Vh<(dZ ddlmZddlmZddlmZddlmZddl m Z ddl m Z dd l mZdd l mZd ZGd d Zy#e$rY9wxYw)z@ Common Amazon Certificate Manager facts shared between modules ) BotoCoreError) ClientError)to_bytes)camel_dict_to_snake_dict)is_boto3_error_code)AWSRetry)ansible_dict_to_boto3_tag_list)boto3_tag_list_to_ansible_dictcfd}|S)Nc|jdd}|jdd}|jdg} |i|S#t|$rYyttf$r }|s|j ||Yd}~yd}~wwxYw)Nmoduleerrorignore_error_codesmsg)poprrr fail_json_aws)argskwargsrrrefuncs g/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/amazon/aws/plugins/module_utils/acm.pyrunnerz(acm_catch_boto_exception..runner"sHd+ 7D)#ZZ(||_|jd|_y)Nacm)rclient)selfrs r__init__zACMServiceManager.__init__6s mmE* rRequestInProgressException)delaycatch_extra_error_codesc<|jj|y)NCertificateArn)r"delete_certificate)r#arns rdelete_certificate_with_backoffz1ACMServiceManager.delete_certificate_with_backoff:s &&c&:rNc|jjd}ddgdii}|r||d<|jdi|jdS)Nlist_certificatesIncludeskeyTypes)RSA_1024RSA_2048RSA_3072RSA_4096 EC_prime256v1 EC_secp384r1 EC_secp521r1CertificateStatusesCertificateSummaryListr)r" get_paginatorpaginatebuild_full_result)r#statuses paginatorrs rlist_certificates_with_backoffz0ACMServiceManager.list_certificates_with_backoff?sgKK--.AB      ,4F( )!y!!+F+==?@XYYrResourceNotFoundExceptioncP|jj|}|d|ddS)Nr* CertificateCertificateChain)rDrE)r"get_certificate)r#certificate_arnresponses rget_certificate_with_backoffz.ACMServiceManager.get_certificate_with_backoffUs1 ;;..o.N' 6HUgLhiirc@|jj|dS)Nr*rD)r"describe_certificater#rGs r!describe_certificate_with_backoffz3ACMServiceManager.describe_certificate_with_backoff^s" {{///OP]^^rc@|jj|dS)Nr*Tags)r"list_tags_for_certificaterLs r"list_certificate_tags_with_backoffz4ACMServiceManager.list_certificate_tags_with_backoffes" {{44O4TU[\\rct|t|d}|r||d<|r||d<|jjdi|dS)N)rD PrivateKeyr+rEr)rr"import_certificate)r# certificate private_keycertificate_chainr-paramss rimport_certificate_with_backoffz1ACMServiceManager.import_certificate_with_backofflsT"*+!6h{F[\ '*F# $ ):F% &-t{{--778HIIrcTt|}|jj||y)N)r+rO)r r"add_tags_to_certificate)r#r-tagsaws_tagss rtag_certificate_with_backoffz.ACMServiceManager.tag_certificate_with_backoffys%2$7 ++3X+Nrcy tfdDxrtfdDS#ttf$r'}|jj |dYd}~yd}~wwxYw)NTc3&K|]}|v ywNr).0k cert_tagss r z0ACMServiceManager._match_tags..s8!qI~8sc3LK|]}j||k(ywra)get)rbrcrdref_tagss rrez0ACMServiceManager._match_tags..s'@sefqAQU]^_U`A`@ss!$zACM tag filtering errr)all TypeErrorAttributeErrorrr)r#rhrdrs `` r _match_tagszACMServiceManager._match_tagssf   F8x88sS@sjr@s=s s>* F KK % %a-D % E E Fs*2A(A##A()r-c|/t|dkr|jjd|d}d|}|j||j|y)Nz+Missing required certificate arn to delete.rzCouldn't delete certificate )rr)lenr fail_jsonr.)r#r-rrs rr,z$ACMServiceManager.delete_certificatesV ;4y1} %%*W%Xq'C.se4 ,,SE,Rr) domain_namer?r- only_tagscD|j||jd}fd}tt||} g} | D]} |j | d|jd| ddg} | /| d d vr=|j | d|jd | ddg} | b| j | t| } |j| d|jd | ddg}|t|}|j||s|| d <| j| | S)al Returns a list of certificates if domain_name is specified, returns only certificates with that domain if an ARN is specified, returns only that certificate only_tags is a dict, e.g. {'key':'value'}. If specified this function will return only certificates which contain all those tags (key exists, value matches). zCouldn't obtain certificates)r?rrc2r |dk7ryr |dk7ryy)N DomainNameFr+Tr)certr-rrs r_filter_certificatez?ACMServiceManager.get_certificates.._filter_certificates+tL1[@t,-4rr+z0Couldn't obtain certificate metadata for domain rvrB)rrrStatus)PENDING_VALIDATIONVALIDATION_TIMED_OUTFAILEDz,Couldn't obtain certificate data for domain z Couldn't obtain tags for domain r\) rArlistfilterrMrIupdaterrQr rlappend)r#rrr?r-rsrrall_certificatesrx certificatesresultsrU cert_data cert_infor\s ` ` rget_certificatesz"ACMServiceManager.get_certificatess >>dkk9W?  F#68HIJ '$ &K>>,-{{HUaIbHcd$?#@ ?I  "*bb == 01;;HUaIbHcd(C'D > $  +0;I::,-{{8\9R8ST$?#@ ;D |1$7D##It4 $If  NN9 %I$ &Jrc ||jjdd|}|j||j|}|dS)z returns the domain name of a certificate (encoded in the public cert) for a given ARN A cert with that ARN must already exist zEInternal error with ACM domain fetching, no certificate ARN specifiedrz)Couldn't obtain certificate data for arn )rGrrrv)rrqrM)r#r-rrrs rget_domain_of_certz$ACMServiceManager.get_domain_of_certsU ; KK ! !&m ! n;C5A::3W[WbWbjo:p &&r)r-rWr\c|}|||||jdd}|jd i|}|r'||k7r"|jjd|d| |j|||S#tt f$r} |j |nU#tt f$rC|jjd|d|jj| d|d YnwxYw|jj| d|Yd} ~ |Sd} ~ wwxYw) NzCouldn't upload new certificate)rUrVrWr-rrz"ARN changed with ACM update, from z to rz Certificate zG exists, and is not tagged. So Ansible will not see it on the next run.zCouldn't tag certificate z, couldn't delete it eitherr) rrYrqr^rrr.warnr) r#rUrVr-rWr\r original_arnrXrs rrTz$ACMServiceManager.import_certificates; '&!2kk6  3d22rsN 1/0U)33$FF=  s AA  A