Ë
    ÇVh(  ã                   ó˜   — d Z dZdZ	 ddlZddlmZ ddlmZ ddl	m
Z
 ddlmZ d	„ Zd
„ Zd„ Zd„ Zd„ Zedk(  r e«        yy# e$ r Y Œ<w xY w)aò  
---
module: config_rule
version_added: 1.0.0
short_description: Manage AWS Config rule resources
description:
  - Module manages AWS Config rules.
  - Prior to release 5.0.0 this module was called C(community.aws.aws_config_rule).
    The usage did not change.
author:
  - "Aaron Smith (@slapula)"
options:
  name:
    description:
      - The name of the AWS Config resource.
    required: true
    type: str
  state:
    description:
      - Whether the Config rule should be present or absent.
    default: present
    choices: ['present', 'absent']
    type: str
  description:
    description:
      - The description that you provide for the AWS Config rule.
    type: str
  scope:
    description:
      - Defines which resources can trigger an evaluation for the rule.
    suboptions:
      compliance_types:
        description:
          - The resource types of only those AWS resources that you want to trigger an evaluation for the rule.
            You can only specify one type if you also specify a resource ID for I(compliance_id).
      compliance_id:
        description:
          - The ID of the only AWS resource that you want to trigger an evaluation for the rule. If you specify a resource ID,
            you must specify one resource type for I(compliance_types).
      tag_key:
        description:
          - The tag key that is applied to only those AWS resources that you want to trigger an evaluation for the rule.
      tag_value:
        description:
          - The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule.
            If you specify a value for I(tag_value), you must also specify a value for I(tag_key).
    type: dict
  source:
    description:
      - Provides the rule owner (AWS or customer), the rule identifier, and the notifications that cause the function to
        evaluate your AWS resources.
    suboptions:
      owner:
        description:
          - The resource types of only those AWS resources that you want to trigger an evaluation for the rule.
            You can only specify one type if you also specify a resource ID for I(compliance_id).
      identifier:
        description:
          - The ID of the only AWS resource that you want to trigger an evaluation for the rule.
            If you specify a resource ID, you must specify one resource type for I(compliance_types).
      details:
        description:
          - Provides the source and type of the event that causes AWS Config to evaluate your AWS resources.
          - This parameter expects a list of dictionaries.  Each dictionary expects the following key/value pairs.
          - Key C(EventSource) The source of the event, such as an AWS service, that triggers AWS Config to evaluate your AWS resources.
          - Key C(MessageType) The type of notification that triggers AWS Config to run an evaluation for a rule.
          - Key C(MaximumExecutionFrequency) The frequency at which you want AWS Config to run evaluations for a custom rule with a periodic trigger.
    type: dict
    required: true
  input_parameters:
    description:
      - A string, in JSON format, that is passed to the AWS Config rule Lambda function.
    type: str
  execution_frequency:
    description:
      - The maximum frequency with which AWS Config runs evaluations for a rule.
    choices: ['One_Hour', 'Three_Hours', 'Six_Hours', 'Twelve_Hours', 'TwentyFour_Hours']
    type: str
extends_documentation_fragment:
  - amazon.aws.common.modules
  - amazon.aws.region.modules
  - amazon.aws.boto3
a]  
- name: Create Config Rule for AWS Config
  community.aws.config_rule:
    name: test_config_rule
    state: present
    description: 'This AWS Config rule checks for public write access on S3 buckets'
    scope:
      compliance_types:
        - 'AWS::S3::Bucket'
    source:
      owner: AWS
      identifier: 'S3_BUCKET_PUBLIC_WRITE_PROHIBITED'
ú#é    N)Úcamel_dict_to_snake_dict)Úis_boto3_error_code)ÚAWSRetry)ÚAnsibleCommunityAWSModulec                 ó
  — 	 | j                  |d   gd¬«      }|d   d   S # t        d«      $ r Y y t        j                  j                  t        j                  j
                  f$ r}|j                  |«       Y d }~y d }~ww xY w)NÚConfigRuleNameT©ÚConfigRuleNamesÚ	aws_retryÚConfigRulesr   ÚNoSuchConfigRuleException)Údescribe_config_rulesr   ÚbotocoreÚ
exceptionsÚClientErrorÚBotoCoreErrorÚfail_json_aws)ÚclientÚmoduleÚparamsÚruleÚes        úm/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/aws/plugins/modules/config_rule.pyÚrule_existsr   y   s‘   € ð Ø×+Ñ+Ø#Ð$4Ñ5Ð6Øð ,ó 
ˆð MÑ" 1Ñ%Ð%øÜÐ:Ó;ò Ùä×Ñ×'Ñ'Ü×Ñ×)Ñ)ðò  ð 	×Ñ˜Q×Ñûð	 ús   ‚! ¡B±6BÁ'A=Á=Bc                 óä   — 	 | j                  |¬«       d|d<   |S # t        j                  j                  t        j                  j                  f$ r}|j                  |d¬«       Y d }~y d }~ww xY w)N©Ú
ConfigRuleTÚchangedúCouldn't create AWS Config rule©Úmsg)Úput_config_ruler   r   r   r   r   ©r   r   r   Úresultr   s        r   Úcreate_resourcer&   ‰   sn   € ðGØ×Ñ¨&ÐÔ1Ø ˆˆyÑØˆøÜ×Ñ×+Ñ+¬X×-@Ñ-@×-NÑ-NÐOò GØ×Ñ˜QÐ$EÐ×FÑFûðGús   ‚ ›7A/ÁA*Á*A/c                 ó’  — | j                  |d   gd¬«      }|d   d   d= |d   d   d= |d   d   d= ||d   d   k7  r3	 | j                  |¬	«       d|d
<   t        t        | ||«      «      |d<   |S y # t        j
                  j                  t        j
                  j                  f$ r}|j                  |d¬«       Y d }~y d }~ww xY w)Nr	   Tr
   r   r   ÚConfigRuleArnÚConfigRuleIdÚEvaluationModesr   r   r   r    r!   )	r   r#   r   r   r   r   r   r   r   )r   r   r   r%   Úcurrent_paramsr   s         r   Úupdate_resourcer,   ’   sü   € Ø×1Ñ1ØÐ 0Ñ1Ð2Øð 2ó €Nð
 	}Ñ% aÑ(¨Ð9Ø}Ñ% aÑ(¨Ð8Ø}Ñ% aÑ(Ð):Ð;à Ñ.¨qÑ1Ò1ð	KØ×"Ñ"¨fÐ"Ô5Ø $ˆF9ÑÜ5´kÀ&È&ÐRXÓ6YÓZˆF6‰NØˆMð 2øô ×#Ñ#×/Ñ/´×1DÑ1D×1RÑ1RÐSò 	KØ× Ñ  Ð(IÐ ×JÑJûð	Kús   ¿1A2 Á27CÂ)CÃCc                 óö   — 	 | j                  |d   d¬«       d|d<   i |d<   |S # t        j                  j                  t        j                  j                  f$ r}|j                  |d¬«       Y d }~y d }~ww xY w)Nr	   T)r	   r   r   r   zCouldn't delete AWS Config ruler!   )Údelete_config_ruler   r   r   r   r   r$   s        r   Údelete_resourcer/   ¦   s‡   € ð	GØ×!Ñ!Ø!Ð"2Ñ3Øð 	"ô 	
ð !ˆˆyÑØˆˆv‰ØˆøÜ×Ñ×+Ñ+¬X×-@Ñ-@×-NÑ-NÐOò GØ×Ñ˜QÐ$EÐ×FÑFûðGús   ‚!$ ¤7A8ÁA3Á3A8c                  óà	  — t        t        dd¬«      t        dddgd¬«      t        d¬«      t        d¬«      t        dd¬«      t        d¬«      t        dg d	¢¬
