o

�N�g��@s�
dZd
dl
Z
d
dlm
mZ
dZe
�e�
Zdd�Z									d1dd�
Z
d2dd	�
Z													d3d
d�
Z	d4dd
�
Z
											d5dd�
Zdd�Z	d4dd�
Z							d6dd�
Z	d7dd�
Z										d8dd�
Z							d6dd�
Z	d2dd�
Z							d6dd �
Zd9d!d"�
Z							d6d#d$�
Z								
d:d%d&�
Z							d6d'd(�
Z											d;d)d*�
Z											d;d+d,�
Z	d4d-d.�
Z	d4d/d0�
ZdS)<aB
Manage VPCs
=================

.. versionadded:: 2015.8.0

:depends:

- boto >= 2.8.0
- boto3 >= 1.2.6

Create and destroy VPCs. Be aware that this interacts with Amazon's services,
and so may incur charges.

This module accepts explicit vpc credentials but can also utilize
IAM roles assigned to the instance through Instance Profiles. Dynamic
credentials are then automatically obtained from AWS API and no further
configuration is necessary. More information available `here
<http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html>`_.

If IAM roles are not used you need to specify them either in a pillar file or
in the minion's config file:

.. code-block:: yaml

    vpc.keyid: GKTADJGHEIQSXMKKRBJ08H
    vpc.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

It's also possible to specify ``key``, ``keyid`` and ``region`` via a profile,
either passed in as a dict, or as a string to pull from pillars or minion
config:

.. code-block:: yaml

    myprofile:
      keyid: GKTADJGHEIQSXMKKRBJ08H
      key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
      region: us-east-1

.. code-block:: yaml

    aws:
      region:
        us-east-1:
          profile:
            keyid: GKTADJGHEIQSXMKKRBJ08H
            key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
            region: us-east-1

.. code-block:: jinja

    Ensure VPC exists:
      boto_vpc.present:
        - name: myvpc
        - cidr_block: 10.10.11.0/24
        - dns_hostnames: True
        - region: us-east-1
        - keyid: GKTADJGHEIQSXMKKRBJ08H
        - key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

    Ensure subnet exists:
      boto_vpc.subnet_present:
        - name: mysubnet
        - vpc_id: vpc-123456
        - cidr_block: 10.0.0.0/16
        - region: us-east-1
        - profile: myprofile

    {% set profile = salt['pillar.get']('aws:region:us-east-1:profile' ) %}
    Ensure internet gateway exists:
      boto_vpc.internet_gateway_present:
        - name: myigw
        - vpc_name: myvpc
        - profile: {{ profile }}

    Ensure route table exists:
      boto_vpc.route_table_present:
        - name: my_route_table
        - vpc_id: vpc-123456
        - routes:
          - destination_cidr_block: 0.0.0.0/0
            instance_id: i-123456
          - subnet_names:
            - subnet1
            - subnet2
          - region: us-east-1
          - profile:
            keyid: GKTADJGHEIQSXMKKRBJ08H
            key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

.. versionadded:: 2016.11.0

Request, accept and delete VPC peering connections.
VPC peering connections can be named allowing the name
to be used throughout the state file. Following
example shows how to request and accept a VPC
peering connection.

.. code-block:: yaml

    accept the vpc peering connection:
      boto_vpc.accept_vpc_peering_connection:
        - conn_name: salt_vpc_peering
        - region: us-west-2
        - require:
          - boto_vpc: request a vpc peering connection

    request a vpc peering connection:
      boto_vpc.request_vpc_peering_connection:
        - requester_vpc_id: vpc-4a3d522e
        - peer_vpc_id: vpc-ae81e9ca
        - region: us-west-2
        - conn_name: salt_vpc_peering

VPC peering connections need not be named. In this case
the VPC peering connection ID should be used in the state
file.

.. code-block:: yaml

    accept the vpc peering connection:
      boto_vpc.accept_vpc_peering_connection:
        - conn_id: pcx-1873c371
        - region: us-west-2

VPC peering connections can be deleted, as shown below.

.. code-block:: yaml

    delete a named vpc peering connection:
      boto_vpc.delete_vpc_peering_connection:
        - conn_name: salt_vpc_peering

Delete also accepts a VPC peering connection id.

