Vhs bddlZddlmZ ddlmZddlmZddlmZddlm Z ddlm Z ddlm Z dd lm Z d d l mZd d lmZd d lmZd dlmZd dlmZd dlmZd dlmZd dlmZd dlmZd dlmZd dlmZd dlmZd dlmZd dlmZd dlmZd dlmZd dlmZd dlm Z d dlm!Z!d dlm"Z"d dlm#Z#d d lm$Z$d d!lm%Z%d d"lm&Z&d d#l'm(Z(d d$l)m*Z*d d%l+m,Z,d d&l+m-Z-d d'l.m/Z/d d(l0m1Z1d)e e2efd*e e2d+e e2fd,Z3d-e e2efd+e e2effd.Z4d-e e2efd+e e2effd/Z5d-e e2efd+e e2effd0Z6d1e e e2efd+e e e2effd2Z7d1e e e2e2fd+e e e2e2ffd3Z8Gd4d5Z9Gd6d7e9Z:Gd8d9e9Z;d:e e2efd;e e2efd+e e e2effd<Ze e e2efd+e e e e2efe e e2efe e e2efffd?Z=d@e(dAe e e e2efd+e e e2effdBZ>GdCdDZ?GdEdFZ@dGe e e2efdHe e2efd+eAfdIZBdJe e e2efdKe e e2efd+eAfdLZCdMe e2efdNe e2efd+e e2effdOZDdPe e e2efdQe e e2efd+e e e e2efe e e2efe e e2efe e2ffdRZEGdSdTZFGdUdVZGy#e$rYwxYw)WN)deepcopy) BotoCoreError) ClientError)Any)Dict)List)Optional)Tuple)%get_ec2_security_group_ids_from_names)AnsibleELBv2Error)add_listener_certificates)add_tags)convert_tg_name_to_arn)create_listener)create_load_balancer) create_rule)delete_listener)delete_load_balancer) delete_rule)describe_listeners)!describe_load_balancer_attributes)describe_rules) describe_tags)get_elb)modify_listener)modify_load_balancer_attributes) modify_rule) remove_tags)set_ip_address_type)set_rule_priorities)set_security_groups) set_subnets)AnsibleAWSModule)AWSRetry)ansible_dict_to_boto3_tag_list)boto3_tag_list_to_ansible_dict)scrub_none_parameters) get_waiterconfig parent_arnreturnc"t|}|jdddi}|ddik7ry|jdg}|ryt|dkDry|s|S|d}|jdd|jdd}|ry|s|sy|s|S|s|S||k7ry|S) NTargetGroupStickinessConfigEnabledF TargetGroupsr rWeightTargetGroupArn)rpoplen)r*r+ stickiness target_groups target_grouptarget_group_arns i/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/amazon/aws/plugins/module_utils/elbv2.py_simple_forward_config_arnr:5s f F9Iu;MNJi''JJ~r2M =A  #LXt$#''(8$?    %% actionc|jdddk7r|Sd|vr|S|jdd}t|d|}|s|S|j}|d=||d<|S)zx Drops a redundant ForwardConfig where TargetGroupARN has already been set. (So we can perform comparisons) Typeforward ForwardConfigr2N)getr:copy)r<r+arn newActions r9_prune_ForwardConfigrFesy zz&"* f$ ,d3J $VO%authenticate-oidcAuthenticateOidcConfigScopeFopenidSessionTimeouti: UseExistingClientSecret ClientSecretOnUnauthenticatedRequest authenticateSessionCookieNameAWSELBAuthSessionCookie)rBr3r<s r9 _prune_secretrT}s f~,, * + / / ?4<'(1 * + / /0@% H=C'()9: &'++,EuM'(,,^TB * + / /0JE RGU'()CD * + / /0CU K@Y'()<= Mr;c*|ddk7r|Sd|dd<|S)Nr>rHTrIrMrSs r9#_append_use_existing_client_secretnrWs* f~,, BFF #$%>? Mr;actionsct|dS)Nc&|jddS)NOrderrrBxs r9z_sort_actions..sw):r;keysortedrXs r9 _sort_actionsres ': ;;r;ct|dS)Nc|jd|jd|jd|jd|jdfS)NrIFixedResponseConfigRedirectConfigr2r>r\r]s r9r_z(_sort_listener_actions..sH EE* + EE' ( EE" # EE" # EE&M  r;r`rbrds r9_sort_listener_actionsrjs    r;ceZdZdededdfdZdededdfdZdeddfd Zdeddfd Z de eeffd Z de efd Z dd Zde eeffdZdeeddfdZddZddZdefdZddZddZddZde eeffdZddZy)ElasticLoadBalancerV2 connectionmoduler,Nc||_||_d|_d|_|jj d|_|jj d|_||jj d|_|jj d|_ |jj d|_ |jj d|_ |jj d|_ |jj d *t|jj d |_nd|_|jj d |_t!