From 420a7e6fd1d688cdd9cb8a1182dbcb6a8c30b85b Mon Sep 17 00:00:00 2001 From: jillr Date: Mon, 2 Mar 2020 19:25:18 +0000 Subject: [PATCH 01/52] Initial commit This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/eb75681585a23ea79e642b86a0f8e64e0f40a6d7 --- plugins/modules/elb_application_lb.py | 655 ++++++++++++++++++ plugins/modules/elb_application_lb_facts.py | 1 + plugins/modules/elb_application_lb_info.py | 292 ++++++++ .../targets/elb_application_lb/aliases | 2 + .../elb_application_lb/defaults/main.yml | 6 + .../targets/elb_application_lb/meta/main.yml | 2 + .../elb_application_lb/tasks/full_test.yml | 280 ++++++++ .../targets/elb_application_lb/tasks/main.yml | 44 ++ .../tasks/multiple_actions_fail.yml | 274 ++++++++ .../tasks/test_alb_bad_listener_options.yml | 71 ++ .../tasks/test_alb_tags.yml | 93 +++ .../tasks/test_alb_with_asg.yml | 89 +++ .../tasks/test_creating_alb.yml | 52 ++ .../tasks/test_deleting_alb.yml | 52 ++ .../tasks/test_modifying_alb_listeners.yml | 240 +++++++ .../tasks/test_multiple_actions.yml | 467 +++++++++++++ .../tasks/test_multiple_actions_fail.yml | 53 ++ 17 files changed, 2673 insertions(+) create mode 100644 plugins/modules/elb_application_lb.py create mode 120000 plugins/modules/elb_application_lb_facts.py create mode 100644 plugins/modules/elb_application_lb_info.py create mode 100644 tests/integration/targets/elb_application_lb/aliases create mode 100644 tests/integration/targets/elb_application_lb/defaults/main.yml create mode 100644 tests/integration/targets/elb_application_lb/meta/main.yml create mode 100644 tests/integration/targets/elb_application_lb/tasks/full_test.yml create mode 100644 tests/integration/targets/elb_application_lb/tasks/main.yml create mode 100644 tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml create mode 100644 tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml create mode 100644 tests/integration/targets/elb_application_lb/tasks/test_alb_tags.yml create mode 100644 tests/integration/targets/elb_application_lb/tasks/test_alb_with_asg.yml create mode 100644 tests/integration/targets/elb_application_lb/tasks/test_creating_alb.yml create mode 100644 tests/integration/targets/elb_application_lb/tasks/test_deleting_alb.yml create mode 100644 tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml create mode 100644 tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml create mode 100644 tests/integration/targets/elb_application_lb/tasks/test_multiple_actions_fail.yml diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py new file mode 100644 index 00000000000..5536f3de6f1 --- /dev/null +++ b/plugins/modules/elb_application_lb.py @@ -0,0 +1,655 @@ +#!/usr/bin/python +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: elb_application_lb +short_description: Manage an Application load balancer +description: + - Manage an AWS Application Elastic Load Balancer. See U(https://aws.amazon.com/blogs/aws/new-aws-application-load-balancer/) for details. +requirements: [ boto3 ] +author: "Rob White (@wimnat)" +options: + access_logs_enabled: + description: + - Whether or not to enable access logs. + - When set, I(access_logs_s3_bucket) must also be set. + type: bool + access_logs_s3_bucket: + description: + - The name of the S3 bucket for the access logs. + - The bucket must exist in the same + region as the load balancer and have a bucket policy that grants Elastic Load Balancing permission to write to the bucket. + - Required if access logs in Amazon S3 are enabled. + - When set, I(access_logs_enabled) must also be set. + type: str + access_logs_s3_prefix: + description: + - The prefix for the log location in the S3 bucket. + - If you don't specify a prefix, the access logs are stored in the root of the bucket. + - Cannot begin or end with a slash. + type: str + deletion_protection: + description: + - Indicates whether deletion protection for the ELB is enabled. + default: no + type: bool + http2: + description: + - Indicates whether to enable HTTP2 routing. + default: no + type: bool + idle_timeout: + description: + - The number of seconds to wait before an idle connection is closed. + type: int + listeners: + description: + - A list of dicts containing listeners to attach to the ELB. See examples for detail of the dict required. Note that listener keys + are CamelCased. + type: list + suboptions: + Port: + description: The port on which the load balancer is listening. + required: true + type: int + Protocol: + description: The protocol for connections from clients to the load balancer. + required: true + type: str + Certificates: + description: The SSL server certificate. + type: list + suboptions: + CertificateArn: + description: The Amazon Resource Name (ARN) of the certificate. + type: str + SslPolicy: + description: The security policy that defines which ciphers and protocols are supported. + type: str + DefaultActions: + description: The default actions for the listener. + required: true + type: list + suboptions: + Type: + description: The type of action. + type: str + TargetGroupArn: + description: The Amazon Resource Name (ARN) of the target group. + type: str + Rules: + type: list + description: + - A list of ALB Listener Rules. + - 'For the complete documentation of possible Conditions and Actions please see the boto3 documentation:' + - 'https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/elbv2.html#ElasticLoadBalancingv2.Client.create_rule' + suboptions: + Conditions: + type: list + description: Conditions which must be met for the actions to be applied. + Priority: + type: int + description: The rule priority. + Actions: + type: list + description: Actions to apply if all of the rule's conditions are met. + name: + description: + - The name of the load balancer. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric + characters or hyphens, and must not begin or end with a hyphen. + required: true + type: str + purge_listeners: + description: + - If yes, existing listeners will be purged from the ELB to match exactly what is defined by I(listeners) parameter. If the I(listeners) parameter is + not set then listeners will not be modified + default: yes + type: bool + purge_tags: + description: + - If yes, existing tags will be purged from the resource to match exactly what is defined by I(tags) parameter. If the I(tags) parameter is not set then + tags will not be modified. + default: yes + type: bool + subnets: + description: + - A list of the IDs of the subnets to attach to the load balancer. You can specify only one subnet per Availability Zone. You must specify subnets from + at least two Availability Zones. + - Required if I(state=present). + type: list + security_groups: + description: + - A list of the names or IDs of the security groups to assign to the load balancer. + - Required if I(state=present). + default: [] + type: list + scheme: + description: + - Internet-facing or internal load balancer. An ELB scheme can not be modified after creation. + default: internet-facing + choices: [ 'internet-facing', 'internal' ] + type: str + state: + description: + - Create or destroy the load balancer. + default: present + choices: [ 'present', 'absent' ] + type: str + tags: + description: + - A dictionary of one or more tags to assign to the load balancer. + type: dict + wait: + description: + - Wait for the load balancer to have a state of 'active' before completing. A status check is + performed every 15 seconds until a successful state is reached. An error is returned after 40 failed checks. + default: no + type: bool + wait_timeout: + description: + - The time in seconds to use in conjunction with I(wait). + type: int + purge_rules: + description: + - When set to no, keep the existing load balancer rules in place. Will modify and add, but will not delete. + default: yes + type: bool +extends_documentation_fragment: +- ansible.amazon.aws +- ansible.amazon.ec2 + +notes: + - Listeners are matched based on port. If a listener's port is changed then a new listener will be created. + - Listener rules are matched based on priority. If a rule's priority is changed then a new rule will be created. +''' + +EXAMPLES = ''' +# Note: These examples do not set authentication details, see the AWS Guide for details. + +# Create an ELB and attach a listener +- elb_application_lb: + name: myelb + security_groups: + - sg-12345678 + - my-sec-group + subnets: + - subnet-012345678 + - subnet-abcdef000 + listeners: + - Protocol: HTTP # Required. The protocol for connections from clients to the load balancer (HTTP or HTTPS) (case-sensitive). + Port: 80 # Required. The port on which the load balancer is listening. + # The security policy that defines which ciphers and protocols are supported. The default is the current predefined security policy. + SslPolicy: ELBSecurityPolicy-2015-05 + Certificates: # The ARN of the certificate (only one certficate ARN should be provided) + - CertificateArn: arn:aws:iam::12345678987:server-certificate/test.domain.com + DefaultActions: + - Type: forward # Required. + TargetGroupName: # Required. The name of the target group + state: present + +# Create an ELB and attach a listener with logging enabled +- elb_application_lb: + access_logs_enabled: yes + access_logs_s3_bucket: mybucket + access_logs_s3_prefix: "logs" + name: myelb + security_groups: + - sg-12345678 + - my-sec-group + subnets: + - subnet-012345678 + - subnet-abcdef000 + listeners: + - Protocol: HTTP # Required. The protocol for connections from clients to the load balancer (HTTP or HTTPS) (case-sensitive). + Port: 80 # Required. The port on which the load balancer is listening. + # The security policy that defines which ciphers and protocols are supported. The default is the current predefined security policy. + SslPolicy: ELBSecurityPolicy-2015-05 + Certificates: # The ARN of the certificate (only one certficate ARN should be provided) + - CertificateArn: arn:aws:iam::12345678987:server-certificate/test.domain.com + DefaultActions: + - Type: forward # Required. + TargetGroupName: # Required. The name of the target group + state: present + +# Create an ALB with listeners and rules +- elb_application_lb: + name: test-alb + subnets: + - subnet-12345678 + - subnet-87654321 + security_groups: + - sg-12345678 + scheme: internal + listeners: + - Protocol: HTTPS + Port: 443 + DefaultActions: + - Type: forward + TargetGroupName: test-target-group + Certificates: + - CertificateArn: arn:aws:iam::12345678987:server-certificate/test.domain.com + SslPolicy: ELBSecurityPolicy-2015-05 + Rules: + - Conditions: + - Field: path-pattern + Values: + - '/test' + Priority: '1' + Actions: + - TargetGroupName: test-target-group + Type: forward + - Conditions: + - Field: path-pattern + Values: + - "/redirect-path/*" + Priority: '2' + Actions: + - Type: redirect + RedirectConfig: + Host: "#{host}" + Path: "/example/redir" # or /#{path} + Port: "#{port}" + Protocol: "#{protocol}" + Query: "#{query}" + StatusCode: "HTTP_302" # or HTTP_301 + - Conditions: + - Field: path-pattern + Values: + - "/fixed-response-path/" + Priority: '3' + Actions: + - Type: fixed-response + FixedResponseConfig: + ContentType: "text/plain" + MessageBody: "This is the page you're looking for" + StatusCode: "200" + - Conditions: + - Field: host-header + Values: + - "hostname.domain.com" + - "alternate.domain.com" + Priority: '4' + Actions: + - TargetGroupName: test-target-group + Type: forward + state: present + +# Remove an ELB +- elb_application_lb: + name: myelb + state: absent + +''' + +RETURN = ''' +access_logs_s3_bucket: + description: The name of the S3 bucket for the access logs. + returned: when state is present + type: str + sample: mys3bucket +access_logs_s3_enabled: + description: Indicates whether access logs stored in Amazon S3 are enabled. + returned: when state is present + type: str + sample: true +access_logs_s3_prefix: + description: The prefix for the location in the S3 bucket. + returned: when state is present + type: str + sample: my/logs +availability_zones: + description: The Availability Zones for the load balancer. + returned: when state is present + type: list + sample: "[{'subnet_id': 'subnet-aabbccddff', 'zone_name': 'ap-southeast-2a'}]" +canonical_hosted_zone_id: + description: The ID of the Amazon Route 53 hosted zone associated with the load balancer. + returned: when state is present + type: str + sample: ABCDEF12345678 +created_time: + description: The date and time the load balancer was created. + returned: when state is present + type: str + sample: "2015-02-12T02:14:02+00:00" +deletion_protection_enabled: + description: Indicates whether deletion protection is enabled. + returned: when state is present + type: str + sample: true +dns_name: + description: The public DNS name of the load balancer. + returned: when state is present + type: str + sample: internal-my-elb-123456789.ap-southeast-2.elb.amazonaws.com +idle_timeout_timeout_seconds: + description: The idle timeout value, in seconds. + returned: when state is present + type: int + sample: 60 +ip_address_type: + description: The type of IP addresses used by the subnets for the load balancer. + returned: when state is present + type: str + sample: ipv4 +listeners: + description: Information about the listeners. + returned: when state is present + type: complex + contains: + listener_arn: + description: The Amazon Resource Name (ARN) of the listener. + returned: when state is present + type: str + sample: "" + load_balancer_arn: + description: The Amazon Resource Name (ARN) of the load balancer. + returned: when state is present + type: str + sample: "" + port: + description: The port on which the load balancer is listening. + returned: when state is present + type: int + sample: 80 + protocol: + description: The protocol for connections from clients to the load balancer. + returned: when state is present + type: str + sample: HTTPS + certificates: + description: The SSL server certificate. + returned: when state is present + type: complex + contains: + certificate_arn: + description: The Amazon Resource Name (ARN) of the certificate. + returned: when state is present + type: str + sample: "" + ssl_policy: + description: The security policy that defines which ciphers and protocols are supported. + returned: when state is present + type: str + sample: "" + default_actions: + description: The default actions for the listener. + returned: when state is present + type: str + contains: + type: + description: The type of action. + returned: when state is present + type: str + sample: "" + target_group_arn: + description: The Amazon Resource Name (ARN) of the target group. + returned: when state is present + type: str + sample: "" +load_balancer_arn: + description: The Amazon Resource Name (ARN) of the load balancer. + returned: when state is present + type: str + sample: arn:aws:elasticloadbalancing:ap-southeast-2:0123456789:loadbalancer/app/my-elb/001122334455 +load_balancer_name: + description: The name of the load balancer. + returned: when state is present + type: str + sample: my-elb +routing_http2_enabled: + description: Indicates whether HTTP/2 is enabled. + returned: when state is present + type: str + sample: true +scheme: + description: Internet-facing or internal load balancer. + returned: when state is present + type: str + sample: internal +security_groups: + description: The IDs of the security groups for the load balancer. + returned: when state is present + type: list + sample: ['sg-0011223344'] +state: + description: The state of the load balancer. + returned: when state is present + type: dict + sample: "{'code': 'active'}" +tags: + description: The tags attached to the load balancer. + returned: when state is present + type: dict + sample: "{ + 'Tag': 'Example' + }" +type: + description: The type of load balancer. + returned: when state is present + type: str + sample: application +vpc_id: + description: The ID of the VPC for the load balancer. + returned: when state is present + type: str + sample: vpc-0011223344 +''' + +from ansible_collections.ansible.amazon.plugins.module_utils.aws.core import AnsibleAWSModule +from ansible_collections.ansible.amazon.plugins.module_utils.ec2 import camel_dict_to_snake_dict, boto3_tag_list_to_ansible_dict, compare_aws_tags + +from ansible_collections.ansible.amazon.plugins.module_utils.aws.elbv2 import ApplicationLoadBalancer, ELBListeners, ELBListener, ELBListenerRules, ELBListenerRule +from ansible_collections.ansible.amazon.plugins.module_utils.aws.elb_utils import get_elb_listener_rules + + +def create_or_update_elb(elb_obj): + """Create ELB or modify main attributes. json_exit here""" + + if elb_obj.elb: + # ELB exists so check subnets, security groups and tags match what has been passed + + # Subnets + if not elb_obj.compare_subnets(): + elb_obj.modify_subnets() + + # Security Groups + if not elb_obj.compare_security_groups(): + elb_obj.modify_security_groups() + + # Tags - only need to play with tags if tags parameter has been set to something + if elb_obj.tags is not None: + + # Delete necessary tags + tags_need_modify, tags_to_delete = compare_aws_tags(boto3_tag_list_to_ansible_dict(elb_obj.elb['tags']), + boto3_tag_list_to_ansible_dict(elb_obj.tags), elb_obj.purge_tags) + if tags_to_delete: + elb_obj.delete_tags(tags_to_delete) + + # Add/update tags + if tags_need_modify: + elb_obj.modify_tags() + + else: + # Create load balancer + elb_obj.create_elb() + + # ELB attributes + elb_obj.update_elb_attributes() + elb_obj.modify_elb_attributes() + + # Listeners + listeners_obj = ELBListeners(elb_obj.connection, elb_obj.module, elb_obj.elb['LoadBalancerArn']) + + listeners_to_add, listeners_to_modify, listeners_to_delete = listeners_obj.compare_listeners() + + # Delete listeners + for listener_to_delete in listeners_to_delete: + listener_obj = ELBListener(elb_obj.connection, elb_obj.module, listener_to_delete, elb_obj.elb['LoadBalancerArn']) + listener_obj.delete() + listeners_obj.changed = True + + # Add listeners + for listener_to_add in listeners_to_add: + listener_obj = ELBListener(elb_obj.connection, elb_obj.module, listener_to_add, elb_obj.elb['LoadBalancerArn']) + listener_obj.add() + listeners_obj.changed = True + + # Modify listeners + for listener_to_modify in listeners_to_modify: + listener_obj = ELBListener(elb_obj.connection, elb_obj.module, listener_to_modify, elb_obj.elb['LoadBalancerArn']) + listener_obj.modify() + listeners_obj.changed = True + + # If listeners changed, mark ELB as changed + if listeners_obj.changed: + elb_obj.changed = True + + # Rules of each listener + for listener in listeners_obj.listeners: + if 'Rules' in listener: + rules_obj = ELBListenerRules(elb_obj.connection, elb_obj.module, elb_obj.elb['LoadBalancerArn'], listener['Rules'], listener['Port']) + + rules_to_add, rules_to_modify, rules_to_delete = rules_obj.compare_rules() + + # Delete rules + if elb_obj.module.params['purge_rules']: + for rule in rules_to_delete: + rule_obj = ELBListenerRule(elb_obj.connection, elb_obj.module, {'RuleArn': rule}, rules_obj.listener_arn) + rule_obj.delete() + elb_obj.changed = True + + # Add rules + for rule in rules_to_add: + rule_obj = ELBListenerRule(elb_obj.connection, elb_obj.module, rule, rules_obj.listener_arn) + rule_obj.create() + elb_obj.changed = True + + # Modify rules + for rule in rules_to_modify: + rule_obj = ELBListenerRule(elb_obj.connection, elb_obj.module, rule, rules_obj.listener_arn) + rule_obj.modify() + elb_obj.changed = True + + # Get the ELB again + elb_obj.update() + + # Get the ELB listeners again + listeners_obj.update() + + # Update the ELB attributes + elb_obj.update_elb_attributes() + + # Convert to snake_case and merge in everything we want to return to the user + snaked_elb = camel_dict_to_snake_dict(elb_obj.elb) + snaked_elb.update(camel_dict_to_snake_dict(elb_obj.elb_attributes)) + snaked_elb['listeners'] = [] + for listener in listeners_obj.current_listeners: + # For each listener, get listener rules + listener['rules'] = get_elb_listener_rules(elb_obj.connection, elb_obj.module, listener['ListenerArn']) + snaked_elb['listeners'].append(camel_dict_to_snake_dict(listener)) + + # Change tags to ansible friendly dict + snaked_elb['tags'] = boto3_tag_list_to_ansible_dict(snaked_elb['tags']) + + elb_obj.module.exit_json(changed=elb_obj.changed, **snaked_elb) + + +def delete_elb(elb_obj): + + if elb_obj.elb: + elb_obj.delete() + + elb_obj.module.exit_json(changed=elb_obj.changed) + + +def main(): + + argument_spec = dict( + access_logs_enabled=dict(type='bool'), + access_logs_s3_bucket=dict(type='str'), + access_logs_s3_prefix=dict(type='str'), + deletion_protection=dict(type='bool'), + http2=dict(type='bool'), + idle_timeout=dict(type='int'), + listeners=dict(type='list', + elements='dict', + options=dict( + Protocol=dict(type='str', required=True), + Port=dict(type='int', required=True), + SslPolicy=dict(type='str'), + Certificates=dict(type='list'), + DefaultActions=dict(type='list', required=True), + Rules=dict(type='list') + ) + ), + name=dict(required=True, type='str'), + purge_listeners=dict(default=True, type='bool'), + purge_tags=dict(default=True, type='bool'), + subnets=dict(type='list'), + security_groups=dict(type='list'), + scheme=dict(default='internet-facing', choices=['internet-facing', 'internal']), + state=dict(choices=['present', 'absent'], default='present'), + tags=dict(type='dict'), + wait_timeout=dict(type='int'), + wait=dict(default=False, type='bool'), + purge_rules=dict(default=True, type='bool') + ) + + module = AnsibleAWSModule(argument_spec=argument_spec, + required_if=[ + ('state', 'present', ['subnets', 'security_groups']) + ], + required_together=[ + ['access_logs_enabled', 'access_logs_s3_bucket'] + ] + ) + + # Quick check of listeners parameters + listeners = module.params.get("listeners") + if listeners is not None: + for listener in listeners: + for key in listener.keys(): + if key == 'Protocol' and listener[key] == 'HTTPS': + if listener.get('SslPolicy') is None: + module.fail_json(msg="'SslPolicy' is a required listener dict key when Protocol = HTTPS") + + if listener.get('Certificates') is None: + module.fail_json(msg="'Certificates' is a required listener dict key when Protocol = HTTPS") + + connection = module.client('elbv2') + connection_ec2 = module.client('ec2') + + state = module.params.get("state") + + elb = ApplicationLoadBalancer(connection, connection_ec2, module) + + if state == 'present': + create_or_update_elb(elb) + else: + delete_elb(elb) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/elb_application_lb_facts.py b/plugins/modules/elb_application_lb_facts.py new file mode 120000 index 00000000000..c5ee0eaca83 --- /dev/null +++ b/plugins/modules/elb_application_lb_facts.py @@ -0,0 +1 @@ +elb_application_lb_info.py \ No newline at end of file diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py new file mode 100644 index 00000000000..d115d029f36 --- /dev/null +++ b/plugins/modules/elb_application_lb_info.py @@ -0,0 +1,292 @@ +#!/usr/bin/python +# Copyright: Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: elb_application_lb_info +short_description: Gather information about application ELBs in AWS +description: + - Gather information about application ELBs in AWS + - This module was called C(elb_application_lb_facts) before Ansible 2.9. The usage did not change. +requirements: [ boto3 ] +author: Rob White (@wimnat) +options: + load_balancer_arns: + description: + - The Amazon Resource Names (ARN) of the load balancers. You can specify up to 20 load balancers in a single call. + required: false + type: list + names: + description: + - The names of the load balancers. + required: false + type: list + +extends_documentation_fragment: +- ansible.amazon.aws +- ansible.amazon.ec2 + +''' + +EXAMPLES = ''' +# Note: These examples do not set authentication details, see the AWS Guide for details. + +# Gather information about all target groups +- elb_application_lb_info: + +# Gather information about the target group attached to a particular ELB +- elb_application_lb_info: + load_balancer_arns: + - "arn:aws:elasticloadbalancing:ap-southeast-2:001122334455:loadbalancer/app/my-elb/aabbccddeeff" + +# Gather information about a target groups named 'tg1' and 'tg2' +- elb_application_lb_info: + names: + - elb1 + - elb2 + +# Gather information about specific ALB +- elb_application_lb_info: + names: "alb-name" + region: "aws-region" + register: alb_info +- debug: + var: alb_info +''' + +RETURN = ''' +load_balancers: + description: a list of load balancers + returned: always + type: complex + contains: + access_logs_s3_bucket: + description: The name of the S3 bucket for the access logs. + returned: when status is present + type: str + sample: mys3bucket + access_logs_s3_enabled: + description: Indicates whether access logs stored in Amazon S3 are enabled. + returned: when status is present + type: str + sample: true + access_logs_s3_prefix: + description: The prefix for the location in the S3 bucket. + returned: when status is present + type: str + sample: /my/logs + availability_zones: + description: The Availability Zones for the load balancer. + returned: when status is present + type: list + sample: "[{'subnet_id': 'subnet-aabbccddff', 'zone_name': 'ap-southeast-2a'}]" + canonical_hosted_zone_id: + description: The ID of the Amazon Route 53 hosted zone associated with the load balancer. + returned: when status is present + type: str + sample: ABCDEF12345678 + created_time: + description: The date and time the load balancer was created. + returned: when status is present + type: str + sample: "2015-02-12T02:14:02+00:00" + deletion_protection_enabled: + description: Indicates whether deletion protection is enabled. + returned: when status is present + type: str + sample: true + dns_name: + description: The public DNS name of the load balancer. + returned: when status is present + type: str + sample: internal-my-elb-123456789.ap-southeast-2.elb.amazonaws.com + idle_timeout_timeout_seconds: + description: The idle timeout value, in seconds. + returned: when status is present + type: str + sample: 60 + ip_address_type: + description: The type of IP addresses used by the subnets for the load balancer. + returned: when status is present + type: str + sample: ipv4 + load_balancer_arn: + description: The Amazon Resource Name (ARN) of the load balancer. + returned: when status is present + type: str + sample: arn:aws:elasticloadbalancing:ap-southeast-2:0123456789:loadbalancer/app/my-elb/001122334455 + load_balancer_name: + description: The name of the load balancer. + returned: when status is present + type: str + sample: my-elb + scheme: + description: Internet-facing or internal load balancer. + returned: when status is present + type: str + sample: internal + security_groups: + description: The IDs of the security groups for the load balancer. + returned: when status is present + type: list + sample: ['sg-0011223344'] + state: + description: The state of the load balancer. + returned: when status is present + type: dict + sample: "{'code': 'active'}" + tags: + description: The tags attached to the load balancer. + returned: when status is present + type: dict + sample: "{ + 'Tag': 'Example' + }" + type: + description: The type of load balancer. + returned: when status is present + type: str + sample: application + vpc_id: + description: The ID of the VPC for the load balancer. + returned: when status is present + type: str + sample: vpc-0011223344 +''' + +import traceback + +try: + import boto3 + from botocore.exceptions import ClientError, NoCredentialsError + HAS_BOTO3 = True +except ImportError: + HAS_BOTO3 = False + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.ansible.amazon.plugins.module_utils.ec2 import (boto3_conn, boto3_tag_list_to_ansible_dict, camel_dict_to_snake_dict, + ec2_argument_spec, get_aws_connection_info) + + +def get_elb_listeners(connection, module, elb_arn): + + try: + return connection.describe_listeners(LoadBalancerArn=elb_arn)['Listeners'] + except ClientError as e: + module.fail_json(msg=e.message, exception=traceback.format_exc(), **camel_dict_to_snake_dict(e.response)) + + +def get_listener_rules(connection, module, listener_arn): + + try: + return connection.describe_rules(ListenerArn=listener_arn)['Rules'] + except ClientError as e: + module.fail_json(msg=e.message, exception=traceback.format_exc(), **camel_dict_to_snake_dict(e.response)) + + +def get_load_balancer_attributes(connection, module, load_balancer_arn): + + try: + load_balancer_attributes = boto3_tag_list_to_ansible_dict(connection.describe_load_balancer_attributes(LoadBalancerArn=load_balancer_arn)['Attributes']) + except ClientError as e: + module.fail_json(msg=e.message, exception=traceback.format_exc(), **camel_dict_to_snake_dict(e.response)) + + # Replace '.' with '_' in attribute key names to make it more Ansibley + for k, v in list(load_balancer_attributes.items()): + load_balancer_attributes[k.replace('.', '_')] = v + del load_balancer_attributes[k] + + return load_balancer_attributes + + +def get_load_balancer_tags(connection, module, load_balancer_arn): + + try: + return boto3_tag_list_to_ansible_dict(connection.describe_tags(ResourceArns=[load_balancer_arn])['TagDescriptions'][0]['Tags']) + except ClientError as e: + module.fail_json(msg=e.message, exception=traceback.format_exc(), **camel_dict_to_snake_dict(e.response)) + + +def list_load_balancers(connection, module): + + load_balancer_arns = module.params.get("load_balancer_arns") + names = module.params.get("names") + + try: + load_balancer_paginator = connection.get_paginator('describe_load_balancers') + if not load_balancer_arns and not names: + load_balancers = load_balancer_paginator.paginate().build_full_result() + if load_balancer_arns: + load_balancers = load_balancer_paginator.paginate(LoadBalancerArns=load_balancer_arns).build_full_result() + if names: + load_balancers = load_balancer_paginator.paginate(Names=names).build_full_result() + except ClientError as e: + if e.response['Error']['Code'] == 'LoadBalancerNotFound': + module.exit_json(load_balancers=[]) + else: + module.fail_json(msg=e.message, exception=traceback.format_exc(), **camel_dict_to_snake_dict(e.response)) + except NoCredentialsError as e: + module.fail_json(msg="AWS authentication problem. " + e.message, exception=traceback.format_exc()) + + for load_balancer in load_balancers['LoadBalancers']: + # Get the attributes for each elb + load_balancer.update(get_load_balancer_attributes(connection, module, load_balancer['LoadBalancerArn'])) + + # Get the listeners for each elb + load_balancer['listeners'] = get_elb_listeners(connection, module, load_balancer['LoadBalancerArn']) + + # For each listener, get listener rules + for listener in load_balancer['listeners']: + listener['rules'] = get_listener_rules(connection, module, listener['ListenerArn']) + + # Turn the boto3 result in to ansible_friendly_snaked_names + snaked_load_balancers = [camel_dict_to_snake_dict(load_balancer) for load_balancer in load_balancers['LoadBalancers']] + + # Get tags for each load balancer + for snaked_load_balancer in snaked_load_balancers: + snaked_load_balancer['tags'] = get_load_balancer_tags(connection, module, snaked_load_balancer['load_balancer_arn']) + + module.exit_json(load_balancers=snaked_load_balancers) + + +def main(): + + argument_spec = ec2_argument_spec() + argument_spec.update( + dict( + load_balancer_arns=dict(type='list'), + names=dict(type='list') + ) + ) + + module = AnsibleModule(argument_spec=argument_spec, + mutually_exclusive=[['load_balancer_arns', 'names']], + supports_check_mode=True + ) + if module._name == 'elb_application_lb_facts': + module.deprecate("The 'elb_application_lb_facts' module has been renamed to 'elb_application_lb_info'", version='2.13') + + if not HAS_BOTO3: + module.fail_json(msg='boto3 required for this module') + + region, ec2_url, aws_connect_params = get_aws_connection_info(module, boto3=True) + + if region: + connection = boto3_conn(module, conn_type='client', resource='elbv2', region=region, endpoint=ec2_url, **aws_connect_params) + else: + module.fail_json(msg="region must be specified") + + list_load_balancers(connection, module) + + +if __name__ == '__main__': + main() diff --git a/tests/integration/targets/elb_application_lb/aliases b/tests/integration/targets/elb_application_lb/aliases new file mode 100644 index 00000000000..56927195182 --- /dev/null +++ b/tests/integration/targets/elb_application_lb/aliases @@ -0,0 +1,2 @@ +cloud/aws +unsupported diff --git a/tests/integration/targets/elb_application_lb/defaults/main.yml b/tests/integration/targets/elb_application_lb/defaults/main.yml new file mode 100644 index 00000000000..8100bd55ed0 --- /dev/null +++ b/tests/integration/targets/elb_application_lb/defaults/main.yml @@ -0,0 +1,6 @@ +--- +# load balancer and target group names have to be less than 32 characters +# the 8 digit identifier at the end of resource_prefix helps determine during which test something +# was created and allows tests to be run in parallel +alb_name: "my-alb-{{ resource_prefix | regex_search('([0-9]+)$') }}" +tg_name: "my-tg-{{ resource_prefix | regex_search('([0-9]+)$') }}" diff --git a/tests/integration/targets/elb_application_lb/meta/main.yml b/tests/integration/targets/elb_application_lb/meta/main.yml new file mode 100644 index 00000000000..1810d4bec98 --- /dev/null +++ b/tests/integration/targets/elb_application_lb/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - setup_remote_tmp_dir diff --git a/tests/integration/targets/elb_application_lb/tasks/full_test.yml b/tests/integration/targets/elb_application_lb/tasks/full_test.yml new file mode 100644 index 00000000000..8c1f95fb8e5 --- /dev/null +++ b/tests/integration/targets/elb_application_lb/tasks/full_test.yml @@ -0,0 +1,280 @@ +- block: + - name: set connection information for all tasks + set_fact: + aws_connection_info: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + awscli_connection_info: + AWS_ACCESS_KEY_ID: '{{ aws_access_key }}' + AWS_SECRET_ACCESS_KEY: '{{ aws_secret_key }}' + AWS_SESSION_TOKEN: '{{ security_token }}' + AWS_DEFAULT_REGION: '{{ aws_region }}' + no_log: true + - name: create VPC + ec2_vpc_net: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + cidr_block: 10.228.228.0/22 + name: '{{ resource_prefix }}_vpc' + state: present + register: vpc + - name: create internet gateway + ec2_vpc_igw: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + vpc_id: '{{ vpc.vpc.id }}' + state: present + tags: + Name: '{{ resource_prefix }}' + register: igw + - name: create public subnet + ec2_vpc_subnet: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + cidr: '{{ item.cidr }}' + az: '{{ aws_region}}{{ item.az }}' + vpc_id: '{{ vpc.vpc.id }}' + state: present + tags: + Public: '{{ item.public|string }}' + Name: '{{ item.public|ternary(''public'', ''private'') }}-{{ item.az }}' + with_items: + - cidr: 10.228.228.0/24 + az: a + public: 'True' + - cidr: 10.228.229.0/24 + az: b + public: 'True' + - cidr: 10.228.230.0/24 + az: a + public: 'False' + - cidr: 10.228.231.0/24 + az: b + public: 'False' + register: subnets + - ec2_vpc_subnet_info: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + filters: + vpc-id: '{{ vpc.vpc.id }}' + register: vpc_subnets + - name: create list of subnet ids + set_fact: + alb_subnets: '{{ vpc_subnets|json_query(''subnets[?tags.Public == `True`].id'') }}' + private_subnets: '{{ vpc_subnets|json_query(''subnets[?tags.Public != `True`].id'') }}' + - name: create a route table + ec2_vpc_route_table: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + vpc_id: '{{ vpc.vpc.id }}' + tags: + Name: igw-route + Created: '{{ resource_prefix }}' + subnets: '{{ alb_subnets + private_subnets }}' + routes: + - dest: 0.0.0.0/0 + gateway_id: '{{ igw.gateway_id }}' + register: route_table + - ec2_group: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + name: '{{ resource_prefix }}' + description: security group for Ansible ALB integration tests + state: present + vpc_id: '{{ vpc.vpc.id }}' + rules: + - proto: tcp + from_port: 1 + to_port: 65535 + cidr_ip: 0.0.0.0/0 + register: sec_group + - name: create a target group for testing + elb_target_group: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + name: '{{ tg_name }}' + protocol: http + port: 80 + vpc_id: '{{ vpc.vpc.id }}' + state: present + register: tg + - name: create privatekey for testing + community.crypto.openssl_privatekey: + path: ./ansible_alb_test.pem + size: 2048 + - name: create csr for cert + community.crypto.openssl_csr: + path: ./ansible_alb_test.csr + privatekey_path: ./ansible_alb_test.pem + C: US + ST: AnyPrincipality + L: AnyTown + O: AnsibleIntegrationTest + OU: Test + CN: ansible-alb-test.example.com + - name: create certificate + community.crypto.openssl_certificate: + path: ./ansible_alb_test.crt + privatekey_path: ./ansible_alb_test.pem + csr_path: ./ansible_alb_test.csr + provider: selfsigned + - name: upload server cert to iam + iam_cert: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + name: '{{ alb_name }}' + state: present + cert: ./ansible_alb_test.crt + key: ./ansible_alb_test.pem + register: cert_upload + - name: register certificate arn to acm_arn fact + set_fact: + cert_arn: '{{ cert_upload.arn }}' + - include_tasks: test_alb_bad_listener_options.yml + - include_tasks: test_alb_tags.yml + - include_tasks: test_creating_alb.yml + - include_tasks: test_alb_with_asg.yml + - include_tasks: test_modifying_alb_listeners.yml + - include_tasks: test_deleting_alb.yml + - include_tasks: test_multiple_actions.yml + always: + - name: destroy ALB + elb_application_lb: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + name: '{{ alb_name }}' + state: absent + wait: true + wait_timeout: 600 + ignore_errors: true + - name: destroy target group if it was created + elb_target_group: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + name: '{{ tg_name }}' + protocol: http + port: 80 + vpc_id: '{{ vpc.vpc.id }}' + state: absent + wait: true + wait_timeout: 600 + register: remove_tg + retries: 5 + delay: 3 + until: remove_tg is success + when: tg is defined + ignore_errors: true + - name: destroy acm certificate + iam_cert: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + name: '{{ alb_name }}' + state: absent + register: remove_cert + retries: 5 + delay: 3 + until: remove_cert is success + when: cert_arn is defined + ignore_errors: true + - name: destroy sec group + ec2_group: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + name: '{{ sec_group.group_name }}' + description: security group for Ansible ALB integration tests + state: absent + vpc_id: '{{ vpc.vpc.id }}' + register: remove_sg + retries: 10 + delay: 5 + until: remove_sg is success + ignore_errors: true + - name: remove route table + ec2_vpc_route_table: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + vpc_id: '{{ vpc.vpc.id }}' + route_table_id: '{{ route_table.route_table.route_table_id }}' + lookup: id + state: absent + register: remove_rt + retries: 10 + delay: 5 + until: remove_rt is success + ignore_errors: true + - name: destroy subnets + ec2_vpc_subnet: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + cidr: '{{ item.cidr }}' + vpc_id: '{{ vpc.vpc.id }}' + state: absent + register: remove_subnet + retries: 10 + delay: 5 + until: remove_subnet is success + with_items: + - cidr: 10.228.228.0/24 + - cidr: 10.228.229.0/24 + - cidr: 10.228.230.0/24 + - cidr: 10.228.231.0/24 + ignore_errors: true + - name: destroy internet gateway + ec2_vpc_igw: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + vpc_id: '{{ vpc.vpc.id }}' + tags: + Name: '{{ resource_prefix }}' + state: absent + register: remove_igw + retries: 10 + delay: 5 + until: remove_igw is success + ignore_errors: true + - name: destroy VPC + ec2_vpc_net: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + cidr_block: 10.228.228.0/22 + name: '{{ resource_prefix }}_vpc' + state: absent + register: remove_vpc + retries: 10 + delay: 5 + until: remove_vpc is success + ignore_errors: true diff --git a/tests/integration/targets/elb_application_lb/tasks/main.yml b/tests/integration/targets/elb_application_lb/tasks/main.yml new file mode 100644 index 00000000000..037d7fd4af5 --- /dev/null +++ b/tests/integration/targets/elb_application_lb/tasks/main.yml @@ -0,0 +1,44 @@ +- set_fact: + virtualenv: "{{ remote_tmp_dir }}/virtualenv" + virtualenv_command: "{{ ansible_python_interpreter }} -m virtualenv" + +- set_fact: + virtualenv_interpreter: "{{ virtualenv }}/bin/python" + +- pip: + name: virtualenv + +- pip: + name: + - 'botocore<1.10.30' + - boto3 + - boto + - coverage + - cryptography + virtualenv: "{{ virtualenv }}" + virtualenv_command: "{{ virtualenv_command }}" + virtualenv_site_packages: no + +- include_tasks: multiple_actions_fail.yml + vars: + ansible_python_interpreter: "{{ virtualenv_interpreter }}" + + +- pip: + name: + - 'botocore>=1.10.30' + - boto3 + - boto + - coverage + - cryptography + virtualenv: "{{ virtualenv }}" + virtualenv_command: "{{ virtualenv_command }}" + virtualenv_site_packages: no + +- include_tasks: full_test.yml + vars: + ansible_python_interpreter: "{{ virtualenv_interpreter }}" + +- file: + path: "{{ virtualenv }}" + state: absent diff --git a/tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml b/tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml new file mode 100644 index 00000000000..04bf70b96a8 --- /dev/null +++ b/tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml @@ -0,0 +1,274 @@ +- block: + - name: set connection information for all tasks + set_fact: + aws_connection_info: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + awscli_connection_info: + AWS_ACCESS_KEY_ID: '{{ aws_access_key }}' + AWS_SECRET_ACCESS_KEY: '{{ aws_secret_key }}' + AWS_SESSION_TOKEN: '{{ security_token }}' + AWS_DEFAULT_REGION: '{{ aws_region }}' + no_log: true + - name: create VPC + ec2_vpc_net: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + cidr_block: 10.228.228.0/22 + name: '{{ resource_prefix }}_vpc' + state: present + register: vpc + - name: create internet gateway + ec2_vpc_igw: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + vpc_id: '{{ vpc.vpc.id }}' + state: present + tags: + Name: '{{ resource_prefix }}' + register: igw + - name: create public subnet + ec2_vpc_subnet: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + cidr: '{{ item.cidr }}' + az: '{{ aws_region}}{{ item.az }}' + vpc_id: '{{ vpc.vpc.id }}' + state: present + tags: + Public: '{{ item.public|string }}' + Name: '{{ item.public|ternary(''public'', ''private'') }}-{{ item.az }}' + with_items: + - cidr: 10.228.228.0/24 + az: a + public: 'True' + - cidr: 10.228.229.0/24 + az: b + public: 'True' + - cidr: 10.228.230.0/24 + az: a + public: 'False' + - cidr: 10.228.231.0/24 + az: b + public: 'False' + register: subnets + - ec2_vpc_subnet_facts: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + filters: + vpc-id: '{{ vpc.vpc.id }}' + register: vpc_subnets + - name: create list of subnet ids + set_fact: + alb_subnets: '{{ vpc_subnets|json_query(''subnets[?tags.Public == `True`].id'') }}' + private_subnets: '{{ vpc_subnets|json_query(''subnets[?tags.Public != `True`].id'') }}' + - name: create a route table + ec2_vpc_route_table: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + vpc_id: '{{ vpc.vpc.id }}' + tags: + Name: igw-route + Created: '{{ resource_prefix }}' + subnets: '{{ alb_subnets + private_subnets }}' + routes: + - dest: 0.0.0.0/0 + gateway_id: '{{ igw.gateway_id }}' + register: route_table + - ec2_group: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + name: '{{ resource_prefix }}' + description: security group for Ansible ALB integration tests + state: present + vpc_id: '{{ vpc.vpc.id }}' + rules: + - proto: tcp + from_port: 1 + to_port: 65535 + cidr_ip: 0.0.0.0/0 + register: sec_group + - name: create a target group for testing + elb_target_group: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + name: '{{ tg_name }}' + protocol: http + port: 80 + vpc_id: '{{ vpc.vpc.id }}' + state: present + register: tg + - name: create privatekey for testing + community.crypto.openssl_privatekey: + path: ./ansible_alb_test.pem + size: 2048 + - name: create csr for cert + community.crypto.openssl_csr: + path: ./ansible_alb_test.csr + privatekey_path: ./ansible_alb_test.pem + C: US + ST: AnyPrincipality + L: AnyTown + O: AnsibleIntegrationTest + OU: Test + CN: ansible-alb-test.example.com + - name: create certificate + community.crypto.openssl_certificate: + path: ./ansible_alb_test.crt + privatekey_path: ./ansible_alb_test.pem + csr_path: ./ansible_alb_test.csr + provider: selfsigned + - name: upload server cert to iam + iam_cert: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + name: '{{ alb_name }}' + state: present + cert: ./ansible_alb_test.crt + key: ./ansible_alb_test.pem + register: cert_upload + - name: register certificate arn to acm_arn fact + set_fact: + cert_arn: '{{ cert_upload.arn }}' + - include_tasks: test_multiple_actions_fail.yml + always: + - name: destroy ALB + elb_application_lb: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + name: '{{ alb_name }}' + state: absent + wait: true + wait_timeout: 600 + ignore_errors: true + - name: destroy target group if it was created + elb_target_group: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + name: '{{ tg_name }}' + protocol: http + port: 80 + vpc_id: '{{ vpc.vpc.id }}' + state: absent + wait: true + wait_timeout: 600 + register: remove_tg + retries: 10 + delay: 5 + until: remove_tg is success + when: tg is defined + ignore_errors: true + - name: destroy acm certificate + iam_cert: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + name: '{{ alb_name }}' + state: absent + register: remove_cert + retries: 10 + delay: 5 + until: remove_cert is success + when: cert_arn is defined + ignore_errors: true + - name: destroy sec group + ec2_group: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + name: '{{ sec_group.group_name }}' + description: security group for Ansible ALB integration tests + state: absent + vpc_id: '{{ vpc.vpc.id }}' + register: remove_sg + retries: 10 + delay: 5 + until: remove_sg is success + ignore_errors: true + - name: remove route table + ec2_vpc_route_table: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + vpc_id: '{{ vpc.vpc.id }}' + route_table_id: '{{ route_table.route_table.route_table_id }}' + lookup: id + state: absent + register: remove_rt + retries: 10 + delay: 5 + until: remove_rt is success + ignore_errors: true + - name: destroy subnets + ec2_vpc_subnet: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + cidr: '{{ item.cidr }}' + vpc_id: '{{ vpc.vpc.id }}' + state: absent + register: remove_subnet + retries: 10 + delay: 5 + until: remove_subnet is success + with_items: + - cidr: 10.228.228.0/24 + - cidr: 10.228.229.0/24 + - cidr: 10.228.230.0/24 + - cidr: 10.228.231.0/24 + ignore_errors: true + - name: destroy internet gateway + ec2_vpc_igw: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + vpc_id: '{{ vpc.vpc.id }}' + tags: + Name: '{{ resource_prefix }}' + state: absent + register: remove_igw + retries: 10 + delay: 5 + until: remove_igw is success + ignore_errors: true + - name: destroy VPC + ec2_vpc_net: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token }}' + region: '{{ aws_region }}' + cidr_block: 10.228.228.0/22 + name: '{{ resource_prefix }}_vpc' + state: absent + register: remove_vpc + retries: 10 + delay: 5 + until: remove_vpc is success + ignore_errors: true diff --git a/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml b/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml new file mode 100644 index 00000000000..821ad36d767 --- /dev/null +++ b/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml @@ -0,0 +1,71 @@ +- block: + + - name: set connection information for all tasks + set_fact: + aws_connection_info: &aws_connection_info + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + security_token: "{{ security_token }}" + region: "{{ aws_region }}" + no_log: yes + + - name: test creating an ALB with invalid listener options + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTPS + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + <<: *aws_connection_info + ignore_errors: yes + register: alb + + - assert: + that: + - alb is failed + - alb.msg.startswith("'SslPolicy' is a required listener dict key when Protocol = HTTPS") + + - name: test creating an ALB without providing required listener options + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Port: 80 + <<: *aws_connection_info + ignore_errors: yes + register: alb + + - assert: + that: + - alb is failed + - '"missing required arguments" in alb.msg' + - '"Protocol" in alb.msg' + - '"DefaultActions" in alb.msg' + + - name: test creating an ALB providing an invalid listener option type + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: "bad type" + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + <<: *aws_connection_info + ignore_errors: yes + register: alb + + - assert: + that: + - alb is failed + - "'unable to convert to int' in alb.msg" diff --git a/tests/integration/targets/elb_application_lb/tasks/test_alb_tags.yml b/tests/integration/targets/elb_application_lb/tasks/test_alb_tags.yml new file mode 100644 index 00000000000..b7942fa7368 --- /dev/null +++ b/tests/integration/targets/elb_application_lb/tasks/test_alb_tags.yml @@ -0,0 +1,93 @@ +- block: + + - name: set connection information for all tasks + set_fact: + aws_connection_info: &aws_connection_info + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + security_token: "{{ security_token }}" + region: "{{ aws_region }}" + no_log: yes + + - name: create ALB with no listeners + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + <<: *aws_connection_info + register: alb + + - assert: + that: + - alb.changed + + - name: re-create ALB with no listeners + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + <<: *aws_connection_info + register: alb + + - assert: + that: + - not alb.changed + + - name: add tags to ALB + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: + created_by: "ALB test {{ resource_prefix }}" + <<: *aws_connection_info + register: alb + + - assert: + that: + - alb.changed + - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}"}' + + - name: remove tags from ALB + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: {} + <<: *aws_connection_info + register: alb + + - assert: + that: + - alb.changed + - not alb.tags + + - name: test idempotence + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: {} + <<: *aws_connection_info + register: alb + + - assert: + that: + - not alb.changed + - not alb.tags + + - name: destroy ALB with no listeners + elb_application_lb: + name: "{{ alb_name }}" + state: absent + <<: *aws_connection_info + register: alb + + - assert: + that: + - alb.changed diff --git a/tests/integration/targets/elb_application_lb/tasks/test_alb_with_asg.yml b/tests/integration/targets/elb_application_lb/tasks/test_alb_with_asg.yml new file mode 100644 index 00000000000..de97d5bdc9e --- /dev/null +++ b/tests/integration/targets/elb_application_lb/tasks/test_alb_with_asg.yml @@ -0,0 +1,89 @@ +- block: + + - name: set connection information for all tasks + set_fact: + aws_connection_info: &aws_connection_info + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + security_token: "{{ security_token }}" + region: "{{ aws_region }}" + no_log: yes + + - ec2_ami_info: + <<: *aws_connection_info + filters: + architecture: x86_64 + virtualization-type: hvm + root-device-type: ebs + name: "amzn-ami-hvm*" + owner-alias: "amazon" + register: amis + + - set_fact: + latest_amazon_linux: "{{ amis.images | sort(attribute='creation_date') | last }}" + + - ec2_asg: + <<: *aws_connection_info + state: absent + name: "{{ resource_prefix }}-webservers" + wait_timeout: 900 + + - ec2_lc: + <<: *aws_connection_info + name: "{{ resource_prefix }}-web-lcfg" + state: absent + + - name: Create launch config for testing + ec2_lc: + <<: *aws_connection_info + name: "{{ resource_prefix }}-web-lcfg" + assign_public_ip: true + image_id: "{{ latest_amazon_linux.image_id }}" + security_groups: "{{ sec_group.group_id }}" + instance_type: t2.medium + user_data: | + #!/bin/bash + set -x + yum update -y --nogpgcheck + yum install -y --nogpgcheck httpd + echo "Hello Ansiblings!" >> /var/www/html/index.html + service httpd start + volumes: + - device_name: /dev/xvda + volume_size: 10 + volume_type: gp2 + delete_on_termination: true + + - name: Create autoscaling group for app server fleet + ec2_asg: + <<: *aws_connection_info + name: "{{ resource_prefix }}-webservers" + vpc_zone_identifier: "{{ alb_subnets }}" + launch_config_name: "{{ resource_prefix }}-web-lcfg" + termination_policies: + - OldestLaunchConfiguration + - Default + health_check_period: 600 + health_check_type: EC2 + replace_all_instances: true + min_size: 0 + max_size: 2 + desired_capacity: 1 + wait_for_instances: true + target_group_arns: + - "{{ tg.target_group_arn }}" + + always: + + - ec2_asg: + <<: *aws_connection_info + state: absent + name: "{{ resource_prefix }}-webservers" + wait_timeout: 900 + ignore_errors: yes + + - ec2_lc: + <<: *aws_connection_info + name: "{{ resource_prefix }}-web-lcfg" + state: absent + ignore_errors: yes diff --git a/tests/integration/targets/elb_application_lb/tasks/test_creating_alb.yml b/tests/integration/targets/elb_application_lb/tasks/test_creating_alb.yml new file mode 100644 index 00000000000..ee932d4eded --- /dev/null +++ b/tests/integration/targets/elb_application_lb/tasks/test_creating_alb.yml @@ -0,0 +1,52 @@ +- block: + + - name: set connection information for all tasks + set_fact: + aws_connection_info: &aws_connection_info + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + security_token: "{{ security_token }}" + region: "{{ aws_region }}" + no_log: yes + + - name: create ALB with a listener + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + <<: *aws_connection_info + register: alb + + - assert: + that: + - alb.changed + - alb.listeners|length == 1 + - alb.listeners[0].rules|length == 1 + + - name: test idempotence creating ALB with a listener + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + <<: *aws_connection_info + register: alb + + - assert: + that: + - not alb.changed + - alb.listeners|length == 1 + - alb.listeners[0].rules|length == 1 diff --git a/tests/integration/targets/elb_application_lb/tasks/test_deleting_alb.yml b/tests/integration/targets/elb_application_lb/tasks/test_deleting_alb.yml new file mode 100644 index 00000000000..34e278cb9f6 --- /dev/null +++ b/tests/integration/targets/elb_application_lb/tasks/test_deleting_alb.yml @@ -0,0 +1,52 @@ +- block: + + - name: set connection information for all tasks + set_fact: + aws_connection_info: &aws_connection_info + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + security_token: "{{ security_token }}" + region: "{{ aws_region }}" + no_log: yes + + - name: destroy ALB with listener + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: absent + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + <<: *aws_connection_info + wait: yes + wait_timeout: 300 + register: alb + + - assert: + that: + - alb.changed + + - name: test idempotence + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: absent + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + <<: *aws_connection_info + wait: yes + wait_timeout: 300 + register: alb + + - assert: + that: + - not alb.changed diff --git a/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml b/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml new file mode 100644 index 00000000000..943d766340d --- /dev/null +++ b/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml @@ -0,0 +1,240 @@ +- block: + + - name: set connection information for all tasks + set_fact: + aws_connection_info: &aws_connection_info + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + security_token: "{{ security_token }}" + region: "{{ aws_region }}" + no_log: yes + + - name: add a rule to the listener + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: + - Conditions: + - Field: path-pattern + Values: + - '/test' + Priority: '1' + Actions: + - TargetGroupName: "{{ tg_name }}" + Type: forward + <<: *aws_connection_info + register: alb + + - assert: + that: + - alb.changed + - alb.listeners[0].rules|length == 2 + + - name: test replacing the rule with one with the same priority + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + purge_listeners: true + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: + - Conditions: + - Field: path-pattern + Values: + - '/new' + Priority: '1' + Actions: + - TargetGroupName: "{{ tg_name }}" + Type: forward + <<: *aws_connection_info + register: alb + + - assert: + that: + - alb.changed + - alb.listeners[0].rules|length == 2 + + - name: test the rule will not be removed without purge_listeners + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + <<: *aws_connection_info + register: alb + + - assert: + that: + - not alb.changed + - alb.listeners[0].rules|length == 2 + + - name: test a rule can be added and other rules will not be removed when purge_rules is no. + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + purge_rules: no + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: + - Conditions: + - Field: path-pattern + Values: + - '/new' + Priority: '2' + Actions: + - TargetGroupName: "{{ tg_name }}" + Type: forward + <<: *aws_connection_info + register: alb + + - assert: + that: + - alb.changed + - alb.listeners[0].rules|length == 3 + + - name: add a rule that uses the host header condition to the listener + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + purge_rules: no + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: + - Conditions: + - Field: host-header + Values: + - 'local.mydomain.com' + Priority: '3' + Actions: + - TargetGroupName: "{{ tg_name }}" + Type: forward + <<: *aws_connection_info + register: alb + + - assert: + that: + - alb.changed + - alb.listeners[0].rules|length == 4 + - '{{ alb|json_query("listeners[].rules[].conditions[].host_header_config.values[]")|length == 1 }}' + + - name: test replacing the rule that uses the host header condition with multiple host header conditions + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + purge_rules: no + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: + - Conditions: + - Field: host-header + Values: + - 'local.mydomain.com' + - 'alternate.mydomain.com' + Priority: '3' + Actions: + - TargetGroupName: "{{ tg_name }}" + Type: forward + <<: *aws_connection_info + register: alb + + - assert: + that: + - alb.changed + - alb.listeners[0].rules|length == 4 + - '{{ alb|json_query("listeners[].rules[].conditions[].host_header_config.values[]")|length == 2 }}' + + - name: remove the rule + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + purge_listeners: true + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: [] + <<: *aws_connection_info + register: alb + + - assert: + that: + - alb.changed + - alb.listeners[0].rules|length == 1 + + - name: remove listener from ALB + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: [] + <<: *aws_connection_info + register: alb + + - assert: + that: + - alb.changed + - not alb.listeners + + - name: add the listener to the ALB + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + <<: *aws_connection_info + register: alb + + - assert: + that: + - alb.changed + - alb.listeners|length == 1 + - alb.availability_zones|length == 2 diff --git a/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml b/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml new file mode 100644 index 00000000000..6223270c3d0 --- /dev/null +++ b/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml @@ -0,0 +1,467 @@ +- block: + + - name: set connection information for all tasks + set_fact: + aws_connection_info: &aws_connection_info + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + security_token: "{{ security_token }}" + region: "{{ aws_region }}" + no_log: yes + + - name: register dummy OIDC config + set_fact: + AuthenticateOidcActionConfig: + AuthorizationEndpoint: "https://www.example.com/auth" + ClientId: "eeeeeeeeeeeeeeeeeeeeeeeeee" + ClientSecret: "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" + Issuer: "https://www.example.com/issuer" + OnUnauthenticatedRequest: "authenticate" + Scope: "openid" + SessionCookieName: "AWSELBAuthSessionCookie" + SessionTimeout: 604800 + TokenEndpoint: "https://www.example.com/token" + UserInfoEndpoint: "https://www.example.com/userinfo" + UseExistingClientSecret: true + + - name: register fixed response action + set_fact: + FixedResponseActionConfig: + ContentType: "text/plain" + MessageBody: "This is the page you're looking for" + StatusCode: "200" + + - name: register redirect action + set_fact: + RedirectActionConfig: + Host: "#{host}" + Path: "/example/redir" # or /#{path} + Port: "#{port}" + Protocol: "#{protocol}" + Query: "#{query}" + StatusCode: "HTTP_302" # or HTTP_301 + + - name: delete existing ALB to avoid target group association issues + elb_application_lb: + name: "{{ alb_name }}" + state: absent + <<: *aws_connection_info + wait: yes + wait_timeout: 600 + + - name: cleanup tg to avoid target group association issues + elb_target_group: + name: "{{ tg_name }}" + protocol: http + port: 80 + vpc_id: "{{ vpc.vpc.id }}" + state: absent + wait: yes + wait_timeout: 600 + <<: *aws_connection_info + register: cleanup_tg + retries: 5 + delay: 3 + until: cleanup_tg is success + + - name: recreate a target group + elb_target_group: + name: "{{ tg_name }}" + protocol: http + port: 80 + vpc_id: "{{ vpc.vpc.id }}" + state: present + <<: *aws_connection_info + register: tg + + - name: create ALB with redirect DefaultAction + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTPS + Port: 443 + DefaultActions: + - Type: redirect + RedirectConfig: "{{ RedirectActionConfig }}" + Certificates: + - CertificateArn: "{{ cert_arn }}" + SslPolicy: ELBSecurityPolicy-2016-08 + <<: *aws_connection_info + register: alb + + - assert: + that: + - alb.changed + - alb.listeners|length == 1 + - alb.listeners[0].rules[0].actions|length == 1 + - alb.listeners[0].rules[0].actions[0].type == "redirect" + + - name: test idempotence with redirect DefaultAction + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTPS + Port: 443 + DefaultActions: + - Type: redirect + RedirectConfig: "{{ RedirectActionConfig }}" + Certificates: + - CertificateArn: "{{ cert_arn }}" + SslPolicy: ELBSecurityPolicy-2016-08 + <<: *aws_connection_info + register: alb + + - assert: + that: + - not alb.changed + - alb.listeners|length == 1 + - alb.listeners[0].rules[0].actions|length == 1 + - alb.listeners[0].rules[0].actions[0].type == "redirect" + + - name: update ALB with fixed-response DefaultAction + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTPS + Port: 443 + DefaultActions: + - Type: fixed-response + FixedResponseConfig: "{{ FixedResponseActionConfig }}" + Certificates: + - CertificateArn: "{{ cert_arn }}" + SslPolicy: ELBSecurityPolicy-2016-08 + <<: *aws_connection_info + register: alb + + - assert: + that: + - alb.changed + - alb.listeners|length == 1 + - alb.listeners[0].rules[0].actions|length == 1 + - alb.listeners[0].rules[0].actions[0].type == "fixed-response" + + - name: test idempotence with fixed-response DefaultAction + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTPS + Port: 443 + DefaultActions: + - Type: fixed-response + FixedResponseConfig: "{{ FixedResponseActionConfig }}" + Certificates: + - CertificateArn: "{{ cert_arn }}" + SslPolicy: ELBSecurityPolicy-2016-08 + <<: *aws_connection_info + register: alb + + - assert: + that: + - not alb.changed + - alb.listeners|length == 1 + - alb.listeners[0].rules[0].actions|length == 1 + - alb.listeners[0].rules[0].actions[0].type == "fixed-response" + + - name: test multiple non-default rules + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTPS + Port: 443 + DefaultActions: + - Type: fixed-response + FixedResponseConfig: "{{ FixedResponseActionConfig }}" + Certificates: + - CertificateArn: "{{ cert_arn }}" + SslPolicy: ELBSecurityPolicy-2016-08 + Rules: + - Conditions: + - Field: path-pattern + Values: + - "/forward-path/*" + Priority: 1 + Actions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + - Conditions: + - Field: path-pattern + Values: + - "/redirect-path/*" + Priority: 2 + Actions: + - Type: redirect + RedirectConfig: "{{ RedirectActionConfig }}" + - Conditions: + - Field: path-pattern + Values: + - "/fixed-response-path/" + Priority: 3 + Actions: + - Type: fixed-response + FixedResponseConfig: "{{ FixedResponseActionConfig }}" + <<: *aws_connection_info + register: alb + + - assert: + that: + - alb.changed + - alb.listeners|length == 1 + - alb.listeners[0].rules|length == 4 ## defaultactions is included as a rule + - alb.listeners[0].rules[0].actions|length == 1 + - alb.listeners[0].rules[0].actions[0].type == "forward" + - alb.listeners[0].rules[1].actions|length == 1 + - alb.listeners[0].rules[1].actions[0].type == "redirect" + - alb.listeners[0].rules[2].actions|length == 1 + - alb.listeners[0].rules[2].actions[0].type == "fixed-response" + + - name: test idempotence multiple non-default rules + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTPS + Port: 443 + DefaultActions: + - Type: fixed-response + FixedResponseConfig: "{{ FixedResponseActionConfig }}" + Certificates: + - CertificateArn: "{{ cert_arn }}" + SslPolicy: ELBSecurityPolicy-2016-08 + Rules: + - Conditions: + - Field: path-pattern + Values: + - "/forward-path/*" + Priority: 1 + Actions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + - Conditions: + - Field: path-pattern + Values: + - "/redirect-path/*" + Priority: 2 + Actions: + - Type: redirect + RedirectConfig: "{{ RedirectActionConfig }}" + - Conditions: + - Field: path-pattern + Values: + - "/fixed-response-path/" + Priority: 3 + Actions: + - Type: fixed-response + FixedResponseConfig: "{{ FixedResponseActionConfig }}" + <<: *aws_connection_info + register: alb + + - assert: + that: + - not alb.changed + - alb.listeners|length == 1 + - alb.listeners[0].rules|length == 4 ## defaultactions is included as a rule + - alb.listeners[0].rules[0].actions|length == 1 + - alb.listeners[0].rules[0].actions[0].type == "forward" + - alb.listeners[0].rules[1].actions|length == 1 + - alb.listeners[0].rules[1].actions[0].type == "redirect" + - alb.listeners[0].rules[2].actions|length == 1 + - alb.listeners[0].rules[2].actions[0].type == "fixed-response" + + +# - name: test creating ALB with a default listener with multiple actions +# elb_application_lb: +# name: "{{ alb_name }}" +# subnets: "{{ alb_subnets }}" +# security_groups: "{{ sec_group.group_id }}" +# state: present +# listeners: +# - Protocol: HTTPS +# Port: 443 +# DefaultActions: +# - Type: forward +# TargetGroupName: "{{ tg_name }}" +# Order: 2 +# - Type: authenticate-oidc +# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" +# Order: 1 +# Certificates: +# - CertificateArn: "{{ cert_arn }}" +# SslPolicy: ELBSecurityPolicy-2016-08 +# <<: *aws_connection_info +# register: alb +# +# - assert: +# that: +# - alb.listeners|length == 1 +# - alb.listeners[0].rules[0].actions|length == 2 +# +# - name: test changing order of actions +# elb_application_lb: +# name: "{{ alb_name }}" +# subnets: "{{ alb_subnets }}" +# security_groups: "{{ sec_group.group_id }}" +# state: present +# listeners: +# - Protocol: HTTPS +# Port: 443 +# DefaultActions: +# - Type: authenticate-oidc +# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" +# Order: 1 +# - Type: forward +# TargetGroupName: "{{ tg_name }}" +# Order: 2 +# Certificates: +# - CertificateArn: "{{ cert_arn }}" +# SslPolicy: ELBSecurityPolicy-2016-08 +# <<: *aws_connection_info +# register: alb +# +# - assert: +# that: +# - not alb.changed +# - alb.listeners|length == 1 +# - alb.listeners[0].rules[0].actions|length == 2 +# +# - name: test non-default rule with multiple actions +# elb_application_lb: +# name: "{{ alb_name }}" +# subnets: "{{ alb_subnets }}" +# security_groups: "{{ sec_group.group_id }}" +# state: present +# listeners: +# - Protocol: HTTPS +# Port: 443 +# DefaultActions: +# - Type: authenticate-oidc +# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" +# Order: 1 +# - Type: forward +# TargetGroupName: "{{ tg_name }}" +# Order: 2 +# Certificates: +# - CertificateArn: "{{ cert_arn }}" +# SslPolicy: ELBSecurityPolicy-2016-08 +# Rules: +# - Conditions: +# - Field: path-pattern +# Values: +# - "*" +# Priority: 1 +# Actions: +# - Type: forward +# TargetGroupName: "{{ tg_name }}" +# Order: 2 +# - Type: authenticate-oidc +# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" +# Order: 1 +# <<: *aws_connection_info +# register: alb +# +# - assert: +# that: +# - alb.changed +# - alb.listeners|length == 1 +# - alb.listeners[0].rules[0].actions|length == 2 +# - alb.listeners[0].rules[1].actions|length == 2 +# +# - name: test idempotency non-default rule with multiple actions +# elb_application_lb: +# name: "{{ alb_name }}" +# subnets: "{{ alb_subnets }}" +# security_groups: "{{ sec_group.group_id }}" +# state: present +# listeners: +# - Protocol: HTTPS +# Port: 443 +# DefaultActions: +# - Type: authenticate-oidc +# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" +# Order: 1 +# - Type: forward +# TargetGroupName: "{{ tg_name }}" +# Order: 2 +# Certificates: +# - CertificateArn: "{{ cert_arn }}" +# SslPolicy: ELBSecurityPolicy-2016-08 +# Rules: +# - Conditions: +# - Field: path-pattern +# Values: +# - "*" +# Priority: 1 +# Actions: +# - Type: forward +# TargetGroupName: "{{ tg_name }}" +# Order: 2 +# - Type: authenticate-oidc +# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" +# Order: 1 +# <<: *aws_connection_info +# register: alb +# +# - assert: +# that: +# - not alb.changed +# - alb.listeners|length == 1 +# - alb.listeners[0].rules[0].actions|length == 2 +# - alb.listeners[0].rules[1].actions|length == 2 +# +# - name: test non-default rule action order change +# elb_application_lb: +# name: "{{ alb_name }}" +# subnets: "{{ alb_subnets }}" +# security_groups: "{{ sec_group.group_id }}" +# state: present +# listeners: +# - Protocol: HTTPS +# Port: 443 +# DefaultActions: +# - Type: authenticate-oidc +# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" +# Order: 1 +# - Type: forward +# TargetGroupName: "{{ tg_name }}" +# Order: 2 +# Certificates: +# - CertificateArn: "{{ cert_arn }}" +# SslPolicy: ELBSecurityPolicy-2016-08 +# Rules: +# - Conditions: +# - Field: path-pattern +# Values: +# - "*" +# Priority: 1 +# Actions: +# - Type: authenticate-oidc +# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" +# Order: 1 +# - Type: forward +# TargetGroupName: "{{ tg_name }}" +# Order: 2 +# <<: *aws_connection_info +# register: alb +# +# - assert: +# that: +# - not alb.changed +# - alb.listeners|length == 1 +# - alb.listeners[0].rules[0].actions|length == 2 +# - alb.listeners[0].rules[1].actions|length == 2 diff --git a/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions_fail.yml b/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions_fail.yml new file mode 100644 index 00000000000..722002f2591 --- /dev/null +++ b/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions_fail.yml @@ -0,0 +1,53 @@ +- block: + + - name: set connection information for all tasks + set_fact: + aws_connection_info: &aws_connection_info + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + security_token: "{{ security_token }}" + region: "{{ aws_region }}" + no_log: yes + + - name: register dummy OIDC config + set_fact: + AuthenticateOidcActionConfig: + AuthorizationEndpoint: "https://www.example.com/auth" + ClientId: "eeeeeeeeeeeeeeeeeeeeeeeeee" + ClientSecret: "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" + Issuer: "https://www.example.com/issuer" + OnUnauthenticatedRequest: "authenticate" + Scope: "openid" + SessionCookieName: "AWSELBAuthSessionCookie" + SessionTimeout: 604800 + TokenEndpoint: "https://www.example.com/token" + UserInfoEndpoint: "https://www.example.com/userinfo" + + - name: create ALB with multiple DefaultActions + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTPS + Port: 443 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Order: 2 + - Type: authenticate-oidc + AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" + Order: 1 + Certificates: + - CertificateArn: "{{ cert_arn }}" + SslPolicy: ELBSecurityPolicy-2016-08 + <<: *aws_connection_info + register: alb + ignore_errors: yes + + - name: check for a graceful failure message + assert: + that: + - alb.failed + - 'alb.msg == "installed version of botocore does not support multiple actions, please upgrade botocore to version 1.10.30 or higher"' From 07bda4f4c1c1601f20dd8e4c4fc6631462218306 Mon Sep 17 00:00:00 2001 From: jillr Date: Tue, 3 Mar 2020 19:43:21 +0000 Subject: [PATCH 02/52] migration test cleanup This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/13b104b912784bb31a0bff23eed4c27b0f5e0283 --- plugins/modules/elb_application_lb.py | 7 ++++++- plugins/modules/elb_application_lb_info.py | 8 ++++++-- .../targets/elb_application_lb/tasks/full_test.yml | 9 ++++++--- .../elb_application_lb/tasks/multiple_actions_fail.yml | 9 ++++++--- .../tasks/test_modifying_alb_listeners.yml | 4 ++-- 5 files changed, 26 insertions(+), 11 deletions(-) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index 5536f3de6f1..bd0dea254e3 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -460,7 +460,12 @@ from ansible_collections.ansible.amazon.plugins.module_utils.aws.core import AnsibleAWSModule from ansible_collections.ansible.amazon.plugins.module_utils.ec2 import camel_dict_to_snake_dict, boto3_tag_list_to_ansible_dict, compare_aws_tags -from ansible_collections.ansible.amazon.plugins.module_utils.aws.elbv2 import ApplicationLoadBalancer, ELBListeners, ELBListener, ELBListenerRules, ELBListenerRule +from ansible_collections.ansible.amazon.plugins.module_utils.aws.elbv2 import (ApplicationLoadBalancer, + ELBListeners, + ELBListener, + ELBListenerRules, + ELBListenerRule, + ) from ansible_collections.ansible.amazon.plugins.module_utils.aws.elb_utils import get_elb_listener_rules diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index d115d029f36..6d68f07f892 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -173,8 +173,12 @@ HAS_BOTO3 = False from ansible.module_utils.basic import AnsibleModule -from ansible_collections.ansible.amazon.plugins.module_utils.ec2 import (boto3_conn, boto3_tag_list_to_ansible_dict, camel_dict_to_snake_dict, - ec2_argument_spec, get_aws_connection_info) +from ansible_collections.ansible.amazon.plugins.module_utils.ec2 import (boto3_conn, + boto3_tag_list_to_ansible_dict, + camel_dict_to_snake_dict, + ec2_argument_spec, + get_aws_connection_info, + ) def get_elb_listeners(connection, module, elb_arn): diff --git a/tests/integration/targets/elb_application_lb/tasks/full_test.yml b/tests/integration/targets/elb_application_lb/tasks/full_test.yml index 8c1f95fb8e5..cdba2cb4b56 100644 --- a/tests/integration/targets/elb_application_lb/tasks/full_test.yml +++ b/tests/integration/targets/elb_application_lb/tasks/full_test.yml @@ -1,4 +1,7 @@ -- block: +- name: elb_application_lb full_test + collections: + - ansible.amazon + block: - name: set connection information for all tasks set_fact: aws_connection_info: @@ -70,8 +73,8 @@ register: vpc_subnets - name: create list of subnet ids set_fact: - alb_subnets: '{{ vpc_subnets|json_query(''subnets[?tags.Public == `True`].id'') }}' - private_subnets: '{{ vpc_subnets|json_query(''subnets[?tags.Public != `True`].id'') }}' + alb_subnets: '{{ vpc_subnets|community.general.json_query(''subnets[?tags.Public == `True`].id'') }}' + private_subnets: '{{ vpc_subnets|community.general.json_query(''subnets[?tags.Public != `True`].id'') }}' - name: create a route table ec2_vpc_route_table: aws_access_key: '{{ aws_access_key }}' diff --git a/tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml b/tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml index 04bf70b96a8..72daf403385 100644 --- a/tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml +++ b/tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml @@ -1,4 +1,7 @@ -- block: +- name: elb_application_lb multiple_actions_fail tests + collections: + - ansible.amazon + block: - name: set connection information for all tasks set_fact: aws_connection_info: @@ -70,8 +73,8 @@ register: vpc_subnets - name: create list of subnet ids set_fact: - alb_subnets: '{{ vpc_subnets|json_query(''subnets[?tags.Public == `True`].id'') }}' - private_subnets: '{{ vpc_subnets|json_query(''subnets[?tags.Public != `True`].id'') }}' + alb_subnets: '{{ vpc_subnets|community.general.json_query(''subnets[?tags.Public == `True`].id'') }}' + private_subnets: '{{ vpc_subnets|community.general.json_query(''subnets[?tags.Public != `True`].id'') }}' - name: create a route table ec2_vpc_route_table: aws_access_key: '{{ aws_access_key }}' diff --git a/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml b/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml index 943d766340d..3e4765b1786 100644 --- a/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml +++ b/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml @@ -147,7 +147,7 @@ that: - alb.changed - alb.listeners[0].rules|length == 4 - - '{{ alb|json_query("listeners[].rules[].conditions[].host_header_config.values[]")|length == 1 }}' + - '{{ alb|community.general.json_query("listeners[].rules[].conditions[].host_header_config.values[]")|length == 1 }}' - name: test replacing the rule that uses the host header condition with multiple host header conditions elb_application_lb: @@ -179,7 +179,7 @@ that: - alb.changed - alb.listeners[0].rules|length == 4 - - '{{ alb|json_query("listeners[].rules[].conditions[].host_header_config.values[]")|length == 2 }}' + - '{{ alb|community.general.json_query("listeners[].rules[].conditions[].host_header_config.values[]")|length == 2 }}' - name: remove the rule elb_application_lb: From ad208179061a2080417977f18213fafe77ad4d7e Mon Sep 17 00:00:00 2001 From: Jill R <4121322+jillr@users.noreply.github.com> Date: Wed, 25 Mar 2020 15:39:40 -0700 Subject: [PATCH 03/52] Rename collection (#12) * Rename core collection Rename references to ansible.amazon to amazon.aws. * Rename community.amazon to community.aws Fix pep8 line lengths for rewritten amazon.aws imports * Missed a path in shippable.sh * Dependency repos moved This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/235c5db571cc45db5839476c94356c9b91e1f228 --- plugins/modules/elb_application_lb.py | 22 +++++++++---------- plugins/modules/elb_application_lb_info.py | 16 +++++++------- .../elb_application_lb/tasks/full_test.yml | 2 +- .../tasks/multiple_actions_fail.yml | 2 +- 4 files changed, 21 insertions(+), 21 deletions(-) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index bd0dea254e3..9c49e648409 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -176,8 +176,8 @@ default: yes type: bool extends_documentation_fragment: -- ansible.amazon.aws -- ansible.amazon.ec2 +- amazon.aws.aws +- amazon.aws.ec2 notes: - Listeners are matched based on port. If a listener's port is changed then a new listener will be created. @@ -457,16 +457,16 @@ sample: vpc-0011223344 ''' -from ansible_collections.ansible.amazon.plugins.module_utils.aws.core import AnsibleAWSModule -from ansible_collections.ansible.amazon.plugins.module_utils.ec2 import camel_dict_to_snake_dict, boto3_tag_list_to_ansible_dict, compare_aws_tags +from ansible_collections.amazon.aws.plugins.module_utils.aws.core import AnsibleAWSModule +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict, boto3_tag_list_to_ansible_dict, compare_aws_tags -from ansible_collections.ansible.amazon.plugins.module_utils.aws.elbv2 import (ApplicationLoadBalancer, - ELBListeners, - ELBListener, - ELBListenerRules, - ELBListenerRule, - ) -from ansible_collections.ansible.amazon.plugins.module_utils.aws.elb_utils import get_elb_listener_rules +from ansible_collections.amazon.aws.plugins.module_utils.aws.elbv2 import (ApplicationLoadBalancer, + ELBListeners, + ELBListener, + ELBListenerRules, + ELBListenerRule, + ) +from ansible_collections.amazon.aws.plugins.module_utils.aws.elb_utils import get_elb_listener_rules def create_or_update_elb(elb_obj): diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index 6d68f07f892..b347941ee79 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -32,8 +32,8 @@ type: list extends_documentation_fragment: -- ansible.amazon.aws -- ansible.amazon.ec2 +- amazon.aws.aws +- amazon.aws.ec2 ''' @@ -173,12 +173,12 @@ HAS_BOTO3 = False from ansible.module_utils.basic import AnsibleModule -from ansible_collections.ansible.amazon.plugins.module_utils.ec2 import (boto3_conn, - boto3_tag_list_to_ansible_dict, - camel_dict_to_snake_dict, - ec2_argument_spec, - get_aws_connection_info, - ) +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import (boto3_conn, + boto3_tag_list_to_ansible_dict, + camel_dict_to_snake_dict, + ec2_argument_spec, + get_aws_connection_info, + ) def get_elb_listeners(connection, module, elb_arn): diff --git a/tests/integration/targets/elb_application_lb/tasks/full_test.yml b/tests/integration/targets/elb_application_lb/tasks/full_test.yml index cdba2cb4b56..82aabf1a305 100644 --- a/tests/integration/targets/elb_application_lb/tasks/full_test.yml +++ b/tests/integration/targets/elb_application_lb/tasks/full_test.yml @@ -1,6 +1,6 @@ - name: elb_application_lb full_test collections: - - ansible.amazon + - amazon.aws block: - name: set connection information for all tasks set_fact: diff --git a/tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml b/tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml index 72daf403385..56b6a194aff 100644 --- a/tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml +++ b/tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml @@ -1,6 +1,6 @@ - name: elb_application_lb multiple_actions_fail tests collections: - - ansible.amazon + - amazon.aws block: - name: set connection information for all tasks set_fact: From 2f55086c700d4758da341b04da3a0a6f5410c0e2 Mon Sep 17 00:00:00 2001 From: Matt Clay Date: Fri, 27 Mar 2020 14:58:08 -0700 Subject: [PATCH 04/52] Use `coverage<5` in integration tests. (#13) Coverage versions 5 and later are not supported by ansible-test. This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/c2bb05075c0846e4cfc8640bd26ab800db39780a --- tests/integration/targets/elb_application_lb/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/integration/targets/elb_application_lb/tasks/main.yml b/tests/integration/targets/elb_application_lb/tasks/main.yml index 037d7fd4af5..425469bcbe4 100644 --- a/tests/integration/targets/elb_application_lb/tasks/main.yml +++ b/tests/integration/targets/elb_application_lb/tasks/main.yml @@ -13,7 +13,7 @@ - 'botocore<1.10.30' - boto3 - boto - - coverage + - coverage<5 - cryptography virtualenv: "{{ virtualenv }}" virtualenv_command: "{{ virtualenv_command }}" @@ -29,7 +29,7 @@ - 'botocore>=1.10.30' - boto3 - boto - - coverage + - coverage<5 - cryptography virtualenv: "{{ virtualenv }}" virtualenv_command: "{{ virtualenv_command }}" From ad631f8658a7df0730f7857820fad096e2bd3a26 Mon Sep 17 00:00:00 2001 From: Jill R <4121322+jillr@users.noreply.github.com> Date: Tue, 19 May 2020 16:06:12 -0700 Subject: [PATCH 05/52] Remove METADATA and cleanup galaxy.yml (#70) * Remove ANSIBLE_METADATA entirely, see ansible/ansible/pull/69454. Remove `license` field from galaxy.yml, in favor of `license_file`. This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/05672a64e2362cc2d865b5af6a57da6bc3cd08e3 --- plugins/modules/elb_application_lb.py | 3 --- plugins/modules/elb_application_lb_info.py | 4 ---- 2 files changed, 7 deletions(-) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index 9c49e648409..28915d551fa 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -17,9 +17,6 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} DOCUMENTATION = ''' --- diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index b347941ee79..ca5290e3892 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -6,10 +6,6 @@ __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} - DOCUMENTATION = ''' --- module: elb_application_lb_info From 0e31b3523086e0c22d11470e6cd88414fad29a0d Mon Sep 17 00:00:00 2001 From: Jill R <4121322+jillr@users.noreply.github.com> Date: Tue, 16 Jun 2020 11:23:52 -0700 Subject: [PATCH 06/52] Collections related fixes for CI (#96) * Update module deprecations Switch version to `removed_at_date` * Don't install amazon.aws from galaxy We've been using galaxy to install amazon.aws in shippable, but that doesn't really work if we aren't publising faster. Get that collection from git so it is most up to date. * We need to declare python test deps now * missed a python dep This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/7cd211e9383db26bc2aa4cc06e657cf60ed0acc0 --- plugins/modules/elb_application_lb_info.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index ca5290e3892..2f9c1c39cc9 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -273,7 +273,8 @@ def main(): supports_check_mode=True ) if module._name == 'elb_application_lb_facts': - module.deprecate("The 'elb_application_lb_facts' module has been renamed to 'elb_application_lb_info'", version='2.13') + module.deprecate("The 'elb_application_lb_facts' module has been renamed to 'elb_application_lb_info'", + date='2021-12-01', collection_name='community.aws') if not HAS_BOTO3: module.fail_json(msg='boto3 required for this module') From 47d58a2585068d65016b25848bee47de360ffa3b Mon Sep 17 00:00:00 2001 From: Abhijeet Kasurde Date: Wed, 17 Jun 2020 01:24:54 +0530 Subject: [PATCH 07/52] Update Examples with FQCN (#67) Updated module examples with FQCN Signed-off-by: Abhijeet Kasurde This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/98173aefbbceed7fc0d9db62687b73f96a55a999 --- plugins/modules/elb_application_lb.py | 8 ++++---- plugins/modules/elb_application_lb_info.py | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index 28915d551fa..c314a60aa40 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -185,7 +185,7 @@ # Note: These examples do not set authentication details, see the AWS Guide for details. # Create an ELB and attach a listener -- elb_application_lb: +- community.aws.elb_application_lb: name: myelb security_groups: - sg-12345678 @@ -206,7 +206,7 @@ state: present # Create an ELB and attach a listener with logging enabled -- elb_application_lb: +- community.aws.elb_application_lb: access_logs_enabled: yes access_logs_s3_bucket: mybucket access_logs_s3_prefix: "logs" @@ -230,7 +230,7 @@ state: present # Create an ALB with listeners and rules -- elb_application_lb: +- community.aws.elb_application_lb: name: test-alb subnets: - subnet-12345678 @@ -293,7 +293,7 @@ state: present # Remove an ELB -- elb_application_lb: +- community.aws.elb_application_lb: name: myelb state: absent diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index 2f9c1c39cc9..e1711dbef45 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -36,22 +36,22 @@ EXAMPLES = ''' # Note: These examples do not set authentication details, see the AWS Guide for details. -# Gather information about all target groups -- elb_application_lb_info: +- name: Gather information about all target groups + community.aws.elb_application_lb_info: -# Gather information about the target group attached to a particular ELB -- elb_application_lb_info: +- name: Gather information about the target group attached to a particular ELB + community.aws.elb_application_lb_info: load_balancer_arns: - "arn:aws:elasticloadbalancing:ap-southeast-2:001122334455:loadbalancer/app/my-elb/aabbccddeeff" -# Gather information about a target groups named 'tg1' and 'tg2' -- elb_application_lb_info: +- name: Gather information about a target groups named 'tg1' and 'tg2' + community.aws.elb_application_lb_info: names: - elb1 - elb2 -# Gather information about specific ALB -- elb_application_lb_info: +- name: Gather information about specific ALB + community.aws.elb_application_lb_info: names: "alb-name" region: "aws-region" register: alb_info From e8fd42ef65cc0ab841912b895360a7dfe953cac2 Mon Sep 17 00:00:00 2001 From: flowerysong Date: Tue, 16 Jun 2020 19:30:00 -0400 Subject: [PATCH 08/52] Update module_utils paths to remove aws subdir (#23) Co-authored-by: Ezekiel Hendrickson This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/10853d9441a586ba177006dd889325cfb24a3dd6 --- plugins/modules/elb_application_lb.py | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index c314a60aa40..6daaad7a49c 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -454,16 +454,17 @@ sample: vpc-0011223344 ''' -from ansible_collections.amazon.aws.plugins.module_utils.aws.core import AnsibleAWSModule +from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict, boto3_tag_list_to_ansible_dict, compare_aws_tags -from ansible_collections.amazon.aws.plugins.module_utils.aws.elbv2 import (ApplicationLoadBalancer, - ELBListeners, - ELBListener, - ELBListenerRules, - ELBListenerRule, - ) -from ansible_collections.amazon.aws.plugins.module_utils.aws.elb_utils import get_elb_listener_rules +from ansible_collections.amazon.aws.plugins.module_utils.elbv2 import ( + ApplicationLoadBalancer, + ELBListener, + ELBListenerRule, + ELBListenerRules, + ELBListeners, +) +from ansible_collections.amazon.aws.plugins.module_utils.elb_utils import get_elb_listener_rules def create_or_update_elb(elb_obj): From 7066cf42597c41b59b7cb9c0342b32a65880d332 Mon Sep 17 00:00:00 2001 From: Jill R <4121322+jillr@users.noreply.github.com> Date: Wed, 17 Jun 2020 09:31:32 -0700 Subject: [PATCH 09/52] Update docs (#99) * Update docs Remove .git from repo url so links in readme will generate correctly Add required ansible version Run latest version of add_docs.py Add version_added string to modules * galaxy.yml was missing authors This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/96ee268e5267f5b12c3d59892bc1279f75aa3135 --- plugins/modules/elb_application_lb.py | 1 + plugins/modules/elb_application_lb_info.py | 1 + 2 files changed, 2 insertions(+) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index 6daaad7a49c..3f8c44c9f36 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -21,6 +21,7 @@ DOCUMENTATION = ''' --- module: elb_application_lb +version_added: 1.0.0 short_description: Manage an Application load balancer description: - Manage an AWS Application Elastic Load Balancer. See U(https://aws.amazon.com/blogs/aws/new-aws-application-load-balancer/) for details. diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index e1711dbef45..c9300f5ed01 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -9,6 +9,7 @@ DOCUMENTATION = ''' --- module: elb_application_lb_info +version_added: 1.0.0 short_description: Gather information about application ELBs in AWS description: - Gather information about application ELBs in AWS From 2afd55674daae2b676c19bf3a86c206801ce2529 Mon Sep 17 00:00:00 2001 From: Abhijeet Kasurde Date: Thu, 16 Jul 2020 01:31:41 +0530 Subject: [PATCH 10/52] Docs: sanity fixes (#133) Signed-off-by: Abhijeet Kasurde This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/059cf9efc95bb976de21ab4f8e4d9ddd001983fc --- plugins/modules/elb_application_lb.py | 22 ++++++++++++++-------- plugins/modules/elb_application_lb_info.py | 12 +++++++----- 2 files changed, 21 insertions(+), 13 deletions(-) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index 3f8c44c9f36..dc138fb2294 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -18,7 +18,7 @@ __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: elb_application_lb version_added: 1.0.0 @@ -66,6 +66,7 @@ - A list of dicts containing listeners to attach to the ELB. See examples for detail of the dict required. Note that listener keys are CamelCased. type: list + elements: dict suboptions: Port: description: The port on which the load balancer is listening. @@ -78,6 +79,7 @@ Certificates: description: The SSL server certificate. type: list + elements: dict suboptions: CertificateArn: description: The Amazon Resource Name (ARN) of the certificate. @@ -89,6 +91,7 @@ description: The default actions for the listener. required: true type: list + elements: dict suboptions: Type: description: The type of action. @@ -98,6 +101,7 @@ type: str Rules: type: list + elements: dict description: - A list of ALB Listener Rules. - 'For the complete documentation of possible Conditions and Actions please see the boto3 documentation:' @@ -136,12 +140,14 @@ at least two Availability Zones. - Required if I(state=present). type: list + elements: str security_groups: description: - A list of the names or IDs of the security groups to assign to the load balancer. - Required if I(state=present). default: [] type: list + elements: str scheme: description: - Internet-facing or internal load balancer. An ELB scheme can not be modified after creation. @@ -182,7 +188,7 @@ - Listener rules are matched based on priority. If a rule's priority is changed then a new rule will be created. ''' -EXAMPLES = ''' +EXAMPLES = r''' # Note: These examples do not set authentication details, see the AWS Guide for details. # Create an ELB and attach a listener @@ -300,7 +306,7 @@ ''' -RETURN = ''' +RETURN = r''' access_logs_s3_bucket: description: The name of the S3 bucket for the access logs. returned: when state is present @@ -603,16 +609,16 @@ def main(): Protocol=dict(type='str', required=True), Port=dict(type='int', required=True), SslPolicy=dict(type='str'), - Certificates=dict(type='list'), - DefaultActions=dict(type='list', required=True), - Rules=dict(type='list') + Certificates=dict(type='list', elements='dict'), + DefaultActions=dict(type='list', required=True, elements='dict'), + Rules=dict(type='list', elements='dict') ) ), name=dict(required=True, type='str'), purge_listeners=dict(default=True, type='bool'), purge_tags=dict(default=True, type='bool'), - subnets=dict(type='list'), - security_groups=dict(type='list'), + subnets=dict(type='list', elements='str'), + security_groups=dict(type='list', elements='str'), scheme=dict(default='internet-facing', choices=['internet-facing', 'internal']), state=dict(choices=['present', 'absent'], default='present'), tags=dict(type='dict'), diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index c9300f5ed01..21952633a43 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -6,7 +6,7 @@ __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: elb_application_lb_info version_added: 1.0.0 @@ -22,11 +22,13 @@ - The Amazon Resource Names (ARN) of the load balancers. You can specify up to 20 load balancers in a single call. required: false type: list + elements: str names: description: - The names of the load balancers. required: false type: list + elements: str extends_documentation_fragment: - amazon.aws.aws @@ -34,7 +36,7 @@ ''' -EXAMPLES = ''' +EXAMPLES = r''' # Note: These examples do not set authentication details, see the AWS Guide for details. - name: Gather information about all target groups @@ -60,7 +62,7 @@ var: alb_info ''' -RETURN = ''' +RETURN = r''' load_balancers: description: a list of load balancers returned: always @@ -264,8 +266,8 @@ def main(): argument_spec = ec2_argument_spec() argument_spec.update( dict( - load_balancer_arns=dict(type='list'), - names=dict(type='list') + load_balancer_arns=dict(type='list', elements='str'), + names=dict(type='list', elements='str') ) ) From f300d4a78b42db64e48666118766198b75563ed1 Mon Sep 17 00:00:00 2001 From: Andrew Klychkov Date: Fri, 17 Jul 2020 21:10:09 +0300 Subject: [PATCH 11/52] aws modules: fix examples to use FQCN for builtin modules/plugins (#144) This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/92bebdd5ab3019bbdeee55e8a69c9d903deeac49 --- plugins/modules/elb_application_lb_info.