.. code-block:: yaml

    delete a vpc peering connection by id:
      boto_vpc.delete_vpc_peering_connection:
        - conn_id: pcx-1873c371

�NZboto_vpccCs$d
}d}
dtvr
t
Sdd�||
�fS)z)
    Only load if boto is available.
    z2.8.0z1.2.6�boto_vpc.existsFzbThe following libraries are required to run the boto_vpc state module: boto >= {} and boto3 >= {}.)�__salt__�__virtualname__�format)Zboto_versionZ
boto3_version�r�H/opt/saltstack/salt/lib/python3.10/site-packages/salt/states/boto_vpc.py�__virtual__�s




�rc

Cs 
|d
did�}
td||||||	d�}d|vr(d|
d<d	�
|dd
�
|
d<|
S|�d�
s�td
r?d|�d�|
d<d|
d<|
Std|
|||||||||	d�
}|�d�
sed|
d<d�
|dd
�
|
d<|
Std|d||||	d�}ddi
|
dd<||
dd<d|�d�|
d<|
Sd|
d<|
S)a
    Ensure VPC exists.

    name
        Name of the VPC.

    cidr_block
        The range of IPs in CIDR format, for example: 10.0.0.0/24. Block
        size must be between /16 and /28 netmask.

    instance_tenancy
        Instances launched in this VPC will be ingle-tenant or dedicated
        hardware.

    dns_support
        Indicates whether the DNS resolution is supported for the VPC.

    dns_hostnames
        Indicates whether the instances launched in the VPC get DNS hostnames.

    tags
        A list of tags.

    region
        Region to connect to.

    key
        Secret key to be used.

    keyid
        Access key to be used.

    profile
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.
    T���name�result�comment�changesr�r�tags�region�key�keyid�profile�errorFrzFailed to create VPC: {}.�messager
�exists�test�VPC � is set to be created.Nzboto_vpc.create)	�instance_tenancy�vpc_nameZenable_dns_supportZenable_dns_hostnamesrrrrr�createdzError in creating VPC: {}.zboto_vpc.describe�id)�vpc_idrrrr�vpcr�old�new�	 created.zVPC present.�rr�get�__opts__)
r�
cidr_blockrZdns_supportZ
dns_hostnamesrrrrr�ret�
r�	_describerrr�present�sL0
�


















�





�




r+c	Cs

|d
did�}td||
||||d�}d|vr(d|d<d	�
|dd
�
|d<|S|�d�
}|s8|�d
�|d<|StdrJd|�d�|d<d|d<|Std||
||||d�}|dskd|d<d	�
|dd
�
|d<|Sd|i
|dd<ddi
|dd<d|�d�|d<|S)a�

    Ensure VPC with passed properties is absent.

    name
        Name of the VPC.

    tags
        A list of tags. All tags must match.

    region
        Region to connect to.

    key
        Secret key to be used.

    keyid
        Access key to be used.

    profile
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.
    Tr	r
zboto_vpc.get_idrrFrzFailed to delete VPC: {}.rr
rz VPC does not exist.rr� is set to be removed.Nzboto_vpc.delete)rrrrrr�deletedr rr!r"�	 deleted.r$)	rrrrrrr(r)�_idrrr�absent
s6
�











�






r0cCs 
|d
did�}|||||d�}td|
||
|||
d�}d|vr0d|d	<d
�
|dd�
|d<|S|�d
�
r;d|d<|StdrMd|�d�|d<d|d	<|Std|||||||	|||
|||
d�
}|�d�
svd|d	<d�
|dd�
|d<|Sddi
|dd<d|i
|dd<d|�d�|d<|S)a�
    Ensure a set of DHCP options with the given settings exist.
    Note that the current implementation only SETS values during option set
    creation.  It is unable to update option sets in place, and thus merely
    verifies the set exists via the given name and/or dhcp_options_id param.

    name
        (string)
        Name of the DHCP options.

    vpc_name
        (string)
        Name of a VPC to which the options should be associated.  Either
        vpc_name or vpc_id must be provided.

    vpc_id
        (string)
        Id of a VPC to which the options should be associated.  Either
        vpc_name or vpc_id must be provided.

    domain_name
        (string)
        Domain name to be assiciated with this option set.

    domain_name_servers
        (list of strings)
        The IP address(es) of up to four domain name servers.

    ntp_servers
        (list of strings)
        The IP address(es) of up to four desired NTP servers.

    netbios_name_servers
        (list of strings)
        The IP address(es) of up to four NetBIOS name servers.

    netbios_node_type
        (string)
        The NetBIOS node type (1, 2, 4, or 8).  For more information about
        the allowed values, see RFC 2132.  The recommended is 2 at this
        time (broadcast and multicast are currently not supported).

    tags
        (dict of key:value pairs)
        A set of tags to be added.

    region
        (string)
        Region to connect to.

    key
        (string)
        Secret key to be used.

    keyid
        (string)
        Access key to be used.

    profile
        (various)
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.