|||j|_i|_|j"G|j'|_|j)|_ |j+|j"d <|j,|_|j.|_|j0|_|j2|_|j4|_|j|_y) NFschemenamesubnet_mappingssubnetsdeletion_protectionip_address_typewaittags purge_tags)rmrnchangednew_load_balancerparamsrBrprqrrrsrtelb_ip_addr_typervr&rwrxrelbelb_attributesget_elb_attributesget_elb_ip_address_type get_elb_tags check_mode exit_json fail_json fail_json_awsfail_json_aws_errorselfrmrns r9__init__zElasticLoadBalancerV2.__init__s$  !&mm''1 MM%%f-  %}}001BC}}((3 #)==#4#45J#K & 1 12C DMM%%f- ==  V $ 06v}}7H7H7PQDIDI --++L9:vtyy9  88 "&"9"9";D $($@$@$BD !#002DHHV  ++))))#11#)#=#= mm r;elb_arnip_typec|jsyddd}||vry t|j|j|}|j|gy#tt f$r%}|j j|Yd}~yd}~wwxYw) Wait for load balancer to reach 'active' status :param elb_arn: The load balancer ARN :return: N"load_balancer_ip_address_type_ipv4'load_balancer_ip_address_type_dualstack)ipv4 dualstackLoadBalancerArns)rvr)rmrBrrrnr)rrr waiter_nameswaiteres r9wait_for_ip_typez&ElasticLoadBalancerV2.wait_for_ip_typesyy 9B  , &  )1A1A'1JKF KK'K 3{+ ) KK % %a ( ( )s8AB!BBc|jsy t|jd}|j|gy#ttf$r%}|j j |Yd}~yd}~wwxYw)rNload_balancer_availablerrvr)rmrrrnrrrrrs r9wait_for_statusz%ElasticLoadBalancerV2.wait_for_statuss^yy  )1JKF KK'K 3{+ ) KK % %a ( ( )s)9A-A((A-c|jr+ t|jd}|j|gyy#ttf$r%}|j j |Yd}~yd}~wwxYw)rload_balancers_deletedrNrrs r9wait_for_deletionz'ElasticLoadBalancerV2.wait_for_deletionsb 99 -#DOO5MN gY 7 ";/ - ))!,, -s)9A-A((A-ctt|j|jd}t d|j DS)z@ Get load balancer attributes :return: LoadBalancerArnc3JK|]\}}|jdd|fyw)._N)replace).0kvs r9 z;ElasticLoadBalancerV2.get_elb_attributes..s$PAQYYsC(!,Ps!#)r'rrmr}dictitems)rr~s r9rz(ElasticLoadBalancerV2.get_elb_attributes sB8 -dootxxHY?Z [  P9M9M9OPPPr;c:|jjddS)zh Retrieve load balancer ip address type using describe_load_balancers :return: IpAddressTypeN)r}rBrs r9rz-ElasticLoadBalancerV2.get_elb_ip_address_typesxx||OT22r;c.|j|_y)zF Update the elb_attributes parameter :return: N)rr~rs r9update_elb_attributesz+ElasticLoadBalancerV2.update_elb_attributes!s #557r;c t|j|jdgdd}|S#t$r&}|jj |Yd}~Sd}~wwxYw)z: Get load balancer tags :return: r) resource_arnsrTagsN)rrmr}r rnr)relb_tagsrs r9rz"ElasticLoadBalancerV2.get_elb_tags(sc )$T__TXXN_E`DabcdeflmH! ) KK % %a ( ( )s+/ AAAtags_to_deletec t|j|jdg||_y#t$r%}|j j |Yd}~yd}~wwxYw)z3 Delete elb tags :return: rN)rrmr}ryr rnr)rrrs r9 delete_tagsz!ElasticLoadBalancerV2.delete_tags5sN )&tBS9T8UWefDL  ) KK % %a ( ( )s*- AAAc t|j|jdg|j|_y#t $r%}|j j|Yd}~yd}~wwxYw)z3 Modify elb tags :return: rN)rrmr}rwryr rnrrrs r9 modify_tagsz!ElasticLoadBalancerV2.modify_tagsAsT )#DOOdhh?P6Q5RTXT]T]^DL  ) KK % %a ( ( )s47 A%A  A%c t|j|jd|_|jr|j|jdyy#t$r%}|j j |Yd}~Ud}~wwxYw)z- Delete elb :return: rN)rrmr}ryr rnrrrs r9deletezElasticLoadBalancerV2.deleteMsp  )/J[A\]DL <<  " "488,=#> ? ! ) KK % %a ( ( )s(A BA??Bcg}g}|j$|jD]}|jd|i|j |j}|jdD]?