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index 21952633a43..796803d8c2f 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -58,7 +58,7 @@ names: "alb-name" region: "aws-region" register: alb_info -- debug: +- ansible.builtin.debug: var: alb_info ''' From e8812ca2b7cb43ee0475bfcb4a8dbfc771b79978 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Wed, 12 Aug 2020 13:06:35 +0200 Subject: [PATCH 12/52] Bulk migration to AnsibleAWSModule (#173) * Update comments to reference AnsibleAWSModule rather than AnsibleModule * Bulk re-order imports and split onto one from import per-line. * Add AnsibleAWSModule imports * Migrate boto 2 based modules to AnsibleAWSModule * Move boto3-only modules over to AnsibleAWSModule * Remove extra ec2_argument_spec calls - not needed now we're using AnsibleAWSModule * Remove most HAS_BOTO3 code, it's handled by AnsibleAWSModule * Handle missing Boto 2 consistently (HAS_BOTO) * Remove AnsibleModule imports * Changelog fragment This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/818c6d2faa046974a9bdfa9346122d11e5bef3b1 --- plugins/modules/elb_application_lb_info.py | 36 +++++++++------------- 1 file changed, 14 insertions(+), 22 deletions(-) diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index 796803d8c2f..ef02d59e54f 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -167,17 +167,14 @@ try: import boto3 from botocore.exceptions import ClientError, NoCredentialsError - HAS_BOTO3 = True except ImportError: - HAS_BOTO3 = False + pass # Handled by AnsibleAWSModule -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import (boto3_conn, - boto3_tag_list_to_ansible_dict, - camel_dict_to_snake_dict, - ec2_argument_spec, - get_aws_connection_info, - ) +from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_conn +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import get_aws_connection_info def get_elb_listeners(connection, module, elb_arn): @@ -263,25 +260,20 @@ def list_load_balancers(connection, module): def main(): - argument_spec = ec2_argument_spec() - argument_spec.update( - dict( - load_balancer_arns=dict(type='list', elements='str'), - names=dict(type='list', elements='str') - ) + argument_spec = dict( + load_balancer_arns=dict(type='list', elements='str'), + names=dict(type='list', elements='str') ) - module = AnsibleModule(argument_spec=argument_spec, - mutually_exclusive=[['load_balancer_arns', 'names']], - supports_check_mode=True - ) + module = AnsibleAWSModule( + argument_spec=argument_spec, + mutually_exclusive=[['load_balancer_arns', 'names']], + supports_check_mode=True, + ) if module._name == 'elb_application_lb_facts': module.deprecate("The 'elb_application_lb_facts' module has been renamed to 'elb_application_lb_info'", date='2021-12-01', collection_name='community.aws') - if not HAS_BOTO3: - module.fail_json(msg='boto3 required for this module') - region, ec2_url, aws_connect_params = get_aws_connection_info(module, boto3=True) if region: From d16a045d8018647dc2e14a52d01b1d3ca94f9575 Mon Sep 17 00:00:00 2001 From: Vincent Vinet Date: Sat, 15 Aug 2020 09:11:59 -0400 Subject: [PATCH 13/52] =?UTF-8?q?Python=203=20compatibility=20error=20hand?= =?UTF-8?q?ling:=20use=20to=5Fnative(e)=20instead=20of=20str(e)=20or=20e.m?= =?UTF-8?q?e=E2=80=A6=20(#26)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Py3 compat error handling: use to_native(e) instead of str(e) or e.message * PR comment changes, use fail_json_aws and is_boto3_error_code This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/ffe14f95186399dc080019554035021015765872 --- plugins/modules/elb_application_lb_info.py | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index ef02d59e54f..1ed3d4c7cd2 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -170,7 +170,9 @@ except ImportError: pass # Handled by AnsibleAWSModule +from ansible.module_utils._text import to_native from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule +from ansible_collections.amazon.aws.plugins.module_utils.core import is_boto3_error_code from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_conn from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict @@ -182,7 +184,7 @@ def get_elb_listeners(connection, module, elb_arn): try: return connection.describe_listeners(LoadBalancerArn=elb_arn)['Listeners'] except ClientError as e: - module.fail_json(msg=e.message, exception=traceback.format_exc(), **camel_dict_to_snake_dict(e.response)) + module.fail_json_aws(e, msg="Failed to describe elb listeners") def get_listener_rules(connection, module, listener_arn): @@ -190,7 +192,7 @@ def get_listener_rules(connection, module, listener_arn): try: return connection.describe_rules(ListenerArn=listener_arn)['Rules'] except ClientError as e: - module.fail_json(msg=e.message, exception=traceback.format_exc(), **camel_dict_to_snake_dict(e.response)) + module.fail_json_aws(e, msg="Failed to describe listener rules") def get_load_balancer_attributes(connection, module, load_balancer_arn): @@ -198,7 +200,7 @@ def get_load_balancer_attributes(connection, module, load_balancer_arn): try: load_balancer_attributes = boto3_tag_list_to_ansible_dict(connection.describe_load_balancer_attributes(LoadBalancerArn=load_balancer_arn)['Attributes']) except ClientError as e: - module.fail_json(msg=e.message, exception=traceback.format_exc(), **camel_dict_to_snake_dict(e.response)) + module.fail_json_aws(e, msg="Failed to describe load balancer attributes") # Replace '.' with '_' in attribute key names to make it more Ansibley for k, v in list(load_balancer_attributes.items()): @@ -213,7 +215,7 @@ def get_load_balancer_tags(connection, module, load_balancer_arn): try: return boto3_tag_list_to_ansible_dict(connection.describe_tags(ResourceArns=[load_balancer_arn])['TagDescriptions'][0]['Tags']) except ClientError as e: - module.fail_json(msg=e.message, exception=traceback.format_exc(), **camel_dict_to_snake_dict(e.response)) + module.fail_json_aws(e, msg="Failed to describe load balancer tags") def list_load_balancers(connection, module): @@ -229,13 +231,12 @@ def list_load_balancers(connection, module): load_balancers = load_balancer_paginator.paginate(LoadBalancerArns=load_balancer_arns).build_full_result() if names: load_balancers = load_balancer_paginator.paginate(Names=names).build_full_result() - except ClientError as e: - if e.response['Error']['Code'] == 'LoadBalancerNotFound': - module.exit_json(load_balancers=[]) - else: - module.fail_json(msg=e.message, exception=traceback.format_exc(), **camel_dict_to_snake_dict(e.response)) + except is_boto3_error_code('LoadBalancerNotFound'): + module.exit_json(load_balancers=[]) + except ClientError as e: # pylint: disable=duplicate-except + module.fail_json_aws(e, msg="Failed to list load balancers") except NoCredentialsError as e: - module.fail_json(msg="AWS authentication problem. " + e.message, exception=traceback.format_exc()) + module.fail_json(msg="AWS authentication problem. " + to_native(e), exception=traceback.format_exc()) for load_balancer in load_balancers['LoadBalancers']: # Get the attributes for each elb From 5db13ccf5f7161bf14b1d0aa6c574ed17ba9c411 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Wed, 26 Aug 2020 11:35:32 +0200 Subject: [PATCH 14/52] Cleanup: Bulk Migration from boto3_conn to module.client() (#188) * Migrate from boto3_conn to module.client * Simplify error handling when creating connections * Simplify Region handling * Remove unused imports * Changelog This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/6bdf00d2198927bdaa119ae76ddd379a8b6eeb3d --- plugins/modules/elb_application_lb_info.py | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index 1ed3d4c7cd2..06e1f3ae229 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -166,6 +166,7 @@ try: import boto3 + import botocore from botocore.exceptions import ClientError, NoCredentialsError except ImportError: pass # Handled by AnsibleAWSModule @@ -173,10 +174,8 @@ from ansible.module_utils._text import to_native from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule from ansible_collections.amazon.aws.plugins.module_utils.core import is_boto3_error_code -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_conn from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import get_aws_connection_info def get_elb_listeners(connection, module, elb_arn): @@ -275,12 +274,10 @@ def main(): module.deprecate("The 'elb_application_lb_facts' module has been renamed to 'elb_application_lb_info'", date='2021-12-01', collection_name='community.aws') - region, ec2_url, aws_connect_params = get_aws_connection_info(module, boto3=True) - - if region: - connection = boto3_conn(module, conn_type='client', resource='elbv2', region=region, endpoint=ec2_url, **aws_connect_params) - else: - module.fail_json(msg="region must be specified") + try: + connection = module.client('elbv2') + except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: + module.fail_json_aws(e, msg='Failed to connect to AWS') list_load_balancers(connection, module) From 84dccd88531651cd50a540f9b1b7199f46ca2e8c Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Mon, 7 Dec 2020 08:48:06 +0100 Subject: [PATCH 15/52] Sanity test / doc-default-does-not-match-spec fixups (#320) * Sanity test / doc-default-does-not-match-spec fixups * General docs cleanup This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/b22f2804372a3d35683debffb9a1c0908a819ca1 --- plugins/modules/elb_application_lb.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index dc138fb2294..f18a00816b8 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -22,7 +22,7 @@ --- module: elb_application_lb version_added: 1.0.0 -short_description: Manage an Application load balancer +short_description: Manage an Application Load Balancer description: - Manage an AWS Application Elastic Load Balancer. See U(https://aws.amazon.com/blogs/aws/new-aws-application-load-balancer/) for details. requirements: [ boto3 ] @@ -50,12 +50,12 @@ deletion_protection: description: - Indicates whether deletion protection for the ELB is enabled. - default: no + - Defaults to C(false). type: bool http2: description: - Indicates whether to enable HTTP2 routing. - default: no + - Defaults to C(false). type: bool idle_timeout: description: @@ -124,14 +124,14 @@ type: str purge_listeners: description: - - If yes, existing listeners will be purged from the ELB to match exactly what is defined by I(listeners) parameter. If the I(listeners) parameter is - not set then listeners will not be modified + - If C(yes), existing listeners will be purged from the ELB to match exactly what is defined by I(listeners) parameter. + - If the I(listeners) parameter is not set then listeners will not be modified. default: yes type: bool purge_tags: description: - - If yes, existing tags will be purged from the resource to match exactly what is defined by I(tags) parameter. If the I(tags) parameter is not set then - tags will not be modified. + - If yes, existing tags will be purged from the resource to match exactly what is defined by I(tags) parameter. + - If the I(tags) parameter is not set then tags will not be modified. default: yes type: bool subnets: @@ -176,7 +176,7 @@ type: int purge_rules: description: - - When set to no, keep the existing load balancer rules in place. Will modify and add, but will not delete. + - When set to C(no), keep the existing load balancer rules in place. Will modify and add, but will not delete. default: yes type: bool extends_documentation_fragment: From 9945e67980561b718895e7244fb4fbc5a6263653 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gon=C3=A9ri=20Le=20Bouder?= Date: Tue, 12 Jan 2021 12:47:34 -0500 Subject: [PATCH 16/52] elb_application_lb: also clean up the associate listeners (#350) state=`absent`: Properly remove the associated listeners before the final removal of the object. See: https://github.com/ansible/ansible/issues/49291 This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/0cf5326bfcf479d446cacf9144e79176a655192f --- plugins/modules/elb_application_lb.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index f18a00816b8..f154c8803ff 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -589,6 +589,11 @@ def create_or_update_elb(elb_obj): def delete_elb(elb_obj): if elb_obj.elb: + listeners_obj = ELBListeners(elb_obj.connection, elb_obj.module, elb_obj.elb['LoadBalancerArn']) + for listener_to_delete in [i['ListenerArn'] for i in listeners_obj.current_listeners]: + listener_obj = ELBListener(elb_obj.connection, elb_obj.module, listener_to_delete, elb_obj.elb['LoadBalancerArn']) + listener_obj.delete() + elb_obj.delete() elb_obj.module.exit_json(changed=elb_obj.changed) From 72dd7abfa3e5443f66703c66ad6f155741fff693 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Sat, 16 Jan 2021 10:50:49 +0100 Subject: [PATCH 17/52] Bulk import cleanup (#360) * Split imports and reorder * Import camel_dict_to_snake_dict and snake_dict_to_camel_dict direct from ansible.module_utils.common.dict_transformations * Remove unused imports * Route53 Info was migrated to Boto3 drop the HAS_BOTO check and import * changelog This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/130cf3cc5980014020632f19fdab79c9bcf28add --- plugins/modules/elb_application_lb_info.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index 06e1f3ae229..14937befba8 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -165,17 +165,17 @@ import traceback try: - import boto3 import botocore from botocore.exceptions import ClientError, NoCredentialsError except ImportError: pass # Handled by AnsibleAWSModule from ansible.module_utils._text import to_native +from ansible.module_utils.common.dict_transformations import camel_dict_to_snake_dict + from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule from ansible_collections.amazon.aws.plugins.module_utils.core import is_boto3_error_code from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict def get_elb_listeners(connection, module, elb_arn): From 8ba74f5f217477e9bec05e32cfaa96640973d506 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gon=C3=A9ri=20Le=20Bouder?= Date: Mon, 18 Jan 2021 16:22:33 -0500 Subject: [PATCH 18/52] elb_application_lb: enable the functional test (#348) Remove the `unsupported` aliases for the `elb_application_lb` test. Use HTTP instead of HTTPS to avoid the dependency on `iam:ListServerCertificates` and the other Certificate related operations. This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/5f3c86c830624b649f89c5ce9dfa20b40807d238 --- .../targets/elb_application_lb/aliases | 2 +- .../elb_application_lb/tasks/full_test.yml | 48 ------------ .../tasks/multiple_actions_fail.yml | 48 ------------ .../tasks/test_alb_bad_listener_options.yml | 1 - .../tasks/test_deleting_alb.yml | 4 - .../tasks/test_modifying_alb_listeners.yml | 4 +- .../tasks/test_multiple_actions.yml | 77 ++++++------------- .../tasks/test_multiple_actions_fail.yml | 7 +- 8 files changed, 27 insertions(+), 164 deletions(-) diff --git a/tests/integration/targets/elb_application_lb/aliases b/tests/integration/targets/elb_application_lb/aliases index 56927195182..6e3860bee23 100644 --- a/tests/integration/targets/elb_application_lb/aliases +++ b/tests/integration/targets/elb_application_lb/aliases @@ -1,2 +1,2 @@ cloud/aws -unsupported +shippable/aws/group2 diff --git a/tests/integration/targets/elb_application_lb/tasks/full_test.yml b/tests/integration/targets/elb_application_lb/tasks/full_test.yml index 82aabf1a305..5602a9a8d36 100644 --- a/tests/integration/targets/elb_application_lb/tasks/full_test.yml +++ b/tests/integration/targets/elb_application_lb/tasks/full_test.yml @@ -117,40 +117,6 @@ vpc_id: '{{ vpc.vpc.id }}' state: present register: tg - - name: create privatekey for testing - community.crypto.openssl_privatekey: - path: ./ansible_alb_test.pem - size: 2048 - - name: create csr for cert - community.crypto.openssl_csr: - path: ./ansible_alb_test.csr - privatekey_path: ./ansible_alb_test.pem - C: US - ST: AnyPrincipality - L: AnyTown - O: AnsibleIntegrationTest - OU: Test - CN: ansible-alb-test.example.com - - name: create certificate - community.crypto.openssl_certificate: - path: ./ansible_alb_test.crt - privatekey_path: ./ansible_alb_test.pem - csr_path: ./ansible_alb_test.csr - provider: selfsigned - - name: upload server cert to iam - iam_cert: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' - name: '{{ alb_name }}' - state: present - cert: ./ansible_alb_test.crt - key: ./ansible_alb_test.pem - register: cert_upload - - name: register certificate arn to acm_arn fact - set_fact: - cert_arn: '{{ cert_upload.arn }}' - include_tasks: test_alb_bad_listener_options.yml - include_tasks: test_alb_tags.yml - include_tasks: test_creating_alb.yml @@ -189,20 +155,6 @@ until: remove_tg is success when: tg is defined ignore_errors: true - - name: destroy acm certificate - iam_cert: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' - name: '{{ alb_name }}' - state: absent - register: remove_cert - retries: 5 - delay: 3 - until: remove_cert is success - when: cert_arn is defined - ignore_errors: true - name: destroy sec group ec2_group: aws_access_key: '{{ aws_access_key }}' diff --git a/tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml b/tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml index 56b6a194aff..059b1fd3b25 100644 --- a/tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml +++ b/tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml @@ -117,40 +117,6 @@ vpc_id: '{{ vpc.vpc.id }}' state: present register: tg - - name: create privatekey for testing - community.crypto.openssl_privatekey: - path: ./ansible_alb_test.pem - size: 2048 - - name: create csr for cert - community.crypto.openssl_csr: - path: ./ansible_alb_test.csr - privatekey_path: ./ansible_alb_test.pem - C: US - ST: AnyPrincipality - L: AnyTown - O: AnsibleIntegrationTest - OU: Test - CN: ansible-alb-test.example.com - - name: create certificate - community.crypto.openssl_certificate: - path: ./ansible_alb_test.crt - privatekey_path: ./ansible_alb_test.pem - csr_path: ./ansible_alb_test.csr - provider: selfsigned - - name: upload server cert to iam - iam_cert: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' - name: '{{ alb_name }}' - state: present - cert: ./ansible_alb_test.crt - key: ./ansible_alb_test.pem - register: cert_upload - - name: register certificate arn to acm_arn fact - set_fact: - cert_arn: '{{ cert_upload.arn }}' - include_tasks: test_multiple_actions_fail.yml always: - name: destroy ALB @@ -183,20 +149,6 @@ until: remove_tg is success when: tg is defined ignore_errors: true - - name: destroy acm certificate - iam_cert: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' - name: '{{ alb_name }}' - state: absent - register: remove_cert - retries: 10 - delay: 5 - until: remove_cert is success - when: cert_arn is defined - ignore_errors: true - name: destroy sec group ec2_group: aws_access_key: '{{ aws_access_key }}' diff --git a/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml b/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml index 821ad36d767..0d5ed71e7de 100644 --- a/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml +++ b/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml @@ -28,7 +28,6 @@ - assert: that: - alb is failed - - alb.msg.startswith("'SslPolicy' is a required listener dict key when Protocol = HTTPS") - name: test creating an ALB without providing required listener options elb_application_lb: diff --git a/tests/integration/targets/elb_application_lb/tasks/test_deleting_alb.yml