From afa61d9baa93de9348767721cab5db0be8036ee0 Mon Sep 17 00:00:00 2001 From: jillr Date: Mon, 2 Mar 2020 19:25:18 +0000 Subject: [PATCH 01/47] Initial commit This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/eb75681585a23ea79e642b86a0f8e64e0f40a6d7 --- plugins/modules/ec2_vpc_peer.py | 447 +++++++++++++++++++++++ plugins/modules/ec2_vpc_peering_facts.py | 1 + plugins/modules/ec2_vpc_peering_info.py | 149 ++++++++ 3 files changed, 597 insertions(+) create mode 100644 plugins/modules/ec2_vpc_peer.py create mode 120000 plugins/modules/ec2_vpc_peering_facts.py create mode 100644 plugins/modules/ec2_vpc_peering_info.py diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py new file mode 100644 index 00000000000..9e1cdd06112 --- /dev/null +++ b/plugins/modules/ec2_vpc_peer.py @@ -0,0 +1,447 @@ +#!/usr/bin/python +# Copyright: Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['stableinterface'], + 'supported_by': 'community'} + + +DOCUMENTATION = ''' +module: ec2_vpc_peer +short_description: create, delete, accept, and reject VPC peering connections between two VPCs. +description: + - Read the AWS documentation for VPC Peering Connections + U(https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html). +options: + vpc_id: + description: + - VPC id of the requesting VPC. + required: false + type: str + peering_id: + description: + - Peering connection id. + required: false + type: str + peer_region: + description: + - Region of the accepting VPC. + required: false + type: str + peer_vpc_id: + description: + - VPC id of the accepting VPC. + required: false + type: str + peer_owner_id: + description: + - The AWS account number for cross account peering. + required: false + type: str + tags: + description: + - Dictionary of tags to look for and apply when creating a Peering Connection. + required: false + type: dict + state: + description: + - Create, delete, accept, reject a peering connection. + required: false + default: present + choices: ['present', 'absent', 'accept', 'reject'] + type: str +author: Mike Mochan (@mmochan) +extends_documentation_fragment: +- ansible.amazon.aws +- ansible.amazon.ec2 + +requirements: [ botocore, boto3, json ] +''' + +EXAMPLES = ''' +# Complete example to create and accept a local peering connection. +- name: Create local account VPC peering Connection + ec2_vpc_peer: + region: ap-southeast-2 + vpc_id: vpc-12345678 + peer_vpc_id: vpc-87654321 + state: present + tags: + Name: Peering connection for VPC 21 to VPC 22 + CostCode: CC1234 + Project: phoenix + register: vpc_peer + +- name: Accept local VPC peering request + ec2_vpc_peer: + region: ap-southeast-2 + peering_id: "{{ vpc_peer.peering_id }}" + state: accept + register: action_peer + +# Complete example to delete a local peering connection. +- name: Create local account VPC peering Connection + ec2_vpc_peer: + region: ap-southeast-2 + vpc_id: vpc-12345678 + peer_vpc_id: vpc-87654321 + state: present + tags: + Name: Peering connection for VPC 21 to VPC 22 + CostCode: CC1234 + Project: phoenix + register: vpc_peer + +- name: delete a local VPC peering Connection + ec2_vpc_peer: + region: ap-southeast-2 + peering_id: "{{ vpc_peer.peering_id }}" + state: absent + register: vpc_peer + + # Complete example to create and accept a cross account peering connection. +- name: Create cross account VPC peering Connection + ec2_vpc_peer: + region: ap-southeast-2 + vpc_id: vpc-12345678 + peer_vpc_id: vpc-12345678 + peer_owner_id: 123456789102 + state: present + tags: + Name: Peering connection for VPC 21 to VPC 22 + CostCode: CC1234 + Project: phoenix + register: vpc_peer + +- name: Accept peering connection from remote account + ec2_vpc_peer: + region: ap-southeast-2 + peering_id: "{{ vpc_peer.peering_id }}" + profile: bot03_profile_for_cross_account + state: accept + register: vpc_peer + +# Complete example to create and accept an intra-region peering connection. +- name: Create intra-region VPC peering Connection + ec2_vpc_peer: + region: us-east-1 + vpc_id: vpc-12345678 + peer_vpc_id: vpc-87654321 + peer_region: us-west-2 + state: present + tags: + Name: Peering connection for us-east-1 VPC to us-west-2 VPC + CostCode: CC1234 + Project: phoenix + register: vpc_peer + +- name: Accept peering connection from peer region + ec2_vpc_peer: + region: us-west-2 + peering_id: "{{ vpc_peer.peering_id }}" + state: accept + register: vpc_peer + +# Complete example to create and reject a local peering connection. +- name: Create local account VPC peering Connection + ec2_vpc_peer: + region: ap-southeast-2 + vpc_id: vpc-12345678 + peer_vpc_id: vpc-87654321 + state: present + tags: + Name: Peering connection for VPC 21 to VPC 22 + CostCode: CC1234 + Project: phoenix + register: vpc_peer + +- name: Reject a local VPC peering Connection + ec2_vpc_peer: + region: ap-southeast-2 + peering_id: "{{ vpc_peer.peering_id }}" + state: reject + +# Complete example to create and accept a cross account peering connection. +- name: Create cross account VPC peering Connection + ec2_vpc_peer: + region: ap-southeast-2 + vpc_id: vpc-12345678 + peer_vpc_id: vpc-12345678 + peer_owner_id: 123456789102 + state: present + tags: + Name: Peering connection for VPC 21 to VPC 22 + CostCode: CC1234 + Project: phoenix + register: vpc_peer + +- name: Accept a cross account VPC peering connection request + ec2_vpc_peer: + region: ap-southeast-2 + peering_id: "{{ vpc_peer.peering_id }}" + profile: bot03_profile_for_cross_account + state: accept + tags: + Name: Peering connection for VPC 21 to VPC 22 + CostCode: CC1234 + Project: phoenix + +# Complete example to create and reject a cross account peering connection. +- name: Create cross account VPC peering Connection + ec2_vpc_peer: + region: ap-southeast-2 + vpc_id: vpc-12345678 + peer_vpc_id: vpc-12345678 + peer_owner_id: 123456789102 + state: present + tags: + Name: Peering connection for VPC 21 to VPC 22 + CostCode: CC1234 + Project: phoenix + register: vpc_peer + +- name: Reject a cross account VPC peering Connection + ec2_vpc_peer: + region: ap-southeast-2 + peering_id: "{{ vpc_peer.peering_id }}" + profile: bot03_profile_for_cross_account + state: reject + +''' +RETURN = ''' +task: + description: The result of the create, accept, reject or delete action. + returned: success + type: dict +''' + +try: + import botocore +except ImportError: + pass # caught by imported HAS_BOTO3 + +import distutils.version +import traceback + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.ansible.amazon.plugins.module_utils.ec2 import boto3_conn, ec2_argument_spec, get_aws_connection_info, HAS_BOTO3 +from ansible_collections.ansible.amazon.plugins.module_utils.aws.core import is_boto3_error_code + + +def tags_changed(pcx_id, client, module): + changed = False + tags = dict() + if module.params.get('tags'): + tags = module.params.get('tags') + pcx = find_pcx_by_id(pcx_id, client, module) + if pcx['VpcPeeringConnections']: + pcx_values = [t.values() for t in pcx['VpcPeeringConnections'][0]['Tags']] + pcx_tags = [item for sublist in pcx_values for item in sublist] + tag_values = [[key, str(value)] for key, value in tags.items()] + tags = [item for sublist in tag_values for item in sublist] + if sorted(pcx_tags) == sorted(tags): + changed = False + elif tags: + delete_tags(pcx_id, client, module) + create_tags(pcx_id, client, module) + changed = True + return changed + + +def describe_peering_connections(params, client): + result = client.describe_vpc_peering_connections( + Filters=[ + {'Name': 'requester-vpc-info.vpc-id', 'Values': [params['VpcId']]}, + {'Name': 'accepter-vpc-info.vpc-id', 'Values': [params['PeerVpcId']]} + ] + ) + if result['VpcPeeringConnections'] == []: + result = client.describe_vpc_peering_connections( + Filters=[ + {'Name': 'requester-vpc-info.vpc-id', 'Values': [params['PeerVpcId']]}, + {'Name': 'accepter-vpc-info.vpc-id', 'Values': [params['VpcId']]} + ] + ) + return result + + +def is_active(peering_conn): + return peering_conn['Status']['Code'] == 'active' + + +def is_pending(peering_conn): + return peering_conn['Status']['Code'] == 'pending-acceptance' + + +def create_peer_connection(client, module): + changed = False + params = dict() + params['VpcId'] = module.params.get('vpc_id') + params['PeerVpcId'] = module.params.get('peer_vpc_id') + if module.params.get('peer_region'): + if distutils.version.StrictVersion(botocore.__version__) < distutils.version.StrictVersion('1.8.6'): + module.fail_json(msg="specifying peer_region parameter requires botocore >= 1.8.6") + params['PeerRegion'] = module.params.get('peer_region') + if module.params.get('peer_owner_id'): + params['PeerOwnerId'] = str(module.params.get('peer_owner_id')) + peering_conns = describe_peering_connections(params, client) + for peering_conn in peering_conns['VpcPeeringConnections']: + pcx_id = peering_conn['VpcPeeringConnectionId'] + if tags_changed(pcx_id, client, module): + changed = True + if is_active(peering_conn): + return (changed, peering_conn['VpcPeeringConnectionId']) + if is_pending(peering_conn): + return (changed, peering_conn['VpcPeeringConnectionId']) + try: + peering_conn = client.create_vpc_peering_connection(**params) + pcx_id = peering_conn['VpcPeeringConnection']['VpcPeeringConnectionId'] + if module.params.get('tags'): + create_tags(pcx_id, client, module) + changed = True + return (changed, peering_conn['VpcPeeringConnection']['VpcPeeringConnectionId']) + except botocore.exceptions.ClientError as e: + module.fail_json(msg=str(e)) + + +def remove_peer_connection(client, module): + pcx_id = module.params.get('peering_id') + if not pcx_id: + params = dict() + params['VpcId'] = module.params.get('vpc_id') + params['PeerVpcId'] = module.params.get('peer_vpc_id') + params['PeerRegion'] = module.params.get('peer_region') + if module.params.get('peer_owner_id'): + params['PeerOwnerId'] = str(module.params.get('peer_owner_id')) + peering_conns = describe_peering_connections(params, client) + if not peering_conns: + module.exit_json(changed=False) + else: + pcx_id = peering_conns['VpcPeeringConnections'][0]['VpcPeeringConnectionId'] + + try: + params = dict() + params['VpcPeeringConnectionId'] = pcx_id + client.delete_vpc_peering_connection(**params) + module.exit_json(changed=True) + except botocore.exceptions.ClientError as e: + module.fail_json(msg=str(e)) + + +def peer_status(client, module): + params = dict() + params['VpcPeeringConnectionIds'] = [module.params.get('peering_id')] + try: + vpc_peering_connection = client.describe_vpc_peering_connections(**params) + return vpc_peering_connection['VpcPeeringConnections'][0]['Status']['Code'] + except is_boto3_error_code('InvalidVpcPeeringConnectionId.Malformed') as e: # pylint: disable=duplicate-except + module.fail_json(msg='Malformed connection ID: {0}'.format(e), traceback=traceback.format_exc()) + except botocore.exceptions.ClientError as e: # pylint: disable=duplicate-except + module.fail_json(msg='Error while describing peering connection by peering_id: {0}'.format(e), traceback=traceback.format_exc()) + + +def accept_reject(state, client, module): + changed = False + params = dict() + params['VpcPeeringConnectionId'] = module.params.get('peering_id') + if peer_status(client, module) != 'active': + try: + if state == 'accept': + client.accept_vpc_peering_connection(**params) + else: + client.reject_vpc_peering_connection(**params) + if module.params.get('tags'): + create_tags(params['VpcPeeringConnectionId'], client, module) + changed = True + except botocore.exceptions.ClientError as e: + module.fail_json(msg=str(e)) + if tags_changed(params['VpcPeeringConnectionId'], client, module): + changed = True + return changed, params['VpcPeeringConnectionId'] + + +def load_tags(module): + tags = [] + if module.params.get('tags'): + for name, value in module.params.get('tags').items(): + tags.append({'Key': name, 'Value': str(value)}) + return tags + + +def create_tags(pcx_id, client, module): + try: + delete_tags(pcx_id, client, module) + client.create_tags(Resources=[pcx_id], Tags=load_tags(module)) + except botocore.exceptions.ClientError as e: + module.fail_json(msg=str(e)) + + +def delete_tags(pcx_id, client, module): + try: + client.delete_tags(Resources=[pcx_id]) + except botocore.exceptions.ClientError as e: + module.fail_json(msg=str(e)) + + +def find_pcx_by_id(pcx_id, client, module): + try: + return client.describe_vpc_peering_connections(VpcPeeringConnectionIds=[pcx_id]) + except botocore.exceptions.ClientError as e: + module.fail_json(msg=str(e)) + + +def main(): + argument_spec = ec2_argument_spec() + argument_spec.update( + dict( + vpc_id=dict(), + peer_vpc_id=dict(), + peer_region=dict(), + peering_id=dict(), + peer_owner_id=dict(), + tags=dict(required=False, type='dict'), + profile=dict(), + state=dict(default='present', choices=['present', 'absent', 'accept', 'reject']) + ) + ) + required_if = [ + ('state', 'present', ['vpc_id', 'peer_vpc_id']), + ('state', 'accept', ['peering_id']), + ('state', 'reject', ['peering_id']) + ] + + module = AnsibleModule(argument_spec=argument_spec, required_if=required_if) + + if not HAS_BOTO3: + module.fail_json(msg='json, botocore and boto3 are required.') + state = module.params.get('state') + peering_id = module.params.get('peering_id') + vpc_id = module.params.get('vpc_id') + peer_vpc_id = module.params.get('peer_vpc_id') + try: + region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module, boto3=True) + client = boto3_conn(module, conn_type='client', resource='ec2', + region=region, endpoint=ec2_url, **aws_connect_kwargs) + except botocore.exceptions.NoCredentialsError as e: + module.fail_json(msg="Can't authorize connection - " + str(e)) + + if state == 'present': + (changed, results) = create_peer_connection(client, module) + module.exit_json(changed=changed, peering_id=results) + elif state == 'absent': + if not peering_id and (not vpc_id or not peer_vpc_id): + module.fail_json(msg='state is absent but one of the following is missing: peering_id or [vpc_id, peer_vpc_id]') + + remove_peer_connection(client, module) + else: + (changed, results) = accept_reject(state, client, module) + module.exit_json(changed=changed, peering_id=results) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/ec2_vpc_peering_facts.py b/plugins/modules/ec2_vpc_peering_facts.py new file mode 120000 index 00000000000..074baf65a0f --- /dev/null +++ b/plugins/modules/ec2_vpc_peering_facts.py @@ -0,0 +1 @@ +ec2_vpc_peering_info.py \ No newline at end of file diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py new file mode 100644 index 00000000000..4fe5a4a1bd1 --- /dev/null +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -0,0 +1,149 @@ +#!/usr/bin/python +# Copyright: Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +module: ec2_vpc_peering_info +short_description: Retrieves AWS VPC Peering details using AWS methods. +description: + - Gets various details related to AWS VPC Peers + - This module was called C(ec2_vpc_peering_facts) before Ansible 2.9. The usage did not change. +requirements: [ boto3 ] +options: + peer_connection_ids: + description: + - List of specific VPC peer IDs to get details for. + type: list + elements: str + filters: + description: + - A dict of filters to apply. Each dict item consists of a filter key and a filter value. + See U(https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcPeeringConnections.html) + for possible filters. + type: dict +author: Karen Cheng (@Etherdaemon) +extends_documentation_fragment: +- ansible.amazon.aws +- ansible.amazon.ec2 + +''' + +EXAMPLES = ''' +# Simple example of listing all VPC Peers +- name: List all vpc peers + ec2_vpc_peering_info: + region: ap-southeast-2 + register: all_vpc_peers + +- name: Debugging the result + debug: + msg: "{{ all_vpc_peers.result }}" + +- name: Get details on specific VPC peer + ec2_vpc_peering_info: + peer_connection_ids: + - pcx-12345678 + - pcx-87654321 + region: ap-southeast-2 + register: all_vpc_peers + +- name: Get all vpc peers with specific filters + ec2_vpc_peering_info: + region: ap-southeast-2 + filters: + status-code: ['pending-acceptance'] + register: pending_vpc_peers +''' + +RETURN = ''' +result: + description: The result of the describe. + returned: success + type: list +''' + +import json + +try: + import botocore +except ImportError: + pass # will be picked up by imported HAS_BOTO3 + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.ansible.amazon.plugins.module_utils.ec2 import (boto3_tag_list_to_ansible_dict, + ec2_argument_spec, boto3_conn, get_aws_connection_info, + ansible_dict_to_boto3_filter_list, HAS_BOTO3, camel_dict_to_snake_dict) + + +def date_handler(obj): + return obj.isoformat() if hasattr(obj, 'isoformat') else obj + + +def get_vpc_peers(client, module): + params = dict() + params['Filters'] = ansible_dict_to_boto3_filter_list(module.params.get('filters')) + if module.params.get('peer_connection_ids'): + params['VpcPeeringConnectionIds'] = module.params.get('peer_connection_ids') + try: + result = json.loads(json.dumps(client.describe_vpc_peering_connections(**params), default=date_handler)) + except Exception as e: + module.fail_json(msg=str(e.message)) + + return result['VpcPeeringConnections'] + + +def main(): + argument_spec = ec2_argument_spec() + argument_spec.update( + dict( + filters=dict(default=dict(), type='dict'), + peer_connection_ids=dict(default=None, type='list'), + ) + ) + + module = AnsibleModule(argument_spec=argument_spec, + supports_check_mode=True) + if module._name == 'ec2_vpc_peering_facts': + module.deprecate("The 'ec2_vpc_peering_facts' module has been renamed to 'ec2_vpc_peering_info'", version='2.13') + + # Validate Requirements + if not HAS_BOTO3: + module.fail_json(msg='botocore and boto3 are required.') + + try: + region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module, boto3=True) + except NameError as e: + # Getting around the get_aws_connection_info boto reliance for region + if "global name 'boto' is not defined" in e.message: + module.params['region'] = botocore.session.get_session().get_config_variable('region') + if not module.params['region']: + module.fail_json(msg="Error - no region provided") + else: + module.fail_json(msg="Can't retrieve connection information - " + str(e)) + + try: + region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module, boto3=True) + ec2 = boto3_conn(module, conn_type='client', resource='ec2', region=region, endpoint=ec2_url, **aws_connect_kwargs) + except botocore.exceptions.NoCredentialsError as e: + module.fail_json(msg=str(e)) + + # Turn the boto3 result in to ansible friendly_snaked_names + results = [camel_dict_to_snake_dict(peer) for peer in get_vpc_peers(ec2, module)] + + # Turn the boto3 result in to ansible friendly tag dictionary + for peer in results: + peer['tags'] = boto3_tag_list_to_ansible_dict(peer.get('tags', [])) + + module.exit_json(result=results) + + +if __name__ == '__main__': + main() From 9e2c918ab3ef407271f81c90ed6fa19d8a1ea27b Mon Sep 17 00:00:00 2001 From: jillr Date: Tue, 3 Mar 2020 19:43:21 +0000 Subject: [PATCH 02/47] migration test cleanup This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/13b104b912784bb31a0bff23eed4c27b0f5e0283 --- plugins/modules/ec2_vpc_peering_info.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index 4fe5a4a1bd1..b30fb43bf59 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -79,8 +79,13 @@ from ansible.module_utils.basic import AnsibleModule from ansible_collections.ansible.amazon.plugins.module_utils.ec2 import (boto3_tag_list_to_ansible_dict, - ec2_argument_spec, boto3_conn, get_aws_connection_info, - ansible_dict_to_boto3_filter_list, HAS_BOTO3, camel_dict_to_snake_dict) + ec2_argument_spec, + boto3_conn, + get_aws_connection_info, + ansible_dict_to_boto3_filter_list, + HAS_BOTO3, + camel_dict_to_snake_dict, + ) def date_handler(obj): From 279f0ba9b42d4fe1f0ef23f18836ca513ecf300d Mon Sep 17 00:00:00 2001 From: Jill R <4121322+jillr@users.noreply.github.com> Date: Wed, 25 Mar 2020 15:39:40 -0700 Subject: [PATCH 03/47] Rename collection (#12) * Rename core collection Rename references to ansible.amazon to amazon.aws. * Rename community.amazon to community.aws Fix pep8 line lengths for rewritten amazon.aws imports * Missed a path in shippable.sh * Dependency repos moved This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/235c5db571cc45db5839476c94356c9b91e1f228 --- plugins/modules/ec2_vpc_peer.py | 8 ++++---- plugins/modules/ec2_vpc_peering_info.py | 20 ++++++++++---------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index 9e1cdd06112..28de7788ef0 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -57,8 +57,8 @@ type: str author: Mike Mochan (@mmochan) extends_documentation_fragment: -- ansible.amazon.aws -- ansible.amazon.ec2 +- amazon.aws.aws +- amazon.aws.ec2 requirements: [ botocore, boto3, json ] ''' @@ -229,8 +229,8 @@ import traceback from ansible.module_utils.basic import AnsibleModule -from ansible_collections.ansible.amazon.plugins.module_utils.ec2 import boto3_conn, ec2_argument_spec, get_aws_connection_info, HAS_BOTO3 -from ansible_collections.ansible.amazon.plugins.module_utils.aws.core import is_boto3_error_code +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_conn, ec2_argument_spec, get_aws_connection_info, HAS_BOTO3 +from ansible_collections.amazon.aws.plugins.module_utils.aws.core import is_boto3_error_code def tags_changed(pcx_id, client, module): diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index b30fb43bf59..2561a209283 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -31,8 +31,8 @@ type: dict author: Karen Cheng (@Etherdaemon) extends_documentation_fragment: -- ansible.amazon.aws -- ansible.amazon.ec2 +- amazon.aws.aws +- amazon.aws.ec2 ''' @@ -78,14 +78,14 @@ pass # will be picked up by imported HAS_BOTO3 from ansible.module_utils.basic import AnsibleModule -from ansible_collections.ansible.amazon.plugins.module_utils.ec2 import (boto3_tag_list_to_ansible_dict, - ec2_argument_spec, - boto3_conn, - get_aws_connection_info, - ansible_dict_to_boto3_filter_list, - HAS_BOTO3, - camel_dict_to_snake_dict, - ) +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import (boto3_tag_list_to_ansible_dict, + ec2_argument_spec, + boto3_conn, + get_aws_connection_info, + ansible_dict_to_boto3_filter_list, + HAS_BOTO3, + camel_dict_to_snake_dict, + ) def date_handler(obj): From 81e448b08c042b90f5d26f06ea916646f1860aa9 Mon Sep 17 00:00:00 2001 From: Jill R <4121322+jillr@users.noreply.github.com> Date: Tue, 19 May 2020 16:06:12 -0700 Subject: [PATCH 04/47] Remove METADATA and cleanup galaxy.yml (#70) * Remove ANSIBLE_METADATA entirely, see ansible/ansible/pull/69454. Remove `license` field from galaxy.yml, in favor of `license_file`. This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/05672a64e2362cc2d865b5af6a57da6bc3cd08e3 --- plugins/modules/ec2_vpc_peer.py | 5 ----- plugins/modules/ec2_vpc_peering_info.py | 4 ---- 2 files changed, 9 deletions(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index 28de7788ef0..c029eb5afa0 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -6,11 +6,6 @@ __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['stableinterface'], - 'supported_by': 'community'} - - DOCUMENTATION = ''' module: ec2_vpc_peer short_description: create, delete, accept, and reject VPC peering connections between two VPCs. diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index 2561a209283..008f75fbd10 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -6,10 +6,6 @@ __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} - DOCUMENTATION = ''' module: ec2_vpc_peering_info short_description: Retrieves AWS VPC Peering details using AWS methods. From 4d8dab7f0d43bc662427d46f19b75532efd18afc Mon Sep 17 00:00:00 2001 From: Jill R <4121322+jillr@users.noreply.github.com> Date: Tue, 16 Jun 2020 11:23:52 -0700 Subject: [PATCH 05/47] Collections related fixes for CI (#96) * Update module deprecations Switch version to `removed_at_date` * Don't install amazon.aws from galaxy We've been using galaxy to install amazon.aws in shippable, but that doesn't really work if we aren't publising faster. Get that collection from git so it is most up to date. * We need to declare python test deps now * missed a python dep This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/7cd211e9383db26bc2aa4cc06e657cf60ed0acc0 --- plugins/modules/ec2_vpc_peering_info.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index 008f75fbd10..75af1b65613 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -113,7 +113,7 @@ def main(): module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) if module._name == 'ec2_vpc_peering_facts': - module.deprecate("The 'ec2_vpc_peering_facts' module has been renamed to 'ec2_vpc_peering_info'", version='2.13') + module.deprecate("The 'ec2_vpc_peering_facts' module has been renamed to 'ec2_vpc_peering_info'", date='2021-12-01', collection_name='community.aws') # Validate Requirements if not HAS_BOTO3: From 42ae9be9f64cd1b54a6f6afea5c9fce79839fe08 Mon Sep 17 00:00:00 2001 From: Abhijeet Kasurde Date: Wed, 17 Jun 2020 01:24:54 +0530 Subject: [PATCH 06/47] Update Examples with FQCN (#67) Updated module examples with FQCN Signed-off-by: Abhijeet Kasurde This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/98173aefbbceed7fc0d9db62687b73f96a55a999 --- plugins/modules/ec2_vpc_peer.py | 28 ++++++++++++------------- plugins/modules/ec2_vpc_peering_info.py | 6 +++--- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index c029eb5afa0..b8e263c1242 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -61,7 +61,7 @@ EXAMPLES = ''' # Complete example to create and accept a local peering connection. - name: Create local account VPC peering Connection - ec2_vpc_peer: + community.aws.ec2_vpc_peer: region: ap-southeast-2 vpc_id: vpc-12345678 peer_vpc_id: vpc-87654321 @@ -73,7 +73,7 @@ register: vpc_peer - name: Accept local VPC peering request - ec2_vpc_peer: + community.aws.ec2_vpc_peer: region: ap-southeast-2 peering_id: "{{ vpc_peer.peering_id }}" state: accept @@ -81,7 +81,7 @@ # Complete example to delete a local peering connection. - name: Create local account VPC peering Connection - ec2_vpc_peer: + community.aws.ec2_vpc_peer: region: ap-southeast-2 vpc_id: vpc-12345678 peer_vpc_id: vpc-87654321 @@ -93,7 +93,7 @@ register: vpc_peer - name: delete a local VPC peering Connection - ec2_vpc_peer: + community.aws.ec2_vpc_peer: region: ap-southeast-2 peering_id: "{{ vpc_peer.peering_id }}" state: absent @@ -101,7 +101,7 @@ # Complete example to create and accept a cross account peering connection. - name: Create cross account VPC peering Connection - ec2_vpc_peer: + community.aws.ec2_vpc_peer: region: ap-southeast-2 vpc_id: vpc-12345678 peer_vpc_id: vpc-12345678 @@ -114,7 +114,7 @@ register: vpc_peer - name: Accept peering connection from remote account - ec2_vpc_peer: + community.aws.ec2_vpc_peer: region: ap-southeast-2 peering_id: "{{ vpc_peer.peering_id }}" profile: bot03_profile_for_cross_account @@ -123,7 +123,7 @@ # Complete example to create and accept an intra-region peering connection. - name: Create intra-region VPC peering Connection - ec2_vpc_peer: + community.aws.ec2_vpc_peer: region: us-east-1 vpc_id: vpc-12345678 peer_vpc_id: vpc-87654321 @@ -136,7 +136,7 @@ register: vpc_peer - name: Accept peering connection from peer region - ec2_vpc_peer: + community.aws.ec2_vpc_peer: region: us-west-2 peering_id: "{{ vpc_peer.peering_id }}" state: accept @@ -144,7 +144,7 @@ # Complete example to create and reject a local peering connection. - name: Create local account VPC peering Connection - ec2_vpc_peer: + community.aws.ec2_vpc_peer: region: ap-southeast-2 vpc_id: vpc-12345678 peer_vpc_id: vpc-87654321 @@ -156,14 +156,14 @@ register: vpc_peer - name: Reject a local VPC peering Connection - ec2_vpc_peer: + community.aws.ec2_vpc_peer: region: ap-southeast-2 peering_id: "{{ vpc_peer.peering_id }}" state: reject # Complete example to create and accept a cross account peering connection. - name: Create cross account VPC peering Connection - ec2_vpc_peer: + community.aws.ec2_vpc_peer: region: ap-southeast-2 vpc_id: vpc-12345678 peer_vpc_id: vpc-12345678 @@ -176,7 +176,7 @@ register: vpc_peer - name: Accept a cross account VPC peering connection request - ec2_vpc_peer: + community.aws.ec2_vpc_peer: region: ap-southeast-2 peering_id: "{{ vpc_peer.peering_id }}" profile: bot03_profile_for_cross_account @@ -188,7 +188,7 @@ # Complete example to create and reject a cross account peering connection. - name: Create cross account VPC peering Connection - ec2_vpc_peer: + community.aws.ec2_vpc_peer: region: ap-southeast-2 vpc_id: vpc-12345678 peer_vpc_id: vpc-12345678 @@ -201,7 +201,7 @@ register: vpc_peer - name: Reject a cross account VPC peering Connection - ec2_vpc_peer: + community.aws.ec2_vpc_peer: region: ap-southeast-2 peering_id: "{{ vpc_peer.peering_id }}" profile: bot03_profile_for_cross_account diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index 75af1b65613..8472fc4f58c 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -35,7 +35,7 @@ EXAMPLES = ''' # Simple example of listing all VPC Peers - name: List all vpc peers - ec2_vpc_peering_info: + community.aws.ec2_vpc_peering_info: region: ap-southeast-2 register: all_vpc_peers @@ -44,7 +44,7 @@ msg: "{{ all_vpc_peers.result }}" - name: Get details on specific VPC peer - ec2_vpc_peering_info: + community.aws.ec2_vpc_peering_info: peer_connection_ids: - pcx-12345678 - pcx-87654321 @@ -52,7 +52,7 @@ register: all_vpc_peers - name: Get all vpc peers with specific filters - ec2_vpc_peering_info: + community.aws.ec2_vpc_peering_info: region: ap-southeast-2 filters: status-code: ['pending-acceptance'] From 5c1f7d131593a09a9afc5278adc42a1fba497c4e Mon Sep 17 00:00:00 2001 From: flowerysong Date: Tue, 16 Jun 2020 19:30:00 -0400 Subject: [PATCH 07/47] Update module_utils paths to remove aws subdir (#23) Co-authored-by: Ezekiel Hendrickson This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/10853d9441a586ba177006dd889325cfb24a3dd6 --- plugins/modules/ec2_vpc_peer.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index b8e263c1242..5c94d4e399b 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -225,7 +225,7 @@ from ansible.module_utils.basic import AnsibleModule from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_conn, ec2_argument_spec, get_aws_connection_info, HAS_BOTO3 -from ansible_collections.amazon.aws.plugins.module_utils.aws.core import is_boto3_error_code +from ansible_collections.amazon.aws.plugins.module_utils.core import is_boto3_error_code def tags_changed(pcx_id, client, module): From 264533a1496aa1c5e54de699690ed888e6b3f0b1 Mon Sep 17 00:00:00 2001 From: Jill R <4121322+jillr@users.noreply.github.com> Date: Wed, 17 Jun 2020 09:31:32 -0700 Subject: [PATCH 08/47] Update docs (#99) * Update docs Remove .git from repo url so links in readme will generate correctly Add required ansible version Run latest version of add_docs.py Add version_added string to modules * galaxy.yml was missing authors This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/96ee268e5267f5b12c3d59892bc1279f75aa3135 --- plugins/modules/ec2_vpc_peer.py | 1 + plugins/modules/ec2_vpc_peering_info.py | 1 + 2 files changed, 2 insertions(+) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index 5c94d4e399b..2a08618a73f 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -9,6 +9,7 @@ DOCUMENTATION = ''' module: ec2_vpc_peer short_description: create, delete, accept, and reject VPC peering connections between two VPCs. +version_added: 1.0.0 description: - Read the AWS documentation for VPC Peering Connections U(https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html). diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index 8472fc4f58c..f552358e362 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -9,6 +9,7 @@ DOCUMENTATION = ''' module: ec2_vpc_peering_info short_description: Retrieves AWS VPC Peering details using AWS methods. +version_added: 1.0.0 description: - Gets various details related to AWS VPC Peers - This module was called C(ec2_vpc_peering_facts) before Ansible 2.9. The usage did not change. From 5bd452c120007ffd21108511691cd6da783bb13c Mon Sep 17 00:00:00 2001 From: Abhijeet Kasurde Date: Thu, 16 Jul 2020 01:31:41 +0530 Subject: [PATCH 09/47] Docs: sanity fixes (#133) Signed-off-by: Abhijeet Kasurde This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/059cf9efc95bb976de21ab4f8e4d9ddd001983fc --- plugins/modules/ec2_vpc_peering_info.