VhedZdZdZddlZddlmZddlmZddlmZddl m Z dd l m Z dd l mZdd lmZdd lmZ dd lmZddlmZej,dZdZdedeeeffdZdeddfdZdeddfdZdedeeeffdZdedefdZdZ dZ!dZ"dZ#dZ$dZ%dZ&d Z'd!Z(e)d"k(re(yy#e$rY|wxYw)#ao module: route53_zone short_description: add or delete Route 53 zones version_added: 5.0.0 description: - Creates and deletes Route 53 private and public zones. - This module was originally added to C(community.aws) in release 1.0.0. options: zone: description: - "The DNS zone record (eg: foo.com.)" required: true type: str state: description: - Whether or not the zone should exist or not. default: present choices: [ "present", "absent" ] type: str vpc_id: description: - The VPC ID the zone should be a part of (if this is going to be a private zone). type: str vpc_region: description: - The VPC Region the zone should be a part of (if this is going to be a private zone). type: str vpcs: version_added: 5.3.0 description: - The VPCs the zone should be a part of (if this is going to be a private zone). type: list elements: dict suboptions: id: description: - The ID of the VPC. type: str required: true region: description: - The region of the VPC. type: str required: true comment: description: - Comment associated with the zone. default: '' type: str hosted_zone_id: description: - The unique zone identifier you want to delete or "all" if there are many zones with the same domain name. - Required if there are multiple zones identified with the above options. type: str delegation_set_id: description: - The reusable delegation set ID to be associated with the zone. - Note that you can't associate a reusable delegation set with a private hosted zone. type: str dnssec: description: - Enables DNSSEC signing in a specific hosted zone. type: bool default: false version_added: 9.2.0 extends_documentation_fragment: - amazon.aws.common.modules - amazon.aws.region.modules - amazon.aws.tags - amazon.aws.boto3 notes: - Support for O(tags) and O(purge_tags) was added in release 2.1.0. author: - "Christopher Troup (@minichate)" a - name: create a public zone amazon.aws.route53_zone: zone: example.com comment: this is an example - name: delete a public zone amazon.aws.route53_zone: zone: example.com state: absent - name: create a private zone amazon.aws.route53_zone: zone: devel.example.com vpc_id: '{{ myvpc_id }}' vpc_region: us-west-2 comment: developer domain - name: create a private zone with multiple associated VPCs amazon.aws.route53_zone: zone: crossdevel.example.com vpcs: - id: vpc-123456 region: us-west-2 - id: vpc-000001 region: us-west-2 comment: developer cross-vpc domain - name: create a public zone associated with a specific reusable delegation set amazon.aws.route53_zone: zone: example.com comment: reusable delegation set example delegation_set_id: A1BCDEF2GHIJKL - name: create a public zone with tags amazon.aws.route53_zone: zone: example.com comment: this is an example tags: Owner: Ansible Team - name: modify a public zone, removing all previous tags and adding a new one amazon.aws.route53_zone: zone: example.com comment: this is an example tags: Support: Ansible Community purge_tags: true a comment: description: Optional hosted zone comment. returned: when hosted zone exists type: str sample: "Private zone" name: description: Hosted zone name. returned: when hosted