    .. versionadded:: 2016.3.0
    Tr	r
)�domain_name�domain_name_servers�ntp_servers�netbios_name_servers�netbios_node_typezboto_vpc.dhcp_options_exists)�dhcp_options_id�dhcp_options_namerrrrrFrz$Failed to validate DHCP options: {}.rr
rzDHCP options already present.r�
DHCP options z are set to be created.Nzboto_vpc.create_dhcp_options)
r1r2r3r4r5r7rrrrrrrrz!Failed to create DHCP options: {}�dhcp_optionsrr!r"r#r$)rr6rrr1r2r3r4r5rrrrrr(Z_newr)rrr�dhcp_options_present<
sjQ



�






�



�


















�




�


r:c	Cs
|d
did�}tdd|||||d�}d|vr(d|d	<d
�
|dd�
|d<|S|�d
�
}|s9d|�d�|d<|StdrKd|�d�|d<d|d	<|Std|d
||||d�}|�d�
snd|d	<d�
|dd�
|d<|Sd|i
|dd<ddi
|dd<d|�d�|d<|S)a;
    Ensure a set of DHCP options with the given settings exist.

    name
        (string)
        Name of the DHCP options set.

    dhcp_options_id
        (string)
        Id of the DHCP options set.

    region
        (string)
        Region to connect to.

    key
        (string)
        Secret key to be used.

    keyid
        (string)
        Access key to be used.

    profile
        (various)
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.

    .. versionadded:: 2016.3.0
    Tr	r
�boto_vpc.get_resource_idr9�rrrrrrFrz"Failed to delete DHCP options: {}.rr
rr8z do not exist.rz are set to be deleted.Nzboto_vpc.delete_dhcp_options)r6rrrrr-z!Failed to delete DHCP options: {}rr!r"r.r$)	rr6rrrrr(r)r/rrr�dhcp_options_absent�
s>!
�



�






�




�


r=Fc

Cs�|d
did�}
td||||||	d�}d|vr(d|
d<d	�
|dd
�
|
d<|
Sd}d}d}|
s2|r�d}d}|
rF|
}td
|
||||	d�}n|rU|}td
|||||	d�}|r~d|vr~|dr~|
rod
}td|
||||	d�}n|r~d
}td|||||	d�}|s�d|
d<d�
|�
|
d<|
S|�d�
s�tdr�d|�d�|
d<d|
d<|
Std||
|||||||||	d�}|�d�
s�d|
d<d�
|dd
�
|
d<|
Std|d||||	d�}ddi
|
dd<||
dd <d|�d!�|
d<nd"|
d<|�
r�|�
std|||||	d#�}t||dd��
s�td�
r)d$|��}d%�|
d|g�
|
d<d|
d<|
Sd&|dv�
r_t�d'�

td(|dd&||||	d)�}|d*�
s_d+�
|�
}d%�|
d|g�
|
d<d|
d<|
Sd|
dv
�
rl||
dd<td,|d|||||	d-�}d|v�
r�d.�
|||dd
�}d%�|
d|g�
|
d<d|
d<|
Sd/|�d0�}d%�|
d|g�
|
d<d |
dv
�
r�td|||||	d#�|
dd <|
S|d1|
dd dd&<|
Sd%�|
dd2|��g�
|
d<|
S)3a
    Ensure a subnet exists.

    name
        Name of the subnet.

    cidr_block
        The range if IPs for the subnet, in CIDR format. For example:
        10.0.0.0/24. Block size must be between /16 and /28 netmask.

    vpc_name
        Name of the VPC in which the subnet should be placed. Either
        vpc_name or vpc_id must be provided.

    vpc_id
        Id of the VPC in which the subnet should be placed. Either vpc_name
        or vpc_id must be provided.

    availability_zone
        AZ in which the subnet should be placed.

    tags
        A list of tags.

    route_table_id
        A route table ID to explicitly associate the subnet with.  If both route_table_id
        and route_table_name are specified, route_table_id will take precedence.

        .. versionadded:: 2016.11.0

    route_table_name
        A route table name to explicitly associate the subnet with.  If both route_table_id
        and route_table_name are specified, route_table_id will take precedence.

        .. versionadded:: 2016.11.0

    region
        Region to connect to.

    key
        Secret key to be used.

    keyid
        Access key to be used.

    profile
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.
    Tr	r
zboto_vpc.subnet_exists)�subnet_namerrrrrrFrzFailed to create subnet: {}.rr
Nzboto_vpc.route_table_exists��route_table_idrrrr��route_table_namerrrrr�boto_vpc.describe_route_tablesz0The specified route table {} could not be found.r�Subnet rzboto_vpc.create_subnet)r>r'�availability_zone�auto_assign_public_ipv4rrrrrrrrzFailed to create subnet: {}zboto_vpc.describe_subnetr)�	subnet_idrrrr�subnetrr!r"r#zSubnet present.�r>rrrrz0Subnet is set to be associated with route table �
 Z#explicit_route_table_association_idz.Need to disassociate from existing route table�!boto_vpc.disassociate_route_table�rrrrZ
disassociatedz>Unable to disassociate subnet {} with its current route table.�boto_vpc.associate_route_table)r@r>rrrr�6Failed to associate subnet {} with route table {}: {}.z0Subnet successfully associated with route table �
.Zassociation_idz.Subnet is already associated with route table )rrr%r&�_verify_subnet_association�join�log�debug)rr'rrrErrrrrr@rBrFr(r)�route_table_descr*ZrtidZrtZroute_table_found�msgZdrt_retZart_retrrr�subnet_presents>
A