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index f552358e362..2d577227fac 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -6,7 +6,7 @@ __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r''' module: ec2_vpc_peering_info short_description: Retrieves AWS VPC Peering details using AWS methods. version_added: 1.0.0 @@ -33,7 +33,7 @@ ''' -EXAMPLES = ''' +EXAMPLES = r''' # Simple example of listing all VPC Peers - name: List all vpc peers community.aws.ec2_vpc_peering_info: @@ -60,7 +60,7 @@ register: pending_vpc_peers ''' -RETURN = ''' +RETURN = r''' result: description: The result of the describe. returned: success @@ -107,7 +107,7 @@ def main(): argument_spec.update( dict( filters=dict(default=dict(), type='dict'), - peer_connection_ids=dict(default=None, type='list'), + peer_connection_ids=dict(default=None, type='list', elements='str'), ) ) From b92d54f8c0d40699baedfbb32fdc618628089f52 Mon Sep 17 00:00:00 2001 From: Andrew Klychkov Date: Fri, 17 Jul 2020 21:10:09 +0300 Subject: [PATCH 10/47] aws modules: fix examples to use FQCN for builtin modules/plugins (#144) This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/92bebdd5ab3019bbdeee55e8a69c9d903deeac49 --- plugins/modules/ec2_vpc_peering_info.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index 2d577227fac..cffcf6f9aed 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -41,7 +41,7 @@ register: all_vpc_peers - name: Debugging the result - debug: + ansible.builtin.debug: msg: "{{ all_vpc_peers.result }}" - name: Get details on specific VPC peer From 9eb131f2f6f9c6fbda23a56b6170edba9fec407d Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Sat, 1 Aug 2020 14:59:33 +0200 Subject: [PATCH 11/47] ec2_vpc_peer: Remove duplicate 'profile' parameter, it's automatically added by ec2_argument_spec (#171) This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/8d6b6528c67dc4b1749443767ceceb2c0be508bc --- plugins/modules/ec2_vpc_peer.py | 1 - 1 file changed, 1 deletion(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index 2a08618a73f..99c8139b6a4 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -401,7 +401,6 @@ def main(): peering_id=dict(), peer_owner_id=dict(), tags=dict(required=False, type='dict'), - profile=dict(), state=dict(default='present', choices=['present', 'absent', 'accept', 'reject']) ) ) From cd89b31a948668d38a1a90a3d5a8da07ceb7a6c2 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Wed, 12 Aug 2020 13:06:35 +0200 Subject: [PATCH 12/47] Bulk migration to AnsibleAWSModule (#173) * Update comments to reference AnsibleAWSModule rather than AnsibleModule * Bulk re-order imports and split onto one from import per-line. * Add AnsibleAWSModule imports * Migrate boto 2 based modules to AnsibleAWSModule * Move boto3-only modules over to AnsibleAWSModule * Remove extra ec2_argument_spec calls - not needed now we're using AnsibleAWSModule * Remove most HAS_BOTO3 code, it's handled by AnsibleAWSModule * Handle missing Boto 2 consistently (HAS_BOTO) * Remove AnsibleModule imports * Changelog fragment This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/818c6d2faa046974a9bdfa9346122d11e5bef3b1 --- plugins/modules/ec2_vpc_peer.py | 30 ++++++++++------------ plugins/modules/ec2_vpc_peering_info.py | 34 +++++++++---------------- 2 files changed, 25 insertions(+), 39 deletions(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index 99c8139b6a4..9b74a5f2c3f 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -219,13 +219,14 @@ try: import botocore except ImportError: - pass # caught by imported HAS_BOTO3 + pass # Handled by AnsibleAWSModule import distutils.version import traceback -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_conn, ec2_argument_spec, get_aws_connection_info, HAS_BOTO3 +from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_conn +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import get_aws_connection_info from ansible_collections.amazon.aws.plugins.module_utils.core import is_boto3_error_code @@ -392,17 +393,14 @@ def find_pcx_by_id(pcx_id, client, module): def main(): - argument_spec = ec2_argument_spec() - argument_spec.update( - dict( - vpc_id=dict(), - peer_vpc_id=dict(), - peer_region=dict(), - peering_id=dict(), - peer_owner_id=dict(), - tags=dict(required=False, type='dict'), - state=dict(default='present', choices=['present', 'absent', 'accept', 'reject']) - ) + argument_spec = dict( + vpc_id=dict(), + peer_vpc_id=dict(), + peer_region=dict(), + peering_id=dict(), + peer_owner_id=dict(), + tags=dict(required=False, type='dict'), + state=dict(default='present', choices=['present', 'absent', 'accept', 'reject']), ) required_if = [ ('state', 'present', ['vpc_id', 'peer_vpc_id']), @@ -410,10 +408,8 @@ def main(): ('state', 'reject', ['peering_id']) ] - module = AnsibleModule(argument_spec=argument_spec, required_if=required_if) + module = AnsibleAWSModule(argument_spec=argument_spec, required_if=required_if) - if not HAS_BOTO3: - module.fail_json(msg='json, botocore and boto3 are required.') state = module.params.get('state') peering_id = module.params.get('peering_id') vpc_id = module.params.get('vpc_id') diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index cffcf6f9aed..acd5aed83e1 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -72,17 +72,14 @@ try: import botocore except ImportError: - pass # will be picked up by imported HAS_BOTO3 + pass # Handled by AnsibleAWSModule -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import (boto3_tag_list_to_ansible_dict, - ec2_argument_spec, - boto3_conn, - get_aws_connection_info, - ansible_dict_to_boto3_filter_list, - HAS_BOTO3, - camel_dict_to_snake_dict, - ) +from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_conn +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import get_aws_connection_info +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ansible_dict_to_boto3_filter_list +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict def date_handler(obj): @@ -103,23 +100,16 @@ def get_vpc_peers(client, module): def main(): - argument_spec = ec2_argument_spec() - argument_spec.update( - dict( - filters=dict(default=dict(), type='dict'), - peer_connection_ids=dict(default=None, type='list', elements='str'), - ) + argument_spec = dict( + filters=dict(default=dict(), type='dict'), + peer_connection_ids=dict(default=None, type='list', elements='str'), ) - module = AnsibleModule(argument_spec=argument_spec, - supports_check_mode=True) + module = AnsibleAWSModule(argument_spec=argument_spec, + supports_check_mode=True,) if module._name == 'ec2_vpc_peering_facts': module.deprecate("The 'ec2_vpc_peering_facts' module has been renamed to 'ec2_vpc_peering_info'", date='2021-12-01', collection_name='community.aws') - # Validate Requirements - if not HAS_BOTO3: - module.fail_json(msg='botocore and boto3 are required.') - try: region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module, boto3=True) except NameError as e: From d7c4efef9343c13df74aa972f7875a3f39ffa296 Mon Sep 17 00:00:00 2001 From: Vincent Vinet Date: Sat, 15 Aug 2020 09:11:59 -0400 Subject: [PATCH 13/47] =?UTF-8?q?Python=203=20compatibility=20error=20hand?= =?UTF-8?q?ling:=20use=20to=5Fnative(e)=20instead=20of=20str(e)=20or=20e.m?= =?UTF-8?q?e=E2=80=A6=20(#26)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Py3 compat error handling: use to_native(e) instead of str(e) or e.message * PR comment changes, use fail_json_aws and is_boto3_error_code This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/ffe14f95186399dc080019554035021015765872 --- plugins/modules/ec2_vpc_peering_info.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index acd5aed83e1..423a04962da 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -74,6 +74,7 @@ except ImportError: pass # Handled by AnsibleAWSModule +from ansible.module_utils._text import to_native from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_conn @@ -94,7 +95,7 @@ def get_vpc_peers(client, module): try: result = json.loads(json.dumps(client.describe_vpc_peering_connections(**params), default=date_handler)) except Exception as e: - module.fail_json(msg=str(e.message)) + module.fail_json(msg=to_native(e)) return result['VpcPeeringConnections'] @@ -114,7 +115,7 @@ def main(): region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module, boto3=True) except NameError as e: # Getting around the get_aws_connection_info boto reliance for region - if "global name 'boto' is not defined" in e.message: + if "global name 'boto' is not defined" in to_native(e): module.params['region'] = botocore.session.get_session().get_config_variable('region') if not module.params['region']: module.fail_json(msg="Error - no region provided") From c8334fcb6e0da7d995b029b8bc42c0417f7b33de Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Wed, 26 Aug 2020 11:35:32 +0200 Subject: [PATCH 14/47] Cleanup: Bulk Migration from boto3_conn to module.client() (#188) * Migrate from boto3_conn to module.client * Simplify error handling when creating connections * Simplify Region handling * Remove unused imports * Changelog This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/6bdf00d2198927bdaa119ae76ddd379a8b6eeb3d --- plugins/modules/ec2_vpc_peer.py | 11 ++++------- plugins/modules/ec2_vpc_peering_info.py | 20 +++----------------- 2 files changed, 7 insertions(+), 24 deletions(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index 9b74a5f2c3f..31f6ea203a7 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -225,8 +225,6 @@ import traceback from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_conn -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import get_aws_connection_info from ansible_collections.amazon.aws.plugins.module_utils.core import is_boto3_error_code @@ -414,12 +412,11 @@ def main(): peering_id = module.params.get('peering_id') vpc_id = module.params.get('vpc_id') peer_vpc_id = module.params.get('peer_vpc_id') + try: - region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module, boto3=True) - client = boto3_conn(module, conn_type='client', resource='ec2', - region=region, endpoint=ec2_url, **aws_connect_kwargs) - except botocore.exceptions.NoCredentialsError as e: - module.fail_json(msg="Can't authorize connection - " + str(e)) + client = module.client('ec2') + except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: + module.fail_json_aws(e, msg='Failed to connect to AWS') if state == 'present': (changed, results) = create_peer_connection(client, module) diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index 423a04962da..117992e76c6 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -77,8 +77,6 @@ from ansible.module_utils._text import to_native from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_conn -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import get_aws_connection_info from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ansible_dict_to_boto3_filter_list from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict @@ -112,21 +110,9 @@ def main(): module.deprecate("The 'ec2_vpc_peering_facts' module has been renamed to 'ec2_vpc_peering_info'", date='2021-12-01', collection_name='community.aws') try: - region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module, boto3=True) - except NameError as e: - # Getting around the get_aws_connection_info boto reliance for region - if "global name 'boto' is not defined" in to_native(e): - module.params['region'] = botocore.session.get_session().get_config_variable('region') - if not module.params['region']: - module.fail_json(msg="Error - no region provided") - else: - module.fail_json(msg="Can't retrieve connection information - " + str(e)) - - try: - region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module, boto3=True) - ec2 = boto3_conn(module, conn_type='client', resource='ec2', region=region, endpoint=ec2_url, **aws_connect_kwargs) - except botocore.exceptions.NoCredentialsError as e: - module.fail_json(msg=str(e)) + ec2 = module.client('ec2') + except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: + module.fail_json_aws(e, msg='Failed to connect to AWS') # Turn the boto3 result in to ansible friendly_snaked_names results = [camel_dict_to_snake_dict(peer) for peer in get_vpc_peers(ec2, module)] From 49c9774829a4ed082c2ae750f115c0a57570870a Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Wed, 16 Dec 2020 21:06:15 +0100 Subject: [PATCH 15/47] Use botocore_at_least rather than LooseVersion/StrictVersion directly (#280) * Use botocore_at_least rather than LooseVersion/StrictVersion directly * changelog This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/46102ffd4566291c5a31407ce7b14c78c2dfabaa --- plugins/modules/ec2_vpc_peer.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index 31f6ea203a7..c7efeff3829 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -221,7 +221,6 @@ except ImportError: pass # Handled by AnsibleAWSModule -import distutils.version import traceback from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule @@ -279,7 +278,7 @@ def create_peer_connection(client, module): params['VpcId'] = module.params.get('vpc_id') params['PeerVpcId'] = module.params.get('peer_vpc_id') if module.params.get('peer_region'): - if distutils.version.StrictVersion(botocore.__version__) < distutils.version.StrictVersion('1.8.6'): + if not module.botocore_at_least('1.8.6'): module.fail_json(msg="specifying peer_region parameter requires botocore >= 1.8.6") params['PeerRegion'] = module.params.get('peer_region') if module.params.get('peer_owner_id'): From 659e9527906fb78ad788bb1f7ffd6609747f1b2b Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Wed, 27 Jan 2021 09:17:44 +0100 Subject: [PATCH 16/47] Bulk migration to fail_json_aws (#361) * Split imports and sort * Move camel_dict_to_snake_dict imports to ansible.module_utils.common.dict_transformations * Cleanup unused imports * Bulk migration to fail_json_aws * Changelog This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/6c883156d250d3ed926a21dbd619b2b138246c5d --- plugins/modules/ec2_vpc_peer.py | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index c7efeff3829..cea160d34ff 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -221,8 +221,6 @@ except ImportError: pass # Handled by AnsibleAWSModule -import traceback - from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule from ansible_collections.amazon.aws.plugins.module_utils.core import is_boto3_error_code @@ -333,10 +331,10 @@ def peer_status(client, module): try: vpc_peering_connection = client.describe_vpc_peering_connections(**params) return vpc_peering_connection['VpcPeeringConnections'][0]['Status']['Code'] - except is_boto3_error_code('InvalidVpcPeeringConnectionId.Malformed') as e: # pylint: disable=duplicate-except - module.fail_json(msg='Malformed connection ID: {0}'.format(e), traceback=traceback.format_exc()) - except botocore.exceptions.ClientError as e: # pylint: disable=duplicate-except - module.fail_json(msg='Error while describing peering connection by peering_id: {0}'.format(e), traceback=traceback.format_exc()) + except is_boto3_error_code('InvalidVpcPeeringConnectionId.Malformed') as e: + module.fail_json_aws(e, msg='Malformed connection ID') + except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: # pylint: disable=duplicate-except + module.fail_json_aws(e, msg='Error while describing peering connection by peering_id') def accept_reject(state, client, module): From 2d8200e130177677fb745094c3955fe6ce6a9f34 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Tue, 6 Apr 2021 16:50:56 +0200 Subject: [PATCH 17/47] ec2_vpc_peer - idempotency + integration tests (#501) * Add minimal integration tests for ec2_vpc_peer * Add Retries to VPC Peering * Fix idempotency when deleting connections * Fix idempotency when after rejecting peering connections * Test for updating tags * Add first round of assertions (changed/successful) * Add docs about ec2_vpc_peering_info return values * Make sure Peering IDs are consistent * docs update * Initial tests for ec2_vpc_peering_info results * Use ansible_dict_to_boto3_filter_list * Add support for waiting on state changes * Assert shape of results when searching based on status code * changelog This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/c20b1020631ccfd9a54ff1b619060b017470be8a --- plugins/modules/ec2_vpc_peer.py | 91 +++- plugins/modules/ec2_vpc_peering_info.py | 136 ++++- .../integration/targets/ec2_vpc_peer/aliases | 4 + .../targets/ec2_vpc_peer/defaults/main.yml | 6 + .../targets/ec2_vpc_peer/tasks/main.yml | 481 ++++++++++++++++++ 5 files changed, 693 insertions(+), 25 deletions(-) create mode 100644 tests/integration/targets/ec2_vpc_peer/aliases create mode 100644 tests/integration/targets/ec2_vpc_peer/defaults/main.yml create mode 100644 tests/integration/targets/ec2_vpc_peer/tasks/main.yml diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index cea160d34ff..9c5d35349eb 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -51,6 +51,12 @@ default: present choices: ['present', 'absent', 'accept', 'reject'] type: str + wait: + description: + - Wait for peering state changes to complete. + required: false + default: false + type: bool author: Mike Mochan (@mmochan) extends_documentation_fragment: - amazon.aws.aws @@ -223,6 +229,24 @@ from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule from ansible_collections.amazon.aws.plugins.module_utils.core import is_boto3_error_code +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import AWSRetry +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ansible_dict_to_boto3_filter_list + + +def wait_for_state(client, module, state, pcx_id): + waiter = client.get_waiter('vpc_peering_connection_exists') + peer_filter = { + 'vpc-peering-connection-id': pcx_id, + 'status-code': state, + } + try: + waiter.wait( + Filters=ansible_dict_to_boto3_filter_list(peer_filter) + ) + except botocore.exceptions.WaiterError as e: + module.fail_json_aws(e, "Failed to wait for state change") + except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: + module.fail_json_aws(e, "Enable to describe Peerig Connection while waiting for state to change") def tags_changed(pcx_id, client, module): @@ -246,18 +270,18 @@ def tags_changed(pcx_id, client, module): def describe_peering_connections(params, client): + peer_filter = { + 'requester-vpc-info.vpc-id': params['VpcId'], + 'accepter-vpc-info.vpc-id': params['PeerVpcId'], + } result = client.describe_vpc_peering_connections( - Filters=[ - {'Name': 'requester-vpc-info.vpc-id', 'Values': [params['VpcId']]}, - {'Name': 'accepter-vpc-info.vpc-id', 'Values': [params['PeerVpcId']]} - ] + aws_retry=True, + Filters=ansible_dict_to_boto3_filter_list(peer_filter), ) if result['VpcPeeringConnections'] == []: result = client.describe_vpc_peering_connections( - Filters=[ - {'Name': 'requester-vpc-info.vpc-id', 'Values': [params['PeerVpcId']]}, - {'Name': 'accepter-vpc-info.vpc-id', 'Values': [params['VpcId']]} - ] + aws_retry=True, + Filters=ansible_dict_to_boto3_filter_list(peer_filter), ) return result @@ -291,8 +315,10 @@ def create_peer_connection(client, module): if is_pending(peering_conn): return (changed, peering_conn['VpcPeeringConnectionId']) try: - peering_conn = client.create_vpc_peering_connection(**params) + peering_conn = client.create_vpc_peering_connection(aws_retry=True, **params) pcx_id = peering_conn['VpcPeeringConnection']['VpcPeeringConnectionId'] + if module.params.get('wait'): + wait_for_state(client, module, 'pending-acceptance', pcx_id) if module.params.get('tags'): create_tags(pcx_id, client, module) changed = True @@ -303,7 +329,9 @@ def create_peer_connection(client, module): def remove_peer_connection(client, module): pcx_id = module.params.get('peering_id') - if not pcx_id: + if pcx_id: + peering_conns = client.describe_vpc_peering_connections(aws_retry=True, VpcPeeringConnectionIds=[pcx_id]) + else: params = dict() params['VpcId'] = module.params.get('vpc_id') params['PeerVpcId'] = module.params.get('peer_vpc_id') @@ -311,15 +339,23 @@ def remove_peer_connection(client, module): if module.params.get('peer_owner_id'): params['PeerOwnerId'] = str(module.params.get('peer_owner_id')) peering_conns = describe_peering_connections(params, client) - if not peering_conns: - module.exit_json(changed=False) - else: - pcx_id = peering_conns['VpcPeeringConnections'][0]['VpcPeeringConnectionId'] + + if not peering_conns: + module.exit_json(changed=False) + else: + pcx_id = pcx_id or peering_conns['VpcPeeringConnections'][0]['VpcPeeringConnectionId'] + + if peering_conns['VpcPeeringConnections'][0]['Status']['Code'] == 'deleted': + module.exit_json(msg='Connection in deleted state.', changed=False) + if peering_conns['VpcPeeringConnections'][0]['Status']['Code'] == 'rejected': + module.exit_json(msg='Connection has been rejected. State cannot be changed and will be removed automatically by AWS', changed=False) try: params = dict() params['VpcPeeringConnectionId'] = pcx_id - client.delete_vpc_peering_connection(**params) + client.delete_vpc_peering_connection(aws_retry=True, **params) + if module.params.get('wait'): + wait_for_state(client, module, 'deleted', pcx_id) module.exit_json(changed=True) except botocore.exceptions.ClientError as e: module.fail_json(msg=str(e)) @@ -329,7 +365,7 @@ def peer_status(client, module): params = dict() params['VpcPeeringConnectionIds'] = [module.params.get('peering_id')] try: - vpc_peering_connection = client.describe_vpc_peering_connections(**params) + vpc_peering_connection = client.describe_vpc_peering_connections(aws_retry=True, **params) return vpc_peering_connection['VpcPeeringConnections'][0]['Status']['Code'] except is_boto3_error_code('InvalidVpcPeeringConnectionId.Malformed') as e: module.fail_json_aws(e, msg='Malformed connection ID') @@ -340,16 +376,22 @@ def peer_status(client, module): def accept_reject(state, client, module): changed = False params = dict() - params['VpcPeeringConnectionId'] = module.params.get('peering_id') - if peer_status(client, module) != 'active': + pcx_id = module.params.get('peering_id') + params['VpcPeeringConnectionId'] = pcx_id + current_state = peer_status(client, module) + if current_state not in ['active', 'rejected']: try: if state == 'accept': - client.accept_vpc_peering_connection(**params) + client.accept_vpc_peering_connection(aws_retry=True, **params) + target_state = 'active' else: - client.reject_vpc_peering_connection(**params) + client.reject_vpc_peering_connection(aws_retry=True, **params) + target_state = 'rejected' if module.params.get('tags'): create_tags(params['VpcPeeringConnectionId'], client, module) changed = True + if module.params.get('wait'): + wait_for_state(client, module, target_state, pcx_id) except botocore.exceptions.ClientError as e: module.fail_json(msg=str(e)) if tags_changed(params['VpcPeeringConnectionId'], client, module): @@ -368,21 +410,21 @@ def load_tags(module): def create_tags(pcx_id, client, module): try: delete_tags(pcx_id, client, module) - client.create_tags(Resources=[pcx_id], Tags=load_tags(module)) + client.create_tags(aws_retry=True, Resources=[pcx_id], Tags=load_tags(module)) except botocore.exceptions.ClientError as e: module.fail_json(msg=str(e)) def delete_tags(pcx_id, client, module): try: - client.delete_tags(Resources=[pcx_id]) + client.delete_tags(aws_retry=True, Resources=[pcx_id]) except botocore.exceptions.ClientError as e: module.fail_json(msg=str(e)) def find_pcx_by_id(pcx_id, client, module): try: - return client.describe_vpc_peering_connections(VpcPeeringConnectionIds=[pcx_id]) + return client.describe_vpc_peering_connections(aws_retry=True, VpcPeeringConnectionIds=[pcx_id]) except botocore.exceptions.ClientError as e: module.fail_json(msg=str(e)) @@ -396,6 +438,7 @@ def main(): peer_owner_id=dict(), tags=dict(required=False, type='dict'), state=dict(default='present', choices=['present', 'absent', 'accept', 'reject']), + wait=dict(default=False, type='bool'), ) required_if = [ ('state', 'present', ['vpc_id', 'peer_vpc_id']), @@ -411,7 +454,7 @@ def main(): peer_vpc_id = module.params.get('peer_vpc_id') try: - client = module.client('ec2') + client = module.client('ec2', retry_decorator=AWSRetry.jittered_backoff()) except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: module.fail_json_aws(e, msg='Failed to connect to AWS') diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index 117992e76c6..a086fde3639 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -61,6 +61,140 @@ ''' RETURN = r''' +vpc_peering_connections: + description: Details of the matching VPC peering connections. + returned: success + type: list + contains: + accepter_vpc_info: + description: Information about the VPC which accepted the connection. + returned: success + type: complex + contains: + cidr_block: + description: The primary CIDR for the VPC. + returned: when connection is in the accepted state. + type: str + example: '10.10.10.0/23' + cidr_block_set: + description: A list of all CIDRs for the VPC. + returned: when connection is in the accepted state. + type: complex + contains: + cidr_block: + description: A CIDR block used by the VPC. + returned: success + type: str + example: '10.10.10.0/23' + owner_id: + description: The AWS account that owns the VPC. + returned: success + type: str + example: 012345678901 + peering_options: + description: Additional peering configuration. + returned: when connection is in the accepted state. + type: dict + contains: + allow_dns_resolution_from_remote_vpc: + description: Indicates whether a VPC can resolve public DNS hostnames to private IP addresses when queried from instances in a peer VPC. + returned: success + type: bool + allow_egress_from_local_classic_link_to_remote_vpc: + description: Indicates whether a local ClassicLink connection can communicate with the peer VPC over the VPC peering connection. + returned: success + type: bool + allow_egress_from_local_vpc_to_remote_classic_link: + description: Indicates whether a local VPC can communicate with a ClassicLink connection in the peer VPC over the VPC peering connection. + returned: success + type: bool + region: + description: The AWS region that the VPC is in. + returned: success + type: str + example: us-east-1 + vpc_id: + description: The ID of the VPC + returned: success + type: str + example: vpc-0123456789abcdef0 + requester_vpc_info: + description: Information about the VPC which requested the connection. + returned: success + type: complex + contains: + cidr_block: + description: The primary CIDR for the VPC. + returned: when connection is not in the deleted state. + type: str + example: '10.10.10.0/23' + cidr_block_set: + description: A list of all CIDRs for the VPC. + returned: when connection is not in the deleted state. + type: complex + contains: + cidr_block: + description: A CIDR block used by the VPC + returned: success + type: str + example: '10.10.10.0/23' + owner_id: + description: The AWS account that owns the VPC. + returned: success + type: str + example: 012345678901 + peering_options: + description: Additional peering configuration. + returned: when connection is not in the deleted state. + type: dict + contains: + allow_dns_resolution_from_remote_vpc: + description: Indicates whether a VPC can resolve public DNS hostnames to private IP addresses when queried from instances in a peer VPC. + returned: success + type: bool + allow_egress_from_local_classic_link_to_remote_vpc: + description: Indicates whether a local ClassicLink connection can communicate with the peer VPC over the VPC peering connection. + returned: success + type: bool + allow_egress_from_local_vpc_to_remote_classic_link: + description: Indicates whether a local VPC can communicate with a ClassicLink connection in the peer VPC over the VPC peering connection. + returned: success + type: bool + region: + description: The AWS region that the VPC is in. + returned: success + type: str + example: us-east-1 + vpc_id: + description: The ID of the VPC + returned: success + type: str + example: vpc-0123456789abcdef0 + status: + description: Details of the current status of the connection. + returned: success + type: complex + contains: + code: + description: A short code describing the status of the connection. + returned: success + type: str + example: active + message: + description: Additional information about the status of the connection. + returned: success + type: str + example: Pending Acceptance by 012345678901 + tags: + description: Tags applied to the connection. + returned: success + type: dict + vpc_peering_connection_id: + description: The ID of the VPC peering connection. + returned: success + type: str + example: "pcx-0123456789abcdef0" + result: description: The result of the describe. returned: success @@ -121,7 +255,7 @@ def main(): for peer in results: peer['tags'] = boto3_tag_list_to_ansible_dict(peer.get('tags', [])) - module.exit_json(result=results) + module.exit_json(result=results, vpc_peering_connections=results) if __name__ == '__main__': diff --git a/tests/integration/targets/ec2_vpc_peer/aliases b/tests/integration/targets/ec2_vpc_peer/aliases new file mode 100644 index 00000000000..0e90cab464b --- /dev/null +++ b/tests/integration/targets/ec2_vpc_peer/aliases @@ -0,0 +1,4 @@ +cloud/aws +shippable/aws/group1 + +ec2_vpc_peering_info diff --git a/tests/integration/targets/ec2_vpc_peer/defaults/main.yml b/tests/integration/targets/ec2_vpc_peer/defaults/main.yml new file mode 100644 index 00000000000..0ff34455b45 --- /dev/null +++ b/tests/integration/targets/ec2_vpc_peer/defaults/main.yml @@ -0,0 +1,6 @@ +--- +vpc_seed: '{{ resource_prefix }}' +vpc_1_name: '{{ resource_prefix }}-vpc-1' +vpc_1_cidr: '10.{{ 256 | random(seed=vpc_seed) }}.0.0/23' +vpc_2_name: '{{ resource_prefix }}-vpc-1' +vpc_2_cidr: '10.