Vh dZdZdZddlZddlZddlmZddlmZddlmZ ddl Z ddl m Z dd l mZdd lmZdd lmZdd lmZdd lmZddlmZddlmZddlmZddlmZddlmZddlmZddlm Z dede!dee"e#ffdZ$dede!dee"e#ffdZ%dede!dee"e#ffdZ&dede!dee"e#ffdZ'dede!dee"e#ffdZ(dede!dee"e#ffdZ)dede!dee"e#ffdZ*dede!dee"e#ffdZ+dede!de#fd Z,dede!dee"e"ffd!Z-dede!dee"e#ffd"Z.dede!dee"e#ffd#Z/defd$Z0d%e!de"fd&Z1ejdd'(djd%e!d)e!d*e"de"fd+Z3ejdd'd,d-g.d/Z4ejdd'd,d-g.d0Z5ejdd'd,d-g.d1Z6ejdd'd,d-g.d2Z7ejdd'd,d-g.de"fd3Z8ejdd'd,d-g.d%e!d4e#ddfd5Z9ejdd'd,d-g.d%e!d6e#fd7Z:ejdd'd,d-g.d%e!d8e!ddfd9Z;ejdd'd,d-g.d%e!d:e#fd;Z<ejdd'd,d-g.d%e!fd<Z=ejdd'd,d-g.d%e!de!fd=Z>ejdd'd,d-g.d%e!d>e!fd?Z?ejdd'd,d-g.d%e!de!fd@Z@ejdd'd,d-g.d%e!de#fdAZAejdd'd,d-g.d%e!dBe!fdCZBejdd'd,d-g.d%e!de"fdDZCejdd'd,d-g.d%e!de#fdEZDejdd'd,d-g.d%e!de"fdFZEdede!dGe#de#fdHZFejdd'd,d-g.d%e!dIe#ddfdJZGdede!dGe"de#fdKZHejdd'd,d-g.d%e!dIe"ddfdLZIejdd'd,d-g.d%e!ddfdMZJejdd'd,d-g.d%e!ddfdNZKejddOd-g.d%e!ddfdPZLejdd'd,d-g.d%e!dQe#ddfdRZMejdd'd,d-g.d%e!ddfdSZNejdd'd,d-g.d%e!ddfdTZOejdd'd,d-g.d%e!dUe!ddfdVZP dkded%e!dWe#dXe"de#f dYZQ dkded%e!dZe"de!fd[ZR dlded%e!dGe#de#fd\ZS dlded%e!dGe"de"fd]ZTded%e!dBe#de#fd^ZUded%e!d_e#de#fd`ZVd%e!de#fdaZWd%e!de#fdbZXd%e!de!fdcZYdeee!fddZZdeeee!e!ffdeZ[dede!ddfdfZ\deddfdgZ]dhZ^e_dik(re^yy#e $rYfwxYw)mau+ --- module: s3_bucket version_added: 1.0.0 short_description: Manage S3 buckets in AWS, DigitalOcean, Ceph, Walrus, FakeS3 and StorageGRID description: - Manage S3 buckets. - Compatible with AWS, DigitalOcean, Ceph, Walrus, FakeS3 and StorageGRID. - When using non-AWS services, O(endpoint_url) should be specified. author: - Rob White (@wimnat) - Aubin Bikouo (@abikouo) options: force: description: - When trying to delete a bucket, delete all keys (including versions and delete markers) in the bucket first (an S3 bucket must be empty for a successful deletion). type: bool default: false name: description: - Name of the S3 bucket. required: true type: str policy: description: - The JSON policy as a string. Set to the string V("null") to force the absence of a policy. type: json ceph: description: - Enable API compatibility with Ceph RGW. - It takes into account the S3 API subset working with Ceph in order to provide the same module behaviour where possible. - Requires O(endpoint_url) if O(ceph=true). aliases: ['rgw'] type: bool default: false requester_pays: description: - With Requester Pays buckets, the requester instead of the bucket owner pays the cost of the request and the data download from the bucket. type: bool state: description: - Create or remove the S3 bucket. required: false default: present choices: [ 'present', 'absent' ] type: str versioning: description: - Whether versioning is enabled or disabled (note that once versioning is enabled, it can only be suspended). type: bool encryption: description: - Describes the default server-side encryption to apply to new objects in the bucket. In order to remove the server-side encryption, the encryption needs to be set to 'none' explicitly. - "Note: Since January 2023 Amazon S3 doesn't support disabling encryption on S3 buckets." choices: [ 'none', 'AES256', 'aws:kms' ] type: str encryption_key_id: description: - KMS master key ID to use for the default encryption. - If not specified then it will default to the AWS provided KMS key. - This parameter is only supported if O(encryption) is V(aws:kms). type: str bucket_key_enabled: description: - Enable S3 Bucket Keys for SSE-KMS on new objects. - See the AWS documentation for more information U(https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html). - Bucket Key encryption is only supported if O(encryption=aws:kms). required: false type: bool version_added: 4.1.0 public_access: description: - Configure public access block for S3 bucket. - This option cannot be used together with O(delete_public_access). - | Note: At the end of April 2023 Amazon updated the default settings to block public access by default. While the defaults for this module remain unchanged, it is necessary to explicitly pass the O(public_access) parameter to enable public access ACLs. suboptions: block_public_acls: description: Sets BlockPublicAcls value. type: bool default: false block_public_policy: description: Sets BlockPublicPolicy value. type: bool default: false ignore_public_acls: description: Sets IgnorePublicAcls value. type: bool default: false restrict_public_buckets: description: Sets RestrictPublicAcls value. type: bool default: false type: dict version_added: 1.3.0 delete_public_access: description: - Delete public access block configuration from bucket. - This option cannot be used together with a O(public_access) definition. default: false type: bool version_added: 1.3.0 object_ownership: description: - Allow bucket's ownership controls. - V(BucketOwnerEnforced) - ACLs are disabled and no longer affect access permissions to your bucket. Requests to set or update ACLs fail. However, requests to read ACLs are supported. Bucket owner has full ownership and control. Object writer no longer has full ownership and control. - V(BucketOwnerPreferred) - Objects uploaded to the bucket change ownership to the bucket owner if the objects are uploaded with the bucket-owner-full-control canned ACL. - V(ObjectWriter) - The uploading account will own the object if the object is uploaded with the bucket-owner-full-control canned ACL. - This option cannot be used together with a O(delete_object_ownership) definition. - V(BucketOwnerEnforced) has been added in version 3.2.0. - "Note: At the end of April 2023 Amazon updated the default setting to V(BucketOwnerEnforced)." choices: [ 'BucketOwnerEnforced', 'BucketOwnerPreferred', 'ObjectWriter' ] type: str version_added: 2.0.0 object_lock_enabled: description: - Whether S3 Object Lock to be enabled. - Defaults to V(false) when creating a new bucket. type: bool version_added: 5.3.0 delete_object_ownership: description: - Delete bucket's ownership controls. - This option cannot be used together with a O(object_ownership) definition. default: false type: bool version_added: 2.0.0 acl: description: - The canned ACL to apply to the bucket. - If your bucket uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. choices: [ 'private', 'public-read', 'public-read-write', 'authenticated-read' ] type: str version_added: 3.1.0 validate_bucket_name: description: - Whether the bucket name should be validated to conform to AWS S3 naming rules. - On by default, this may be disabled for S3 backends that do not enforce these rules. - See U(https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html). type: bool version_added: 3.1.0 default: true dualstack: description: - Enables Amazon S3 Dual-Stack Endpoints, allowing S3 communications using both IPv4 and IPv6. - Mutually exclusive with O(endpoint_url). type: bool default: false version_added: 6.0.0 accelerate_enabled: description: - Enables Amazon S3 Transfer Acceleration, sent data will be routed to Amazon S3 over an optimized network path. - Transfer Acceleration is not available in AWS GovCloud (US). - See U(https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-s3.html#govcloud-S3-diffs). type: bool version_added: 8.1.0 object_lock_default_retention: description: - Default Object Lock configuration that will be applied by default to every new object placed in the specified bucket. - O(object_lock_enabled) must be included and set to V(True). - Object lock retention policy can't be removed. suboptions: mode: description: Type of retention modes. choices: [ "GOVERNANCE", "COMPLIANCE"] required: true type: str days: description: - The number of days that you want to specify for the default retention period. - Mutually exclusive with O(object_lock_default_retention.years). type: int years: description: - The number of years that you want to specify for the default retention period. - Mutually exclusive with O(object_lock_default_retention.days). type: int type: dict version_added: 8.1.0 inventory: description: - Enable S3 Inventory, saving list of the objects and their corresponding metadata on a daily or weekly basis for an S3 bucket. type: list elements: dict suboptions: destination: description: Contains information about where to publish the inventory results. type: dict required: True suboptions: account_id: description: The account ID that owns the destination S3 bucket. If no account ID is provided, the owner is not validated before exporting data. type: str bucket: description: The Amazon Resource Name (ARN) of the bucket where inventory results will be published. type: str required: True format: description: Specifies the output format of the inventory results. type: str choices: [ 'CSV', 'ORC', 'Parquet' ] required: True prefix: description: The prefix that is prepended to all inventory results. type: str filter: description: The prefix that an object must have to be included in the inventory results. type: str id: description: The ID used to identify the inventory configuration. type: str required: True schedule: description: Specifies the schedule for generating inventory results. type: str choices: [ 'Daily', 'Weekly' ] required: True included_object_versions: description: | Object versions to include in the inventory list. If set to All, the list includes all the object versions, which adds the version-related fields VersionId, IsLatest, and DeleteMarker to the list. If set to Current, the list does not contain these version-related fields. type: str required: True choices: [ 'All', 'Current' ] optional_fields: description: Contains the optional fields that are included in the inventory results. type: list elements: str choices: [ "Size", "LastModifiedDate", "StorageClass", "ETag", "IsMultipartUploaded", "ReplicationStatus", "EncryptionStatus", "ObjectLockRetainUntilDate", "ObjectLockMode", "ObjectLockLegalHoldStatus", "IntelligentTieringAccessTier", "BucketKeyStatus", "ChecksumAlgorithm", "ObjectAccessControlList", "ObjectOwner" ] extends_documentation_fragment: - amazon.aws.common.modules - amazon.aws.region.modules - amazon.aws.tags - amazon.aws.boto3 notes: - If C(requestPayment), C(policy), C(tagging) or C(versioning) operations/API aren't implemented by the endpoint, module doesn't fail if each parameter satisfies the following condition. O(requester_pays) is V(false), O(policy), O(tags), and O(versioning) are V(None). - In release 5.0.0 the O(s3_url) parameter was merged into the O(endpoint_url) parameter, O(s3_url) remains as an alias for O(endpoint_url). - For Walrus O(endpoint_url) should be set to the FQDN of the endpoint with neither scheme nor path. - Support for the E(S3_URL) environment variable has been deprecated and will be removed in a release after 2024-12-01, please use the O(endpoint_url) parameter or the E(AWS_URL) environment variable. a # Note: These examples do not set authentication details, see the AWS Guide for details. # Create a simple S3 bucket - amazon.aws.s3_bucket: name: mys3bucket state: present # Create a simple S3 bucket on Ceph Rados Gateway - amazon.aws.s3_bucket: name: mys3bucket endpoint_url: http://your-ceph-rados-gateway-server.xxx ceph: true # Remove an S3 bucket and any keys it contains - amazon.aws.s3_bucket: name: mys3bucket state: absent force: true # Create a bucket, add a policy from a file, enable requester pays, enable versioning and tag - amazon.aws.s3_bucket: name: mys3bucket policy: "{{ lookup('file','policy.json') }}" requester_pays: true versioning: true tags: example: tag1 another: tag2 # Create a simple DigitalOcean Spaces bucket using their provided regional endpoint - amazon.aws.s3_bucket: name: mydobucket endpoint_url: 'https://nyc3.digitaloceanspaces.com' # Create a bucket with AES256 encryption - amazon.aws.s3_bucket: name: mys3bucket state: present encryption: "AES256" # Create a bucket with aws:kms encryption, KMS key - amazon.aws.s3_bucket: name: mys3bucket state: present encryption: "aws:kms" encryption_key_id: "arn:aws:kms:us-east-1:1234/5678example" # Create a bucket with aws:kms encryption, Bucket key - amazon.aws.s3_bucket: name: mys3bucket bucket_key_enabled: true encryption: "aws:kms" # Create a bucket with aws:kms encryption, default key - amazon.aws.s3_bucket: name: mys3bucket state: present encryption: "aws:kms" # Create a bucket with public policy block configuration - amazon.aws.s3_bucket: name: mys3bucket state: present public_access: block_public_acls: true ignore_public_acls: true ## keys == 'false' can be omitted, undefined keys defaults to 'false' # block_public_policy: false # restrict_public_buckets: false # Delete public policy block from bucket - amazon.aws.s3_bucket: name: mys3bucket state: present delete_public_access: true # Create a bucket with object ownership controls set to ObjectWriter - amazon.aws.s3_bucket: name: mys3bucket state: present object_ownership: ObjectWriter # Delete onwership controls from bucket - amazon.aws.s3_bucket: name: mys3bucket state: present delete_object_ownership: true # Delete a bucket policy from bucket - amazon.aws.s3_bucket: name: mys3bucket state: present policy: "null" # This example grants public-read to everyone on bucket using ACL - amazon.aws.s3_bucket: name: mys3bucket state: present acl: public-read # Enable transfer acceleration - amazon.aws.s3_bucket: name: mys3bucket state: present accelerate_enabled: true # Default Object Lock retention - amazon.aws.s3_bucket: name: mys3bucket state: present object_lock_enabled: true object_lock_default_retention: mode: governance days: 1 # Bucket with inventory configuration: - amazon.aws.s3_bucket: name: mys3bucket state: present inventory: - id: mys3bucket-inventory-id destination: bucket: "arn:aws:s3:::mys3inventorybucket" optional_fields: - "Size" included_object_versions: "All" schedule: "Weekly" a encryption: description: Server-side encryption of the objects in the S3 bucket. type: dict returned: when O(state=present) sample: { "SSEAlgorithm": "AES256" } name: description: Bucket name. returned: when O(state=present) type: str sample: "a-testing-bucket-name" object_ownership: description: S3 bucket's ownership controls. type: str returned: when O(state=present) sample: "BucketOwnerPreferred" object_lock_default_retention: description: S3 bucket's object lock retention policy. type: dict returned: when O(state=present) sample: { "Days": 1, "Mode": "GOVERNANCE", "Years": 0, } policy: description: S3 bucket's policy. type: dict returned: when O(state=present) sample: { "Statement": [ { "Action": "s3:GetObject", "Effect": "Allow", "Principal": "*", "Resource": "arn:aws:s3:::2d3ce10a8210d36d6b4d23b822892074complex/*", "Sid": "AddPerm" } ], "Version": "2012-10-17" } requester_pays: description: Indicates that the requester was successfully charged for the request. type: bool returned: when O(state=present) sample: true tags: description: S3 bucket's tags. type: dict returned: when O(state=present) sample: { "Tag1": "tag1", "Tag2": "tag2" } versioning: description: S3 bucket's versioning configuration. type: dict returned: when O(state=present) sample: { "MfaDelete": "Disabled", "Versioning": "Enabled" } contains: MfaDelete: description: Specifies whether MFA delete is enabled in the bucket versioning configuration. returned: when O(state=presnet) and MfaDelete configured on bucket. type: str Versioning: description: The versioning state of the bucket. type: str returned: always acl: description: S3 bucket's canned ACL. type: dict returned: when O(state=present). sample: "public-read" object_lock_enabled: description: Whether S3 Object Lock is enabled. type: bool returned: when O(state=present) sample: false public_access_block: description: Bucket public access block configuration. returned: when O(state=present) type: dict sample: { "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true } } contains: PublicAccessBlockConfiguration: description: The PublicAccessBlock configuration currently in effect for this Amazon S3 bucket. type: dict contains: BlockPublicAcls: description: Specifies whether Amazon S3 should block public access control lists (ACLs) for this bucket and objects in this bucket. type: bool BlockPublicPolicy: description: Specifies whether Amazon S3 should block public bucket policies for this bucket. type: bool IgnorePublicAcls: description: Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this bucket. type: bool RestrictPublicBuckets: description: Specifies whether Amazon S3 should restrict public bucket policies for this bucket. type: bool accelerate_enabled: description: S3 bucket acceleration status. type: bool returned: O(state=present) sample: true bucket_inventory: description: S3 bucket inventory configuration. type: list returned: when O(state=present) sample: [ { "IsEnabled": true, "Id": "9c2a337ba5fd64de777f499441f83093-inventory-target", "Destination": { "S3BucketDestination": { "Bucket": "arn:aws:s3:::9c2a337ba5fd64de777f499441f83093-inventory-target", "Format": "CSV" } }, "IncludedObjectVersions": "All", "Schedule": { "Frequency": "Daily" }, "OptionalFields": [] } ] N)Iterator)List)Tupleto_text)snake_dict_to_camel_dict) string_types)is_boto3_error_code)AnsibleAWSModule)compare_policies)AWSRetry)get_s3_bucket_location)$list_bucket_inventory_configurations)s3_extra_params)validate_bucket_name)ansible_dict_to_boto3_tag_list)boto3_tag_list_to_ansible_dictmodulenamereturnc|jjd}d}i} t||}|Sd}|r|jddk7rd}n|s|jddk(rd}|r t|||d}t||||}|jdd |jd d d }||fS#tj j tj jf$r}|j|d Yd}~d}~wwxYw#td dg$r"}||j|d Yd}~|fSd}~wtd$r3}||j|d |jdYd}~|fSd}~wtj j tj jf$r }|j|d Yd}~|fSd}~wwxYw)a Manage versioning for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. module (AnsibleAWSModule): The Ansible module object. name (str): The name of the bucket to handle versioning for. Returns: A tuple containing a boolean indicating whether versioning was changed and a dictionary containing the updated versioning status. versioningFNStatusEnabled SuspendedTz"Failed to update bucket versioningmsgDisabled MFADelete) Versioning MfaDeleteNotImplementedXNotImplementedz=Bucket versioning is not supported by the current S3 Endpoint AccessDeniedzFailed to get bucket versioningz'AccessDenied fetching bucket versioning) paramsgetget_bucket_versioningput_bucket_versioningbotocore exceptions BotoCoreError ClientError fail_json_awswait_versioning_is_appliedr warn) s3_clientrrrversioning_changedversioning_statusrequired_versioningeversioning_results h/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/amazon/aws/plugins/modules/s3_bucket.pyhandle_bucket_versioningr7<s""<0J" 1)TB  !"& /33H=J&/#$5$9$9($Cy$P&1#"V))T;NO)-&%?vyRVXk$l!,//*E*..{JG  0 00!++998;N;N;Z;Z[V((0T(UUV1  02CD Ei  !  (g h@ 0 00? ~ .?  !  (I J =>>8 0 005 ))'' G Q$EFF. 0 007GsG D%B++7C?"C::C?GD//G&E..:G(GGc|jjd}d}i} t||}|I|rdnd}||k7r>t|||t ||||d}|t|||t ||||d}d}||fS#t dd g$r"}||j |d Yd}~||fSd}~wt d $r3}||j |d |jdYd}~||fSd}~wtjjtjjf$r }|j |d Yd}~||fSd}~wwxYw)a Manage requester pays setting for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. module (AnsibleAWSModule): The Ansible module object. name (str): The name of the bucket to handle requester pays setting for. Returns: A tuple containing a boolean indicating whether requester pays setting was changed and a dictionary containing the updated requester pays status. requester_paysFN Requester BucketOwner should_failTr"r#zBBucket request payment is not supported by the current S3 Endpointrr$$Failed to get bucket request paymentz,AccessDenied fetching bucket request payment) r%r&get_bucket_request_paymentput_bucket_request_paymentwait_payer_is_appliedr r-r/r)r*r+r,)r0rrr9requester_pays_changedrequester_pays_statuspayerr4s r6handle_bucket_requester_paysrEss]]&&'78N". :9d K  %#1K}E$-*9dEB(=fiQUW\jo(p%(0/y$F,A&)UY[`nr,s))-& !> 111  02CD En  %  (l m, "> 11+ ~ .D  %  (N O BCC$ "> 11! ))'' L Q$JKK "> 11#Ls/ A<<E B))E:&C((:E"D==Ec|jjd}|jjd}d}i}i} t||}|&t|d}||k(r|}nt |||d}|}|r|ik(r|}||fSt ||d}i}||fS#t ddg$r"} ||j| d Yd} ~ ||fSd} ~ wt d $r3} ||j| d |jd Yd} ~ ||fSd} ~ wtjjtjjf$r } |j| d Yd} ~ ||fSd} ~ wwxYw)a Manage public access configuration for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. module (AnsibleAWSModule): The Ansible module object. name (str): The name of the bucket to handle public access configuration for. Returns: A tuple containing a boolean indicating whether public access configuration was changed and a dictionary containing the updated public access configuration. public_accessdelete_public_accessFNTcapitalize_firstr"r#zJBucket public access settings are not supported by the current S3 Endpointrr$z0Failed to get bucket public access configurationz3AccessDenied fetching bucket public access settings) r%r&get_bucket_public_accessrput_bucket_public_accessdelete_bucket_public_accessr r-r/r)r*r+r,) r0rrrGrHpublic_access_changedpublic_access_resultcurrent_public_accesscamel_public_blockr4s r6"handle_bucket_public_access_configrRsMM%%o6M!==,,-CD!!* 8D I  $!9-Z^!_ $(::'<$(D:LM(,%'9$ $*'<$ !"6 66 ,It<(,%')$ !"6 66E  02CD Ev  $  (t u@ !"6 66? ~ .K  $  (Z [ IJJ8 !"6 665 ))'' X Q$VWW. !"6 667Xs/ BE#CE&C??:E9EEc~|jjd}d}d} t||}|t|trt j |}|s#|r! t||t||||}d}||fSt||r? t|||t||||d}|t|||t||||d}d}||fS#tjjtjjf$r}|j|dYd}~d}~wwxYw#tjjtjjf$r}|j|dYd}~d}~wwxYw#t!d d g$r"}||j|d Yd}~||fSd}~wt!d $r3}||j|d |j#dYd}~||fSd}~wtjjtjjf$r }|j|d Yd}~||fSd}~wwxYw)a Manage bucket policy for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. module (AnsibleAWSModule): The Ansible module object. name (str): The name of the bucket to handle the policy for. Returns: A tuple containing a boolean indicating whether the bucket policy was changed and a dictionary containing the updated bucket policy. policyFNzFailed to delete bucket policyrTzFailed to update bucket policyr<r"r#z9Bucket policy is not supported by the current S3 Endpointr$Failed to get bucket policyz#AccessDenied fetching bucket policy)r%r&get_bucket_policy isinstancer jsonloadsdelete_bucket_policyr)r*r+r,r-wait_policy_is_appliedr put_bucket_policyr r/)r0rrrTpolicy_changedcurrent_policyr4s r6handle_bucket_policyr_sj]]  x (FNN%&*9d;  &,/F+nR(D9"8 4QW!X!% > ))".&9R%iv>"8 4QWej!k!)&iv>%;FItU[im%nN!% > ))#!++998;N;N;Z;Z[R((0P(QQR!++998;N;N;Z;Z[R((0P(QQR7  02CD Ee    (c dF > ))E ~ .;    (E F 9::> > )); ))'' C Q$ABB4 > ))=Cs_ E6 C D7D?DD7E3E..E36H<F##H<4&G"":H<H77H<c~|jjd}|jjd}d}d} t||}|ztd|j D}|s#|j }|j ||}||k7r0|r t|||n|r t||t||||}d }||fS#tjjtjjf$r}|j|dYd}~cd}~wwxYw#tjjtjjf$r}|j|dYd}~d}~wwxYw#td d g$r"}||j|d Yd}~||fSd}~wtd $r3}||j|d|j!dYd}~||fSd}~wtjjtjjf$r }|j|dYd}~||fSd}~wwxYw)a Manage tags for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. module (AnsibleAWSModule): The Ansible module object. name (str): The name of the bucket to handle tags for. Returns: A tuple containing a boolean indicating whether tags were changed and a dictionary containing the updated tags. tags purge_tagsFNc3NK|]\}}t|t|fyw)Nr).0kvs r6 z%handle_bucket_tags..5s!JTQWQZ0Js#%zFailed to update bucket tagsrzFailed to delete bucket tagsTr"r#z:Bucket tagging is not supported by the current S3 Endpointr$zFailed to get bucket tagsz!AccessDenied fetching bucket tags)r%r&get_current_bucket_tags_dictdictitemscopyupdateput_bucket_taggingr)r*r+r,r-delete_bucket_taggingwait_tags_are_appliedr r/) r0rrrarbbucket_tags_changedcurrent_tags_dict current_copyr4s r6handle_bucket_tagsrssX ==  V $D""<0J$+8DI  JTZZ\JJD0557 ##D)# D(T*9dDA"X1)TB%:&)TSW$X!&*#  1 11%//==x?R?R?^?^_T,,Q4R,SST !) 3 3 A A8CVCVCbCbcX"008V0WWX?  02CD Ef    (d eD  1 11C ~ .9    (C D 788<  1 119 ))'' A Q$?@@2  1 11;As_ E6 C( D7D?DD7E3E..E36H<F##H<4&G"":H<H77H<c|jjd}|jjd}|jjd}d}d} t||}||r|jdnd}|r|jdnd} |dk(r |[ t||t|||d}d }n=||k7s |d k(r3| |k7r.d|i} |d k(r|| jd|it|||| }d }|D|r|jdnd}|d k(r*t|||k7rt|} t|||| }d }||fS#tj j tj jf$r} |j| d Yd} ~ d} ~ wwxYw#td dg$r"} ||j| d Yd} ~ ||fSd} ~ wtd$r3} ||j| d |j!dYd} ~ ||fSd} ~ wtj j tj jf$r } |j| d Yd} ~ ||fSd} ~ wwxYw)a Manage encryption settings for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. module (AnsibleAWSModule): The Ansible module object. name (str): The name of the bucket to handle encryption for. Returns: A tuple containing a boolean indicating whether encryption settings were changed and a dictionary containing the updated encryption settings. encryptionencryption_key_idbucket_key_enabledFN SSEAlgorithmKMSMasterKeyIDnonez"Failed to delete bucket encryptionrTaws:kmsr"r#z=Bucket encryption is not supported by the current S3 Endpointr$z(Failed to get bucket encryption settingsz0AccessDenied fetching bucket encryption settings)r%r&get_bucket_encryptiondelete_bucket_encryptionr)r*r+r,r-wait_encryption_is_appliedrl put_bucket_encryption_with_retryget_bucket_keyboolput_bucket_key_with_retryr r/) r0rrrurvrwencryption_changedcurrent_encryptioncurrent_encryption_algorithmcurrent_encryption_keyr4expected_encryptions r6handle_bucket_encryptionrMs""<0J ))*=>**+?@*.29dC  !Ug+=+A+A.+Qmq (Qc%7%;%;>)+0FJ[0[+9:*F'!Y.3D3P+224DFW3XY)I&R[]acv)w&)-&  )Ug+=+A+A.+Qmq (+y8!)T26HH*./A*B')B69VZ\o)p&)-& 1 11-%//==x?R?R?^?^_Z,,Q4X,YYZ)  02CD Ei  !  (g hP 1 11O ~ .H  !  (R S FGGH 1 11E ))'' P Q$NOO> 1 11GPsH F D;;7F2F  FI"F??I&G>>:I8IIc|jjd}|jjd}d}i} t||}|}|r|,t||d}d}||fS|||k7rt |||d}|}||fS#t $r$}|s||j |dYd}~||fSd}~wtdd g$r$}|s||j |d Yd}~||fSd}~wtd $r5}|s||j |d|jd Yd}~||fSd}~wtjjtjjf$r }|j |dYd}~||fSd}~wwxYw) a Manage ownership settings for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. module (AnsibleAWSModule): The Ansible module object. name (str): The name of the bucket to handle ownership for. Returns: A tuple containing a boolean indicating whether ownership settings were changed and a dictionary containing the updated ownership settings. delete_object_ownershipobject_ownershipFNTz.Failed to get bucket object ownership settingsrr"r#zCBucket object ownership is not supported by the current S3 Endpointr$z6AccessDenied fetching bucket object ownership settings) r%r&get_bucket_ownership_cntrldelete_bucket_ownershipput_bucket_ownershipKeyErrorr-r r/r)r*r+r,) r0rrrrbucket_ownership_changedbucket_ownership_resultbucket_ownershipr4s r6handle_bucket_ownershiprs%mm//0IJ}}(();<$ !;5iF"2( #+' 48+/(*.' $%< << )#33$Y6FG+/(*:' #%< <> E3B&&E39CE3)(D:E3E..E3c:|jjd}d}i}|r |j|||}d}||fS||fS#t$r }|j |dYd}~||fSd}~wt dd g$r }|j |d Yd}~||fSd}~wt d $r }|j |d Yd}~||fSd}~wt jjt jjf$r }|j |d Yd}~||fSd}~wwxYw)a Manage Access Control List (ACL) for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. module (AnsibleAWSModule): The Ansible module object. name (str): The name of the bucket to handle ACL for. Returns: A tuple containing a boolean indicating whether ACL was changed and a dictionary containing the updated ACL. aclF)BucketACLTzFailed to get bucket acl blockrNr"r#z7Bucket ACLs ar not supported by the current S3 Endpointr$z)Access denied trying to update bucket ACLzFailed to update bucket ACL) r%r&put_bucket_aclrr-r r)r*r+r,)r0rrrbucket_acl_changedbucket_acl_resultr4s r6handle_bucket_aclrse --  E "C  G  $ $Dc $ : # !%  0 00 0 00 J  (H I I 0 00#$46G#HI c  (a b b 0 00#>2 U  (S T T 0 00    - -    + +  G  (E F F 0 00  Gs;A D A&&D9BD%C:D:DDcJ|jjd}i} t||}|}|,|s|r|jd|r|s|jd|S#t ddg$r||jdY|St d $r|r|jdd }Y|St d $r||jd Y|St j jt j jf$r}|j|d Yd}~|Sd}~wwxYw)aJ Manage object lock configuration for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. module (AnsibleAWSModule): The Ansible module object. name (str): The name of the bucket to handle object lock for. Returns: The updated object lock configuration. object_lock_enabledNz;Disabling object lock for existing buckets is not supportedrz:Enabling object lock for existing buckets is not supportedr"r#z2Fetching bucket object lock state is not supported$ObjectLockConfigurationNotFoundErrorFr$z7Permission denied fetching object lock state for bucketz(Failed to fetch bucket object lock state) r%r&get_bucket_object_lock_enabled fail_jsonr r)r*r+r,r-)r0rrrobject_lock_resultobject_lock_statusr4s r6handle_bucket_object_lockrsh!--++,ABc;ItL/"  )&+=  %b c"+=  %a b -  02CD EW  *   !U  V( ' E F#    !]  ^"  ~ .\  *   !Z  [  ))'' P Q$NOO Ps)A$D"#D"*!D"6D"DD"c6|jjd}d}d} t||}|}|- |s|rt||d}d}|r|st ||d}d}||fS||fS#t j jt j jf$r }|j|dYd}~||fSd}~wwxYw#tddg$r"}||j|d Yd}~||fSd}~wtd d g$r|jd d}Y||fStd $r"}||j|dYd}~||fSd}~wt j jt j jf$r }|j|dYd}~||fSd}~wwxYw)a Manage transfer accelerate for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. module (AnsibleAWSModule): The Ansible module object. name (str): The name of the bucket to handle transfer accelerate for. Returns: A tuple containing a boolean indicating whether transfer accelerate setting was changed and a boolean indicating the transfer accelerate status. accelerate_enabledFNTz-Failed to update bucket transfer accelerationrr"r#z>:F8FFc|jjd}|jjd}i}d} |r t||}ni}|s|ik7r|jd|St |d}|j D cic] \} } | s | |  }} } |r||k7rt |||d}|}n|}||fS||fScc} } w#tjjtjjf$r } |j| d Yd} ~ ||fSd} ~ wwxYw#td d g$r"} ||j| d Yd} ~ ||fSd} ~ wtd $r"} ||j| dYd} ~ ||fSd} ~ wtjjtjjf$r } |j| dYd} ~ ||fSd} ~ wwxYw)a Manage object lock retention configuration for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. module (AnsibleAWSModule): The Ansible module object. name (str): The name of the bucket to handle object lock for. Returns: A tuple containing a boolean indicating whether the bucket object lock retention configuration was changed and a dictionary containing the change. robject_lock_default_retentionFz7Removing object lock default retention is not supportedrNTrIz5Failed to update bucket object lock default retentionr"r#z>Fetching bucket object lock default retention is not supportedr$zCPermission denied fetching object lock default retention for bucketz:Failed to fetch bucket object lock default retention state) r%r&get_object_lock_configurationrrrjput_object_lock_configurationr)r*r+r,r-r ) r0rrrr$object_lock_default_retention_result%object_lock_default_retention_changed object_lock_configuration_statusconfrerfr4s r6#handle_bucket_object_lock_retentionrIs(!--++,AB$*MM$5$56U$V!+-(,1)e /LYX\/] ,/1 ,-1QUW1W   !Z  [ ( 4+,I\`aD%)ZZ\7TQQAqD7D7 e05UY]5]1)T4H<@9;X8;X8 12V VV 02V VV8''55x7J7J7V7VW e$$Q,c$dd 02V VV e1  02CD Ej ( 4  (h i2 12V VV1 ~ .o ( 4  (m n, 12V VV) ))'' b Q$`aa" 12V VV+bsSD B?B?C7D<DDG/E  GE:::G4GGc *|jjd}g}d}|d|fS t||Dcic]}|d| }}|D] } t| jd id } d | jdd| jD cic] \} } |  | |  c} } i| jdd| jdigd} | jdgD]}| dj|| jdd| jdi| d<j| dd}| |k7r t||| d }|j| jD]} t|||d }||fScc}w#tddg$r }||j |dYd}~jd}~wtd $r }||j |d Yd}~d}~wt j jt j jf$r}|j |d Yd}~d}~wwxYwcc} } w#td$r}|j |dYd}~!d}~wt j jt j jf$r}|j |dYd}~td}~wwxYw#t j jt j jf$r}|j |dYd}~d}~wwxYw)a Manage inventory configuration for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. module (AnsibleAWSModule): The Ansible module object. name (str): The name of the bucket to handle inventory for. Returns: A tuple containing a boolean indicating whether inventory settings were changed and a dictionary containing the updated inventory. inventoryFNIdr"r#z,Fetching bucket inventories is not supportedrr$z-Permission denied fetching bucket inventoriesz"Failed to fetch bucket inventories destinationTidS3BucketDestinationincluded_object_versions Frequencyschedule) IsEnabledr DestinationIncludedObjectVersionsScheduleOptionalFieldsoptional_fieldsrfilterPrefixFilterInvalidS3DestinationBucketzInvalid destination bucket ARNz&Failed to set bucket inventory settingz!Failed to delete bucket inventory)r%r&rr r-r)r*r+r,rrjappendpopput_bucket_inventorykeysdelete_bucket_inventory)r0rrdeclared_inventoriesresultsbucket_changedipresent_inventoriesr4declared_inventorycamel_destinationrerfdeclared_inventory_apifieldpresent_inventory inventory_ids r6handle_bucket_inventoryr}sR"==,,[9GN#w J3WXacg3hiaqwzii3/45G5K5KM[]5^`de$((.1EVE\E\E^3pTQbcboAqD3pq&8&<&<=W&X$&8&<&,002  M #It\ B  7 ""gj  02CD EX  +  (V W ~ .Y  +  (W X))'' J Q$HII J4q ''CD N$$Q,L$MM##11##// V$$Q,T$UU  V##1183F3F3R3RS M  (K L L MsF E>F H5H52H;) J=>FH2F..H2?G:H2H--H2;J: I"":J:J55J:=7L4L  Lc|jjd}|jjd}t|}d}i} t||}s6 t||||} |jdj| |xs| }t|||\} } | |d <t!