%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python2.7/site-packages/salt/states/
Upload File :
Create Path :
Current File : //lib/python2.7/site-packages/salt/states/boto_iam.pyo

�
���^c@@s�dZddlmZmZmZddlZddlZddlZddl	Zddl
ZddlZddlj
jZddlj
jZddlmZddlmZyddlmZeZWnek
r�eZnXeje�ZdZej rd�Z!n	d	�Z!d
�Z"eeeddddd�Z$dddddd
�Z%ddddd�Z&ddddd�Z'dddddddddd�	Z(dddddd�Z)dddddd�Z*ddddd�Z+ddddd�Z,ddddd�Z-ddddd�Z.ddddddddded�
Z/d�Z0ddddded�Z1ddddded�Z2ddddd�Z3ddddd�Z4ddddddddddddddd�Z5ddddd�Z6ddddddd �Z7ddddddd!�Z8ddddd"�Z9ddddd#�Z:ddddd$�Z;d%�Z<dS(&u&
Manage IAM objects
==================

.. versionadded:: 2015.8.0

This module uses ``boto``, which can be installed via package, or pip.

This module accepts explicit IAM credentials but can also utilize
IAM roles assigned to the instance through Instance Profiles. Dynamic
credentials are then automatically obtained from AWS API and no further
configuration is necessary. More information available `here
<http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html>`_.

It's also possible to specify ``key``, ``keyid`` and ``region`` via a profile, either
passed in as a dict, or as a string to pull from pillars or minion config:

.. code-block:: yaml

    delete-user:
      boto_iam.user_absent:
        - name: myuser
        - delete_keys: true


.. code-block:: yaml

    delete-keys:
      boto_iam.keys_absent:
        - access_keys:
          - 'AKIAJHTMIQ2ASDFLASDF'
          - 'PQIAJHTMIQ2ASRTLASFR'
        - user_name: myuser

.. code-block:: yaml

    create-user:
      boto_iam.user_present:
        - name: myuser
        - policies:
            mypolicy: |
                {
                    "Version": "2012-10-17",
                    "Statement": [{
                    "Effect": "Allow",
                    "Action": "*",
                    "Resource": "*"}]
                }
        - password: NewPassword$$1
        - region: eu-west-1
        - keyid: 'AKIAJHTMIQ2ASDFLASDF'
        - key: 'fdkjsafkljsASSADFalkfjasdf'

.. code-block:: yaml

    create-group:
      boto_iam.group_present:
        - name: mygroup
        - users:
          - myuser
          - myuser1
        - policies:
            mypolicy: |
                {
                    "Version": "2012-10-17",
                    "Statement": [{
                    "Effect": "Allow",
                    "Action": "*",
                    "Resource": "*"}]
                }
        - region: eu-west-1
        - keyid: 'AKIAJHTMIQ2ASDFLASDF'
        - key: 'safsdfsal;fdkjsafkljsASSADFalkfj'

.. code-block:: yaml

    change-policy:
      boto_iam.account_policy:
        - change_password: True
        - region: eu-west-1
        - keyid: 'AKIAJHTMIQ2ASDFLASDF'
        - key: 'safsdfsal;fdkjsafkljsASSADFalkfj'

.. code-block:: yaml

    create server certificate:
      boto_iam.server_cert_present:
        - name: mycert
        - public_key: salt://base/mycert.crt
        - private_key: salt://base/mycert.key
        - cert_chain: salt://base/mycert_chain.crt
        - region: eu-west-1
        - keyid: 'AKIAJHTMIQ2ASDFLASDF'
        - key: 'fdkjsafkljsASSADFalkfjasdf'

.. code-block:: yaml

    delete server certificate:
      boto_iam.server_cert_absent:
        - name: mycert

.. code-block:: yaml

    create keys for user:
      boto_iam.keys_present:
        - name: myusername
        - number: 2
        - save_dir: /root
        - region: eu-west-1
        - keyid: 'AKIAJHTMIQ2ASDFLASDF'
        - key: 'fdkjsafkljsASSADFalkfjasdf'

.. code-block:: yaml

    create policy:
      boto_iam.policy_present:
        - name: myname
        - policy_document: '{"MyPolicy": "Statement": [{"Action": ["sqs:*"], "Effect": "Allow", "Resource": ["arn:aws:sqs:*:*:*"], "Sid": "MyPolicySqs1"}]}'
        - region: eu-west-1
        - keyid: 'AKIAJHTMIQ2ASDFLASDF'
        - key: 'fdkjsafkljsASSADFalkfjasdf'