{{ 256 | random(seed=vpc_seed) }}.2.0/23' diff --git a/tests/integration/targets/ec2_vpc_peer/tasks/main.yml b/tests/integration/targets/ec2_vpc_peer/tasks/main.yml new file mode 100644 index 00000000000..5d6f7851bc2 --- /dev/null +++ b/tests/integration/targets/ec2_vpc_peer/tasks/main.yml @@ -0,0 +1,481 @@ +--- +- name: ec2_vpc_igw tests + collections: + - amazon.aws + module_defaults: + group/aws: + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + security_token: "{{ security_token | default(omit) }}" + region: "{{ aws_region }}" + block: + - name: get ARN of calling user + aws_caller_info: + register: aws_caller_info + - name: Store Account ID for later use + set_fact: + account_id: '{{ aws_caller_info.account }}' + + # ============================================================ + - name: Fetch Peers in check_mode + ec2_vpc_peering_info: + register: peers_info + check_mode: True + - name: Assert success + assert: + that: + - peers_info is successful + - '"result" in peers_info' + + # ============================================================ + - name: create VPC 1 + ec2_vpc_net: + name: "{{ vpc_1_name }}" + state: present + cidr_block: "{{ vpc_1_cidr }}" + tags: + Name: "{{ vpc_1_name }}" + TestPrefex: "{{ resource_prefix }}" + register: vpc_1_result + - name: Assert success + assert: + that: + - vpc_1_result is successful + + - name: create VPC 2 + ec2_vpc_net: + name: "{{ vpc_2_name }}" + state: present + cidr_block: "{{ vpc_2_cidr }}" + tags: + Name: "{{ vpc_2_name }}" + TestPrefex: "{{ resource_prefix }}" + register: vpc_2_result + - name: Assert success + assert: + that: + - vpc_2_result is successful + + - name: Store VPC IDs + set_fact: + vpc_1: '{{ vpc_1_result.vpc.id }}' + vpc_2: '{{ vpc_2_result.vpc.id }}' + + - name: Set a name to use with the connections + set_fact: + connection_name: 'Peering connection for VPC {{ vpc_1 }} to VPC {{ vpc_2 }}' + + - name: Create local account VPC peering Connection + ec2_vpc_peer: + vpc_id: '{{ vpc_1 }}' + peer_vpc_id: '{{ vpc_2 }}' + state: present + tags: + Name: 'Peering connection for VPC {{ vpc_1 }} to VPC {{ vpc_2 }}' + register: vpc_peer + - name: Assert success + assert: + that: + - vpc_peer is changed + - vpc_peer is successful + - "'peering_id' in vpc_peer" + - vpc_peer.peering_id.startswith('pcx-') + + - name: Store Connection ID + set_fact: + peer_id_1: '{{ vpc_peer.peering_id }}' + + - name: (re-) Create local account VPC peering Connection (idempotency) + ec2_vpc_peer: + vpc_id: '{{ vpc_1 }}' + peer_vpc_id: '{{ vpc_2 }}' + state: present + tags: + Name: '{{ connection_name }}' + register: vpc_peer + - name: Assert success + assert: + that: + - vpc_peer is not changed + - vpc_peer is successful + - vpc_peer.peering_id == peer_id_1 + + - name: Get details on specific VPC peer + ec2_vpc_peering_info: + peer_connection_ids: + - '{{ peer_id_1 }}' + register: peer_info + - name: Assert expected values + assert: + that: + - peer_info is successful + - "'vpc_peering_connections' in peer_info" + - "'result' in peer_info" + - "'accepter_vpc_info' in peer_details" + - "'requester_vpc_info' in peer_details" + - "'status' in peer_details" + - "'code' in peer_details.status" + - peer_details.status.code == "pending-acceptance" + - "'message' in peer_details.status" + - "'tags' in peer_details" + - "'Name' in peer_details.tags" + - peer_details.tags.Name == connection_name + - "'vpc_peering_connection_id' in peer_details" + - peer_details.vpc_peering_connection_id == peer_id_1 + # Acceptor info isn't available until the connection has been accepted + - "'cidr_block' not in acceptor_details" + - "'cidr_block_set' not in acceptor_details" + - "'peering_options' not in acceptor_details" + - "'owner_id' in acceptor_details" + - acceptor_details.owner_id == account_id + - "'region' in acceptor_details" + - acceptor_details.region == aws_region + - "'vpc_id' in acceptor_details" + - acceptor_details.vpc_id == vpc_2 + # Information about the 'requesting' VPC + - "'cidr_block' in requester_details" + - requester_details.cidr_block == vpc_1_cidr + - "'cidr_block_set' in requester_details" + - requester_details.cidr_block_set | length == 1 + - "'cidr_block' in requester_details.cidr_block_set[0]" + - requester_details.cidr_block_set[0].cidr_block == vpc_1_cidr + - "'peering_options' in requester_details" + - "'owner_id' in requester_details" + - requester_details.owner_id == account_id + - "'region' in requester_details" + - requester_details.region == aws_region + - "'vpc_id' in requester_details" + - requester_details.vpc_id == vpc_1 + vars: + peer_details: '{{ peer_info.vpc_peering_connections[0] }}' + acceptor_details: '{{ peer_details["accepter_vpc_info"] }}' + requester_details: '{{ peer_details["requester_vpc_info"] }}' + + - name: Get all vpc peers with specific filters + ec2_vpc_peering_info: + filters: + status-code: ['pending-acceptance'] + register: pending_vpc_peers + - name: Assert expected values + assert: + that: + # Not guaranteed to just be us, only assert the shape + - pending_vpc_peers is successful + - "'vpc_peering_connections' in peer_info" + - "'result' in peer_info" + - "'accepter_vpc_info' in peer_details" + - "'requester_vpc_info' in peer_details" + - "'status' in peer_details" + - "'code' in peer_details.status" + - peer_details.status.code == "pending-acceptance" + - "'message' in peer_details.status" + - "'tags' in peer_details" + - "'vpc_peering_connection_id' in peer_details" + # Acceptor info isn't available until the connection has been accepted + - "'cidr_block' not in acceptor_details" + - "'cidr_block_set' not in acceptor_details" + - "'peering_options' not in acceptor_details" + - "'owner_id' in acceptor_details" + - "'region' in acceptor_details" + - "'vpc_id' in acceptor_details" + # Information about the 'requesting' VPC + - "'cidr_block' in requester_details" + - "'cidr_block_set' in requester_details" + - "'cidr_block' in requester_details.cidr_block_set[0]" + - "'peering_options' in requester_details" + - "'owner_id' in requester_details" + - "'region' in requester_details" + - "'vpc_id' in requester_details" + vars: + peer_details: '{{ pending_vpc_peers.vpc_peering_connections[0] }}' + acceptor_details: '{{ peer_details["accepter_vpc_info"] }}' + requester_details: '{{ peer_details["requester_vpc_info"] }}' + + - name: Update tags on the VPC Peering Connection + ec2_vpc_peer: + vpc_id: '{{ vpc_1 }}' + peer_vpc_id: '{{ vpc_2 }}' + state: present + tags: + Name: '{{ connection_name }}' + testPrefix: '{{ resource_prefix }}' + register: tag_peer + - name: Assert success + assert: + that: + - tag_peer is changed + - tag_peer is successful + - tag_peer.peering_id == peer_id_1 + + - name: (re-) Update tags on the VPC Peering Connection (idempotency) + ec2_vpc_peer: + vpc_id: '{{ vpc_1 }}' + peer_vpc_id: '{{ vpc_2 }}' + state: present + tags: + Name: '{{ connection_name }}' + testPrefix: '{{ resource_prefix }}' + register: tag_peer + - name: Assert success + assert: + that: + - tag_peer is not changed + - tag_peer is successful + - tag_peer.peering_id == peer_id_1 + + - name: Get details on specific VPC peer + ec2_vpc_peering_info: + peer_connection_ids: + - '{{ peer_id_1 }}' + register: peer_info + - name: Assert expected tags + assert: + that: + - peer_info is successful + - "'tags' in peer_details" + - "'Name' in peer_details.tags" + - "'testPrefix' in peer_details.tags" + - peer_details.tags.Name == connection_name + - peer_details.tags.testPrefix == resource_prefix + vars: + peer_details: '{{ peer_info.vpc_peering_connections[0] }}' + + - name: Accept local VPC peering request + ec2_vpc_peer: + peering_id: "{{ vpc_peer.peering_id }}" + state: accept + wait: True + register: action_peer + - name: Assert success + assert: + that: + - action_peer is changed + - action_peer is successful + - action_peer.peering_id == peer_id_1 + + - name: Get details on specific VPC peer + ec2_vpc_peering_info: + peer_connection_ids: + - '{{ peer_id_1 }}' + register: peer_info + - name: Assert expected values + assert: + that: + - peer_info is successful + - "'vpc_peering_connections' in peer_info" + - "'result' in peer_info" + - "'accepter_vpc_info' in peer_details" + - "'requester_vpc_info' in peer_details" + - "'status' in peer_details" + - "'code' in peer_details.status" + - peer_details.status.code == "active" + - "'message' in peer_details.status" + - "'tags' in peer_details" + - "'Name' in peer_details.tags" + - peer_details.tags.Name == connection_name + - "'testPrefix' in peer_details.tags" + - peer_details.tags.testPrefix == resource_prefix + - "'vpc_peering_connection_id' in peer_details" + - peer_details.vpc_peering_connection_id == peer_id_1 + # Information about the 'accepting' VPC should be available now + - "'cidr_block' in acceptor_details" + - acceptor_details.cidr_block == vpc_2_cidr + - "'cidr_block_set' in acceptor_details" + - acceptor_details.cidr_block_set | length == 1 + - "'cidr_block' in acceptor_details.cidr_block_set[0]" + - acceptor_details.cidr_block_set[0].cidr_block == vpc_2_cidr + - "'peering_options' in acceptor_details" + - "'owner_id' in acceptor_details" + - acceptor_details.owner_id == account_id + - "'region' in acceptor_details" + - acceptor_details.region == aws_region + - "'vpc_id' in acceptor_details" + - acceptor_details.vpc_id == vpc_2 + # Information about the 'requesting' VPC + - "'cidr_block' in requester_details" + - requester_details.cidr_block == vpc_1_cidr + - "'cidr_block_set' in requester_details" + - requester_details.cidr_block_set | length == 1 + - "'cidr_block' in requester_details.cidr_block_set[0]" + - requester_details.cidr_block_set[0].cidr_block == vpc_1_cidr + - "'peering_options' in requester_details" + - "'owner_id' in requester_details" + - requester_details.owner_id == account_id + - "'region' in requester_details" + - requester_details.region == aws_region + - "'vpc_id' in requester_details" + - requester_details.vpc_id == vpc_1 + vars: + peer_details: '{{ peer_info.vpc_peering_connections[0] }}' + acceptor_details: '{{ peer_details["accepter_vpc_info"] }}' + requester_details: '{{ peer_details["requester_vpc_info"] }}' + + - name: (re-) Accept local VPC peering request (idempotency) + ec2_vpc_peer: + peering_id: "{{ vpc_peer.peering_id }}" + state: accept + register: action_peer + - name: Assert success + assert: + that: + - action_peer is not changed + - action_peer is successful + - action_peer.peering_id == peer_id_1 + + - name: delete a local VPC peering Connection + ec2_vpc_peer: + peering_id: "{{ vpc_peer.peering_id }}" + state: absent + register: delete_peer + - name: Assert success + assert: + that: + - delete_peer is changed + - delete_peer is successful + + - name: Get details on specific VPC peer + ec2_vpc_peering_info: + peer_connection_ids: + - '{{ peer_id_1}}' + register: peer_info + - name: Assert expected values + assert: + that: + - peer_info is successful + - "'vpc_peering_connections' in peer_info" + - "'result' in peer_info" + - "'accepter_vpc_info' in peer_details" + - "'requester_vpc_info' in peer_details" + - "'status' in peer_details" + - "'code' in peer_details.status" + - peer_details.status.code == "deleted" + - "'message' in peer_details.status" + - "'tags' in peer_details" + - "'Name' in peer_details.tags" + - peer_details.tags.Name == connection_name + - "'testPrefix' in peer_details.tags" + - peer_details.tags.testPrefix == resource_prefix + - "'vpc_peering_connection_id' in peer_details" + - peer_details.vpc_peering_connection_id == peer_id_1 + # Information about the 'accepting' VPC is reduced again + - "'cidr_block' not in acceptor_details" + - "'cidr_block_set' not in acceptor_details" + - "'peering_options' not in acceptor_details" + - "'owner_id' in acceptor_details" + - acceptor_details.owner_id == account_id + - "'region' in acceptor_details" + - acceptor_details.region == aws_region + - "'vpc_id' in acceptor_details" + - acceptor_details.vpc_id == vpc_2 + # Information about the 'requesting' VPC is reduced once the VPC's deleted + - "'cidr_block' not in requester_details" + - "'cidr_block_set' not in requester_details" + - "'peering_options' not in requester_details" + - "'owner_id' in requester_details" + - requester_details.owner_id == account_id + - "'region' in requester_details" + - requester_details.region == aws_region + - "'vpc_id' in requester_details" + - requester_details.vpc_id == vpc_1 + vars: + peer_details: '{{ peer_info.vpc_peering_connections[0] }}' + acceptor_details: '{{ peer_details["accepter_vpc_info"] }}' + requester_details: '{{ peer_details["requester_vpc_info"] }}' + + - name: (re-) delete a local VPC peering Connection (idempotency) + ec2_vpc_peer: + peering_id: "{{ vpc_peer.peering_id }}" + state: absent + register: delete_peer + - name: Assert success + assert: + that: + - delete_peer is not changed + - delete_peer is successful + + - name: Create local account VPC peering Connection + ec2_vpc_peer: + vpc_id: '{{ vpc_1 }}' + peer_vpc_id: '{{ vpc_2 }}' + state: present + tags: + Name: 'Peering connection for VPC {{ vpc_1 }} to VPC {{ vpc_2 }}' + register: vpc_peer2 + - name: Assert success + assert: + that: + - vpc_peer2 is changed + - vpc_peer2 is successful + - "'peering_id' in vpc_peer2" + - vpc_peer2.peering_id.startswith('pcx-') + + - name: Store Connection ID + set_fact: + peer_id_2: '{{ vpc_peer2.peering_id }}' + + - name: reject a local VPC peering Connection + ec2_vpc_peer: + peering_id: "{{ vpc_peer2.peering_id }}" + state: reject + wait: True + register: reject_peer + - name: Assert success + assert: + that: + - reject_peer is changed + - reject_peer is successful + - reject_peer.peering_id == peer_id_2 + + - name: (re-) reject a local VPC peering Connection + ec2_vpc_peer: + peering_id: "{{ vpc_peer2.peering_id }}" + state: reject + register: reject_peer + - name: Assert success + assert: + that: + - reject_peer is not changed + - reject_peer is successful + - reject_peer.peering_id == peer_id_2 + + - name: delete a local VPC peering Connection + ec2_vpc_peer: + peering_id: "{{ vpc_peer2.peering_id }}" + state: absent + register: delete_peer + - name: Assert success + assert: + that: + - delete_peer is not changed + - delete_peer is successful + + always: + # ============================================================ + + - name: delete a local VPC peering Connection + ec2_vpc_peer: + peering_id: "{{ vpc_peer.peering_id }}" + state: absent + register: delete_peer + ignore_errors: True + + - name: delete a local VPC peering Connection + ec2_vpc_peer: + peering_id: "{{ vpc_peer2.peering_id }}" + state: absent + register: delete_peer + ignore_errors: True + + - name: tidy up VPC 2 + ec2_vpc_net: + name: "{{ vpc_2_name }}" + state: absent + cidr_block: "{{ vpc_2_cidr }}" + ignore_errors: true + + - name: tidy up VPC 1 + ec2_vpc_net: + name: "{{ vpc_1_name }}" + state: absent + cidr_block: "{{ vpc_1_cidr }}" + ignore_errors: true From 9d00f0a1c7a14dbda7009da86b18e46daa5ac5d0 Mon Sep 17 00:00:00 2001 From: Stefan Horning Date: Fri, 9 Apr 2021 17:45:09 +0200 Subject: [PATCH 18/47] Return all infos of a VPC peering connection in ec2_vpc_peer module (#355) * Return all infos of a VPC peering connection in ec2_vpc_peer module. * More extensive tests for vpc_peer module. Also got rid of redundant helper method in vpc_peer module This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/faa7d648be39eef33eebd3eb5e7d078331de8206 --- plugins/modules/ec2_vpc_peer.py | 221 ++++++++++++++---- .../targets/ec2_vpc_peer/tasks/main.yml | 14 +- 2 files changed, 193 insertions(+), 42 deletions(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index 9c5d35349eb..29011094766 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -216,10 +216,144 @@ ''' RETURN = ''' -task: - description: The result of the create, accept, reject or delete action. +peering_id: + description: The id of the VPC peering connection created/deleted. + returned: always + type: str + sample: pcx-034223d7c0aec3cde +vpc_peering_connection: + description: The details of the VPC peering connection as returned by Boto3 (snake cased). returned: success - type: dict + type: complex + contains: + accepter_vpc_info: + description: Information about the VPC which accepted the connection. + returned: success + type: complex + contains: + cidr_block: + description: The primary CIDR for the VPC. + returned: when connection is in the accepted state. + type: str + example: '10.10.10.0/23' + cidr_block_set: + description: A list of all CIDRs for the VPC. + returned: when connection is in the accepted state. + type: complex + contains: + cidr_block: + description: A CIDR block used by the VPC. + returned: success + type: str + example: '10.10.10.0/23' + owner_id: + description: The AWS account that owns the VPC. + returned: success + type: str + example: 012345678901 + peering_options: + description: Additional peering configuration. + returned: when connection is in the accepted state. + type: dict + contains: + allow_dns_resolution_from_remote_vpc: + description: Indicates whether a VPC can resolve public DNS hostnames to private IP addresses when queried from instances in a peer VPC. + returned: success + type: bool + allow_egress_from_local_classic_link_to_remote_vpc: + description: Indicates whether a local ClassicLink connection can communicate with the peer VPC over the VPC peering connection. + returned: success + type: bool + allow_egress_from_local_vpc_to_remote_classic_link: + description: Indicates whether a local VPC can communicate with a ClassicLink connection in the peer VPC over the VPC peering connection. + returned: success + type: bool + region: + description: The AWS region that the VPC is in. + returned: success + type: str + example: us-east-1 + vpc_id: + description: The ID of the VPC + returned: success + type: str + example: vpc-0123456789abcdef0 + requester_vpc_info: + description: Information about the VPC which requested the connection. + returned: success + type: complex + contains: + cidr_block: + description: The primary CIDR for the VPC. + returned: when connection is not in the deleted state. + type: str + example: '10.10.10.0/23' + cidr_block_set: + description: A list of all CIDRs for the VPC. + returned: when connection is not in the deleted state. + type: complex + contains: + cidr_block: + description: A CIDR block used by the VPC + returned: success + type: str + example: '10.10.10.0/23' + owner_id: + description: The AWS account that owns the VPC. + returned: success + type: str + example: 012345678901 + peering_options: + description: Additional peering configuration. + returned: when connection is not in the deleted state. + type: dict + contains: + allow_dns_resolution_from_remote_vpc: + description: Indicates whether a VPC can resolve public DNS hostnames to private IP addresses when queried from instances in a peer VPC. + returned: success + type: bool + allow_egress_from_local_classic_link_to_remote_vpc: + description: Indicates whether a local ClassicLink connection can communicate with the peer VPC over the VPC peering connection. + returned: success + type: bool + allow_egress_from_local_vpc_to_remote_classic_link: + description: Indicates whether a local VPC can communicate with a ClassicLink connection in the peer VPC over the VPC peering connection. + returned: success + type: bool + region: + description: The AWS region that the VPC is in. + returned: success + type: str + example: us-east-1 + vpc_id: + description: The ID of the VPC + returned: success + type: str + example: vpc-0123456789abcdef0 + status: + description: Details of the current status of the connection. + returned: success + type: complex + contains: + code: + description: A short code describing the status of the connection. + returned: success + type: str + example: active + message: + description: Additional information about the status of the connection. + returned: success + type: str + example: Pending Acceptance by 012345678901 + tags: + description: Tags applied to the connection. + returned: success + type: dict + vpc_peering_connection_id: + description: The ID of the VPC peering connection. + returned: success + type: str + example: "pcx-0123456789abcdef0" ''' try: @@ -231,6 +365,8 @@ from ansible_collections.amazon.aws.plugins.module_utils.core import is_boto3_error_code from ansible_collections.amazon.aws.plugins.module_utils.ec2 import AWSRetry from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ansible_dict_to_boto3_filter_list +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict def wait_for_state(client, module, state, pcx_id): @@ -254,9 +390,9 @@ def tags_changed(pcx_id, client, module): tags = dict() if module.params.get('tags'): tags = module.params.get('tags') - pcx = find_pcx_by_id(pcx_id, client, module) - if pcx['VpcPeeringConnections']: - pcx_values = [t.values() for t in pcx['VpcPeeringConnections'][0]['Tags']] + peering_connection = get_peering_connection_by_id(pcx_id, client, module) + if peering_connection['Tags']: + pcx_values = [t.values() for t in peering_connection['Tags']] pcx_tags = [item for sublist in pcx_values for item in sublist] tag_values = [[key, str(value)] for key, value in tags.items()] tags = [item for sublist in tag_values for item in sublist] @@ -283,6 +419,7 @@ def describe_peering_connections(params, client): aws_retry=True, Filters=ansible_dict_to_boto3_filter_list(peer_filter), ) + return result @@ -311,9 +448,9 @@ def create_peer_connection(client, module): if tags_changed(pcx_id, client, module): changed = True if is_active(peering_conn): - return (changed, peering_conn['VpcPeeringConnectionId']) + return (changed, peering_conn) if is_pending(peering_conn): - return (changed, peering_conn['VpcPeeringConnectionId']) + return (changed, peering_conn) try: peering_conn = client.create_vpc_peering_connection(aws_retry=True, **params) pcx_id = peering_conn['VpcPeeringConnection']['VpcPeeringConnectionId'] @@ -322,7 +459,7 @@ def create_peer_connection(client, module): if module.params.get('tags'): create_tags(pcx_id, client, module) changed = True - return (changed, peering_conn['VpcPeeringConnection']['VpcPeeringConnectionId']) + return (changed, peering_conn['VpcPeeringConnection']) except botocore.exceptions.ClientError as e: module.fail_json(msg=str(e)) @@ -330,7 +467,7 @@ def create_peer_connection(client, module): def remove_peer_connection(client, module): pcx_id = module.params.get('peering_id') if pcx_id: - peering_conns = client.describe_vpc_peering_connections(aws_retry=True, VpcPeeringConnectionIds=[pcx_id]) + peering_conn = get_peering_connection_by_id(pcx_id, client, module) else: params = dict() params['VpcId'] = module.params.get('vpc_id') @@ -338,17 +475,21 @@ def remove_peer_connection(client, module): params['PeerRegion'] = module.params.get('peer_region') if module.params.get('peer_owner_id'): params['PeerOwnerId'] = str(module.params.get('peer_owner_id')) - peering_conns = describe_peering_connections(params, client) + peering_conn = describe_peering_connections(params, client)['VpcPeeringConnections'][0] - if not peering_conns: + if not peering_conn: module.exit_json(changed=False) else: - pcx_id = pcx_id or peering_conns['VpcPeeringConnections'][0]['VpcPeeringConnectionId'] - - if peering_conns['VpcPeeringConnections'][0]['Status']['Code'] == 'deleted': - module.exit_json(msg='Connection in deleted state.', changed=False) - if peering_conns['VpcPeeringConnections'][0]['Status']['Code'] == 'rejected': - module.exit_json(msg='Connection has been rejected. State cannot be changed and will be removed automatically by AWS', changed=False) + pcx_id = pcx_id or peering_conn['VpcPeeringConnectionId'] + + if peering_conn['Status']['Code'] == 'deleted': + module.exit_json(msg='Connection in deleted state.', changed=False, peering_id=pcx_id) + if peering_conn['Status']['Code'] == 'rejected': + module.exit_json( + msg='Connection has been rejected. State cannot be changed and will be removed automatically by AWS', + changed=False, + peering_id=pcx_id + ) try: params = dict() @@ -356,17 +497,17 @@ def remove_peer_connection(client, module): client.delete_vpc_peering_connection(aws_retry=True, **params) if module.params.get('wait'): wait_for_state(client, module, 'deleted', pcx_id) - module.exit_json(changed=True) + module.exit_json(changed=True, peering_id=pcx_id) except botocore.exceptions.ClientError as e: module.fail_json(msg=str(e)) -def peer_status(client, module): +def get_peering_connection_by_id(peering_id, client, module): params = dict() - params['VpcPeeringConnectionIds'] = [module.params.get('peering_id')] + params['VpcPeeringConnectionIds'] = [peering_id] try: vpc_peering_connection = client.describe_vpc_peering_connections(aws_retry=True, **params) - return vpc_peering_connection['VpcPeeringConnections'][0]['Status']['Code'] + return vpc_peering_connection['VpcPeeringConnections'][0] except is_boto3_error_code('InvalidVpcPeeringConnectionId.Malformed') as e: module.fail_json_aws(e, msg='Malformed connection ID') except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: # pylint: disable=duplicate-except @@ -376,10 +517,12 @@ def peer_status(client, module): def accept_reject(state, client, module): changed = False params = dict() - pcx_id = module.params.get('peering_id') - params['VpcPeeringConnectionId'] = pcx_id - current_state = peer_status(client, module) - if current_state not in ['active', 'rejected']: + peering_id = module.params.get('peering_id') + params['VpcPeeringConnectionId'] = peering_id + vpc_peering_connection = get_peering_connection_by_id(peering_id, client, module) + peering_status = vpc_peering_connection['Status']['Code'] + + if peering_status not in ['active', 'rejected']: try: if state == 'accept': client.accept_vpc_peering_connection(aws_retry=True, **params) @@ -388,15 +531,18 @@ def accept_reject(state, client, module): client.reject_vpc_peering_connection(aws_retry=True, **params) target_state = 'rejected' if module.params.get('tags'): - create_tags(params['VpcPeeringConnectionId'], client, module) + create_tags(peering_id, client, module) changed = True if module.params.get('wait'): - wait_for_state(client, module, target_state, pcx_id) + wait_for_state(client, module, target_state, peering_id) except botocore.exceptions.ClientError as e: module.fail_json(msg=str(e)) - if tags_changed(params['VpcPeeringConnectionId'], client, module): + if tags_changed(peering_id, client, module): changed = True - return changed, params['VpcPeeringConnectionId'] + + # Relaod peering conection infos to return latest state/params + vpc_peering_connection = get_peering_connection_by_id(peering_id, client, module) + return (changed, vpc_peering_connection) def load_tags(module): @@ -422,13 +568,6 @@ def delete_tags(pcx_id, client, module): module.fail_json(msg=str(e)) -def find_pcx_by_id(pcx_id, client, module): - try: - return client.describe_vpc_peering_connections(aws_retry=True, VpcPeeringConnectionIds=[pcx_id]) - except botocore.exceptions.ClientError as e: - module.fail_json(msg=str(e)) - - def main(): argument_spec = dict( vpc_id=dict(), @@ -460,7 +599,6 @@ def main(): if state == 'present': (changed, results) = create_peer_connection(client, module) - module.exit_json(changed=changed, peering_id=results) elif state == 'absent': if not peering_id and (not vpc_id or not peer_vpc_id): module.fail_json(msg='state is absent but one of the following is missing: peering_id or [vpc_id, peer_vpc_id]') @@ -468,7 +606,12 @@ def main(): remove_peer_connection(client, module) else: (changed, results) = accept_reject(state, client, module) - module.exit_json(changed=changed, peering_id=results) + + formatted_results = camel_dict_to_snake_dict(results) + # Turn the resource tags from boto3 into an ansible friendly tag dictionary + formatted_results['tags'] = boto3_tag_list_to_ansible_dict(formatted_results.get('tags', [])) + + module.exit_json(changed=changed, vpc_peering_connection=formatted_results, peering_id=results['VpcPeeringConnectionId']) if __name__ == '__main__': diff --git a/tests/integration/targets/ec2_vpc_peer/tasks/main.yml b/tests/integration/targets/ec2_vpc_peer/tasks/main.yml index 5d6f7851bc2..7668ef4d95e 100644 --- a/tests/integration/targets/ec2_vpc_peer/tasks/main.yml +++ b/tests/integration/targets/ec2_vpc_peer/tasks/main.yml @@ -65,27 +65,29 @@ set_fact: connection_name: 'Peering connection for VPC {{ vpc_1 }} to VPC {{ vpc_2 }}' - - name: Create local account VPC peering Connection + - name: Create local account VPC peering Connection request ec2_vpc_peer: vpc_id: '{{ vpc_1 }}' peer_vpc_id: '{{ vpc_2 }}' state: present tags: - Name: 'Peering connection for VPC {{ vpc_1 }} to VPC {{ vpc_2 }}' + Name: '{{ connection_name }}' register: vpc_peer + - name: Assert success assert: that: - vpc_peer is changed - vpc_peer is successful - "'peering_id' in vpc_peer" + - vpc_peer.vpc_peering_connection.requester_vpc_info.cidr_block == vpc_1_cidr - vpc_peer.peering_id.startswith('pcx-') - name: Store Connection ID set_fact: peer_id_1: '{{ vpc_peer.peering_id }}' - - name: (re-) Create local account VPC peering Connection (idempotency) + - name: (re-) Create local account VPC peering Connection request (idempotency) ec2_vpc_peer: vpc_id: '{{ vpc_1 }}' peer_vpc_id: '{{ vpc_2 }}' @@ -93,6 +95,7 @@ tags: Name: '{{ connection_name }}' register: vpc_peer + - name: Assert success assert: that: @@ -252,6 +255,8 @@ - action_peer is changed - action_peer is successful - action_peer.peering_id == peer_id_1 + - action_peer.vpc_peering_connection.accepter_vpc_info.cidr_block == vpc_2_cidr + - action_peer.vpc_peering_connection.vpc_peering_connection_id == peer_id_1 - name: Get details on specific VPC peer ec2_vpc_peering_info: @@ -321,6 +326,7 @@ - action_peer is not changed - action_peer is successful - action_peer.peering_id == peer_id_1 + - action_peer.vpc_peering_connection.vpc_peering_connection_id == peer_id_1 - name: delete a local VPC peering Connection ec2_vpc_peer: @@ -332,6 +338,7 @@ that: - delete_peer is changed - delete_peer is successful + - "'peering_id' in delete_peer" - name: Get details on specific VPC peer ec2_vpc_peering_info: @@ -437,6 +444,7 @@ - reject_peer is not changed - reject_peer is successful - reject_peer.peering_id == peer_id_2 + - reject_peer.vpc_peering_connection.vpc_peering_connection_id == peer_id_2 - name: delete a local VPC peering Connection ec2_vpc_peer: From 515fb3e9e8ac209062ea5d95e0a503a6f112d613 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Sat, 10 Apr 2021 09:55:59 +0200 Subject: [PATCH 19/47] Use shared normalize_boto3_result code This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/103f1b684fe7e828c517d8fe6ebe486ac779e44c --- plugins/modules/ec2_vpc_peering_info.py | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index a086fde3639..92b2e1e8bd9 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -208,26 +208,23 @@ except ImportError: pass # Handled by AnsibleAWSModule -from ansible.module_utils._text import to_native from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule +from ansible_collections.amazon.aws.plugins.module_utils.core import normalize_boto3_result from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ansible_dict_to_boto3_filter_list from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict -def date_handler(obj): - return obj.isoformat() if hasattr(obj, 'isoformat') else obj - - def get_vpc_peers(client, module): params = dict() params['Filters'] = ansible_dict_to_boto3_filter_list(module.params.get('filters')) if module.params.get('peer_connection_ids'): params['VpcPeeringConnectionIds'] = module.params.get('peer_connection_ids') try: - result = json.loads(json.dumps(client.describe_vpc_peering_connections(**params), default=date_handler)) - except Exception as e: - module.fail_json(msg=to_native(e)) + result = client.describe_vpc_peering_connections(**params) + result = normalize_boto3_result(result) + except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: + module.fail_json_aws(e, msg="Failed to describe peering connections") return result['VpcPeeringConnections'] From cc4f85d3806f341ace25ea408e2e358883fdef8d Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Sat, 10 Apr 2021 09:57:45 +0200 Subject: [PATCH 20/47] Add Retries This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/2e34d7794ba9488784b7bd87ac9a45faafcf108e --- plugins/modules/ec2_vpc_peering_info.