Source code for idem_aws.states.aws.guardduty.organization_configuration
"""State module for managing Organization Configuration."""fromdataclassesimportfieldfromtypingimportAnyfromtypingimportDict__contracts__=["resource"]fromdataclassesimportmake_dataclass
[docs]asyncdefpresent(hub,ctx,name:str,auto_enable:bool,resource_id:str=None,data_sources:make_dataclass("""Describes which data sources will be enabled for the detector.""""DataSourceConfiguration",[("S3Logs",make_dataclass("""Describes whether S3 data event logs are enabled as a data source.""""S3LogsConfiguration",[("Enable",bool)],),field(default=None),),("Kubernetes",make_dataclass("""Describes whether any Kubernetes logs are enabled as data sources.""""KubernetesConfiguration",[("AuditLogs",make_dataclass("""The status of Kubernetes audit logs as a data source.""""KubernetesAuditLogsConfiguration",[("Enable",bool)],),)],),field(default=None),),("MalwareProtection",make_dataclass("""Describes whether Malware Protection is enabled as a data source.""""MalwareProtectionConfiguration",[("ScanEc2InstanceWithFindings",make_dataclass("""Describes the configuration of Malware Protection for EC2 instances with findings.""""ScanEc2InstanceWithFindingsConfiguration",[("EbsVolumes",bool,field(default=None))],),field(default=None),)],),field(default=None),),],)=None,)->Dict[str,Any]:"""Updates the delegated administrator account with the values provided. Args: name(str): An Idem name of the resource. auto_enable(bool): Indicates whether to automatically enable member accounts in the organization. resource_id(str, Optional): The ID of the detector to update the delegated administrator for. data_sources(dict, Optional): Describes which data sources will be updated. * S3Logs (*dict, Optional*): Describes whether S3 data event logs are enabled as a data source. * Enable (*bool*): The status of S3 data event logs as a data source. * Kubernetes (*dict, Optional*): Describes whether any Kubernetes logs are enabled as data sources. * AuditLogs (*dict*): The status of Kubernetes audit logs as a data source. * Enable (*bool*): The status of Kubernetes audit logs as a data source. * MalwareProtection (*dict, Optional*): Describes whether Malware Protection is enabled as a data source. * ScanEc2InstanceWithFindings (*dict, Optional*): Describes the configuration of Malware Protection for EC2 instances with findings. EbsVolumes (*bool, Optional*): Describes the configuration for scanning EBS volumes as data source. Request Syntax: Using in a state: .. code-block:: yaml aws.guardduty.organization_configuration.present: - name: 'string' - resource_id: 'string' - auto_enable: True|False - data_sources: S3Logs: Enable: True|False Kubernetes: AuditLogs: Enable: True|False MalwareProtection: ScanEc2InstanceWithFindings: EbsVolumes: True|False Returns: Dict[str, Any] Examples: .. code-block:: sls resource_is_present: aws.guardduty.organization_configuration.present: - name: 6ec3816a325af96978c683c9c81fdf0a - resource_id: 6ec3816a325af96978c683c9c81fdf0a - auto_enable: false - data_sources: Kubernetes: AuditLogs: AutoEnable: false MalwareProtection: ScanEc2InstanceWithFindings: EbsVolumes: AutoEnable: false S3Logs: AutoEnable: false """result=dict(comment=[],old_state=None,new_state=None,name=name,result=True)ifnotresource_id:resource_id=namebefore=awaithub.exec.aws.guardduty.organization_configuration.get(ctx,resource_id=resource_id)ifnotbefore["result"]:result["result"]=before["result"]result["comment"]=before["comment"]returnresultresult["old_state"]=before["ret"]ifctx.get("test",False):result["comment"]=hub.tool.aws.comment_utils.would_update_comment(resource_type="aws.guardduty.organization_configuration",name=resource_id,)result["new_state"]=hub.tool.aws.test_state_utils.generate_test_state(enforced_state={},desired_state={"name":name,"auto_enable":auto_enable,"resource_id":resource_id,},)returnresultret=awaithub.exec.aws.guardduty.organization_configuration.update(ctx,resource_id=resource_id,auto_enable=auto_enable,data_sources=data_sources,org_conf=before,)result["result"]=ret["result"]result["comment"]=ret["comment"]ifnotresult["result"]:returnresultafter=awaithub.exec.aws.guardduty.organization_configuration.get(ctx,resource_id=resource_id)result["new_state"]=after["ret"]returnresult
[docs]asyncdefabsent(hub,ctx,name:str)->Dict[str,Any]:"""A No-Op function for aws.guardduty.organization_configuration. This is a configuration resource of the aws.guardduty.organization_configuration resource. It's not possible to delete aws.guardduty.organization_configuration. If you want to modify the aws.guardduty.organization_configuration resource, use the aws.guardduty.organization_configuration.present. Args: name: An Idem name of the resource. Request Syntax: .. code-block:: sls [guardduty.organization_configuration_id]: aws.guardduty.organization_configuration.absent: - name: "string" Returns: Dict[str, Any] """result=dict(comment=("No-Op: The aws.guardduty.organization_configuration can not be deleted",),old_state=None,new_state=None,name=name,result=True,)returnresult
[docs]asyncdefdescribe(hub,ctx)->Dict[str,Dict[str,Any]]:"""Describe the resource in a way that can be recreated/managed with the corresponding "present" function. Returns: Dict[str, Dict[str, Any]] Examples: Calling from the CLI: .. code-block:: bash $ idem describe aws.guardduty.organization_configuration """result={}ret=awaithub.exec.aws.guardduty.detector.list(ctx,name="list detectors")ifnotret["result"]:hub.log.warning(f"Could not list detector {ret['comment']}")return{}fordetectorinret["ret"]:response=awaithub.exec.aws.guardduty.organization_configuration.get(ctx,resource_id=detector.get("resource_id"))ifnotresponse["result"]:hub.log.warning(f"Could not list organization_configuration {ret['comment']}")else:result[detector.get("resource_id")]={"aws.guardduty.organization_configuration.present":[{parameter_key:parameter_value}forparameter_key,parameter_valueinresponse["ret"].items()]}returnresult