Vh5dZdZdZddlZ ddlZddlmZddlm Z ddlm Z ddlm Z dd lm Z dd lm Z dd lmZdd lmZdd lmZdZdZdZdZdZdZdZdZdZdZdZdZedk(reyy#e$rYowxYw)a module: waf_rule short_description: Create and delete WAF Rules version_added: 1.0.0 description: - Read the AWS documentation for WAF U(https://aws.amazon.com/documentation/waf/). - Prior to release 5.0.0 this module was called C(community.aws.aws_waf_rule). The usage did not change. author: - Mike Mochan (@mmochan) - Will Thames (@willthames) options: name: description: Name of the Web Application Firewall rule. required: true type: str metric_name: description: - A friendly name or description for the metrics for the rule. - The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name may not contain whitespace. - You can't change I(metric_name) after you create the rule. - Defaults to the same as I(name) with disallowed characters removed. type: str state: description: Whether the rule should be present or absent. choices: ['present', 'absent'] default: present type: str conditions: description: > List of conditions used in the rule. M(community.aws.waf_condition) can be used to create new conditions. type: list elements: dict suboptions: type: required: true type: str choices: ['byte','geo','ip','size','sql','xss'] description: The type of rule to match. negated: required: true type: bool description: Whether the condition should be negated. condition: required: true type: str description: The name of the condition. The condition must already exist. purge_conditions: description: - Whether or not to remove conditions that are not passed when updating I(conditions). default: false type: bool waf_regional: description: Whether to use C(waf-regional) module. default: false required: false type: bool extends_documentation_fragment: - amazon.aws.common.modules - amazon.aws.region.modules - amazon.aws.boto3 a - name: create WAF rule community.aws.waf_rule: name: my_waf_rule conditions: - name: my_regex_condition type: regex negated: false - name: my_geo_condition type: geo negated: false - name: my_byte_condition type: byte negated: true - name: remove WAF rule community.aws.waf_rule: name: "my_waf_rule" state: absent a= rule: description: WAF rule contents returned: always type: complex contains: metric_name: description: Metric name for the rule. returned: always type: str sample: ansibletest1234rule name: description: Friendly name for the rule. returned: always type: str sample: ansible-test-1234_rule predicates: description: List of conditions used in the rule. returned: always type: complex contains: data_id: description: ID of the condition. returned: always type: str sample: 8251acdb-526c-42a8-92bc-d3d13e584166 negated: description: Whether the sense of the condition is negated. returned: always type: bool sample: false type: description: type of the condition. returned: always type: str sample: ByteMatch rule_id: description: ID of the WAF rule. returned: always type: str sample: 15de0cbc-9204-4e1f-90e6-69b2f415c261 N)camel_dict_to_snake_dict) MATCH_LOOKUP)get_web_acl_with_backoff) list_regional_rules_with_backoff)#list_regional_web_acls_with_backoff)list_rules_with_backoff)list_web_acls_with_backoff)"run_func_with_change_token_backoff)AnsibleCommunityAWSModulecft||Dcgc]}|d|k(s |d}}|r|dSycc}w)NNameRuleIdr) list_rules)clientmodulenamedruless j/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/aws/plugins/modules/waf_rule.pyget_rule_by_namersB",VV"< RQ& T@QQx[ RE R Qx  Ss ..c |j|dS#tjjtjjf$r}|j |dYd}~yd}~wwxYw)N)rRulezCould not get WAF rulemsg)get_rulebotocore exceptions ClientError BotoCoreError fail_json_aws)rrrule_ides rrrsa>g.v66    + +X-@-@-N-N O>Q$<==>s7A+A&&A+c|jjdk(r t|S|jjdk(r t|Sy#tjj tjj f$r}|j|dYd}~yd}~wwxYw#tjj tjj f$r}|j|dYd}~yd}~wwxYw)NWAFCould not list WAF rulesr WAFRegionalz!Could not list WAF Regional rules) __class____name__rrrrrr rrrr"s rrrs   E) D*62 2    " "m 3 M3F; ; 4##//1D1D1R1RS D  (B C C D ##//1D1D1R1RS M  (K L L Ms/ A B# 7B BB #7C7C22C7c t|S#tjjtjjf$r}|j |dYd}~yd}~wwxYw)Nr%r)rrrrrr r)s rlist_regional_rulesr+sY@/77    + +X-@-@-N-N O@Q$>??