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index 92b2e1e8bd9..5f3cb435de3 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -210,6 +210,7 @@ from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule from ansible_collections.amazon.aws.plugins.module_utils.core import normalize_boto3_result +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import AWSRetry from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ansible_dict_to_boto3_filter_list from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict @@ -221,7 +222,7 @@ def get_vpc_peers(client, module): if module.params.get('peer_connection_ids'): params['VpcPeeringConnectionIds'] = module.params.get('peer_connection_ids') try: - result = client.describe_vpc_peering_connections(**params) + result = client.describe_vpc_peering_connections(aws_retry=True, **params) result = normalize_boto3_result(result) except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: module.fail_json_aws(e, msg="Failed to describe peering connections") @@ -241,7 +242,7 @@ def main(): module.deprecate("The 'ec2_vpc_peering_facts' module has been renamed to 'ec2_vpc_peering_info'", date='2021-12-01', collection_name='community.aws') try: - ec2 = module.client('ec2') + ec2 = module.client('ec2', retry_decorator=AWSRetry.jittered_backoff()) except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: module.fail_json_aws(e, msg='Failed to connect to AWS') From bec1941e310a896b4b396d7ed1d5b3470a6b4fc3 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Thu, 6 May 2021 21:01:46 +0200 Subject: [PATCH 21/47] Update the default module requirements from python 2.6/boto to python 3.6/boto3 This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/c097c55293be0834a2b9d394733ec28965d142d7 --- plugins/modules/ec2_vpc_peer.py | 2 -- plugins/modules/ec2_vpc_peering_info.py | 1 - 2 files changed, 3 deletions(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index 29011094766..b93b04c8a9d 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -61,8 +61,6 @@ extends_documentation_fragment: - amazon.aws.aws - amazon.aws.ec2 - -requirements: [ botocore, boto3, json ] ''' EXAMPLES = ''' diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index 5f3cb435de3..6b810a25099 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -13,7 +13,6 @@ description: - Gets various details related to AWS VPC Peers - This module was called C(ec2_vpc_peering_facts) before Ansible 2.9. The usage did not change. -requirements: [ boto3 ] options: peer_connection_ids: description: From 9d0247295c571f15c8e9f97dcc218deae5e9aae8 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Tue, 29 Jun 2021 10:36:30 +0200 Subject: [PATCH 22/47] Move ec2_vpc_peer over to shared ec2 tagging code Add NotFound retries when tagging a new VPC Peering connection This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/80ead4a8ffcbe7d781b823cc76db45bdc605f503 --- plugins/modules/ec2_vpc_peer.py | 73 +++++++++++---------------------- 1 file changed, 25 insertions(+), 48 deletions(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index b93b04c8a9d..c45a003903c 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -44,6 +44,12 @@ - Dictionary of tags to look for and apply when creating a Peering Connection. required: false type: dict + purge_tags: + description: + - Remove tags not listed in I(tags). + type: bool + default: true + version_added: 2.0.0 state: description: - Create, delete, accept, reject a peering connection. @@ -365,6 +371,8 @@ from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ansible_dict_to_boto3_filter_list from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import add_ec2_tags +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ensure_ec2_tags def wait_for_state(client, module, state, pcx_id): @@ -383,26 +391,6 @@ def wait_for_state(client, module, state, pcx_id): module.fail_json_aws(e, "Enable to describe Peerig Connection while waiting for state to change") -def tags_changed(pcx_id, client, module): - changed = False - tags = dict() - if module.params.get('tags'): - tags = module.params.get('tags') - peering_connection = get_peering_connection_by_id(pcx_id, client, module) - if peering_connection['Tags']: - pcx_values = [t.values() for t in peering_connection['Tags']] - pcx_tags = [item for sublist in pcx_values for item in sublist] - tag_values = [[key, str(value)] for key, value in tags.items()] - tags = [item for sublist in tag_values for item in sublist] - if sorted(pcx_tags) == sorted(tags): - changed = False - elif tags: - delete_tags(pcx_id, client, module) - create_tags(pcx_id, client, module) - changed = True - return changed - - def describe_peering_connections(params, client): peer_filter = { 'requester-vpc-info.vpc-id': params['VpcId'], @@ -443,7 +431,10 @@ def create_peer_connection(client, module): peering_conns = describe_peering_connections(params, client) for peering_conn in peering_conns['VpcPeeringConnections']: pcx_id = peering_conn['VpcPeeringConnectionId'] - if tags_changed(pcx_id, client, module): + if ensure_ec2_tags(client, module, pcx_id, + purge_tags=module.params.get('purge_tags'), + tags=module.params.get('tags'), + ): changed = True if is_active(peering_conn): return (changed, peering_conn) @@ -452,10 +443,14 @@ def create_peer_connection(client, module): try: peering_conn = client.create_vpc_peering_connection(aws_retry=True, **params) pcx_id = peering_conn['VpcPeeringConnection']['VpcPeeringConnectionId'] + if module.params.get('tags'): + # Once the minimum botocore version is bumped to > 1.17.24 + # (hopefully community.aws 3.0.0) we can add the tags to the + # creation parameters + add_ec2_tags(client, module, pcx_id, module.params.get('tags'), + retry_codes=['InvalidVpcPeeringConnectionID.NotFound']) if module.params.get('wait'): wait_for_state(client, module, 'pending-acceptance', pcx_id) - if module.params.get('tags'): - create_tags(pcx_id, client, module) changed = True return (changed, peering_conn['VpcPeeringConnection']) except botocore.exceptions.ClientError as e: @@ -529,13 +524,17 @@ def accept_reject(state, client, module): client.reject_vpc_peering_connection(aws_retry=True, **params) target_state = 'rejected' if module.params.get('tags'): - create_tags(peering_id, client, module) + add_ec2_tags(client, module, peering_id, module.params.get('tags'), + retry_codes=['InvalidVpcPeeringConnectionID.NotFound']) changed = True if module.params.get('wait'): wait_for_state(client, module, target_state, peering_id) except botocore.exceptions.ClientError as e: module.fail_json(msg=str(e)) - if tags_changed(peering_id, client, module): + if ensure_ec2_tags(client, module, peering_id, + purge_tags=module.params.get('purge_tags'), + tags=module.params.get('tags'), + ): changed = True # Relaod peering conection infos to return latest state/params @@ -543,29 +542,6 @@ def accept_reject(state, client, module): return (changed, vpc_peering_connection) -def load_tags(module): - tags = [] - if module.params.get('tags'): - for name, value in module.params.get('tags').items(): - tags.append({'Key': name, 'Value': str(value)}) - return tags - - -def create_tags(pcx_id, client, module): - try: - delete_tags(pcx_id, client, module) - client.create_tags(aws_retry=True, Resources=[pcx_id], Tags=load_tags(module)) - except botocore.exceptions.ClientError as e: - module.fail_json(msg=str(e)) - - -def delete_tags(pcx_id, client, module): - try: - client.delete_tags(aws_retry=True, Resources=[pcx_id]) - except botocore.exceptions.ClientError as e: - module.fail_json(msg=str(e)) - - def main(): argument_spec = dict( vpc_id=dict(), @@ -574,6 +550,7 @@ def main(): peering_id=dict(), peer_owner_id=dict(), tags=dict(required=False, type='dict'), + purge_tags=dict(default=True, type='bool'), state=dict(default='present', choices=['present', 'absent', 'accept', 'reject']), wait=dict(default=False, type='bool'), ) From eb99a2185e7ee80b1e741e8dd53abe4607462ce2 Mon Sep 17 00:00:00 2001 From: jillr Date: Thu, 29 Apr 2021 21:58:50 +0000 Subject: [PATCH 23/47] Remove shippable references from repo This collection has been operating on Zuul CI for some weeks now This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/4e0d83c65568a99a24307e37a14e6e0b173c948b --- tests/integration/targets/ec2_vpc_peer/aliases | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/integration/targets/ec2_vpc_peer/aliases b/tests/integration/targets/ec2_vpc_peer/aliases index 0e90cab464b..8807cb2514c 100644 --- a/tests/integration/targets/ec2_vpc_peer/aliases +++ b/tests/integration/targets/ec2_vpc_peer/aliases @@ -1,4 +1,3 @@ cloud/aws -shippable/aws/group1 ec2_vpc_peering_info From 3357b813ba05ff3c2f676184977c4a876c8a3229 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Fri, 9 Jul 2021 09:59:33 +0200 Subject: [PATCH 24/47] Remove unused imports This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/6d420e5a51e07674799d28e140ef035d8700da6f --- plugins/modules/ec2_vpc_peering_info.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index 6b810a25099..048747abcd8 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -200,8 +200,6 @@ type: list ''' -import json - try: import botocore except ImportError: From a0dfe9f751163572ffa807e716ca4d57d1bdb3f3 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Fri, 9 Jul 2021 10:22:26 +0200 Subject: [PATCH 25/47] Reorder imports based on PEP8 import recommendations This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/fe960aceacd6b0d20f23f3d350ab66964422f1fe --- plugins/modules/ec2_vpc_peering_info.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index 048747abcd8..f43d1378aa8 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -208,8 +208,8 @@ from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule from ansible_collections.amazon.aws.plugins.module_utils.core import normalize_boto3_result from ansible_collections.amazon.aws.plugins.module_utils.ec2 import AWSRetry -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ansible_dict_to_boto3_filter_list +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict From fa0ac14553dfb606399131909902d08d47d9a482 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Fri, 6 Aug 2021 10:43:00 +0200 Subject: [PATCH 26/47] Remove code testing for unsupported versions of boto3/botocore This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/2c7557df5e718a3dd7d5c1eadb7b1af958c702ed --- plugins/modules/ec2_vpc_peer.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index c45a003903c..b651b173ce4 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -423,8 +423,6 @@ def create_peer_connection(client, module): params['VpcId'] = module.params.get('vpc_id') params['PeerVpcId'] = module.params.get('peer_vpc_id') if module.params.get('peer_region'): - if not module.botocore_at_least('1.8.6'): - module.fail_json(msg="specifying peer_region parameter requires botocore >= 1.8.6") params['PeerRegion'] = module.params.get('peer_region') if module.params.get('peer_owner_id'): params['PeerOwnerId'] = str(module.params.get('peer_owner_id')) From 28345b8c2b33ecefd6c197fa5ca59c02aa93c9c8 Mon Sep 17 00:00:00 2001 From: Jill R <4121322+jillr@users.noreply.github.com> Date: Thu, 2 Dec 2021 02:58:06 -0700 Subject: [PATCH 27/47] Remove deprecated "facts" aliases (#814) Remove deprecated "facts" aliases SUMMARY Modules named "facts.py" that do not return ansible_facts were renamed to "info.py" in 2.9. Remove these aliases now that the deprecation period is over. This PR should be included in 3.0.0 of the collection. ISSUE TYPE Bugfix Pull Request COMPONENT NAME *_facts.py Reviewed-by: Mark Chappell Reviewed-by: Jill R Reviewed-by: None This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/68aaa7057be46a3ab36f572fd0013d64653af909 --- plugins/modules/ec2_vpc_peering_facts.py | 1 - plugins/modules/ec2_vpc_peering_info.py | 3 --- 2 files changed, 4 deletions(-) delete mode 120000 plugins/modules/ec2_vpc_peering_facts.py diff --git a/plugins/modules/ec2_vpc_peering_facts.py b/plugins/modules/ec2_vpc_peering_facts.py deleted file mode 120000 index 074baf65a0f..00000000000 --- a/plugins/modules/ec2_vpc_peering_facts.py +++ /dev/null @@ -1 +0,0 @@ -ec2_vpc_peering_info.py \ No newline at end of file diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index f43d1378aa8..e7d8264c8d5 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -12,7 +12,6 @@ version_added: 1.0.0 description: - Gets various details related to AWS VPC Peers - - This module was called C(ec2_vpc_peering_facts) before Ansible 2.9. The usage did not change. options: peer_connection_ids: description: @@ -235,8 +234,6 @@ def main(): module = AnsibleAWSModule(argument_spec=argument_spec, supports_check_mode=True,) - if module._name == 'ec2_vpc_peering_facts': - module.deprecate("The 'ec2_vpc_peering_facts' module has been renamed to 'ec2_vpc_peering_info'", date='2021-12-01', collection_name='community.aws') try: ec2 = module.client('ec2', retry_decorator=AWSRetry.jittered_backoff()) From a87e5f88e19d5bb342113a6a71d21de5cf9e73b4 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Fri, 22 Apr 2022 12:20:04 +0200 Subject: [PATCH 28/47] For consistency - add empty dependencies file to targets with no current meta data (#1090) For consistency - add empty dependencies file to targets with no current meta data SUMMARY For consistency - add empty dependencies file to targets with no current meta data ISSUE TYPE Feature Pull Request COMPONENT NAME tests/integration/targets ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/96385803df04cfa34c62d1ab19be21b12f593af6 --- tests/integration/targets/ec2_vpc_peer/meta/main.yml | 1 + 1 file changed, 1 insertion(+) create mode 100644 tests/integration/targets/ec2_vpc_peer/meta/main.yml diff --git a/tests/integration/targets/ec2_vpc_peer/meta/main.yml b/tests/integration/targets/ec2_vpc_peer/meta/main.yml new file mode 100644 index 00000000000..32cf5dda7ed --- /dev/null +++ b/tests/integration/targets/ec2_vpc_peer/meta/main.yml @@ -0,0 +1 @@ +dependencies: [] From 3ecfad7a6d1f7bbee3d6d40524f7126404083e8e Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Wed, 1 Jun 2022 15:03:38 +0200 Subject: [PATCH 29/47] Tagging fragment - Move simplest cases over to the docs fragment. (#1182) Tagging fragment - Move simplest cases over to the docs fragment. Depends-On: ansible-collections/amazon.aws#844 SUMMARY Migrate simplest cases over to the new docs fragment and add resource_tags as an alias to tags. ISSUE TYPE Docs Pull Request Feature Pull Request COMPONENT NAME changelogs/fragments/1182-tagging.yml plugins/modules/aws_glue_job.py plugins/modules/aws_msk_cluster.py plugins/modules/aws_secret.py plugins/modules/aws_step_functions_state_machine.py plugins/modules/dynamodb_table.py plugins/modules/ec2_eip.py plugins/modules/ec2_transit_gateway_vpc_attachment.py plugins/modules/ec2_vpc_peer.py plugins/modules/elb_application_lb.py plugins/modules/elb_network_lb.py plugins/modules/iam_role.py plugins/modules/iam_user.py plugins/modules/networkfirewall.py plugins/modules/networkfirewall_policy.py plugins/modules/networkfirewall_rule_group.py plugins/modules/rds_cluster.py plugins/modules/rds_instance.py plugins/modules/rds_instance_snapshot.py plugins/modules/rds_option_group.py plugins/modules/rds_subnet_group.py plugins/modules/redshift.py ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/b11ffaed2b3450f6fee9721878090da404401021 --- plugins/modules/ec2_vpc_peer.py | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index b651b173ce4..79bcbf58b59 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -39,17 +39,6 @@ - The AWS account number for cross account peering. required: false type: str - tags: - description: - - Dictionary of tags to look for and apply when creating a Peering Connection. - required: false - type: dict - purge_tags: - description: - - Remove tags not listed in I(tags). - type: bool - default: true - version_added: 2.0.0 state: description: - Create, delete, accept, reject a peering connection. @@ -63,10 +52,14 @@ required: false default: false type: bool -author: Mike Mochan (@mmochan) +notes: + - Support for I(purge_tags) was added in release 2.0.0. +author: + - Mike Mochan (@mmochan) extends_documentation_fragment: -- amazon.aws.aws -- amazon.aws.ec2 + - amazon.aws.aws + - amazon.aws.ec2 + - amazon.aws.tags ''' EXAMPLES = ''' @@ -547,7 +540,7 @@ def main(): peer_region=dict(), peering_id=dict(), peer_owner_id=dict(), - tags=dict(required=False, type='dict'), + tags=dict(required=False, type='dict', aliases=['resource_tags']), purge_tags=dict(default=True, type='bool'), state=dict(default='present', choices=['present', 'absent', 'accept', 'reject']), wait=dict(default=False, type='bool'), From 4ab3df531b3dfbb8eb845115856139c9ac442f1d Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Tue, 12 Jul 2022 11:43:33 +0200 Subject: [PATCH 30/47] ec2_vpc_peer - Fix idempotency when accepter/requester is reversed (#1346) ec2_vpc_peer - Fix idempotency when accepter/requester is reversed SUMMARY fixes: #580 Fixes a bug where a new peering request would be created when the accepter/requester is reversed ISSUE TYPE Bugfix Pull Request COMPONENT NAME plugins/modules/ec2_vpc_peer.py ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/1c3ad2817ea44cd77f8d84d7562db1feb2cdabe1 --- plugins/modules/ec2_vpc_peer.py | 5 +++ .../targets/ec2_vpc_peer/tasks/main.yml | 43 +++++++++++++++---- 2 files changed, 39 insertions(+), 9 deletions(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index 79bcbf58b59..2034f234340 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -394,6 +394,11 @@ def describe_peering_connections(params, client): Filters=ansible_dict_to_boto3_filter_list(peer_filter), ) if result['VpcPeeringConnections'] == []: + # Try again with the VPC/Peer relationship reversed + peer_filter = { + 'requester-vpc-info.vpc-id': params['PeerVpcId'], + 'accepter-vpc-info.vpc-id': params['VpcId'], + } result = client.describe_vpc_peering_connections( aws_retry=True, Filters=ansible_dict_to_boto3_filter_list(peer_filter), diff --git a/tests/integration/targets/ec2_vpc_peer/tasks/main.yml b/tests/integration/targets/ec2_vpc_peer/tasks/main.yml index 7668ef4d95e..cdb7c668078 100644 --- a/tests/integration/targets/ec2_vpc_peer/tasks/main.yml +++ b/tests/integration/targets/ec2_vpc_peer/tasks/main.yml @@ -103,6 +103,22 @@ - vpc_peer is successful - vpc_peer.peering_id == peer_id_1 + - name: (re-) Create local account VPC peering Connection request with accepter/requester reversed (idempotency) + ec2_vpc_peer: + vpc_id: '{{ vpc_2 }}' + peer_vpc_id: '{{ vpc_1 }}' + state: present + tags: + Name: '{{ connection_name }}' + register: vpc_peer + + - name: Assert success + assert: + that: + - vpc_peer is not changed + - vpc_peer is successful + - vpc_peer.peering_id == peer_id_1 + - name: Get details on specific VPC peer ec2_vpc_peering_info: peer_connection_ids: @@ -458,21 +474,30 @@ - delete_peer is successful always: - # ============================================================ - - name: delete a local VPC peering Connection - ec2_vpc_peer: - peering_id: "{{ vpc_peer.peering_id }}" - state: absent - register: delete_peer + - name: Find all VPC Peering connections for our VPCs + ec2_vpc_peering_info: + filters: + accepter-vpc-info.vpc-id: '{{ item }}' + register: peering_info + loop: + - '{{ vpc_1 }}' + - '{{ vpc_2 }}' + + - set_fact: + vpc_peering_connection_ids: '{{ _vpc_peering_connections | map(attribute="vpc_peering_connection_id") | list }}' + vars: + _vpc_peering_connections: '{{ peering_info.results | map(attribute="vpc_peering_connections") | flatten }}' ignore_errors: True - - name: delete a local VPC peering Connection + # ============================================================ + + - name: Delete remaining Peering connections ec2_vpc_peer: - peering_id: "{{ vpc_peer2.peering_id }}" + peering_id: "{{ item }}" state: absent - register: delete_peer ignore_errors: True + loop: '{{ vpc_peering_connection_ids }}' - name: tidy up VPC 2 ec2_vpc_net: From fb877ea98c9210854862cebaeb82af28af8402b0 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Wed, 28 Sep 2022 13:40:43 +0200 Subject: [PATCH 31/47] Make example AWS UUIDS follow a specific pattern (#1539) Make example AWS UUIDS follow a specific pattern SUMMARY Various AWS IAM resources have UUID which follow a specific pattern. Similarly AWS accounts are all 12 digit numbers (text aliases in a couple of cases). To minimize the risk of accidental data leaks use a consistent Account ID in examples (123456789012), and a specific format for the UUIDS: (AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)12345EXAMPLE54321 While this does nothing about historic data, having consistency makes it easier to prevent future leaks. Note: We should follow this up with an update to the developer docs, however I'd like to get this in prior to 5.0.0 ISSUE TYPE Docs Pull Request COMPONENT NAME plugins/modules/acm_certificate_info.py plugins/modules/application_autoscaling_policy.py plugins/modules/autoscaling_launch_config.py plugins/modules/autoscaling_launch_config_info.py plugins/modules/codecommit_repository.py plugins/modules/directconnect_link_aggregation_group.py plugins/modules/dms_endpoint.py plugins/modules/dynamodb_table.py plugins/modules/ec2_transit_gateway_info.py plugins/modules/ec2_transit_gateway_vpc_attachment.py plugins/modules/ec2_transit_gateway_vpc_attachment_info.py plugins/modules/ec2_vpc_peer.py plugins/modules/ec2_vpc_peering_info.py plugins/modules/ec2_vpc_vpn_info.py plugins/modules/ecs_cluster.py plugins/modules/ecs_ecr.py plugins/modules/ecs_service.py plugins/modules/ecs_service_info.py plugins/modules/ecs_task.py plugins/modules/efs.py plugins/modules/efs_info.py plugins/modules/eks_cluster.py plugins/modules/elasticache_subnet_group.py plugins/modules/elb_network_lb.py plugins/modules/elb_target_group.py plugins/modules/elb_target_group_info.py plugins/modules/elb_target_info.py plugins/modules/iam_group.py plugins/modules/iam_managed_policy.py plugins/modules/iam_mfa_device_info.py plugins/modules/iam_server_certificate_info.py plugins/modules/lightsail.py plugins/modules/lightsail_static_ip.py plugins/modules/msk_cluster.py plugins/modules/s3_bucket_notification.py plugins/modules/sns_topic.py plugins/modules/sns_topic_info.py plugins/modules/sqs_queue.py plugins/modules/stepfunctions_state_machine.py plugins/modules/stepfunctions_state_machine_execution.py plugins/modules/storagegateway_info.py plugins/modules/wafv2_web_acl.py ADDITIONAL INFORMATION While the 'secret' nature of these UUIDs is debatable (they're closer to user names than passwords), deliberately mangling them makes it easier for InfoSec teams to spot when their secret counterparts may have been leaked in combination with a real 'public' part. This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/94764225332c869eefa574a8948da680bb668407 --- plugins/modules/ec2_vpc_peer.py | 12 ++++++------ plugins/modules/ec2_vpc_peering_info.py | 6 +++--- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index 2034f234340..4abf9e990e9 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -109,7 +109,7 @@ region: ap-southeast-2 vpc_id: vpc-12345678 peer_vpc_id: vpc-12345678 - peer_owner_id: 123456789102 + peer_owner_id: 123456789012 state: present tags: Name: Peering connection for VPC 21 to VPC 22 @@ -171,7 +171,7 @@ region: ap-southeast-2 vpc_id: vpc-12345678 peer_vpc_id: vpc-12345678 - peer_owner_id: 123456789102 + peer_owner_id: 123456789012 state: present tags: Name: Peering connection for VPC 21 to VPC 22 @@ -196,7 +196,7 @@ region: ap-southeast-2 vpc_id: vpc-12345678 peer_vpc_id: vpc-12345678 - peer_owner_id: 123456789102 + peer_owner_id: 123456789012 state: present tags: Name: Peering connection for VPC 21 to VPC 22 @@ -247,7 +247,7 @@ description: The AWS account that owns the VPC. returned: success type: str - example: 012345678901 + example: 123456789012 peering_options: description: Additional peering configuration. returned: when connection is in the accepted state. @@ -299,7 +299,7 @@ description: The AWS account that owns the VPC. returned: success type: str - example: 012345678901 + example: 123456789012 peering_options: description: Additional peering configuration. returned: when connection is not in the deleted state. @@ -341,7 +341,7 @@ description: Additional information about the status of the connection. returned: success type: str - example: Pending Acceptance by 012345678901 + example: Pending Acceptance by 123456789012 tags: description: Tags applied to the connection. returned: success diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index e7d8264c8d5..cdb8f8ca8b0 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -88,7 +88,7 @@ description: The AWS account that owns the VPC. returned: success type: str - example: 012345678901 + example: 123456789012 peering_options: description: Additional peering configuration. returned: when connection is in the accepted state. @@ -140,7 +140,7 @@ description: The AWS account that owns the VPC. returned: success type: str - example: 012345678901 + example: 123456789012 peering_options: description: Additional peering configuration. returned: when connection is not in the deleted state. @@ -182,7 +182,7 @@ description: Additional information about the status of the connection. returned: success type: str - example: Pending Acceptance by 012345678901 + example: Pending Acceptance by 123456789012 tags: description: Tags applied to the connection. returned: success From 3a518508ed5fde781900b3cc53f345245edad6f2 Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Wed, 5 Oct 2022 17:04:40 +0200 Subject: [PATCH 32/47] Update extends_documentation_fragment with amazon.aws.boto3 (#1459) Update extends_documentation_fragment with amazon.aws.boto3 Depends-On: ansible/ansible-zuul-jobs#1654 SUMMARY As per ansible-collections/amazon.aws#985 add amazon.aws.boto3. ISSUE TYPE Docs Pull Request COMPONENT NAME several Reviewed-by: Jill R Reviewed-by: Mark Chappell Reviewed-by: Markus Bergholz This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/bd3c03fcba0848f593b86309740fa73e986a9646 --- plugins/modules/ec2_vpc_peer.py | 1 + plugins/modules/ec2_vpc_peering_info.py | 1 + 2 files changed, 2 insertions(+) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index 4abf9e990e9..f23ffae1952 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -59,6 +59,7 @@ extends_documentation_fragment: - amazon.aws.aws - amazon.aws.ec2 + - amazon.aws.boto3 - amazon.aws.tags ''' diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index cdb8f8ca8b0..3996596aec1 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -28,6 +28,7 @@ extends_documentation_fragment: - amazon.aws.aws - amazon.aws.ec2 +- amazon.aws.boto3 ''' From a0f4a35033ef7f760f9795c7af5e06f7b4cbe581 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Wed, 2 Nov 2022 11:49:57 +0100 Subject: [PATCH 33/47] Fix non-matching defaults in docs (#1576) Fix non-matching defaults in docs Depends-On: #1579 SUMMARY Fix various non-matching default values exposed by ansible/ansible#79267. ISSUE TYPE Docs Pull Request COMPONENT NAME various Reviewed-by: Markus Bergholz This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/15568f01dc839983dc5c79b78f26b53a93fa72ee --- plugins/modules/ec2_vpc_peering_info.py | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index 3996596aec1..680fa3b68ba 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -24,6 +24,7 @@ See U(https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcPeeringConnections.html) for possible filters. type: dict + default: {} author: Karen Cheng (@Etherdaemon) extends_documentation_fragment: - amazon.aws.aws From 3b4c1a0af66d1b497f6c125f9787e2cf0d735cf3 Mon Sep 17 00:00:00 2001 From: Bikouo Aubin <79859644+abikouo@users.noreply.github.com> Date: Tue, 10 Jan 2023 19:22:13 +0100 Subject: [PATCH 34/47] Ansible User-Agent identification for community.aws (#1632) Ansible User-Agent identification for community.aws SUMMARY The value will be similar to this APN/1.0 Ansible/2.14.1 community.aws/6.0.0-dev0 ISSUE TYPE Feature Pull Request Reviewed-by: Mark Chappell Reviewed-by: Bikouo Aubin Reviewed-by: Alina Buzachis This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/a8cbce24071bcc62fe4594c38aff1baf18bd2862 --- plugins/modules/ec2_vpc_peer.py | 2 +- plugins/modules/ec2_vpc_peering_info.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index f23ffae1952..3c39f11dede 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -359,7 +359,7 @@ except ImportError: pass # Handled by AnsibleAWSModule -from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule +from ansible_collections.community.aws.plugins.module_utils.modules import AnsibleCommunityAWSModule as AnsibleAWSModule from ansible_collections.amazon.aws.plugins.module_utils.core import is_boto3_error_code from ansible_collections.amazon.aws.plugins.module_utils.ec2 import AWSRetry from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ansible_dict_to_boto3_filter_list diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index 680fa3b68ba..2e257a31ffe 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -206,7 +206,7 @@ except ImportError: pass # Handled by AnsibleAWSModule -from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule +from ansible_collections.community.aws.plugins.module_utils.modules import AnsibleCommunityAWSModule as AnsibleAWSModule from ansible_collections.amazon.aws.plugins.module_utils.core import normalize_boto3_result from ansible_collections.amazon.aws.plugins.module_utils.ec2 import AWSRetry from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ansible_dict_to_boto3_filter_list From 4abe9a64799a85e59f25838fd2947b32d882bafb Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Wed, 8 Mar 2023 12:07:26 +0100 Subject: [PATCH 35/47] Cleanup headers and imports (#1738) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cleanup headers and imports SUMMARY Mass update of imports, docs fragments and file headers Many of the amazon.aws module_utils and docs fragments got moved about, update community.aws to reflect this. Consistently apply the comment headers as documented at https://docs.ansible.com/ansible/devel/dev_guide/developing_modules_documenting.html#python-shebang-utf-8-coding ISSUE TYPE Docs Pull Request Feature Pull Request COMPONENT NAME ADDITIONAL INFORMATION Header cleanup based upon: https://docs.ansible.com/ansible/devel/dev_guide/developing_modules_documenting.html#python-shebang-utf-8-coding Begin your Ansible module with #!