�	















�






�









�






�


�
















�






�





�
















�


�










�


�









���
�
�
��rVcCs0|rd
|vr|d
D]}|d|
kr
dSq
dS)a

    Helper function verify a subnet's route table association

    route_table_desc
        the description of a route table, as returned from boto_vpc.describe_route_tables

    subnet_id
        the subnet id to verify

    .. versionadded:: 2016.11.0
    �associationsrGTFr)rTrGZassociationrrrrPs



�rPc	Cs
|d
did�}tdd|||||d�}d|vr(d|d	<d
�
|dd�
|d<|S|�d
�
}|s8|�d�|d<|StdrLd�
||d
�|d<d|d	<|Std|||||d�}|�d�
smd|d	<d�
|dd�
|d<|Sd|i
|dd<ddi
|dd<d|�d�|d<|S)ae

    Ensure subnet with passed properties is absent.

    name
        Name of the subnet.

    region
        Region to connect to.

    key
        Secret key to be used.

    keyid
        Access key to be used.

    profile
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.
    Tr	r
r;rHr<rFrzFailed to delete subnet: {}.rr
rz subnet does not exist.rz$Subnet {} ({}) is set to be removed.Nzboto_vpc.delete_subnetrIr-zFailed to delete subnet: {}rr!r"rDr.r$)	rrGrrrrr(r)r/rrr�
subnet_absents6
�










�






rXc

Cs
|d
did�}tdd|||||d�}	d|	vr(d|d	<d
�
|	dd�
|d<|S|	�d
�
stdr?d|�d�|d<d|d	<|Std||
||||||d�}	|	�d�
scd|d	<d�
|	dd�
|d<|Sddi
|dd<d|	di
|dd<d|�d�|d<|Sd|�d�|d<|S)ah
    Ensure an internet gateway exists.

    name
        Name of the internet gateway.

    vpc_name
        Name of the VPC to which the internet gateway should be attached.

    vpc_id
        Id of the VPC to which the internet_gateway should be attached.
        Only one of vpc_name or vpc_id may be provided.

    tags
        A list of tags.

    region
        Region to connect to.

    key
        Secret key to be used.

    keyid
        Access key to be used.

    profile
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.
    Tr	r
zboto_vpc.resource_exists�internet_gatewayr<rFrz&Failed to create internet gateway: {}.rr
rr�Internet gateway rNz boto_vpc.create_internet_gateway)�internet_gateway_namerrrrrrrrz%Failed to create internet gateway: {}rr!rr"r#�	 present.r$)
rrrrrrrrr(r)rrr�internet_gateway_presentNsT(





�



�













�





�




r]c	Cs
|d
did�}tdd|||||d�}d|vr(d|d	<d
�
|dd�
|d<|S|d
}|s8d|�d�|d<|StdrJd|�d�|d<d|d	<|Std||
||||d�}|�d�
sld|d	<d
�
|dd�
|d<|Sd|i
|dd<ddi
|dd<d|�d�|d<|S)a�

    Ensure the named internet gateway is absent.

    name
        Name of the internet gateway.

    detach
        First detach the internet gateway from a VPC, if attached.

    region
        Region to connect to.

    key
        Secret key to be used.

    keyid
        Access key to be used.

    profile
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.
    Tr	r
r;rYr<rFrz&Failed to delete internet gateway: {}.rr
rrZ� does not exist.rr,Nz boto_vpc.delete_internet_gateway)r[�detachrrrrr-rr!r"r.)rrr&r%)	rr_rrrrr(r)Zigw_idrrr�internet_gateway_absent�sR





�



�












�




�



r`c

Csf
|d
did�}t||
|||||	|
d�}|d|d<d�
|d|dg�
|d<|dsD|d|d<|dd	ur8|S|dd
urDtdrD|St||||||	|
d�}t�|d|d�|d<d�
|d|dg�
|d<|dsz|d|d<|dd	urz|St|||||||	|
d
�}t�|d|d�|d<d�
|d|dg�
|d<|ds�|d|d<|dd	ur�|S|S)a�
    Ensure route table with routes exists and is associated to a VPC.

    This function requires boto3 to be installed if nat gatewyas are specified.

    Example:

    .. code-block:: yaml

        boto_vpc.route_table_present:
          - name: my_route_table
          - vpc_id: vpc-123456
          - routes:
            - destination_cidr_block: 0.0.0.0/0
              internet_gateway_name: InternetGateway
            - destination_cidr_block: 10.10.11.0/24
              instance_id: i-123456
            - destination_cidr_block: 10.10.12.0/24
              interface_id: eni-123456
            - destination_cidr_block: 10.10.13.0/24
              instance_name: mygatewayserver
          - subnet_names:
            - subnet1
            - subnet2

    name
        Name of the route table.

    vpc_name
        Name of the VPC with which the route table should be associated.

    vpc_id
        Id of the VPC with which the route table should be associated.
        Either vpc_name or vpc_id must be provided.

    routes
        A list of routes.  Each route has a cidr and a target.

    subnet_ids
        A list of subnet ids to associate

    subnet_names
        A list of subnet names to associate

    tags
        A list of tags.

    region
        Region to connect to.

    key
        Secret key to be used.

    keyid
        Access key to be used.

    profile
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.
    Tr	r
)rrrrrrrrrrJr
rFNr)rB�routesrrrrr)rB�
subnet_ids�subnet_namesrrrrr)�_route_table_presentrQr&�_routes_present�
dictupdate�update�_subnets_present)
rrrrarbrcrrrrrr(Z_retrrr�route_table_present�sfI







�















�	













�






ric
Cs 
|d
did�}tdd|||||d�}	d|	vr(d|d	<d
�
|	dd�
|d<|S|	�d
�
}
|
s�tdrCd|�d�}||d<d|d	<|Std||
||||||d�}	|	�d�
sgd|d	<d
�
|	dd�
|d<|Sddi
|dd<d|	d
i
|dd<d|�d�|d<|Sd|�d|
�d�|d<|S)NTr	r
r;�route_table)ZresourcerrrrrrFrz!Failed to create route table: {}.rr
rr�Route table rzboto_vpc.create_route_table)rBrrrrrrrrrr!r"r#z (z
) present.r$)rrrrrrrrr(r)r/rUrrrrdlsX






�



�













�





�




rdc	Cs�|d
did�}td||||||d�}d|vr+d�
||dd�}	|	|d	<d
|d<|S|d}g}
|
�
rRhd
�
}|
D�
]}i}
|��D]\}}||vrQ|||
|<qC|�d�
r�tdd|d||||d�}d|vr�d�
|�d�
|dd�}	|	|d	<d
|d<|
S|ddur�d|�d�}	|	|d	<d
|d<|
S|d|
d<|�d�
r�tdd|d||||d�}d|vr�d�
|�d�
|dd�}	|	|d	<d
|d<|
S|ddur�d|�d�}	|	|d	<d
|d<|
S|d|
d<|�d�
�
r d}td|d|||||d�}|du�
rd �
|d�
}	|	|d	<d
|d<|
S||
d!<|�d"�
�
rLtd#|d"||||d$�}|�
sDd%}	|	|d	<d
|d<|
S|dd&|
d'<|
�|
�

q:g}g}|
D]}||d(v
�
rh|�t|�
�

�
qX|d(D]}||
v
�
r�|�d�
d)k�
r�|�|�

�
qn|�
s�|�rDtd*�
r�d+|�d,�}	|	|d	<d|d<|S|�
r�|D];}td-|d|d.||||d/�}|d0�
s�d1�
|d.||dd�}	|	|d	<d
|d<|
Sd2�
|d.|�|d	<�
q�|�r"|D]<}td3d;|d||||d4�|�
�
}|d5�sd6�
|d.||dd�}	|	|d	<d
|d<|
Sd7�
|d.|�|d	<�
q�d(|d(i
|d8d9<td||||||d�}d(|dd(i
|d8d:<|S)<NTr	r
rC�rBrrrrrrz9Could not retrieve configuration for route table {}: {}`.rr
Frr
>�nat_gateway_id�vpc_peering_connection_id�
gateway_id�destination_cidr_blockZinterface_id�instance_idr[r;rYr<z/Error looking up id for internet gateway {}: {}rrZr^roZvpc_peering_connection_nameZvpc_peering_connectionz5Error looking up id for VPC peering connection {}: {}zVPC peering connection rnZ
instance_name)�pendingZ	rebootingZrunningZstopping�stoppedzboto_ec2.get_id)rrrrrZ	in_stateszInstance {} does not exist.rqZnat_gateway_subnet_name�boto_vpc.describe_nat_gatewaysrI�Nat gateway does not exist.�NatGatewayIdrmra�localrrkz set to have routes modified.zboto_vpc.delete_routerp)r@rprrrrr-z2Failed to delete route {} from route table {}: {}.z%Deleted route {} from route table {}.zboto_vpc.create_router?rz0Failed to create route {} in route table {}: {}.z#Created route {} in route table {}.rr!r"r)rr�itemsr%�append�dictr&)rBrarrrrrr(rjrUZ_routesZ
route_keys�
iZ_r�
k�
vr)Zrunning_states�	to_delete�	to_createZroute�resrrrre�s^






�

�








�








�

�
















�
��















�












�









�





�















�





�



�






��





�



�






�
rec	s�|d
did�}|
sg}
|rV|D]F}	tdd|	||||d�}
d|
vr6d�
|
dd	�
}||d
<d|d<|
S|
d
durNd|	�d�}||d
<d|d<|
S|
�|
d
�

qtd||||||d�}|ssd�
|�
}||d
<d|d<|Sdd�|dD�
��f
dd�|
D�
}
g}|dD]}|d|
v
r�|ddu
r�|�|d
�

q�|
s�|�
rGtdr�d�
|�
}||d
<d|d<|S|r�|D]/}td|||||�}
d|
vr�d�
|||
dd	�}||d
<d|d<|
Sd�
||�|d
<q�|
�
r'|
D]4}td|d
|||||d�}
d|
v�
rd�
|||
dd	�}||d
<d|d<|
Sd �
||�|d
<q�d!|di
|d"d#<td||||||d�}d!|di
|d"d$<|S)%NTr	r
r;rHr<rzError looking up subnet ids: {}rr
FrrrDr^rCrlz4Could not retrieve configuration for route table {}.c
Ssg|]}
|
d�qS)
rGr��.0�
xrrr�
<listcomp>�sz$_subnets_present.<locals>.<listcomp>rWc
sg|]}
|
�v
r|
�qSrrr��
Z	assoc_idsrrr��srGrz:Subnet associations for route table {} set to be modified.rKz0Failed to dissociate {} from route table {}: {}.z*Dissociated subnet {} from route table {}.rM)r@rGrrrrrNz)Associated subnet {} with route table {}.Zsubnets_associationsrr!r")rrryr&)rBrbrcrrrrrr(r{r)rUrjrr~r�Zr_ascZsnZnew_subrr�rrhks�




�















�

�




�



�






�

�




�







�

��




�






�
rhcCs
|d
did�}tdd||
|||d�}d|vr%d|d	<|dd
|d<|S|d}|s5d
|�d�|d<|St
drGd
|�d�|d<d|d	<|Std||
|||d�}d|vrgd|d	<d�|dd
�
|d<|Sd|i
|dd<ddi
|dd<d
|�d�|d<|S)ab

    Ensure the named route table is absent.

    name
        Name of the route table.

    region
        Region to connect to.

    key
        Secret key to be used.

    keyid
        Access key to be used.

    profile
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.
    Tr	r
r;rjr<rFrrr
rrkr^rr,Nzboto_vpc.delete_route_tablerAz Failed to delete route table: {}rr!r"r.)rr&r)rrrrrr(r)�rtbl_idrrr�route_table_absent�s:
�









�



�



r�c
	Cs�|d
did�}td|
|||||d�}	|	s`t
dr%d}
|
|d<d	|d
<|Std|
||||||d�}	|	�d
�
sHd|d
<d�|	dd�
|d<|Sdd	i
|dd<d|	di
|dd<d|d<|S|	d}|�d�
}d|�d�|d<|S)a�
    Ensure a nat gateway exists within the specified subnet

    This function requires boto3.

    .. versionadded:: 2016.11.0

    Example:

    .. code-block:: yaml

        boto_vpc.nat_gateway_present:
          - subnet_name: my-subnet

    name
        Name of the state

    subnet_name
        Name of the subnet within which the nat gateway should exist

    subnet_id
        Id of the subnet within which the nat gateway should exist.
        Either subnet_name or subnet_id must be provided.

    allocation_id
        If specified, the elastic IP address referenced by the ID is
        associated with the gateway. Otherwise, a new allocation_id is created and used.

    region
        Region to connect to.

    key
        Secret key to be used.

    keyid
        Access key to be used.

    profile
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.
    Tr	r
rt�r>rGrrrrrz!Nat gateway is set to be created.r
Nrzboto_vpc.create_nat_gateway)r>rGrrrr�
allocation_idrFz!Failed to create nat gateway: {}.rr�nat_gatewayrr!rr"zNat gateway created.r
rv�Nat gateway r\)rr&r%r)
rr>rGrrrrr�r(r)rU�instr/rrr�nat_gateway_presentsL3





�











�
	



�






r�cCs�|d
did�}td|
|||||d�}	|	sd|d<|St
dr)d	|d<d
|d<|S|	D];}
|
�d�
}td
|d
||||d
|d�}	d|	vrWd|d<d�|	dd�
|d<|
Sd�|dd|�d�f�
|d<q+d|i
|dd<dd
i
|dd<|S)a
    Ensure the nat gateway in the named subnet is absent.

    This function requires boto3.

    .. versionadded:: 2016.11.0

    name
        Name of the state.

    subnet_name
        Name of the subnet within which the nat gateway should exist

    subnet_id
        Id of the subnet within which the nat gateway should exist.
        Either subnet_name or subnet_id must be provided.

    region
        Region to connect to.

    key
        Secret key to be used.

    keyid
        Access key to be used.

    profile
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.

    wait_for_delete_retries
        NAT gateway may take some time to be go into deleted or failed state.
        During the deletion process, subsequent release of elastic IPs may fail;
        this state will automatically retry this number of times to ensure
        the NAT gateway is in deleted or failed state before proceeding.
        Default is set to 0 for backward compatibility.

    Tr	r
rtr�rur
rz!Nat gateway is set to be removed.Nrrvzboto_vpc.delete_nat_gateway)rmZrelease_eipsrrrrZwait_for_delete�wait_for_delete_retriesrFz Failed to delete nat gateway: {}rz, r�r.r�rr!r")rr&r%rrQ)rr>rGrrrrr�r(r)Zgwr�rrr�nat_gateway_absentysL1





�















�




� 



r�cCs�t�
d
�

td|
|||||d�}|didd�}|s)d|d<|d�d	d
i
�

|Stdr8|d�d	di
�

|Sd
}	t�
d|	�
t|	|
|||||d�}
d|
vr_d�|
d�
|d<d|d<|S|d�d|
dd��

|S)a�
    Accept a VPC pending requested peering connection between two VPCs.

    name
        Name of this state

    conn_id
        The connection ID to accept. Exclusive with conn_name. String type.

    conn_name
        The name of the VPC peering connection to accept. Exclusive with conn_id. String type.

    region
        Region to connect to.

    key
        Secret key to be used.

    keyid
        Access key to be used.

    profile
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.

    .. versionadded:: 2016.11.0

    Example:

    .. code-block:: yaml

        boto_vpc.accept_vpc_peering_connection:
          - conn_name: salt_peering_connection

        # usage with vpc peering connection id and region
        boto_vpc.accept_vpc_peering_connection:
          - conn_id: pbx-1873d472
          - region: us-west-2

    z-Called state to accept VPC peering connection�&boto_vpc.is_peering_connection_pending��conn_id�	conn_namerrrrT�Boto VPC peering state�rrrr
rrr!z<No pending VPC peering connection found. Nothing to be done.rz8Pending VPC peering connection found and can be acceptedz&boto_vpc.accept_vpc_peering_connectionz4Calling `%s()` to accept this VPC peering connection)r�rrrrrrz Failed to accept VPC peering: {}r
Fr	rU�r!r")rRrSrrgr&r)rr�r�rrrrrrr(Zfunrrrr�accept_vpc_peering_connection�sR
1






�



�


�

�








�	


r�c
Cs�t�
d
�

|didd�}|rtd|||	|
|d��dg�}
ng}
|
r(d|d	<|Std
r4|
s2d|d	<|St�
d�

td
|
||||||||	|
|d�}d|vr]d�|d�
|d	<d|d<|S|d�d|dd��

|S)a7
    name
        Name of the state

    requester_vpc_id
        ID of the requesting VPC. Exclusive with requester_vpc_name. String type.

    requester_vpc_name
        Name tag of the requesting VPC.  Exclusive with requester_vpc_id.  String type.

    peer_vpc_id
        ID of the VPC tp crete VPC peering connection with.  This can be a VPC in another account. Exclusive with peer_vpc_name. String type.

    peer_vpc_name
        Name tag of the VPC tp crete VPC peering connection with.  This can only be a VPC the same account and region. Exclusive with peer_vpc_id.  String type.

    conn_name
        The (optional) name to use for this VPC peering connection. String type.

    peer_owner_id
        ID of the owner of the peer VPC. String type. If this isn't supplied AWS uses your account ID.  Required if peering to a different account.

    peer_region
        Region of peer VPC. For inter-region vpc peering connections. Not required for intra-region peering connections.

        .. versionadded:: 3005

    region
        Region to connect to.

    key
        Secret key to be used.

    keyid
        Access key to be used.

    profile
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.

    .. versionadded:: 2016.11.0

    Example:

    .. code-block:: yaml

        request a vpc peering connection:
          boto_vpc.request_vpc_peering_connection:
            - requester_vpc_id: vpc-4b3522e
            - peer_vpc_id: vpc-ae83f9ca
            - conn_name: salt_peering_connection

    z.Called state to request VPC peering connectionTr�r��(boto_vpc.describe_vpc_peering_connectionrL�VPC-Peeringsz:VPC peering connection already exists, nothing to be done.r
rz&VPC peering connection will be createdz.Called module to create VPC peering connectionz'boto_vpc.request_vpc_peering_connection)r�
peer_owner_id�peer_regionrrrrrz!Failed to request VPC peering: {}Frrr	rUr��rRrSrr%r&rrg)r�requester_vpc_id�requester_vpc_name�peer_vpc_id�
peer_vpc_namer�r�r�rrrrr(�vpc_idsrrrr�request_vpc_peering_connection:sP
C


�


��
















�



r�c
Cs�|d
did�}td|||	|
|d�r>td||
|||	|
|d�r4d�
||p'|p'|�|d	<t�|d	�

|St||||	|
|d
�St||
||||||||	|
|d�S)at
    name
        Name of the state

    requester_vpc_id
        ID of the requesting VPC. Exclusive with requester_vpc_name.

    requester_vpc_name
        Name tag of the requesting VPC.  Exclusive with requester_vpc_id.

    peer_vpc_id
        ID of the VPC tp crete VPC peering connection with. This can be a VPC in
        another account. Exclusive with peer_vpc_name.

    peer_vpc_name
        Name tag of the VPC tp crete VPC peering connection with. This can only
        be a VPC in the same account, else resolving it into a vpc ID will fail.
        Exclusive with peer_vpc_id.

    conn_name
        The name to use for this VPC peering connection.

    peer_owner_id
        ID of the owner of the peer VPC. Defaults to your account ID, so a value
        is required if peering with a VPC in a different account.

    peer_region
        Region of peer VPC. For inter-region vpc peering connections. Not required
        for intra-region peering connections.

        .. versionadded:: 3005

    region
        Region to connect to.

    key
        Secret key to be used.

    keyid
        Access key to be used.

    profile
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.

    .. versionadded:: 2016.11.0

    Example:

    .. code-block:: yaml

        ensure peering twixt local vpc and the other guys:
          boto_vpc.vpc_peering_connection_present:
            - requester_vpc_name: my_local_vpc
            - peer_vpc_name: some_other_guys_vpc
            - conn_name: peering_from_here_to_there
            - peer_owner_id: 012345654321


    Tr	r
r�)r�rrrrz,boto_vpc.peering_connection_pending_from_vpc)r�rrrrrrz;VPC peering {} already requested - pending acceptance by {}r
)rr�rrrr)rr�r�r�r�r�r�r�rrrr)rrrR�infor�r�)
rr�r�r�r�r�r�r�rrrrr(rrr�vpc_peering_connection_present�sRJ


�






�

��







�











�r�cCst||
|||||�S)
N)
�delete_vpc_peering_connection)rr�r�rrrrrrr�vpc_peering_connection_absent#s
�r�c
Cs�t�
d
�

|didd�}|rtd|||||d��dg�}n|
g
}|s)d|d	<|Std
r5|r3d|d	<|St�
d�

td
|
|||||d�}	d|	vrYd�|	d�
|d	<d|d<|S|d�d|	dd��

|S)a�
    name
        Name of the state

    conn_id
        ID of the peering connection to delete.  Exclusive with conn_name.

    conn_name
        The name of the peering connection to delete.  Exclusive with conn_id.

    region
        Region to connect to.

    key
        Secret key to be used.

    keyid
        Access key to be used.

    profile
        A dict with region, key and keyid, or a pillar key (string) that
        contains a dict with region, key and keyid.

    .. versionadded:: 2016.11.0

    Example:

    .. code-block:: yaml

        delete a vpc peering connection:
          boto_vpc.delete_vpc_peering_connection:
            - region: us-west-2
            - conn_id: pcx-4613b12e

    Connection name can be specified (instead of ID).
    Specifying both conn_name and conn_id will result in an
    error.

    .. code-block:: yaml

        delete a vpc peering connection:
          boto_vpc.delete_vpc_peering_connection:
            - conn_name: salt_vpc_peering

    z-Called state to delete VPC peering connectionTr�r�r�rLr�z,No VPC connection found, nothing to be done.r
rz'VPC peering connection would be deletedz.Called module to delete VPC peering connectionz&boto_vpc.delete_vpc_peering_connectionr�rz Failed to delete VPC peering: {}Frrr	rUr�r�)
rr�r�rrrrr(r�rrrrr�,sF
0


�


��











�	



r�)NNNNNNNN)NNNNN)
NNNNNNNNNNNNN)NNNNNN)NNNNNNNNNNF)NNNNNNN)FNNNN)
NNNNNNNNNN)NNNN)NNNNNNNr
)NNNNNNNNNNN)�__doc__�loggingZsalt.utils.dictupdate�utilsrfr�	getLogger�__name__rRrr+r0r:r=rVrPrXr]r`rirdrerhr�r�r�r�r�r�r�r�rrrr�<module>
s"









�
[:












�
�K










�j
�<






�X
�J









�






�>
�E






�
v;






�`







�^






�f










�u










�w
�
