permission.prefix-list-id - The ID (prefix) of the AWS service to which the security group allows access.
        group-id - The ID of the security group.
        group-name - The name of the security group.
        ip-permission.cidr - A CIDR range that has been granted permission.
        ip-permission.from-port - The start of port range for the TCP and UDP protocols, or an ICMP type number.
        ip-permission.group-id - The ID of a security group that has been granted permission.
        ip-permission.group-name - The name of a security group that has been granted permission.
        ip-permission.protocol - The IP protocol for the permission (tcp | udp | icmp or a protocol number).
        ip-permission.to-port - The end of port range for the TCP and UDP protocols, or an ICMP code.
        ip-permission.user-id - The ID of an AWS account that has been granted permission.
        owner-id - The AWS account ID of the owner of the security group.
        tag-key - The key of a tag assigned to the security group.
        tag-value - The value of a tag assigned to the security group.
        vpc-id - The ID of the VPC specified when the security group was created.

    CLI example::

        salt myminion boto_secgroup.get_all_security_groups filters='{group-name: mygroup}'
    RRRRudescriptionuidu	instancesunameuowner_iduregionurulesurules_egressutagsuvpc_idt
groupnamesR2R1N(urulesurules_egress(Rt
isinstanceRtstring_typesR9RBR8RRNR?R3R4R5R6R7(ROR2R1RRRRRtinterestingtrettrtgtntatvtiR;((s>/usr/lib/python2.7/site-packages/salt/modules/boto_secgroup.pyR9�s8!	

"
c	C@s�td|d|d|d|�}|jd�rDtjd|�|Std|d|d	|d
|d|d|d|d|�}t|dd�S(
u�
    Get a Group ID given a Group Name or Group Name and VPC ID

    CLI example::

        salt myminion boto_secgroup.get_group_id mysecgroup
    RRRRusg-u0group %s is a group id. get_group_id not called.RRRRuidN(Rt
startswithR6R7RRBR8(	RRRRRRRRR((s>/usr/lib/python2.7/site-packages/salt/modules/boto_secgroup.pytget_group_id-s	!c
C@s�tjd|�g}xu|D]m}td|d|d|d|d|d|d|�}	|	sttd	j|���q|jtj|	��qWtjd
|�|S(u�
    Given a list of security groups and a vpc_id, convert_to_group_ids will
    convert all list items in the given list to security group ids.

    CLI example::

        salt myminion boto_secgroup.convert_to_group_ids mysecgroup vpc-89yhh7h
    u)security group contents %s pre-conversionRRRRRRRu7Could not resolve Security Group name {0} to a Group IDu*security group contents %s post-conversion(R6R7R[RtformatR%Rt	text_type(
R>RRRRRRR2RR((s>/usr/lib/python2.7/site-packages/salt/modules/boto_secgroup.pytconvert_to_group_ids?s

	c
C@std|d|d|d|�}t|d|d|d|d|d|d|d|d|�}	|	r�tj�}
|	j|
d	<|	j|
d
<|	j|
d<|	j|
d<|	j|
d
<t	|	|	j
�}t	|	|	j�}t|�|
d<t|�|
d<|
SdSdS(u�
    Get the configuration for a security group.

    CLI example::

        salt myminion boto_secgroup.get_config mysecgroup
    RRRRRRRRunameugroup_iduowner_idudescriptionutagsurulesurules_egressN(RRR@RARR?towner_idtdescriptionttagsRNR&trules_egressR0R8(
RRRRRRRRRRDRSREt
_rules_egress((s>/usr/lib/python2.7/site-packages/salt/modules/boto_secgroup.pyt
get_configYs"	!	




cC@s�td|d|d|d|�}|r�|r�y1td|d|d|d|d|d|�}Wq�tjjk
r�}	tj|	�tSXn|j|||�}
|
r�tj	d|�t
Sdj|�}tj|�tSd	S(
u�
    Create a security group.