/usr/bin/python - this “shebang” allows ansible_python_interpreter to work. Follow the shebang immediately with # -*- coding: utf-8 -*- to clarify that the file is UTF-8 encoded. and https://docs.ansible.com/ansible/devel/dev_guide/developing_modules_documenting.html#copyright-and-license After the shebang and UTF-8 coding, add a copyright line with the original copyright holder and a license declaration. The license declaration should be ONLY one line, not the full GPL prefix. ... Additions to the module (for instance, rewrites) are not permitted to add additional copyright lines other than the default copyright statement if missing: Reviewed-by: Alina Buzachis This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/a4f20bf114bfab19b1c84c4ecf42efd5614ab80c --- plugins/modules/ec2_vpc_peer.py | 38 +++++++++++------------ plugins/modules/ec2_vpc_peering_info.py | 40 ++++++++++++------------- 2 files changed, 39 insertions(+), 39 deletions(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index 3c39f11dede..a5af559cc9d 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -1,12 +1,10 @@ #!/usr/bin/python +# -*- coding: utf-8 -*- + # Copyright: Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -from __future__ import absolute_import, division, print_function -__metaclass__ = type - - -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: ec2_vpc_peer short_description: create, delete, accept, and reject VPC peering connections between two VPCs. version_added: 1.0.0 @@ -57,13 +55,13 @@ author: - Mike Mochan (@mmochan) extends_documentation_fragment: - - amazon.aws.aws - - amazon.aws.ec2 - - amazon.aws.boto3 + - amazon.aws.common.modules + - amazon.aws.region.modules - amazon.aws.tags -''' + - amazon.aws.boto3 +""" -EXAMPLES = ''' +EXAMPLES = r""" # Complete example to create and accept a local peering connection. - name: Create local account VPC peering Connection community.aws.ec2_vpc_peer: @@ -212,8 +210,8 @@ profile: bot03_profile_for_cross_account state: reject -''' -RETURN = ''' +""" +RETURN = r""" peering_id: description: The id of the VPC peering connection created/deleted. returned: always @@ -352,21 +350,23 @@ returned: success type: str example: "pcx-0123456789abcdef0" -''' +""" try: import botocore except ImportError: pass # Handled by AnsibleAWSModule -from ansible_collections.community.aws.plugins.module_utils.modules import AnsibleCommunityAWSModule as AnsibleAWSModule -from ansible_collections.amazon.aws.plugins.module_utils.core import is_boto3_error_code -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import AWSRetry -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ansible_dict_to_boto3_filter_list -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict +from ansible.module_utils.common.dict_transformations import camel_dict_to_snake_dict + +from ansible_collections.amazon.aws.plugins.module_utils.botocore import is_boto3_error_code from ansible_collections.amazon.aws.plugins.module_utils.ec2 import add_ec2_tags from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ensure_ec2_tags +from ansible_collections.amazon.aws.plugins.module_utils.retries import AWSRetry +from ansible_collections.amazon.aws.plugins.module_utils.tagging import boto3_tag_list_to_ansible_dict +from ansible_collections.amazon.aws.plugins.module_utils.transformation import ansible_dict_to_boto3_filter_list + +from ansible_collections.community.aws.plugins.module_utils.modules import AnsibleCommunityAWSModule as AnsibleAWSModule def wait_for_state(client, module, state, pcx_id): diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index 2e257a31ffe..8faf64b8906 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -1,12 +1,10 @@ #!/usr/bin/python +# -*- coding: utf-8 -*- + # Copyright: Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -from __future__ import absolute_import, division, print_function -__metaclass__ = type - - -DOCUMENTATION = r''' +DOCUMENTATION = r""" module: ec2_vpc_peering_info short_description: Retrieves AWS VPC Peering details using AWS methods. version_added: 1.0.0 @@ -25,15 +23,15 @@ for possible filters. type: dict default: {} -author: Karen Cheng (@Etherdaemon) +author: + - Karen Cheng (@Etherdaemon) extends_documentation_fragment: -- amazon.aws.aws -- amazon.aws.ec2 -- amazon.aws.boto3 + - amazon.aws.common.modules + - amazon.aws.region.modules + - amazon.aws.boto3 +""" -''' - -EXAMPLES = r''' +EXAMPLES = r""" # Simple example of listing all VPC Peers - name: List all vpc peers community.aws.ec2_vpc_peering_info: @@ -58,9 +56,9 @@ filters: status-code: ['pending-acceptance'] register: pending_vpc_peers -''' +""" -RETURN = r''' +RETURN = r""" vpc_peering_connections: description: Details of the matching VPC peering connections. returned: success @@ -199,19 +197,21 @@ description: The result of the describe. returned: success type: list -''' +""" try: import botocore except ImportError: pass # Handled by AnsibleAWSModule +from ansible.module_utils.common.dict_transformations import camel_dict_to_snake_dict + +from ansible_collections.amazon.aws.plugins.module_utils.botocore import normalize_boto3_result +from ansible_collections.amazon.aws.plugins.module_utils.retries import AWSRetry +from ansible_collections.amazon.aws.plugins.module_utils.transformation import ansible_dict_to_boto3_filter_list +from ansible_collections.amazon.aws.plugins.module_utils.tagging import boto3_tag_list_to_ansible_dict + from ansible_collections.community.aws.plugins.module_utils.modules import AnsibleCommunityAWSModule as AnsibleAWSModule -from ansible_collections.amazon.aws.plugins.module_utils.core import normalize_boto3_result -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import AWSRetry -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ansible_dict_to_boto3_filter_list -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict def get_vpc_peers(client, module): From 27b2382eac874920ad1f22921d312e898d909c83 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Wed, 26 Apr 2023 19:26:07 +0200 Subject: [PATCH 36/47] Big Black PR (#1784) * Black prep * Black * changelog * Fix pylint unused-import in tests * Split SSM connection plugin changes * disable glue tests - bucket's missing * Disable s3_logging and s3_sync tests This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/2c4575c248776c65d66b06cd60fa09b0dae1cd6f --- plugins/modules/ec2_vpc_peer.py | 197 +++++++++++++----------- plugins/modules/ec2_vpc_peering_info.py | 26 ++-- 2 files changed, 123 insertions(+), 100 deletions(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index a5af559cc9d..465c9c852eb 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -370,15 +370,13 @@ def wait_for_state(client, module, state, pcx_id): - waiter = client.get_waiter('vpc_peering_connection_exists') + waiter = client.get_waiter("vpc_peering_connection_exists") peer_filter = { - 'vpc-peering-connection-id': pcx_id, - 'status-code': state, + "vpc-peering-connection-id": pcx_id, + "status-code": state, } try: - waiter.wait( - Filters=ansible_dict_to_boto3_filter_list(peer_filter) - ) + waiter.wait(Filters=ansible_dict_to_boto3_filter_list(peer_filter)) except botocore.exceptions.WaiterError as e: module.fail_json_aws(e, "Failed to wait for state change") except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: @@ -387,18 +385,18 @@ def wait_for_state(client, module, state, pcx_id): def describe_peering_connections(params, client): peer_filter = { - 'requester-vpc-info.vpc-id': params['VpcId'], - 'accepter-vpc-info.vpc-id': params['PeerVpcId'], + "requester-vpc-info.vpc-id": params["VpcId"], + "accepter-vpc-info.vpc-id": params["PeerVpcId"], } result = client.describe_vpc_peering_connections( aws_retry=True, Filters=ansible_dict_to_boto3_filter_list(peer_filter), ) - if result['VpcPeeringConnections'] == []: + if result["VpcPeeringConnections"] == []: # Try again with the VPC/Peer relationship reversed peer_filter = { - 'requester-vpc-info.vpc-id': params['PeerVpcId'], - 'accepter-vpc-info.vpc-id': params['VpcId'], + "requester-vpc-info.vpc-id": params["PeerVpcId"], + "accepter-vpc-info.vpc-id": params["VpcId"], } result = client.describe_vpc_peering_connections( aws_retry=True, @@ -409,29 +407,32 @@ def describe_peering_connections(params, client): def is_active(peering_conn): - return peering_conn['Status']['Code'] == 'active' + return peering_conn["Status"]["Code"] == "active" def is_pending(peering_conn): - return peering_conn['Status']['Code'] == 'pending-acceptance' + return peering_conn["Status"]["Code"] == "pending-acceptance" def create_peer_connection(client, module): changed = False params = dict() - params['VpcId'] = module.params.get('vpc_id') - params['PeerVpcId'] = module.params.get('peer_vpc_id') - if module.params.get('peer_region'): - params['PeerRegion'] = module.params.get('peer_region') - if module.params.get('peer_owner_id'): - params['PeerOwnerId'] = str(module.params.get('peer_owner_id')) + params["VpcId"] = module.params.get("vpc_id") + params["PeerVpcId"] = module.params.get("peer_vpc_id") + if module.params.get("peer_region"): + params["PeerRegion"] = module.params.get("peer_region") + if module.params.get("peer_owner_id"): + params["PeerOwnerId"] = str(module.params.get("peer_owner_id")) peering_conns = describe_peering_connections(params, client) - for peering_conn in peering_conns['VpcPeeringConnections']: - pcx_id = peering_conn['VpcPeeringConnectionId'] - if ensure_ec2_tags(client, module, pcx_id, - purge_tags=module.params.get('purge_tags'), - tags=module.params.get('tags'), - ): + for peering_conn in peering_conns["VpcPeeringConnections"]: + pcx_id = peering_conn["VpcPeeringConnectionId"] + if ensure_ec2_tags( + client, + module, + pcx_id, + purge_tags=module.params.get("purge_tags"), + tags=module.params.get("tags"), + ): changed = True if is_active(peering_conn): return (changed, peering_conn) @@ -439,54 +440,59 @@ def create_peer_connection(client, module): return (changed, peering_conn) try: peering_conn = client.create_vpc_peering_connection(aws_retry=True, **params) - pcx_id = peering_conn['VpcPeeringConnection']['VpcPeeringConnectionId'] - if module.params.get('tags'): + pcx_id = peering_conn["VpcPeeringConnection"]["VpcPeeringConnectionId"] + if module.params.get("tags"): # Once the minimum botocore version is bumped to > 1.17.24 # (hopefully community.aws 3.0.0) we can add the tags to the # creation parameters - add_ec2_tags(client, module, pcx_id, module.params.get('tags'), - retry_codes=['InvalidVpcPeeringConnectionID.NotFound']) - if module.params.get('wait'): - wait_for_state(client, module, 'pending-acceptance', pcx_id) + add_ec2_tags( + client, + module, + pcx_id, + module.params.get("tags"), + retry_codes=["InvalidVpcPeeringConnectionID.NotFound"], + ) + if module.params.get("wait"): + wait_for_state(client, module, "pending-acceptance", pcx_id) changed = True - return (changed, peering_conn['VpcPeeringConnection']) + return (changed, peering_conn["VpcPeeringConnection"]) except botocore.exceptions.ClientError as e: module.fail_json(msg=str(e)) def remove_peer_connection(client, module): - pcx_id = module.params.get('peering_id') + pcx_id = module.params.get("peering_id") if pcx_id: peering_conn = get_peering_connection_by_id(pcx_id, client, module) else: params = dict() - params['VpcId'] = module.params.get('vpc_id') - params['PeerVpcId'] = module.params.get('peer_vpc_id') - params['PeerRegion'] = module.params.get('peer_region') - if module.params.get('peer_owner_id'): - params['PeerOwnerId'] = str(module.params.get('peer_owner_id')) - peering_conn = describe_peering_connections(params, client)['VpcPeeringConnections'][0] + params["VpcId"] = module.params.get("vpc_id") + params["PeerVpcId"] = module.params.get("peer_vpc_id") + params["PeerRegion"] = module.params.get("peer_region") + if module.params.get("peer_owner_id"): + params["PeerOwnerId"] = str(module.params.get("peer_owner_id")) + peering_conn = describe_peering_connections(params, client)["VpcPeeringConnections"][0] if not peering_conn: module.exit_json(changed=False) else: - pcx_id = pcx_id or peering_conn['VpcPeeringConnectionId'] + pcx_id = pcx_id or peering_conn["VpcPeeringConnectionId"] - if peering_conn['Status']['Code'] == 'deleted': - module.exit_json(msg='Connection in deleted state.', changed=False, peering_id=pcx_id) - if peering_conn['Status']['Code'] == 'rejected': + if peering_conn["Status"]["Code"] == "deleted": + module.exit_json(msg="Connection in deleted state.", changed=False, peering_id=pcx_id) + if peering_conn["Status"]["Code"] == "rejected": module.exit_json( - msg='Connection has been rejected. State cannot be changed and will be removed automatically by AWS', + msg="Connection has been rejected. State cannot be changed and will be removed automatically by AWS", changed=False, - peering_id=pcx_id + peering_id=pcx_id, ) try: params = dict() - params['VpcPeeringConnectionId'] = pcx_id + params["VpcPeeringConnectionId"] = pcx_id client.delete_vpc_peering_connection(aws_retry=True, **params) - if module.params.get('wait'): - wait_for_state(client, module, 'deleted', pcx_id) + if module.params.get("wait"): + wait_for_state(client, module, "deleted", pcx_id) module.exit_json(changed=True, peering_id=pcx_id) except botocore.exceptions.ClientError as e: module.fail_json(msg=str(e)) @@ -494,44 +500,55 @@ def remove_peer_connection(client, module): def get_peering_connection_by_id(peering_id, client, module): params = dict() - params['VpcPeeringConnectionIds'] = [peering_id] + params["VpcPeeringConnectionIds"] = [peering_id] try: vpc_peering_connection = client.describe_vpc_peering_connections(aws_retry=True, **params) - return vpc_peering_connection['VpcPeeringConnections'][0] - except is_boto3_error_code('InvalidVpcPeeringConnectionId.Malformed') as e: - module.fail_json_aws(e, msg='Malformed connection ID') - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: # pylint: disable=duplicate-except - module.fail_json_aws(e, msg='Error while describing peering connection by peering_id') + return vpc_peering_connection["VpcPeeringConnections"][0] + except is_boto3_error_code("InvalidVpcPeeringConnectionId.Malformed") as e: + module.fail_json_aws(e, msg="Malformed connection ID") + except ( + botocore.exceptions.ClientError, + botocore.exceptions.BotoCoreError, + ) as e: # pylint: disable=duplicate-except + module.fail_json_aws(e, msg="Error while describing peering connection by peering_id") def accept_reject(state, client, module): changed = False params = dict() - peering_id = module.params.get('peering_id') - params['VpcPeeringConnectionId'] = peering_id + peering_id = module.params.get("peering_id") + params["VpcPeeringConnectionId"] = peering_id vpc_peering_connection = get_peering_connection_by_id(peering_id, client, module) - peering_status = vpc_peering_connection['Status']['Code'] + peering_status = vpc_peering_connection["Status"]["Code"] - if peering_status not in ['active', 'rejected']: + if peering_status not in ["active", "rejected"]: try: - if state == 'accept': + if state == "accept": client.accept_vpc_peering_connection(aws_retry=True, **params) - target_state = 'active' + target_state = "active" else: client.reject_vpc_peering_connection(aws_retry=True, **params) - target_state = 'rejected' - if module.params.get('tags'): - add_ec2_tags(client, module, peering_id, module.params.get('tags'), - retry_codes=['InvalidVpcPeeringConnectionID.NotFound']) + target_state = "rejected" + if module.params.get("tags"): + add_ec2_tags( + client, + module, + peering_id, + module.params.get("tags"), + retry_codes=["InvalidVpcPeeringConnectionID.NotFound"], + ) changed = True - if module.params.get('wait'): + if module.params.get("wait"): wait_for_state(client, module, target_state, peering_id) except botocore.exceptions.ClientError as e: module.fail_json(msg=str(e)) - if ensure_ec2_tags(client, module, peering_id, - purge_tags=module.params.get('purge_tags'), - tags=module.params.get('tags'), - ): + if ensure_ec2_tags( + client, + module, + peering_id, + purge_tags=module.params.get("purge_tags"), + tags=module.params.get("tags"), + ): changed = True # Relaod peering conection infos to return latest state/params @@ -546,34 +563,36 @@ def main(): peer_region=dict(), peering_id=dict(), peer_owner_id=dict(), - tags=dict(required=False, type='dict', aliases=['resource_tags']), - purge_tags=dict(default=True, type='bool'), - state=dict(default='present', choices=['present', 'absent', 'accept', 'reject']), - wait=dict(default=False, type='bool'), + tags=dict(required=False, type="dict", aliases=["resource_tags"]), + purge_tags=dict(default=True, type="bool"), + state=dict(default="present", choices=["present", "absent", "accept", "reject"]), + wait=dict(default=False, type="bool"), ) required_if = [ - ('state', 'present', ['vpc_id', 'peer_vpc_id']), - ('state', 'accept', ['peering_id']), - ('state', 'reject', ['peering_id']) + ("state", "present", ["vpc_id", "peer_vpc_id"]), + ("state", "accept", ["peering_id"]), + ("state", "reject", ["peering_id"]), ] module = AnsibleAWSModule(argument_spec=argument_spec, required_if=required_if) - state = module.params.get('state') - peering_id = module.params.get('peering_id') - vpc_id = module.params.get('vpc_id') - peer_vpc_id = module.params.get('peer_vpc_id') + state = module.params.get("state") + peering_id = module.params.get("peering_id") + vpc_id = module.params.get("vpc_id") + peer_vpc_id = module.params.get("peer_vpc_id") try: - client = module.client('ec2', retry_decorator=AWSRetry.jittered_backoff()) + client = module.client("ec2", retry_decorator=AWSRetry.jittered_backoff()) except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg='Failed to connect to AWS') + module.fail_json_aws(e, msg="Failed to connect to AWS") - if state == 'present': + if state == "present": (changed, results) = create_peer_connection(client, module) - elif state == 'absent': + elif state == "absent": if not peering_id and (not vpc_id or not peer_vpc_id): - module.fail_json(msg='state is absent but one of the following is missing: peering_id or [vpc_id, peer_vpc_id]') + module.fail_json( + msg="state is absent but one of the following is missing: peering_id or [vpc_id, peer_vpc_id]" + ) remove_peer_connection(client, module) else: @@ -581,10 +600,12 @@ def main(): formatted_results = camel_dict_to_snake_dict(results) # Turn the resource tags from boto3 into an ansible friendly tag dictionary - formatted_results['tags'] = boto3_tag_list_to_ansible_dict(formatted_results.get('tags', [])) + formatted_results["tags"] = boto3_tag_list_to_ansible_dict(formatted_results.get("tags", [])) - module.exit_json(changed=changed, vpc_peering_connection=formatted_results, peering_id=results['VpcPeeringConnectionId']) + module.exit_json( + changed=changed, vpc_peering_connection=formatted_results, peering_id=results["VpcPeeringConnectionId"] + ) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index 8faf64b8906..ee9fda32118 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -216,41 +216,43 @@ def get_vpc_peers(client, module): params = dict() - params['Filters'] = ansible_dict_to_boto3_filter_list(module.params.get('filters')) - if module.params.get('peer_connection_ids'): - params['VpcPeeringConnectionIds'] = module.params.get('peer_connection_ids') + params["Filters"] = ansible_dict_to_boto3_filter_list(module.params.get("filters")) + if module.params.get("peer_connection_ids"): + params["VpcPeeringConnectionIds"] = module.params.get("peer_connection_ids") try: result = client.describe_vpc_peering_connections(aws_retry=True, **params) result = normalize_boto3_result(result) except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: module.fail_json_aws(e, msg="Failed to describe peering connections") - return result['VpcPeeringConnections'] + return result["VpcPeeringConnections"] def main(): argument_spec = dict( - filters=dict(default=dict(), type='dict'), - peer_connection_ids=dict(default=None, type='list', elements='str'), + filters=dict(default=dict(), type="dict"), + peer_connection_ids=dict(default=None, type="list", elements="str"), ) - module = AnsibleAWSModule(argument_spec=argument_spec, - supports_check_mode=True,) + module = AnsibleAWSModule( + argument_spec=argument_spec, + supports_check_mode=True, + ) try: - ec2 = module.client('ec2', retry_decorator=AWSRetry.jittered_backoff()) + ec2 = module.client("ec2", retry_decorator=AWSRetry.jittered_backoff()) except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg='Failed to connect to AWS') + module.fail_json_aws(e, msg="Failed to connect to AWS") # Turn the boto3 result in to ansible friendly_snaked_names results = [camel_dict_to_snake_dict(peer) for peer in get_vpc_peers(ec2, module)] # Turn the boto3 result in to ansible friendly tag dictionary for peer in results: - peer['tags'] = boto3_tag_list_to_ansible_dict(peer.get('tags', [])) + peer["tags"] = boto3_tag_list_to_ansible_dict(peer.get("tags", [])) module.exit_json(result=results, vpc_peering_connections=results) -if __name__ == '__main__': +if __name__ == "__main__": main() From c12166cfb76ba16f27ec75b87211d0ded5b7e395 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Thu, 31 Aug 2023 17:58:59 +0200 Subject: [PATCH 37/47] Mass update of docs and tests (credentials/session tokens) (#1921) Mass update of docs and tests (credentials/session tokens) SUMMARY We had a cleanup of credentials/session parameters which included a batch of deprecations and renames. Ensure that all of our tests and docs are using the 'canonical' names ISSUE TYPE Docs Pull Request COMPONENT NAME plugins/modules/batch_compute_environment.py plugins/modules/cloudformation_exports_info.py plugins/modules/ec2_vpc_vpn.py plugins/modules/elasticache.py plugins/modules/elasticache_parameter_group.py plugins/modules/elasticache_snapshot.py plugins/modules/ses_rule_set.py plugins/modules/sts_assume_role.py plugins/modules/sts_session_token.py tests/integration ADDITIONAL INFORMATION See also ansible-collections/amazon.aws#1172 ansible-collections/amazon.aws#1714 Reviewed-by: Alina Buzachis This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/4a5b50e9b9c0d6ca1a1f802f3b03d4f503c16885 --- tests/integration/targets/ec2_vpc_peer/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/integration/targets/ec2_vpc_peer/tasks/main.yml b/tests/integration/targets/ec2_vpc_peer/tasks/main.yml index cdb7c668078..b39b69b74b0 100644 --- a/tests/integration/targets/ec2_vpc_peer/tasks/main.yml +++ b/tests/integration/targets/ec2_vpc_peer/tasks/main.yml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" block: - name: get ARN of calling user From f70f39f103d0a7f0bd0234187ac60bf593c9c830 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Tue, 17 Oct 2023 21:27:02 +0200 Subject: [PATCH 38/47] Apply isort and flynt (#1962) SUMMARY Apply isort - see also ansible-collections/amazon.aws#1771 Apply flynt - see also ansible-collections/amazon.aws#1802 ISSUE TYPE Feature Pull Request COMPONENT NAME ADDITIONAL INFORMATION This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/c0117b5466958bd0f8b5fc620306adde1422a62d --- plugins/modules/ec2_vpc_peering_info.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index ee9fda32118..badc9f8fd80 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -208,8 +208,8 @@ from ansible_collections.amazon.aws.plugins.module_utils.botocore import normalize_boto3_result from ansible_collections.amazon.aws.plugins.module_utils.retries import AWSRetry -from ansible_collections.amazon.aws.plugins.module_utils.transformation import ansible_dict_to_boto3_filter_list from ansible_collections.amazon.aws.plugins.module_utils.tagging import boto3_tag_list_to_ansible_dict +from ansible_collections.amazon.aws.plugins.module_utils.transformation import ansible_dict_to_boto3_filter_list from ansible_collections.community.aws.plugins.module_utils.modules import AnsibleCommunityAWSModule as AnsibleAWSModule From 66b2287eed20878c6bc64a90e069a6213e225a07 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Fri, 5 Jan 2024 18:42:41 +0100 Subject: [PATCH 39/47] ansible-lint (documentation) cleanup for plugins/ (#2036) ansible-lint (documentation) cleanup for plugins/ SUMMARY Fixes an array of ansible-lint failures in plugins/ Adds ansible-lint plugins/ to tox -m lint ISSUE TYPE Docs Pull Request COMPONENT NAME plugins/ ADDITIONAL INFORMATION docs changes only (no changelog fragment needed) Reviewed-by: Alina Buzachis This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/6dd4a00b8c18fe3499bad04f90c8ac7832ade8bb --- plugins/modules/ec2_vpc_peer.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index 465c9c852eb..2a731bf23e4 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -209,8 +209,8 @@ peering_id: "{{ vpc_peer.peering_id }}" profile: bot03_profile_for_cross_account state: reject - """ + RETURN = r""" peering_id: description: The id of the VPC peering connection created/deleted. From 7750435ce7144c6a05b079d7fe603f7d2a5fd503 Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Thu, 10 Oct 2024 20:32:27 +0200 Subject: [PATCH 40/47] Refactor ec2_vpc_peer* modules (#2153) SUMMARY Depends-On: ansible-collections/amazon.aws#2303 Refactor ec2_vpc_peer* modules Once the module is migrated to amazon.aws I will deprecate result returned by the info module and rename the ec2_vpc_peer module (see #2154). ISSUE TYPE Bugfix Pull Request Docs Pull Request Feature Pull Request New Module Pull Request COMPONENT NAME ec2_vpc_peer ec2_vpc_peering_info ADDITIONAL INFORMATION Reviewed-by: Bikouo Aubin Reviewed-by: GomathiselviS Reviewed-by: Alina Buzachis This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/fcd780eee6864804561e3e45d09c3185c161852b --- plugins/modules/ec2_vpc_peer.py | 479 +++++++++--------- plugins/modules/ec2_vpc_peering_info.py | 222 ++++++-- .../targets/ec2_vpc_peer/tasks/main.yml | 313 ++++++++---- 3 files changed, 644 insertions(+), 370 deletions(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index 2a731bf23e4..94f4b125219 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -51,9 +51,10 @@ default: false type: bool notes: - - Support for I(purge_tags) was added in release 2.0.0. + - Support for O(purge_tags) was added in release 2.0.0. author: - Mike Mochan (@mmochan) + - Alina Buzachis (@alinabuzachis) extends_documentation_fragment: - amazon.aws.common.modules - amazon.aws.region.modules @@ -63,152 +64,152 @@ EXAMPLES = r""" # Complete example to create and accept a local peering connection. -- name: Create local account VPC peering Connection +- name: Create local account EC2 VPC Peering Connection community.aws.ec2_vpc_peer: - region: ap-southeast-2 - vpc_id: vpc-12345678 - peer_vpc_id: vpc-87654321 - state: present + region: "ap-southeast-2" + vpc_id: "vpc-12345678" + peer_vpc_id: "vpc-87654321" + state: "present" tags: - Name: Peering connection for VPC 21 to VPC 22 - CostCode: CC1234 - Project: phoenix + Name: "Peering connection for VPC 21 to VPC 22" + CostCode: "CC1234" + Project: "phoenix" register: vpc_peer -- name: Accept local VPC peering request +- name: Accept local EC2 VPC Peering request community.aws.ec2_vpc_peer: - region: ap-southeast-2 + region: "ap-southeast-2" peering_id: "{{ vpc_peer.peering_id }}" - state: accept + state: "accept" register: action_peer # Complete example to delete a local peering connection. -- name: Create local account VPC peering Connection +- name: Create local account EC2 VPC Peering Connection community.aws.ec2_vpc_peer: - region: ap-southeast-2 - vpc_id: vpc-12345678 - peer_vpc_id: vpc-87654321 - state: present + region: "ap-southeast-2" + vpc_id: "vpc-12345678" + peer_vpc_id: "vpc-87654321" + state: "present" tags: - Name: Peering connection for VPC 21 to VPC 22 - CostCode: CC1234 - Project: phoenix + Name: "Peering connection for VPC 21 to VPC 22" + CostCode: "CC1234" + Project: "phoenix" register: vpc_peer -- name: delete a local VPC peering Connection +- name: Delete a local EC2 VPC Peering Connection community.aws.ec2_vpc_peer: - region: ap-southeast-2 + region: "ap-southeast-2" peering_id: "{{ vpc_peer.peering_id }}" - state: absent + state: "absent" register: vpc_peer # Complete example to create and accept a cross account peering connection. -- name: Create cross account VPC peering Connection +- name: Create cross account EC2 VPC Peering Connection community.aws.ec2_vpc_peer: - region: ap-southeast-2 - vpc_id: vpc-12345678 - peer_vpc_id: vpc-12345678 - peer_owner_id: 123456789012 - state: present + region: "ap-southeast-2" + vpc_id: "vpc-12345678" + peer_vpc_id: "vpc-12345678" + peer_owner_id: "123456789012" + state: "present" tags: - Name: Peering connection for VPC 21 to VPC 22 - CostCode: CC1234 - Project: phoenix + Name: "Peering connection for VPC 21 to VPC 22" + CostCode: "CC1234" + Project: "phoenix" register: vpc_peer -- name: Accept peering connection from remote account +- name: Accept EC2 VPC Peering Connection from remote account community.aws.ec2_vpc_peer: - region: ap-southeast-2 + region: "ap-southeast-2" peering_id: "{{ vpc_peer.peering_id }}" - profile: bot03_profile_for_cross_account - state: accept + profile: "bot03_profile_for_cross_account" + state: "accept" register: vpc_peer # Complete example to create and accept an intra-region peering connection. -- name: Create intra-region VPC peering Connection +- name: Create intra-region EC2 VPC Peering Connection community.aws.ec2_vpc_peer: - region: us-east-1 - vpc_id: vpc-12345678 - peer_vpc_id: vpc-87654321 - peer_region: us-west-2 - state: present + region: "us-east-1" + vpc_id: "vpc-12345678" + peer_vpc_id: "vpc-87654321" + peer_region: "us-west-2" + state: "present" tags: - Name: Peering connection for us-east-1 VPC to us-west-2 VPC - CostCode: CC1234 - Project: phoenix + Name: "Peering connection for us-east-1 VPC to us-west-2 VPC" + CostCode: "CC1234" + Project: "phoenix" register: vpc_peer -- name: Accept peering connection from peer region +- name: Accept EC2 VPC Peering Connection from peer region community.aws.ec2_vpc_peer: - region: us-west-2 + region: "us-west-2" peering_id: "{{ vpc_peer.peering_id }}" - state: accept + state: "accept" register: vpc_peer # Complete example to create and reject a local peering connection. -- name: Create local account VPC peering Connection +- name: Create local account EC2 VPC Peering Connection community.aws.ec2_vpc_peer: - region: ap-southeast-2 - vpc_id: vpc-12345678 - peer_vpc_id: vpc-87654321 - state: present + region: "ap-southeast-2" + vpc_id: "vpc-12345678" + peer_vpc_id: "vpc-87654321" + state: "present" tags: - Name: Peering connection for VPC 21 to VPC 22 - CostCode: CC1234 - Project: phoenix + Name: "Peering connection for VPC 21 to VPC 22" + CostCode: "CC1234" + Project: "phoenix" register: vpc_peer -- name: Reject a local VPC peering Connection +- name: Reject a local EC2 VPC Peering Connection community.aws.ec2_vpc_peer: - region: ap-southeast-2 + region: "ap-southeast-2" peering_id: "{{ vpc_peer.peering_id }}" - state: reject + state: "reject" # Complete example to create and accept a cross account peering connection. -- name: Create cross account VPC peering Connection +- name: Create cross account EC2 VPC Peering Connection community.aws.ec2_vpc_peer: - region: ap-southeast-2 - vpc_id: vpc-12345678 - peer_vpc_id: vpc-12345678 - peer_owner_id: 123456789012 - state: present + region: "ap-southeast-2" + vpc_id: "vpc-12345678" + peer_vpc_id: "vpc-12345678" + peer_owner_id: "123456789012" + state: "present" tags: - Name: Peering connection for VPC 21 to VPC 22 - CostCode: CC1234 - Project: phoenix + Name: "Peering connection for VPC 21 to VPC 22" + CostCode: "CC1234" + Project: "phoenix" register: vpc_peer -- name: Accept a cross account VPC peering connection request +- name: Accept a cross account EC2 VPC Peering Connection request community.aws.ec2_vpc_peer: - region: ap-southeast-2 + region: "ap-southeast-2" peering_id: "{{ vpc_peer.peering_id }}" - profile: bot03_profile_for_cross_account - state: accept + profile: "bot03_profile_for_cross_account" + state: "accept" tags: - Name: Peering connection for VPC 21 to VPC 22 - CostCode: CC1234 - Project: phoenix + Name: "Peering connection for VPC 21 to VPC 22" + CostCode: "CC1234" + Project: "phoenix" # Complete example to create and reject a cross account peering connection. -- name: Create cross account VPC peering Connection +- name: Create cross account EC2 VPC Peering Connection community.aws.ec2_vpc_peer: - region: ap-southeast-2 - vpc_id: vpc-12345678 - peer_vpc_id: vpc-12345678 - peer_owner_id: 123456789012 - state: present + region: "ap-southeast-2" + vpc_id: "vpc-12345678" + peer_vpc_id: "vpc-12345678" + peer_owner_id: "123456789012" + state: "present" tags: - Name: Peering connection for VPC 21 to VPC 22 - CostCode: CC1234 - Project: phoenix + Name: "Peering connection for VPC 21 to VPC 22" + CostCode: "CC1234" + Project: "phoenix" register: vpc_peer -- name: Reject a cross account VPC peering Connection +- name: Reject a cross account EC2 VPC Peering Connection community.aws.ec2_vpc_peer: - region: ap-southeast-2 + region: "ap-southeast-2" peering_id: "{{ vpc_peer.peering_id }}" - profile: bot03_profile_for_cross_account - state: reject + profile: "bot03_profile_for_cross_account" + state: "reject" """ RETURN = r""" @@ -216,37 +217,38 @@ description: The id of the VPC peering connection created/deleted. returned: always type: str - sample: pcx-034223d7c0aec3cde + sample: "pcx-034223d7c0aec3cde" vpc_peering_connection: - description: The details of the VPC peering connection as returned by Boto3 (snake cased). + description: The details of the VPC peering connection. returned: success - type: complex + type: dict contains: accepter_vpc_info: description: Information about the VPC which accepted the connection. returned: success - type: complex + type: dict contains: cidr_block: description: The primary CIDR for the VPC. returned: when connection is in the accepted state. type: str - example: '10.10.10.0/23' + sample: "10.10.10.0/23" cidr_block_set: description: A list of all CIDRs for the VPC. returned: when connection is in the accepted state. - type: complex + type: list + elements: dict contains: cidr_block: description: A CIDR block used by the VPC. returned: success type: str - example: '10.10.10.0/23' + sample: "10.10.10.0/23" owner_id: description: The AWS account that owns the VPC. returned: success type: str - example: 123456789012 + sample: "123456789012" peering_options: description: Additional peering configuration. returned: when connection is in the accepted state. @@ -268,37 +270,38 @@ description: The AWS region that the VPC is in. returned: success type: str - example: us-east-1 + sample: "us-east-1" vpc_id: description: The ID of the VPC returned: success type: str - example: vpc-0123456789abcdef0 + sample: "vpc-0123456789abcdef0" requester_vpc_info: description: Information about the VPC which requested the connection. returned: success - type: complex + type: dict contains: cidr_block: description: The primary CIDR for the VPC. returned: when connection is not in the deleted state. type: str - example: '10.10.10.0/23' + sample: "10.10.10.0/23" cidr_block_set: description: A list of all CIDRs for the VPC. returned: when connection is not in the deleted state. - type: complex + type: list + elements: dict contains: cidr_block: description: A CIDR block used by the VPC returned: success type: str - example: '10.10.10.0/23' + sample: "10.10.10.0/23" owner_id: description: The AWS account that owns the VPC. returned: success type: str - example: 123456789012 + sample: "123456789012" peering_options: description: Additional peering configuration. returned: when connection is not in the deleted state. @@ -320,12 +323,12 @@ description: The AWS region that the VPC is in. returned: success type: str - example: us-east-1 + sample: "us-east-1" vpc_id: description: The ID of the VPC returned: success type: str - example: vpc-0123456789abcdef0 + sample: "vpc-0123456789abcdef0" status: description: Details of the current status of the connection. returned: success @@ -335,21 +338,25 @@ description: A short code describing the status of the connection. returned: success type: str - example: active + sample: "active" message: description: Additional information about the status of the connection. returned: success type: str - example: Pending Acceptance by 123456789012 + sample: "Pending Acceptance by 123456789012" tags: description: Tags applied to the connection. returned: success type: dict + expiration_time: + description: The time that an unaccepted VPC peering connection will expire. + type: str + sample: "2024-10-01T12:11:12+00:00" vpc_peering_connection_id: description: The ID of the VPC peering connection. returned: success type: str - example: "pcx-0123456789abcdef0" + sample: "pcx-0123456789abcdef0" """ try: @@ -357,215 +364,214 @@ except ImportError: pass # Handled by AnsibleAWSModule +from typing import Any +from typing import Dict +from typing import NoReturn +from typing import Tuple + from ansible.module_utils.common.dict_transformations import camel_dict_to_snake_dict from ansible_collections.amazon.aws.plugins.module_utils.botocore import is_boto3_error_code -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import add_ec2_tags +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import accept_vpc_peering_connection +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import create_vpc_peering_connection +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import delete_vpc_peering_connection +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import describe_vpc_peering_connections from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ensure_ec2_tags -from ansible_collections.amazon.aws.plugins.module_utils.retries import AWSRetry +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import reject_vpc_peering_connection from ansible_collections.amazon.aws.plugins.module_utils.tagging import boto3_tag_list_to_ansible_dict +from ansible_collections.amazon.aws.plugins.module_utils.tagging import boto3_tag_specifications from ansible_collections.amazon.aws.plugins.module_utils.transformation import ansible_dict_to_boto3_filter_list from ansible_collections.community.aws.plugins.module_utils.modules import AnsibleCommunityAWSModule as AnsibleAWSModule -def wait_for_state(client, module, state, pcx_id): +def wait_for_state(client, module: AnsibleAWSModule, state: str, peering_id: str) -> NoReturn: waiter = client.get_waiter("vpc_peering_connection_exists") - peer_filter = { - "vpc-peering-connection-id": pcx_id, + filters = { + "vpc-peering-connection-id": peering_id, "status-code": state, } try: - waiter.wait(Filters=ansible_dict_to_boto3_filter_list(peer_filter)) + waiter.wait(Filters=ansible_dict_to_boto3_filter_list(filters)) except botocore.exceptions.WaiterError as e: module.fail_json_aws(e, "Failed to wait for state change") except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, "Enable to describe Peerig Connection while waiting for state to change") + module.fail_json_aws(e, "Unable to describe Peering Connection while waiting for state to change") -def describe_peering_connections(params, client): - peer_filter = { +def describe_peering_connections(client, module: AnsibleAWSModule, params) -> Dict[str, Any]: + peering_connections: Dict = {} + + filters = { "requester-vpc-info.vpc-id": params["VpcId"], "accepter-vpc-info.vpc-id": params["PeerVpcId"], } - result = client.describe_vpc_peering_connections( - aws_retry=True, - Filters=ansible_dict_to_boto3_filter_list(peer_filter), - ) - if result["VpcPeeringConnections"] == []: + + peering_connections = describe_vpc_peering_connections(client, Filters=ansible_dict_to_boto3_filter_list(filters)) + if peering_connections == []: # Try again with the VPC/Peer relationship reversed - peer_filter = { + filters = { "requester-vpc-info.vpc-id": params["PeerVpcId"], "accepter-vpc-info.vpc-id": params["VpcId"], } - result = client.describe_vpc_peering_connections( - aws_retry=True, - Filters=ansible_dict_to_boto3_filter_list(peer_filter), + peering_connections = describe_vpc_peering_connections( + client, Filters=ansible_dict_to_boto3_filter_list(filters) ) - return result + return peering_connections + + +def is_active(peering_connection: Dict[str, Any]) -> bool: + return peering_connection["Status"]["Code"] == "active" + +def is_rejected(peering_connection: Dict[str, Any]) -> bool: + return peering_connection["Status"]["Code"] == "rejected" -def is_active(peering_conn): - return peering_conn["Status"]["Code"] == "active" +def is_pending(peering_connection: Dict[str, Any]) -> bool: + return peering_connection["Status"]["Code"] == "pending-acceptance" -def is_pending(peering_conn): - return peering_conn["Status"]["Code"] == "pending-acceptance" +def is_deleted(peering_connection: Dict[str, Any]) -> bool: + return peering_connection["Status"]["Code"] == "deleted" + + +def create_peering_connection(client, module: AnsibleAWSModule) -> Tuple[bool, Dict[str, Any]]: + changed: bool = False + params: Dict = {} -def create_peer_connection(client, module): - changed = False - params = dict() params["VpcId"] = module.params.get("vpc_id") params["PeerVpcId"] = module.params.get("peer_vpc_id") + if module.params.get("peer_region"): - params["PeerRegion"] = module.params.get("peer_region") + params["PeerRegion"] = module.params["peer_region"] + if module.params.get("peer_owner_id"): - params["PeerOwnerId"] = str(module.params.get("peer_owner_id")) - peering_conns = describe_peering_connections(params, client) - for peering_conn in peering_conns["VpcPeeringConnections"]: - pcx_id = peering_conn["VpcPeeringConnectionId"] - if ensure_ec2_tags( + params["PeerOwnerId"] = module.params["peer_owner_id"] + + peering_connections = describe_peering_connections(client, module, params) + for peering_connection in peering_connections: + changed |= ensure_ec2_tags( client, module, - pcx_id, + peering_connection["VpcPeeringConnectionId"], purge_tags=module.params.get("purge_tags"), tags=module.params.get("tags"), - ): - changed = True - if is_active(peering_conn): - return (changed, peering_conn) - if is_pending(peering_conn): - return (changed, peering_conn) - try: - peering_conn = client.create_vpc_peering_connection(aws_retry=True, **params) - pcx_id = peering_conn["VpcPeeringConnection"]["VpcPeeringConnectionId"] - if module.params.get("tags"): - # Once the minimum botocore version is bumped to > 1.17.24 - # (hopefully community.aws 3.0.0) we can add the tags to the - # creation parameters - add_ec2_tags( - client, - module, - pcx_id, - module.params.get("tags"), - retry_codes=["InvalidVpcPeeringConnectionID.NotFound"], - ) - if module.params.get("wait"): - wait_for_state(client, module, "pending-acceptance", pcx_id) - changed = True - return (changed, peering_conn["VpcPeeringConnection"]) - except botocore.exceptions.ClientError as e: - module.fail_json(msg=str(e)) + ) + if is_active(peering_connection): + return (changed, peering_connection) -def remove_peer_connection(client, module): - pcx_id = module.params.get("peering_id") - if pcx_id: - peering_conn = get_peering_connection_by_id(pcx_id, client, module) + if is_pending(peering_connection): + return (changed, peering_connection) + + if module.params.get("tags"): + params["TagSpecifications"] = boto3_tag_specifications(module.params["tags"], types="vpc-peering-connection") + + if module.check_mode: + return (True, {"VpcPeeringConnectionId": ""}) + + peering_connection = create_vpc_peering_connection(client, **params) + if module.params.get("wait"): + wait_for_state(client, module, "pending-acceptance", peering_connection["VpcPeeringConnectionId"]) + changed = True + return (changed, peering_connection) + + +def delete_peering_connection(client, module: AnsibleAWSModule) -> NoReturn: + peering_id = module.params.get("peering_id") + if peering_id: + peering_connection = get_peering_connection_by_id(client, module, peering_id) else: - params = dict() + params: Dict = {} params["VpcId"] = module.params.get("vpc_id") params["PeerVpcId"] = module.params.get("peer_vpc_id") params["PeerRegion"] = module.params.get("peer_region") + if module.params.get("peer_owner_id"): - params["PeerOwnerId"] = str(module.params.get("peer_owner_id")) - peering_conn = describe_peering_connections(params, client)["VpcPeeringConnections"][0] + params["PeerOwnerId"] = module.params["peer_owner_id"] + + peering_connection = describe_peering_connections(client, module, params)[0] - if not peering_conn: + if not peering_connection: module.exit_json(changed=False) else: - pcx_id = pcx_id or peering_conn["VpcPeeringConnectionId"] + peering_id = peering_id or peering_connection["VpcPeeringConnectionId"] + + if is_deleted(peering_connection): + module.exit_json(msg="Connection in deleted state.", changed=False, peering_id=peering_id) - if peering_conn["Status"]["Code"] == "deleted": - module.exit_json(msg="Connection in deleted state.", changed=False, peering_id=pcx_id) - if peering_conn["Status"]["Code"] == "rejected": + if is_rejected(peering_connection): module.exit_json( msg="Connection has been rejected. State cannot be changed and will be removed automatically by AWS", changed=False, - peering_id=pcx_id, + peering_id=peering_id, ) - try: - params = dict() - params["VpcPeeringConnectionId"] = pcx_id - client.delete_vpc_peering_connection(aws_retry=True, **params) + if not module.check_mode: + delete_vpc_peering_connection(client, peering_id) if module.params.get("wait"): - wait_for_state(client, module, "deleted", pcx_id) - module.exit_json(changed=True, peering_id=pcx_id) - except botocore.exceptions.ClientError as e: - module.fail_json(msg=str(e)) + wait_for_state(client, module, "deleted", peering_id) + + module.exit_json(changed=True, peering_id=peering_id) -def get_peering_connection_by_id(peering_id, client, module): - params = dict() - params["VpcPeeringConnectionIds"] = [peering_id] +def get_peering_connection_by_id(client, module: AnsibleAWSModule, peering_id: str) -> Dict[str, Any]: + filters: Dict = {} + filters["VpcPeeringConnectionIds"] = [peering_id] + try: - vpc_peering_connection = client.describe_vpc_peering_connections(aws_retry=True, **params) - return vpc_peering_connection["VpcPeeringConnections"][0] + result = describe_vpc_peering_connections(client, VpcPeeringConnectionIds=[peering_id]) + return result[0] except is_boto3_error_code("InvalidVpcPeeringConnectionId.Malformed") as e: module.fail_json_aws(e, msg="Malformed connection ID") - except ( - botocore.exceptions.ClientError, - botocore.exceptions.BotoCoreError, - ) as e: # pylint: disable=duplicate-except - module.fail_json_aws(e, msg="Error while describing peering connection by peering_id") -def accept_reject(state, client, module): - changed = False - params = dict() +def accept_reject_peering_connection(client, module: AnsibleAWSModule, state: str) -> Tuple[bool, Dict[str, Any]]: + changed: bool = False + peering_id = module.params.get("peering_id") - params["VpcPeeringConnectionId"] = peering_id - vpc_peering_connection = get_peering_connection_by_id(peering_id, client, module) - peering_status = vpc_peering_connection["Status"]["Code"] + vpc_peering_connection = get_peering_connection_by_id(client, module, peering_id) - if peering_status not in ["active", "rejected"]: - try: + if not (is_active(vpc_peering_connection) or is_rejected(vpc_peering_connection)): + if not module.check_mode: if state == "accept": - client.accept_vpc_peering_connection(aws_retry=True, **params) + changed |= accept_vpc_peering_connection(client, peering_id) target_state = "active" else: - client.reject_vpc_peering_connection(aws_retry=True, **params) + changed |= reject_vpc_peering_connection(client, peering_id) target_state = "rejected" - if module.params.get("tags"): - add_ec2_tags( - client, - module, - peering_id, - module.params.get("tags"), - retry_codes=["InvalidVpcPeeringConnectionID.NotFound"], - ) - changed = True + if module.params.get("wait"): wait_for_state(client, module, target_state, peering_id) - except botocore.exceptions.ClientError as e: - module.fail_json(msg=str(e)) - if ensure_ec2_tags( + + changed = True + + changed |= ensure_ec2_tags( client, module, peering_id, purge_tags=module.params.get("purge_tags"), tags=module.params.get("tags"), - ): - changed = True + ) + + # Reload peering conection info to return latest state/params + vpc_peering_connection = get_peering_connection_by_id(client, module, peering_id) - # Relaod peering conection infos to return latest state/params - vpc_peering_connection = get_peering_connection_by_id(peering_id, client, module) return (changed, vpc_peering_connection) def main(): argument_spec = dict( - vpc_id=dict(), - peer_vpc_id=dict(), - peer_region=dict(), - peering_id=dict(), - peer_owner_id=dict(), + vpc_id=dict(type="str"), + peer_vpc_id=dict(type="str"), + peer_region=dict(type="str"), + peering_id=dict(type="str"), + peer_owner_id=dict(type="str"), tags=dict(required=False, type="dict", aliases=["resource_tags"]), purge_tags=dict(default=True, type="bool"), - state=dict(default="present", choices=["present", "absent", "accept", "reject"]), + state=dict(default="present", type="str", choices=["present", "absent", "accept", "reject"]), wait=dict(default=False, type="bool"), ) required_if = [ @@ -574,29 +580,26 @@ def main(): ("state", "reject", ["peering_id"]), ] - module = AnsibleAWSModule(argument_spec=argument_spec, required_if=required_if) + module = AnsibleAWSModule(argument_spec=argument_spec, supports_check_mode=True, required_if=required_if) state = module.params.get("state") peering_id = module.params.get("peering_id") vpc_id = module.params.get("vpc_id") peer_vpc_id = module.params.get("peer_vpc_id") - try: - client = module.client("ec2", retry_decorator=AWSRetry.jittered_backoff()) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Failed to connect to AWS") + client = module.client("ec2") if state == "present": - (changed, results) = create_peer_connection(client, module) + (changed, results) = create_peering_connection(client, module) elif state == "absent": if not peering_id and (not vpc_id or not peer_vpc_id): module.fail_json( msg="state is absent but one of the following is missing: peering_id or [vpc_id, peer_vpc_id]" ) - remove_peer_connection(client, module) + delete_peering_connection(client, module) else: - (changed, results) = accept_reject(state, client, module) + (changed, results) = accept_reject_peering_connection(client, module, state) formatted_results = camel_dict_to_snake_dict(results) # Turn the resource tags from boto3 into an ansible friendly tag dictionary diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index badc9f8fd80..066211ccbe5 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -6,7 +6,7 @@ DOCUMENTATION = r""" module: ec2_vpc_peering_info -short_description: Retrieves AWS VPC Peering details using AWS methods. +short_description: Retrieves AWS VPC Peering details using AWS methods version_added: 1.0.0 description: - Gets various details related to AWS VPC Peers @@ -25,6 +25,7 @@ default: {} author: - Karen Cheng (@Etherdaemon) + - Alina Buzachis (@alinabuzachis) extends_documentation_fragment: - amazon.aws.common.modules - amazon.aws.region.modules @@ -32,8 +33,7 @@ """ EXAMPLES = r""" -# Simple example of listing all VPC Peers -- name: List all vpc peers +- name: List all EC2 VPC Peering Connections community.aws.ec2_vpc_peering_info: region: ap-southeast-2 register: all_vpc_peers @@ -42,19 +42,19 @@ ansible.builtin.debug: msg: "{{ all_vpc_peers.result }}" -- name: Get details on specific VPC peer +- name: Get details on specific EC2 VPC Peering Connection community.aws.ec2_vpc_peering_info: peer_connection_ids: - - pcx-12345678 - - pcx-87654321 - region: ap-southeast-2 + - "pcx-12345678" + - "pcx-87654321" + region: "ap-southeast-2" register: all_vpc_peers -- name: Get all vpc peers with specific filters +- name: Get all EC2 VPC Peering Connections with specific filters community.aws.ec2_vpc_peering_info: - region: ap-southeast-2 + region: "ap-southeast-2" filters: - status-code: ['pending-acceptance'] + status-code: ["pending-acceptance"] register: pending_vpc_peers """ @@ -63,32 +63,34 @@ description: Details of the matching VPC peering connections. returned: success type: list + elements: dict contains: accepter_vpc_info: description: Information about the VPC which accepted the connection. returned: success - type: complex + type: dict contains: cidr_block: description: The primary CIDR for the VPC. returned: when connection is in the accepted state. type: str - example: '10.10.10.0/23' + sample: "10.10.10.0/23" cidr_block_set: description: A list of all CIDRs for the VPC. returned: when connection is in the accepted state. - type: complex + type: list + elements: dict contains: cidr_block: description: A CIDR block used by the VPC. returned: success type: str - example: '10.10.10.0/23' + sample: "10.10.10.0/23" owner_id: description: The AWS account that owns the VPC. returned: success type: str - example: 123456789012 + sample: "123456789012" peering_options: description: Additional peering configuration. returned: when connection is in the accepted state. @@ -110,37 +112,38 @@ description: The AWS region that the VPC is in. returned: success type: str - example: us-east-1 + sample: "us-east-1" vpc_id: description: The ID of the VPC returned: success type: str - example: vpc-0123456789abcdef0 + sample: "vpc-0123456789abcdef0" requester_vpc_info: description: Information about the VPC which requested the connection. returned: success - type: complex + type: dict contains: cidr_block: description: The primary CIDR for the VPC. returned: when connection is not in the deleted state. type: str - example: '10.10.10.0/23' + sample: "10.10.10.0/23" cidr_block_set: description: A list of all CIDRs for the VPC. returned: when connection is not in the deleted state. - type: complex + type: list + elements: dict contains: cidr_block: description: A CIDR block used by the VPC returned: success type: str - example: '10.10.10.0/23' + sample: "10.10.10.0/23" owner_id: description: The AWS account that owns the VPC. returned: success type: str - example: 123456789012 + sample: "123456789012" peering_options: description: Additional peering configuration. returned: when connection is not in the deleted state. @@ -162,27 +165,27 @@ description: The AWS region that the VPC is in. returned: success type: str - example: us-east-1 + sample: "us-east-1" vpc_id: description: The ID of the VPC returned: success type: str - example: vpc-0123456789abcdef0 + sample: "vpc-0123456789abcdef0" status: description: Details of the current status of the connection. returned: success - type: complex + type: dict contains: code: description: A short code describing the status of the connection. returned: success type: str - example: active + sample: "active" message: description: Additional information about the status of the connection. returned: success type: str - example: Pending Acceptance by 123456789012 + sample: "Pending Acceptance by 123456789012" tags: description: Tags applied to the connection. returned: success @@ -191,41 +194,171 @@ description: The ID of the VPC peering connection. returned: success type: str - example: "pcx-0123456789abcdef0" + sample: "pcx-0123456789abcdef0" result: description: The result of the describe. returned: success type: list + elements: dict + contains: + accepter_vpc_info: + description: Information about the VPC which accepted the connection. + returned: success + type: dict + contains: + cidr_block: + description: The primary CIDR for the VPC. + returned: when connection is in the accepted state. + type: str + sample: "10.10.10.0/23" + cidr_block_set: + description: A list of all CIDRs for the VPC. + returned: when connection is in the accepted state. + type: list + elements: dict + contains: + cidr_block: + description: A CIDR block used by the VPC. + returned: success + type: str + sample: "10.10.10.0/23" + owner_id: + description: The AWS account that owns the VPC. + returned: success + type: str + sample: "123456789012" + peering_options: + description: Additional peering configuration. + returned: when connection is in the accepted state. + type: dict + contains: + allow_dns_resolution_from_remote_vpc: + description: Indicates whether a VPC can resolve public DNS hostnames to private IP addresses when queried from instances in a peer VPC. + returned: success + type: bool + allow_egress_from_local_classic_link_to_remote_vpc: + description: Indicates whether a local ClassicLink connection can communicate with the peer VPC over the VPC peering connection. + returned: success + type: bool + allow_egress_from_local_vpc_to_remote_classic_link: + description: Indicates whether a local VPC can communicate with a ClassicLink connection in the peer VPC over the VPC peering connection. + returned: success + type: bool + region: + description: The AWS region that the VPC is in. + returned: success + type: str + sample: "us-east-1" + vpc_id: + description: The ID of the VPC + returned: success + type: str + sample: "vpc-0123456789abcdef0" + requester_vpc_info: + description: Information about the VPC which requested the connection. + returned: success + type: dict + contains: + cidr_block: + description: The primary CIDR for the VPC. + returned: when connection is not in the deleted state. + type: str + sample: "10.10.10.0/23" + cidr_block_set: + description: A list of all CIDRs for the VPC. + returned: when connection is not in the deleted state. + type: list + elements: dict + contains: + cidr_block: + description: A CIDR block used by the VPC + returned: success + type: str + sample: "10.10.10.0/23" + owner_id: + description: The AWS account that owns the VPC. + returned: success + type: str + sample: "123456789012" + peering_options: + description: Additional peering configuration. + returned: when connection is not in the deleted state. + type: dict + contains: + allow_dns_resolution_from_remote_vpc: + description: Indicates whether a VPC can resolve public DNS hostnames to private IP addresses when queried from instances in a peer VPC. + returned: success + type: bool + allow_egress_from_local_classic_link_to_remote_vpc: + description: Indicates whether a local ClassicLink connection can communicate with the peer VPC over the VPC peering connection. + returned: success + type: bool + allow_egress_from_local_vpc_to_remote_classic_link: + description: Indicates whether a local VPC can communicate with a ClassicLink connection in the peer VPC over the VPC peering connection. + returned: success + type: bool + region: + description: The AWS region that the VPC is in. + returned: success + type: str + sample: "us-east-1" + vpc_id: + description: The ID of the VPC + returned: success + type: str + sample: "vpc-0123456789abcdef0" + status: + description: Details of the current status of the connection. + returned: success + type: dict + contains: + code: + description: A short code describing the status of the connection. + returned: success + type: str + sample: "active" + message: + description: Additional information about the status of the connection. + returned: success + type: str + sample: "Pending Acceptance by 123456789012" + tags: + description: Tags applied to the connection. + returned: success + type: dict + vpc_peering_connection_id: + description: The ID of the VPC peering connection. + returned: success + type: str + sample: "pcx-0123456789abcdef0" """ -try: - import botocore -except ImportError: - pass # Handled by AnsibleAWSModule + +from typing import Any +from typing import Dict +from typing import List from ansible.module_utils.common.dict_transformations import camel_dict_to_snake_dict from ansible_collections.amazon.aws.plugins.module_utils.botocore import normalize_boto3_result -from ansible_collections.amazon.aws.plugins.module_utils.retries import AWSRetry +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import describe_vpc_peering_connections from ansible_collections.amazon.aws.plugins.module_utils.tagging import boto3_tag_list_to_ansible_dict from ansible_collections.amazon.aws.plugins.module_utils.transformation import ansible_dict_to_boto3_filter_list from ansible_collections.community.aws.plugins.module_utils.modules import AnsibleCommunityAWSModule as AnsibleAWSModule -def get_vpc_peers(client, module): - params = dict() +def get_vpc_peers(client, module: AnsibleAWSModule) -> List[Dict[str, Any]]: + params: Dict = {} params["Filters"] = ansible_dict_to_boto3_filter_list(module.params.get("filters")) + if module.params.get("peer_connection_ids"): params["VpcPeeringConnectionIds"] = module.params.get("peer_connection_ids") - try: - result = client.describe_vpc_peering_connections(aws_retry=True, **params) - result = normalize_boto3_result(result) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Failed to describe peering connections") - return result["VpcPeeringConnections"] + result = describe_vpc_peering_connections(client, **params) + + return normalize_boto3_result(result) def main(): @@ -239,13 +372,10 @@ def main(): supports_check_mode=True, ) - try: - ec2 = module.client("ec2", retry_decorator=AWSRetry.jittered_backoff()) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Failed to connect to AWS") + client = module.client("ec2") # Turn the boto3 result in to ansible friendly_snaked_names - results = [camel_dict_to_snake_dict(peer) for peer in get_vpc_peers(ec2, module)] + results = [camel_dict_to_snake_dict(peer) for peer in get_vpc_peers(client, module)] # Turn the boto3 result in to ansible friendly tag dictionary for peer in results: diff --git a/tests/integration/targets/ec2_vpc_peer/tasks/main.yml b/tests/integration/targets/ec2_vpc_peer/tasks/main.yml index b39b69b74b0..859e482b319 100644 --- a/tests/integration/targets/ec2_vpc_peer/tasks/main.yml +++ b/tests/integration/targets/ec2_vpc_peer/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: ec2_vpc_igw tests +- name: EC2 VPC Peering Connection integration tests collections: - amazon.aws module_defaults: @@ -9,27 +9,29 @@ session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" block: - - name: get ARN of calling user + - name: Get ARN of calling user aws_caller_info: register: aws_caller_info + - name: Store Account ID for later use - set_fact: + ansible.builtin.set_fact: account_id: '{{ aws_caller_info.account }}' # ============================================================ - - name: Fetch Peers in check_mode - ec2_vpc_peering_info: + - name: Fetch EC2 VPC Peering Connections in check_mode + community.aws.ec2_vpc_peering_info: register: peers_info check_mode: True + - name: Assert success - assert: + ansible.builtin.assert: that: - peers_info is