.. code-block:: yaml

    add-saml-provider:
      boto_iam.saml_provider_present:
        - name: my_saml_provider
        - saml_metadata_document: salt://base/files/provider.xml
        - keyid: 'AKIAJHTMIQ2ASDFLASDF'
        - key: 'safsdfsal;fdkjsafkljsASSADFalkfj'
i(tabsolute_importtprint_functiontunicode_literalsN(tsix(trange(tElementTreeuboto_iamcC@s�t|t�rMtgtj|�D]$\}}t|�t|�f^q"�St|t�ryg|D]}t|�^qcSt|tj�r�|jd�S|SdS(Nuutf-8(t
isinstancetdictRt	iteritemst_byteifytlistt	text_typetencode(tthingtktvtm((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pyR	�s>
cC@s|S(N((ttext((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pyR	�scC@s@tstdjt�fSdtkr)tStdjt�fSdS(uF
    Only load if elementtree xml library and boto are available.
    u6Cannot load {0} state: ElementTree library unavailableuboto_iam.get_useru2Cannot load {0} state: boto_iam module unavailableN(tHAS_ELEMENT_TREEtFalsetformatt__virtualname__t__salt__tTrue(((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pyt__virtual__�s
cC@s�i|d6td6dd6id6}td|||||�s_t|d<dj|�|d<|S|r}tdd	|d
|d|d|d
|�}	tjd||	�t|	t�r}|	ddd}	x�|	D]�}
tdrdj|ddj|
d�g�|d<d*|d<q�t
||
d|||||�r�dj|ddj|
d�g�|d<d|d|
d<q�q�Wq}n|rtdd	|d
|d|d|d
|�}|rxU|D]J}|d}
tdrdj|ddj||
�g�|d<d*|d<nctdd	|d|
d
|d|d|d
|�}|rndj|ddj||
�g�|d<ntdr�dj|ddj|
�g�|d<d*|d<q�tdd|
d
|d|d|d
|�}|r�dj|dd j|
�g�|d<q�q�Wqn|r�tdrRdj|dd!j|�g�|d<d*|d<q�td"|||||�}|r�dj|dd#j|�g�|d<q�ntdr�dj|dd$j|�g�|d<d*|d<nht|||||�}dj|d|dg�|d<|dsE|d|d<|dtkrE|Sntdr�dj|dd%j|�g�|d<d*|d<nht
|||||�}dj|d|dg�|d<|ds�|d|d<|dtkr�|Sntdr(dj|dd&j|�g�|d<d*|d<|Std'|||||�}|tkr�dj|dd(j|�g�|d<t|d<||dd<|Sd)j||�|d<t|d<|S(+u�

    .. versionadded:: 2015.8.0

    Ensure the IAM user is absent. User cannot be deleted if it has keys.

    name (string)
        The name of the new user.

    delete_keys (bool)
        Delete all keys from user.

    delete_mfa_devices (bool)
        Delete all mfa devices from user.

        .. versionadded:: 2016.3.0

    delete_profile (bool)
        Delete profile from user.

        .. versionadded:: 2016.3.0

    region (string)
        Region to connect to.

    key (string)
        Secret key to be used.

    keyid (string)
        Access key to be used.

    profile (dict)
        A dict with region, key and keyid, or a pillar key (string)
        that contains a dict with region, key and keyid.
    unameuresultuucommentuchangesuboto_iam.get_useruIAM User {0} does not exist.uboto_iam.get_all_access_keyst	user_nametregiontkeytkeyidtprofileuKeys for user %s are %s.ulist_access_keys_responseulist_access_keys_resultuaccess_key_metadatautestu uKey {0} is set to be deleted.u
access_key_iduKey {0} has been deleted.udeleteduboto_iam.get_all_mfa_devicesu
serial_numberu5IAM user {0} MFA device {1} is set to be deactivated.uboto_iam.deactivate_mfa_devicetserialu+IAM user {0} MFA device {1} is deactivated.u,Virtual MFA device {0} is set to be deleted.u"boto_iam.delete_virtual_mfa_deviceu"Virtual MFA device {0} is deleted.u0IAM user {0} login profile is set to be deleted.uboto_iam.delete_login_profileu&IAM user {0} login profile is deleted.u5IAM user {0} managed policies are set to be detached.u3IAM user {0} inline policies are set to be deleted.u"IAM user {0} is set to be deleted.uboto_iam.delete_useruIAM user {0} is deleted.u'IAM user {0} could not be deleted.
 {1}N(RRRtlogtdebugRRt__opts__tjointNonet_delete_keyt_user_policies_detachedRt_user_policies_deleted(tnametdelete_keystdelete_mfa_devicestdelete_profileRRRRtrettkeysRtdevicestdRtmfa_deactivatedtmfa_deletedtprofile_deletedt_rettdeleted((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pytuser_absent�s�$"


*
"*+


)
1,
&
+3
&
,
&
!

&
!

&
&

u{2}
{0}
{3}
{1}
c
C@s�i|d6td6dd6id6}td|||||�s_t|d<dj|�|d<|St|t�s�d|d<t|d<|Stjj|�s�d	j|�|d<t|d<|Std
d|d|d
|d|d|�}	t|	t	j
�r<tjd|	�t
|	�\}
}dj|
|�|d<t|d<|S|	ddd}	tjd|	�t|	�|kr�dj|�|d<t|d<|Stdr�dj|�|d<d'|d<|Si}x�t|t|	��D]�}
td|||||�}t|t	j
�rCt
|�\}
}dj|
|�|d<t|d<|Stjd|�d}d}i|t	j|
�<|||dd|t	j|
�d <|||dd!|t	j|
�d"<q�Wy�tjjjd#j||�d$��x}xn|j�D]`\}}|d }|d"}|jtjjj|j||d%j|�d&j|����q�WWd'QXd(j||�|d<t|d<||d<|SWn2tk
r�d)j||�|d<t|d<|SXd'S(*u�
    .. versionadded:: 2015.8.0

    Ensure the IAM access keys are present.

    name (string)
        The name of the new user.

    number (int)
        Number of keys that user should have.

    save_dir (string)
        The directory that the key/keys will be saved. Keys are saved to a file named according
        to the username privided.

    region (string)
        Region to connect to.

    key (string)
        Secret key to be used.

    keyid (string)
        Access key to be used.

    profile (dict)
        A dict with region, key and keyid, or a pillar key (string)
        that contains a dict with region, key and keyid.

