o
    Ü!da5  ã                   @   sŽ   d dl Z d dlZd dlZddlmZ d dlmZ d dlmZ d dl	m
Z
 e e¡ZdZdZG d	d
„ d
eƒZG dd„ deƒZG dd„ deƒZdS )é    Né   )Úget_account_id)ÚBasicCommand)Ús3_bucket_exists)ÚClientErrorz6policy/S3/AWSCloudTrail-S3BucketPolicy-2014-12-17.jsonz7policy/SNS/AWSCloudTrail-SnsTopicPolicy-2014-12-17.jsonc                   @   s   e Zd ZdS )ÚCloudTrailErrorN)Ú__name__Ú
__module__Ú__qualname__© r   r   úNusr/lib/python3.10/site-packages/awscli/customizations/cloudtrail/subscribe.pyr      s    r   c                
   @   s¶   e Zd ZdZdZdZdZddddœd	d
dœdddœdddœdddœdddœdddœdddœgZdZdZ	dd„ Z
dd„ Zdd„ Zdd „ Zd,d"d#„Zd,d$d%„Zd&d'„ Zd(d)„ Zd*d+„ Zd!S )-ÚCloudTrailSubscribez©
    Subscribe/update a user account to CloudTrail, creating the required S3 bucket,
    the optional SNS topic, and starting the CloudTrail monitoring and logging.
    zcreate-subscriptionz‚Creates and configures the AWS resources necessary to use CloudTrail, creates a trail using those resources, and turns on logging.znaws cloudtrail create-subscription (--s3-use-bucket|--s3-new-bucket) bucket-name [--sns-new-topic topic-name]
ÚnameTzCloudtrail name)r   ÚrequiredÚ	help_textzs3-new-bucketz%Create a new S3 bucket with this name)r   r   zs3-use-bucketz(Use an existing S3 bucket with this namez	s3-prefixzS3 object prefixzsns-new-topicz%Create a new SNS topic with this namezinclude-global-service-eventsz(Whether to include global service eventszs3-custom-policyz Custom S3 policy template or URLzsns-custom-policyz!Custom SNS policy template or URLFc                 C   s   |   ||¡ |  ||¡ dS )Nr   )Úsetup_servicesÚ_call)ÚselfÚargsÚparsed_globalsr   r   r   Ú	_run_main@   s   zCloudTrailSubscribe._run_mainc                 C   s°   d d dœ}|j d ur|j |d< |jd ur|j|d< t d¡ | jjd
i |¤Ž| _| jjdi |¤Ž| _| jjdi |¤Ž| _| jj	j
| _
|jd urL|j|d< | jjdi |¤Ž| _d S )N)Úregion_nameÚverifyr   r   z&Initializing S3, SNS and CloudTrail...ÚstsÚs3ÚsnsÚendpoint_urlÚ
cloudtrail)r   )r   )r   )r   )ÚregionZ
verify_sslÚLOGÚdebugZ_sessionZcreate_clientr   r   r   Úmetar   r   r   )r   r   r   Zclient_argsr   r   r   r   G   s   þ






z"CloudTrailSubscribe.setup_servicesc           	      C   s´  |j }|r| ¡ dkrd}n| ¡ dkrd}ntdƒ‚|j}|jrX|j}| jrN|jdu rN| jj|j	gd}|d d	 }d
|v rNt
 d |d
 ¡¡ |d
 |_|  ||j|j¡ n	|sa| jsatdƒ‚|jr‚z
|  |j|j¡}W n ty   |jr€| jj|jd ‚ w z|  |j	||j|j|¡}W n ty¯   |jr¢| jj|jd |jr®| jj|d d ‚ w tj djtj|ddd¡ | jsØ|  |j	¡ tj dj||jpÒdd¡ dS dS )zˆ
        Run the command. Calls various services based on input options and
        outputs the final CloudTrail configuration.
        ÚtrueTÚfalseFzFYou must pass either true or false to --include-global-service-events.N)ZtrailNameListZ	trailListr   ÚS3KeyPrefixzSetting S3 prefix to {0}zBYou must pass either --s3-use-bucket or --s3-new-bucket to create.©ÚBucketÚTopicArn©r'   z#CloudTrail configuration:
{config}
é   )Úindent)Úconfigz,Logs will be delivered to {bucket}:{prefix}
Ú )ÚbucketÚprefix)Zinclude_global_service_eventsÚlowerÚ
ValueErrorZs3_use_bucketZs3_new_bucketÚUPDATEZ	s3_prefixr   Údescribe_trailsr   r   r    ÚformatÚsetup_new_bucketZs3_custom_policyZsns_new_topicÚsetup_new_topicZsns_custom_policyÚ	Exceptionr   Údelete_bucketÚupsert_cloudtrail_configr   Údelete_topicÚsysÚstdoutÚwriteÚjsonÚdumpsÚstart_cloudtrail)	r   Úoptionsr   Úgser-   ÚresZ
trail_infoÚtopic_resultZcloudtrail_configr   r   r   r   ^   sz   ÿÿ