successful - '"result" in peers_info' # ============================================================ - - name: create VPC 1 - ec2_vpc_net: + - name: Create VPC 1 + amazon.aws.ec2_vpc_net: name: "{{ vpc_1_name }}" state: present cidr_block: "{{ vpc_1_cidr }}" @@ -37,13 +39,14 @@ Name: "{{ vpc_1_name }}" TestPrefex: "{{ resource_prefix }}" register: vpc_1_result + - name: Assert success - assert: + ansible.builtin.assert: that: - vpc_1_result is successful - - name: create VPC 2 - ec2_vpc_net: + - name: Create VPC 2 + amazon.aws.ec2_vpc_net: name: "{{ vpc_2_name }}" state: present cidr_block: "{{ vpc_2_cidr }}" @@ -51,8 +54,9 @@ Name: "{{ vpc_2_name }}" TestPrefex: "{{ resource_prefix }}" register: vpc_2_result + - name: Assert success - assert: + ansible.builtin.assert: that: - vpc_2_result is successful @@ -62,20 +66,35 @@ vpc_2: '{{ vpc_2_result.vpc.id }}' - name: Set a name to use with the connections - set_fact: + ansible.builtin.set_fact: connection_name: 'Peering connection for VPC {{ vpc_1 }} to VPC {{ vpc_2 }}' - - name: Create local account VPC peering Connection request - ec2_vpc_peer: + - name: Create local account EC2 VPC Peering Connection request (check_mode) + community.aws.ec2_vpc_peer: vpc_id: '{{ vpc_1 }}' peer_vpc_id: '{{ vpc_2 }}' state: present tags: Name: '{{ connection_name }}' + check_mode: true register: vpc_peer - name: Assert success - assert: + ansible.builtin.assert: + that: + - vpc_peer is changed + + - name: Create local account EC2 VPC Peering Connection request + community.aws.ec2_vpc_peer: + vpc_id: '{{ vpc_1 }}' + peer_vpc_id: '{{ vpc_2 }}' + state: present + tags: + Name: '{{ connection_name }}' + register: vpc_peer + + - name: Assert success + ansible.builtin.assert: that: - vpc_peer is changed - vpc_peer is successful @@ -84,48 +103,79 @@ - vpc_peer.peering_id.startswith('pcx-') - name: Store Connection ID - set_fact: + ansible.builtin.set_fact: peer_id_1: '{{ vpc_peer.peering_id }}' - - name: (re-) Create local account VPC peering Connection request (idempotency) - ec2_vpc_peer: + - name: Re-create local account EC2 VPC Peering Connection request (idempotency check_mode) + community.aws.ec2_vpc_peer: vpc_id: '{{ vpc_1 }}' peer_vpc_id: '{{ vpc_2 }}' state: present tags: Name: '{{ connection_name }}' + check_mode: true register: vpc_peer - name: Assert success - assert: + ansible.builtin.assert: + that: + - vpc_peer is not changed + + - name: Re-create local account EC2 VPC Peering Connection request (idempotency) + community.aws.ec2_vpc_peer: + vpc_id: '{{ vpc_1 }}' + peer_vpc_id: '{{ vpc_2 }}' + state: present + tags: + Name: '{{ connection_name }}' + register: vpc_peer + + - name: Assert success + ansible.builtin.assert: that: - vpc_peer is not changed - vpc_peer is successful - vpc_peer.peering_id == peer_id_1 - - name: (re-) Create local account VPC peering Connection request with accepter/requester reversed (idempotency) - ec2_vpc_peer: + - name: Create local account EC2 VPC Peering Connection request with accepter/requester reversed (idempotency check_mode) + community.aws.ec2_vpc_peer: vpc_id: '{{ vpc_2 }}' peer_vpc_id: '{{ vpc_1 }}' state: present tags: Name: '{{ connection_name }}' + check_mode: true register: vpc_peer - name: Assert success - assert: + ansible.builtin.assert: + that: + - vpc_peer is not changed + + - name: Create local account EC2 VPC Peering Connection request with accepter/requester reversed (idempotency) + community.aws.ec2_vpc_peer: + vpc_id: '{{ vpc_2 }}' + peer_vpc_id: '{{ vpc_1 }}' + state: present + tags: + Name: '{{ connection_name }}' + register: vpc_peer + + - name: Assert success + ansible.builtin.assert: that: - vpc_peer is not changed - vpc_peer is successful - vpc_peer.peering_id == peer_id_1 - - name: Get details on specific VPC peer - ec2_vpc_peering_info: + - name: Get details on specific EC2 VPC Peering Connection + community.aws.ec2_vpc_peering_info: peer_connection_ids: - '{{ peer_id_1 }}' register: peer_info + - name: Assert expected values - assert: + ansible.builtin.assert: that: - peer_info is successful - "'vpc_peering_connections' in peer_info" @@ -170,13 +220,14 @@ acceptor_details: '{{ peer_details["accepter_vpc_info"] }}' requester_details: '{{ peer_details["requester_vpc_info"] }}' - - name: Get all vpc peers with specific filters - ec2_vpc_peering_info: + - name: Get all EC2 VPC Peering Connections with specific filters + community.aws.ec2_vpc_peering_info: filters: status-code: ['pending-acceptance'] register: pending_vpc_peers + - name: Assert expected values - assert: + ansible.builtin.assert: that: # Not guaranteed to just be us, only assert the shape - pending_vpc_peers is successful @@ -210,8 +261,24 @@ acceptor_details: '{{ peer_details["accepter_vpc_info"] }}' requester_details: '{{ peer_details["requester_vpc_info"] }}' - - name: Update tags on the VPC Peering Connection - ec2_vpc_peer: + - name: Update tags on the EC2 VPC Peering Connection (check_mode) + community.aws.ec2_vpc_peer: + vpc_id: '{{ vpc_1 }}' + peer_vpc_id: '{{ vpc_2 }}' + state: present + tags: + Name: '{{ connection_name }}' + testPrefix: '{{ resource_prefix }}' + check_mode: true + register: tag_peer + + - name: Assert success + ansible.builtin.assert: + that: + - tag_peer is changed + + - name: Update tags on the EC2 VPC Peering Connection + community.aws.ec2_vpc_peer: vpc_id: '{{ vpc_1 }}' peer_vpc_id: '{{ vpc_2 }}' state: present @@ -219,36 +286,55 @@ Name: '{{ connection_name }}' testPrefix: '{{ resource_prefix }}' register: tag_peer + - name: Assert success - assert: + ansible.builtin.assert: that: - tag_peer is changed - tag_peer is successful - tag_peer.peering_id == peer_id_1 - - name: (re-) Update tags on the VPC Peering Connection (idempotency) - ec2_vpc_peer: + - name: Update tags on the EC2 VPC Peering Connection (idempotency check_mode) + community.aws.ec2_vpc_peer: vpc_id: '{{ vpc_1 }}' peer_vpc_id: '{{ vpc_2 }}' state: present tags: Name: '{{ connection_name }}' testPrefix: '{{ resource_prefix }}' + check_mode: true register: tag_peer + - name: Assert success - assert: + ansible.builtin.assert: + that: + - tag_peer is not changed + + - name: Update tags on the EC2 VPC Peering Connection (idempotency) + community.aws.ec2_vpc_peer: + vpc_id: '{{ vpc_1 }}' + peer_vpc_id: '{{ vpc_2 }}' + state: present + tags: + Name: '{{ connection_name }}' + testPrefix: '{{ resource_prefix }}' + register: tag_peer + + - name: Assert success + ansible.builtin.assert: that: - tag_peer is not changed - tag_peer is successful - tag_peer.peering_id == peer_id_1 - - name: Get details on specific VPC peer - ec2_vpc_peering_info: + - name: Get details on specific EC2 VPC Peering Connection + community.aws.ec2_vpc_peering_info: peer_connection_ids: - '{{ peer_id_1 }}' register: peer_info + - name: Assert expected tags - assert: + ansible.builtin.assert: that: - peer_info is successful - "'tags' in peer_details" @@ -259,14 +345,28 @@ vars: peer_details: '{{ peer_info.vpc_peering_connections[0] }}' - - name: Accept local VPC peering request - ec2_vpc_peer: + - name: Accept local EC2 VPC Peering request (check_mode) + community.aws.ec2_vpc_peer: peering_id: "{{ vpc_peer.peering_id }}" state: accept - wait: True + wait: true + check_mode: true + register: action_peer + + - name: Assert success + ansible.builtin.assert: + that: + - action_peer is changed + + - name: Accept local EC2 VPC Peering request + community.aws.ec2_vpc_peer: + peering_id: "{{ vpc_peer.peering_id }}" + state: accept + wait: true register: action_peer + - name: Assert success - assert: + ansible.builtin.assert: that: - action_peer is changed - action_peer is successful @@ -274,13 +374,14 @@ - action_peer.vpc_peering_connection.accepter_vpc_info.cidr_block == vpc_2_cidr - action_peer.vpc_peering_connection.vpc_peering_connection_id == peer_id_1 - - name: Get details on specific VPC peer - ec2_vpc_peering_info: + - name: Get details on specific EC2 VPC Peering Connection + community.aws.ec2_vpc_peering_info: peer_connection_ids: - '{{ peer_id_1 }}' register: peer_info + - name: Assert expected values - assert: + ansible.builtin.assert: that: - peer_info is successful - "'vpc_peering_connections' in peer_info" @@ -331,38 +432,65 @@ acceptor_details: '{{ peer_details["accepter_vpc_info"] }}' requester_details: '{{ peer_details["requester_vpc_info"] }}' - - name: (re-) Accept local VPC peering request (idempotency) - ec2_vpc_peer: + - name: Accept local EC2 VPC Peering request (idempotency check_mode) + community.aws.ec2_vpc_peer: peering_id: "{{ vpc_peer.peering_id }}" state: accept + check_mode: true register: action_peer + - name: Assert success - assert: + ansible.builtin.assert: + that: + - action_peer is not changed + + - name: Accept local EC2 VPC Peering request (idempotency) + community.aws.ec2_vpc_peer: + peering_id: "{{ vpc_peer.peering_id }}" + state: accept + register: action_peer + + - name: Assert success + ansible.builtin.assert: that: - action_peer is not changed - action_peer is successful - action_peer.peering_id == peer_id_1 - action_peer.vpc_peering_connection.vpc_peering_connection_id == peer_id_1 - - name: delete a local VPC peering Connection - ec2_vpc_peer: + - name: Delete a local EC2 VPC Peering Connection (check_mode) + community.aws.ec2_vpc_peer: + peering_id: "{{ vpc_peer.peering_id }}" + state: absent + check_mode: true + register: delete_peer + + - name: Assert success + ansible.builtin.assert: + that: + - delete_peer is changed + + - name: Delete a local EC2 VPC Peering Connection + community.aws.ec2_vpc_peer: peering_id: "{{ vpc_peer.peering_id }}" state: absent register: delete_peer + - name: Assert success - assert: + ansible.builtin.assert: that: - delete_peer is changed - delete_peer is successful - "'peering_id' in delete_peer" - - name: Get details on specific VPC peer - ec2_vpc_peering_info: + - name: Get details on specific EC2 VPC Peering Connection + community.aws.ec2_vpc_peering_info: peer_connection_ids: - '{{ peer_id_1}}' register: peer_info + - name: Assert expected values - assert: + ansible.builtin.assert: that: - peer_info is successful - "'vpc_peering_connections' in peer_info" @@ -405,27 +533,41 @@ acceptor_details: '{{ peer_details["accepter_vpc_info"] }}' requester_details: '{{ peer_details["requester_vpc_info"] }}' - - name: (re-) delete a local VPC peering Connection (idempotency) - ec2_vpc_peer: + - name: Delete a local EC2 VPC Peering Connection (idempotency check_mode) + community.aws.ec2_vpc_peer: + peering_id: "{{ vpc_peer.peering_id }}" + state: absent + check_mode: true + register: delete_peer + + - name: Assert success + ansible.builtin.assert: + that: + - delete_peer is not changed + + - name: Delete a local EC2 VPC Peering Connection (idempotency) + community.aws.ec2_vpc_peer: peering_id: "{{ vpc_peer.peering_id }}" state: absent register: delete_peer + - name: Assert success - assert: + ansible.builtin.assert: that: - delete_peer is not changed - delete_peer is successful - - name: Create local account VPC peering Connection - ec2_vpc_peer: + - name: Create local account EC2 VPC Peering Connection + community.aws.ec2_vpc_peer: vpc_id: '{{ vpc_1 }}' peer_vpc_id: '{{ vpc_2 }}' state: present tags: Name: 'Peering connection for VPC {{ vpc_1 }} to VPC {{ vpc_2 }}' register: vpc_peer2 + - name: Assert success - assert: + ansible.builtin.assert: that: - vpc_peer2 is changed - vpc_peer2 is successful @@ -433,50 +575,53 @@ - vpc_peer2.peering_id.startswith('pcx-') - name: Store Connection ID - set_fact: + ansible.builtin.set_fact: peer_id_2: '{{ vpc_peer2.peering_id }}' - - name: reject a local VPC peering Connection - ec2_vpc_peer: + - name: Reject a local EC2 VPC Peering Connection + community.aws.ec2_vpc_peer: peering_id: "{{ vpc_peer2.peering_id }}" state: reject wait: True register: reject_peer + - name: Assert success - assert: + ansible.builtin.assert: that: - reject_peer is changed - reject_peer is successful - reject_peer.peering_id == peer_id_2 - - name: (re-) reject a local VPC peering Connection - ec2_vpc_peer: + - name: Reject a local EC2 VPC Peering Connection (idempotency) + community.aws.ec2_vpc_peer: peering_id: "{{ vpc_peer2.peering_id }}" state: reject register: reject_peer + - name: Assert success - assert: + ansible.builtin.assert: that: - reject_peer is not changed - reject_peer is successful - reject_peer.peering_id == peer_id_2 - reject_peer.vpc_peering_connection.vpc_peering_connection_id == peer_id_2 - - name: delete a local VPC peering Connection - ec2_vpc_peer: + - name: Delete a local EC2 VPC Peering Connections + community.aws.ec2_vpc_peer: peering_id: "{{ vpc_peer2.peering_id }}" state: absent register: delete_peer + - name: Assert success - assert: + ansible.builtin.assert: that: - delete_peer is not changed - delete_peer is successful always: - - name: Find all VPC Peering connections for our VPCs - ec2_vpc_peering_info: + - name: Find all EC2 VPC Peering Connections for our VPCs + community.aws.ec2_vpc_peering_info: filters: accepter-vpc-info.vpc-id: '{{ item }}' register: peering_info @@ -484,7 +629,7 @@ - '{{ vpc_1 }}' - '{{ vpc_2 }}' - - set_fact: + - ansible.builtin.set_fact: vpc_peering_connection_ids: '{{ _vpc_peering_connections | map(attribute="vpc_peering_connection_id") | list }}' vars: _vpc_peering_connections: '{{ peering_info.results | map(attribute="vpc_peering_connections") | flatten }}' @@ -492,23 +637,19 @@ # ============================================================ - - name: Delete remaining Peering connections - ec2_vpc_peer: + - name: Delete remaining EC2 VPC Peering Connections + community.aws.ec2_vpc_peer: peering_id: "{{ item }}" state: absent ignore_errors: True loop: '{{ vpc_peering_connection_ids }}' - - name: tidy up VPC 2 - ec2_vpc_net: - name: "{{ vpc_2_name }}" + - name: Tidy up VPCs + amazon.aws.ec2_vpc_net: + name: "{{ item.name }}" state: absent - cidr_block: "{{ vpc_2_cidr }}" - ignore_errors: true - - - name: tidy up VPC 1 - ec2_vpc_net: - name: "{{ vpc_1_name }}" - state: absent - cidr_block: "{{ vpc_1_cidr }}" + cidr_block: "{{ item.cidr }}" ignore_errors: true + loop: + - { name: "{{ vpc_2_name }}", cidr: "{{ vpc_2_cidr }}"} + - { name: "{{ vpc_1_name }}", cidr: "{{ vpc_1_cidr }}"} From e4139b1d3b21e4abce49923e7f6040b1d2530755 Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Wed, 16 Oct 2024 13:45:41 +0200 Subject: [PATCH 41/47] Update runtime --- meta/runtime.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/meta/runtime.yml b/meta/runtime.yml index b62a89aae8d..f1565f36d19 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -66,6 +66,8 @@ action_groups: - ec2_vpc_nat_gateway_info - ec2_vpc_net - ec2_vpc_net_info + - ec2_vpc_peer + - ec2_vpc_peering_info - ec2_vpc_route_table - ec2_vpc_route_table_info - ec2_vpc_subnet @@ -164,14 +166,14 @@ plugin_routing: rds_param_group: redirect: amazon.aws.rds_instance_param_group deprecation: - removal_version: 10.0.0 - warning_text: >- - rds_param_group has been renamed to rds_instance_param_group. - Please update your tasks. + removal_version: 10.0.0 + warning_text: >- + rds_param_group has been renamed to rds_instance_param_group. + Please update your tasks. lookup: aws_ssm: # Deprecation for this alias should not *start* prior to 2024-09-01 redirect: amazon.aws.ssm_parameter aws_secret: # Deprecation for this alias should not *start* prior to 2024-09-01 - redirect: amazon.aws.secretsmanager_secret + redirect: amazon.aws.secretsmanager_secret \ No newline at end of file From d6cf4ae9e18d0a0b77895601a4296c7284cc65eb Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Wed, 16 Oct 2024 13:45:41 +0200 Subject: [PATCH 42/47] Update FQDN --- plugins/modules/ec2_vpc_peer.py | 28 ++++++++++++------------- plugins/modules/ec2_vpc_peering_info.py | 6 +++--- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index 94f4b125219..3375b6c79d2 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -65,7 +65,7 @@ EXAMPLES = r""" # Complete example to create and accept a local peering connection. - name: Create local account EC2 VPC Peering Connection - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: region: "ap-southeast-2" vpc_id: "vpc-12345678" peer_vpc_id: "vpc-87654321" @@ -77,7 +77,7 @@ register: vpc_peer - name: Accept local EC2 VPC Peering request - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: region: "ap-southeast-2" peering_id: "{{ vpc_peer.peering_id }}" state: "accept" @@ -85,7 +85,7 @@ # Complete example to delete a local peering connection. - name: Create local account EC2 VPC Peering Connection - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: region: "ap-southeast-2" vpc_id: "vpc-12345678" peer_vpc_id: "vpc-87654321" @@ -97,7 +97,7 @@ register: vpc_peer - name: Delete a local EC2 VPC Peering Connection - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: region: "ap-southeast-2" peering_id: "{{ vpc_peer.peering_id }}" state: "absent" @@ -105,7 +105,7 @@ # Complete example to create and accept a cross account peering connection. - name: Create cross account EC2 VPC Peering Connection - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: region: "ap-southeast-2" vpc_id: "vpc-12345678" peer_vpc_id: "vpc-12345678" @@ -118,7 +118,7 @@ register: vpc_peer - name: Accept EC2 VPC Peering Connection from remote account - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: region: "ap-southeast-2" peering_id: "{{ vpc_peer.peering_id }}" profile: "bot03_profile_for_cross_account" @@ -127,7 +127,7 @@ # Complete example to create and accept an intra-region peering connection. - name: Create intra-region EC2 VPC Peering Connection - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: region: "us-east-1" vpc_id: "vpc-12345678" peer_vpc_id: "vpc-87654321" @@ -140,7 +140,7 @@ register: vpc_peer - name: Accept EC2 VPC Peering Connection from peer region - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: region: "us-west-2" peering_id: "{{ vpc_peer.peering_id }}" state: "accept" @@ -148,7 +148,7 @@ # Complete example to create and reject a local peering connection. - name: Create local account EC2 VPC Peering Connection - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: region: "ap-southeast-2" vpc_id: "vpc-12345678" peer_vpc_id: "vpc-87654321" @@ -160,14 +160,14 @@ register: vpc_peer - name: Reject a local EC2 VPC Peering Connection - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: region: "ap-southeast-2" peering_id: "{{ vpc_peer.peering_id }}" state: "reject" # Complete example to create and accept a cross account peering connection. - name: Create cross account EC2 VPC Peering Connection - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: region: "ap-southeast-2" vpc_id: "vpc-12345678" peer_vpc_id: "vpc-12345678" @@ -180,7 +180,7 @@ register: vpc_peer - name: Accept a cross account EC2 VPC Peering Connection request - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: region: "ap-southeast-2" peering_id: "{{ vpc_peer.peering_id }}" profile: "bot03_profile_for_cross_account" @@ -192,7 +192,7 @@ # Complete example to create and reject a cross account peering connection. - name: Create cross account EC2 VPC Peering Connection - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: region: "ap-southeast-2" vpc_id: "vpc-12345678" peer_vpc_id: "vpc-12345678" @@ -205,7 +205,7 @@ register: vpc_peer - name: Reject a cross account EC2 VPC Peering Connection - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: region: "ap-southeast-2" peering_id: "{{ vpc_peer.peering_id }}" profile: "bot03_profile_for_cross_account" diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index 066211ccbe5..34c231b53a6 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -34,7 +34,7 @@ EXAMPLES = r""" - name: List all EC2 VPC Peering Connections - community.aws.ec2_vpc_peering_info: + amazon.aws.ec2_vpc_peering_info: region: ap-southeast-2 register: all_vpc_peers @@ -43,7 +43,7 @@ msg: "{{ all_vpc_peers.result }}" - name: Get details on specific EC2 VPC Peering Connection - community.aws.ec2_vpc_peering_info: + amazon.aws.ec2_vpc_peering_info: peer_connection_ids: - "pcx-12345678" - "pcx-87654321" @@ -51,7 +51,7 @@ register: all_vpc_peers - name: Get all EC2 VPC Peering Connections with specific filters - community.aws.ec2_vpc_peering_info: + amazon.aws.ec2_vpc_peering_info: region: "ap-southeast-2" filters: status-code: ["pending-acceptance"] From a4c04f53b44b4163a34c0f7e72bad92e40aaae39 Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Wed, 16 Oct 2024 13:45:41 +0200 Subject: [PATCH 43/47] Update AnsibleAWSModule import path --- plugins/modules/ec2_vpc_peer.py | 2 +- plugins/modules/ec2_vpc_peering_info.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index 3375b6c79d2..d7eed64e17d 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -382,7 +382,7 @@ from ansible_collections.amazon.aws.plugins.module_utils.tagging import boto3_tag_specifications from ansible_collections.amazon.aws.plugins.module_utils.transformation import ansible_dict_to_boto3_filter_list -from ansible_collections.community.aws.plugins.module_utils.modules import AnsibleCommunityAWSModule as AnsibleAWSModule +from ansible_collections.amazon.aws.plugins.module_utils.modules import AnsibleAWSModule def wait_for_state(client, module: AnsibleAWSModule, state: str, peering_id: str) -> NoReturn: diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index 34c231b53a6..3671810226b 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -346,7 +346,7 @@ from ansible_collections.amazon.aws.plugins.module_utils.tagging import boto3_tag_list_to_ansible_dict from ansible_collections.amazon.aws.plugins.module_utils.transformation import ansible_dict_to_boto3_filter_list -from ansible_collections.community.aws.plugins.module_utils.modules import AnsibleCommunityAWSModule as AnsibleAWSModule +from ansible_collections.amazon.aws.plugins.module_utils.modules import AnsibleAWSModule def get_vpc_peers(client, module: AnsibleAWSModule) -> List[Dict[str, Any]]: From 52949caff86a805f1319eb94e68caaf474b50590 Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Wed, 16 Oct 2024 13:45:41 +0200 Subject: [PATCH 44/47] Remove collection reference inside the tests --- .../targets/ec2_vpc_peer/defaults/main.yml | 5 +- .../targets/ec2_vpc_peer/tasks/main.yml | 494 +++++++++--------- 2 files changed, 250 insertions(+), 249 deletions(-) diff --git a/tests/integration/targets/ec2_vpc_peer/defaults/main.yml b/tests/integration/targets/ec2_vpc_peer/defaults/main.yml index 0ff34455b45..99698043b5e 100644 --- a/tests/integration/targets/ec2_vpc_peer/defaults/main.yml +++ b/tests/integration/targets/ec2_vpc_peer/defaults/main.yml @@ -1,6 +1,5 @@ ---- vpc_seed: '{{ resource_prefix }}' vpc_1_name: '{{ resource_prefix }}-vpc-1' -vpc_1_cidr: '10.{{ 256 | random(seed=vpc_seed) }}.0.0/23' +vpc_1_cidr: 10.{{ 256 | random(seed=vpc_seed) }}.0.0/23 vpc_2_name: '{{ resource_prefix }}-vpc-1' -vpc_2_cidr: '10.{{ 256 | random(seed=vpc_seed) }}.2.0/23' +vpc_2_cidr: 10.{{ 256 | random(seed=vpc_seed) }}.2.0/23 diff --git a/tests/integration/targets/ec2_vpc_peer/tasks/main.yml b/tests/integration/targets/ec2_vpc_peer/tasks/main.yml index 859e482b319..864b5143975 100644 --- a/tests/integration/targets/ec2_vpc_peer/tasks/main.yml +++ b/tests/integration/targets/ec2_vpc_peer/tasks/main.yml @@ -1,13 +1,10 @@ ---- - name: EC2 VPC Peering Connection integration tests - collections: - - amazon.aws module_defaults: group/aws: - access_key: "{{ aws_access_key }}" - secret_key: "{{ aws_secret_key }}" - session_token: "{{ security_token | default(omit) }}" - region: "{{ aws_region }}" + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' + region: '{{ aws_region }}' block: - name: Get ARN of calling user aws_caller_info: @@ -21,44 +18,44 @@ - name: Fetch EC2 VPC Peering Connections in check_mode community.aws.ec2_vpc_peering_info: register: peers_info - check_mode: True + check_mode: true - name: Assert success ansible.builtin.assert: that: - - peers_info is successful - - '"result" in peers_info' + - peers_info is successful + - '"result" in peers_info' # ============================================================ - name: Create VPC 1 amazon.aws.ec2_vpc_net: - name: "{{ vpc_1_name }}" + name: '{{ vpc_1_name }}' state: present - cidr_block: "{{ vpc_1_cidr }}" + cidr_block: '{{ vpc_1_cidr }}' tags: - Name: "{{ vpc_1_name }}" - TestPrefex: "{{ resource_prefix }}" + Name: '{{ vpc_1_name }}' + TestPrefex: '{{ resource_prefix }}' register: vpc_1_result - name: Assert success ansible.builtin.assert: that: - - vpc_1_result is successful + - vpc_1_result is successful - name: Create VPC 2 amazon.aws.ec2_vpc_net: - name: "{{ vpc_2_name }}" + name: '{{ vpc_2_name }}' state: present - cidr_block: "{{ vpc_2_cidr }}" + cidr_block: '{{ vpc_2_cidr }}' tags: - Name: "{{ vpc_2_name }}" - TestPrefex: "{{ resource_prefix }}" + Name: '{{ vpc_2_name }}' + TestPrefex: '{{ resource_prefix }}' register: vpc_2_result - name: Assert success ansible.builtin.assert: that: - - vpc_2_result is successful + - vpc_2_result is successful - name: Store VPC IDs set_fact: @@ -67,7 +64,7 @@ - name: Set a name to use with the connections ansible.builtin.set_fact: - connection_name: 'Peering connection for VPC {{ vpc_1 }} to VPC {{ vpc_2 }}' + connection_name: Peering connection for VPC {{ vpc_1 }} to VPC {{ vpc_2 }} - name: Create local account EC2 VPC Peering Connection request (check_mode) community.aws.ec2_vpc_peer: @@ -82,7 +79,7 @@ - name: Assert success ansible.builtin.assert: that: - - vpc_peer is changed + - vpc_peer is changed - name: Create local account EC2 VPC Peering Connection request community.aws.ec2_vpc_peer: @@ -96,17 +93,18 @@ - name: Assert success ansible.builtin.assert: that: - - vpc_peer is changed - - vpc_peer is successful - - "'peering_id' in vpc_peer" - - vpc_peer.vpc_peering_connection.requester_vpc_info.cidr_block == vpc_1_cidr - - vpc_peer.peering_id.startswith('pcx-') + - vpc_peer is changed + - vpc_peer is successful + - "'peering_id' in vpc_peer" + - vpc_peer.vpc_peering_connection.requester_vpc_info.cidr_block == vpc_1_cidr + - vpc_peer.peering_id.startswith('pcx-') - name: Store Connection ID ansible.builtin.set_fact: peer_id_1: '{{ vpc_peer.peering_id }}' - - name: Re-create local account EC2 VPC Peering Connection request (idempotency check_mode) + - name: Re-create local account EC2 VPC Peering Connection request (idempotency + check_mode) community.aws.ec2_vpc_peer: vpc_id: '{{ vpc_1 }}' peer_vpc_id: '{{ vpc_2 }}' @@ -119,7 +117,7 @@ - name: Assert success ansible.builtin.assert: that: - - vpc_peer is not changed + - vpc_peer is not changed - name: Re-create local account EC2 VPC Peering Connection request (idempotency) community.aws.ec2_vpc_peer: @@ -133,11 +131,12 @@ - name: Assert success ansible.builtin.assert: that: - - vpc_peer is not changed - - vpc_peer is successful - - vpc_peer.peering_id == peer_id_1 + - vpc_peer is not changed + - vpc_peer is successful + - vpc_peer.peering_id == peer_id_1 - - name: Create local account EC2 VPC Peering Connection request with accepter/requester reversed (idempotency check_mode) + - name: Create local account EC2 VPC Peering Connection request with accepter/requester + reversed (idempotency check_mode) community.aws.ec2_vpc_peer: vpc_id: '{{ vpc_2 }}' peer_vpc_id: '{{ vpc_1 }}' @@ -150,9 +149,10 @@ - name: Assert success ansible.builtin.assert: that: - - vpc_peer is not changed + - vpc_peer is not changed - - name: Create local account EC2 VPC Peering Connection request with accepter/requester reversed (idempotency) + - name: Create local account EC2 VPC Peering Connection request with accepter/requester + reversed (idempotency) community.aws.ec2_vpc_peer: vpc_id: '{{ vpc_2 }}' peer_vpc_id: '{{ vpc_1 }}' @@ -164,57 +164,57 @@ - name: Assert success ansible.builtin.assert: that: - - vpc_peer is not changed - - vpc_peer is successful - - vpc_peer.peering_id == peer_id_1 + - vpc_peer is not changed + - vpc_peer is successful + - vpc_peer.peering_id == peer_id_1 - name: Get details on specific EC2 VPC Peering Connection community.aws.ec2_vpc_peering_info: peer_connection_ids: - - '{{ peer_id_1 }}' + - '{{ peer_id_1 }}' register: peer_info - name: Assert expected values ansible.builtin.assert: that: - - peer_info is successful - - "'vpc_peering_connections' in peer_info" - - "'result' in peer_info" - - "'accepter_vpc_info' in peer_details" - - "'requester_vpc_info' in peer_details" - - "'status' in peer_details" - - "'code' in peer_details.status" - - peer_details.status.code == "pending-acceptance" - - "'message' in peer_details.status" - - "'tags' in peer_details" - - "'Name' in peer_details.tags" - - peer_details.tags.Name == connection_name - - "'vpc_peering_connection_id' in peer_details" - - peer_details.vpc_peering_connection_id == peer_id_1 + - peer_info is successful + - "'vpc_peering_connections' in peer_info" + - "'result' in peer_info" + - "'accepter_vpc_info' in peer_details" + - "'requester_vpc_info' in peer_details" + - "'status' in peer_details" + - "'code' in peer_details.status" + - peer_details.status.code == "pending-acceptance" + - "'message' in peer_details.status" + - "'tags' in peer_details" + - "'Name' in peer_details.tags" + - peer_details.tags.Name == connection_name + - "'vpc_peering_connection_id' in peer_details" + - peer_details.vpc_peering_connection_id == peer_id_1 # Acceptor info isn't available until the connection has been accepted - - "'cidr_block' not in acceptor_details" - - "'cidr_block_set' not in acceptor_details" - - "'peering_options' not in acceptor_details" - - "'owner_id' in acceptor_details" - - acceptor_details.owner_id == account_id - - "'region' in acceptor_details" - - acceptor_details.region == aws_region - - "'vpc_id' in acceptor_details" - - acceptor_details.vpc_id == vpc_2 + - "'cidr_block' not in acceptor_details" + - "'cidr_block_set' not in acceptor_details" + - "'peering_options' not in acceptor_details" + - "'owner_id' in acceptor_details" + - acceptor_details.owner_id == account_id + - "'region' in acceptor_details" + - acceptor_details.region == aws_region + - "'vpc_id' in acceptor_details" + - acceptor_details.vpc_id == vpc_2 # Information about the 'requesting' VPC - - "'cidr_block' in requester_details" - - requester_details.cidr_block == vpc_1_cidr - - "'cidr_block_set' in requester_details" - - requester_details.cidr_block_set | length == 1 - - "'cidr_block' in requester_details.cidr_block_set[0]" - - requester_details.cidr_block_set[0].cidr_block == vpc_1_cidr - - "'peering_options' in requester_details" - - "'owner_id' in requester_details" - - requester_details.owner_id == account_id - - "'region' in requester_details" - - requester_details.region == aws_region - - "'vpc_id' in requester_details" - - requester_details.vpc_id == vpc_1 + - "'cidr_block' in requester_details" + - requester_details.cidr_block == vpc_1_cidr + - "'cidr_block_set' in requester_details" + - requester_details.cidr_block_set | length == 1 + - "'cidr_block' in requester_details.cidr_block_set[0]" + - requester_details.cidr_block_set[0].cidr_block == vpc_1_cidr + - "'peering_options' in requester_details" + - "'owner_id' in requester_details" + - requester_details.owner_id == account_id + - "'region' in requester_details" + - requester_details.region == aws_region + - "'vpc_id' in requester_details" + - requester_details.vpc_id == vpc_1 vars: peer_details: '{{ peer_info.vpc_peering_connections[0] }}' acceptor_details: '{{ peer_details["accepter_vpc_info"] }}' @@ -223,39 +223,39 @@ - name: Get all EC2 VPC Peering Connections with specific filters community.aws.ec2_vpc_peering_info: filters: - status-code: ['pending-acceptance'] + status-code: [pending-acceptance] register: pending_vpc_peers - name: Assert expected values ansible.builtin.assert: that: # Not guaranteed to just be us, only assert the shape - - pending_vpc_peers is successful - - "'vpc_peering_connections' in peer_info" - - "'result' in peer_info" - - "'accepter_vpc_info' in peer_details" - - "'requester_vpc_info' in peer_details" - - "'status' in peer_details" - - "'code' in peer_details.status" - - peer_details.status.code == "pending-acceptance" - - "'message' in peer_details.status" - - "'tags' in peer_details" - - "'vpc_peering_connection_id' in peer_details" + - pending_vpc_peers is successful + - "'vpc_peering_connections' in peer_info" + - "'result' in peer_info" + - "'accepter_vpc_info' in peer_details" + - "'requester_vpc_info' in peer_details" + - "'status' in peer_details" + - "'code' in peer_details.status" + - peer_details.status.code == "pending-acceptance" + - "'message' in peer_details.status" + - "'tags' in peer_details" + - "'vpc_peering_connection_id' in peer_details" # Acceptor info isn't available until the connection has been accepted - - "'cidr_block' not in acceptor_details" - - "'cidr_block_set' not in acceptor_details" - - "'peering_options' not in acceptor_details" - - "'owner_id' in acceptor_details" - - "'region' in acceptor_details" - - "'vpc_id' in acceptor_details" + - "'cidr_block' not in acceptor_details" + - "'cidr_block_set' not in acceptor_details" + - "'peering_options' not in acceptor_details" + - "'owner_id' in acceptor_details" + - "'region' in acceptor_details" + - "'vpc_id' in acceptor_details" # Information about the 'requesting' VPC - - "'cidr_block' in requester_details" - - "'cidr_block_set' in requester_details" - - "'cidr_block' in requester_details.cidr_block_set[0]" - - "'peering_options' in requester_details" - - "'owner_id' in requester_details" - - "'region' in requester_details" - - "'vpc_id' in requester_details" + - "'cidr_block' in requester_details" + - "'cidr_block_set' in requester_details" + - "'cidr_block' in requester_details.cidr_block_set[0]" + - "'peering_options' in requester_details" + - "'owner_id' in requester_details" + - "'region' in requester_details" + - "'vpc_id' in requester_details" vars: peer_details: '{{ pending_vpc_peers.vpc_peering_connections[0] }}' acceptor_details: '{{ peer_details["accepter_vpc_info"] }}' @@ -275,7 +275,7 @@ - name: Assert success ansible.builtin.assert: that: - - tag_peer is changed + - tag_peer is changed - name: Update tags on the EC2 VPC Peering Connection community.aws.ec2_vpc_peer: @@ -290,9 +290,9 @@ - name: Assert success ansible.builtin.assert: that: - - tag_peer is changed - - tag_peer is successful - - tag_peer.peering_id == peer_id_1 + - tag_peer is changed + - tag_peer is successful + - tag_peer.peering_id == peer_id_1 - name: Update tags on the EC2 VPC Peering Connection (idempotency check_mode) community.aws.ec2_vpc_peer: @@ -308,7 +308,7 @@ - name: Assert success ansible.builtin.assert: that: - - tag_peer is not changed + - tag_peer is not changed - name: Update tags on the EC2 VPC Peering Connection (idempotency) community.aws.ec2_vpc_peer: @@ -323,31 +323,31 @@ - name: Assert success ansible.builtin.assert: that: - - tag_peer is not changed - - tag_peer is successful - - tag_peer.peering_id == peer_id_1 + - tag_peer is not changed + - tag_peer is successful + - tag_peer.peering_id == peer_id_1 - name: Get details on specific EC2 VPC Peering Connection community.aws.ec2_vpc_peering_info: peer_connection_ids: - - '{{ peer_id_1 }}' + - '{{ peer_id_1 }}' register: peer_info - name: Assert expected tags ansible.builtin.assert: that: - - peer_info is successful - - "'tags' in peer_details" - - "'Name' in peer_details.tags" - - "'testPrefix' in peer_details.tags" - - peer_details.tags.Name == connection_name - - peer_details.tags.testPrefix == resource_prefix + - peer_info is successful + - "'tags' in peer_details" + - "'Name' in peer_details.tags" + - "'testPrefix' in peer_details.tags" + - peer_details.tags.Name == connection_name + - peer_details.tags.testPrefix == resource_prefix vars: peer_details: '{{ peer_info.vpc_peering_connections[0] }}' - name: Accept local EC2 VPC Peering request (check_mode) community.aws.ec2_vpc_peer: - peering_id: "{{ vpc_peer.peering_id }}" + peering_id: '{{ vpc_peer.peering_id }}' state: accept wait: true check_mode: true @@ -356,11 +356,11 @@ - name: Assert success ansible.builtin.assert: that: - - action_peer is changed + - action_peer is changed - name: Accept local EC2 VPC Peering request community.aws.ec2_vpc_peer: - peering_id: "{{ vpc_peer.peering_id }}" + peering_id: '{{ vpc_peer.peering_id }}' state: accept wait: true register: action_peer @@ -368,65 +368,65 @@ - name: Assert success ansible.builtin.assert: that: - - action_peer is changed - - action_peer is successful - - action_peer.peering_id == peer_id_1 - - action_peer.vpc_peering_connection.accepter_vpc_info.cidr_block == vpc_2_cidr - - action_peer.vpc_peering_connection.vpc_peering_connection_id == peer_id_1 + - action_peer is changed + - action_peer is successful + - action_peer.peering_id == peer_id_1 + - action_peer.vpc_peering_connection.accepter_vpc_info.cidr_block == vpc_2_cidr + - action_peer.vpc_peering_connection.vpc_peering_connection_id == peer_id_1 - name: Get details on specific EC2 VPC Peering Connection community.aws.ec2_vpc_peering_info: peer_connection_ids: - - '{{ peer_id_1 }}' + - '{{ peer_id_1 }}' register: peer_info - name: Assert expected values ansible.builtin.assert: that: - - peer_info is successful - - "'vpc_peering_connections' in peer_info" - - "'result' in peer_info" - - "'accepter_vpc_info' in peer_details" - - "'requester_vpc_info' in peer_details" - - "'status' in peer_details" - - "'code' in peer_details.status" - - peer_details.status.code == "active" - - "'message' in peer_details.status" - - "'tags' in peer_details" - - "'Name' in peer_details.tags" - - peer_details.tags.Name == connection_name - - "'testPrefix' in peer_details.tags" - - peer_details.tags.testPrefix == resource_prefix - - "'vpc_peering_connection_id' in peer_details" - - peer_details.vpc_peering_connection_id == peer_id_1 + - peer_info is successful + - "'vpc_peering_connections' in peer_info" + - "'result' in peer_info" + - "'accepter_vpc_info' in peer_details" + - "'requester_vpc_info' in peer_details" + - "'status' in peer_details" + - "'code' in peer_details.status" + - peer_details.status.code == "active" + - "'message' in peer_details.status" + - "'tags' in peer_details" + - "'Name' in peer_details.tags" + - peer_details.tags.Name == connection_name + - "'testPrefix' in peer_details.tags" + - peer_details.tags.testPrefix == resource_prefix + - "'vpc_peering_connection_id' in peer_details" + - peer_details.vpc_peering_connection_id == peer_id_1 # Information about the 'accepting' VPC should be available now - - "'cidr_block' in acceptor_details" - - acceptor_details.cidr_block == vpc_2_cidr - - "'cidr_block_set' in acceptor_details" - - acceptor_details.cidr_block_set | length == 1 - - "'cidr_block' in acceptor_details.cidr_block_set[0]" - - acceptor_details.cidr_block_set[0].cidr_block == vpc_2_cidr - - "'peering_options' in acceptor_details" - - "'owner_id' in acceptor_details" - - acceptor_details.owner_id == account_id - - "'region' in acceptor_details" - - acceptor_details.region == aws_region - - "'vpc_id' in acceptor_details" - - acceptor_details.vpc_id == vpc_2 + - "'cidr_block' in acceptor_details" + - acceptor_details.cidr_block == vpc_2_cidr + - "'cidr_block_set' in acceptor_details" + - acceptor_details.cidr_block_set | length == 1 + - "'cidr_block' in acceptor_details.cidr_block_set[0]" + - acceptor_details.cidr_block_set[0].cidr_block == vpc_2_cidr + - "'peering_options' in acceptor_details" + - "'owner_id' in acceptor_details" + - acceptor_details.owner_id == account_id + - "'region' in acceptor_details" + - acceptor_details.region == aws_region + - "'vpc_id' in acceptor_details" + - acceptor_details.vpc_id == vpc_2 # Information about the 'requesting' VPC - - "'cidr_block' in requester_details" - - requester_details.cidr_block == vpc_1_cidr - - "'cidr_block_set' in requester_details" - - requester_details.cidr_block_set | length == 1 - - "'cidr_block' in requester_details.cidr_block_set[0]" - - requester_details.cidr_block_set[0].cidr_block == vpc_1_cidr - - "'peering_options' in requester_details" - - "'owner_id' in requester_details" - - requester_details.owner_id == account_id - - "'region' in requester_details" - - requester_details.region == aws_region - - "'vpc_id' in requester_details" - - requester_details.vpc_id == vpc_1 + - "'cidr_block' in requester_details" + - requester_details.cidr_block == vpc_1_cidr + - "'cidr_block_set' in requester_details" + - requester_details.cidr_block_set | length == 1 + - "'cidr_block' in requester_details.cidr_block_set[0]" + - requester_details.cidr_block_set[0].cidr_block == vpc_1_cidr + - "'peering_options' in requester_details" + - "'owner_id' in requester_details" + - requester_details.owner_id == account_id + - "'region' in requester_details" + - requester_details.region == aws_region + - "'vpc_id' in requester_details" + - requester_details.vpc_id == vpc_1 vars: peer_details: '{{ peer_info.vpc_peering_connections[0] }}' acceptor_details: '{{ peer_details["accepter_vpc_info"] }}' @@ -434,7 +434,7 @@ - name: Accept local EC2 VPC Peering request (idempotency check_mode) community.aws.ec2_vpc_peer: - peering_id: "{{ vpc_peer.peering_id }}" + peering_id: '{{ vpc_peer.peering_id }}' state: accept check_mode: true register: action_peer @@ -442,25 +442,25 @@ - name: Assert success ansible.builtin.assert: that: - - action_peer is not changed + - action_peer is not changed - name: Accept local EC2 VPC Peering request (idempotency) community.aws.ec2_vpc_peer: - peering_id: "{{ vpc_peer.peering_id }}" + peering_id: '{{ vpc_peer.peering_id }}' state: accept register: action_peer - name: Assert success ansible.builtin.assert: that: - - action_peer is not changed - - action_peer is successful - - action_peer.peering_id == peer_id_1 - - action_peer.vpc_peering_connection.vpc_peering_connection_id == peer_id_1 + - action_peer is not changed + - action_peer is successful + - action_peer.peering_id == peer_id_1 + - action_peer.vpc_peering_connection.vpc_peering_connection_id == peer_id_1 - name: Delete a local EC2 VPC Peering Connection (check_mode) community.aws.ec2_vpc_peer: - peering_id: "{{ vpc_peer.peering_id }}" + peering_id: '{{ vpc_peer.peering_id }}' state: absent check_mode: true register: delete_peer @@ -468,66 +468,66 @@ - name: Assert success ansible.builtin.assert: that: - - delete_peer is changed + - delete_peer is changed - name: Delete a local EC2 VPC Peering Connection community.aws.ec2_vpc_peer: - peering_id: "{{ vpc_peer.peering_id }}" + peering_id: '{{ vpc_peer.peering_id }}' state: absent register: delete_peer - name: Assert success ansible.builtin.assert: that: - - delete_peer is changed - - delete_peer is successful - - "'peering_id' in delete_peer" + - delete_peer is changed + - delete_peer is successful + - "'peering_id' in delete_peer" - name: Get details on specific EC2 VPC Peering Connection community.aws.ec2_vpc_peering_info: peer_connection_ids: - - '{{ peer_id_1}}' + - '{{ peer_id_1}}' register: peer_info - name: Assert expected values ansible.builtin.assert: that: - - peer_info is successful - - "'vpc_peering_connections' in peer_info" - - "'result' in peer_info" - - "'accepter_vpc_info' in peer_details" - - "'requester_vpc_info' in peer_details" - - "'status' in peer_details" - - "'code' in peer_details.status" - - peer_details.status.code == "deleted" - - "'message' in peer_details.status" - - "'tags' in peer_details" - - "'Name' in peer_details.tags" - - peer_details.tags.Name == connection_name - - "'testPrefix' in peer_details.tags" - - peer_details.tags.testPrefix == resource_prefix - - "'vpc_peering_connection_id' in peer_details" - - peer_details.vpc_peering_connection_id == peer_id_1 + - peer_info is successful + - "'vpc_peering_connections' in peer_info" + - "'result' in peer_info" + - "'accepter_vpc_info' in peer_details" + - "'requester_vpc_info' in peer_details" + - "'status' in peer_details" + - "'code' in peer_details.status" + - peer_details.status.code == "deleted" + - "'message' in peer_details.status" + - "'tags' in peer_details" + - "'Name' in peer_details.tags" + - peer_details.tags.Name == connection_name + - "'testPrefix' in peer_details.tags" + - peer_details.tags.testPrefix == resource_prefix + - "'vpc_peering_connection_id' in peer_details" + - peer_details.vpc_peering_connection_id == peer_id_1 # Information about the 'accepting' VPC is reduced again - - "'cidr_block' not in acceptor_details" - - "'cidr_block_set' not in acceptor_details" - - "'peering_options' not in acceptor_details" - - "'owner_id' in acceptor_details" - - acceptor_details.owner_id == account_id - - "'region' in acceptor_details" - - acceptor_details.region == aws_region - - "'vpc_id' in acceptor_details" - - acceptor_details.vpc_id == vpc_2 + - "'cidr_block' not in acceptor_details" + - "'cidr_block_set' not in acceptor_details" + - "'peering_options' not in acceptor_details" + - "'owner_id' in acceptor_details" + - acceptor_details.owner_id == account_id + - "'region' in acceptor_details" + - acceptor_details.region == aws_region + - "'vpc_id' in acceptor_details" + - acceptor_details.vpc_id == vpc_2 # Information about the 'requesting' VPC is reduced once the VPC's deleted - - "'cidr_block' not in requester_details" - - "'cidr_block_set' not in requester_details" - - "'peering_options' not in requester_details" - - "'owner_id' in requester_details" - - requester_details.owner_id == account_id - - "'region' in requester_details" - - requester_details.region == aws_region - - "'vpc_id' in requester_details" - - requester_details.vpc_id == vpc_1 + - "'cidr_block' not in requester_details" + - "'cidr_block_set' not in requester_details" + - "'peering_options' not in requester_details" + - "'owner_id' in requester_details" + - requester_details.owner_id == account_id + - "'region' in requester_details" + - requester_details.region == aws_region + - "'vpc_id' in requester_details" + - requester_details.vpc_id == vpc_1 vars: peer_details: '{{ peer_info.vpc_peering_connections[0] }}' acceptor_details: '{{ peer_details["accepter_vpc_info"] }}' @@ -535,7 +535,7 @@ - name: Delete a local EC2 VPC Peering Connection (idempotency check_mode) community.aws.ec2_vpc_peer: - peering_id: "{{ vpc_peer.peering_id }}" + peering_id: '{{ vpc_peer.peering_id }}' state: absent check_mode: true register: delete_peer @@ -543,19 +543,19 @@ - name: Assert success ansible.builtin.assert: that: - - delete_peer is not changed + - delete_peer is not changed - name: Delete a local EC2 VPC Peering Connection (idempotency) community.aws.ec2_vpc_peer: - peering_id: "{{ vpc_peer.peering_id }}" + peering_id: '{{ vpc_peer.peering_id }}' state: absent register: delete_peer - name: Assert success ansible.builtin.assert: that: - - delete_peer is not changed - - delete_peer is successful + - delete_peer is not changed + - delete_peer is successful - name: Create local account EC2 VPC Peering Connection community.aws.ec2_vpc_peer: @@ -563,16 +563,16 @@ peer_vpc_id: '{{ vpc_2 }}' state: present tags: - Name: 'Peering connection for VPC {{ vpc_1 }} to VPC {{ vpc_2 }}' + Name: Peering connection for VPC {{ vpc_1 }} to VPC {{ vpc_2 }} register: vpc_peer2 - name: Assert success ansible.builtin.assert: that: - - vpc_peer2 is changed - - vpc_peer2 is successful - - "'peering_id' in vpc_peer2" - - vpc_peer2.peering_id.startswith('pcx-') + - vpc_peer2 is changed + - vpc_peer2 is successful + - "'peering_id' in vpc_peer2" + - vpc_peer2.peering_id.startswith('pcx-') - name: Store Connection ID ansible.builtin.set_fact: @@ -580,43 +580,43 @@ - name: Reject a local EC2 VPC Peering Connection community.aws.ec2_vpc_peer: - peering_id: "{{ vpc_peer2.peering_id }}" + peering_id: '{{ vpc_peer2.peering_id }}' state: reject - wait: True + wait: true register: reject_peer - name: Assert success ansible.builtin.assert: that: - - reject_peer is changed - - reject_peer is successful - - reject_peer.peering_id == peer_id_2 + - reject_peer is changed + - reject_peer is successful + - reject_peer.peering_id == peer_id_2 - name: Reject a local EC2 VPC Peering Connection (idempotency) community.aws.ec2_vpc_peer: - peering_id: "{{ vpc_peer2.peering_id }}" + peering_id: '{{ vpc_peer2.peering_id }}' state: reject register: reject_peer - name: Assert success ansible.builtin.assert: that: - - reject_peer is not changed - - reject_peer is successful - - reject_peer.peering_id == peer_id_2 - - reject_peer.vpc_peering_connection.vpc_peering_connection_id == peer_id_2 + - reject_peer is not changed + - reject_peer is successful + - reject_peer.peering_id == peer_id_2 + - reject_peer.vpc_peering_connection.vpc_peering_connection_id == peer_id_2 - name: Delete a local EC2 VPC Peering Connections community.aws.ec2_vpc_peer: - peering_id: "{{ vpc_peer2.peering_id }}" + peering_id: '{{ vpc_peer2.peering_id }}' state: absent register: delete_peer - name: Assert success ansible.builtin.assert: that: - - delete_peer is not changed - - delete_peer is successful + - delete_peer is not changed + - delete_peer is successful always: @@ -630,26 +630,28 @@ - '{{ vpc_2 }}' - ansible.builtin.set_fact: - vpc_peering_connection_ids: '{{ _vpc_peering_connections | map(attribute="vpc_peering_connection_id") | list }}' + vpc_peering_connection_ids: '{{ _vpc_peering_connections | map(attribute="vpc_peering_connection_id") + | list }}' vars: - _vpc_peering_connections: '{{ peering_info.results | map(attribute="vpc_peering_connections") | flatten }}' - ignore_errors: True + _vpc_peering_connections: '{{ peering_info.results | map(attribute="vpc_peering_connections") + | flatten }}' + ignore_errors: true # ============================================================ - name: Delete remaining EC2 VPC Peering Connections community.aws.ec2_vpc_peer: - peering_id: "{{ item }}" + peering_id: '{{ item }}' state: absent - ignore_errors: True + ignore_errors: true loop: '{{ vpc_peering_connection_ids }}' - name: Tidy up VPCs amazon.aws.ec2_vpc_net: - name: "{{ item.name }}" + name: '{{ item.name }}' state: absent - cidr_block: "{{ item.cidr }}" + cidr_block: '{{ item.cidr }}' ignore_errors: true loop: - - { name: "{{ vpc_2_name }}", cidr: "{{ vpc_2_cidr }}"} - - { name: "{{ vpc_1_name }}", cidr: "{{ vpc_1_cidr }}"} + - {name: '{{ vpc_2_name }}', cidr: '{{ vpc_2_cidr }}'} + - {name: '{{ vpc_1_name }}', cidr: '{{ vpc_1_cidr }}'} From 3cf2481f525302b0cafca024e80aa0ca86afc11b Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Wed, 16 Oct 2024 13:45:41 +0200 Subject: [PATCH 45/47] Add changelog fragment Delete changelogs/fragments/20240924-ec2_vpc_peer-refactor.yml --- changelogs/fragments/migrate_ec2_vpc_peer.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 changelogs/fragments/migrate_ec2_vpc_peer.yml diff --git a/changelogs/fragments/migrate_ec2_vpc_peer.yml b/changelogs/fragments/migrate_ec2_vpc_peer.yml new file mode 100644 index 00000000000..af4bf2d1b7b --- /dev/null +++ b/changelogs/fragments/migrate_ec2_vpc_peer.yml @@ -0,0 +1,8 @@ +--- +major_changes: + - ec2_vpc_peer - The module has been migrated from the ``community.aws`` collection. + Playbooks using the Fully Qualified Collection Name for this module should be + updated to use ``amazon.aws.ec2_vpc_peer``. + - ec2_vpc_peering_info - The module has been migrated from the ``community.aws`` + collection. Playbooks using the Fully Qualified Collection Name for this module + should be updated to use ``amazon.aws.ec2_vpc_peering_info``. From 46ac49873da770dbd2e05de11942678cd899e75a Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Wed, 16 Oct 2024 14:15:49 +0200 Subject: [PATCH 46/47] Apply isort Signed-off-by: Alina Buzachis --- plugins/modules/ec2_vpc_peer.py | 3 +- plugins/modules/ec2_vpc_peering_info.py | 3 +- .../targets/ec2_vpc_peer/tasks/main.yml | 60 +++++++++---------- 3 files changed, 32 insertions(+), 34 deletions(-) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index d7eed64e17d..66b4e262555 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -378,12 +378,11 @@ from ansible_collections.amazon.aws.plugins.module_utils.ec2 import describe_vpc_peering_connections from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ensure_ec2_tags from ansible_collections.amazon.aws.plugins.module_utils.ec2 import reject_vpc_peering_connection +from ansible_collections.amazon.aws.plugins.module_utils.modules import AnsibleAWSModule from ansible_collections.amazon.aws.plugins.module_utils.tagging import boto3_tag_list_to_ansible_dict from ansible_collections.amazon.aws.plugins.module_utils.tagging import boto3_tag_specifications from ansible_collections.amazon.aws.plugins.module_utils.transformation import ansible_dict_to_boto3_filter_list -from ansible_collections.amazon.aws.plugins.module_utils.modules import AnsibleAWSModule - def wait_for_state(client, module: AnsibleAWSModule, state: str, peering_id: str) -> NoReturn: waiter = client.get_waiter("vpc_peering_connection_exists") diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index 3671810226b..1abb94e198a 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -343,11 +343,10 @@ from ansible_collections.amazon.aws.plugins.module_utils.botocore import normalize_boto3_result from ansible_collections.amazon.aws.plugins.module_utils.ec2 import describe_vpc_peering_connections +from ansible_collections.amazon.aws.plugins.module_utils.modules import AnsibleAWSModule from ansible_collections.amazon.aws.plugins.module_utils.tagging import boto3_tag_list_to_ansible_dict from ansible_collections.amazon.aws.plugins.module_utils.transformation import ansible_dict_to_boto3_filter_list -from ansible_collections.amazon.aws.plugins.module_utils.modules import AnsibleAWSModule - def get_vpc_peers(client, module: AnsibleAWSModule) -> List[Dict[str, Any]]: params: Dict = {} diff --git a/tests/integration/targets/ec2_vpc_peer/tasks/main.yml b/tests/integration/targets/ec2_vpc_peer/tasks/main.yml index 864b5143975..a915b5581fe 100644 --- a/tests/integration/targets/ec2_vpc_peer/tasks/main.yml +++ b/tests/integration/targets/ec2_vpc_peer/tasks/main.yml @@ -16,7 +16,7 @@ # ============================================================ - name: Fetch EC2 VPC Peering Connections in check_mode - community.aws.ec2_vpc_peering_info: + amazon.aws.ec2_vpc_peering_info: register: peers_info check_mode: true @@ -67,7 +67,7 @@ connection_name: Peering connection for VPC {{ vpc_1 }} to VPC {{ vpc_2 }} - name: Create local account EC2 VPC Peering Connection request (check_mode) - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: vpc_id: '{{ vpc_1 }}' peer_vpc_id: '{{ vpc_2 }}' state: present @@ -82,7 +82,7 @@ - vpc_peer is changed - name: Create local account EC2 VPC Peering Connection request - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: vpc_id: '{{ vpc_1 }}' peer_vpc_id: '{{ vpc_2 }}' state: present @@ -105,7 +105,7 @@ - name: Re-create local account EC2 VPC Peering Connection request (idempotency check_mode) - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: vpc_id: '{{ vpc_1 }}' peer_vpc_id: '{{ vpc_2 }}' state: present @@ -120,7 +120,7 @@ - vpc_peer is not changed - name: Re-create local account EC2 VPC Peering Connection request (idempotency) - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: vpc_id: '{{ vpc_1 }}' peer_vpc_id: '{{ vpc_2 }}' state: present @@ -137,7 +137,7 @@ - name: Create local account EC2 VPC Peering Connection request with accepter/requester reversed (idempotency check_mode) - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: vpc_id: '{{ vpc_2 }}' peer_vpc_id: '{{ vpc_1 }}' state: present @@ -153,7 +153,7 @@ - name: Create local account EC2 VPC Peering Connection request with accepter/requester reversed (idempotency) - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: vpc_id: '{{ vpc_2 }}' peer_vpc_id: '{{ vpc_1 }}' state: present @@ -169,7 +169,7 @@ - vpc_peer.peering_id == peer_id_1 - name: Get details on specific EC2 VPC Peering Connection - community.aws.ec2_vpc_peering_info: + amazon.aws.ec2_vpc_peering_info: peer_connection_ids: - '{{ peer_id_1 }}' register: peer_info @@ -221,7 +221,7 @@ requester_details: '{{ peer_details["requester_vpc_info"] }}' - name: Get all EC2 VPC Peering Connections with specific filters - community.aws.ec2_vpc_peering_info: + amazon.aws.ec2_vpc_peering_info: filters: status-code: [pending-acceptance] register: pending_vpc_peers @@ -262,7 +262,7 @@ requester_details: '{{ peer_details["requester_vpc_info"] }}' - name: Update tags on the EC2 VPC Peering Connection (check_mode) - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: vpc_id: '{{ vpc_1 }}' peer_vpc_id: '{{ vpc_2 }}' state: present @@ -278,7 +278,7 @@ - tag_peer is changed - name: Update tags on the EC2 VPC Peering Connection - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: vpc_id: '{{ vpc_1 }}' peer_vpc_id: '{{ vpc_2 }}' state: present @@ -295,7 +295,7 @@ - tag_peer.peering_id == peer_id_1 - name: Update tags on the EC2 VPC Peering Connection (idempotency check_mode) - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: vpc_id: '{{ vpc_1 }}' peer_vpc_id: '{{ vpc_2 }}' state: present @@ -311,7 +311,7 @@ - tag_peer is not changed - name: Update tags on the EC2 VPC Peering Connection (idempotency) - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: vpc_id: '{{ vpc_1 }}' peer_vpc_id: '{{ vpc_2 }}' state: present @@ -328,7 +328,7 @@ - tag_peer.peering_id == peer_id_1 - name: Get details on specific EC2 VPC Peering Connection - community.aws.ec2_vpc_peering_info: + amazon.aws.ec2_vpc_peering_info: peer_connection_ids: - '{{ peer_id_1 }}' register: peer_info @@ -346,7 +346,7 @@ peer_details: '{{ peer_info.vpc_peering_connections[0] }}' - name: Accept local EC2 VPC Peering request (check_mode) - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: peering_id: '{{ vpc_peer.peering_id }}' state: accept wait: true @@ -359,7 +359,7 @@ - action_peer is changed - name: Accept local EC2 VPC Peering request - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: peering_id: '{{ vpc_peer.peering_id }}' state: accept wait: true @@ -375,7 +375,7 @@ - action_peer.vpc_peering_connection.vpc_peering_connection_id == peer_id_1 - name: Get details on specific EC2 VPC Peering Connection - community.aws.ec2_vpc_peering_info: + amazon.aws.ec2_vpc_peering_info: peer_connection_ids: - '{{ peer_id_1 }}' register: peer_info @@ -433,7 +433,7 @@ requester_details: '{{ peer_details["requester_vpc_info"] }}' - name: Accept local EC2 VPC Peering request (idempotency check_mode) - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: peering_id: '{{ vpc_peer.peering_id }}' state: accept check_mode: true @@ -445,7 +445,7 @@ - action_peer is not changed - name: Accept local EC2 VPC Peering request (idempotency) - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: peering_id: '{{ vpc_peer.peering_id }}' state: accept register: action_peer @@ -459,7 +459,7 @@ - action_peer.vpc_peering_connection.vpc_peering_connection_id == peer_id_1 - name: Delete a local EC2 VPC Peering Connection (check_mode) - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: peering_id: '{{ vpc_peer.peering_id }}' state: absent check_mode: true @@ -471,7 +471,7 @@ - delete_peer is changed - name: Delete a local EC2 VPC Peering Connection - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: peering_id: '{{ vpc_peer.peering_id }}' state: absent register: delete_peer @@ -484,7 +484,7 @@ - "'peering_id' in delete_peer" - name: Get details on specific EC2 VPC Peering Connection - community.aws.ec2_vpc_peering_info: + amazon.aws.ec2_vpc_peering_info: peer_connection_ids: - '{{ peer_id_1}}' register: peer_info @@ -534,7 +534,7 @@ requester_details: '{{ peer_details["requester_vpc_info"] }}' - name: Delete a local EC2 VPC Peering Connection (idempotency check_mode) - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: peering_id: '{{ vpc_peer.peering_id }}' state: absent check_mode: true @@ -546,7 +546,7 @@ - delete_peer is not changed - name: Delete a local EC2 VPC Peering Connection (idempotency) - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: peering_id: '{{ vpc_peer.peering_id }}' state: absent register: delete_peer @@ -558,7 +558,7 @@ - delete_peer is successful - name: Create local account EC2 VPC Peering Connection - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: vpc_id: '{{ vpc_1 }}' peer_vpc_id: '{{ vpc_2 }}' state: present @@ -579,7 +579,7 @@ peer_id_2: '{{ vpc_peer2.peering_id }}' - name: Reject a local EC2 VPC Peering Connection - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: peering_id: '{{ vpc_peer2.peering_id }}' state: reject wait: true @@ -593,7 +593,7 @@ - reject_peer.peering_id == peer_id_2 - name: Reject a local EC2 VPC Peering Connection (idempotency) - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: peering_id: '{{ vpc_peer2.peering_id }}' state: reject register: reject_peer @@ -607,7 +607,7 @@ - reject_peer.vpc_peering_connection.vpc_peering_connection_id == peer_id_2 - name: Delete a local EC2 VPC Peering Connections - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: peering_id: '{{ vpc_peer2.peering_id }}' state: absent register: delete_peer @@ -621,7 +621,7 @@ always: - name: Find all EC2 VPC Peering Connections for our VPCs - community.aws.ec2_vpc_peering_info: + amazon.aws.ec2_vpc_peering_info: filters: accepter-vpc-info.vpc-id: '{{ item }}' register: peering_info @@ -640,7 +640,7 @@ # ============================================================ - name: Delete remaining EC2 VPC Peering Connections - community.aws.ec2_vpc_peer: + amazon.aws.ec2_vpc_peer: peering_id: '{{ item }}' state: absent ignore_errors: true From 652e3b7432de0d99273aa611343f11460f0b005b Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Mon, 21 Oct 2024 15:34:05 +0200 Subject: [PATCH 47/47] Modify upon review Signed-off-by: Alina Buzachis --- plugins/modules/ec2_vpc_peer.py | 1 + plugins/modules/ec2_vpc_peering_info.py | 1 + 2 files changed, 2 insertions(+) diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index 66b4e262555..4f2927090bb 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -8,6 +8,7 @@ module: ec2_vpc_peer short_description: create, delete, accept, and reject VPC peering connections between two VPCs. version_added: 1.0.0 +version_added_collection: community.aws description: - Read the AWS documentation for VPC Peering Connections U(https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html). diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index 1abb94e198a..82031e8013e 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -8,6 +8,7 @@ module: ec2_vpc_peering_info short_description: Retrieves AWS VPC Peering details using AWS methods version_added: 1.0.0 +version_added_collection: community.aws description: - Gets various details related to AWS VPC Peers options: