From 85980472704767a33fdf51dff0475f4a87540c47 Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Fri, 19 May 2023 11:59:16 +0200 Subject: [PATCH] Revert "ec2_snapshot, ec2_snapshot_info: Add support to modify snapshot share permissions (#1464) (#1546)" This reverts commit 6698cddee60bb36a0f05e0e6470f8fbe7af90078. --- ...rt-modifying-create-volume-permissions.yml | 3 - plugins/modules/ec2_snapshot.py | 186 +------ plugins/modules/ec2_snapshot_info.py | 27 +- .../targets/ec2_snapshot/tasks/main.yml | 3 - .../test_modify_create_volume_permissions.yml | 454 ------------------ 5 files changed, 3 insertions(+), 670 deletions(-) delete mode 100644 changelogs/fragments/1464-ec2_snapshot-ec2_snapshot_info-support-modifying-create-volume-permissions.yml delete mode 100644 tests/integration/targets/ec2_snapshot/tasks/test_modify_create_volume_permissions.yml diff --git a/changelogs/fragments/1464-ec2_snapshot-ec2_snapshot_info-support-modifying-create-volume-permissions.yml b/changelogs/fragments/1464-ec2_snapshot-ec2_snapshot_info-support-modifying-create-volume-permissions.yml deleted file mode 100644 index c3fe986018b..00000000000 --- a/changelogs/fragments/1464-ec2_snapshot-ec2_snapshot_info-support-modifying-create-volume-permissions.yml +++ /dev/null @@ -1,3 +0,0 @@ -minor_changes: -- ec2_snapshot - Add support for modifying createVolumePermission (https://github.com/ansible-collections/amazon.aws/pull/1464). -- ec2_snapshot_info - Add createVolumePermission to output result (https://github.com/ansible-collections/amazon.aws/pull/1464). diff --git a/plugins/modules/ec2_snapshot.py b/plugins/modules/ec2_snapshot.py index cae97201d4c..7caa4b65ef5 100644 --- a/plugins/modules/ec2_snapshot.py +++ b/plugins/modules/ec2_snapshot.py @@ -70,39 +70,6 @@ required: false default: 0 type: int - modify_create_vol_permission: - description: - - If set to C(true), ec2 snapshot's createVolumePermissions can be modified. - required: false - type: bool - version_added: 6.1.0 - purge_create_vol_permission: - description: - - Whether unspecified group names or user IDs should be removed from the snapshot createVolumePermission. - - Must set I(modify_create_vol_permission) to C(True) for when I(purge_create_vol_permission) is set to C(True). - required: False - type: bool - default: False - version_added: 6.1.0 - group_names: - description: - - The group to be added or removed. The possible value is C(all). - - Mutually exclusive with I(user_ids). - required: false - type: list - elements: str - choices: ["all"] - version_added: 6.1.0 - user_ids: - description: - - The account user IDs to be added or removed. - - If createVolumePermission on snapshot is currently set to Public i.e. I(group_names=all), - providing I(user_ids) will not make createVolumePermission Private unless I(create_volume_permission) is set to C(true). - - Mutually exclusive with I(group_names). - required: false - type: list - elements: str - version_added: 6.1.0 author: "Will Thames (@willthames)" extends_documentation_fragment: - amazon.aws.common.modules @@ -139,44 +106,6 @@ - amazon.aws.ec2_snapshot: volume_id: vol-abcdef12 last_snapshot_min_age: 60 - -- name: Reset snapshot createVolumePermission (change permission to "Private") - amazon.aws.ec2_snapshot: - snapshot_id: snap-06a6f641234567890 - modify_create_vol_permission: true - purge_create_vol_permission: true - -- name: Modify snapshot createVolmePermission to add user IDs (specify purge_create_vol_permission=true to change permssion to "Private") - amazon.aws.ec2_snapshot: - snapshot_id: snap-06a6f641234567890 - modify_create_vol_permission: true - user_ids: - - '123456789012' - - '098765432109' - -- name: Modify snapshot createVolmePermission - remove all except specified user_ids - amazon.aws.ec2_snapshot: - snapshot_id: snap-06a6f641234567890 - modify_create_vol_permission: true - purge_create_vol_permission: true - user_ids: - - '123456789012' - -- name: Replace (purge existing) snapshot createVolmePermission annd add user IDs - amazon.aws.ec2_snapshot: - snapshot_id: snap-06a6f641234567890 - modify_create_vol_permission: true - purge_create_vol_permission: true - user_ids: - - '111111111111' - -- name: Modify snapshot createVolmePermission - make createVolumePermission "Public" - amazon.aws.ec2_snapshot: - snapshot_id: snap-06a6f641234567890 - modify_create_vol_permission: true - purge_create_vol_permission: true - group_names: - - all """ RETURN = r""" @@ -403,109 +332,6 @@ def delete_snapshot(module, ec2, snapshot_id): module.exit_json(changed=True) -def _describe_snapshot_attribute(module, ec2, snapshot_id): - try: - response = ec2.describe_snapshot_attribute(Attribute="createVolumePermission", SnapshotId=snapshot_id) - except ( - botocore.exceptions.BotoCoreError, - botocore.exceptions.ClientError, - ) as e: # pylint: disable=duplicate-except - module.fail_json_aws(e, msg="Failed to describe snapshot attribute createVolumePermission") - - return response["CreateVolumePermissions"] - - -def build_modify_createVolumePermission_params(module): - snapshot_id = module.params.get("snapshot_id") - user_ids = module.params.get("user_ids") - group_names = module.params.get("group_names") - - if not user_ids and not group_names: - module.fail_json(msg="Please provide either Group IDs or User IDs to modify permissions") - - params = { - "Attribute": "createVolumePermission", - "OperationType": "add", - "SnapshotId": snapshot_id, - "GroupNames": group_names, - "UserIds": user_ids, - } - - # remove empty value params - params = {k: v for k, v in params.items() if v} - - return params - - -def check_user_or_group_update_needed(module, ec2): - existing_create_vol_permission = _describe_snapshot_attribute(module, ec2, module.params.get("snapshot_id")) - purge_permission = module.params.get("purge_create_vol_permission") - supplied_group_names = module.params.get("group_names") - supplied_user_ids = module.params.get("user_ids") - - # if createVolumePermission is already "Public", adding "user_ids" is not needed - if any(item.get("Group") == "all" for item in existing_create_vol_permission) and not purge_permission: - return False - - if supplied_group_names: - existing_group_names = {item.get("Group") for item in existing_create_vol_permission or []} - if set(supplied_group_names) == set(existing_group_names): - return False - else: - return True - - if supplied_user_ids: - existing_user_ids = {item.get("UserId") for item in existing_create_vol_permission or []} - if set(supplied_user_ids) == set(existing_user_ids): - return False - else: - return True - - if purge_permission and existing_create_vol_permission == []: - return False - - return True - - -def _modify_snapshot_createVolumePermission(module, ec2, snapshot_id, purge_create_vol_permission): - update_needed = check_user_or_group_update_needed(module, ec2) - - if not update_needed: - module.exit_json(changed=False, msg="Supplied CreateVolumePermission already applied, update not needed") - - if purge_create_vol_permission is True: - _reset_snapshpot_attribute(module, ec2, snapshot_id) - if not module.params.get("user_ids") and not module.params.get("group_names"): - module.exit_json(changed=True, msg="Reset createVolumePermission successfully") - - params = build_modify_createVolumePermission_params(module) - - if module.check_mode: - module.exit_json(changed=True, msg="Would have modified CreateVolumePermission") - - try: - ec2.modify_snapshot_attribute(**params) - except ( - botocore.exceptions.BotoCoreError, - botocore.exceptions.ClientError, - ) as e: # pylint: disable=duplicate-except - module.fail_json_aws(e, msg="Failed to modify createVolumePermission") - - module.exit_json(changed=True, msg="Successfully modified CreateVolumePermission") - - -def _reset_snapshpot_attribute(module, ec2, snapshot_id): - if module.check_mode: - module.exit_json(changed=True, msg="Would have reset CreateVolumePermission") - try: - response = ec2.reset_snapshot_attribute(Attribute="createVolumePermission", SnapshotId=snapshot_id) - except ( - botocore.exceptions.BotoCoreError, - botocore.exceptions.ClientError, - ) as e: # pylint: disable=duplicate-except - module.fail_json_aws(e, msg="Failed to reset createVolumePermission") - - def create_snapshot_ansible_module(): argument_spec = dict( volume_id=dict(), @@ -518,18 +344,12 @@ def create_snapshot_ansible_module(): last_snapshot_min_age=dict(type="int", default=0), snapshot_tags=dict(type="dict", default=dict()), state=dict(choices=["absent", "present"], default="present"), - modify_create_vol_permission=dict(type="bool"), - purge_create_vol_permission=dict(type="bool", default=False), - user_ids=dict(type="list", elements="str"), - group_names=dict(type="list", elements="str", choices=["all"]), ) mutually_exclusive = [ ("instance_id", "snapshot_id", "volume_id"), - ("group_names", "user_ids"), ] required_if = [ ("state", "absent", ("snapshot_id",)), - ("purge_create_vol_permission", True, ("modify_create_vol_permission",)), ] required_one_of = [ ("instance_id", "snapshot_id", "volume_id"), @@ -563,8 +383,6 @@ def main(): last_snapshot_min_age = module.params.get("last_snapshot_min_age") snapshot_tags = module.params.get("snapshot_tags") state = module.params.get("state") - modify_create_vol_permission = module.params.get("modify_create_vol_permission") - purge_create_vol_permission = module.params.get("purge_create_vol_permission") ec2 = module.client("ec2", retry_decorator=AWSRetry.jittered_backoff(retries=10)) @@ -574,9 +392,7 @@ def main(): ec2=ec2, snapshot_id=snapshot_id, ) - elif modify_create_vol_permission is True: - _modify_snapshot_createVolumePermission(module, ec2, snapshot_id, purge_create_vol_permission) - elif state == "present": + else: create_snapshot( module=module, description=description, diff --git a/plugins/modules/ec2_snapshot_info.py b/plugins/modules/ec2_snapshot_info.py index bfa126e0a3f..c7612ff2a41 100644 --- a/plugins/modules/ec2_snapshot_info.py +++ b/plugins/modules/ec2_snapshot_info.py @@ -194,13 +194,6 @@ type: str returned: always sample: "arn:aws:kms:ap-southeast-2:123456789012:key/74c9742a-a1b2-45cb-b3fe-abcdef123456" - create_volume_permissions: - description: - - The users and groups that have the permissions for creating volumes from the snapshot. - - The module will return empty list if the create volume permissions on snapshot are 'private'. - type: list - elements: dict - sample: [{"group": "all"}] next_token_id: description: - Contains the value returned from a previous paginated request where C(max_results) was used and the results exceeded the value of that parameter. @@ -210,7 +203,7 @@ """ try: - from botocore.exceptions import BotoCoreError, ClientError + from botocore.exceptions import ClientError except ImportError: pass # Handled by AnsibleAWSModule @@ -239,7 +232,7 @@ def build_request_args(snapshot_ids, owner_ids, restorable_by_user_ids, filters, def get_snapshots(connection, module, request_args): - snapshot_ids = request_args.get("SnapshotIds") + snapshot_ids = request_args.get("snapshot_ids") try: snapshots = connection.describe_snapshots(aws_retry=True, **request_args) except is_boto3_error_code("InvalidSnapshot.NotFound") as e: @@ -250,15 +243,6 @@ def get_snapshots(connection, module, request_args): return snapshots -def _describe_snapshot_attribute(module, ec2, snapshot_id): - try: - response = ec2.describe_snapshot_attribute(Attribute="createVolumePermission", SnapshotId=snapshot_id) - except (BotoCoreError, ClientError) as e: # pylint: disable=duplicate-except - module.fail_json_aws(e, msg="Failed to describe snapshot attribute createVolumePermission") - - return response["CreateVolumePermissions"] - - def list_ec2_snapshots(connection, module, request_args): try: snapshots = get_snapshots(connection, module, request_args) @@ -266,13 +250,6 @@ def list_ec2_snapshots(connection, module, request_args): module.fail_json_aws(e, msg="Failed to describe snapshots") result = {} - - # Add createVolumePermission info to snapshots result - for snapshot in snapshots["Snapshots"]: - snapshot_id = snapshot.get("SnapshotId") - create_vol_permission = _describe_snapshot_attribute(module, connection, snapshot_id) - snapshot["CreateVolumePermissions"] = create_vol_permission - # Turn the boto3 result in to ansible_friendly_snaked_names snaked_snapshots = [] for snapshot in snapshots["Snapshots"]: diff --git a/tests/integration/targets/ec2_snapshot/tasks/main.yml b/tests/integration/targets/ec2_snapshot/tasks/main.yml index 8967d772dca..f3ea9cc4b22 100644 --- a/tests/integration/targets/ec2_snapshot/tasks/main.yml +++ b/tests/integration/targets/ec2_snapshot/tasks/main.yml @@ -26,9 +26,6 @@ aws_az_info: register: azs - - name: Run tasks for testing snapshot createVolumePermissions modifications - import_tasks: test_modify_create_volume_permissions.yml - # Create a new volume in detached mode without tags - name: Create a detached volume without tags ec2_vol: diff --git a/tests/integration/targets/ec2_snapshot/tasks/test_modify_create_volume_permissions.yml b/tests/integration/targets/ec2_snapshot/tasks/test_modify_create_volume_permissions.yml deleted file mode 100644 index b0d61c61923..00000000000 --- a/tests/integration/targets/ec2_snapshot/tasks/test_modify_create_volume_permissions.yml +++ /dev/null @@ -1,454 +0,0 @@ ---- -# Setup for this task ================================= -- name: Tests relating to createVolumePermission - block: - - name: Create a volume - ec2_vol: - volume_size: 1 - zone: '{{ azs.availability_zones[0].zone_name }}' - register: create_vol_result - - - set_fact: - volume_id: "{{ create_vol_result.volume_id }}" - - - name: Take snapshot of volume - ec2_snapshot: - volume_id: '{{ volume_id }}' - snapshot_tags: - Name: 'mandkulk-test-modify-test-snap' - register: create_snapshot_result - - - set_fact: - snapshot_id: "{{ create_snapshot_result.snapshot_id }}" - - - # Run Tests ============================================ - - - name: Get current createVolumePermission - ec2_snapshot_info: - snapshot_ids: - - "{{ snapshot_id }}" - register: info_result - - - name: assert that createVolumePermission are "Private" - assert: - that: - - info_result.snapshots[0].create_volume_permissions | length == 0 - - # Update Permissions to add user_ids -------------------------------------------------------- - - name: Modify snapshot createVolmePermission - ADD new user_ids - check_mode - amazon.aws.ec2_snapshot: - snapshot_id: "{{ snapshot_id }}" - modify_create_vol_permission: true - user_ids: - - '111111111111' - - '222222222222' - wait: true - register: update_permission_result - check_mode: true - - - name: Get current createVolumePermission - ec2_snapshot_info: - snapshot_ids: - - "{{ snapshot_id }}" - register: info_result - - - assert: - that: - - update_permission_result is changed - - update_permission_result is not failed - - info_result.snapshots[0].create_volume_permissions | length == 0 - - - name: Modify snapshot createVolmePermission - ADD new user_ids - amazon.aws.ec2_snapshot: - snapshot_id: "{{ snapshot_id }}" - modify_create_vol_permission: true - user_ids: - - '111111111111' - - '222222222222' - wait: true - register: update_permission_result - - - name: Get current createVolumePermission - ec2_snapshot_info: - snapshot_ids: - - "{{ snapshot_id }}" - register: info_result - - set_fact: - permissions_list: "{{ info_result.snapshots[0].create_volume_permissions | map(attribute='user_id') | list }}" - - - assert: - that: - - update_permission_result is changed - - update_permission_result is not failed - - permissions_list | length == 2 - - '"111111111111" in permissions_list' - - '"222222222222" in permissions_list' - - - name: Modify snapshot createVolmePermission - ADD new user_ids - idempotent - amazon.aws.ec2_snapshot: - snapshot_id: "{{ snapshot_id }}" - modify_create_vol_permission: true - user_ids: - - '111111111111' - - '222222222222' - wait: true - register: update_permission_result - - - name: Get current createVolumePermission - ec2_snapshot_info: - snapshot_ids: - - "{{ snapshot_id }}" - register: info_result - - set_fact: - permissions_list: "{{ info_result.snapshots[0].create_volume_permissions | map(attribute='user_id') | list }}" - - - assert: - that: - - update_permission_result is not changed - - update_permission_result is not failed - - permissions_list | length == 2 - - - name: Modify snapshot createVolmePermission - ADD new user_ids - idempotent - check_mode - amazon.aws.ec2_snapshot: - snapshot_id: "{{ snapshot_id }}" - modify_create_vol_permission: true - user_ids: - - '111111111111' - - '222222222222' - wait: true - register: update_permission_result - check_mode: true - - - name: Get current createVolumePermission - ec2_snapshot_info: - snapshot_ids: - - "{{ snapshot_id }}" - register: info_result - - set_fact: - permissions_list: "{{ info_result.snapshots[0].create_volume_permissions | map(attribute='user_id') | list }}" - - - assert: - that: - - update_permission_result is not changed - - update_permission_result is not failed - - permissions_list | length == 2 - - # Update Permissions to remove user_id -------------------------------------------------------- - - name: Modify snapshot createVolmePermission - remove user_id - check_mode - amazon.aws.ec2_snapshot: - snapshot_id: "{{ snapshot_id }}" - modify_create_vol_permission: true - purge_create_vol_permission: true - user_ids: - - '111111111111' - wait: true - register: update_permission_result - check_mode: true - - - name: Get current createVolumePermission - ec2_snapshot_info: - snapshot_ids: - - "{{ snapshot_id }}" - register: info_result - - - assert: - that: - - update_permission_result is changed - - update_permission_result is not failed - - info_result.snapshots[0].create_volume_permissions | length == 2 - - - name: Modify snapshot createVolmePermission - remove user_id - amazon.aws.ec2_snapshot: - snapshot_id: "{{ snapshot_id }}" - modify_create_vol_permission: true - purge_create_vol_permission: true - user_ids: - - '222222222222' - wait: true - register: update_permission_result - - - name: Get current createVolumePermission - ec2_snapshot_info: - snapshot_ids: - - "{{ snapshot_id }}" - register: info_result - - set_fact: - permissions_list: "{{ info_result.snapshots[0].create_volume_permissions | map(attribute='user_id') | list }}" - - - assert: - that: - - update_permission_result is changed - - update_permission_result is not failed - - permissions_list | length == 1 - - '"111111111111" not in permissions_list' - - '"222222222222" in permissions_list' - - - name: Modify snapshot createVolmePermission - remove user_id - idempotent - amazon.aws.ec2_snapshot: - snapshot_id: "{{ snapshot_id }}" - modify_create_vol_permission: true - purge_create_vol_permission: true - user_ids: - - '222222222222' - wait: true - register: update_permission_result - - - name: Get current createVolumePermission - ec2_snapshot_info: - snapshot_ids: - - "{{ snapshot_id }}" - register: info_result - - set_fact: - permissions_list: "{{ info_result.snapshots[0].create_volume_permissions | map(attribute='user_id') | list }}" - - - assert: - that: - - update_permission_result is not changed - - update_permission_result is not failed - - permissions_list | length == 1 - - - name: Modify snapshot createVolmePermission - remove user_id - idempotent - check_mode - amazon.aws.ec2_snapshot: - snapshot_id: "{{ snapshot_id }}" - modify_create_vol_permission: true - purge_create_vol_permission: true - user_ids: - - '222222222222' - wait: true - register: update_permission_result - check_mode: true - - - name: Get current createVolumePermission - ec2_snapshot_info: - snapshot_ids: - - "{{ snapshot_id }}" - register: info_result - - set_fact: - permissions_list: "{{ info_result.snapshots[0].create_volume_permissions | map(attribute='user_id') | list }}" - - - assert: - that: - - update_permission_result is not changed - - update_permission_result is not failed - - permissions_list | length == 1 - - # Update Permissions to Public -------------------------------------------------------- - - name: Modify snapshot createVolmePermission - add group_names 'all' - check_mode - amazon.aws.ec2_snapshot: - snapshot_id: "{{ snapshot_id }}" - modify_create_vol_permission: true - purge_create_vol_permission: true - group_names: - - 'all' - wait: true - register: update_permission_result - check_mode: true - - - name: Get current createVolumePermission - ec2_snapshot_info: - snapshot_ids: - - "{{ snapshot_id }}" - register: info_result - - set_fact: - permissions_list: "{{ info_result.snapshots[0].create_volume_permissions | map(attribute='user_id') | list }}" - - - assert: - that: - - update_permission_result is changed - - update_permission_result is not failed - - info_result.snapshots[0].create_volume_permissions | length == 1 - - '"222222222222" in permissions_list' - - - name: Modify snapshot createVolmePermission - add group_names 'all' - amazon.aws.ec2_snapshot: - snapshot_id: "{{ snapshot_id }}" - modify_create_vol_permission: true - purge_create_vol_permission: true - group_names: - - 'all' - wait: true - register: update_permission_result - - - name: Get current createVolumePermission - ec2_snapshot_info: - snapshot_ids: - - "{{ snapshot_id }}" - register: info_result - - set_fact: - permissions_list: "{{ info_result.snapshots[0].create_volume_permissions | map(attribute='group') | list }}" - - - assert: - that: - - update_permission_result is changed - - update_permission_result is not failed - - permissions_list | length == 1 - - '"222222222222" not in permissions_list' - - '"all" in permissions_list' - - - name: Modify snapshot createVolmePermission - add group_names 'all' - idempotent - amazon.aws.ec2_snapshot: - snapshot_id: "{{ snapshot_id }}" - modify_create_vol_permission: true - purge_create_vol_permission: true - group_names: - - 'all' - wait: true - register: update_permission_result - - - name: Get current createVolumePermission - ec2_snapshot_info: - snapshot_ids: - - "{{ snapshot_id }}" - register: info_result - - set_fact: - permissions_list: "{{ info_result.snapshots[0].create_volume_permissions | map(attribute='group') | list }}" - - - assert: - that: - - update_permission_result is not changed - - update_permission_result is not failed - - permissions_list | length == 1 - - '"222222222222" not in permissions_list' - - '"all" in permissions_list' - - - name: Modify snapshot createVolmePermission - add group_names 'all' - idempotent - check_mode - amazon.aws.ec2_snapshot: - snapshot_id: "{{ snapshot_id }}" - modify_create_vol_permission: true - purge_create_vol_permission: true - group_names: - - 'all' - wait: true - register: update_permission_result - check_mode: true - - - name: Get current createVolumePermission - ec2_snapshot_info: - snapshot_ids: - - "{{ snapshot_id }}" - register: info_result - - set_fact: - permissions_list: "{{ info_result.snapshots[0].create_volume_permissions | map(attribute='group') | list }}" - - - assert: - that: - - update_permission_result is not changed - - update_permission_result is not failed - - permissions_list | length == 1 - - '"222222222222" not in permissions_list' - - '"all" in permissions_list' - - # Reset Permissions to Private -------------------------------------------------------- - - name: Modify snapshot createVolmePermission - RESET to 'private' - check_mode - amazon.aws.ec2_snapshot: - snapshot_id: "{{ snapshot_id }}" - modify_create_vol_permission: true - purge_create_vol_permission: true - wait: true - register: update_permission_result - check_mode: true - - - name: Get current createVolumePermission - ec2_snapshot_info: - snapshot_ids: - - "{{ snapshot_id }}" - register: info_result - - set_fact: - permissions_list: "{{ info_result.snapshots[0].create_volume_permissions | map(attribute='group') | list }}" - - - assert: - that: - - update_permission_result is changed - - update_permission_result is not failed - - permissions_list | length == 1 - - '"222222222222" not in permissions_list' - - '"all" in permissions_list' - - - name: Modify snapshot createVolmePermission - RESET to 'private' - amazon.aws.ec2_snapshot: - snapshot_id: "{{ snapshot_id }}" - modify_create_vol_permission: true - purge_create_vol_permission: true - wait: true - register: update_permission_result - - - name: Get current createVolumePermission - ec2_snapshot_info: - snapshot_ids: - - "{{ snapshot_id }}" - register: info_result - - set_fact: - permissions_list: "{{ info_result.snapshots[0].create_volume_permissions | list }}" - - - assert: - that: - - update_permission_result is changed - - update_permission_result is not failed - - permissions_list | length == 0 - - '"222222222222" not in permissions_list' - - '"all" not in permissions_list' - - - name: Modify snapshot createVolmePermission - RESET to 'private' - idempotent - amazon.aws.ec2_snapshot: - snapshot_id: "{{ snapshot_id }}" - modify_create_vol_permission: true - purge_create_vol_permission: true - wait: true - register: update_permission_result - - - name: Get current createVolumePermission - ec2_snapshot_info: - snapshot_ids: - - "{{ snapshot_id }}" - register: info_result - - set_fact: - permissions_list: "{{ info_result.snapshots[0].create_volume_permissions | list }}" - - - assert: - that: - - update_permission_result is not changed - - update_permission_result is not failed - - permissions_list | length == 0 - - '"222222222222" not in permissions_list' - - '"all" not in permissions_list' - - - name: Modify snapshot createVolmePermission - RESET to 'private' - idempotent - check_mode - amazon.aws.ec2_snapshot: - snapshot_id: "{{ snapshot_id }}" - modify_create_vol_permission: true - purge_create_vol_permission: true - wait: true - register: update_permission_result - check_mode: true - - - name: Get current createVolumePermission - ec2_snapshot_info: - snapshot_ids: - - "{{ snapshot_id }}" - register: info_result - - set_fact: - permissions_list: "{{ info_result.snapshots[0].create_volume_permissions | list }}" - - - assert: - that: - - update_permission_result is not changed - - update_permission_result is not failed - - permissions_list | length == 0 - - '"222222222222" not in permissions_list' - - '"all" not in permissions_list' - -# Teardown for this task =============================== - always: - - - name: Delete snapshot - ec2_snapshot: - snapshot_id: "{{ snapshot_id }}" - state: absent - ignore_errors: true - - - name: Delete volume - ec2_vol: - id: "{{ volume_id }}" - state: absent - ignore_errors: true