@s 7A!AA!c t|||}|d}tdtD}tdtD}t}tD]}dt|dzdz}t||< |j|} | j j } | t|ddz}  D]?} | t|dd z| d <t| ||| d <t| ||| d <A|jdD]}|||d|d<tdtj D}|dD]}t||||d|d <t#}t#}|D]p}||j!D]X\}}|||vr|j%d|d|d |||d|d<|d||vs?|j't)|Zr|jdrS|D]N}|j+||j-Dcgc] }|||dd||vr t/|"c}Pt1|xs|}|||zd}|r t3||||j4d|t|||fS#t tjjf$rt||} Y(wxYw#tjjtjjf$r"} |j| d|d  Yd} ~ hd} ~ wwxYwcc}w#tjjtjjf$r} |j| d Yd} ~ d} ~ wwxYw)Nrc34K|]}|tfywNdict.0condition_types r z'find_and_update_rule..s[N7[c34K|]}|tfywr.r/r1s rr4z'find_and_update_rule..sZ>~tv6Zr5list_methods conditionsetzCould not list z conditionsrIdDataIdr conditionstyperc30K|]\}}|d|fyw)r>N)r2kvs rr4z'find_and_update_rule..s"Ufq!AfIq>"Us PredicatesTypez Condition z of type z does not existdata_idpurge_conditionsrUpdatesTwaitz Could not update rule conditions)rr0r get_paginatorpaginatebuild_full_resultKeyErrorrrOperationNotPageableErrorgetattrrrr rparamsitemslist fail_jsonappendformat_for_insertionextendvaluesformat_for_deletionboolr update_rule)rrr!ruleexisting_conditionsdesired_conditionsall_conditionsr3r8 paginatorfunc pred_resultsr"pred conditionreverse_condition_types insertions deletionscondition_namechangedupdates rfind_and_update_rulerks  FFG ,D8nG[l[[Z\ZZVN&\<7AACG)-~& +,,V4I%%'99D  W6,~">~"NQT"TUL! \D!,~">~"NQU"UVDN;STX;YN> *4< 8=UVZ=[N> *4> : \\&]]<0M CL9V,-i.?@M#"U @R@R@T"UU,' _w ` 3If4EFG RZH[\ JI,C);N)K)Q)Q)S C %NI^N%CC  z.1A>JZZi%j k#1.#A.#QR[#\Ii #+>~+NN!!"6y"AB  CC}}'(1 N   &9%H%O%O%Q!%n5i 6JKFS-n=>( 2  :*+GJ,B CF L .vvvvGYGY`d e HVVW5 55i(--GGH +66*D + ##//1D1D1R1RS W  /.9I(U V V W<##//1D1D1R1RS L  (J K K LsH2+JK "%L% *L*/KK 7L"LL"*7M>!M99M>c Ztdt|dt|dd|dS)NINSERTnegatedr>rENegatedrDr<Action Predicate)r0rrds rrVrVs< i(|IfrErorqr/rts rrYrYs/ y3)F:KT]^gThi rucVt|||d}|Dcgc]}tt|}} t||||d|jycc}w#t j jt j jf$r}|j|dYd}~yd}~wwxYw)NrCrGz Could not remove rule conditionsr) rrYrr r[rrrrr )rrr!r=rdupdatesr"s rremove_rule_conditionsrzs&&'2<@JYcdI"#;I#FGdGdH*66gZa;bdjdvdvwe    + +X-@-@-N-N OHQ$FGGHsAA7B( B##B(c |jd}t|||}t}|r t|||S|jd|d<|jd}|s$t j dd|jd}||d< t ||||jd}t||d S#tjjtjjf$r}|j|d Yd}~_d}~wwxYw) Nrr metric_namez [^a-zA-Z0-9] MetricNamerzCould not create rulerr) rQrr0rkresubr create_rulerrrrr )rrrr!rQr|new_ruler"s rensure_rule_presentrs == Dvvt4G VF#FFG<<v.vmmM2 &&"fmmF6KLK*| A9&&&RXRdRdeflmH$FFHX4FGG##//1D1D1R1RS A  (? @ @ AsB..7D%C==Dcg} |jjdk(r t|}n$|jjdk(r t|}D]?} t||d}|dDcgc]}|d c}vs,|j|d A|S#tj j tj jf$r}|j|dYd}~d}~wwxYw#tj j tj jf$r}|j|dYd}~d}~wwxYwcc}w) Nr$r&zCould not list Web ACLsrWebACLIdzCould not get Web ACL detailsRulesrr ) r'r(r rrrrrr rrU) rrr!web_acls_in_use all_web_aclsr"web_aclweb_acl_detailsr\s rfind_rule_in_web_aclsr1s8O?    $ $ -5f=L    & &- 7>vFL < I6vwz?RSO /'2JK$tH~K K  " "?6#: ; <     + +X-@-@-N-N O?Q$=>>? ##//1D1D1R1RS I  (G H H IKs6A BC** E7C' C""C'*7D>!D99D>ct|||jd}t|||}|r6dj|}|j d|jdd||r,t ||| dt ||d|i|jdfSd ifS#tjjtjjf$r }|j|d Yd}~d ifSd}~wwxYw) Nrz, zRule z is in use by Web ACL(s) rTrrIzCould not delete ruleF) rrQrjoinrTrzr delete_rulerrrrr )rrr!in_use_web_acls web_acl_namesr"s rensure_rule_absentrDsvvv}}V/DEG+FFGDO /2 uV]]6%:$;;TUbTcdevvw7 A;7 3V5G5Gd  "9##//1D1D1R1RS A  (? @ @ "9 As0B7C) C$$C)c ttdttdddgtddtd d td d  }t| }|jjd}|jdsdnd}|j |}|dk(rt ||\}}nt ||\}}|j|t|y)NT)requiredpresentabsent)defaultchoicesrSr0)r>elementsrZF)r>r)rr|stater=rF waf_regional) argument_specrrwafz waf-regional)rir\) r0AnsibleAWSModulerQgetrrr exit_jsonr)rrrresourcerriresultss rmainrUs 4 F9y(.CDVf5659vu5 MM :F MM  g &E"MM.9u~H ]]8 $F 0@'/?' W+CG+LMru__main__) DOCUMENTATIONEXAMPLESRETURNrr ImportError0ansible.module_utils.common.dict_transformationsr7ansible_collections.amazon.aws.plugins.module_utils.wafrrrrrr r >ansible_collections.community.aws.plugins.module_utils.modulesr rrrrr+rkrVrYrzrrrrr(r@rurrsA F *) V  VP\dg[^fx > M@B6JHH&&"N, zFy  sA88B?B