o ckF[;?@sXddlZddlmZddlmZddlmZddlmZddl m Z GdddeZ dS) N)json)AWSQueryConnection) RegionInfo)JSONResponseError) exceptionscseZdZdZdZdZdZdZdZe Z e j e j e jdZfdd Zd d Zd d Z  d1ddZd2ddZddZddZddZddZd3ddZ  d3ddZdd Zd!d"Zd2d#d$Zd2d%d&Zd2d'd(Zd3d)d*Z  d4d+d,Z!d-d.Z"d/d0Z#Z$S)5CloudHSMConnectionz AWS CloudHSM Service z 2014-05-30z us-east-1z cloudhsm.us-east-1.amazonaws.comCloudHSMCloudHsmFrontendService)InvalidRequestExceptionCloudHsmServiceExceptionCloudHsmInternalExceptionc s^|dd}|st||j|j}d|vs|ddur|j|d<tt|jdi|||_dS)Nregionhost) poprDefaultRegionNameDefaultRegionEndpointendpointsuperr__init__r )selfkwargsr  __class__r6/usr/lib/python3/dist-packages/boto/cloudhsm/layer1.pyr1s   zCloudHSMConnection.__init__cCsdgS)Nzhmac-v4r)rrrr_required_auth_capability=sz,CloudHSMConnection._required_auth_capabilitycCd|i}|jdt|dS)a Creates a high-availability partition group. A high- availability partition group is a group of partitions that spans multiple physical HSMs. :type label: string :param label: The label of the new high-availability partition group. Label CreateHapgactionbody make_requestrdumps)rlabelparamsrrr create_hapg@ zCloudHSMConnection.create_hapgNc Csb||||d} |dur|| d<|dur|| d<|dur|| d<|dur'|| d<|jdt| dS) a Creates an uninitialized HSM instance. Running this command provisions an HSM appliance and will result in charges to your AWS account for the HSM. :type subnet_id: string :param subnet_id: The identifier of the subnet in your VPC in which to place the HSM. :type ssh_key: string :param ssh_key: The SSH public key to install on the HSM. :type eni_ip: string :param eni_ip: The IP address to assign to the HSM's ENI. :type iam_role_arn: string :param iam_role_arn: The ARN of an IAM role to enable the AWS CloudHSM service to allocate an ENI on your behalf. :type external_id: string :param external_id: The external ID from **IamRoleArn**, if present. :type subscription_type: string :param subscription_type: The subscription type. :type client_token: string :param client_token: A user-defined token to ensure idempotence. Subsequent calls to this action with the same token will be ignored. :type syslog_ip: string :param syslog_ip: The IP address for the syslog monitoring server. )SubnetIdSshKey IamRoleArnSubscriptionTypeNEniIp ExternalId ClientTokenSyslogIp CreateHsmrr") r subnet_idssh_key iam_role_arnsubscription_typeeni_ip external_id client_token syslog_ipr&rrr create_hsmNs &zCloudHSMConnection.create_hsmcCs,d|i}|dur ||d<|jdt|dS)a( Creates an HSM client. :type label: string :param label: The label for the client. :type certificate: string :param certificate: The contents of a Base64-Encoded X.509 v3 certificate to be installed on the HSMs used by this client. CertificateNrCreateLunaClientrr")r certificater%r&rrrcreate_luna_clients  z%CloudHSMConnection.create_luna_clientcCr)z Deletes a high-availability partition group. :type hapg_arn: string :param hapg_arn: The ARN of the high-availability partition group to delete. HapgArn DeleteHapgrr"rhapg_arnr&rrr delete_hapg zCloudHSMConnection.delete_hapgcCr)z Deletes an HSM. Once complete, this operation cannot be undone and your key material cannot be recovered. :type hsm_arn: string :param hsm_arn: The ARN of the HSM to delete. HsmArn DeleteHsmrr")rhsm_arnr&rrr delete_hsmrDzCloudHSMConnection.delete_hsmcCr)z Deletes a client. :type client_arn: string :param client_arn: The ARN of the client to delete. ClientArnDeleteLunaClientrr")r client_arnr&rrrdelete_luna_clientsz%CloudHSMConnection.delete_luna_clientcCr)z Retrieves information about a high-availability partition group. :type hapg_arn: string :param hapg_arn: The ARN of the high-availability partition group to describe. r? DescribeHapgrr"rArrr describe_hapgr(z CloudHSMConnection.describe_hapgcC8i}|dur ||d<|dur||d<|jdt|dS)a Retrieves information about an HSM. You can identify the HSM by its ARN or its serial number. :type hsm_arn: string :param hsm_arn: The ARN of the HSM. Either the HsmArn or the SerialNumber parameter must be specified. :type hsm_serial_number: string :param hsm_serial_number: The serial number of the HSM. Either the HsmArn or the HsmSerialNumber parameter must be specified. NrEHsmSerialNumber DescribeHsmrr")rrGhsm_serial_numberr&rrr describe_hsmszCloudHSMConnection.describe_hsmcCrO)a Retrieves information about an HSM client. :type client_arn: string :param client_arn: The ARN of the client. :type certificate_fingerprint: string :param certificate_fingerprint: The certificate fingerprint. NrICertificateFingerprintDescribeLunaClientrr")rrKcertificate_fingerprintr&rrrdescribe_luna_clients z'CloudHSMConnection.describe_luna_clientcCs |||d}|jdt|dS)a