zone exists type: str sample: "private.local." private_zone: description: Whether hosted zone is private or public. returned: when hosted zone exists type: bool sample: true vpc_id: description: Id of the first vpc attached to private hosted zone (use vpcs for associating multiple). returned: for private hosted zone type: str sample: "vpc-1d36c84f" vpc_region: description: Region of the first vpc attached to private hosted zone (use vpcs for assocaiting multiple). returned: for private hosted zone type: str sample: "eu-west-1" vpcs: version_added: 5.3.0 description: The list of VPCs attached to the private hosted zone. returned: for private hosted zone type: list elements: dict sample: "[{'id': 'vpc-123456', 'region': 'us-west-2'}]" contains: id: description: ID of the VPC. returned: for private hosted zone type: str sample: "vpc-123456" region: description: Region of the VPC. returned: for private hosted zone type: str sample: "eu-west-2" zone_id: description: Hosted zone id. returned: when hosted zone exists type: str sample: "Z6JQG9820BEFMW" delegation_set_id: description: Id of the associated reusable delegation set. returned: for public hosted zones, if they have been associated with a reusable delegation set type: str sample: "A1BCDEF2GHIJKL" dnssec: description: Information about DNSSEC for a specific hosted zone. returned: when O(state=present) and the hosted zone is public version_added: 9.2.0 type: dict contains: key_signing_key: description: The key-signing key (KSK) that the request creates. returned: when O(state=present) type: list elements: dict contains: name: description: A string used to identify a key-signing key (KSK). type: str kms_arn: description: The Amazon resource name (ARN) used to identify the customer managed key in Key Management Service (KMS). type: str flag: description: An integer that specifies how the key is used. type: int signing_algorithm_mnemonic: description: A string used to represent the signing algorithm. type: str signing_algorithm_type: description: An integer used to represent the signing algorithm. type: int digest_algorithm_mnemonic: description: A string used to represent the delegation signer digest algorithm. type: str digest_algorithm_type: description: An integer used to represent the delegation signer digest algorithm. type: int key_tag: description: An integer used to identify the DNSSEC record for the domain name. type: int digest_value: description: A cryptographic digest of a DNSKEY resource record (RR). type: str public_key: description: The public key, represented as a Base64 encoding. type: str ds_record: description: A string that represents a delegation signer (DS) record. type: str dnskey_record: description: A string that represents a DNSKEY record. type: str status: description: A string that represents the current key-signing key (KSK) status. type: str status_message: description: The status message provided for ACTION_NEEDED or INTERNAL_FAILURE statuses. type: str created_date: description: The date when the key-signing key (KSK) was created. type: str last_modified_date: description: The last time that the key-signing key (KSK) was changed. type: str sample: [{ "created_date": "2024-12-04T15:15:36.715000+00:00", "digest_algorithm_mnemonic": "SHA-256", "digest_algorithm_type": 