    save_format (dict)
        Save format is repeated for each key. Default format is
        "{2}\n{0}\n{3}\n{1}\n", where {0} and {1} are placeholders for new
        key_id and key respectively, whereas {2} and {3} are "key_id-{number}"
        and 'key-{number}' strings kept for compatibility.
    unameuresultuucommentuchangesuboto_iam.get_useruIAM User {0} does not exist.u&The number of keys must be an integer.u!The directory {0} does not exist.uboto_iam.get_all_access_keysRRRRRukeys are : false %suCould not get keys.
{0}
{1}ulist_access_keys_responseulist_access_keys_resultuaccess_key_metadatauKeys are : %s.u%The number of keys exist for user {0}utestu(Access key is set to be created for {0}.uboto_iam.create_access_keyuCould not create keys.
{0}
{1}uCreated is : %sucreate_access_key_responseucreate_access_key_resultu
access_keyu
access_key_idukey_idusecret_access_keyu
secret_keyu{0}/{1}uau
key_id-{0}ukey-{0}Nu'Keys have been written to file {0}/{1}.u Could not write to file {0}/{1}.(RRRRRtinttostpathtisdirRtstring_typesRR t
_get_errortlenR!R#RRtsalttutilstfilestfopentitemstwritetstringutilstto_strtIOError(R'tnumbertsave_dirRRRRtsave_formatR+R,terrortmessagetnew_keystitcreatedtresponsetresultt_wrftkey_numtkey_idt
secret_key((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pytkeys_present9s�$"








'+'

 



c	C@s�i|d6td6dd6id6}td|||||�s_t|d<dj|�|d<|Sx,|D]$}t|||||||�}qfW|S(u�

    .. versionadded:: 2015.8.0

    Ensure the IAM user access_key_id is absent.

    access_key_id (list)
        A list of access key ids

    user_name (string)
        The username of the user

    region (string)
        Region to connect to.

    key (string)
        Secret key to be used.

    keyid (string)
        Access key to be used.

    profile (dict)
        A dict with region, key and keyid, or a pillar key (string)
        that contains a dict with region, key and keyid.
    unameuresultuucommentuchangesuboto_iam.get_useruIAM User {0} does not exist.(RRRRR$(taccess_keysRRRRRR+R((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pytkeys_absent�s"

"c
C@s�tdd|d|d|d|d|�}tjd||�t|tj�r�tjd|�d	j|d
dj|�g�|d
<|S|dd
d}x |D]}tjd|d|�tj|d�tj|�kr�t	dr
dj|�|d
<d|d<|Std||||||�}	|	rjd	j|d
dj|�g�|d
<d|d|<|Sd	j|d
dj|�g�|d
<|Sd	j|d
dj|�g�|d
<|SWdS(Nuboto_iam.get_all_access_keysRRRRRuKeys for user %s are : %s.u+Keys %s are a string. Something went wrong.u ucommentuKey {0} could not be deleted.ulist_access_keys_responseulist_access_keys_resultuaccess_key_metadatau#Key is: %s and is compared with: %su
access_key_idutestu$Access key {0} is set to be deleted.uresultuboto_iam.delete_access_keyuKey {0} has been deleted.udeleteduchangesuKey {0} does not exist.(RRR RRR9R"RRR!R#(
R+t
access_key_idRRRRRR,RR3((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pyR$�s2&
"

&&&c
C@s�i|d6td6dd6id6}
|s1i}n|s@g}n|sOg}ni}x+|D]#}td|�}
|j|
�q\W|j|�td|||||	�}|s�tdr�d	j|�|
d<d|
d<|
Std
||||||	�}|rd||
dd<dj|
dd
j|�g�|
d<|r]t|
||||||	�}
nt||||||	�}t	j|
d|d�|
d<dj|
d|dg�|
d<qdn�dj|
ddj|�g�|
d<|r
t|
||||||	�}
nt||||||	�}t	j|
d|d�|
d<dj|
d|dg�|
d<t
||||||	�}t	j|
d|d�|
d<dj|
d|dg�|
d<|ds�|d|
d<|
S|
S(u

    .. versionadded:: 2015.8.0

    Ensure the IAM user is present

    name (string)
        The name of the new user.

    policies (dict)
        A dict of IAM group policy documents.

    policies_from_pillars (list)
        A list of pillars that contain role policy dicts. Policies in the
        pillars will be merged in the order defined in the list and key
        conflicts will be handled by later defined keys overriding earlier
        defined keys. The policies defined here will be merged with the
        policies defined in the policies argument. If keys conflict, the keys
        in the policies argument will override the keys defined in
        policies_from_pillars.

    managed_policies (list)
        A list of managed policy names or ARNs that should be attached to this
        user.

    password (string)
        The password for the new user. Must comply with account policy.

    path (string)
        The path of the user. Default is '/'.

        .. versionadded:: 2015.8.2

    region (string)
        Region to connect to.

    key (string)
        Secret key to be used.

    keyid (string)
        Access key to be used.

    profile (dict)
        A dict with region, key and keyid, or a pillar key (string)
        that contains a dict with region, key and keyid.
    unameuresultuucommentuchangesu
pillar.getuboto_iam.get_userutestu"IAM user {0} is set to be created.uboto_iam.create_useruuseru uUser {0} has been created.uUser {0} is present.N(RRtupdateR!RR#R"t_case_passwordt_user_policies_presentt
dictupdatet_user_policies_attached(R'tpoliciestpolicies_from_pillarstmanaged_policiestpasswordR7RRRRR+t	_policiestpolicyt_policytexistsRLR2((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pytuser_present�sP0"			



&!'&!!!
c
C@sRitd6dd6id6}i}g}x�tj|�D]�\}	}
t|
tj�r|ttjjj	|
dt
j��}nt|
�}ttd||	||||��}||kr7t
jd||�|
||	<q7q7Wtdd	|d
|d|d|d
|�}
x*|
D]"}	|	|kr|j|	�qqW|sA|rNt|�}|j|�tdr�djdj|�|�|d<d|d<|Si|
d6|dd<x�tj|�D]�\}	}
td||	|
||||�}|s�tdd	|d
|d|d|d
|�}
i|
d6|dd<t|d<dj|	|�|d<|Sq�Wx�|D]�}	td||	||||�}|sYtdd	|d
|d|d|d
|�}
i|
d6|dd<t|d<dj|	|�|d<|SqYWtdd	|d
|d|d|d
|�}
i|
d6|dd<djdj|
�|�|d<n|S(Nuresultuucommentuchangestobject_pairs_hookuboto_iam.get_user_policyuPolicy mismatch:
%s
%suboto_iam.get_all_user_policiesRRRRRutestu({0} policies to be modified on user {1}.u, upoliciesuolduboto_iam.put_user_policyunewu%Failed to add policy {0} for user {1}uboto_iam.delete_user_policyu$Failed to add policy {0} to user {1}u"{0} policies modified on user {1}.(RRRRR9R	R<R=tjsontloadstodicttOrderedDictRRR tappendR
textendR!RR"R#R(R'R\RRRRR+tpolicies_to_createtpolicies_to_deletetpolicy_nameRatdict_policyRbt_listt
_to_modifyt
policy_settpolicy_unset((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pyRY<sb'%
!




!


!

!"cC@s�itd6dd6id6}g}g}x�|p3gD]�}	td|	ddd|d	|d
|d|�}
t}x9|
jdg�D]%}||jd
�kr�t}Pq�q�W|s4|j|	�q4q4Wtd|d|d	|d
|d|�}
g|
D]}|jd�^q�}xQ|
D]I}|jd�|kr|jd�|kr|j|jd��qqW|sn|r�t|�}|j|�tdr�djdj	|�|�|d<d|d<|Si|d6|dd<x�|D]�}td||d|d	|d
|d|�}|s�td|d|d	|d
|d|�}
g|
D]}|jd�^q@}i|d6|dd<t|d<dj||�|d<|Sq�Wx�|D]�}td||d|d	|d
|d|�}|s�td|d|d	|d
|d|�}
g|
D]}|jd�^q}i|d6|dd<t|d<dj||�|d<|Sq�Wtd|d|d	|d
|d|�}
g|
D]}|jd�^q�}tj|�i|d6|dd<djdj	|�|�|d<n|S(Nuresultuucommentuchangesu!boto_iam.list_entities_for_policyt
entity_filteruUserRRRRupolicy_usersu	user_nameu$boto_iam.list_attached_user_policiesu
policy_arnupolicy_nameutestu({0} policies to be modified on user {1}.u, umanaged_policiesuolduboto_iam.attach_user_policyunewu$Failed to add policy {0} to user {1}uboto_iam.detach_user_policyu)Failed to remove policy {0} from user {1}u"{0} policies modified on user {1}.(
RRRtgetRjR
RkR!RR"R#RR (R'R^RRRRR+tpolicies_to_attachtpolicies_to_detachRatentitiestfoundtuserdictRptxtoldpoliciestpolicy_dataRqRnRrtnewpoliciesRs((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pyR[ws�
		"





		"


		"
	"
"cC@sitd6dd6id6}tdd|d|d|d	|d
|�}g|D]}|jd�^qM}|s�dj|�|d<|Std
r�djdj|�|�|d<d|d<|Si|d6|dd<x�|D]�}	td|	|d|d|d	|d
|�}
|
s�td|d|d|d	|d
|�}g|D]}|jd�^q>}i|d6|dd<t|d<dj|	|�|d<|Sq�Wtd|d|d|d	|d
|�}g|D]}|jd�^q�}i|d6|dd<djdj|�|�|d<|S(Nuresultuucommentuchangesu$boto_iam.list_attached_user_policiesRRRRRu
policy_arnu!No attached policies in user {0}.utestu*{0} policies to be detached from user {1}.u, umanaged_policiesuolduboto_iam.detach_user_policyunewu"Failed to detach {0} from user {1}u${0} policies detached from user {1}.(RRRuRR!R"R#R(R'RRRRR+RpR{R|t
policy_arnRsR~((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pyR%�sB"



		"
"c
C@s�itd6dd6id6}tdd|d|d|d	|d
|�}|scdj|�|d<|Stdr�d
jdj|�|�|d<d|d<|Si|d6|dd<x�|D]�}td||d|d|d	|d
|�}|s�td|d|d|d	|d
|�}	i|	d6|dd<t|d<dj||�|d<|Sq�Wtd|d|d|d	|d
|�}	i|	d6|dd<djdj|�|�|d<|S(Nuresultuucommentuchangesuboto_iam.get_all_user_policiesRRRRRuNo inline policies in user {0}.utestu){0} policies to be deleted from user {1}.u, uinline_policiesuolduboto_iam.delete_user_policyunewu"Failed to detach {0} from user {1}u#{0} policies deleted from user {1}.(RRRR!R"R#R(
R'RRRRR+R|Rntpolicy_deletedR~((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pyR&�s<



		
cC@stdr+dj|�|d<d|d<|Std||||||�}tjd|�|r�d|kr�dj|dd	j|�g�|d<q�dj|dd
j|�g�|d<d|dd
<n0t|d<dj|ddj|�g�|d<|S(Nutestu*Login policy for {0} is set to be changed.ucommenturesultuboto_iam.create_login_profileuLogin is : %s.uConflictu u"Login profile for user {0} exists.u$Password has been added to User {0}.uREDACTEDuchangesupassworduJPassword for user {0} could not be set.
Please check your password policy.(R!RR#RRR R"R(R+R'R_RRRRtlogin((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pyRXs

