Vh7"dZdZdZddlZddlZddlmZddlmZddlm Z ddlm Z dd lm Z dd lm Z dd lmZdd lmZdd lmZddlmZddlmZGddeZddZd dZdZdZdZdZdZdZdZ d!dZ dZ!dZ"e#dk(re"yy)"aN --- module: ec2_key version_added: 1.0.0 short_description: Create or delete an EC2 key pair description: - Create or delete an EC2 key pair. options: name: description: - Name of the key pair. required: true type: str key_material: description: - Public key material. required: false type: str force: description: - Force overwrite of already existing key pair if key has changed. required: false default: true type: bool state: description: - Create or delete keypair. required: false choices: [ present, absent ] default: 'present' type: str key_type: description: - The type of key pair to create. - Note that ED25519 keys are not supported for Windows instances, EC2 Instance Connect, and EC2 Serial Console. - By default Amazon will create an RSA key. - Mutually exclusive with parameter O(key_material). type: str choices: - rsa - ed25519 version_added: 3.1.0 file_name: description: - Name of the file where the generated private key will be saved. - When provided, the RV(key.private_key) attribute will be removed from the return value. - The file is written out on the 'host' side rather than the 'controller' side. - Ignored when O(state=absent) or O(key_material) is provided. type: path version_added: 6.4.0 notes: - Support for O(tags) and O(purge_tags) was added in release 2.1.0. - For security reasons, this module should be used with B(no_log=true) and (register) functionalities when creating new key pair without providing O(key_material). extends_documentation_fragment: - amazon.aws.common.modules - amazon.aws.region.modules - amazon.aws.tags - amazon.aws.boto3 author: - "Vincent Viallet (@zbal)" - "Prasad Katti (@prasadkatti)" a # Note: These examples do not set authentication details, see the AWS Guide for details. - name: create a new EC2 key pair, returns generated private key # use no_log to avoid private key being displayed into output amazon.aws.ec2_key: name: my_keypair no_log: true register: aws_ec2_key_pair - name: create key pair using provided key_material amazon.aws.ec2_key: name: my_keypair key_material: 'ssh-rsa AAAAxyz...== me@example.com' - name: create key pair using key_material obtained using 'file' lookup plugin amazon.aws.ec2_key: name: my_keypair key_material: "{{ lookup('file', '/path/to/public_key/id_rsa.pub') }}" - name: Create ED25519 key pair and save private key into a file amazon.aws.ec2_key: name: my_keypair key_type: ed25519 file_name: /tmp/aws_ssh_rsa # try creating a key pair with the name of an already existing keypair # but don't overwrite it even if the key is different (force=false) - name: try creating a key pair with name of an already existing keypair amazon.aws.ec2_key: name: my_existing_keypair key_material: 'ssh-rsa AAAAxyz...== me@example.com' force: false - name: remove key pair from AWS by name amazon.aws.ec2_key: name: my_keypair state: absent a changed: description: Whether a keypair was created/deleted. returned: always type: bool sample: true msg: description: Short message describing the action taken. returned: always type: str sample: key pair created key: description: Details of the keypair (this is set to null when state is absent). returned: always type: complex contains: fingerprint: description: Fingerprint of the key. returned: when O(state=present) type: str sample: 'b0:22:49:61:d9:44:9d:0c:7e:ac:8a:32:93:21:6c:e8:fb:59:62:43' name: description: Name of the keypair. returned: when O(state=present) type: str sample: my_keypair id: description: Id of the keypair. returned: when O(state=present) type: str sample: key-123456789abc tags: description: A dictionary representing the tags attached to the key pair. returned: when O(state=present) type: dict sample: '{"my_key": "my value"}' private_key: description: Private key of a newly created keypair. returned: when a new keypair is created by AWS (O(key_material) is not provided) and O(file_name) is not provided. type: str sample: '-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKC... -----END RSA PRIVATE KEY-----' type: description: Type of a newly created keypair. returned: when a new keypair is created by AWS type: str sample: rsa version_added: 3.1.0 N)to_bytes)AnsibleEC2Error)create_key_pair)delete_key_pair)describe_key_pairs)ensure_ec2_tags)import_key_pair)AnsibleAWSModule)boto3_tag_list_to_ansible_dict)boto3_tag_specifications)scrub_none_parametersc eZdZdfd ZxZS) Ec2KeyFailurec@t||||_||_yN)super__init__ original_emessage)selfrr __class__s f/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/amazon/aws/plugins/modules/ec2_key.pyrzEc2KeyFailure.