}d|di}|j dgD]}d|vs|d|d<n|j|At d|Dt d|Dk(S)zy Compare user subnets with current ELB subnets :return: bool True if they match otherwise False SubnetIdAvailabilityZonesLoadBalancerAddresses AllocationIdc3NK|]}t|jywN frozensetrrmappings r9rz8ElasticLoadBalancerV2.compare_subnets..ysT'9W]]_-T#%c3NK|]}t|jywrrrs r9rz8ElasticLoadBalancerV2.compare_subnets..ys"\ +2Igmmo &\ r)rsappendrrr}rBset)rsubnet_mapping_id_listrrsubnet this_mappingaddresss r9compare_subnetsz%ElasticLoadBalancerV2.compare_subnetsZs"$ << #,, =&& F';< =    +"22Ohh23 8F&z(:;L!::&=rB !W,3:>3JL0  # ) ), 7 8T=STTX[\ 6E\ Y   r;cpt|j|jd|jd|_y)zP Modify elb subnets to match module parameters :return: r)SubnetsTN)r#rmr}rsryrs r9modify_subnetsz$ElasticLoadBalancerV2.modify_subnets}s) DOOTXX.?%@$,,W r;ct|j|j|jjj d|_|j |j d<y)z: Update the elb from AWS :return: rqrwN)rrmrnr{rBr}rrs r9updatezElasticLoadBalancerV2.updatesI 4??DKK9K9K9O9OPV9WX,,.r;c|y|j|k(ryt|j|jd|d|_|j |jd|y)z= Modify ELB ip address type :return: NrT)r|r rmr}ryr)r ip_addr_types r9modify_ip_address_typez,ElasticLoadBalancerV2.modify_ip_address_typesY     L 0 DOOTXX6G-H,W  dhh'89<Hr;c.t}|j|d<|j|d<|j|j|d<|j|j|d<|j |j |d<|j r|j |d<|S)NNamer>rrSubnetMappingsr)rrqtyper|rsrrrw)rr{s r9_elb_create_paramsz(ElasticLoadBalancerV2._elb_create_paramssvv  ,&*&;&;F? # << # $ F9     +'+';';F# $ 99!YYF6N r;c|j}|jd}t|j|fi|d|_d|_d|_|j|jdy)z9 Create a load balancer :return: rrTrN)rr3rrmr}ryrzr)rr{rqs r9 create_elbz ElasticLoadBalancerV2.create_elbsc ((*zz&!'HHK !% TXX&789r;r,N)__name__ __module__ __qualname__rr$rstrrrrrrr rrrrrrrboolrrrrrrrVr;r9rlrls $3 $0@ $T $D))c)d)0)s)t)" - - - QDcN Q3#38 d38n  )$s) ) ) ) @! ! F/ IDcN( :r;rlcreZdZdedededdffd Zdeeefffd Zde fdZ d d Z de fd Z d d Z xZS) ApplicationLoadBalancerrmconnection_ec2rnr,Nct|||||_d|_|jj dO t jt|jj d|j|_ n |jj d|_ |jj d|_|jj d|_|jj d|_|jj d|_|jj d |_|jj d |_|jj d |_|jj d |_|jj d |_|jj d|_|j8&|j8ddk7r|jdyyy#t$r9}|jt|tjYd}~d}~wtt f$r}|j#|Yd}~d}~wwxYw)\ :param connection: boto3 connection :param module: Ansible module applicationsecurity_groupsN)msg exceptionaccess_logs_enabledaccess_logs_s3_bucketaccess_logs_s3_prefix idle_timeouthttp2http_desync_mitigation_modehttp_drop_invalid_header_fields(http_x_amzn_tls_version_and_cipher_suitehttp_xff_client_port waf_fail_openr>zfThe load balancer type you are trying to manage is not application. Try elb_network_lb module instead.r)superrrrr{rBr%jittered_backoffr r ValueErrorrr traceback format_excrrrrrrrrrrrrrr})rrmrrnr __class__s r9rz ApplicationLoadBalancer.__init__s  V,," ==  . / ; &'i'Bx'@'@'BCh'iMM%%&78$:M:M($$*==#4#45F#GD #)==#4#45J#K %+]]%6%67N%O"%+]]%6%67N%O""MM--n=]]&&w/ +1==+<+<=Z+[(/5}}/@/@Ab/c,8> 8I8IJt8u5$*MM$5$56L$M!#]]..? 88 DHHV$4 $E NN|  %F # M3q6Y5I5I5KLL!;/ &""1%% &s$A H J&.IJ,JJcxt|}|j|j|d<|j|d<|S)NSecurityGroupsScheme)rrrrprr{rs r9rz*ApplicationLoadBalancer._elb_create_paramss@+-    +'+';';F# $;;x r;c g}|jht|jj|jdk7r5|j dt|jjd|j :|j |jdk7r|j d|j d|j :|j |jdk7r|j d|j d|jht|jj|jdk7r5|j d t|jjd|jLt|j|jd k7r'|j d t|jd|jht|jj|jd k7r5|j d t|jjd|jht|jj|jdk7r5|j dt|jjd|jht|jj|jdk7r5|j dt|jjd|jht|jj|jdk7r5|j dt|jjd|jht|jj|jdk7r5|j dt|jjd|jht|jj|jdk7r5|j dt|jjd| S)z~ Compare user attributes with current ELB attributes :return: bool True if they match otherwise False access_logs_s3_enabledaccess_logs.s3.enabledKeyValueraccess_logs.s3.bucketraccess_logs.s3.prefixdeletion_protection_enableddeletion_protection.enabledidle_timeout_timeout_secondsidle_timeout.timeout_secondsrouting_http2_enabledrouting.http2.enabled#routing_http_desync_mitigation_mode#routing.http.desync_mitigation_mode/routing_http_drop_invalid_header_fields_enabled/routing.http.drop_invalid_header_fields.enabled8routing_http_x_amzn_tls_version_and_cipher_suite_enabled8routing.http.x_amzn_tls_version_and_cipher_suite.enabled$routing_http_xff_client_port_enabled$routing.http.xff_client_port.enabledwaf_fail_open_enabledwaf.fail_open.enabled)rrlowerr~rrrrtrrrrrrr)rupdate_attributess r9compare_elb_attributesz.ApplicationLoadBalancer.compare_elb_attributess   $ $ 0D,,-3359L9LMe9ff  $ $-EPSTXTlTlPmPsPsPu%v w  & & 2**d.A.ABY.ZZ  $ $-DtOiOi%j k  & & 2**d.A.ABY.ZZ  $ $-DtOiOi%j k  $ $ 0D,,-3359L9LMj9kk  $ $5DD\D\@]@c@c@ef     )D%%&$*=*=>\*]]  $ $-KVYZ^ZkZkVl%m n :: !c$**o&;&;&=ATATUlAm&m  $ $-DsSWS]S]OdOdOf%g h  , , 8D445;;=""#HIJ  $ $=DLlLlHmHsHsHuv   0 0 <D889??A""#TUV  $ $L !E!EFLLN   9 9 EDAABHHJ""#]^_  $ $U !N!NOUUW   % % 1D--.446$:M:MNt:uu  $ $>TMfMfIgImImIop     *D&&'--/43F3FG^3__  $ $-DsSWSeSeOfOlOlOn%o p$$$r;c g}|jht|jj|jdk7r5|j dt|jjd|j :|j |jdk7r|j d|j d|j :|j |jdk7r|j d|j d|jht|jj|jd k7r5|j d t|jjd|jLt|j|jd k7r'|j d t|jd|jht|jj|jd k7r5|j dt|jjd|jht|jj|jdk7r5|j dt|jjd|jht|jj|jdk7r5|j dt|jjd|jht|jj|jdk7r5|j dt|jjd|jht|jj|jdk7r5|j dt|jjd|jht|jj|jdk7r5|j dt|jjd|r- t|j |j"d|d|_yy#t&$rJ}|j(r#t+|j |j"d|j-|Yd}~yd}~wwxYw)zQ Update Application ELB attributes if required :return: Nrrrrr rr r r rrrrrrrrrrrrrrrT)rrrr~rrrrtrrrrrrrrrmr}ryr rzrrrrrs r9modify_elb_attributesz-ApplicationLoadBalancer.modify_elb_attributesBsT  $ $ 0D,,-3359L9LMe9ff  $ $-EPSTXTlTlPmPsPsPu%v w  & & 2**d.A.ABY.ZZ  $ $-DtOiOi%j k  & & 2**d.A.ABY.ZZ  $ $-DtOiOi%j k  $ $ 0D,,-3359L9LMj9kk  $ $5DD\D\@]@c@c@ef     )D%%&$*=*=>\*]]  $ $-KVYZ^ZkZkVl%m n :: !c$**o&;&;&=ATATUlAm&m  $ $-DsSWS]S]OdOdOf%g h  , , 8D445;;=""#HIJ  $ $=DLlLlHmHsHsHuv   0 0 <D889??A""#TUV  $ $L !E!EFLLN   9 9 EDAABHHJ""#]^_  $ $U !N!NOUUW   % % 1D--.446$:M:MNt:uu  $ $>TMfMfIgImImIop     *D&&'--/43F3FG^3__  $ $-DsSWSeSeOfOlOlOn%o p  &/J[A\^op#  % &))($((CT:UV""1%%  &s +R77 T ATT cbt|jdt|jk7ryy)z Compare user security groups with current ELB security groups :return: bool True if they match otherwise False rFT)rr}rrs r9compare_security_groupsz/ApplicationLoadBalancer.compare_security_groupss, txx() *c$2F2F.G Gr;cnt|j|jd|jd|_y)zX Modify elb security groups to match module parameters :return: rTN)r"rmr}rryrs r9modify_security_groupsz.ApplicationLoadBalancer.modify_security_groupss+ DOOTXX6G-H$J^J^_ r;r)rrrrr$rrrrrrr!r#r% __classcell__rs@r9rrsb%3%%EU%Z^%NDcNO%O%bY&v  r;rcXeZdZdedededdffd Zdeeefffd Zd dZ d Z xZ S) NetworkLoadBalancerrmrrnr,Nct|||||_d|_|jj d|_|j&|jddk7r|jdyyy)rnetworkcross_zone_load_balancingNr>zfThe load balancer type you are trying to manage is not network. Try elb_application_lb module instead.r) rrrrr{rBr,r}r)rrmrrnrs r9rzNetworkLoadBalancer.__init__st V,, )/):):;V)W& 88 DHHV$4 $A NN|  %B r;cBt|}|j|d<|S)Nr)rrrprs r9rz&NetworkLoadBalancer._elb_create_paramss#+-;;x r;cg}|jht|jj|jdk7r5|j dt|jjd|j ht|j j|jdk7r5|j dt|j jd|r- t |j|jd|d|_ yy#t$rK}|jr$t|j|jd |j|Yd}~yd}~wwxYw) zM Update Network ELB attributes if required :return: N!load_balancing_cross_zone_enabledz!load_balancing.cross_zone.enabledrr r rT)r)r,rrr~rrtrrmr}ryr rzrrr s r9r!z)NetworkLoadBalancer.modify_elb_attributess?  * * 6D22399;t?R?RSv?ww  $ $;c$JhJhFiFoFoFqr   $ $ 0D,,-3359L9LMj9kk  $ $5DD\D\@]@c@c@ef   &/J[A\^op#  % &))($((SdJef""1%%  &s.+D E/$AE**E/c(|jdy)zf Modify elb subnets to match module parameters (unsupported for NLB) :return: zLModifying subnets and elastic IPs is not supported for Network Load BalancerrN)rrs r9rz"NetworkLoadBalancer.modify_subnetss ijr;r) rrrrr$rrrrr!rr&r's@r9r)r)sF3EUZ^&DcN &Dkr;r)current_listener new_listenerci}|d}|d}||k7r||d<|dvr|jd}|jd}|rt| |xr||k7fr||d<|jd}|jd}|r/t| |xr|dd|ddk7frd|ddig|d<|jd} |jd} | rD| r=t| t| k(r&td| D} | t| k7r | |d<n| |d<|jd } | r8|d k(r3|jd } |dd k7s|dd k(r| r | d| dk7r| |d <|S) a Compare two listeners. We do not check the port as the function is expecting that the two listeners are passed with the same port value. :param current_listener: The current listener attributes as stored into AWS :param new_listener: The listener as defined into module parameters :return: A dict containing the resulting update to perform on the current listener Protocol)HTTPSTLS SslPolicy CertificatesrCertificateArnDefaultActionsc3xK|],}|jDcic] \}}|dvr||c}}.ycc}}ww))rIrhrir2r>N)r)rr^rrs r9rz$_compare_listener..'sL< !" 1tuqD<s :4: AlpnPolicyr6)rBanyr4rj)r1r2modified_listenercurrent_protocol new_protocolcurrent_ssl_policynew_ssl_policynew_certificatescurrent_certificatescurrent_default_actionsnew_default_actionscurrent_actions_sortednew_alpn_policycurrent_alpn_policys r9_compare_listenerrJs( 3 +L<'(4*%''-11+>%))+6 c# #%7%`.Xs- s;1hXfEUAVZjkqZrArQ ss'' ListenerArnrO)rOrT)rnext enumeraterr3rJr) rKrLlisteners_to_modifylisteners_to_deletelisteners_to_addidx m_listenerr>r1s @r9_group_listenersr\Cs ..: s),<"= suw  "9  & &'7 'F G %))#. -.> K   $ $.>v.FWghuWv%w x  & &'8 9: 02E EEr;rn listenerscg}|s|Si}|D]s}t|}t|d}d|vr |dg|d<|dD]3}|jdd}|s||vrt|||||<|||d<5|j |u|S)NF)descend_into_listsr<r:TargetGroupNamer2)rr(r3rr) rmrnr]updated_listenerstarget_group_mappingitemrRr<tg_names r9_prepare_listenersreis   +D>(eL 8 #&.|&<%=H\ "/0 IFjj!2D9G"664J:W]_f4g(1+?+H'(  I   *+ r;ceZdZdedededdfdZd dZdede efd Z de e e eefe e eefe e eefffd Zy) ELBListenersrmrnrr,Nc||_||_||_t|||jj d|_|j|jj d|_d|_ y)Nr]purge_listenersF) rmrnrrer{rBr]rriry)rrmrnrs r9rzELBListeners.__init__s_$  +J @Q@QR]@^_ %}}001BC r;cPt|j|j|_y)zD Update the listeners for the ELB :return: )load_balancer_arnN)rrmrrKrs r9rzELBListeners.updates "4DOOW[WcWc!dr; listener_portcLd}|jD]}|d|k(s |d}|S|S)NrOrT)rK)rrl listener_arnrRs r9#get_listener_arn_from_listener_portz0ELBListeners.get_listener_arn_from_listener_portsD .. H=0' 6   r;ct|j|j\}}}||zD]}|jdd|jr|ng}|||fS)zThis function call the _group_listeners method and update the listeners to delete depending on the value set on `purge_listeners` parameter. RulesN)r\rKr]r3ri)rrYrWrXrRs r9compare_listenerszELBListeners.compare_listenerssqFV  " "DNNF B-/B )+>> (H LL$ ' (6:5I5I1r!46IIIr;r)rrrrr$rrrrPr ror rrrrrVr;r9rgrgs30@3SWeRU J5d38n)=tDcN?SUYZ^_bdg_gZhUi)i#j Jr;rgc VeZdZdededeeefdeddf dZdefdZd d Z d d Z d d Z y) ELBListenerrmrnrRrr,Nc<||_||_||_||_y)zm :param connection: :param module: :param listener: :param elb_arn: N)rmrnrRr)rrmrnrRrs r9rzELBListener.__init__s %    r;cdt|j|jfi|jddS)NrrT)rrmrrRrs r9rzELBListener.create_listeners+t N NqQR_``r;c|jjdg}gg}}t|dkDr|d|dd}}|g|jd<|j}|D]}t |j ||gy)Nr8rr )rn certificates)rRrBr4rrrm)rlistener_certificatesfirst_certificate other_certsrncerts r9addzELBListener.adds $ 1 1." E)+R; $ % )-B1-EG\]^]_G`{ ->,?DMM. )++-  gD %dooL`d_e f gr;c~|jjd}t|jfd|i|jy)NrTrn)rRr3rrm)rrns r9modifyzELBListener.modifys0}}((7 TlTdmmTr;cDt|j|jyr)rrmrRrs r9rzELBListener.deletes7r;r) rrrrr$rrrrr}rrrVr;r9rtrtsW 3 0@ DQTVYQYN eh mq aa gU8r;rtcurrent_conditions conditioncd}d}t|}|D]}||vst||d||d< d|vrt|d|d<|D]|}|d|dk7r|jdr1|jdr t|dd|ddk(sMd}|S|jdr2t|dd|ddk(s~|dd|ddk(sd}|S|jd r t|d d|d dk(sd}|S|jd r2|jd r!t|d d|d dk(sd}|S|jd r|d d|d dk(s-d}|S|jd r!t|d d|d dk(s_d}|St|d|dk(szd}|S|S) aThis function checks if the condition is part of the list of current condition Parameters: current_conditions: The list of conditions condition: The condition we are trying to find into the list Returns: True if the condition is part of the list, False if not. F)HostHeaderConfigHttpHeaderConfigHttpRequestMethodConfigSourceIpConfigPathPatternConfigValuesFieldrTrHttpHeaderNamerrQueryStringConfigr)rrcrB)rrcondition_found compare_keys s_conditionracurrent_conditions r9_check_rule_conditionrsOL9%KL + )/ C0@0J)KK X &L; &{8'< = H/. W %W)= =   !3 4I[9\'(:;HEF+VhJijrJss"&L K " "#5 6();P#QM!$4#Q #Q-G H  # H)EM$%QM "j#Q HMsBB ,B%B* current_rulenew_ruleci}t|dt|dk7r|d|d<t|d|d}|s|d|d<|dDcgc]}t|d|r|}}|r||d<|Scc}w)a&This function compares rule_a with rule_b and returns differences between the two rules as a dictionnary Parameters: current_rule: The current listener rule stored in AWS. new_rule: The new listener rule. Returns: A dictionnary containing the modified attributes. PriorityActions Conditions)rPrr)rr modified_rule actions_matchcmodified_conditionss r9 _compare_rulerDsM < #$HZ,@(AA$,Z$8 j!*,y*A8ICVWM #+I#6 i L)1F|T`Gacd1e&9 l#  s A/ A/ current_rulesrulescg}g}t|}g}t|}g}|r|jd}|jddr&d} |D]} t|| } | s|j | d} na| s)t | j dgk(sGt| d| d<|d| d<|j| d} |j | n| r|j||r|D]}d} |D]} |dt| dk(sd} |j | t|| } | r|t|d| d<|d| d<| d| d<| d| d<| jdgD]-} | jd ijd ds&d| d d </|j| n| r|jddr|j|d||||fS) a%This function compares listener rules from AWS with module provided listener rules and a matrix with the following: - Rules to add: a rule is added when it is part of the module parameters and not currently stored on AWS - Rules to set priority: Any rule with unchanged attributes but with a different priority value - Rules to modify: Any rule on which one the following attribute has changed 'Actions', 'Conditions' - Rules to delete: Any rule currently stored on AWS and not defined in module parameters. Parameters: current_rules: The current listener rules stored in AWS. rules: The new listener rules. Returns: A tuple with a list of rules to add, a list of rules to set priority, a list of rules to modify and a list of rules to delete r IsDefaultFTrRuleArnrrrIrNrM) rr3rBrremovelistkeysrPrr)rrrules_to_modifyrules_to_delete rules_to_addrules_to_set_priority_current_rulesremaining_rulesrto_keeprrcurrent_rule_passed_to_moduler<s r9 _group_rulesresB$OOE?Lm,NO %))!,   K / $ H),AM ##H-m&8&8&:!; |!K,/0D,E j)+7 +B i(%,,];##H-! "   " "< 01 4(< (-%$ HJ'3x /C+DD04-##H- -lH E  03L4L0MM*-/;I/FM),/7 /BM),2:<2HM,/"/"3"3Ir"B`!::&>CGGX]^Z_F#;<=VW`$**=9! &-\5E5EkSX5Y  " "< #: ;-<0 . PPr;c eZdZdededeedeeeefddf dZ deeeefdeeeeffd Z de eeeefeeeefeeeefeeffd Z y) ELBListenerRulesrmrnrnlistener_rulesr,Nc||_||_|j||_d|_||_t |j||_y)NF)rT)rmrn_ensure_rules_action_has_arnrryrnrr)rrmrnrnrs r9rzELBListenerRules.__init__sF% 66~F  (+DOOVr;rcg}|D]c}g}|dD]A}d|vr*t|j|j|d|d<|d=|j|C||d<|j|e|S)aI If a rule Action has been passed with a Target Group Name instead of ARN, lookup the ARN and replace the name. :param rules: a list of rule dicts :return: the same list of dicts ensuring that each rule Actions dict has TargetGroupArn key. If a TargetGroupName key exists, it is removed. rr`r2)rrmrnr)rr fixed_rulesrule fixed_actionsr<s r9rz-ELBListenerRules._ensure_rules_action_has_arns  %DMy/ -$./Ef=N6O0F+,01$$V,  -,DO   t $ %r;c>t|j|j\}}}}|D]d}|jdgD]-}|jdijdds&d|dd</|j|d<t |d|d<f|D]}|d=||||fS)a-This function creates the rule matrix (to add, to set priority, to modify, to delete) and prepare them to be ready for AWS API call. Returns: A tuple with a list of rules to add, a list of rules to set priority, a list of rules to modify and a list of rules to delete rrIrMFrTr)rrrrBrnrP)rrrrrrr<s r9 compare_ruleszELBListenerRules.compare_rulessQ]    Q M +_o! 5D((9b1 X::6;??@Y[`aRWF345NO X#'"3"3D "4 #34D   5$ !DZ  !2O_TTr;) rrrrr$r rrrrrr rrVr;r9rrs W W! Wsm W T#s(^, W  W$tCH~2F4PTUXZ]U]P^K_0U tDcN#T$sCx.%94S#X;OQUVYQZZ [Ur;rc eZdZddZdeeefddfdZdeeefddfdZdeddfdZ d e eeefddfd Z d e eeefd e eeefd e eeefde ede f dZ y)ELBListenerRuler,Nc ||_||_yr)rmrnrs r9rzELBListenerRule.__init__s$ r;rc|jd}|jd}|jd}|jd}|jdd}t|j|||||y)z: Create a listener rule :return: rTrrrrN)rn conditionsrXrwpriority)r3rrm)rrrnrrrXrws r9createzELBListenerRule.createsj xx . XXl+ 88J'((9%xx% OO%!  r;cV|jd}t|jfd|i|y)z: Modify a listener rule :return: rrule_arnN)r3rrm)rrrs r9rzELBListenerRule.modifys( 88I&DOO?h?$?r;rc0t|j|y)z: Delete a listener rule :return: N)rrm)rrs r9rzELBListenerRule.deletes DOOX.r;rc ht|j|Dcgc] }|d|ddc}ycc}w)zO Sets the priorities of the specified rules. :return: rr)rrN)r!rm)rrrs r9r!z#ELBListenerRule.set_rule_priorities%s3  OOejk]a$y/tJGWXk ks/ rules_to_createrrrcd}|r|j|d}|jjdr|D]}|j|d}|D]}|j |d}|D]}|j |d}|S)NFT purge_rules)r!rnr{rrr)rrrrrryrDrs r9 process_ruleszELBListenerRule.process_rules/s  $ $%: ;G ;;  m ,&  C  $ D KK G $ D KK G r;r)rrrrrrrrrrrr!rrrVr;r9rrs 4S> d (@4S>@d@/s/t/ d38n)= $ d38n- $DcN3d38n-  c   r;r)HrrCrbotocore.exceptionsrr ImportErrortypingrrrr r ec2r elb_utilsr rrrrrrrrrrrrrrrrrrr r!r"r#modulesr$retriesr%taggingr&r'transformationr(waitersr)rr:rFrTrWrerjrlrr)rJr\rergrtrrrrrrrrVr;r9rs  1/6(0-&+"&+")8%$&6""***"%331,tCH~,8C=,U]^aUb,`c3hDcN0$sCx.T#s(^0S#X4S><4S#X/>R5S $sCx.<'J'JT$8$8NKd4S>.BKtTWY\T\~KbfK\4S#X+?dSWX[]`X`SaNbgk<S#X$sCx.TRUWZRZ^BMQS#X'MQ04T#s(^0DMQ 4S#X d38n!5tDcN7KTRUY VWMQ`CUCULII_'  s J%%J.-J.