%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python2.7/site-packages/salt/states/
Upload File :
Create Path :
Current File : //lib/python2.7/site-packages/salt/states/boto_s3_bucket.pyc

�
���^c@@s dZddlmZmZmZddlZddlZddlZddl	m
Z
eje�Z
d�Zd�Zd�Zd�Zd	�Zeeeed
�Zd�Zd�Zd
�Zd�Zeeeeeeeeeeeeeeeed�Zeeeeed�ZdS(uL
Manage S3 Buckets
=================

.. versionadded:: 2016.3.0

Create and destroy S3 buckets. Be aware that this interacts with Amazon's services,
and so may incur charges.

:depends:
    - boto
    - boto3

The dependencies listed above can be installed via package or pip.

This module accepts explicit vpc credentials but can also utilize
IAM roles assigned to the instance through Instance Profiles. Dynamic
credentials are then automatically obtained from AWS API and no further
configuration is necessary. More information available `here
<http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html>`_.

If IAM roles are not used you need to specify them either in a pillar file or
in the minion's config file:

.. code-block:: yaml

    vpc.keyid: GKTADJGHEIQSXMKKRBJ08H
    vpc.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

It's also possible to specify ``key``, ``keyid`` and ``region`` via a profile,
either passed in as a dict, or as a string to pull from pillars or minion
config:

.. code-block:: yaml

    myprofile:
        keyid: GKTADJGHEIQSXMKKRBJ08H
        key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
        region: us-east-1

.. code-block:: text

    Ensure bucket exists:
        boto_s3_bucket.present:
            - Bucket: mybucket
            - LocationConstraint: EU
            - ACL:
              - GrantRead: "uri=http://acs.amazonaws.com/groups/global/AllUsers"
            - CORSRules:
              - AllowedHeaders: []
                AllowedMethods: ["GET"]
                AllowedOrigins: ["*"]
                ExposeHeaders: []
                MaxAgeSeconds: 123
            - LifecycleConfiguration:
              - Expiration:
                  Days: 123
                ID: "idstring"
                Prefix: "prefixstring"
                Status: "enabled",
                ID: "lc1"
                Transitions:
                  - Days: 123
                    StorageClass: "GLACIER"
                NoncurrentVersionTransitions:
                  - NoncurrentDays: 123
                    StorageClass: "GLACIER"
                NoncurrentVersionExpiration:
                  NoncurrentDays: 123
            - Logging:
                TargetBucket: log_bucket
                TargetPrefix: prefix
                TargetGrants:
                  - Grantee:
                      DisplayName: "string"
                      EmailAddress: "string"
                      ID: "string"
                      Type: "AmazonCustomerByEmail"
                      URI: "string"
                    Permission: "READ"
            - NotificationConfiguration:
                LambdaFunctionConfiguration:
                  - Id: "string"
                    LambdaFunctionArn: "string"
                    Events:
                      - "s3:ObjectCreated:*"
                    Filter:
                      Key:
                        FilterRules:
                          - Name: "prefix"
                            Value: "string"
            - Policy:
                Version: "2012-10-17"
                Statement:
                  - Sid: "String"
                    Effect: "Allow"
                    Principal:
                      AWS: "arn:aws:iam::133434421342:root"
                    Action: "s3:PutObject"
                    Resource: "arn:aws:s3:::my-bucket/*"
            - Replication:
                Role: myrole
                Rules:
                  - ID: "string"
                    Prefix: "string"
                    Status: "Enabled"
                    Destination:
                      Bucket: "arn:aws:s3:::my-bucket"
            - RequestPayment:
                Payer: Requester
            - Tagging:
                tag_name: tag_value
                tag_name_2: tag_value
            - Versioning:
                Status: "Enabled"
            - Website:
                ErrorDocument:
                  Key: "error.html"
                IndexDocument:
                  Suffix: "index.html"
                RedirectAllRequestsTo:
                  Hostname: "string"
                  Protocol: "http"
                RoutingRules:
                  - Condition:
                      HttpErrorCodeReturnedEquals: "string"
                      KeyPrefixEquals: "string"
                    Redirect:
                      HostName: "string"
                      HttpRedirectCode: "string"
                      Protocol: "http"
                      ReplaceKeyPrefixWith: "string"
                      ReplaceKeyWith: "string"
            - region: us-east-1
            - keyid: GKTADJGHEIQSXMKKRBJ08H
            - key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

i(tabsolute_importtprint_functiontunicode_literalsN(tsixcC@sdtkrdStS(u)
    Only load if boto is available.
    uboto_s3_bucket.existsuboto_s3_bucket(t__salt__tFalse(((s>/usr/lib/python2.7/site-packages/salt/states/boto_s3_bucket.pyt__virtual__�scC@s)tj|�}d|kr%|d=n|S(NuType(tcopytdeepcopy(t	user_dicttret((s>/usr/lib/python2.7/site-packages/salt/states/boto_s3_bucket.pyt_normalize_user�s
c	C@s8tdd|d|d|d|�jd�}t|�S(Nuboto_s3_bucket.listtregiontkeytkeyidtprofileuOwner(RtgetR(RR
RRR
((s>/usr/lib/python2.7/site-packages/salt/states/boto_s3_bucket.pyt_get_canonical_id�s
	cC@s]tj|�}t|d�|d<x3|jdd�D]}t|jd��|d<q6W|S(uU
    Prepares the ACL returned from the AWS API for comparison with a given one.
    uOwneruGrantsuGrantee((RRRR(tACLR
titem((s>/usr/lib/python2.7/site-packages/salt/states/boto_s3_bucket.pyt_prep_acl_for_compare�s
cC@sd|krmtj|d�}t|d�|d<x3|jdd%�D]}t|jd��|d<qFW|Stj|�}|jidd6�igd6|d6}d|kr|d}|d&kr�|djiid
d6dd6d6d
d6�n|d	kr2|djiid
d6dd6d6dd6�n|dkru|djiidd6dd6dd6d6d
d6�n|dkr�|djiid
d6dd6d6d
d6�n|dkrx>d'D]3}|djiid
d6dd6d6|d6�q�Wqnx�d(d)d*d+d,fD]�\}}||krx�||jd!�D]�}|jd"�\}}	|d#kr�id
d6|	d6}
n)|d$kr�idd6|	d6}
ni}
|dji|
d6|d6�qCWqqW|ds�i|d6dd6g|d<n|S(-NuAccessControlPolicyuOwneruGrantsuGranteeu
CanonicalUseruTypeuACLupublic-readupublic-read-writeuGroupu/http://acs.amazonaws.com/groups/global/AllUsersuURIuREADu
PermissionuWRITEu
aws-exec-readuza-teamuDisplayNameu@6aa5a366c34c1cbe25dc49211496e913e0351eb0e8c37aa3477e40942ec6b97cuIDuauthenticated-readu9http://acs.amazonaws.com/groups/global/AuthenticatedUsersulog-delivery-writeuREAD_ACPu.http://acs.amazonaws.com/groups/s3/LogDeliveryuGrantFullControluFULL_CONTROLu	GrantReaduGrantReadACPu
GrantWriteu
GrantWriteACPu	WRITE_ACPu,u=uuriuid((upublic-readupublic-read-write(uWRITEuREAD_ACP(uGrantFullControluFULL_CONTROL(u	GrantReaduREAD(uGrantReadACPuREAD_ACP(u
GrantWriteuWRITE(u
GrantWriteACPu	WRITE_ACP(RRRRtupdatetappendtsplit(Rtowner_canonical_idR
Rtowner_canonical_granttaclt
permissionR
tkindtvaltgrantee((s>/usr/lib/python2.7/site-packages/salt/states/boto_s3_bucket.pyt
_acl_to_grant�s�











c	C@s||jd�r|Stdd|d|d|d|�}|rWd|krW|d}n|dkrld}nd	j||�S(
Nuarn:aws:iam:uboto_iam.get_account_idRR
RRuregionu	us-east-1uarn:aws:iam::{0}:role/{1}(t
startswithRtNonetformat(tnameRR
RRt
account_id((s>/usr/lib/python2.7/site-packages/salt/states/boto_s3_bucket.pyt
_get_role_arn%s

	cC@std||�S(Nuboto3.json_objs_equal(t	__utils__(tcurrenttdesiredRR
RR((s>/usr/lib/python2.7/site-packages/salt/states/boto_s3_bucket.pyt
_compare_json3scC@s/t||||�}td|t||��S(u�
    ACLs can be specified using macro-style names that get expanded to
    something more complex. There's no predictable way to reverse it.
    So expand all syntactic sugar in our input, and compare against that
    rather than the input itself.
    uboto3.json_objs_equal(RR&R(R'R(RR
RRtocid((s>/usr/lib/python2.7/site-packages/salt/states/boto_s3_bucket.pyt_compare_acl7scC@s
||kS(N((R'R(RR
RR((s>/usr/lib/python2.7/site-packages/salt/states/boto_s3_bucket.pyt_compare_policyBscC@sj|dk	rY|jd�rYtj|�}t|dd|d|d|d|�|d<ntd||�S(uL
    Replication accepts a non-ARN role name, but always returns an ARN
    uRoleRR
RRuboto3.json_objs_equalN(R!RRRR%R&(R'R(RR
RR((s>/usr/lib/python2.7/site-packages/salt/states/boto_s3_bucket.pyt_compare_replicationFs

"c#C@s�i|d6td6dd6id6}|dJkr>idd6}n|dJkrSi}n|
dJkroidd	6}
n|r�t|tj�r�tjjj|�}nt	d
|�}nt
dd|d
|d|d|d|�}d|krt|d<dj|dd�|d<|S|j
d�sHtdrLdj|�|d<dJ|d<|St
dd|d|d
|d|d|d|�}|j
d�s�t|d<dj|dd�|d<|Sx.d||fd|i|d6fd|i|d6fd||fd ||fd!|i|d"6fd#||fd$|	|	fd%|
|
fd&||fd'|
|
ffD]�\}}}|dJk	rUt
d(j|�d|d
|d|d|d||�}|j
d)�s�t|d<dj|dd�|d<|SqUqUWt
d*|d
|d|d|d|�}idJd+6|dd,<||dd-<d.j|�|d<|Sd/j|dd0j|�g�|d<i|d<t
d*d|d
|d|d|d|�}d|kr�t|d<d1j|dd�|d<i|d<|S|d+}t|�rt|j
d2��rid3d46}ndd|j
d�t|dJfd5d|j
d5�t|rdi|d6ndJd6fd7d|j
d7�t|r�i|d6ndJd8fd9d|j
d9i�j
d:�t|dJfd;d |j
d;�t|dJfd"d!|j
d"�t|ri|d"6ndJd<fd=d%|j
d=�t|
dJfd>d&|j
d>�t|d?fd@d'|j
d@�t|
dAfg	}d2d#|j
d2�t|p�idJf}dBd$|j
dBi�j
dC�t|	dDf}|	dJk	r�|j|�|j|�n|j|�|j|�t}x8|D]0\}}}}}} |d"kr�|dJk	r�|j
d"�}!t|!tj�r�t	d
itjjj|!�d"6�}q�q�n|||||||�st}|dkr�t|t||||��|djd-i�|<n||djd-i�|<||djd,i�|<tdsK| r�|dJkr�t
d(j| �d|d
|d|d|d|�}|j
dE�sEt|d<d1j|dd�|d<i|d<|SqHt
d(j|�d|d
|d|d|d||p�i�}|j
d)�sHt|d<d1j|dd�|d<i|d<|SqKqqW|r�tdr�dFj|�}"|"|d<dJ|d<|S|j
dGi�j
dH�|kr�dIj|�}"tj|"�t|d<d1j|"�|d<|S|S(Ku�
    Ensure bucket exists.

    name
        The name of the state definition

    Bucket
        Name of the bucket.

    LocationConstraint
        'EU'|'eu-west-1'|'us-west-1'|'us-west-2'|'ap-southeast-1'|'ap-southeast-2'|'ap-northeast-1'|'sa-east-1'|'cn-north-1'|'eu-central-1'

    ACL
        The permissions on a bucket using access control lists (ACL).

    CORSRules
        The cors configuration for a bucket.

    LifecycleConfiguration
        Lifecycle configuration for your bucket

    Logging
        The logging parameters for a bucket and to specify permissions for who
        can view and modify the logging parameters.