|||\} } | |d <t#|||\}}||d<t%|||\}}||d<t'|||\}}||d<t)|||\}}||d<t+|||\}}||d<t-|||\}}||d<t/|||}||d<t1|||\}}||d<t3|||\}}||d<t5|||\}} | |d<|xs*| xs&| xs"|xs|xs|xs|xs|xs|xs |xs|xs|}|j6d||d|y#tj j $r*}|j|dt|Yd}~d}~wtj jtj jf$r}|j|dYd}~ d}~wwxYw#tj j$r}|j|d Yd}~d}~wtj jtj jf$r}|j|d Yd}~cd}~wwxYw)aB Create or update an S3 bucket along with its associated configurations. This function creates a new S3 bucket if it does not already exist, and updates its configurations, such as versioning, requester pays, public access block configuration, policy, tags, encryption, bucket ownership, ACL, and object lock settings. It returns whether any changes were made and the updated configurations. Parameters: s3_client (boto3.client): The Boto3 S3 client object. module (AnsibleAWSModule): The Ansible module object. Returns: None rrFInvalid endpoint provided: rNFailed to check bucket presence bucket_existsrziQU,V))%F5M!:)VT R$=F !;SS\^dfj:k77#;F  Qt64QM(*M/RF *+8OPY[acg8h55!8F   $  $ ! $ ( $  $  $  $ $ $  $ % $ 0 $ $ F:W4:6:c    6 6PQ&A'!*$NOO    - -x/B/B/N/N OGQ$EFFG"".. h  (f g g##1183F3F3R3RS H  (F G G HsH G5I%I"%H  :I"II"%K3J:K3K..K3 bucket_namecR |j|y#td$rYywxYw)a Checks if a given bucket exists in an AWS S3 account. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the bucket to check for existence. Returns: True if the bucket exists, False otherwise. rT404F) head_bucketr r0rs r6rr/s2[1 u % &&x) max_delayrrc d|i}i}|dvr||d<|r||d<|||d<|jd i|y#td$rYywxYw) a Create an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the bucket to create. location (str): The AWS region where the bucket should be created. If None, it defaults to "us-east-1". object_lock_enabled (bool): Whether to enable object lock for the bucket. Defaults to False. Returns: True if the bucket was successfully created, False otherwise. r)z us-east-1NLocationConstraintCreateBucketConfigurationObjectLockEnabledForBucketTBucketAlreadyOwnedByYouFr)rr )r0rrrr% configurations r6rr?syK( . .2:M. / 2?F. /  *3FF/ 0 )&) 8 9s/2AA NoSuchBucketOperationAbortedrcatch_extra_error_codesc|j|}|jdijdijdiS)a  Get the object lock default retention configuration for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. Returns: Object lock default retention configuration dictionary. rObjectLockConfigurationRuleDefaultRetention)rr&r0rrs r6rrasE 4 4K 4 HF ::/ 4 8 8 D H HI[]_ ``c8dd|id}|j||y)aY Set tags for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. object_lock_default_retention (dict): A dictionary containing the object lock default retention configuration to be set on the bucket. Returns: None rr)ObjectLockEnabledr)rrN)r)r0rrrs r6rros)"+5GIf4g hD ++;X\+]rc.|j|ddiy)z Enable transfer accelerate for the S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. Returns: None rrrAccelerateConfigurationNrrs r6rrs11_gir^s1trc.|j|ddiy)z Disable transfer accelerate for the S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. Returns: None rrrNrrs r6rrs11_git^u1vrcN|j|}|jddk(S)a Get transfer accelerate status of the S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. Returns: Transfer accelerate status of the S3 bucket. rrr)#get_bucket_accelerate_configurationr&)r0raccelerate_configurations r6rrs/ )LLT_L` # ' ' 1Y >>rrcJ|j|||jdy)a- Set inventory settings for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. tags (dict): A dictionary containing the inventory settings to be set on the bucket. Returns: None r)rInventoryConfigurationrN)"put_bucket_inventory_configurationr&)r0rrs r6rrs'009tAT1rrac@|j|dt|iy)a Set tags for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. tags (dict): A dictionary containing the tags to be set on the bucket. Returns: None TagSet)rTaggingN)rmr)r0rras r6rmrms#  hHfgkHl=m nrrc*|j||y)a Delete the inventory settings for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. id (str): The ID used to identify the inventory configuration Returns: None )rrN)%delete_bucket_inventory_configuration)r0rrs r6rrs33;<3XrrTcP|j|tj|y)a Set the policy for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. policy (dict): A dictionary containing the policy to be set on the bucket. Returns: None )rPolicyN)r\rXdumps)r0rrTs r6r\r\s {4::f;MNrc(|j|y)z Delete the policy for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. Returns: None rN)rZrs r6rZrZs""+"6rc |j|jd}|sytj|}|S#t d$rYywxYw)z Get the policy for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. Returns: Current bucket policy. rr&NNoSuchBucketPolicy)rVr&rXrYr )r0rcurrent_policy_stringr^s r6rVrVs^ ) ; ;; ; O S ST\ ]$$9:  3 4s#==A ArDc.|j|d|iy)a: Set the request payment configuration for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. payer (str): The entity responsible for charges related to fulfilling the request. Returns: None Payer)rRequestPaymentConfigurationN)r@)r0rrDs r6r@r@s(( ZachYi(jrcD|j|jdS)a Get the request payment configuration for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. Returns: Payer of the download and request fees. rr-)r?r&rs r6r?r?s#  / /{ / C G G PPrc&|j|S)z Get the versioning configuration for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. Returns: Returns the versioning state of a bucket. r)r'rs r6r'r's  * *+ * >>rr3c.|j|d|iy)aC Set the versioning configuration for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. required_versioning (str): The desired versioning state for the bucket ("Enabled", "Suspended"). Returns: None r)rVersioningConfigurationN)r()r0rr3s r6r(r(,s##;QY[nPo#prc<|j|}|dddk(S)a" Retrieve the object lock configuration status for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. Returns: True if object lock is enabled for the bucket, False otherwise. rrrr)r)r0robject_lock_configurations r6rr:s0!* G G{ G [ $%> ?