__init__s !$ NN)__name__ __module__ __qualname__r __classcell__)rs@rrrs rrc|t||d}t|} t|fi|}|S#t$r}t |dd}~wwxYw)N)KeyNamePublicKeyMaterialTagSpecificationszerror importing key)rr r rr) ec2_clientname key_materialtag_specparamskeyes r_import_key_pairr*sYH\4Jai jF "6 *F6j3F3 J 6A4556s * A ?Ac|d|d|dt|jdxsg|jd|jdxs|d}|r|d t||}t|S) Nr KeyFingerprint KeyPairIdTags KeyMaterialKeyType)r$ fingerprintidtags private_keytyper4)r get_write_private_keyr )r(key_type file_namedatas rextract_key_datar;syI+,+.swwv/D"Eww}- ".h DT-(4!$ 2  &&rcd}|r/dttjz}t||}|r/t ||}t |||d|dS)z EC2's fingerprints are non-trivial to generate, so push this key to a temporary name and make ec2 calculate the fingerprint for us. http://blog.jbrowne.com/?p=23 https://forums.aws.amazon.com/thread.jspa?messageID=352828 Tzansible-F finish_taskr,)struuiduuid4 find_key_pairr*r) check_moder#r% name_in_use random_nametemp_keys rget_key_fingerprintrGs\K  3tzz|#44 #J <   KFHJ KUK $ %%rc t||g}|sy |dS#t$r}t|dd}~wt$r d}Y|dSwxYw)N)KeyNameszerror finding keypairr)rrr IndexError)r#r$r(r)s rrBrBsa tf= q6M 8A677  q6Ms A .AAc||||d}t|} t|fi|}|S#t$r}t|dd}~wwxYw)N)r r"r0zerror creating key)r rrr)r#r$r&r8r'r(r)s r_create_key_pairrLsY%F #6 *F5j3F3 J 5A3445s ! ; 6;c\ tj|tjtjztjzd}tj ||dj dtj||d=|S#ttf$r}t|dd}~wwxYw)z Write the private key data to the specified file, and remove 'private_key' from the ouput. This ensures we don't expose the key data in logs or task output. ir4zutf-8zKCould not save private key to specified path. Private key is irretrievable.N) osopenO_WRONLYO_CREATO_TRUNCwriteencodecloseIOErrorOSErrorr)key_datar9filer)s rr7r7s nwwy"++ ":RZZ"GO x .55g>?   O W nAlmmnsBB B+ B&&B+c|rddddSt|dg}|rt||||}nt||||}t|||} d| dd} | S)z/ key does not exist, we create new key TNzkey pair createdchangedr(msgkey-pair)r r*rLr;) r#r$r%r8r3r9rCr&r(rXresults rcreate_new_key_pairr`sf5GHH'zl;Hz4xHz48DXy9Hh7I JF Mrc|rddddSt|||}d}d}|d|k7r!t|||dt||||}d}d}t|} || |dS)NTkey pair updatedr[Fkey pair already existsr,r=)rGrr*r;) rCr#r$r(r%r&new_fingerprintr\r]rXs rupdate_key_pair_by_key_materialre*sx5GHH)*j,OOG #C / J%Hz4xH $Hx <r(r_r)s rrrCs  D )C z!$}E M&9:  =  D 1 !$}E M  =#;< < =s : A AAcN|jjd}|jjd}|jjd}|jjd}|jjd}t|dg} |j} |jjd} |r|rt | ||||| } | S|r||dk7rt | |||| | } | Sd } | t |||d || z} t||}t|| }| |d d} | S)Nr%forcer8r3 purge_tagsr^r9r0Fr-)r3rl)r9rcr[) r'r6r rCrergrrBr;)moduler#r$r(r%rkr8r3rlr&rCr9r_r\rXs rhandle_existing_key_pair_updaternWs0==$$^4L MM  g &E}}  ,H ==  V $D""<0J'zl;H""J !!+.I0ZsT`bjk M h#i.0,ZT8U]_hi M ?:vs;7Gd_ijjJ-#C9=$X>WX Mrc ttdtdtddtdddg td d g tddtd ddgtdd}t|ddggd}|jd}|jd}|jj d}|jj d}|jj d}|jj d}|jj d}i} |dk(rt |j ||} n=|dk(r8t||} | rt|||| } nt|||||||j } |jdi| y#t$rX} | jr'|j| j| jn|j| jYd} ~ od} ~ wwxYw)NT)requiredF)no_logbool)r5defaultpresentabsent)rschoicesdict resource_tags)r5aliasesr?rsaed25519)r5rvpath)r5rp)r$r%rkstater3rlr8r9r%r8) argument_specmutually_exclusivesupports_check_modeec2r$r}r3r9)rwr clientr'r6rrCrBrnr`rr fail_json_awsr fail_json exit_json) r~rmr#r$r}r%r8r3r9r_r(r)s rmainrms 4 '-9y(.CD v'8 9VT255)*<=FU3 M#+Z89 F u%J == D MM  g &E==$$^4L}}  ,H ==  V $D !!+.I F( H $V%6%6 DIF i  D1C8TSVW,lHdIvO`O`Fv ( <<  qyy 9   QYY ' (s*AF G8 AG33G8__main__rr)T)$ DOCUMENTATIONEXAMPLESRETURNrNr@ansible.module_utils._textr7ansible_collections.amazon.aws.plugins.module_utils.ec2rrrrirrr ;ansible_collections.amazon.aws.plugins.module_utils.modulesr ;ansible_collections.amazon.aws.plugins.module_utils.taggingr r Bansible_collections.amazon.aws.plugins.module_utils.transformationr Exceptionrr*r;rGrBrLr7r`rergrnrrrrrrs@ D& P1 f /SSjVSSXf`dI '$&"    $ =M(,1h zFr