)&
&c	C@sBi|d6td6dd6id6}td|||||�s_t|d<dj|�|d<|Stdr�d	j|dd
j|�g�|d<d|d<nht|||||�}d	j|d|dg�|d<|ds|d|d<|dtkr|SntdrAd	j|ddj|�g�|d<d|d<nht|||||�}d	j|d|dg�|d<|ds�|d|d<|dtkr�|Snd	j|ddj|�g�|d<td
d|d|d|d|d|�}t	|g||||||�}t
j|d|d�|d<d	j|d|dg�|d<|dsv|d|d<|Stdr�d	j|ddj|�g�|d<d|d<|Std|||||�}|tkrd	j|ddj|�g�|d<t|d<||dd<|Sdj||�|d<t|d<|S(u�

    .. versionadded:: 2015.8.0

    Ensure the IAM group is absent.

    name (string)
        The name of the group.

    region (string)
        Region to connect to.

    key (string)
        Secret key to be used.

    keyid (string)
        Access key to be used.

    profile (dict)
        A dict with region, key and keyid, or a pillar key (string)
        that contains a dict with region, key and keyid.
    unameuresultuucommentuchangesuboto_iam.get_groupuIAM Group {0} does not exist.utestu u6IAM group {0} managed policies are set to be detached.u4IAM group {0} inline policies are set to be deleted.u*IAM group {0} users are set to be removed.uboto_iam.get_group_memberst
group_nameRRRRu#IAM group {0} is set to be deleted.uboto_iam.delete_groupuIAM group {0} is deleted.udeletedu(IAM group {0} could not be deleted.
 {1}N(RRRR!R"R#t_group_policies_detachedRt_group_policies_deletedt_case_groupRZRW(	R'RRRRR+R2texisting_usersR3((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pytgroup_absent(sX"

&
!

&
!
&+!!

&
&

u/c
C@si|d6td6dd6id6}|s1i}n|s@g}n|sOg}ni}x+|D]#}
td|
�}|j|�q\W|j|�tdd|d	|d
|d|d|	�}|s{td
r�dj|�|d<d|d<|Stdd|d|d	|d
|d|d|	�}|sDdj|�|d<t|d<|S||dd<dj|ddj|�g�|d<n&dj|ddj|�g�|d<t||||||	|
�}t	j|d|d�|d<dj|d|dg�|d<|ds|d|d<|St
||||||	|
�}t	j|d|d�|d<dj|d|dg�|d<|ds�|d|d<|S|dk	r�tjd|�tdd|d	|d
|d|d|	�}t
||||||||	�}n|S(u

    .. versionadded:: 2015.8.0

    Ensure the IAM group is present

    name (string)
        The name of the new group.

    path (string)
        The path for the group, defaults to '/'

    policies (dict)
        A dict of IAM group policy documents.

    policies_from_pillars (list)
        A list of pillars that contain role policy dicts. Policies in the
        pillars will be merged in the order defined in the list and key
        conflicts will be handled by later defined keys overriding earlier
        defined keys. The policies defined here will be merged with the
        policies defined in the policies argument. If keys conflict, the keys
        in the policies argument will override the keys defined in
        policies_from_pillars.

    managed_policies (list)
        A list of policy names or ARNs that should be attached to this group.

    users (list)
        A list of users to be added to the group.

    region (string)
        Region to connect to.

    key (string)
        Secret key to be used.

    keyid (string)
        Access key to be used.

    profile (dict)
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.

    delete_policies (boolean)
        Delete or detach existing policies that are not in the given list of policies.
        Default value is ``True``. If ``False`` is specified, existing policies
        will not be deleted or detached allowing manual modifications on the IAM group
        to be persistent.
    unameuresultuucommentuchangesu
pillar.getuboto_iam.get_groupR�RRRRutestu#IAM group {0} is set to be created.uboto_iam.create_groupR7uFailed to create IAM group {0}.ugroupu uGroup {0} has been created.uGroup {0} is present.uUsers are : %s.uboto_iam.get_group_membersN(RRRWR!RR#RR"t_group_policies_presentRZt_group_policies_attachedRR R�(R'R\R]R^tusersR7RRRRtdelete_policiesR+R`RaRbRcRLR2R�((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pyt
group_presentpsX2"			

+

1
)&!
!
+$c
C@sg}x|D]}	|j|	d�q
Wtjd|�x�|D]�}	tjd|	�|	|kr�tjd�dj|ddj|	|�g�|d<q?q?tjd|	�td	r�d
j|	|�|d<d|d<q?td|	|||||�dj|dd
j|	|�g�|d<||d|	<q?Wx�|D]�}	|	|kr9td	r�dj|ddj|	|�g�|d<d|d<q�tdd|d|	d|d|d|d|�dj|ddj|	|�g�|d<dj|�|d|	<q9q9W|S(Nu	user_nameuupstream users are %suusers are %suuser existsu ucommentu*User {0} is already a member of group {1}.uuser is set to be added %sutestu)User {0} is set to be added to group {1}.uresultuboto_iam.add_user_to_groupu%User {0} has been added to group {1}.uchangesu-User {0} is set to be removed from group {1}.uboto_iam.remove_user_from_groupR�RRRRRu)User {0} has been removed from group {1}.uRemoved from group {0}.(RjRR R"RR!R#R(
R+R�R�R�RRRRt_userstuser((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pyR��s6


)

)