    CLI example::

        salt myminion boto_secgroup.create mysecgroup 'My Security Group'
    RRRRRRuCreated security group %s.u$Failed to create security group {0}.N(
RR#R3R4R5R6R7R
tcreate_security_grouptinfoRR\terror(RR`RRRRRRRR;tcreatedtmsg((s>/usr/lib/python2.7/site-packages/salt/modules/boto_secgroup.pytcreateys	!


cC@s�td|d|d|d|�}t|d|d|d|d|d|d|d|d|�}	|	r�|jd|	j�}
|
r�tjd	|	j|	j�tSd
j|�}tj	|�t
Sntjd�t
SdS(
ul
    Delete a security group.

    CLI example::

        salt myminion boto_secgroup.delete mysecgroup
    RRRRRRRRu%Deleted security group %s with id %s.u$Failed to delete security group {0}.uSecurity group not found.N(RRtdelete_security_groupR?R6RfRRR\RgR
R7(RRRRRRRRRRtdeletedRi((s>/usr/lib/python2.7/site-packages/salt/modules/boto_secgroup.pytdelete�s	!	

cC@s�td|	d|
d|d|�}t|d|d|
d|d|d|	d|
d|d|�}|r�y�d}|s�|jd	|d
|d|d|d
|d|d|jd|�}n3|jd|d|d
|d|d|jd|�}|r
tjd|j|j�t	Sdj
|j|j�}tj|�tSWq�t
jjk
r�}|jdkr_t	Sdj
|j|j�}tj|�tj|�tSXntjd�tSdS(u�
    Add a new rule to an existing security group.

    CLI example::

        salt myminion boto_secgroup.authorize mysecgroup ip_protocol=tcp from_port=80 to_port=80 cidr_ip='['10.0.0.0/8', '192.168.0.0/24']'
    RRRRRRRRtsrc_security_group_nametsrc_security_group_owner_idR)R+R*tcidr_iptsrc_security_group_group_idtsrc_group_idu*Added rule to security group %s with id %su5Failed to add rule to security group {0} with id {1}.uInvalidPermission.Duplicateu%Failed to add rule to security group.N(RRR8tauthorize_security_groupR?tauthorize_security_group_egressR6RfRRR\RgR
R3R4tEC2ResponseErrort
error_code(Rtsource_group_nametsource_group_owner_idR)R+R*RpRtsource_group_group_idRRRRRRtegressRRtaddedRiR;((s>/usr/lib/python2.7/site-packages/salt/modules/boto_secgroup.pyt	authorize�sH!					



cC@s�td|	d|
d|d|�}t|d|d|
d|d|d|	d|
d|d|�}|r�y�d}|s�|jd	|d
|d|d|d
|d|d|jd|�}n3|jd|d|d
|d|d|jd|�}|r
tjd|j|j�t	Sdj
|j|j�}tj|�tSWq�t
jjk
r�}dj
|j|j�}tj|�tj|�tSXntjd�tSdS(u�
    Remove a rule from an existing security group.

    CLI example::

        salt myminion boto_secgroup.revoke mysecgroup ip_protocol=tcp from_port=80 to_port=80 cidr_ip='10.0.0.0/8'
    RRRRRRRRRnRoR)R+R*RpRqRru/Removed rule from security group %s with id %s.u:Failed to remove rule from security group {0} with id {1}.u*Failed to remove rule from security group.N(RRR8trevoke_security_groupR?trevoke_security_group_egressR6RfRRR\RgR
R3R4Ru(RRwRxR)R+R*RpRRyRRRRRRRzRRtrevokedRiR;((s>/usr/lib/python2.7/site-packages/salt/modules/boto_secgroup.pytrevoke�sD!					