2, "digest_value": "xxx", "dnskey_record": "xxx", "ds_record": "xxx", "flag": 257, "key_tag": 18948, "kms_arn": "arn:aws:kms:us-east-1:xxx:key/xxx", "last_modified_date": "2024-12-04T15:15:36.715000+00:00", "name": "ansible-test-44230979--ksk", "public_key": "xxxx", "signing_algorithm_mnemonic": "ECDSAP256SHA256", "signing_algorithm_type": 13, "status": "INACTIVE" }] status: description: A dictionary representing the status of DNSSEC. type: dict contains: serve_signature: description: A string that represents the current hosted zone signing status. type: str sample: { "serve_signature": "SIGNING" } tags: description: Tags associated with the zone. returned: when tags are defined type: dict N)Any)Dict)camel_dict_to_snake_dict)is_boto3_error_code)AnsibleAWSModule)AWSRetry)get_tags) manage_tags) BotoCoreError) ClientErrorchtjd}|jjS)Nlist_hosted_zones)client get_paginatorpaginatebuild_full_result) paginators k/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/amazon/aws/plugins/modules/route53_zone.py _list_zonesr+s+$$%89I     1 1 33c t}g}dD]2}|d|k7r |ddr|s |ddr|r"|j |4|S#ttf$r!}tj |dYd}~id}~wwxYw)Nz#Could not list current hosted zonesmsg HostedZonesNameConfig PrivateZone)rr r module fail_json_awsappend)zone_in private_zoneresultsezonesr53zones r find_zonesr'1sK- E=)" 6?g %  H m ,!-0 LL !" L ; 'KQ$IJJKs A A:A55A:hosted_zone_idreturnc tj|S#ttf$r$}tj |d|Yd}~yd}~wwxYw)N HostedZoneIdz/Could not get dnssec details about hosted zone r)r get_dnssecr r rrr(r$s rr-r-CsSh  n == ; 'hQ&UVdUe$fgghA AA zone_idc tj|y#ttf$r$}tj |d|Yd}~yd}~wwxYwNr+zCould not enable DNSSEC for r)renable_hosted_zone_dnssecr r rrr0r$s rr3r3JsNN((g(> ; 'NQ&B7)$LMMNA AA c tj|y#ttf$r$}tj |d|Yd}~yd}~wwxYwr2)rdisable_hosted_zone_dnssecr r rrr4s rr7r7QsNN))w)? ; 'NQ&B7)$LMMNr5c tj|S#ttf$r$}tj |d|Yd}~yd}~wwxYw)NIdz(Could not get details about hosted zone r)rget_hosted_zoner r rrr.s rr;r;XsRa%%%88 ; 'aQ&N~N^$_``ar/c>d}tjjd}t|}|dd}|rD|dk(rtjs t |d}|S|dk(rtj d|d |S|d k(rtjs t|d}|S) NFdnssecStatusServeSignature NOT_SIGNINGTDELETINGzGDNSSEC signing is in the process of being removed for the hosted zone: z.Could not enable it.SIGNING)rparamsgetr- check_moder3warnr7)r0changedr=response dnssec_statuss r ensure_dnssecrJ_sG ]]  x (F'"HX&'78M  M )$$)'2G Nj ( KKYZaYbc''  N I %$$*73G Nrc tjjdj}tjjd}tjjd}tjjdxs |r|r||dgnd}tjjd}tjjd}tjjd}tjjd }|j d s|d z }t |} | |xr|d d |xr|d d ||||dd} | rt || \} } nt|| \} } | jd} | rg| s+| t| z} tt| | d<| dd=|| tttd| ||z} tttd| | d<| | fS|| d<| | fS)Nzonevpc_id vpc_regionvpcsidregioncommentdelegation_set_idtags purge_tags.rrQrR)r"rMrNrOrSnamerTr0r0r=response_metadata hostedzone)rrCrDlowerendswithboolcreate_or_update_privatecreate_or_update_publicrJrr-r rr )matching_zonesr!rMrNrOrSrTrUrVr"recordrGresultr0s rcreatercsmm'--/G ]]  x (F""<0J ==  V $ sSY^h:*N)OnrDmm *G ))*=> ==  V $D""<0J   C 3:L%(474=0tAwx0. F2>6J1.&Ijj#G }W- -G 8 78KLF8 x !45   {66<$PZ[ [G!&&,Hv F?v F?rc |D]<}t|d}|d}|d}d}t|tr(t|ddk(r|dd|dd d k(r}d }nzt |dDcgc]}|d  c}t |Dcgc]}|d c}k(r>t |dDcgc]}|d  c}t |Dcgc]}|d  c}k(rd }|s|dj dd|d<d|dvrB|dd|dk7r4t js tj|d|dd |fcSd|d<d|fcSt js tj|d|d|dndd d|dd d |dd d d|ddtj}d} | dj dd} | |d<t|ddkDr.|dddD]#} tj| |d |d d}%d } | |fScc}wcc}wcc}wcc}w#ttf$r(} t j| d|dYd} ~ %d} ~ wwxYw#ttf$r!} t j| dYd} ~ d} ~ wwxYw#ttf$r!