)
)c
C@sitd6dd6id6}i}g}	x�tj|�D]�\}
}t|tj�r|ttjjj	|dt
j��}nt|�}ttd||
||||��}
|
|kr7t
jd|
|�|||
<q7q7Wtd|||||�}x0|D](}
|r|
|kr|	j|
�qqW|s8|	rt|	�}|j|�td	r�d
jdj|�|�|d<d|d<|Si|d6|dd
<x�tj|�D]�\}
}td||
|||||�}|s�td|||||�}i|d6|dd<t|d<dj|
|�|d<|Sq�Wx�|	D]�}
td||
||||�}|sAtd|||||�}i|d6|dd<t|d<dj|
|�|d<|SqAWtd|||||�}i|d6|dd<djdj|�|�|d<n|S(NuresultuucommentuchangesReuboto_iam.get_group_policyuPolicy mismatch:
%s
%suboto_iam.get_all_group_policiesutestu){0} policies to be modified on group {1}.u, upoliciesuolduboto_iam.put_group_policyunewu%Failed to add policy {0} to group {1}uboto_iam.delete_group_policyu#{0} policies modified on group {1}.(RRRRR9R	R<R=RfRgRhRiRRR RjR
RkR!RR"R#R(R'R\RRRRR�R+RlRmRnRaRoRbRpRqRrRs((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pyR��sb'%






"cC@s�itd6dd6id6}g}g}	x�|p3gD]�}
td|
ddd|d	|d
|d|�}t}x9|jdg�D]%}
||
jd
�kr�t}Pq�q�W|s4|j|
�q4q4Wtd|d|d	|d
|d|�}g|D]}|jd�^q�}xW|D]O}|r|jd�|kr|jd�|kr|	j|jd��qqW|st|	r�t|	�}|j|�tdr�djdj	|�|�|d<d|d<|Si|d6|dd<x�|D]�}td||d|d	|d
|d|�}|s�td|d|d	|d
|d|�}g|D]}|jd�^qF}i|d6|dd<t|d<dj||�|d<|Sq�Wx�|	D]�}td||d|d	|d
|d|�}|s�td|d|d	|d
|d|�}g|D]}|jd�^q}i|d6|dd<t|d<dj||�|d<|Sq�Wtd|d|d	|d
|d|�}g|D]}|jd�^q�}tj|�i|d6|dd<djdj	|�|�|d<n|S(Nuresultuucommentuchangesu!boto_iam.list_entities_for_policyRtuGroupRRRRu
policy_groupsu
group_nameu%boto_iam.list_attached_group_policiesu
policy_arnupolicy_nameutestu){0} policies to be modified on group {1}.u, umanaged_policiesuolduboto_iam.attach_group_policyunewu%Failed to add policy {0} to group {1}uboto_iam.detach_group_policyu*Failed to remove policy {0} from group {1}u#{0} policies modified on group {1}.(
RRRRuRjR
RkR!RR"R#RR (R'R^RRRRtdetach_policiesR+RvRwRaRxRyt	groupdictRpR{R|R}RqRnRrR~Rs((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pyR�6s�
		"





		"


		"
"
"cC@sitd6dd6id6}tdd|d|d|d	|d
|�}g|D]}|jd�^qM}|s�dj|�|d<|Std
r�djdj|�|�|d<d|d<|Si|d6|dd<x�|D]�}	td|	|d|d|d	|d
|�}
|
s�td|d|d|d	|d
|�}g|D]}|jd�^q>}i|d6|dd<t|d<dj|	|�|d<|Sq�Wtd|d|d|d	|d
|�}g|D]}|jd�^q�}i|d6|dd<djdj|�|�|d<|S(Nuresultuucommentuchangesu%boto_iam.list_attached_group_policiesR�RRRRu
policy_arnu"No attached policies in group {0}.utestu+{0} policies to be detached from group {1}.u, umanaged_policiesuolduboto_iam.detach_group_policyunewu#Failed to detach {0} from group {1}u%{0} policies detached from group {1}.(RRRuRR!R"R#R(R'RRRRR+RpR{R|RRsR~((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pyR��sB"



		"
"c
C@s�itd6dd6id6}tdd|d|d|d	|d
|�}|scdj|�|d<|Stdr�d
jdj|�|�|d<d|d<|Si|d6|dd<x�|D]�}td||d|d|d	|d
|�}|s�td|d|d|d	|d
|�}	i|	d6|dd<t|d<dj||�|d<|Sq�Wtd|d|d|d	|d
|�}	i|	d6|dd<djdj|�|�|d<|S(Nuresultuucommentuchangesuboto_iam.get_all_group_policiesR�RRRRu No inline policies in group {0}.utestu*{0} policies to be deleted from group {1}.u, uinline_policiesuolduboto_iam.delete_group_policyunewu#Failed to detach {0} from group {1}u${0} policies deleted from group {1}.(RRRR!R"R#R(
R'RRRRR+R|RnR�R~((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pyR��s<



		
cC@s�t�}idd6td6dd6id6}td|
|||
�}|sbd|d<t|d<|Sx�|j�D]�\}}|dkr�qon|dk	rotj||�tj|�j�krod
j	|ddj
|||�g�|d<tj|�j�|d|<qoqoW|ds*d|d<|StdrLd|d<d|d<|Std|||||||||	|
|||
�
r�|Sd|d<i|d<t|d<|S(u�
    Change account policy.