c	C@sTt||f�r!td��nt||||f�sHtd��ntdd�}|d|d|d|d|�}	iid	6}
|r�|g|
d
<n|r�||
d	d<n|r�||
d	d<n|r
x7tj|�D]#\}}||
d	d
j|�<q�Wn|	j|
�}
tj	d|
|
�|
rLg|
D]}|j
^q9SgSdS(u�
    Given VPC properties, find and return matching VPC ids.
    Borrowed from boto_vpc; these could be refactored into a common library
    u/Only one of vpc_name or vpc_id may be provided.uOAt least one of the following must be provided: vpc_id, vpc_name, cidr or tags.uboto.get_connection_funcuvpcRRRRufiltersuvpc_idsucidrutag:Nameutag:{0}u5The filters criteria %s matched the following VPCs:%sN(tallRtanyRRR$R\tget_all_vpcsR6R7R?(RRtcidrRaRRRRtlocal_get_connRtfilter_parametersttag_namet	tag_valuetvpcstvpc((s>/usr/lib/python2.7/site-packages/salt/modules/boto_secgroup.pyt
_find_vpcss,!
	
c	C@s�td|d|d|d|�}	t|	d|d|d|d|d|d|d|d|�}
|
r�t|t�r�|
j|�q�d	}t|��nd
}t|��tS(u�
    sets tags on a security group

    .. versionadded:: 2016.3.0

    tags
        a dict of key:value pair of tags to set on the security group

    name
        the name of the security group

    group_id
        the group id of the security group (in lie of a name/vpc combo)

    vpc_name
        the name of the vpc to search the named group for

    vpc_id
        the id of the vpc, in lieu of the vpc_name

    region
        the amazon region

    key
        amazon key

    keyid
        amazon keyid

    profile
        amazon profile

    CLI example:

    .. code-block:: bash

        salt myminion boto_secgroup.set_tags "{'TAG1': 'Value1', 'TAG2': 'Value2'}" security_group_name vpc_id=vpc-13435 profile=my_aws_profile
    RRRRRRRRu'Tags must be a dict of tagname:tagvalueu%The security group could not be found(RRRPtdicttadd_tagsRR(RaRRRRRRRRRtsecgrpRi((s>/usr/lib/python2.7/site-packages/salt/modules/boto_secgroup.pytset_tagsGs/!	c	C@s�td|d|d|d|�}	t|	d|d|d|d|d|d|d|d|�}
|
r�t|t�r�i}x|D]}d||<qW|
j|�q�d	}
t|
��nd
}
t|
��tS(u�
    deletes tags from a security group

    .. versionadded:: 2016.3.0

    tags
        a list of tags to remove

    name
        the name of the security group

    group_id
        the group id of the security group (in lie of a name/vpc combo)

    vpc_name
        the name of the vpc to search the named group for

    vpc_id
        the id of the vpc, in lieu of the vpc_name

    region
        the amazon region

    key
        amazon key

    keyid
        amazon keyid

    profile
        amazon profile

    CLI example:

    .. code-block:: bash

        salt myminion boto_secgroup.delete_tags ['TAG_TO_DELETE1','TAG_TO_DELETE2'] security_group_name vpc_id=vpc-13435 profile=my_aws_profile
    RRRRRRRRuATags must be a list of tagnames to remove from the security groupu%The security group could not be foundN(RRRPtlistR8tremove_tagsRR(RaRRRRRRRRRR�ttags_to_removettagRi((s>/usr/lib/python2.7/site-packages/salt/modules/boto_secgroup.pytdelete_tags�s/!	
(-t__doc__t
__future__RRRtloggingtsalt.exceptionsRRtsalt.utils.odictR
R@tsalt.utils.versionsR	t	getLoggerRR6tsalt.extRR3tboto.ec2tsetLeveltCRITICALRtHAS_BOTOtImportErrorR
RR8R R#R0RRNR9R[R^RdRjRmR|R�R�R�R�(((s>/usr/lib/python2.7/site-packages/salt/modules/boto_secgroup.pyt<module>+s~


		;	$	=31)9

Zerion Mini Shell 1.0