Gets the configuration files necessary to connect to all high availability partition groups the client is associated with. :type client_arn: string :param client_arn: The ARN of the client. :type client_version: string :param client_version: The client version. :type hapg_list: list :param hapg_list: A list of ARNs that identify the high-availability partition groups that are associated with the client. )rI ClientVersionHapgList GetConfigrr")rrKclient_version hapg_listr&rrr get_configszCloudHSMConnection.get_configcCsi}|jdt|dS)zk Lists the Availability Zones that have available AWS CloudHSM capacity. ListAvailableZonesrr")rr&rrrlist_available_zones sz'CloudHSMConnection.list_available_zonescC(i}|dur ||d<|jdt|dS)a Lists the high-availability partition groups for the account. This operation supports pagination with the use of the NextToken member. If more results are available, the NextToken member of the response contains a token that you pass in the next call to ListHapgs to retrieve the next set of items. :type next_token: string :param next_token: The NextToken value from a previous call to ListHapgs. Pass null if this is the first call. N NextToken ListHapgsrr"r next_tokenr&rrr list_hapgss zCloudHSMConnection.list_hapgscCr`)a Retrieves the identifiers of all of the HSMs provisioned for the current customer. This operation supports pagination with the use of the NextToken member. If more results are available, the NextToken member of the response contains a token that you pass in the next call to ListHsms to retrieve the next set of items. :type next_token: string :param next_token: The NextToken value from a previous call to ListHsms. Pass null if this is the first call. NraListHsmsrr"rcrrr list_hsms+ zCloudHSMConnection.list_hsmscCr`)a Lists all of the clients. This operation supports pagination with the use of the NextToken member. If more results are available, the NextToken member of the response contains a token that you pass in the next call to ListLunaClients to retrieve the next set of items. :type next_token: string :param next_token: The NextToken value from a previous call to ListLunaClients. Pass null if this is the first call. NraListLunaClientsrr"rcrrrlist_luna_clients@rhz$CloudHSMConnection.list_luna_clientscCs<d|i}|dur ||d<|dur||d<|jdt|dS)a Modifies an existing high-availability partition group. :type hapg_arn: string :param hapg_arn: The ARN of the high-availability partition group to modify. :type label: string :param label: The new label for the high-availability partition group. :type partition_serial_list: list :param partition_serial_list: The list of partition serial numbers to make members of the high-availability partition group. r?NrPartitionSerialList ModifyHapgrr")rrBr%partition_serial_listr&rrr modify_hapgUszCloudHSMConnection.modify_hapgcCsld|i}|dur ||d<|dur||d<|dur||d<|dur$||d<|dur,||d<|jdt|d S) a Modifies an HSM. :type hsm_arn: string :param hsm_arn: The ARN of the HSM to modify. :type subnet_id: string :param subnet_id: The new identifier of the subnet that the HSM is in. :type eni_ip: string :param eni_ip: The new IP address for the elastic network interface attached to the HSM. :type iam_role_arn: string :param iam_role_arn: The new IAM role ARN. :type external_id: string :param external_id: The new external ID. :type syslog_ip: string :param syslog_ip: The new IP address for the syslog monitoring server. rENr)r-r+r.r0 ModifyHsmrr")rrGr2r6r4r7r9r&rrr modify_hsmmszCloudHSMConnection.modify_hsmcCs||d}|jdt|dS)ai Modifies the certificate used by the client. This action can potentially start a workflow to install the new certificate on the client's HSMs. :type client_arn: string :param client_arn: The ARN of the client. :type certificate: string :param certificate: The new certificate for the client. )rIr;ModifyLunaClientrr")rrKr=r&rrrmodify_luna_clients z%CloudHSMConnection.modify_luna_clientc Csd|j|f|jjdtt|d}|jdddi||d}|j|ddd}|d }t j ||j d kr@|r>t |SdSt |}|d d}|j||j} | |j |j|d ) Nz%s.%szapplication/x-amz-json-1.1)z X-Amz-TargetHostz Content-TypezContent-LengthPOST/)methodpath auth_pathr&headersdata )senderoverride_num_retrieszutf-8__type)r!) TargetPrefixr rstrlenbuild_base_http_request_mexereaddecodebotologdebugstatusrloadsget_faults ResponseErrorreason) rr r!ry http_requestresponse response_body json_body fault_nameexception_classrrrr#s0        zCloudHSMConnection.make_request)NNNN)N)NN)NNNNN)%__name__ __module__ __qualname____doc__ APIVersionrr ServiceNamerrrrr r r rrrr'r:r>rCrHrLrNrSrWr]r_rergrjrnrprrr# __classcell__rrrrrsL   6        'r) r boto.compatrboto.connectionrboto.regioninforboto.exceptionr boto.cloudhsmrrrrrrs