    .. versionadded:: 2015.8.0

    name (string)
        The name of the account policy

    allow_users_to_change_password (bool)
        Allows all IAM users in your account to
        use the AWS Management Console to change their own passwords.

    hard_expiry (bool)
        Prevents IAM users from setting a new password after their
        password has expired.

    max_password_age (int)
        The number of days that an IAM user password is valid.

    minimum_password_length (int)
        The minimum number of characters allowed in an IAM user password.

    password_reuse_prevention (int)
        Specifies the number of previous passwords
        that IAM users are prevented from reusing.

    require_lowercase_characters (bool)
        Specifies whether IAM user passwords
        must contain at least one lowercase character from the ISO basic Latin alphabet (a to z).

    require_numbers (bool)
        Specifies whether IAM user passwords must contain at
        least one numeric character (0 to 9).

    require_symbols (bool)
        Specifies whether IAM user passwords must contain at
        least one of the following non-alphanumeric characters: ! @ # $ % ^ & * ( ) _ + - = [ ] { } | '

    require_uppercase_characters (bool)
        Specifies whether IAM user passwords must
        contain at least one uppercase character from the ISO basic Latin alphabet (A to Z).

    region (string)
        Region to connect to.

    key (string)
        Secret key to be used.

    keyid (string)
        Access key to be used.

    profile (dict)
        A dict with region, key and keyid, or a pillar key (string)
    uAccount Policyunameuresultuucommentuchangesuboto_iam.get_account_policyuAccount policy is not Enabled.uregionukeyukeyiduprofileu u%Policy value {0} has been set to {1}.uAccount policy is not changed.utestu$Account policy is set to be changed.u'boto_iam.update_account_password_policy(uregionukeyukeyiduprofileunameN(tlocalsRRRR@R#RRtlowerR"RR!(R'tallow_users_to_change_passwordthard_expirytmax_password_agetminimum_password_lengthtpassword_reuse_preventiontrequire_lowercase_characterstrequire_numberstrequire_symbolstrequire_uppercase_charactersRRRRtconfigR+tinfotvalue((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pytaccount_policy�sF<	"

4-$








cC@s�i|d6td6dd6id6}td|||||�}|s[dj|�|d<|Stdr�d	j|�|d<d
|d<|Std
|||||�}|s�t|d<dj|�|d<|Sdj|�|d<||d<|S(u�
    Deletes a server certificate.

    .. versionadded:: 2015.8.0

    name (string)
        The name for the server certificate. Do not include the path in this value.

    region (string)
        The name of the region to connect to.

    key (string)
        The key to be used in order to connect

    keyid (string)
        The keyid to be used in order to connect

    profile (string)
        The profile that contains a dict of region, key, keyid
    unameuresultuucommentuchangesuboto_iam.get_server_certificateuCertificate {0} does not exist.utestu,Server certificate {0} is set to be deleted.uboto_iam.delete_server_certu%Certificate {0} failed to be deleted.uCertificate {0} was deleted.N(RRRR!R#R(R'RRRRR+RcR3((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pytserver_cert_absent4s""



c	
C@sGi|d6td6dd6id6}	td|||||�}
tjdt��|
rndj|�|	d<|	Sd	|kr�ytd
|�}Wq�tk
r�}tj|�dj|�|	d<t|	d<|	SXnd	|kr6ytd
|�}Wq6tk
r2}tj|�dj|�|	d<t|	d<|	SXn|dk	r�d	|kr�ytd
|�}Wq�tk
r�}tj|�dj|�|	d<t|	d<|	SXnt	dr�d
j|�|	d<d|	d<|	Std|||||||||�	}|tk	r&dj|�|	d<||	d<|	St|	d<dj|�|	d<|	S(uo
    Crete server certificate.

    .. versionadded:: 2015.8.0

    name (string)
        The name for the server certificate. Do not include the path in this value.

    public_key (string)
        The contents of the public key certificate in PEM-encoded format.

    private_key (string)
        The contents of the private key in PEM-encoded format.

    cert_chain (string)
        The contents of the certificate chain. This is typically a
        concatenation of the PEM-encoded public key certificates of the chain.

    path (string)
        The path for the server certificate.

    region (string)
        The name of the region to connect to.

    key (string)
        The key to be used in order to connect

    keyid (string)
        The keyid to be used in order to connect

    profile (string)
        The profile that contains a dict of region, key, keyid
    unameuresultuucommentuchangesuboto_iam.get_server_certificateuVariables are : %s.uCertificate {0} exists.usalt://ucp.get_file_struFile {0} not found.utestu,Server certificate {0} is set to be created.uboto_iam.upload_server_certuCertificate {0} was created.u%Certificate {0} failed to be created.N(
RRRR R�RRDRR#R!(
R't
public_keytprivate_keyt
cert_chainR7RRRRR+RcteRL((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pytserver_cert_present\sV#"









cC@s4i|d6td6dd6id6}td|||||�}	|	s�tdrodj|�|d<d%|d<|Std	||||||||�}
|
r�|
|dd
<dj|ddj|�g�|d<q0t|d<d
|d<i|d<|Sn:|	jd
i�}	dj|ddj|�g�|d<td||	jd�||||�jdi�}t|dt	j
�r�tjj
j|d�}n
|d}t|t	j
�r�tjj
j|�}ntjjj||�}
t|
�r0tdrdj|�|d<d%|d<|Sdj|ddg�|d<tjj
j|�}tdd|d|dtd|d|d|d|�}
|
jd�s�t|d<dj|
dd �|d<i|d<|Std!d|d"|	dd|d|d|d|�||djd#i�d<|d|djd$i�d<n|S(&u|

    .. versionadded:: 2015.8.0

    Ensure the IAM managed policy is present

    name (string)
        The name of the new policy.

    policy_document (dict)
        The document of the new policy

    path (string)
        The path in which the policy will be created. Default is '/'.

    description (string)
        Description

    region (string)
        Region to connect to.

    key (string)
        Secret key to be used.

    keyid (string)
        Access key to be used.

