o

�N�gC�
�@szdZd
dl
Z
d
dlZd
dlZd
dlZd
dlZd
dlZd
dlm	Z	m
Z

dZdZdZ
e
�e�
Zzd
dlZd
dlZd
dlZd
dlmZ
e
�d�
�e
j�

d	ZWneyW


d
ZYn
wzd
dlZe
�d�
�e
j�

d	ZWneyt


d
ZYn
wdd
�Zdd�Z						d�dd�
Z						d�dd�
Z						d�dd�
Z 						d�dd�
Z!							d�dd�
Z"d�dd�
Z#						d�dd�
Z$							d�dd�
Z%								d�d d!�
Z&							d�d"d#�
Z'							d�d$d%�
Z(								d�d&d'�
Z)									d�d(d)�
Z*								d�d*d+�
Z+						d�d,d-�
Z,								d�d.d/�
Z-d�d0d1�
Z.											
d�d2d3�
Z/	d�d4d5�
Z0										d�d6d7�
Z1d�d8d9�
Z2	d�d:d;�
Z3								d�d<d=�
Z4								d�d>d?�
Z5			
				d�d@dA�
Z6						B				d�dCdD�
Z7						B				d�dEdF�
Z8						B				d�dGdH�
Z9							d�dIdJ�
Z:	
					
	Kd�dLdM�
Z;						d�dNdO�
Z<						d�dPdQ�
Z=						d�dRdS�
Z>													d�dTdU�
Z?						d�dVdW�
Z@						d�dXdY�
ZA						d�dZd[�
ZB								d�d\d]�
ZC										d�d^d_�
ZD			
				d�d`da�
ZE								d�dbdc�
ZF								d�ddde�
ZG								d�dfdg�
ZH												
				d�dhdi�
ZI															d�djdk�
ZJ															d�dldm�
ZK								d�dndo�
ZL								d�dpdq�
ZM						d�drds�
ZN								d�dtdu�
ZO											d�dvdw�
ZP								d�dxdy�
ZQ	d�dzd{�
ZR	d�d|d}�
ZS																d�d~d�
ZT							d�d�d��
ZU											d�d�d��
ZV								d�d�d��
ZW					d�d�d��
ZXd�d��ZYd�d��ZZd�d��Z[d�d��Z\d�d��Z]d�d��Z^	d�d�d��
Z_												
d�d�d��
Z`d�d��Za	d�d�d��
Zb	
d�d�d��
Zcd�d��Zd							
d�d�d��
Ze	d�d�d��
Zf								d�d�d��
ZgdS)�at

Connection module for Amazon VPC

.. versionadded:: 2014.7.0

:depends:

- boto >= 2.8.0
- boto3 >= 1.2.6

:configuration: This module accepts explicit VPC credentials but can also
    utilize IAM roles assigned to the instance through Instance Profiles.
    Dynamic credentials are then automatically obtained from AWS API and no
    further configuration is necessary. More Information available here__.

.. __: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

If IAM roles are not used you need to specify them either in a pillar or
in the minion's config file:

.. code-block:: yaml

    vpc.keyid: GKTADJGHEIQSXMKKRBJ08H
    vpc.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

A region may also be specified in the configuration:

.. code-block:: yaml

    vpc.region: us-east-1

If a region is not specified, the default is us-east-1.

It's also possible to specify key, keyid and region via a profile, either
as a passed in dict, or as a string to pull from pillars or minion config:

.. code-block:: yaml

    myprofile:
        keyid: GKTADJGHEIQSXMKKRBJ08H
        key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
        region: us-east-1

.. versionchanged:: 2015.8.0
    All methods now return a dictionary. Create and delete methods return:

    .. code-block:: yaml

        created: true

    or

    .. code-block:: yaml

        created: false
        error:
          message: error message

    Request methods (e.g., `describe_vpc`) return:

    .. code-block:: yaml

        vpcs:
          - {...}
          - {...}

    or

    .. code-block:: yaml

        error:
          message: error message

.. versionadded:: 2016.11.0

Functions to request, accept, delete and describe VPC peering connections.
Named VPC peering connections can be requested using these modules.
VPC owner accounts can accept VPC peering connections (named or otherwise).

Examples showing creation of VPC peering connection

.. code-block:: bash

    # Create a named VPC peering connection
    salt myminion boto_vpc.request_vpc_peering_connection vpc-4a3e622e vpc-be82e9da name=my_vpc_connection
    # Without a name
    salt myminion boto_vpc.request_vpc_peering_connection vpc-4a3e622e vpc-be82e9da
    # Specify a region
    salt myminion boto_vpc.request_vpc_peering_connection vpc-4a3e622e vpc-be82e9da region=us-west-2

Check to see if VPC peering connection is pending

.. code-block:: bash

    salt myminion boto_vpc.is_peering_connection_pending name=salt-vpc
    # Specify a region
    salt myminion boto_vpc.is_peering_connection_pending name=salt-vpc region=us-west-2
    # specify an id
    salt myminion boto_vpc.is_peering_connection_pending conn_id=pcx-8a8939e3

Accept VPC peering connection

.. code-block:: bash

    salt myminion boto_vpc.accept_vpc_peering_connection name=salt-vpc
    # Specify a region
    salt myminion boto_vpc.accept_vpc_peering_connection name=salt-vpc region=us-west-2
    # specify an id
    salt myminion boto_vpc.accept_vpc_peering_connection conn_id=pcx-8a8939e3

Deleting VPC peering connection via this module

.. code-block:: bash

    # Delete a named VPC peering connection
    salt myminion boto_vpc.delete_vpc_peering_connection name=salt-vpc
    # Specify a region
    salt myminion boto_vpc.delete_vpc_peering_connection name=salt-vpc region=us-west-2
    # specify an id
    salt myminion boto_vpc.delete_vpc_peering_connection conn_id=pcx-8a8939e3

�N)�CommandExecutionError�SaltInvocationErrorZprovisioningzpending-acceptanceZactive)
�BotoServerError�botoTF�boto3cCstj
jjd
dd�S)zg
    Only load if boto libraries exist and if boto libraries are greater than
    a given version.
    z2.8.0z1.2.6)Zboto_verZ	boto3_ver)�salt�utilsZversionsZcheck_boto_reqs�r	r	�I/opt/saltstack/salt/lib/python3.10/site-packages/salt/modules/boto_vpc.py�__virtual__�s
rc

Cs8trt
d
tdtd�
trt
dtddddd�
dSdS)	Nzboto.assign_funcs�vpc)
�packzboto3.assign_funcsZec2�
_get_conn3Z
_cache_id3)Zget_conn_funcnameZcache_id_funcnameZexactly_one_funcname)�HAS_BOTO�	__utils__�__name__Z__salt__�	HAS_BOTO3)
�optsr	r	r
�__init__�s









��rcCsTt|
|f�
s
t
d
�
�
|
rt|
||||d�}|St|||||d�s(t�d|�
dS|S)a�

    Check whether a VPC with the given name or id exists.
    Returns the vpc_id or None. Raises SaltInvocationError if
    both vpc_id and vpc_name are None. Optionally raise a
    CommandExecutionError if the VPC does not exist.

    .. versionadded:: 2016.3.0

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.check_vpc vpc_name=myvpc profile=awsprofile
    z:One (but not both) of vpc_id or vpc_name must be provided.��vpc_name�region�key�keyid�profile)�vpc_idrrrrzVPC %s does not exist.N)�_exactly_oner�_get_id�
_find_vpcs�log�info�rrrrrrr	r	r
�	check_vpc�s

�


��

�

r"c
Ks`
z�zt||||d
�}t
|d|�}	Wnty"


td�d|�
�
�
w|
r>t||
||||d
�r>ddd|�d|
�d�i
d	�WS|	di|�
�
}
|
rxt|
t�rQd
di
WSt�d||
j	�
t
|
|
�
t||
�
|
rqt|
||
j	||||d
�
d|
j	d�WS|
r�|�d|
�d�}n|�d�}t�
|�

dd|i
d	�WSty�
}
zdtd|�
d	�WYd}~Sd}~w
w)za
    Create a VPC resource. Returns the resource id if created, or False
    if not created.
    �rrrrZcreate_�3{} function does not exist for boto VPC connection.F�messagezA z named z already exists.��created�errorr'TzA %s with id %s was created��sub_resource�resource_idrrrr�r'�id�
 z was not created.�boto.get_errorNr	)�	_get_conn�getattr�AttributeError�format�_get_resource_id�
isinstance�boolrr r-�_maybe_set_name_tag�_maybe_set_tags�	_cache_id�warningrr)�resource�name�tagsrrrr�kwargs�connZcreate_resource�
r�
er	r	r
�_create_resource�sX