«      dœd¬«      } ddi}| j                  j                  d«      }| j                  j                  d«      }i }|r||d<   | j                  j                  d«      r| j                  j                  d«      |d<   | j                  j                  d«      r¥i |d<   | j                  j                  d«      j                  d«      r>|d   j	                  d| j                  j                  d«      j                  d«      i«       | j                  j                  d«      j                  d«      r>|d   j	                  d| j                  j                  d«      j                  d«      i«       | j                  j                  d«      j                  d«      r>|d   j	                  d| j                  j                  d«      j                  d«      i«       | j                  j                  d«      j                  d«      r>|d   j	                  d| j                  j                  d«      j                  d«      i«       | j                  j                  d«      r=i |d<   | j                  j                  d«      j                  d «      r>|d   j	                  d!| j                  j                  d«      j                  d «      i«       | j                  j                  d«      j                  d"«      r>|d   j	                  d#| j                  j                  d«      j                  d"«      i«       | j                  j                  d«      j                  d$«      r>|d   j	                  d%| j                  j                  d«      j                  d$«      i«       | j                  j                  d&«      r| j                  j                  d&«      |d'<   | j                  j                  d(«      r| j                  j                  d(«      |d)<   d*|d+<   | j                  d,t        j                  «       ¬-«      }t        || |«      }|dk(  r|st        || ||«       nt        || ||«       |dk(  r|rt        || ||«        | j                  d.i |¤Ž y )/NÚstrT)ÚtypeÚrequiredÚpresentÚabsent)r2   ÚchoicesÚdefault)r2   Údict)ÚOne_HourÚThree_HoursÚ	Six_HoursÚTwelve_HoursÚTwentyFour_Hours)r2   r6   )ÚnameÚstateÚdescriptionÚscopeÚsourceÚinput_parametersÚexecution_frequencyF)Úargument_specÚsupports_check_moder   r>   r?   r	   r@   ÚDescriptionrA   ÚScopeÚcompliance_typesÚComplianceResourceTypesÚtag_keyÚTagKeyÚ	tag_valueÚTagValueÚcompliance_idÚComplianceResourceIdrB   ÚSourceÚownerÚOwnerÚ
identifierÚSourceIdentifierÚdetailsÚSourceDetailsrC   ÚInputParametersrD   ÚMaximumExecutionFrequencyÚACTIVEÚConfigRuleStateÚconfig)Úretry_decorator© )ÚAnsibleAWSModuler8   r   ÚgetÚupdater   r   Újittered_backoffr   r&   r,   r/   Ú	exit_json)r   r%   r>   r?   r   r   Úexisting_rules          r   Úmainre   ³   sG  € Üä˜e¨dÔ3Ü˜u¨y¸(Ð.CÈYÔWÜ UÔ+Ü˜vÔ&Ü °Ô6Ü $¨%Ô 0Ü#'Øòô	$ñ
ð$ "ô'€Fð, ˜Ð€Fà=‰=×Ñ˜VÓ$€DØM‰M×Ñ˜gÓ&€Eà€FÙØ#'ˆÐÑ Ø‡}}×Ñ˜Ô'Ø &§¡× 1Ñ 1°-Ó @ˆˆ}ÑØ‡}}×Ñ˜Õ!Øˆˆw‰Ø=‰=×Ñ˜WÓ%×)Ñ)Ð*<Ô=Ø7‰O×"Ñ"à-¨v¯}©}×/@Ñ/@ÀÓ/I×/MÑ/MÐN`Ó/aðôð
 =‰=×Ñ˜WÓ%×)Ñ)¨)Ô4Ø7‰O×"Ñ"à˜fŸm™m×/Ñ/°Ó8×<Ñ<¸YÓGðôð
 =‰=×Ñ˜WÓ%×)Ñ)¨+Ô6Ø7‰O×"Ñ"à §¡× 1Ñ 1°'Ó :× >Ñ >¸{Ó Kðôð
 =‰=×Ñ˜WÓ%×)Ñ)¨/Ô:Ø7‰O×"Ñ"à*¨F¯M©M×,=Ñ,=¸gÓ,F×,JÑ,JÈ?Ó,[ðôð
 ‡}}×Ñ˜Õ"ØˆˆxÑØ=‰=×Ñ˜XÓ&×*Ñ*¨7Ô3Ø8Ñ×#Ñ#à˜VŸ]™]×.Ñ.¨xÓ8×<Ñ<¸WÓEðôð
 =‰=×Ñ˜XÓ&×*Ñ*¨<Ô8Ø8Ñ×#Ñ#à&¨¯©×(9Ñ(9¸(Ó(C×(GÑ(GÈÓ(Uðôð
 =‰=×Ñ˜XÓ&×*Ñ*¨9Ô5Ø8Ñ×#Ñ#à# V§]¡]×%6Ñ%6°xÓ%@×%DÑ%DÀYÓ%Oðôð
 ‡}}×ÑÐ+Ô,Ø$*§M¡M×$5Ñ$5Ð6HÓ$IˆÐ Ñ!Ø‡}}×ÑÐ.Ô/Ø.4¯m©m×.?Ñ.?Ð@UÓ.VˆÐ*Ñ+Ø (€FÐÑà]‰]˜8´X×5NÑ5NÓ5Pˆ]ÓQ€Fä ¨°Ó7€Mà	ÒÙÜ˜F F¨F°FÕ;ä˜F F¨F°FÔ;àÒÙÜ˜F F¨F°FÔ;à€F×ÑÑvÓó    Ú__main__)ÚDOCUMENTATIONÚEXAMPLESÚRETURNr   ÚImportErrorÚ0ansible.module_utils.common.dict_transformationsr   Ú<ansible_collections.amazon.aws.plugins.module_utils.botocorer   Ú;ansible_collections.amazon.aws.plugins.module_utils.retriesr   Ú>ansible_collections.community.aws.plugins.module_utils.modulesr   r_   r   r&   r,   r/   re   Ú__name__r^   rf   r   ú<module>rq      sz   ððR€ðh€ð 
€ð	Ûõ Vå \Ý På xò ò GòKò(
GòcðL ˆzÒÙ…Fð øðW ò 	Ùð	ús   ˆA ÁA	ÁA