    profile (dict)
        A dict with region, key and keyid, or a pillar key (string)
        that contains a dict with region, key and keyid.
    unameuresultuucommentuchangesuboto_iam.get_policyutestu$IAM policy {0} is set to be created.uboto_iam.create_policyupolicyu uPolicy {0} has been created.uFailed to update policy.uPolicy {0} is present.uboto_iam.get_policy_versionudefault_version_idupolicy_versionudocumentuPolicy {0} set to be modified.uPolicy to be modifieduboto_iam.create_policy_versionRntpolicy_documenttset_as_defaultRRRRucreateduFailed to update policy: {0}.uerrorumessageuboto_iam.delete_policy_versiont
version_idunewuoldN(RRR!RR#R"RRuRRR9R<R=RfRgtdatat
compare_dictstbooltdumpst
setdefault(R'R�R7tdescriptionRRRRR+RaRLt	_describetdescribeDicttr((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pytpolicy_present�sb!"

%)


&






!c	
C@s�i|d6td6dd6id6}td|d|d|d	|d
|�}|sgdj|�|d<|Stdr�d
j|�|d<d|d<|Std|d|d|d	|d
|�}|rVx�|D]�}|jdt�dtfkr�q�ntd|d|jd�d|d|d	|d
|�}|s�t|d<dj|�|d<|Sq�Wntd|d|d|d	|d
|�}|s�t|d<dj|�|d<|Si|d6|dd<idd6|dd<dj|�|d<|S(u�

    .. versionadded:: 2015.8.0

    Ensure the IAM managed policy with the specified name is absent

    name (string)
        The name of the new policy.

    region (string)
        Region to connect to.

    key (string)
        Secret key to be used.

    keyid (string)
        Access key to be used.

    profile (dict)
        A dict with region, key and keyid, or a pillar key (string)
        that contains a dict with region, key and keyid.
    unameuresultuucommentuchangesuboto_iam.policy_existsRRRRuPolicy {0} does not exist.utestu Policy {0} is set to be removed.uboto_iam.list_policy_versionsuis_default_versionutrueuboto_iam.delete_policy_versionR�u
version_iduFailed to delete policy {0}.uboto_iam.delete_policyupolicyuoldunewuPolicy {0} deleted.N(RRRR!R#RuR(	R'RRRRR+R�tversionstversion((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pyt
policy_absent
sH"








c
C@s�i|d6td6dd6id6}d|kr�y!td|�}tj|�Wq�tk
r�}tj|�dj|�|d<t|d<|SXnxPtd	d
|d|d|d
|�D])}||kr�dj|�|d<|Sq�Wt	drdj|�|d<d|d<|Std||d
|d|d|d
|�}	|	rgdj|�|d<||dd<|St|d<dj|�|d<|S(u
    .. versionadded:: 2016.11.0

    Ensure the SAML provider with the specified name is present.

    name (string)
        The name of the SAML provider.

    saml_metadata_document (string)
        The xml document of the SAML provider.

    region (string)
        Region to connect to.

    key (string)
        Secret key to be used.

    keyid (string)
        Access key to be used.

    profile (dict)
        A dict with region, key and keyid, or a pillar key (string)
        that contains a dict with region, key and keyid.
    unameuresultuucommentuchangesusalt://ucp.get_file_stru7SAML document file {0} not found or could not be loadeduboto_iam.list_saml_providersRRRRuSAML provider {0} is present.utestu&SAML provider {0} is set to be create.uboto_iam.create_saml_provideruSAML provider {0} was created.unewu'SAML provider {0} failed to be created.N(RRtETt
fromstringRDRR RRR!R#(
R'tsaml_metadata_documentRRRRR+R�tproviderRL((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pytsaml_provider_presentKs<"




	
c
C@si|d6td6dd6id6}tdd|d|d	|d
|�}t|�dkrpdj|�|d<|Std
r�dj|�|d<d|d<|Std|d|d|d	|d
|�}|tk	r�dj|�|d<||dd<|St|d<dj|�|d<|S(u
    .. versionadded:: 2016.11.0

    Ensure the SAML provider with the specified name is absent.

    name (string)
        The name of the SAML provider.

    saml_metadata_document (string)
        The xml document of the SAML provider.

    region (string)
        Region to connect to.

    key (string)
        Secret key to be used.

    keyid (string)
        Access key to be used.

    profile (dict)
        A dict with region, key and keyid, or a pillar key (string)
        that contains a dict with region, key and keyid.
    unameuresultuucommentuchangesuboto_iam.list_saml_providersRRRRiuSAML provider {0} is absent.utestu'SAML provider {0} is set to be removed.uboto_iam.delete_saml_provideruSAML provider {0} was deleted.uoldu'SAML provider {0} failed to be deleted.N(RRR;RR!R#R(R'RRRRR+R�R3((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pytsaml_provider_absent�s*"	

	
cC@sWdj|jd�d�}tj|�}|ddj}|ddj}||fS(Nu
iii(R"tsplitR�R�R(RHtcodeRI((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pyR:�s
(=t__doc__t
__future__RRRtloggingR6tsalt.utils.dataR<tsalt.utils.filestsalt.utils.jsontsalt.utils.stringutilstsalt.utils.odictR=Rhtsalt.utils.dictupdateRZtsalt.extRtsalt.ext.six.movesRtsalt._compatRR�RRtImportErrorRt	getLoggert__name__RRtPY2R	RR#R4RSRUR$RdRYR[R%R&RXR�R�R�R�R�R�R�R�R�R�R�R�R�R�R:(((s8/usr/lib/python2.7/site-packages/salt/states/boto_iam.pyt<module>�s�


	
		
yg$Z=K&!H'c	#=I&!\(O^@90

Zerion Mini Shell 1.0