���
�
�















�	






��rBc
Ks*
t|
|f�
s
t
d
�
�
zot||||d�}z	t|d|�}	Wnty,


td�d|�
�
�
w|
rIt||
||||d�}|sIdd|�d|
�d�i
d	�WS|	|f
i|�
�
rbt|
||d
||||d�
dd
i
WS|
rm|�d|
�d
�}
n|�d
�}
dd|
i
d	�WSty�
}

zdt	d|
�
d	�WYd}
~
Sd}
~
w
w)zM
    Delete a VPC resource. Returns True if successful, otherwise False.
    �2One (but not both) of name or id must be provided.r#Zdelete_r$Fr%r.� does not exist.��deletedr(T)r*r+�
invalidaterrrrrFz was not deleted.r/N)
rrr0r1r2r3r4r9rr)r;r<r+rrrrr>r?Zdelete_resourcerAr	r	r
�_delete_resource0
sR






���

�
�








�






��rHc

Cs

t|
|f�
s
t
d
�
�
t||||d�}d|��}|�d�
s |d}t||�}	i}
|
r/d|
i
|
d<|r8||
|�d�<z	|	di|
�
�
}Wnty[
}
z|j�d�
rVWYd	}~d	S�d	}~w
w|r�t|�
d
krx|
rtt|
||dj	||||d�
|dSt
d
|�d|
�d��
�
d	S)zj
    Get a VPC resource based on resource type and name or id.
    Cache the id if name was provided.
    rCr#�get_all_�
s�tag:Name�filters�_ids�	.NotFoundN�
r
r)zFound more than one z named "�
"r	)rrr0�endswithr1r�code�lenr9r-r)
r;r<r+rrrrr?�
f�
get_resources�filter_parametersr@rAr	r	r
�
_get_resourcel
sJ















��









�	
�rWc
Cs�t||
f�
r
t
d
�
�
t||
|f�
st
d�
�
t||||d�}d|��}	|	�d�
s+|	d}	t||	�}
i}|
r:d|
i
|d<|rC|||�d�<|rW|��D]
\}}
|
|dd	|��<qIz
|
di|�
�
}W|Sty{
}
z|j�d
�
rvWYd}~dS�d}~w
w)
zI
    Get VPC resources based on resource type and name, id, or tags.
    z'Only one of name or id may be provided.zBAt least one of the following must be provided: id, name, or tags.r#rIrJrKrLrM�tag:rNNr	)	�allr�anyr0rQr1�itemsrrR)r;r<r+r=rrrrr?rTrUrV�tag_name�	tag_valuer@rAr	r	r
�_find_resources�
s8


�













�


��r^cCs>t|
|||||d
�}|r|St
||
||||d�}|r|jSdS)z<
    Get an AWS id for a VPC resource by type and name.
    )r*rrrr�r<rrrrN)r9rWr-)r;r<rrrr�_idr@r	r	r
r4�
s 





�

�
�r4c
CsPz
d
t||
||||d�i
WSt
y'
}
zdtd|�
i
WYd}~Sd}~w
w)z�
    Get an AWS id for a VPC resource by type and name.

    .. versionadded:: 2015.8.0

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.get_resource_id internet_gateway myigw

    r-r#r(r/N)r4rr)r;r<r+rrrrrAr	r	r
�get_resource_id�
s
��
��rac	CsXzd
tt
||
||||||d��
i
WSty+
}
zdtd|�
i
WYd}~Sd}~w
w)a:

    Given a resource type and name, return {exists: true} if it exists,
    {exists: false} if it does not exist, or {error: {message: error text}
    on error.

    .. versionadded:: 2015.8.0

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.resource_exists internet_gateway myigw

    �exists�r<r+r=rrrrr(r/N)r6r^rr)	r;r<r+r=rrrrrAr	r	r
�resource_exists
s$








���
��rdc
Cs�t||
f�
r
t
d
�
�
t||||d�}dii
}	|r|g
|	d<|r%||	dd<|
r-|
|	dd<|rA|��D]
\}
}||	dd|
��<q3|jd
i|	�
�
}t�d|	|�
|rht||
||f�
sad	d
�|D�
Sdd
�|D�
SgS)zA
    Given VPC properties, find and return matching VPC ids.
    z/Only one of vpc_name or vpc_id may be provided.r#rL�vpc_ids�cidrrKrXz5The filters criteria %s matched the following VPCs:%sc
Ssg|]}
|
jr|
j
�qSr	)�
is_defaultr-��.0rr	r	r
�
<listcomp>a�z_find_vpcs.<locals>.<listcomp>c
S�g|]}
|
j�qSr	�
r-rhr	r	r
rjc�Nr	)rYrr0r[�get_all_vpcsr�debugrZ)
rrrfr=rrrrr?rVr\r]�vpcsr	r	r
r9s,









�

rc		Cs�t|||
f�
st
d
�
�
|r t|
|f�
s t|||||d�}|r |St||
|||||d�}|rRt�dd�|�
�
t|�
dkrN|d}|rLt||||||d�
|Std�
�
t�	d	�

d
S)zF
    Given VPC properties, return the VPC id if a match is found.
    zGAt least one of the following must be provided: vpc_name, cidr or tags.r#�rrfr=rrrrzMatching VPC: %sr.rOr
z.Found more than one VPC matching the criteria.z
No VPC found.N)
rZrr9rrrp�joinrSrr )	rrfr=rrrrrrer	r	r
rhsL


�


�







�	










�
�

rc
CsRzd
t||
|||||d�i
WSt
y(
}
zdtd|�
i
WYd}~Sd}~w
w)z�
    Given VPC properties, return the VPC id if a match is found.

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.get_id myvpc

    r-rrr(r/N)rrr)r<rfr=rrrrrAr	r	r
�get_id�s






��
��rtc
Cs�t||
||f�
st
d
�
�
zt||
||||||d�}Wn1tyK
}	
z%td|	�
}
|
�di��d�
dkr=ddi
WYd	}	~	Sd
|
i
WYd	}	~	Sd	}	~	w
wdt|�
i
S)a

    Given a VPC ID, check to see if the given VPC ID exists.

    Returns True if the given VPC ID exists and returns False if the given
    VPC ID does not exist.

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.exists myvpc

    zOAt least one of the following must be provided: vpc_id, vpc_name, cidr or tags.)rrrfr=rrrrr/�awsrR�InvalidVpcID.NotFoundrbFNr()rZrrrr�getr6)rr<rfr=rrrrre�err�boto_errr	r	r
rb�s.

�









�



��rbc


Cs�zOt||||	d
�}
|
j
||
d�}|rFt�d|j�
t||�
t||�
t|
|j||�
t|
|j|�
|r?t	||j||||	d
�
d|jd�WSt�
d�

ddi
WStyj
}
zdtd	|�
d
�WYd}~Sd}~w
w)a�

    Given a valid CIDR block, create a VPC.

    An optional instance_tenancy argument can be provided. If provided, the
    valid values are 'default' or 'dedicated'

    An optional vpc_name argument can be provided.

    Returns {created: true} if the VPC was created and returns
    {created: False} if the VPC was not created.

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.create '10.0.0.0/24'

    r#)
�instance_tenancyzThe newly created VPC id is %sTr,zVPC was not createdr'Fr/r&N)
r0Z
create_vpcrr r-r7r8�_maybe_set_dns�_maybe_name_route_tabler9r:rr)
�
cidr_blockrzr�enable_dns_support�enable_dns_hostnamesr=rrrrr?rrAr	r	r
�create�s2
















�




��r�c

Cs�|
r	t�
d
�

|
}t||f�
std�
�
zJt||||d�}|s6t||||||d�}|s6ddd|�d�i
d	�WS|�|�
rSt�d
|�
|rNt||d||||d�
d
di
WSt�
d|�
d
di
WSt	yx
}	
zdt
d|	�
d	�WYd}	~	Sd}	~	w
w)aC

    Given a VPC ID or VPC name, delete the VPC.

    Returns {deleted: true} if the VPC was deleted and returns
    {deleted: false} if the VPC was not deleted.

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.delete vpc_id='vpc-6b1fe402'
        salt myminion boto_vpc.delete name='myvpc'

    zCboto_vpc.delete: name parameter is deprecated use vpc_name instead.z:One (but not both) of vpc_name or vpc_id must be provided.r#)rr=rrrrFr%�VPC z
 not foundrEzVPC %s was deleted.T)r+rGrrrrrFzVPC %s was not deleted.r/N)rr:rrr0rZ
delete_vpcr r9rr)
rr<rr=rrrrr?rAr	r	r
�delete2sV

�

�








�
�










�
	



��r�c

s@
zt||||d
�}t
||
||||d�}Wn1tyE
}
z%td|�
}|�di��d�
dkr7ddi
WYd}~Sd	|i
WYd}~Sd}~w
w|sLddi
Sd
|i
}	z
|jdi|	�
�
}
Wntyt
}
zd	td|�
i
WYd}~Sd}~w
w|
r�|
d�t�d�j�
d
}�f
dd�|D�
}|�	dt
�d�ji
�

d|i
Sddi
S)ay

    Describe a VPC's properties. If no VPC ID/Name is spcified then describe the default VPC.

    Returns a dictionary of interesting properties.