} t j| d Yd} ~ d} ~ wwxYw)!Nr: HostedZoneVPCsFrOVPCVPCIdrrQTrR VPCRegion /hostedzone/r0CommentrrSr:rm)Could not update comment for hosted zone rzThere is already a private hosted zone in the same region with the same VPC(s) you chose. Unable to create a new private hosted zone in the same name space.rrXrmr)rjri-)rHostedZoneConfigrhCallerReferenceCould not create hosted zone)r,rhz4Could not associate additional VPCs with hosted zone)r; isinstancedictlensortedreplacerrErupdate_hosted_zone_commentr r rcreate_hosted_zonetimeassociate_vpc_with_hosted_zone) r`razrb zone_details vpc_detailsmatchingvpcvr$ hosted_zoner0rGs rr^r^sa % 4)l+ Vn  k4 (S-@A-E5!'*fVnQ.?.EEF6N;Ss4y;<\gGhWX' Gh@iint*0.93X9o=A;=>o?   ,T 2 : :>2 NF9 L22|H7Mi7X\bcl\m7m((v99\$=OY_`iYj9kV|#eu f}$;%>    H..F^4:94E4Qvi0WY#'" "(!28!<#F^A.t4$*&>"2!DIIK= A/ F\* d#++NB?#y vf~  "f~ab) h h#BB%,),X%(YCF hG F?qy8I8U6)#4[]',&(.f~&6a }$E ::12>067J0KF,-222 NF9  F? ).66~rJy%f-v&A&E&EdB&O&W&WXikm&n"# F?M&{3r((2[\him\n[o0p(qqr4";/ L$$Q,J$KK Ls1F A=F=F:F55F:=G- G((G-c b|D]}t|d}|d}|d}t|trN|dd|ddk(s>|dd|dd k(sPtjst |dd d |d fcSt |Dcgc]}|d c}t |Dcgc]}|d c}k(st |Dcgc]}|d c}t |Dcgc]}|d  c}k(stjst |dd d |d fcSy cc}wcc}wcc}wcc}w)Nr:rerfrhrirrQrRrjTSuccessfully deleted r)Fz,The VPCs do not match a private hosted zone.)r;rurvrrEdelete_hosted_zonerx)r`rOr~rbrrrrs rdelete_privater-sR L 4)l+ Vn k4 (5!'*d1gdm;Q@QU`afUghsUt@t((&qw/4\&5I4JKKKD1Ss4y12fR]=^Qaj=^6__dj*./3X/e=A;=>e?((&qw/4\&5I4JKKK!L$ A2=^/=s D ! D" D'  D, ct|dkDrd}d}||fStjst|ddd}d|dd}||fS)NrgFzTThere are multiple zones that match. Use hosted_zone_id to specify the correct zone.rr:Tr)rwrrEr)r`rGrs r delete_publicrCsh >Qd C<   ~a06 7%nQ&7&=%>? C<rcR|dk(rGg}|D]5}|j|dtjr(t|d7d}d|}||fS||Dcgc]}|dj ddc}vr&tjs t|d}d|}||fSd}d |d }||fScc}w) Nallr:TzSuccessfully deleted zones: rkrlzSuccessfully deleted zone: Fz7There is no zone to delete that matches hosted_zone_id rW)r rrErry)r(r`deletedr~rGrzos rdelete_hosted_idrOs ,A NN1T7 #$$"1T7+ ,,WI6 C< >ZRBtH,,^R@Z Z  ~ .+N+;< C<GGWWXY C<[sB$c tj|y#td$r$}tj |d|Yd}~yd}~wt t f$r$}tj |d|Yd}~yd}~wwxYw)Nr9HostedZoneNotEmptyz!Could not get delete hosted zone rzCould not delete hosted zone )rrrrrr r r.s rrrcs~V!!^!4 3 4ZQ&GGW$XYY ; 'VQ&CNCS$TUUVs A<AA<A77A<cntjjdj}tjjd}tjjd}tjjdxs |r|r||dgnd}tjjd}|j ds|dz }t |}||Dcgc]}|d c}vr<|rt ||\}} || fS|rt||\}} || fSt|\}} || fSd }d } || fScc}w) NrLrMrNrOrPr(rWrFzNo zone to delete.) rrCrDr[r\r]rrr) r`r!rMrNrOr(r"r~rGrbs rdeleterls4mm'--/G ]]  x (F""<0J ==  V $ sSY^h:*N)OnrD]]&&'78N   C 3:Ln51V955 .~~NOGV F?"0"F F? #0"? F?% F?6s D2cttdtdddgtdtdtdddttdtd  td tttdd g tddtdd }ddgddgddgddgddgg}t||datjj dj }tjj dj }tjj d}tjj d}tjj d}|j ds|dz }t|xs|xr|}tjdtjat||}|dk(rt|\} } n|dk(rt|\} } t trtjd | d| ytj | y)NT)requiredpresentabsent)defaultchoices)rlistrvrP)typerelementsoptionsrl resource_tags)raliasesr])rrF) rLstaterMrNrOrSr(rTrUrVr=rTrMrNrO) argument_specmutually_exclusivesupports_check_moderLrrWroute53)retry_decorator)r`)rGrbr)rvrrrCrDr[r\r]rrjittered_backoffr'rcrru exit_json) rrr!rrMrNrOr"r%rGrbs rmainrs 4 9y(.CDD!% VZH[dhrvdw@x R v& v'8 9VT2/M" h' l+ f%   #- F mm'--/G MM  g & , , .E ]]  x (F""<0J ==  V $D   C 37!6J8L ]]9h6O6O6Q] RF w -E  6 (  6&$BB6B8r__main__)* DOCUMENTATIONEXAMPLESRETURNr|typingrr0ansible.module_utils.common.dict_transformationsrrsDJ X0 dQ f U\XPPS 1/ 44 $hshtCH~hNsNtNNNNaCaDcNa34D0fCL0fA, (V689v zFw   s B==CC