    NotificationConfiguration
        notifications of specified events for a bucket

    Policy
        Policy on the bucket

    Replication
        Replication rules. You can add as many as 1,000 rules.
        Total replication configuration size can be up to 2 MB

    RequestPayment
        The request payment configuration for a bucket. By default, the bucket
        owner pays for downloads from the bucket. This configuration parameter
        enables the bucket owner (only) to specify that the person requesting
        the download will be charged for the download

    Tagging
        A dictionary of tags that should be set on the bucket

    Versioning
        The versioning state of the bucket

    Website
        The website configuration of the bucket

    region
        Region to connect to.

    key
        Secret key to be used.

    keyid
        Access key to be used.

    profile
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.
    unameuresultuucommentuchangesuprivateuACLuBucketOwneruPayeru
boto3.ordereduboto_s3_bucket.existstBucketRR
RRuerroruFailed to create bucket: {0}.umessageuexistsutestu#S3 bucket {0} is set to be created.uboto_s3_bucket.createtLocationConstraintucreateduput_acluput_corsu	CORSRulesuput_lifecycle_configurationuRulesuput_logginguput_notification_configurationu
put_policyuPolicyuput_versioninguput_replicationuput_request_paymentuput_tagginguput_websiteuboto_s3_bucket.{0}uupdateduboto_s3_bucket.describeubucketuoldunewuS3 bucket {0} created.u uS3 bucket {0} is present.uFailed to update bucket: {0}.u
Versioningu	SuspendeduStatusuCORSudelete_corsuLifecycleConfigurationudelete_lifecycle_configurationuLogginguLoggingEnableduNotificationConfigurationu
delete_policyuRequestPaymentuTaggingudelete_tagginguWebsiteudelete_websiteuReplicationuReplicationConfigurationudelete_replicationudeletedu!S3 bucket {0} set to be modified.uLocationuLocationConstraintuOBucket {0} location does not match desired configuration, but cannot be changedN(tTrueR!t
isinstanceRtstring_typestsalttutilstjsontloadsR&RRR"Rt__opts__tjointboolR+R)R,R-RRRt
setdefaulttlogtwarning(#R#R.R/Rt	CORSRulestLifecycleConfigurationtLoggingtNotificationConfigurationtPolicytReplicationtRequestPaymenttTaggingt
VersioningtWebsiteRR
RRR
trtsetterttestvaltfuncargst	_describetconfig_itemstversioning_itemtreplication_itemRtvarnameR't
comparatorR(tdeleterttemptmsg((s>/usr/lib/python2.7/site-packages/salt/states/boto_s3_bucket.pytpresentQs0M

	



	

&



"%%%		


(2






!

c	
C@sti|d6td6dd6id6}td|d|d|d	|d
|�}d|krt|d<dj|dd
�|d<|S|r�|dr�dj|�|d<|Stdr�dj|�|d<d|d<|Std|d|d|d|d	|d
|�}|ds3t|d<dj|dd
�|d<|Si|d6|dd<idd6|dd<dj|�|d<|S(u�
    Ensure bucket with passed properties is absent.

    name
        The name of the state definition.

    Bucket
        Name of the bucket.

    Force
        Empty the bucket first if necessary - Boolean.

    region
        Region to connect to.

    key
        Secret key to be used.

    keyid
        Access key to be used.

    profile
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.
    unameuresultuucommentuchangesuboto_s3_bucket.existsRR
RRuerroruFailed to delete bucket: {0}.umessageuexistsuS3 bucket {0} does not exist.utestu#S3 bucket {0} is set to be removed.uboto_s3_bucket.deletetForceudeletedubucketuoldunewuS3 bucket {0} deleted.N(R0RRR"R7R!(	R#R.RURR
RRR
RG((s>/usr/lib/python2.7/site-packages/salt/states/boto_s3_bucket.pytabsent^s6






(t__doc__t
__future__RRRRtloggingtsalt.utils.jsonR3tsalt.extRt	getLoggert__name__R;RRRRRR!R%R)R+R,R-RTRRV(((s>/usr/lib/python2.7/site-packages/salt/states/boto_s3_bucket.pyt<module>�s@						h				�

Zerion Mini Shell 1.0