    .. versionchanged:: 2015.8.0
        Added vpc_name argument

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.describe vpc_id=vpc-123456
        salt myminion boto_vpc.describe vpc_name=myvpc

    r#r!r/rurRrvrNr(rer
z
Found VPC: %s�r-r}rg�stater=�dhcp_options_idrzc
�i|]}
|
t�|
��qSr	�
r1�ri�
k�
rr	r
�
<dictcomp>�rkzdescribe.<locals>.<dictcomp>rr	)r0rrrrwrorrpr-�updater1r<)
rrrrrrr?rxryrVrq�keys�_rr	r�r
�describezsD








�


��



��

	

r�c
s
d
}zkt||||d�}	dii
}
|r|g
|
d<|r||
dd<|
r&|
|
dd<|r:|�
�D]
\}}||
dd|��<q,|	jdi|
�
�
}
|
rig}|
D]��f
dd	�|D�
}|�d
t�d
�ji
�

|�|�

qHd|i
WSdgi
WSty�
}
zdtd
|�
i
WYd}~Sd}~w
w)a

    Describe all VPCs, matching the filter criteria if provided.

    Returns a list of dictionaries with interesting properties.

    .. versionadded:: 2015.8.0

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.describe_vpcs

    r�r#rLrerfrKrXc
r�r	r�r�r�r	r
r��rkz!describe_vpcs.<locals>.<dictcomp>rrqr(r/Nr	)	r0r[ror�r1r<�appendrr)rr<rfr=rrrrr�r?rVr\r]rq�retr�rAr	r�r
�
describe_vpcs�s4

















��r�c	Cs�t|||g�
st
d
�
�
dii
}|r||dd<|r||dd<|
r'|
|dd<|r;|��D]
\}}||dd|��<q-|jdi|�
�
}t�d||�
|rSdd	�|D�
Sd
S)
zF
    Given subnet properties, find and return matching subnet ids
    zKAt least one of the following must be specified: subnet_name, cidr or tags.rLrfrK�VpcIdrX�9The filters criteria %s matched the following subnets: %sc
Srlr	rm)ri�subnetr	r	r
rj(rnz!_find_subnets.<locals>.<listcomp>FNr	)rZrr[�get_all_subnetsrrp)	�subnet_namerrfr=r?rVr\r]�subnetsr	r	r
�
_find_subnetss.

�








�
r�cCs�zt||||||	�}|sd
dd|p|�d�i
d�WSWnt
y6
}
zd
td|�
d�WYd}~Sd}~w
wtd|||||
||||	d	�
}|
rZt||||	d
�}
|
jddi
|d
d�
|S)am
    Given a valid VPC ID or Name and a CIDR block, create a subnet for the VPC.

    An optional availability zone argument can be provided.

    Returns True if the VPC subnet was created and returns False if the VPC subnet was not created.

    .. versionchanged:: 2015.8.0
        Added vpc_name argument

    CLI Examples:

    .. code-block:: bash

        salt myminion boto_vpc.create_subnet vpc_id='vpc-6b1fe402' \
                subnet_name='mysubnet' cidr_block='10.0.0.0/25'
        salt myminion boto_vpc.create_subnet vpc_name='myvpc' \
                subnet_name='mysubnet', cidr_block='10.0.0.0/25'
    Fr%r�rDr&r/Nr�)	r<r=r�availability_zoner}rrrrr#�ValueTr-)ZMapPublicIpOnLaunch�SubnetId)r"rrrBrZmodify_subnet_attribute)rr}rr�r�r=rrrrZauto_assign_public_ipv4rAZsubnet_object_dict�conn3r	r	r
�
create_subnet-s:!


��
��









�



�r�c	C�td
|
|||||d�S)aF

    Given a subnet ID or name, delete the subnet.

    Returns True if the subnet was deleted and returns False if the subnet was not deleted.

    .. versionchanged:: 2015.8.0
        Added subnet_name argument

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.delete_subnet 'subnet-6a1fe403'

    r��r;r<r+rrrr�
rH)�	subnet_idr�rrrrr	r	r
�
delete_subnetm�






�r�c

Cs�
|
r	t�
d
�

|
}t|||||f�
std�
�
z
t||||	d�}
Wnty:
}
zdtd|�
i
WYd}~Sd}~w
wdii
}|rF|g
|d<|rN||dd	<|rV||dd
<|rj|��D]
\}
}||dd|
��<q\|rr||dd<z
|
jdi|�
�
}Wn1ty�
}
z%td|�
}|�	d
i��	d�
dkr�ddi
WYd}~Sd|i
WYd}~Sd}~w
wt�
d||�
|r�t�d|p�|�
ddi
St�d|p�|�
ddi
S)aA

    Check if a subnet exists.

    Returns True if the subnet exists, otherwise returns False.

    .. versionchanged:: 2015.8.0
        Added subnet_name argument
        Deprecated name argument

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.subnet_exists subnet_id='subnet-6a1fe403'

    zMboto_vpc.subnet_exists: name parameter is deprecated use subnet_name instead.z^At least one of the following must be specified: subnet id, cidr, subnet_name, tags, or zones.r#r(r/NrL�
subnet_idsrKrfrXr�rurRzInvalidSubnetID.NotFoundrbFz8The filters criteria %s matched the following subnets:%szSubnet %s exists.TzSubnet %s does not exist.r	)rr:rZrr0rrr[r�rwrpr )r�r<r�rfr=Zzonesrrrrr?rxrVr\r]r�ryr	r	r
�
subnet_exists�s\

�

�


��
















��


�


r�c	
Cs�zt|
|||d
�}|j
|d�
}Wnty*
}
zdtd|�
i
WYd}~Sd}~w
wt�}|D]}t�d|j�
||vrLt�d|j|j�
|�	|j�

q0|sSddi
St
|�
d	kr_d|��i
Sd
t|�
i
S)a
    Given a subnet (aka: a vpc zone identifier) or list of subnets, returns
    vpc association.

    Returns a VPC ID if the given subnets are associated with the same VPC ID.
    Returns False on an error or if the given subnets are associated with
    different VPC IDs.

    CLI Examples:

    .. code-block:: bash

        salt myminion boto_vpc.get_subnet_association subnet-61b47516

    .. code-block:: bash

        salt myminion boto_vpc.get_subnet_association ['subnet-61b47516','subnet-2cb9785b']

    r#)
r�r(r/Nz"examining subnet id: %s for vpc_idz+subnet id: %s is associated with vpc id: %srrOre)
r0r�rr�setrrpr-r�addrS�pop�list)	r�rrrrr?rArer�r	r	r
�get_subnet_association�s*


��





��



r�c

s�z
td
|
|||||d��Wnt
y'
}
zdtd|�
i
WYd}~Sd}~w
w�s.d
di
St�d�j�
d}d
�f
dd	�|D�
i
}t|d
d
|d
dd||||d�}	|	r]|	|d
d
<|S)aL

    Given a subnet id or name, describe its properties.

    Returns a dictionary of interesting properties.

    .. versionadded:: 2015.8.0

    CLI Examples:

    .. code-block:: bash

        salt myminion boto_vpc.describe_subnet subnet_id=subnet-123456
        salt myminion boto_vpc.describe_subnet subnet_name=mysubnet

    r��r<r+rrrrr(r/NzFound subnet: %s�r-r}r�r=rc
r�r	r�r��
r�r	r
r�/rkz#describe_subnet.<locals>.<dictcomp>r-r)r?rrrr�#explicit_route_table_association_id)rWrrrrpr-� _get_subnet_explicit_route_table)
r�r�rrrrrAr�r��explicit_route_table_assocr	r�r
�describe_subnetsD








�	
��












�	�
�r�c
Cs
zst||||d
�}dii
}	|r||	dd<|r||	dd<|
r%|
|	dd<|j
dd|i
|	�
�
}
t�d|	|
�
|
s=dd	i
WSg}d
}|
D]+}
i}|D]}t|
|�rWt|
|�||<qIt|d|d|d
�}|ri||d<|�|�

qCd|i
WSty�
}
zdt	d|�
i
WYd	}~Sd	}~w
w)a�
    Given a VPC ID or subnet CIDR, returns a list of associated subnets and
    their details. Return all subnets if VPC ID or CIDR are not provided.
    If a subnet id or CIDR is provided, only its associated subnet details will be
    returned.

    .. versionadded:: 2015.8.0

    CLI Examples:

    .. code-block:: bash

        salt myminion boto_vpc.describe_subnets

    .. code-block:: bash

        salt myminion boto_vpc.describe_subnets subnet_ids=['subnet-ba1987ab', 'subnet-ba1987cd']

    .. code-block:: bash

        salt myminion boto_vpc.describe_subnets vpc_id=vpc-123456

    .. code-block:: bash

        salt myminion boto_vpc.describe_subnets cidr=10.0.0.0/21

    r#rLZvpcIdZ	cidrBlockrKr�r�r�Nr�r-r)
r?r�r(r/r	)
r0r�rrp�hasattrr1r�r�rr)r�Zsubnet_namesrrfrrrrr?rVr�Zsubnets_listr��itemr�r�rAr	r	r
�describe_subnets@sJ&








�








�

��


��r�c
Cs�zM|
s|rt|
|||||�}
|
sd
dd|p|
�d�i
d�WSt
d||||||d�}|�d�
rK|
rKt||||d	�}	|	�|d
|
�
t�d|d
|pI|
�
|WStyh
}

zd
td|
�
d�WYd
}
~
Sd
}
~
w
w)a�

    Create an Internet Gateway, optionally attaching it to an existing VPC.