ÿ
ÿüûú
ÿ
ÿÿûzCloudTrailSubscribe._callc              
   C   sT   z| j jd| j |d}|d  ¡  d¡W S  ty) } ztd| j||ƒ‚d }~ww )Nzawscloudtrail-policy-)r&   ÚKeyZBodyzutf-8zCUnable to get regional policy template for region %s: %s. Error: %s)r   Z
get_objectr   ÚreadÚdecoder6   r   )r   Zkey_nameÚdataÚer   r   r   Ú_get_policy«   s   þþ€ÿzCloudTrailSubscribe._get_policyNc           
      C   s&  t j dj|d¡ t| jƒ}|r| d¡s|d7 }|dur!|}n|  t¡}| 	d|¡ 	d|¡}d|v r=| 	d|p:d¡}n| 	d	|pCd¡}t
 d
 |¡¡ t| j|ƒ}|r]tdj|dƒ‚d|i}| jdkrod| ji}||d< | jjdi |¤Ž}	z| jj||d W |	S  ty’   | jj|d ‚ w )zx
        Creates a new S3 bucket with an appropriate policy to let CloudTrail
        write to the prefix path.
        z%Setting up new S3 bucket {bucket}...
)r-   ú/Nz<BucketName>z<CustomerAccountID>z	<Prefix>/r,   z<Prefix>zBucket policy:
{0}zBucket {bucket} already exists.r&   z	us-east-1ZLocationConstraintZCreateBucketConfiguration)r&   ÚPolicyr%   r   )r:   r;   r<   r3   r   r   ÚendswithrI   ÚS3_POLICY_TEMPLATEÚreplacer   r    r   r   r6   r   Zcreate_bucketZput_bucket_policyr   r7   )
r   r-   r.   Úcustom_policyÚ
account_idÚpolicyZbucket_existsÚparamsZbucket_configrG   r   r   r   r4   ¶   sB   
ÿ


ÿÿ

ûýz$CloudTrailSubscribe.setup_new_bucketc           	         s6  t j djˆ d¡ t| jƒ}z	| j ¡ d }W n ty(   g }t	 
d¡ Y nw ‡ fdd„|D ƒr:tdjˆ dƒ‚| jjj}|durF|}n|  t¡}| d	|¡ d
|¡ dˆ ¡}| jjˆ d}z)| jj|d d}|  |d d |¡}t	 d |¡¡ | jj|d d|d W |S  tyš   | jj|d d ‚ w )zz
        Creates a new SNS topic with an appropriate policy to let CloudTrail
        post messages to the topic.
        z$Setting up new SNS topic {topic}...
©ÚtopicZTopicsz$Unable to list topics, continuing...c                    s&   g | ]}|d    d¡d ˆ kr|‘qS )r'   ú:éÿÿÿÿ)Úsplit)Ú.0ÚtrS   r   r   Ú
<listcomp>ý   s   & z7CloudTrailSubscribe.setup_new_topic.<locals>.<listcomp>zTopic {topic} already exists.Nz<Region>z<SNSTopicOwnerAccountId>z<SNSTopicName>©ÚNamer'   r(   Z
AttributesrK   zTopic policy:
{0})r'   ZAttributeNameZAttributeValue)r:   r;   r<   r3   r   r   r   Zlist_topicsr6   r   Úwarnr!   r   rI   ÚSNS_POLICY_TEMPLATErN   Zcreate_topicZget_topic_attributesÚmerge_sns_policyr    Zset_topic_attributesr9   )	r   rT   rO   rP   Ztopicsr   rQ   rC   Z
topic_attrr   rS   r   r5   ê   sP   
ÿ
þÿ


þÿÿþûýz#CloudTrailSubscribe.setup_new_topicc                 C   s2   t  |¡}t  |¡}|d  |d 7  < t  |¡S )aÞ  
        Merge two SNS topic policy documents. The id information from
        ``left`` is used in the final document, and the statements
        from ``right`` are merged into ``left``.

        http://docs.aws.amazon.com/sns/latest/dg/BasicStructure.html

        :type left: string
        :param left: First policy JSON document
        :type right: string
        :param right: Second policy JSON document
        :rtype: string
        :return: Merged policy JSON
        Z	Statement)r=   Úloadsr>   )r   ÚleftÚrightZleft_parsedZright_parsedr   r   r   r_   %  s   


z$CloudTrailSubscribe.merge_sns_policyc                 C   sŠ   t j d¡ d|i}|dur||d< |dur||d< |dur"||d< |dur*||d< | js7| jjdi |¤Ž n	| jjdi |¤Ž | j ¡ S )	z
        Either create or update the CloudTrail configuration depending on
        whether this command is a create or update command.
        z.Creating/updating CloudTrail configuration...
r\   NZS3BucketNamer$   ZSnsTopicNameZIncludeGlobalServiceEventsr   )r:   r;   r<   r1   r   Zcreate_trailZupdate_trailr2   )r   r   r-   r.   rT   rA   r+   r   r   r   r8   9  s   ÿ
z,CloudTrailSubscribe.upsert_cloudtrail_configc                 C   s   t j d¡ | jj|dS )zE
        Start the CloudTrail service, which begins logging.
        zStarting CloudTrail service...
r[   )r:   r;   r<   r   Zstart_logging)r   r   r   r   r   r?   P  s   z$CloudTrailSubscribe.start_cloudtrail)N)r   r	   r
   Ú__doc__ÚNAMEÚDESCRIPTIONÚSYNOPSISZ	ARG_TABLEr1   Z_UNDOCUMENTEDr   r   r   rI   r4   r5   r_   r8   r?   r   r   r   r   r       sJ    
ÿÿÿÿÿÿóM

4;r   c                   @   s    e Zd ZdZdZdZdZdZdS )ÚCloudTrailUpdatezF
    Like subscribe above, but the update version of the command.
    zupdate-subscriptionTzlUpdates any of the trail configuration settings, and creates and configures any new AWS resources specified.zpaws cloudtrail update-subscription [(--s3-use-bucket|--s3-new-bucket) bucket-name] [--sns-new-topic topic-name]
N)r   r	   r
   rc   rd   r1   re   rf   r   r   r   r   rg   X  s    rg   )r=   Úloggingr:   Úutilsr   Zawscli.customizations.commandsr   Zawscli.customizations.utilsr   Zbotocore.exceptionsr   Ú	getLoggerr   r   rM   r^   r6   r   r   rg   r   r   r   r   Ú<module>   s   
  :