@S TXa aarc |j|}|jdijdgdjdS#td$rYyttf$rYywxYw)a Retrieve the encryption configuration for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. Returns: Encryption configuration of the bucket. r!ServerSideEncryptionConfigurationRulesr"ApplyServerSideEncryptionByDefault.ServerSideEncryptionConfigurationNotFoundErrorNr|r&r IndexErrorrrs r6r|r|Hsv 00 0D JJ:B ? S" a ! S5 6 O P  !AAA)A)(A)c |j|}|jdijdgdjdS#td$rYyttf$rYywxYw)a& Retrieve the status of server-side encryption for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. Returns: Whether or not if server-side encryption is enabled for the bucket. rr6r7rBucketKeyEnabledr9Nr:rs r6rr_st00 0Dzz=rBFFwPRSTUVZZ[mnn O P  !r<rc ^d}td|dzD]-} t|||t||||||k(d}||k(s+|cS|jd| y#tjjtjj f$r}|j |dYd}~d}~wwxYw) a Set the encryption configuration for an S3 bucket with retry logic. Parameters: module (AnsibleAWSModule): The Ansible module object. s3_client (boto3.client): The Boto3 S3 client object. name (str): The name of the S3 bucket. expected_encryption (dict): A dictionary containing the expected encryption configuration. Returns: Updated encryption configuration of the bucket. zFailed to set bucket encryptionrNr=retriesz!Failed to apply bucket encryptionrcurrentexpectedrD) rangeput_bucket_encryptionr)r*r+r,r-r~rrr0rr max_retriesrDr4rs r6rrrsKK!O, & K !)T3F G 8 It%8wR]G]hi  !4 4% % &"  /"$     - -    + +  K  (I J J  K A7B,B''B,ruc8dd|igi}|j||y)a+ Set the encryption configuration for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. encryption (dict): A dictionary containing the encryption configuration. Returns: None r7r8rr6N)rI)r0rru$server_side_encryption_configurations r6rIrIs2-47[]g6h5i+j( ##>b$rc ^d}td|dzD]-} t|||t||||||k(d}||k(s+|cS|jd| y#tjjtjj f$r}|j |dYd}~d}~wwxYw) a Set the status of server-side encryption for an S3 bucket. Parameters: module (AnsibleAWSModule): The Ansible module object. s3_client (boto3.client): The Boto3 S3 client object. name (str): The name of the S3 bucket. expected_encryption (bool): The expected status of server-side encryption using AWS KMS. Returns: The updated status of server-side encryption using AWS KMS for the bucket. r@rAzFailed to set bucket KeyrNrBrCzFailed to set bucket keyrE) rHput_bucket_keyr)r*r+r,r-wait_bucket_key_is_appliedrrJs r6rrsKK!O, & D 9d,? @ 8 It%8wR]G]hi  !4 4% % &"  &0BM`jq    - -    + +  D  (B C C  DrLcp|j|}||dddd<|j||dy)a1 Set the status of server-side encryption for an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. encryption (bool): The status of server-side encryption using AWS KMS. Returns: None rr6r7rr>rNN)r|rI)r0rruencryption_statuss r6rQrQsS"77{7K]g9:7CAFGYZ ##>OPs>t$rc(|j|y)z Delete the tagging configuration of an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. Returns: None rN)rnrs r6rnrns##;#7rc(|j|y)z Delete the encryption configuration of an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. Returns: None rN)r}rs r6r}r}s&&k&:rcR |j|y#td$rYywxYw)z Delete an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. Returns: None rr N) delete_bucketr rs r6rYrYs1 {3 ~ .   r public_accesc*|j||y)a Put new public access block to S3 bucket Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. public_access (dict): The public access block configuration. Returns: None )rPublicAccessBlockConfigurationN)put_public_access_block)r0rrZs r6rLrL s%%[Ye%frc(|j|y)z Delete public access block from S3 bucket Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. Returns: None rN)delete_public_access_blockrs r6rMrMs(( (rNrBz;Bucket request payment failed to apply in the expected time)rrequested_status live_status) rHr?r)r*r+r,r-rlrmr)rr0rror=rnrCr4s r6rArAbsq") P$>y+$V ! !N 2 JJqM( ()M+-  ##1183F3F3R3RS P  (N O O P A7B) B$$B)cXtd|D]-} t||}|k7rtjd+|cS|r|jd|S#tjjtjj f$r}|j |dYd}~d}~wwxYw)af Wait for the encryption setting to be applied to an S3 bucket. Parameters: module (AnsibleAWSModule): The Ansible module object. s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. expected_encryption(dict): The expected encryption setting. should_fail (bool): Flag indicating whether to fail if the setting is not applied within the expected time. Default is True. retries (int): The number of retries to attempt. Default is 12. Returns: The current encryption setting applied to the bucket. r+Failed to get updated encryption for bucketrNrBz6Bucket encryption failed to apply in the expected timerrequested_encryptionlive_encryption) rHr|r)r*r+r,r-rlrmr rr0rrr=rDrnrur4s r6r~r~sq'" W.y+FJ , , JJqM H!4&  ##1183F3F3R3RS W  (U V V WrscXtd|D]-} t||}|k7rtjd+|cS|r|jd|S#tjjtjj f$r}|j |dYd}~d}~wwxYw)ag Wait for the bucket key setting to be applied to an S3 bucket. Parameters: module (AnsibleAWSModule): The Ansible module object. s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. expected_encryption (bool): The expected bucket key setting. should_fail (bool): Flag indicating whether to fail if the setting is not applied within the expected time. Default is True. retries (int): The number of retries to attempt. Default is 12. Returns: The current bucket key setting applied to the bucket. rrurNrBz/Bucket Key failed to apply in the expected timerv) rHrr)r*r+r,r-rlrmrrys r6rRrRsq'" W' ;?J , , JJqM A!4&  ##1183F3F3R3RS W  (U V V WrscptddD]<} t||}jd|k7rtjd:|cS|jd| y#tjjtjj f$r}|j |dYd}~d}~wwxYw) a Wait for the versioning setting to be applied to an S3 bucket. Parameters: module (AnsibleAWSModule): The Ansible module object. s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. required_versioning (dict): The required versioning status. Returns: The current versioning status applied to the bucket. rz+Failed to get updated versioning for bucketrNrz6Bucket versioning failed to apply in the expected time)rrequested_versioninglive_versioning) rHr'r)r*r+r,r-r&rlrmr)rr0rr3rnr2r4s r6r.r.sq"% W 5i M    *.A A JJqM$ $%  D0) ##1183F3F3R3RS W  (U V V Ws A!!7B5B00B5expected_tags_dictcRtddD]-} t||}|k7rtjd+|cS|jd|y#tjjtjj f$r}|j |dYd}~d}~wwxYw) a Wait for the tags to be applied to an S3 bucket. Parameters: module (AnsibleAWSModule): The Ansible module object. s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. expected_tags_dict (dict): The expected tags dictionary. Returns: The current tags dictionary applied to the bucket. rrirUrNrBz0Bucket tags failed to apply in the expected time)rrequested_tags live_tags) rHrhr)r*r+r,r-rlrmr)rr0rrrnrqr4s r6rorosq"% G )# ##1183F3F3R3RS G  (E F F Gs A7B& B!!B&c |j|jd}t|S#td$ricYStd$ricYSwxYw)a Get the current tags applied to an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. Returns: The current tags dictionary applied to the bucket. rr! NoSuchTagSetNoSuchTagSetError)get_bucket_taggingr&r r)r0r current_tagss r6rhrhs` 33;3GKKHU  *, 77 ~ . 2 3 s!.AAAc^ |j|}|dS#td$ricYSwxYw)a Get current public access block configuration for a bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. Returns: The current public access block configuration for the bucket. rr\$NoSuchPublicAccessBlockConfiguration)get_public_access_blockr )r0rbucket_public_access_blocks r6rKrKsA%.%F%Fk%F%Z")*JKK E F s ,,cp |j|}|ddddS#tddg$rYywxYw) z Get the current bucket ownership controls. Parameters: s3_client (boto3.client): The Boto3 S3 client object. bucket_name (str): The name of the S3 bucket. Returns: The object ownership rule rrer7rrdOwnershipControlsNotFoundErrorNoSuchOwnershipControlsN)get_bucket_ownership_controlsr )r0rrs r6rr$sU$BB+BV 34W=a@ARSS  @B[\ ]s "55c+K|jd}|jdi|D]'}|jdgDcgc]}|d c})ycc}ww)a Paginate through the list of objects in an S3 bucket. This function yields the keys of objects in the S3 bucket, paginating through the results. Parameters: s3_client (boto3.client): The Boto3 S3 client object. **pagination_params: Additional parameters to pass to the paginator. Yields: list: A list of keys of objects in the bucket for each page of results. list_objects_v2ContentsKeyNr) get_paginatorpaginater&r0pagination_paramspgpagedatas r6paginated_listr4s\  !2 3B 0/0A'+xx B'?@ttE{@@A@s;A A Ac+K |jd}|jdi|D]?}|jdg|jdgzDcgc] }|d|dfc}Aycc}w#td$rgYywxYww) a Paginate through the list of object versions in an S3 bucket. This function yields the keys and version IDs of object versions in the S3 bucket, paginating through the results. Parameters: s3_client (boto3.client): The Boto3 S3 client object. **pagination_params: Additional parameters to pass to the paginator. Yields: list: A list of tuples containing keys and version IDs of object versions in the bucket for each page of results. list_object_versionsVersions DeleteMarkersr VersionIdr Nr)rrr&r rs r6paginated_versions_listrCs  $ $%; <BKK4"34 D?ChhzSU>VY]YaYabqsuYv>v59ed;/0   ~ .s;BA A/A*"A/)B*A//BBBBcj t||D]}|Dcgc] \}}||d }}}|D]9}|jdr|jddk(s)|jd;|s[|j|d|i}|jdsdj |dD cgc]} | d  c} } |j d | |d| ycc}}wcc} w#t jjt jjf$r} |j| d Yd} ~ yd} ~ wwxYw)a Delete objects from an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. module (AnsibleAWSModule): The Ansible module object. name (str): The name of the S3 bucket. Returns: None r)rrrnullObjects)rDeleteErrorsz, rzBCould not empty bucket before deleting. Could not delete objects: )rerrorsresponsezFailed while deleting bucketrN) rr&rdelete_objectsjoinrr)r*r+r,r-) r0rrkey_version_pairskeyversionformatted_keysfkrespreobjects_to_deleter4s r6rrXs<D!84!P  Ufg\S'c@gNg$ ( vvk*bff[.AV.KFF;'  ( //tYP^D_/`88H%(, T(^2T1U82T(U%$$absatu#H~!%% g3U    - -x/B/B/N/N ODQ$BCCDsECC-CC*&CC# C /#C C7D2D--D2ct|jjd}|jjd} t||}s|jd|r t||| t|||jd j|td d |jdy#tjj $r)}|j |dt|Yd}~d}~wtjjtjjf$r}|j |dYd}~d}~wwxYw#tjjtjjf$r}|j |d Yd}~9d}~wwxYw#tjj $r}|j |dYd}~=d}~wtjjtjjf$r}|j |dYd}~d}~wwxYw)z This function destroys an S3 bucket. Parameters: s3_client (boto3.client): The Boto3 S3 client object. module (AnsibleAWSModule): The Ansible module object. Returns: None forcerrrNrF)rzFailed while deleting objectsbucket_not_existsrB<)Delay MaxAttempts)r WaiterConfigz7An error occurred waiting for the bucket to be deleted.zFailed to delete bucketT)r%r&rr)r*rr-rr+r,rrrYrrrir)r0rrrrr4s r6destroy_bucketrys MM  g &E ==  V $DG))T: '  I 9fd 3?i&0166dQU\]kmQn6o  T"/    6 6PQ&A'!*$NOO    - -x/B/B/N/N OGQ$EFFG##1183F3F3R3RS I  (G H H I    * *_Q$]^^    - -x/B/B/N/N O?Q$=>>?s_ B5 E)9F)5EC66:E0E  E7F&F!!F&)H7G:H7H22H7c$tdPidtddtdddtdd d td d d g dtdddgdtddgdtdddtdd dtddtddtddtgddtd tdd!tdttddtddtddtdd"#d$tddd%td&gd'(d)tddd*td&gd+(d,tdd-tdd.tdttd&d/d0gd1td2td23d4gd4g5d6td7dttdttd&td&d8td&gd9d1td&:d;td&td7d&gd<=td&d8td&d>d?gd1td&d@dAgd1BC}tdDd-E}d!d$gd)d%gddFgg}dddFggg}t||||G}|jjd}|jjd}||dHk7r|j dIJt |j}t jdKdLdMgN}|jdQdO|i|} |jjdr,t|jd} | r|j | J|jjd } | d k(r t| |y| d k(r t| |yy)RNrT)requiredrr)typedefault dualstackF)rrstatepresentabsent)rchoicescephrgw)rraliasesrari resource_tags)rrrbrrTrX)rrr9ru)rzAES256r{)rrvrwrG)block_public_aclsignore_public_aclsblock_public_policyrestrict_public_buckets)roptionsrHrstr)BucketOwnerEnforcedBucketOwnerPreferred ObjectWriter)rrrr)privatez public-readzpublic-read-writezauthenticated-readrrr GOVERNANCE COMPLIANCE)rrrint)modeyearsdays)rr)rrmutually_exclusiverequired_one_ofrlist)rr)CSVORCParquet) account_idbucketformatprefix)rrr)SizeLastModifiedDate StorageClassETagIsMultipartUploadedReplicationStatusEncryptionStatusObjectLockRetainUntilDateObjectLockModeObjectLockLegalHoldStatusIntelligentTieringAccessTierBucketKeyStatusChecksumAlgorithmObjectAccessControlList ObjectOwner)relementsrDailyWeeklyAllCurrent)rrrrrr)rrr)ru)rvr endpoint_url) argument_spec required_by required_ifrr{z]Only 'aws:kms' is a valid option for encryption parameter when you specify encryption_key_id.rrr r r retry_decoratorr)s3) rir r%r&rrr jittered_backoffclientrrr) rrrrrrurv extra_paramsrr0errrs r6mainrsU 4 U!vt<Uu62U9y(.CD U %fug > Uv'8 9UVT2U5v.U UV$U(U  =>!U"&#U$ V,%U&"&FE"B#'VU#C$(fe$D(,&%(H  'U8"vu=9U:52qr;U<!%&% @=U> e%j k?U@ V,AUB!f-CUD'+u|\.JUYZ&u% !22./ ' EUX  #'U#3#>#8Q\`a#/  " ' $"!*UT257H2EPTU)-55)BT_c)dG$( YUMn)&;K 01 "$67 n% '(K#- F""<0J ))*=>$y)@o  #6==1L//!/1C DO TOT|TI }}/0"6==#89      % MM  g &E  62 ( y&) r__main__)F)T)Tri)` DOCUMENTATIONEXAMPLESRETURNrXrltypingrrrr) ImportErroransible.module_utils.basicr0ansible.module_utils.common.dict_transformationsransible.module_utils.sixr rs K Z BJ X  /U1\XWPYgRWff410@4141PUVZ\`V`Pa41n*24D*2C*2TYZ^`dZdTe*2Z67:J67RU67Z_`dfj`jZk67r7*,<7*C7*ERVX\R\L]7*t72*:72#72%PTVZPZJ[72t=20@=2=2PUVZ\`V`Pa=2@4=/?4=s4=uUY[_U_O`4=n#1)9#1#1tUYzIZ#1L'1A''QU'T2A0@2A2APUVZ\`V`Pa2Aj1W;K1WSV1W[`aegkak[l1WhF#/?F#sF#uUY[_U_O`F#Rf;/?f;R # $  ,#SWdh-BnVhEij ak anVhEij ^k ^nVhEij uk unVhEij wk wnVhEij ?D ?k ?nVhEij   $ k nVhEij os o$ ok onVhEij YC Ys Yt Yk YnVhEij Oc O4 Ok OnVhEij 7 7k 7nVhEijcck(nVhEij ks k3 kk knVhEij Qs Qs Qk QnVhEij ?# ?$ ?k ?nVhEij q# qC qk qnVhEij b3 b4 bk bnVhEij#$k,nVhEij34k$"-="PS"jn"sw"JnVhEij # 4 D k  &6cglpDnVhEij3DTk$nVhEij 8# 8$ 8k 8nVhEij ;S ;T ;k ;FXEYZ # $ [ "nVhEij gS g gQU gk gnVhEij = = =k =nVhEij CC CD Ck CnVhEij  c d k gk 69LP_c F^b 69KODqs   69 PT   Hqs 69PT D 69PT :"2Ceinr6888( S T  s s  AhtCy6I AxUSVX[S[_H]?^*D&6DcDdDB$#&6$#4$#NG*T zFC8  sVV  V