    Returns the internet gateway id if the internet gateway was created and
    returns False if the internet gateways was not created.

    .. versionadded:: 2015.8.0

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.create_internet_gateway \
                internet_gateway_name=myigw vpc_name=myvpc

    Fr%r�rDr&�internet_gateway)r<r=rrrrr'r#r-z&Attached internet gateway %s to VPC %sr/N)	r"rBrwr0Zattach_internet_gatewayrr rr)�internet_gateway_namerrr=rrrrr@r?rAr	r	r
�create_internet_gateway�s6



�






�	



�

��r�c

Cs�zR|
r
td
|
||||d�}|sddd�
|
�
i
d�WS|rHtd
|||||d�}|s3ddd�
|�
i
d�WS|jrHt||||d�}|�||jdj�
td
|||||d�WStym
}	
zdt	d	|	�
d�WYd
}	~	Sd
}	~	w
w)ax

    Delete an internet gateway (by name or id).

    Returns True if the internet gateway was deleted and otherwise False.

    .. versionadded:: 2015.8.0

    CLI Examples:

    .. code-block:: bash

        salt myminion boto_vpc.delete_internet_gateway internet_gateway_id=igw-1a2b3c
        salt myminion boto_vpc.delete_internet_gateway internet_gateway_name=myigw

    r�r#Fr%�#internet gateway {} does not exist.rE�r+rrrrr
r/N)
r4r3rW�attachmentsr0Zdetach_internet_gatewayrrHrr)
Zinternet_gateway_idr��detachrrrrZigwr?rAr	r	r
�delete_internet_gateway�sd







�
���	






�	
���	


�





�
��r���pendingZ	availablec
Cs
t||
|||f�
s
t
d
�
�
dgi
}
|r|g
|
d<|r(td|||||	d�}
|
s(dS|
r5|
d�d|
g
d��

|rEtd	|||||	d�}|sEdS|rR|
d�d
|g
d��

t||||	d�}g}td|jf
ddd
�|
�
�
D]}
|
�dg�D]}|�d�
|vr�|�|�

qrqjt�	d|
|�
|r�|SdS)zI
    Given gateway properties, find and return matching nat gateways
    zlAt least one of the following must be provided: nat_gateway_id, subnet_id, subnet_name, vpc_id, or vpc_name.�Filter�
NatGatewayIdsr�r#Fz	subnet-id��NameZValuesr�vpc-idzboto3.paged_callZ	NextToken)Zmarker_flagZ
marker_arg�NatGateways�Statez>The filters criteria %s matched the following nat gateways: %s)
rZrr4r�rr�describe_nat_gatewaysrwrrp)�nat_gateway_idr�r�rr�statesrrrrrVr�Znat_gatewaysr�Zgwr	r	r
�_find_nat_gatewayss\

�



�



�




�
�
�


��


�
r�c


Cs tt
||
||||||||	d
�
�
S)aR

    Checks if a nat gateway exists.

    This function requires boto3 to be installed.

    .. versionadded:: 2016.11.0

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.nat_gateway_exists nat_gateway_id='nat-03b02643b43216fe7'
        salt myminion boto_vpc.nat_gateway_exists subnet_id='subnet-5b05942d'

    �
r�r�r�rrr�rrrr)r6r�r�r	r	r
�nat_gateway_existsbs










��r�c

Cst||
||||||||	d
�
S)a\

    Return a description of nat gateways matching the selection criteria

    This function requires boto3 to be installed.

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.describe_nat_gateways nat_gateway_id='nat-03b02643b43216fe7'
        salt myminion boto_vpc.describe_nat_gateways subnet_id='subnet-5b05942d'

    r�)
r�r�r	r	r
r��s









�r�c
Cs
zdt||
f�
rt
d
�
�
|
r&td|
||||d�}|s%ddd|
�d�i
d�WSntd|||||d	�s<ddd|�d�i
d�WSt||||d�}|sQ|jd
d�
}|�d�
}|j||d
�}	d|	�di��d�
d�WSty
}

zdt	d|
�
d�WYd}
~
Sd}
~
w
w)a
    Create a NAT Gateway within an existing subnet. If allocation_id is
    specified, the elastic IP address it references is associated with the
    gateway. Otherwise, a new allocation_id is created and used.

    This function requires boto3 to be installed.

    Returns the nat gateway id if the nat gateway was created and
    returns False if the nat gateway was not created.

    .. versionadded:: 2016.11.0

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.create_nat_gateway subnet_name=mysubnet

    �5Only one of subnet_name or subnet_id may be provided.r�r#Fr%�Subnet rDr&r�r)
ZDomain�AllocationId)r�r�TZ
NatGateway�NatGatewayIdr,r/N)
rYrr4rWrZallocate_addressrw�create_nat_gatewayrr)r�r�Z
allocation_idrrrrr��addressr@rAr	r	r
r��sP


�






�
��





�	
�





��r��c

Cs
zqt||||d
�}|j
|g
d�
}	|	r|	�ddg
�d}	|j|d�

|rXt|dd�D].}
|	rW|	dd	v
rWt�d
||
t�dd�d�

|j
|g
d�
}	|	rW|	�ddg
�d}	q)
|
rm|	rm|	�d
�
D]}|j	|�d�
d�

qaddi
WSt
y�
}
zdtd|�
d�WYd}~Sd}~w
w)a�
    Delete a nat gateway (by id).

    Returns True if the internet gateway was deleted and otherwise False.

    This function requires boto3 to be installed.

    .. versionadded:: 2016.11.0

    nat_gateway_id
        Id of the NAT Gateway

    release_eips
        whether to release the elastic IPs associated with the given NAT Gateway Id

    region
        Region to connect to.

    key
        Secret key to be used.

    keyid
        Access key to be used.

    profile
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.

    wait_for_delete
        whether to wait for delete of the NAT gateway to be in failed or deleted
        state after issuing the delete call.

    wait_for_delete_retries
        NAT gateway may take some time to be go into deleted or failed state.
        During the deletion process, subsequent release of elastic IPs may fail;
        this state will automatically retry this number of times to ensure
        the NAT gateway is in deleted or failed state before proceeding.

    CLI Examples:

    .. code-block:: bash

        salt myminion boto_vpc.delete_nat_gateway nat_gateway_id=igw-1a2b3c

    r#)
r�r�Nr
)
r����r�)rFZfailed�i�g@�@ZNatGatewayAddressesr�)
r�rFTFr/rE)rr�rw�delete_nat_gateway�range�time�sleep�random�randintZrelease_addressrr)
r�Zrelease_eipsrrrrZwait_for_deleteZwait_for_delete_retriesr�ZgwinfoZretry�addrrAr	r	r
r�
s68










��









��r�c		Cstd
|||
||||||d�
S)u�

    Given a valid VPN connection type, a static IP address and a customer
    gateway’s Border Gateway Protocol (BGP) Autonomous System Number,
    create a customer gateway.

    Returns the customer gateway id if the customer gateway was created and
    returns False if the customer gateway was not created.

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.create_customer_gateway 'ipsec.1', '12.1.2.3', 65534

    �customer_gateway)�type�
ip_address�bgp_asnr=rrrr)
rB)	Zvpn_connection_typer�r��customer_gateway_namer=rrrrr	r	r
�create_customer_gatewayVs









�r�c	Cr�)a

    Given a customer gateway ID or name, delete the customer gateway.

    Returns True if the customer gateway was deleted and returns False if the customer gateway was not deleted.

    .. versionchanged:: 2015.8.0
        Added customer_gateway_name argument

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.delete_customer_gateway 'cgw-b6a247df'

    r�r�r��Zcustomer_gateway_idr�rrrrr	r	r
�delete_customer_gateways






�r�c	Cr�)aa

    Given a customer gateway ID, check if the customer gateway ID exists.

    Returns True if the customer gateway ID exists; Returns False otherwise.

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.customer_gateway_exists cgw-b6a247df
        salt myminion boto_vpc.customer_gateway_exists customer_gatway_name=mycgw

    r�r�)
rdr�r	r	r
�customer_gateway_exists�s






�r�c

Cs�zQ|s|rt|||	|
||�}|sd
dd|p|�d�i
d�WSt
d|||
||||	|
||d�}
|
�d�
rO|rOt|	|
||d	�}|�|
d
|�
t�d|
d
|pM|�
|
WStyl
}
zd
td|�
d�WYd
}~Sd
}~w
w)aj
    Given valid DHCP options, create a DHCP options record, optionally associating it with
    an existing VPC.

    Returns True if the DHCP options record was created and returns False if the DHCP options record was not deleted.

    .. versionchanged:: 2015.8.0
        Added vpc_name and vpc_id arguments

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.create_dhcp_options domain_name='example.com' \
                domain_name_servers='[1.2.3.4]' ntp_servers='[5.6.7.8]' \
                netbios_name_servers='[10.0.0.1]' netbios_node_type=1 \
                vpc_name='myvpc'

    Fr%r�rDr&�dhcp_options)
r<�domain_name�domain_name_servers�ntp_servers�netbios_name_servers�netbios_node_typerrrrr'r#r-zAssociated options %s to VPC %sr/N)	r"rBrwr0�associate_dhcp_optionsrr rr)r�r�r�r�r��dhcp_options_namer=rrrrrrr@r?rAr	r	r
�create_dhcp_options�s:#



�










�






��r�c	
s�t||
f�
s
t
d
�
�
|
s|rtd|||||d�}
|
sdii
Szt||||d�}|j|
g
d�
�WntyI
}
zdtd|�
i
WYd}~Sd}~w
w�sPddi
Sd}d�f
d	d
�|D�
i
S)z�
    Return a dict with the current values of the requested DHCP options set

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.get_dhcp_options 'myfunnydhcpoptionsname'

    .. versionadded:: 2016.3.0
    zTAt least one of the following must be specified: dhcp_options_name, dhcp_options_id.r�r#)
Zdhcp_options_idsr(r/N�r�r�r�r�r�c
si|]}
|
�dj�
|
�
�qS)
r
)�optionsrwr��
r@r	r
r�;sz$get_dhcp_options.<locals>.<dictcomp>)rZrr4r0Zget_all_dhcp_optionsrr)	r�r�rrrrr?rAr�r	r�r
�get_dhcp_optionss4

�






�




��
r�c	Cr�)z�
    Delete dhcp options by id or name.

    .. versionadded:: 2015.8.0

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.delete_dhcp_options 'dopt-b6a247df'

    r�r�r�)r�r�rrrrr	r	r
�delete_dhcp_options>s






�r�c	
Cs�zBt|
|||||�}
|
sd
dd|p|
�d�i
d�WSt
||||d�}|�||
�r4t�d||
�
dd	i
WSt�d
||
�
d
ddi
d�WSty]
}
zd
td|�
d�WYd
}~Sd
}~w
w)aq

    Given valid DHCP options id and a valid VPC id, associate the DHCP options record with the VPC.

    Returns True if the DHCP options record were associated and returns False if the DHCP options record was not associated.

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.associate_dhcp_options_to_vpc 'dhcp-a0bl34pp' 'vpc-6b1fe402'

    Fr%r�rD��
associatedr(r#z3DHCP options with id %s were associated with VPC %sr�Tz7DHCP options with id %s were not associated with VPC %sz%DHCP options could not be associated.r/N)r"r0r�rr r:rr)	r�rrrrrrr?rAr	r	r
�associate_dhcp_options_to_vpc^s4


�




�



�
�
��r�c
C�*|
r	t�
d
�

|
}td|||||||d�S)z�
    Check if a dhcp option exists.

    Returns True if the dhcp option exists; Returns False otherwise.

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.dhcp_options_exists dhcp_options_id='dhcp-a0bl34pp'

    zYboto_vpc.dhcp_options_exists: name parameter is deprecated use dhcp_options_name instead.r�rc�rr:rd)r�r<r�r=rrrrr	r	r
�dhcp_options_exists�s

�







�r�c

Csr
|
p|}
zt||
||||	�}Wnt
y*
}
zd
td|�
d�WYd}~Sd}~w
w|s8d
dd|
�d�i
d�St||f�
rBtd�
�
|r\td	|||||	d
�}|s[d
dd|�d�i
d�Sn|rstd	|||||	d�ssd
dd|�d�i
d�Std
||||||	d�}|�d�
r�|r�zt	||||	d
�}
|
�
|d|�}Wnt
y�
}
zd
td|�
d�WYd}~Sd}~w
w||d<|S)aF

    Given a vpc_id, creates a network acl.

    Returns the network acl id if successful, otherwise returns False.

    .. versionchanged:: 2015.8.0
        Added vpc_name, subnet_id, and subnet_name arguments

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.create_network_acl 'vpc-6b1fe402'

    Fr/r&Nr%r�rDr�r�r#r�r��network_acl)r<rrrrrr'r-�association_id)r"rrrYrr4rWrBrwr0�associate_network_acl)rr�network_acl_namer�r�r=rrrrr`rAr@r?r�r	r	r
�create_network_acl�sn


��
�

�

�
��






�	
�






�





��
r�c
	Csv|r0td
|
||||d�}|r0|j
r0|j
dj}zt||||d�}	|	�|�

Wn	ty/


Yn
wtd
|
|||||d�S)a�

    Delete a network acl based on the network_acl_id or network_acl_name provided.

    CLI Examples:

    .. code-block:: bash

        salt myminion boto_vpc.delete_network_acl network_acl_id='acl-5fb85d36' \
                disassociate=false

    .. code-block:: bash

        salt myminion boto_vpc.delete_network_acl network_acl_name='myacl' \
                disassociate=true

    r�r_r
r#r�)rW�associationsr�r0�disassociate_network_aclrrH)
�network_acl_idr�Zdisassociaterrrrr�r�r?r	r	r
�delete_network_acl	s4






�






�






�r
c
Cr�)z�
    Checks if a network acl exists.

    Returns True if the network acl exists or returns False if it doesn't exist.

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.network_acl_exists network_acl_id='acl-5fb85d36'
    zWboto_vpc.network_acl_exists: name parameter is deprecated use network_acl_name instead.r�rcr�)r

r<r�r=rrrrr	r	r
�network_acl_existsI	s

�







�r
c
Cs�|rtd
|||||d�}|sddd|�d�i
d�S|r2td|||||d�}
|
s2ddd	|�d�i
d�Sz,t
||||d�}|�||
�}	|	rPt�d
||
�
d|	d�WSt�d
||
�
dddi
d�WStyy
}

zdtd|
�
d�WYd}
~
Sd}
~
w
w)a�

    Given a network acl and subnet ids or names, associate a network acl to a subnet.

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.associate_network_acl_to_subnet \
                network_acl_id='acl-5fb85d36' subnet_id='subnet-6a1fe403'

    .. code-block:: bash

        salt myminion boto_vpc.associate_network_acl_to_subnet \
                network_acl_id='myacl' subnet_id='mysubnet'

    r�r#Fr%zNetwork ACL rDr�r�r�z4Network ACL with id %s was associated with subnet %sT)r�r-z8Network ACL with id %s was not associated with subnet %szACL could not be assocaited.r/N)r4r0r�rr r:rr)r

r�r�r�rrrrr?r�rAr	r	r
�associate_network_acl_to_subnetr	sV






�
�

�
�






�


�
�
��r
c
Cs�t||f�
s
t
d
�
�
t||
f�
rt
d�
�
z<|r/td|||||d�}|s/ddd|�d�i
d	�WS|s3|
r<t|
|||||�}
t||||d�}|j||
d
�}	d|	d�WStyk
}

zdtd
|
�
d	�WYd}
~
Sd}
~
w
w)z�
    Given a subnet ID, disassociates a network acl.

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.disassociate_network_acl 'subnet-6a1fe403'

    z@One (but not both) of subnet_id or subnet_name must be provided.z/Only one of vpc_id or vpc_name may be provided.r�r#Fr%r�rD��
disassociatedr()
rT)r
r�r/N)	rrrYr4r"r0r
rr)r�rr�rrrrrr?r�rAr	r	r
r
�	s:

�









�
�




��r
cCsf
|rd
}nd}t||f�
st
d�
�
dD]}t�|dur#t
|�d��
�
q|r0td|||
||d�}|s?|dd	d
d�|p;|�
i
iSt|t�rc|dkrKd
}nzt�|�
}Wnt	yb
}
zt
|�
�
d}~w
wz3t
||
||d�}|rr|j}n|j}|||
|||||||	|
d�
}|r�t
�d|�
nt
�d|�
||i
WSty�
}
z|dd	td|�
iWYd}~Sd}~w
w)N�replacedr'�JOne (but not both) of network_acl_id or network_acl_name must be provided.)�rule_number�protocol�rule_actionr}�
 is required.r�r#Fr(r%�Network ACL {} does not exist.rYr�)�egress�	icmp_code�	icmp_type�port_range_from�
port_range_tozNetwork ACL entry was %szNetwork ACL entry was not %sr/)rr�localsr4r3r5�str�socket�getprotobyname�OSErrorr0�replace_network_acl_entry�create_network_acl_entryrr r:rr)r

r	
r

r
r}r
r�r
r
r
r
�replacerrrrZrkey�
vrAr?rTr'r	r	r
�_create_network_acl_entry�	s|


�

�






�


���
	




��













�



 
��r
cCst�}t
di|�
�
S)z�
    Creates a network acl entry.

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.create_network_acl_entry 'acl-5fb85d36' '32767' \
                'all' 'deny' '0.0.0.0/0' egress=true

    Nr	�r
r
�r

r	
r

r
r}r
r�r
r
r
r
rrrrr>r	r	r
r
I
s
r
cCst�}t
dd
di
|�
�
S)z�

    Replaces a network acl entry.

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.replace_network_acl_entry 'acl-5fb85d36' '32767' \
                'all' 'deny' '0.0.0.0/0' egress=true

    r
TNr	r
r
r	r	r
r
j
s
r
c
Cs�t||f�
s
t
d
�
�
dD]}t�|durt
|�d��
�
q|r)td|||||d�}|s7ddd	�|p2|�
i
d
�Sz"t||||d�}	|	j||
|d�}
|
rPt�d�

nt�	d
�

d|
i
WSt
yt
}
zdtd|�
d
�WYd}~Sd}~w
w)z�
    Deletes a network acl entry.

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.delete_network_acl_entry 'acl-5fb85d36' '32767'

    r
)r	
r
Nr
r�r#Fr%r

rE)
r
zNetwork ACL entry was deletedzNetwork ACL was not deletedrFr/)rrr
r4r3r0�delete_network_acl_entryrr r:rr)r

r	
r
r�rrrrr
r?rFrAr	r	r
r
�
sJ

�

�






�
���


�





��r
c
CsHt||
||||�}|sd
dd|
p|�d�i
d�St
d|||||||d�S)a

    Creates a route table.

    .. versionchanged:: 2015.8.0
        Added vpc_name argument

    CLI Examples:

    .. code-block:: bash

        salt myminion boto_vpc.create_route_table vpc_id='vpc-6b1fe402' \
                route_table_name='myroutetable'
        salt myminion boto_vpc.create_route_table vpc_name='myvpc' \
                route_table_name='myroutetable'
    Fr%r�rDr&�route_table)r=rrrrr)r"rB)rr�route_table_namer=rrrrr	r	r
�create_route_table�
s

�







�r"
c	Cr�)z�
    Deletes a route table.

    CLI Examples:

    .. code-block:: bash

        salt myminion boto_vpc.delete_route_table route_table_id='rtb-1f382e7d'
        salt myminion boto_vpc.delete_route_table route_table_name='myroutetable'

    r 
r�r�)�route_table_idr!
rrrrr	r	r
�delete_route_table�
r�r$
c
Cr�)z�
    Checks if a route table exists.

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.route_table_exists route_table_id='rtb-1f382e7d'

    zWboto_vpc.route_table_exists: name parameter is deprecated use route_table_name instead.r 
rcr�)r#
r<r!
r=rrrrr	r	r
�route_table_existss

�







�r%
c
Csh
t|
|f�
s
t
d
�
�
t||||f�
st
d�
�
z�t|||	|
d�}dii
}
|r*|g
|
d<|
r2|
|
dd<|rF|��D]
\}}||
dd|��<q8|jdi|
�
�
}t|�
dkrXt
d	�
�
|||||d
�}|djD])}|j|j|j	|j
|d
�}t|���
t|���
A}|s�t�
d|�
d
di

WSqet�d|�
d
di
WSty�
}
zdtd|�
i
WYd}~Sd}~w
w)z�
    Checks if a route exists.

    .. versionadded:: 2015.8.0

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.route_exists destination_cidr_block='10.0.0.0/20' gateway_id='local' route_table_name='test'

    zTAt least one of the following must be specified: route table name or route table id.ztAt least one of the following must be specified: gateway id, instance id, interface id or VPC peering connection id.r#rLZroute_table_idsrKrXrOz Found more than one route table.)�destination_cidr_block�
gateway_id�instance_id�interface_id�vpc_peering_connection_idr
zRoute %s exists.rbTzRoute %s does not exist.Fr(r/Nr	)rZrr0r[�get_all_route_tablesrS�routesr&
r'
r(
r)
r�rr r:rr)r&
r!
r#
r'
r(
r)
r=rrrrr*
r?rVr\r]�route_tablesZroute_checkZroute_matchZ
route_dictZ
route_comprAr	r	r
�route_exists;sZ

�

�











�



�


�



��r.
c
Cs�t|
|f�
r
t
d
�
�
|r#td|||||d�}
|
s#ddd|�d�i
d�St||f�
r-t
d	�
�
|rFtd
|||||d�}|sFddd|�d�i
d�Szt||||d�}|�||
�}	t�d||
�
d
|	i
WSty{
}

zdtd|
�
d�WYd}
~
Sd}
~
w
w)av

    Given a route table and subnet name or id, associates the route table with the subnet.

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.associate_route_table 'rtb-1f382e7d' 'subnet-6a1fe403'

    .. code-block:: bash

        salt myminion boto_vpc.associate_route_table route_table_name='myrtb' \
                subnet_name='mysubnet'

    r�r�r#Fr%r�rDr�z?Only one of route_table_name or route_table_id may be provided.r 
zRoute table z,Route table %s was associated with subnet %sr�r/N)	rYrr4r0�associate_route_tablerr rr)r#
r�r!
r�rrrrr?r�rAr	r	r
r/
�sP

�

�
�

�






�
�



�


��r/
c
Cs~z#t|
|||d
�}|�
|�
rt�d|�
ddi
WSt�d|�
ddi
WSty>
}
zdtd|�
d�WYd	}~Sd	}~w
w)
z�
    Disassociates a route table.

    association_id
        The Route Table Association ID to disassociate

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.disassociate_route_table 'rtbassoc-d8ccddba'

    r#z:Route table with association id %s has been disassociated.r
Tz>Route table with association id %s has not been disassociated.Fr/r
N)r0�disassociate_route_tablerr r:rr)r�rrrrr?rAr	r	r
r0
�s"





�


�


��r0
c
Csnzt||||d
�}|�
||
�}t�d|
|�
d|d�WSty6
}
zdtd|�
d�WYd}~Sd}~w
w)	z�
    Replaces a route table association.

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.replace_route_table_association 'rtbassoc-d8ccddba' 'rtb-1f382e7d'

    r#z6Route table %s was reassociated with association id %sT)r
r�Fr/�r
r(N)r0Z*replace_route_table_association_with_assocrr rr)r�r#
rrrrr?rAr	r	r
�replace_route_table_association�s


�


�

��r2
c
Cst||f�
s
t
d
�
�
t||||||
|||f	�
st
d�
�
|
dur#t
d�
�
z�|r=td||	|
||d�}|s=ddd	�|�
i
d
�WS|rVtd||	|
||d�}|sVddd�|�
i
d
�WS|rotd
||	|
||d�}|soddd�|�
i
d
�WS|r�t||	|
||d�}|s�ddd�|�
i
d
�WS|dd}
|r�t||	|
||d�}|s�ddd�|�
i
d
�WS|dd}
Wnty�
}
zdtd|�
d
�WYd}~Sd}~w
w|
s�td||
|||||	|
||d�Szt|	|
||d�}|j	||
|
d�}d|�
d�
d�WSt�
y
}
zdtd|�
d
�WYd}~Sd}~w
w)z�
    Creates a route.

    If a nat gateway is specified, boto3 must be installed

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.create_route 'rtb-1f382e7d' '10.0.0.0/16' gateway_id='vgw-a1b2c3'

    �JOne (but not both) of route_table_id or route_table_name must be provided.z�Only one of gateway_id, internet_gateway_name, instance_id, interface_id, vpc_peering_connection_id, nat_gateway_id, nat_gateway_subnet_id, nat_gateway_subnet_name or vpc_peering_connection_name may be provided.N�#destination_cidr_block is required.r 
r#Fr%�route table {} does not exist.r&r�r�Zvpc_peering_connectionz)VPC peering connection {} does not exist.)r�rrrrz"nat gateway for {} does not exist.r
r�)r�rrrrr/�route)
r#
r&
r'
r(
r)
r*
rrrr)�RouteTableId�DestinationCidrBlockr�Tr,)rrr4r3r�rrrBr�create_routerw)r#
r&
r!
r'
r�r(
r)
r*
Zvpc_peering_connection_namerrrrr�Znat_gateway_subnet_nameZnat_gateway_subnet_idZgwsrAr�r�r	r	r
r9
s



�







��

�








�
���	






�
���	






�
���	





�
���





�
����
��











�




�

��r9
c
Cs�t||f�
s
t
d
�
�
|
durt
d�
�
z|r,td|||||d�}|s,ddd�|�
i
d	�WSWntyH
}
zdtd
|�
d	�WYd}~Sd}~w
wtd||
||||d�S)
z�
    Deletes a route.

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.delete_route 'rtb-1f382e7d' '10.0.0.0/16'

    r3
Nr4
r 
r#Fr%r5
r&r/r6
)r;r+r&
rrrr)rrr4r3rrrH)r#
r&
r!
rrrrrAr	r	r
�delete_route�sJ

�








�
����
��






�r:
c

Cs�t||f�
s
t
d
�
�
|
durt
d�
�
zD|r,td|||||	d�}|s,ddd�|�
i
d	�WSt||||	d�}|j||
||||
d
�rKt�d||
�
dd
i
WSt�d||
�
ddi
WSt	yq
}
zdt
d|�
d	�WYd}~Sd}~w
w)z�
    Replaces a route.

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.replace_route 'rtb-1f382e7d' '10.0.0.0/16' gateway_id='vgw-a1b2c3'

    r3
Nr4
r 
r#Fr%r5
r1
)r'
r(
r)
r*
z7Route with cidr block %s on route table %s was replacedr
Tz;Route with cidr block %s on route table %s was not replacedr/)rrr4r3r0�
replace_routerr r:rr)
r#
r&
r!
r'
r(
r)
rrrrr*
r?rAr	r	r
r;

s`

�








�
���





�


�



�


��r;
c
Cs�
t||
||f�
st
d
�
�
z�t||||d�}dgi
}	|r |g
|	d<|r-|	d�d|g
d��

|
r:|	d�d|
g
d��

|rS|��D]\}
}|	d�d|
��|g
d��

q@|jd#i|	�
�
�d	g�}|sdgWSg}
d
ddd
dd�}ddddddd�}ddd
dd�}|D]U}i}|��D]G\}}||vr�|dkr�t|||�||<q�|dkr�t|||�||<q�|dkr�i||<|�|g�D]}|�d�
|||�d�
<q�q�|�|�
||<q�|
�|�

q�|
WSty�
}
zd t	d!|�
i
WYd"}~Sd"}~w
w)$a!

    Given route table properties, return details of all matching route tables.

    This function requires boto3 to be installed.

    .. versionadded:: 2016.11.0

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.describe_route_tables vpc_id='vpc-a6a9efc3'

    zcAt least one of the following must be specified: route table id, route table name, vpc_id, or tags.r#�FiltersZ
RouteTableIdsr�r�rKrXZRouteTablesr7
r��TagsZRoutesZAssociations)r-rr=r,
r�r8
Z	GatewayIdZInstanceZNetworkInterfaceIdr��VpcPeeringConnectionId)r&
r'
r(
r)
r�r*
ZRouteTableAssociationIdZMainr�)r-�mainr#
r�r,
r�r=r��Keyr(r/Nr	)
rZrrr�r[�describe_route_tablesrw�
_key_remaprr)r#
r!
rr=rrrrr�rVr\r]r-
Ztablesr�Z
route_keysZ
assoc_keysr�r 
ZoutkeyZinkeyZtagitemrAr	r	r
rA
Z
s�

�







�


�
�




�




�	


�











���


��rA
cCs|j|
||||d
�S)Nr�)
r�)r?r�r�r�r�r�r	r	r
�_create_dhcp_options�
s




�rC
cCs&|r|
�d
|�
t
�d|
|�
dSdS)Nr�z%s is now named as %s)�add_tagrrp)r<�objr	r	r
r7�
s


�r7cCs`|r.z|
�|�

Wnt
y!


|��D]
\}}|
�||�
qYn
wt�d
d�|�
|
�
dSdS)Nz'The following tags: %s were added to %sz, )Zadd_tagsr2r[rD
rrprs)r=rE
�tag�valuer	r	r
r8�
s



���r8cCsH|r|j|
|d
�
t
�d||
�
|r"|j|
|d�
t
�d||
�
dSdS)N)rr~z$DNS support was set to: %s on vpc %s)rrz&DNS hostnames was set to: %s on vpc %s)Zmodify_vpc_attributerrp)r?�vpcidZdns_supportZ
dns_hostnamesr	r	r
r{�
s





�r{cCs�|jd
|
i
d�
}|st
�d�

dSd}|D]}t|di�D]}t|dd�r)|}
n
qq|s4t
�d�

dS|�d�}t||�
t
�d||
�
dS)	Nr�
rLzno default route table foundr�r?
Fz-default-tablez1Default route table name was set to: %s on vpc %s)r+
rr:r1r7rp)r?rH
rr-
Z
default_table�tableZassociationr<r	r	r
r|�
s$










��






r|cCsHg}t||�D]}i}|
D]}t
||�rt||�||<q
|�|�

q|S�
N)r1r�r�)rr�r��
elements_list�r_item�elementZr_keyr	r	r
�	_key_iters






�

rO
cCsPg}|�|g�D]}i}|
�
�D]\}}||vr|�|�
||<q|�|�

q|SrK
)rwr[r�)rr�r�rL
rM
rN
Zr_outkeyZr_inkeyr	r	r
rB

s





�

rB
c
Cs`|s
t||||d
�}|r.|j
d|
i
d�
}|D]}|jD]}	|	j|kr,|	js,|	j

SqqdS)zk
    helper function to find subnet explicit route table associations

    .. versionadded:: 2016.11.0
    r#rrI
N)r0r+
r�r�r?
r-)
r�rr?rrrrZvpc_route_tablesZvpc_route_tableZrt_associationr	r	r
r�s







��r�c
Cs�
t|||	|
d
�}|rt
||�rtd�
�
t||
f�
std�
�
t||f�
s'td�
�
|
r;t|
|||	|
d�}|s;dd�|
�
i
S|rPt||||	|
d�}|sPdd|�d	�i
S|||d
�}
|r_|
�d|i
�

|rh|
�d|i
�

zTt�d
�

|sy|j	di|
�
�
}n|j	di|
�
�
}|�
di�}|�
dd�}d|�d�}t�|�

|r�t�d�

|j|g
d|d�g
d�
t�d�

|d|�d�7}d|i
WStj
jy�
}
zt�d�

dtd|�
i
WYd}~Sd}~w
w)aS
    Request a VPC peering connection between two VPCs.

    .. versionadded:: 2016.11.0

    requester_vpc_id
        ID of the requesting VPC. Exclusive with requester_vpc_name.

    requester_vpc_name
        Name tag of the requesting VPC.  Exclusive with requester_vpc_id.

    peer_vpc_id
        ID of the VPC to create VPC peering connection with. This can be a VPC in
        another account. Exclusive with peer_vpc_name.

    peer_vpc_name
        Name tag of the VPC to create VPC peering connection with. This can only
        be a VPC in the same account and same region, else resolving it into a
        vpc ID will almost certainly fail. Exclusive with peer_vpc_id.

    name
        The name to use for this VPC peering connection.

    peer_owner_id
        ID of the owner of the peer VPC. Defaults to your account ID, so a value
        is required if peering with a VPC in a different account.

    peer_region
        Region of peer VPC. For inter-region vpc peering connections. Not required
        for intra-region peering connections.

        .. versionadded:: 3005

    region
        Region to connect to.

    key
        Secret key to be used.

    keyid
        Access key to be used.

    profile
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.

    dry_run
        If True, skip application and return status.

    CLI Example:

    .. code-block:: bash

        # Create a named VPC peering connection
        salt myminion boto_vpc.request_vpc_peering_connection vpc-4a3e622e vpc-be82e9da name=my_vpc_connection
        # Without a name
        salt myminion boto_vpc.request_vpc_peering_connection vpc-4a3e622e vpc-be82e9da
        # Specify a region
        salt myminion boto_vpc.request_vpc_peering_connection vpc-4a3e622e vpc-be82e9da region=us-west-2

    r#zXA VPC peering connection with this name already exists! Please specify a different name.zAExactly one of requester_vpc_id or requester_vpc_name is requiredz8Exactly one of peer_vpc_id or peer_vpc_name is required.rr(z&Could not resolve VPC name {} to an IDzCould not resolve VPC name �	 to an ID)r�Z	PeerVpcId�DryRunZPeerOwnerIdZ
PeerRegionz(Trying to request vpc peering connectionZVpcPeeringConnectionr>
�ERRORzVPC peering z requested.z)Adding name tag to vpc peering connectionr�)r@
r�)Z	Resourcesr=
z*Applied name tag to vpc peering connectionz With name �
.�msgz0Got an error while trying to request vpc peeringr/Nr	)r�_vpc_peering_conn_id_for_namerrrr3r�rrpZcreate_vpc_peering_connectionrwZcreate_tags�botocore�
exceptions�ClientErrorr(r)Zrequester_vpc_idZrequester_vpc_nameZpeer_vpc_idZ
peer_vpc_namer<Z
peer_owner_idZpeer_regionrrrr�dry_runr?Zpeering_paramsZvpc_peeringZpeeringZpeering_conn_idrT
rxr	r	r
�request_vpc_peering_connection+s|K

�

�

�





�
��


�


�















�






��rZ
cCs>d
|g
d�dtt
tgd�g}|
j|d�
�dg�}dd�|D�
S)a

    :param name: The name of the VPC peering connection.
    :type name: String
    :param conn: The boto aws ec2 connection.
    :return: The id associated with this peering connection

    Returns the VPC peering connection ids
    given the VPC peering connection name.
    rKr��status-code�
r<
�VpcPeeringConnectionsc
Ssg|]}
|
d�qS)
r>
r	)ri�
xr	r	r
rj�sz/_get_peering_connection_ids.<locals>.<listcomp>)�ACTIVE�PENDING_ACCEPTANCE�PROVISIONING� describe_vpc_peering_connectionsrw)r<r?rLZpeeringsr	r	r
�_get_peering_connection_ids�s

�
�rc
cCst|
|||d
�}dt
||�i
S)a
    Returns any VPC peering connection id(s) for the given VPC
    peering connection name.

    VPC peering connection ids are only returned for connections that
    are in the ``active``, ``pending-acceptance`` or ``provisioning``
    state.

    .. versionadded:: 2016.11.0

    :param name: The string name for this VPC peering connection
    :param region: The aws region to use
    :param key: Your aws key
    :param keyid: The key id associated with this aws account
    :param profile: The profile to use
    :return: dict

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.describe_vpc_peering_connection salt-vpc
        # Specify a region
        salt myminion boto_vpc.describe_vpc_peering_connection salt-vpc region=us-west-2

    r#zVPC-Peerings)rrc
)r<rrrrr?r	r	r
�describe_vpc_peering_connection�s
rd
�c	
Cs�t||
f�
s
t
d
�
�
t||||d�}|
r"t|
|�}|s"t
d�|
�
�
�
zt�d�

|j||d�
ddi
WStj	j
yT
}
zt�d�

d	td
|�
i
WYd}~Sd}~w
w)a�
    Request a VPC peering connection between two VPCs.

    .. versionadded:: 2016.11.0

    :param conn_id: The ID to use. String type.
    :param name: The name of this VPC peering connection. String type.
    :param region: The AWS region to use. Type string.
    :param key: The key to use for this connection. Type string.
    :param keyid: The key id to use.
    :param profile: The profile to use.
    :param dry_run: The dry_run flag to set.
    :return: dict

    Warning: Please specify either the ``vpc_peering_connection_id`` or
    ``name`` but not both. Specifying both will result in an error!

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.accept_vpc_peering_connection name=salt-vpc
        # Specify a region
        salt myminion boto_vpc.accept_vpc_peering_connection name=salt-vpc region=us-west-2
        # specify an id
        salt myminion boto_vpc.accept_vpc_peering_connection conn_id=pcx-8a8939e3

    zIOne (but not both) of vpc_peering_connection_id or name must be provided.r#z�No ID found for this VPC peering connection! ({}) Please make sure this VPC peering connection exists or invoke this function with a VPC peering connection IDz'Trying to accept vpc peering connection�rQ
r>
rT
z VPC peering connection accepted.z/Got an error while trying to accept vpc peeringr(r/N)
rrrrU
r3rrp�accept_vpc_peering_connectionrV
rW
rX
r(r)	�conn_idr<rrrrrY
r?rxr	r	r
rg
�s.

�




�	



�




��rg
cCsHt�
d
�

t||
�}|sdg
}|dSt|�
dkr td�|�
�
�
|dS)z.
    Get the ID associated with this name
    z$Retrieving VPC peering connection idNrOz�Found multiple VPC peering connections with the same name!! Please make sure you have only one VPC peering connection named {} or invoke this function with a VPC peering connection IDr
)rrprc
rSrr3)r<r?Zidsr	r	r
rU
3s




�

�	rU
c

Cs�t||
f�
s
t
d
�
�
t||||d�}|
r#t|
|�}|s#t
d|
�d��
�
zt�d�

|j||d�
ddi
WStjj	y[
}
zt
d	|�
}	t�d
|
pJ||	�
d|	i
WYd}~Sd}~w
w)
a�
    Delete a VPC peering connection.

    .. versionadded:: 2016.11.0

    conn_id
        The connection ID to check.  Exclusive with conn_name.

    conn_name
        The connection name to check.  Exclusive with conn_id.

    region
        Region to connect to.

    key
        Secret key to be used.

    keyid
        Access key to be used.

    profile
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.

    dry_run
        If True, skip application and simply return projected status.

    CLI Example:

    .. code-block:: bash

        # Create a named VPC peering connection
        salt myminion boto_vpc.delete_vpc_peering_connection conn_name=salt-vpc
        # Specify a region
        salt myminion boto_vpc.delete_vpc_peering_connection conn_name=salt-vpc region=us-west-2
        # specify an id
        salt myminion boto_vpc.delete_vpc_peering_connection conn_id=pcx-8a8939e3

    �5Exactly one of conn_id or conn_name must be provided.r#z(Couldn't resolve VPC peering connection rP
z'Trying to delete vpc peering connectionrf
rT
zVPC peering connection deleted.r/z#Failed to delete VPC peering %s: %sr(N)rrrrU
rrp�delete_vpc_peering_connectionrV
rW
rX
rr()
rh
�	conn_namerrrrrY
r?rxrAr	r	r
rj
Hs.0

�






�



�




��rj
c
Cs�t||
f�
s
t
d
�
�
t||||d�}|r |j|g
d�
�dg�}nd|
g
d�dtttgd�g}|j|d�
�dg�}|s<d	St|�
d
krKt
d�	|pH|
�
�
�
|dd
d}	|	tkS)ai
    Check if a VPC peering connection is in the pending state.

    .. versionadded:: 2016.11.0

    conn_id
        The connection ID to check.  Exclusive with conn_name.

    conn_name
        The connection name to check.  Exclusive with conn_id.

    region
        Region to connect to.

    key
        Secret key to be used.

    keyid
        Access key to be used.

    profile
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.is_peering_connection_pending conn_name=salt-vpc
        # Specify a region
        salt myminion boto_vpc.is_peering_connection_pending conn_name=salt-vpc region=us-west-2
        # specify an id
        salt myminion boto_vpc.is_peering_connection_pending conn_id=pcx-8a8939e3

    ri
r#)
ZVpcPeeringConnectionIdsr]
rKr�r[
r\
FrO�iFound more than one ID for the VPC peering connection ({}). Please call this function with an ID instead.r
�Status�Code)
rrrrb
rwr_
r`
ra
rSr3)
rh
rk
rrrrr?rqrL�statusr	r	r
�is_peering_connection_pending�s8&

�

��

��
�




�rp
cCs�t||
f�
s
t
d
�
�
t||f�
st
d�
�
|r)t|||||d�}|s)t�d|�
dSt||||d�}d|g
d�d	tttgd�g}	|rK|	d
|g
d�g
7}	n	|	d|
g
d�g
7}	|j	|	d�
�
d
g�}
|
sbdSt|
�
dkrqt
d�|pn|
�
�
�
|
ddd}t
|tk�
S)a�
    Check if a VPC peering connection is in the pending state, and requested from the given VPC.

    .. versionadded:: 2016.11.0

    conn_id
        The connection ID to check.  Exclusive with conn_name.

    conn_name
        The connection name to check.  Exclusive with conn_id.

    vpc_id
        Is this the ID of the requesting VPC for this peering connection.  Exclusive with vpc_name.

    vpc_name
        Is this the Name of the requesting VPC for this peering connection.  Exclusive with vpc_id.

    region
        Region to connect to.

    key
        Secret key to be used.

    keyid
        Access key to be used.

    profile
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.

    CLI Example:

    .. code-block:: bash

        salt myminion boto_vpc.is_peering_connection_pending name=salt-vpc

    ri
z3Exactly one of vpc_id or vpc_name must be provided.rz&Could not resolve VPC name %s to an IDFr#zrequester-vpc-info.vpc-idr�r[
zvpc-peering-connection-idrKr\
r]
rOrl
r
rm
rn
)rrr"rr:rr_
r`
ra
rb
rwrSr3r6)rh
rk
rrrrrrr?rLrqro
r	r	r
�#peering_connection_pending_from_vpc�s@/

�



�



�

�




�rq
)NNNNNN)NNNNNNN)NNNN)NNNNNNNN)	NNNNNNNNN)NNNNN)NNNNNNNNNNF)
NNNNNNNNNN)NNFNNNN)
NNNNNr�NNNN)FNNNNFr�)
NNNNNNNNNNNNN)NNNNNNNNNNNFNNNN)NNNNNNNNNNNNNNN)NNNNNNNNNNN)NNNNNNNNNNNNNNNN)NNNNNNNNNNNF)re
re
NNNNF)NNNNNNF)h�__doc__�loggingr�r
r�Zsalt.utils.compatrZsalt.utils.versionsZsalt.exceptionsrrra
r`
r_
�	getLoggerrrrZboto.vpcrV
Zboto.exceptionr�setLevel�CRITICALr�ImportErrorrrrrr"rBrHrWr^r4rardrrrtrbr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r
r
r
r
r
r
r
r
r"
r$
r%
r.
r/
r0
r2
r9
r:
r;
rA
rC
r7r8r{r|rO
rB
r�rZ
rc
rd
rg
rU
rj
rp
rq
r	r	r	r
�<module>
s~












�


�






�)





�D





�>





�<






�
/





�"






�-







�0






�:






�%







�5








�;







�I





�I







�
D(










�A
�









�
R/
�6







�S







�9






�S









�G









�-









�)






�M






�Y





�*





�$





�"












�C





�:





�"





�4







�+









�Y






�7







�*







�L







�7















�W














�"














�#







�>







�-





�







�*










�W







�G
�$
�















�:






�>










�O







�j




�	
�











�
�"
�=






�I
�L