b/tests/integration/targets/elb_application_lb/tasks/test_deleting_alb.yml index 34e278cb9f6..bcbbaac14b7 100644 --- a/tests/integration/targets/elb_application_lb/tasks/test_deleting_alb.yml +++ b/tests/integration/targets/elb_application_lb/tasks/test_deleting_alb.yml @@ -26,10 +26,6 @@ wait_timeout: 300 register: alb - - assert: - that: - - alb.changed - - name: test idempotence elb_application_lb: name: "{{ alb_name }}" diff --git a/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml b/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml index 3e4765b1786..a897f9af31f 100644 --- a/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml +++ b/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml @@ -147,7 +147,7 @@ that: - alb.changed - alb.listeners[0].rules|length == 4 - - '{{ alb|community.general.json_query("listeners[].rules[].conditions[].host_header_config.values[]")|length == 1 }}' + # - '{{ alb|community.general.json_query("listeners[].rules[].conditions[].host_header_config.values[]")|length == 1 }}' - name: test replacing the rule that uses the host header condition with multiple host header conditions elb_application_lb: @@ -179,7 +179,7 @@ that: - alb.changed - alb.listeners[0].rules|length == 4 - - '{{ alb|community.general.json_query("listeners[].rules[].conditions[].host_header_config.values[]")|length == 2 }}' + #- '{{ alb|community.general.json_query("listeners[].rules[].conditions[].host_header_config.values[]")|length == 2 }}' - name: remove the rule elb_application_lb: diff --git a/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml b/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml index 6223270c3d0..b04024811a0 100644 --- a/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml +++ b/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml @@ -81,14 +81,11 @@ security_groups: "{{ sec_group.group_id }}" state: present listeners: - - Protocol: HTTPS - Port: 443 + - Protocol: HTTP + Port: 80 DefaultActions: - Type: redirect RedirectConfig: "{{ RedirectActionConfig }}" - Certificates: - - CertificateArn: "{{ cert_arn }}" - SslPolicy: ELBSecurityPolicy-2016-08 <<: *aws_connection_info register: alb @@ -106,14 +103,11 @@ security_groups: "{{ sec_group.group_id }}" state: present listeners: - - Protocol: HTTPS - Port: 443 + - Protocol: HTTP + Port: 80 DefaultActions: - Type: redirect RedirectConfig: "{{ RedirectActionConfig }}" - Certificates: - - CertificateArn: "{{ cert_arn }}" - SslPolicy: ELBSecurityPolicy-2016-08 <<: *aws_connection_info register: alb @@ -131,14 +125,11 @@ security_groups: "{{ sec_group.group_id }}" state: present listeners: - - Protocol: HTTPS - Port: 443 + - Protocol: HTTP + Port: 80 DefaultActions: - Type: fixed-response FixedResponseConfig: "{{ FixedResponseActionConfig }}" - Certificates: - - CertificateArn: "{{ cert_arn }}" - SslPolicy: ELBSecurityPolicy-2016-08 <<: *aws_connection_info register: alb @@ -156,14 +147,11 @@ security_groups: "{{ sec_group.group_id }}" state: present listeners: - - Protocol: HTTPS - Port: 443 + - Protocol: HTTP + Port: 80 DefaultActions: - Type: fixed-response FixedResponseConfig: "{{ FixedResponseActionConfig }}" - Certificates: - - CertificateArn: "{{ cert_arn }}" - SslPolicy: ELBSecurityPolicy-2016-08 <<: *aws_connection_info register: alb @@ -181,14 +169,11 @@ security_groups: "{{ sec_group.group_id }}" state: present listeners: - - Protocol: HTTPS - Port: 443 + - Protocol: HTTP + Port: 80 DefaultActions: - Type: fixed-response FixedResponseConfig: "{{ FixedResponseActionConfig }}" - Certificates: - - CertificateArn: "{{ cert_arn }}" - SslPolicy: ELBSecurityPolicy-2016-08 Rules: - Conditions: - Field: path-pattern @@ -236,14 +221,11 @@ security_groups: "{{ sec_group.group_id }}" state: present listeners: - - Protocol: HTTPS - Port: 443 + - Protocol: HTTP + Port: 80 DefaultActions: - Type: fixed-response FixedResponseConfig: "{{ FixedResponseActionConfig }}" - Certificates: - - CertificateArn: "{{ cert_arn }}" - SslPolicy: ELBSecurityPolicy-2016-08 Rules: - Conditions: - Field: path-pattern @@ -292,8 +274,8 @@ # security_groups: "{{ sec_group.group_id }}" # state: present # listeners: -# - Protocol: HTTPS -# Port: 443 +# - Protocol: HTTP +# Port: 80 # DefaultActions: # - Type: forward # TargetGroupName: "{{ tg_name }}" @@ -301,9 +283,6 @@ # - Type: authenticate-oidc # AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" # Order: 1 -# Certificates: -# - CertificateArn: "{{ cert_arn }}" -# SslPolicy: ELBSecurityPolicy-2016-08 # <<: *aws_connection_info # register: alb # @@ -319,8 +298,8 @@ # security_groups: "{{ sec_group.group_id }}" # state: present # listeners: -# - Protocol: HTTPS -# Port: 443 +# - Protocol: HTTP +# Port: 80 # DefaultActions: # - Type: authenticate-oidc # AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" @@ -328,9 +307,6 @@ # - Type: forward # TargetGroupName: "{{ tg_name }}" # Order: 2 -# Certificates: -# - CertificateArn: "{{ cert_arn }}" -# SslPolicy: ELBSecurityPolicy-2016-08 # <<: *aws_connection_info # register: alb # @@ -347,8 +323,8 @@ # security_groups: "{{ sec_group.group_id }}" # state: present # listeners: -# - Protocol: HTTPS -# Port: 443 +# - Protocol: HTTP +# Port: 80 # DefaultActions: # - Type: authenticate-oidc # AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" @@ -356,9 +332,6 @@ # - Type: forward # TargetGroupName: "{{ tg_name }}" # Order: 2 -# Certificates: -# - CertificateArn: "{{ cert_arn }}" -# SslPolicy: ELBSecurityPolicy-2016-08 # Rules: # - Conditions: # - Field: path-pattern @@ -389,8 +362,8 @@ # security_groups: "{{ sec_group.group_id }}" # state: present # listeners: -# - Protocol: HTTPS -# Port: 443 +# - Protocol: HTTP +# Port: 80 # DefaultActions: # - Type: authenticate-oidc # AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" @@ -398,9 +371,6 @@ # - Type: forward # TargetGroupName: "{{ tg_name }}" # Order: 2 -# Certificates: -# - CertificateArn: "{{ cert_arn }}" -# SslPolicy: ELBSecurityPolicy-2016-08 # Rules: # - Conditions: # - Field: path-pattern @@ -431,8 +401,8 @@ # security_groups: "{{ sec_group.group_id }}" # state: present # listeners: -# - Protocol: HTTPS -# Port: 443 +# - Protocol: HTTP +# Port: 80 # DefaultActions: # - Type: authenticate-oidc # AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" @@ -440,9 +410,6 @@ # - Type: forward # TargetGroupName: "{{ tg_name }}" # Order: 2 -# Certificates: -# - CertificateArn: "{{ cert_arn }}" -# SslPolicy: ELBSecurityPolicy-2016-08 # Rules: # - Conditions: # - Field: path-pattern diff --git a/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions_fail.yml b/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions_fail.yml index 722002f2591..0cc5f96826f 100644 --- a/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions_fail.yml +++ b/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions_fail.yml @@ -30,8 +30,8 @@ security_groups: "{{ sec_group.group_id }}" state: present listeners: - - Protocol: HTTPS - Port: 443 + - Protocol: HTTP + Port: 80 DefaultActions: - Type: forward TargetGroupName: "{{ tg_name }}" @@ -39,9 +39,6 @@ - Type: authenticate-oidc AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" Order: 1 - Certificates: - - CertificateArn: "{{ cert_arn }}" - SslPolicy: ELBSecurityPolicy-2016-08 <<: *aws_connection_info register: alb ignore_errors: yes From ef8bee18ec389d5774d493c082a8af0df73ac098 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Wed, 27 Jan 2021 09:17:44 +0100 Subject: [PATCH 19/52] Bulk migration to fail_json_aws (#361) * Split imports and sort * Move camel_dict_to_snake_dict imports to ansible.module_utils.common.dict_transformations * Cleanup unused imports * Bulk migration to fail_json_aws * Changelog This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/6c883156d250d3ed926a21dbd619b2b138246c5d --- plugins/modules/elb_application_lb_info.py | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index 14937befba8..e3003789911 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -162,15 +162,11 @@ sample: vpc-0011223344 ''' -import traceback - try: import botocore - from botocore.exceptions import ClientError, NoCredentialsError except ImportError: pass # Handled by AnsibleAWSModule -from ansible.module_utils._text import to_native from ansible.module_utils.common.dict_transformations import camel_dict_to_snake_dict from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule @@ -182,7 +178,7 @@ def get_elb_listeners(connection, module, elb_arn): try: return connection.describe_listeners(LoadBalancerArn=elb_arn)['Listeners'] - except ClientError as e: + except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: module.fail_json_aws(e, msg="Failed to describe elb listeners") @@ -190,7 +186,7 @@ def get_listener_rules(connection, module, listener_arn): try: return connection.describe_rules(ListenerArn=listener_arn)['Rules'] - except ClientError as e: + except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: module.fail_json_aws(e, msg="Failed to describe listener rules") @@ -198,7 +194,7 @@ def get_load_balancer_attributes(connection, module, load_balancer_arn): try: load_balancer_attributes = boto3_tag_list_to_ansible_dict(connection.describe_load_balancer_attributes(LoadBalancerArn=load_balancer_arn)['Attributes']) - except ClientError as e: + except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: module.fail_json_aws(e, msg="Failed to describe load balancer attributes") # Replace '.' with '_' in attribute key names to make it more Ansibley @@ -213,7 +209,7 @@ def get_load_balancer_tags(connection, module, load_balancer_arn): try: return boto3_tag_list_to_ansible_dict(connection.describe_tags(ResourceArns=[load_balancer_arn])['TagDescriptions'][0]['Tags']) - except ClientError as e: + except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: module.fail_json_aws(e, msg="Failed to describe load balancer tags") @@ -232,10 +228,8 @@ def list_load_balancers(connection, module): load_balancers = load_balancer_paginator.paginate(Names=names).build_full_result() except is_boto3_error_code('LoadBalancerNotFound'): module.exit_json(load_balancers=[]) - except ClientError as e: # pylint: disable=duplicate-except + except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: # pylint: disable=duplicate-except module.fail_json_aws(e, msg="Failed to list load balancers") - except NoCredentialsError as e: - module.fail_json(msg="AWS authentication problem. " + to_native(e), exception=traceback.format_exc()) for load_balancer in load_balancers['LoadBalancers']: # Get the attributes for each elb From 3dbcb4107e8aa973f1ddd01565c33e8929f53b8e Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Wed, 10 Feb 2021 12:32:15 +0100 Subject: [PATCH 20/52] Move tests to using module_defaults (#368) * Bulk migration to module_defaults * Tests for missing creds/region * Move dms_identifier and dms_sg_identifier into defaults This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/365b6ef9a7a5e78e1bcf0d190ab66957bed5e3dd --- .../elb_application_lb/tasks/full_test.yml | 15 --- .../targets/elb_application_lb/tasks/main.yml | 99 ++++++++++--------- .../tasks/multiple_actions_fail.yml | 71 ------------- .../tasks/test_alb_bad_listener_options.yml | 12 --- .../tasks/test_alb_tags.yml | 15 --- .../tasks/test_alb_with_asg.yml | 16 --- .../tasks/test_creating_alb.yml | 11 --- .../tasks/test_deleting_alb.yml | 11 --- .../tasks/test_modifying_alb_listeners.yml | 18 ---- .../tasks/test_multiple_actions.yml | 23 ----- .../tasks/test_multiple_actions_fail.yml | 10 -- 11 files changed, 55 insertions(+), 246 deletions(-) diff --git a/tests/integration/targets/elb_application_lb/tasks/full_test.yml b/tests/integration/targets/elb_application_lb/tasks/full_test.yml index 5602a9a8d36..f3c3d6807eb 100644 --- a/tests/integration/targets/elb_application_lb/tasks/full_test.yml +++ b/tests/integration/targets/elb_application_lb/tasks/full_test.yml @@ -1,20 +1,5 @@ - name: elb_application_lb full_test - collections: - - amazon.aws block: - - name: set connection information for all tasks - set_fact: - aws_connection_info: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' - awscli_connection_info: - AWS_ACCESS_KEY_ID: '{{ aws_access_key }}' - AWS_SECRET_ACCESS_KEY: '{{ aws_secret_key }}' - AWS_SESSION_TOKEN: '{{ security_token }}' - AWS_DEFAULT_REGION: '{{ aws_region }}' - no_log: true - name: create VPC ec2_vpc_net: aws_access_key: '{{ aws_access_key }}' diff --git a/tests/integration/targets/elb_application_lb/tasks/main.yml b/tests/integration/targets/elb_application_lb/tasks/main.yml index 425469bcbe4..3956aba57d6 100644 --- a/tests/integration/targets/elb_application_lb/tasks/main.yml +++ b/tests/integration/targets/elb_application_lb/tasks/main.yml @@ -1,44 +1,55 @@ -- set_fact: - virtualenv: "{{ remote_tmp_dir }}/virtualenv" - virtualenv_command: "{{ ansible_python_interpreter }} -m virtualenv" - -- set_fact: - virtualenv_interpreter: "{{ virtualenv }}/bin/python" - -- pip: - name: virtualenv - -- pip: - name: - - 'botocore<1.10.30' - - boto3 - - boto - - coverage<5 - - cryptography - virtualenv: "{{ virtualenv }}" - virtualenv_command: "{{ virtualenv_command }}" - virtualenv_site_packages: no - -- include_tasks: multiple_actions_fail.yml - vars: - ansible_python_interpreter: "{{ virtualenv_interpreter }}" - - -- pip: - name: - - 'botocore>=1.10.30' - - boto3 - - boto - - coverage<5 - - cryptography - virtualenv: "{{ virtualenv }}" - virtualenv_command: "{{ virtualenv_command }}" - virtualenv_site_packages: no - -- include_tasks: full_test.yml - vars: - ansible_python_interpreter: "{{ virtualenv_interpreter }}" - -- file: - path: "{{ virtualenv }}" - state: absent +- name: 'elb_application_lb integration tests' + collections: + - amazon.aws + module_defaults: + group/aws: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token | default(omit) }}' + region: '{{ aws_region }}' + block: + + - set_fact: + virtualenv: "{{ remote_tmp_dir }}/virtualenv" + virtualenv_command: "{{ ansible_python_interpreter }} -m virtualenv" + + - set_fact: + virtualenv_interpreter: "{{ virtualenv }}/bin/python" + + - pip: + name: virtualenv + + - pip: + name: + - 'botocore<1.10.30' + - boto3 + - boto + - coverage<5 + - cryptography + virtualenv: "{{ virtualenv }}" + virtualenv_command: "{{ virtualenv_command }}" + virtualenv_site_packages: no + + - include_tasks: multiple_actions_fail.yml + vars: + ansible_python_interpreter: "{{ virtualenv_interpreter }}" + + + - pip: + name: + - 'botocore>=1.10.30' + - boto3 + - boto + - coverage<5 + - cryptography + virtualenv: "{{ virtualenv }}" + virtualenv_command: "{{ virtualenv_command }}" + virtualenv_site_packages: no + + - include_tasks: full_test.yml + vars: + ansible_python_interpreter: "{{ virtualenv_interpreter }}" + + - file: + path: "{{ virtualenv }}" + state: absent diff --git a/tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml b/tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml index 059b1fd3b25..b70801df4e9 100644 --- a/tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml +++ b/tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml @@ -1,36 +1,13 @@ - name: elb_application_lb multiple_actions_fail tests - collections: - - amazon.aws block: - - name: set connection information for all tasks - set_fact: - aws_connection_info: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' - awscli_connection_info: - AWS_ACCESS_KEY_ID: '{{ aws_access_key }}' - AWS_SECRET_ACCESS_KEY: '{{ aws_secret_key }}' - AWS_SESSION_TOKEN: '{{ security_token }}' - AWS_DEFAULT_REGION: '{{ aws_region }}' - no_log: true - name: create VPC ec2_vpc_net: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' cidr_block: 10.228.228.0/22 name: '{{ resource_prefix }}_vpc' state: present register: vpc - name: create internet gateway ec2_vpc_igw: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' vpc_id: '{{ vpc.vpc.id }}' state: present tags: @@ -38,10 +15,6 @@ register: igw - name: create public subnet ec2_vpc_subnet: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' cidr: '{{ item.cidr }}' az: '{{ aws_region}}{{ item.az }}' vpc_id: '{{ vpc.vpc.id }}' @@ -64,10 +37,6 @@ public: 'False' register: subnets - ec2_vpc_subnet_facts: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' filters: vpc-id: '{{ vpc.vpc.id }}' register: vpc_subnets @@ -77,10 +46,6 @@ private_subnets: '{{ vpc_subnets|community.general.json_query(''subnets[?tags.Public != `True`].id'') }}' - name: create a route table ec2_vpc_route_table: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' vpc_id: '{{ vpc.vpc.id }}' tags: Name: igw-route @@ -91,10 +56,6 @@ gateway_id: '{{ igw.gateway_id }}' register: route_table - ec2_group: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' name: '{{ resource_prefix }}' description: security group for Ansible ALB integration tests state: present @@ -107,10 +68,6 @@ register: sec_group - name: create a target group for testing elb_target_group: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' name: '{{ tg_name }}' protocol: http port: 80 @@ -121,10 +78,6 @@ always: - name: destroy ALB elb_application_lb: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' name: '{{ alb_name }}' state: absent wait: true @@ -132,10 +85,6 @@ ignore_errors: true - name: destroy target group if it was created elb_target_group: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' name: '{{ tg_name }}' protocol: http port: 80 @@ -151,10 +100,6 @@ ignore_errors: true - name: destroy sec group ec2_group: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' name: '{{ sec_group.group_name }}' description: security group for Ansible ALB integration tests state: absent @@ -166,10 +111,6 @@ ignore_errors: true - name: remove route table ec2_vpc_route_table: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' vpc_id: '{{ vpc.vpc.id }}' route_table_id: '{{ route_table.route_table.route_table_id }}' lookup: id @@ -181,10 +122,6 @@ ignore_errors: true - name: destroy subnets ec2_vpc_subnet: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' cidr: '{{ item.cidr }}' vpc_id: '{{ vpc.vpc.id }}' state: absent @@ -200,10 +137,6 @@ ignore_errors: true - name: destroy internet gateway ec2_vpc_igw: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' vpc_id: '{{ vpc.vpc.id }}' tags: Name: '{{ resource_prefix }}' @@ -215,10 +148,6 @@ ignore_errors: true - name: destroy VPC ec2_vpc_net: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' cidr_block: 10.228.228.0/22 name: '{{ resource_prefix }}_vpc' state: absent diff --git a/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml b/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml index 0d5ed71e7de..7c8bc25e51b 100644 --- a/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml +++ b/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml @@ -1,14 +1,5 @@ - block: - - name: set connection information for all tasks - set_fact: - aws_connection_info: &aws_connection_info - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" - region: "{{ aws_region }}" - no_log: yes - - name: test creating an ALB with invalid listener options elb_application_lb: name: "{{ alb_name }}" @@ -21,7 +12,6 @@ DefaultActions: - Type: forward TargetGroupName: "{{ tg_name }}" - <<: *aws_connection_info ignore_errors: yes register: alb @@ -37,7 +27,6 @@ state: present listeners: - Port: 80 - <<: *aws_connection_info ignore_errors: yes register: alb @@ -60,7 +49,6 @@ DefaultActions: - Type: forward TargetGroupName: "{{ tg_name }}" - <<: *aws_connection_info ignore_errors: yes register: alb diff --git a/tests/integration/targets/elb_application_lb/tasks/test_alb_tags.yml b/tests/integration/targets/elb_application_lb/tasks/test_alb_tags.yml index b7942fa7368..06b6d0249cc 100644 --- a/tests/integration/targets/elb_application_lb/tasks/test_alb_tags.yml +++ b/tests/integration/targets/elb_application_lb/tasks/test_alb_tags.yml @@ -1,21 +1,11 @@ - block: - - name: set connection information for all tasks - set_fact: - aws_connection_info: &aws_connection_info - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" - region: "{{ aws_region }}" - no_log: yes - - name: create ALB with no listeners elb_application_lb: name: "{{ alb_name }}" subnets: "{{ alb_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present - <<: *aws_connection_info register: alb - assert: @@ -28,7 +18,6 @@ subnets: "{{ alb_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present - <<: *aws_connection_info register: alb - assert: @@ -43,7 +32,6 @@ state: present tags: created_by: "ALB test {{ resource_prefix }}" - <<: *aws_connection_info register: alb - assert: @@ -58,7 +46,6 @@ security_groups: "{{ sec_group.group_id }}" state: present tags: {} - <<: *aws_connection_info register: alb - assert: @@ -73,7 +60,6 @@ security_groups: "{{ sec_group.group_id }}" state: present tags: {} - <<: *aws_connection_info register: alb - assert: @@ -85,7 +71,6 @@ elb_application_lb: name: "{{ alb_name }}" state: absent - <<: *aws_connection_info register: alb - assert: diff --git a/tests/integration/targets/elb_application_lb/tasks/test_alb_with_asg.yml b/tests/integration/targets/elb_application_lb/tasks/test_alb_with_asg.yml index de97d5bdc9e..b066d88a210 100644 --- a/tests/integration/targets/elb_application_lb/tasks/test_alb_with_asg.yml +++ b/tests/integration/targets/elb_application_lb/tasks/test_alb_with_asg.yml @@ -1,16 +1,6 @@ - block: - - name: set connection information for all tasks - set_fact: - aws_connection_info: &aws_connection_info - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" - region: "{{ aws_region }}" - no_log: yes - - ec2_ami_info: - <<: *aws_connection_info filters: architecture: x86_64 virtualization-type: hvm @@ -23,19 +13,16 @@ latest_amazon_linux: "{{ amis.images | sort(attribute='creation_date') | last }}" - ec2_asg: - <<: *aws_connection_info state: absent name: "{{ resource_prefix }}-webservers" wait_timeout: 900 - ec2_lc: - <<: *aws_connection_info name: "{{ resource_prefix }}-web-lcfg" state: absent - name: Create launch config for testing ec2_lc: - <<: *aws_connection_info name: "{{ resource_prefix }}-web-lcfg" assign_public_ip: true image_id: "{{ latest_amazon_linux.image_id }}" @@ -56,7 +43,6 @@ - name: Create autoscaling group for app server fleet ec2_asg: - <<: *aws_connection_info name: "{{ resource_prefix }}-webservers" vpc_zone_identifier: "{{ alb_subnets }}" launch_config_name: "{{ resource_prefix }}-web-lcfg" @@ -76,14 +62,12 @@ always: - ec2_asg: - <<: *aws_connection_info state: absent name: "{{ resource_prefix }}-webservers" wait_timeout: 900 ignore_errors: yes - ec2_lc: - <<: *aws_connection_info name: "{{ resource_prefix }}-web-lcfg" state: absent ignore_errors: yes diff --git a/tests/integration/targets/elb_application_lb/tasks/test_creating_alb.yml b/tests/integration/targets/elb_application_lb/tasks/test_creating_alb.yml index ee932d4eded..f5e75ab3872 100644 --- a/tests/integration/targets/elb_application_lb/tasks/test_creating_alb.yml +++ b/tests/integration/targets/elb_application_lb/tasks/test_creating_alb.yml @@ -1,14 +1,5 @@ - block: - - name: set connection information for all tasks - set_fact: - aws_connection_info: &aws_connection_info - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" - region: "{{ aws_region }}" - no_log: yes - - name: create ALB with a listener elb_application_lb: name: "{{ alb_name }}" @@ -21,7 +12,6 @@ DefaultActions: - Type: forward TargetGroupName: "{{ tg_name }}" - <<: *aws_connection_info register: alb - assert: @@ -42,7 +32,6 @@ DefaultActions: - Type: forward TargetGroupName: "{{ tg_name }}" - <<: *aws_connection_info register: alb - assert: diff --git a/tests/integration/targets/elb_application_lb/tasks/test_deleting_alb.yml b/tests/integration/targets/elb_application_lb/tasks/test_deleting_alb.yml index bcbbaac14b7..cf1335d6dbd 100644 --- a/tests/integration/targets/elb_application_lb/tasks/test_deleting_alb.yml +++ b/tests/integration/targets/elb_application_lb/tasks/test_deleting_alb.yml @@ -1,14 +1,5 @@ - block: - - name: set connection information for all tasks - set_fact: - aws_connection_info: &aws_connection_info - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" - region: "{{ aws_region }}" - no_log: yes - - name: destroy ALB with listener elb_application_lb: name: "{{ alb_name }}" @@ -21,7 +12,6 @@ DefaultActions: - Type: forward TargetGroupName: "{{ tg_name }}" - <<: *aws_connection_info wait: yes wait_timeout: 300 register: alb @@ -38,7 +28,6 @@ DefaultActions: - Type: forward TargetGroupName: "{{ tg_name }}" - <<: *aws_connection_info wait: yes wait_timeout: 300 register: alb diff --git a/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml b/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml index a897f9af31f..3cc8a857bca 100644 --- a/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml +++ b/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml @@ -1,14 +1,5 @@ - block: - - name: set connection information for all tasks - set_fact: - aws_connection_info: &aws_connection_info - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" - region: "{{ aws_region }}" - no_log: yes - - name: add a rule to the listener elb_application_lb: name: "{{ alb_name }}" @@ -30,7 +21,6 @@ Actions: - TargetGroupName: "{{ tg_name }}" Type: forward - <<: *aws_connection_info register: alb - assert: @@ -60,7 +50,6 @@ Actions: - TargetGroupName: "{{ tg_name }}" Type: forward - <<: *aws_connection_info register: alb - assert: @@ -80,7 +69,6 @@ DefaultActions: - Type: forward TargetGroupName: "{{ tg_name }}" - <<: *aws_connection_info register: alb - assert: @@ -110,7 +98,6 @@ Actions: - TargetGroupName: "{{ tg_name }}" Type: forward - <<: *aws_connection_info register: alb - assert: @@ -140,7 +127,6 @@ Actions: - TargetGroupName: "{{ tg_name }}" Type: forward - <<: *aws_connection_info register: alb - assert: @@ -172,7 +158,6 @@ Actions: - TargetGroupName: "{{ tg_name }}" Type: forward - <<: *aws_connection_info register: alb - assert: @@ -195,7 +180,6 @@ - Type: forward TargetGroupName: "{{ tg_name }}" Rules: [] - <<: *aws_connection_info register: alb - assert: @@ -210,7 +194,6 @@ security_groups: "{{ sec_group.group_id }}" state: present listeners: [] - <<: *aws_connection_info register: alb - assert: @@ -230,7 +213,6 @@ DefaultActions: - Type: forward TargetGroupName: "{{ tg_name }}" - <<: *aws_connection_info register: alb - assert: diff --git a/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml b/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml index b04024811a0..26bcf2c28f1 100644 --- a/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml +++ b/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml @@ -1,14 +1,5 @@ - block: - - name: set connection information for all tasks - set_fact: - aws_connection_info: &aws_connection_info - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" - region: "{{ aws_region }}" - no_log: yes - - name: register dummy OIDC config set_fact: AuthenticateOidcActionConfig: @@ -45,7 +36,6 @@ elb_application_lb: name: "{{ alb_name }}" state: absent - <<: *aws_connection_info wait: yes wait_timeout: 600 @@ -58,7 +48,6 @@ state: absent wait: yes wait_timeout: 600 - <<: *aws_connection_info register: cleanup_tg retries: 5 delay: 3 @@ -71,7 +60,6 @@ port: 80 vpc_id: "{{ vpc.vpc.id }}" state: present - <<: *aws_connection_info register: tg - name: create ALB with redirect DefaultAction @@ -86,7 +74,6 @@ DefaultActions: - Type: redirect RedirectConfig: "{{ RedirectActionConfig }}" - <<: *aws_connection_info register: alb - assert: @@ -108,7 +95,6 @@ DefaultActions: - Type: redirect RedirectConfig: "{{ RedirectActionConfig }}" - <<: *aws_connection_info register: alb - assert: @@ -130,7 +116,6 @@ DefaultActions: - Type: fixed-response FixedResponseConfig: "{{ FixedResponseActionConfig }}" - <<: *aws_connection_info register: alb - assert: @@ -152,7 +137,6 @@ DefaultActions: - Type: fixed-response FixedResponseConfig: "{{ FixedResponseActionConfig }}" - <<: *aws_connection_info register: alb - assert: @@ -199,7 +183,6 @@ Actions: - Type: fixed-response FixedResponseConfig: "{{ FixedResponseActionConfig }}" - <<: *aws_connection_info register: alb - assert: @@ -251,7 +234,6 @@ Actions: - Type: fixed-response FixedResponseConfig: "{{ FixedResponseActionConfig }}" - <<: *aws_connection_info register: alb - assert: @@ -283,7 +265,6 @@ # - Type: authenticate-oidc # AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" # Order: 1 -# <<: *aws_connection_info # register: alb # # - assert: @@ -307,7 +288,6 @@ # - Type: forward # TargetGroupName: "{{ tg_name }}" # Order: 2 -# <<: *aws_connection_info # register: alb # # - assert: @@ -345,7 +325,6 @@ # - Type: authenticate-oidc # AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" # Order: 1 -# <<: *aws_connection_info # register: alb # # - assert: @@ -384,7 +363,6 @@ # - Type: authenticate-oidc # AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" # Order: 1 -# <<: *aws_connection_info # register: alb # # - assert: @@ -423,7 +401,6 @@ # - Type: forward # TargetGroupName: "{{ tg_name }}" # Order: 2 -# <<: *aws_connection_info # register: alb # # - assert: diff --git a/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions_fail.yml b/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions_fail.yml index 0cc5f96826f..aa61cb7377c 100644 --- a/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions_fail.yml +++ b/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions_fail.yml @@ -1,14 +1,5 @@ - block: - - name: set connection information for all tasks - set_fact: - aws_connection_info: &aws_connection_info - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" - region: "{{ aws_region }}" - no_log: yes - - name: register dummy OIDC config set_fact: AuthenticateOidcActionConfig: @@ -39,7 +30,6 @@ - Type: authenticate-oidc AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" Order: 1 - <<: *aws_connection_info register: alb ignore_errors: yes From 8bbff85389a9be502ddd719ad3bdc8b9cb326ae4 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Wed, 10 Mar 2021 21:07:39 +0100 Subject: [PATCH 21/52] Avoid per-test virtual environments where possible (#467) * Move ec2_launch_template to standard role-type test * Run elb_application_lb in our standard environment * Move elb_target_info to the standard role structure * add remote_tmp_dir dependency to ec2_launch_template * move test_multiple_actions_fail.yml inside full_test so we don't need to run the prep work twice * Rename the ALBs: "my-alb" isn't helpful and resource prefix is likely to change on us * Ensure ALBs are deleted if "failed" tests created something This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/887d62460252fd4555c641bd0b34ab8d06f2e80f --- .../elb_application_lb/defaults/main.yml | 8 +- .../elb_application_lb/tasks/full_test.yml | 67 ++------ .../targets/elb_application_lb/tasks/main.yml | 21 +-- .../tasks/multiple_actions_fail.yml | 158 ------------------ .../tasks/test_alb_bad_listener_options.yml | 10 ++ .../tasks/test_multiple_actions_fail.yml | 10 ++ 6 files changed, 37 insertions(+), 237 deletions(-) delete mode 100644 tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml diff --git a/tests/integration/targets/elb_application_lb/defaults/main.yml b/tests/integration/targets/elb_application_lb/defaults/main.yml index 8100bd55ed0..d0c601c6a04 100644 --- a/tests/integration/targets/elb_application_lb/defaults/main.yml +++ b/tests/integration/targets/elb_application_lb/defaults/main.yml @@ -1,6 +1,4 @@ --- -# load balancer and target group names have to be less than 32 characters -# the 8 digit identifier at the end of resource_prefix helps determine during which test something -# was created and allows tests to be run in parallel -alb_name: "my-alb-{{ resource_prefix | regex_search('([0-9]+)$') }}" -tg_name: "my-tg-{{ resource_prefix | regex_search('([0-9]+)$') }}" +resource_short: "{{ '%0.8x'%((16**8) | random(seed=resource_prefix)) }}" +alb_name: "alb-test-{{ resource_short }}" +tg_name: "alb-test-{{ resource_short }}" diff --git a/tests/integration/targets/elb_application_lb/tasks/full_test.yml b/tests/integration/targets/elb_application_lb/tasks/full_test.yml index f3c3d6807eb..28386fa4844 100644 --- a/tests/integration/targets/elb_application_lb/tasks/full_test.yml +++ b/tests/integration/targets/elb_application_lb/tasks/full_test.yml @@ -1,21 +1,14 @@ - name: elb_application_lb full_test block: + # Setup - name: create VPC ec2_vpc_net: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' cidr_block: 10.228.228.0/22 name: '{{ resource_prefix }}_vpc' state: present register: vpc - name: create internet gateway ec2_vpc_igw: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' vpc_id: '{{ vpc.vpc.id }}' state: present tags: @@ -23,10 +16,6 @@ register: igw - name: create public subnet ec2_vpc_subnet: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' cidr: '{{ item.cidr }}' az: '{{ aws_region}}{{ item.az }}' vpc_id: '{{ vpc.vpc.id }}' @@ -49,10 +38,6 @@ public: 'False' register: subnets - ec2_vpc_subnet_info: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' filters: vpc-id: '{{ vpc.vpc.id }}' register: vpc_subnets @@ -62,10 +47,6 @@ private_subnets: '{{ vpc_subnets|community.general.json_query(''subnets[?tags.Public != `True`].id'') }}' - name: create a route table ec2_vpc_route_table: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' vpc_id: '{{ vpc.vpc.id }}' tags: Name: igw-route @@ -76,10 +57,6 @@ gateway_id: '{{ igw.gateway_id }}' register: route_table - ec2_group: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' name: '{{ resource_prefix }}' description: security group for Ansible ALB integration tests state: present @@ -92,16 +69,19 @@ register: sec_group - name: create a target group for testing elb_target_group: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' name: '{{ tg_name }}' protocol: http port: 80 vpc_id: '{{ vpc.vpc.id }}' state: present register: tg + + # Run tests for graceful failure with an old version of botocore + - include_tasks: test_multiple_actions_fail.yml + vars: + ansible_python_interpreter: "{{ virtualenv_interpreter }}" + + # Run main tests - include_tasks: test_alb_bad_listener_options.yml - include_tasks: test_alb_tags.yml - include_tasks: test_creating_alb.yml @@ -109,24 +89,19 @@ - include_tasks: test_modifying_alb_listeners.yml - include_tasks: test_deleting_alb.yml - include_tasks: test_multiple_actions.yml + always: + # Cleanup - name: destroy ALB elb_application_lb: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' name: '{{ alb_name }}' state: absent wait: true wait_timeout: 600 ignore_errors: true + - name: destroy target group if it was created elb_target_group: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' name: '{{ tg_name }}' protocol: http port: 80 @@ -142,10 +117,6 @@ ignore_errors: true - name: destroy sec group ec2_group: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' name: '{{ sec_group.group_name }}' description: security group for Ansible ALB integration tests state: absent @@ -157,10 +128,6 @@ ignore_errors: true - name: remove route table ec2_vpc_route_table: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' vpc_id: '{{ vpc.vpc.id }}' route_table_id: '{{ route_table.route_table.route_table_id }}' lookup: id @@ -172,10 +139,6 @@ ignore_errors: true - name: destroy subnets ec2_vpc_subnet: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' cidr: '{{ item.cidr }}' vpc_id: '{{ vpc.vpc.id }}' state: absent @@ -191,10 +154,6 @@ ignore_errors: true - name: destroy internet gateway ec2_vpc_igw: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' vpc_id: '{{ vpc.vpc.id }}' tags: Name: '{{ resource_prefix }}' @@ -206,10 +165,6 @@ ignore_errors: true - name: destroy VPC ec2_vpc_net: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' cidr_block: 10.228.228.0/22 name: '{{ resource_prefix }}_vpc' state: absent diff --git a/tests/integration/targets/elb_application_lb/tasks/main.yml b/tests/integration/targets/elb_application_lb/tasks/main.yml index 3956aba57d6..5bf26c54fd5 100644 --- a/tests/integration/targets/elb_application_lb/tasks/main.yml +++ b/tests/integration/targets/elb_application_lb/tasks/main.yml @@ -9,6 +9,7 @@ region: '{{ aws_region }}' block: + # Prepare a virtual environment for multiple_actions_fail.yml - set_fact: virtualenv: "{{ remote_tmp_dir }}/virtualenv" virtualenv_command: "{{ ansible_python_interpreter }} -m virtualenv" @@ -30,25 +31,9 @@ virtualenv_command: "{{ virtualenv_command }}" virtualenv_site_packages: no - - include_tasks: multiple_actions_fail.yml - vars: - ansible_python_interpreter: "{{ virtualenv_interpreter }}" - - - - pip: - name: - - 'botocore>=1.10.30' - - boto3 - - boto - - coverage<5 - - cryptography - virtualenv: "{{ virtualenv }}" - virtualenv_command: "{{ virtualenv_command }}" - virtualenv_site_packages: no - - include_tasks: full_test.yml - vars: - ansible_python_interpreter: "{{ virtualenv_interpreter }}" + + always: - file: path: "{{ virtualenv }}" diff --git a/tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml b/tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml deleted file mode 100644 index b70801df4e9..00000000000 --- a/tests/integration/targets/elb_application_lb/tasks/multiple_actions_fail.yml +++ /dev/null @@ -1,158 +0,0 @@ -- name: elb_application_lb multiple_actions_fail tests - block: - - name: create VPC - ec2_vpc_net: - cidr_block: 10.228.228.0/22 - name: '{{ resource_prefix }}_vpc' - state: present - register: vpc - - name: create internet gateway - ec2_vpc_igw: - vpc_id: '{{ vpc.vpc.id }}' - state: present - tags: - Name: '{{ resource_prefix }}' - register: igw - - name: create public subnet - ec2_vpc_subnet: - cidr: '{{ item.cidr }}' - az: '{{ aws_region}}{{ item.az }}' - vpc_id: '{{ vpc.vpc.id }}' - state: present - tags: - Public: '{{ item.public|string }}' - Name: '{{ item.public|ternary(''public'', ''private'') }}-{{ item.az }}' - with_items: - - cidr: 10.228.228.0/24 - az: a - public: 'True' - - cidr: 10.228.229.0/24 - az: b - public: 'True' - - cidr: 10.228.230.0/24 - az: a - public: 'False' - - cidr: 10.228.231.0/24 - az: b - public: 'False' - register: subnets - - ec2_vpc_subnet_facts: - filters: - vpc-id: '{{ vpc.vpc.id }}' - register: vpc_subnets - - name: create list of subnet ids - set_fact: - alb_subnets: '{{ vpc_subnets|community.general.json_query(''subnets[?tags.Public == `True`].id'') }}' - private_subnets: '{{ vpc_subnets|community.general.json_query(''subnets[?tags.Public != `True`].id'') }}' - - name: create a route table - ec2_vpc_route_table: - vpc_id: '{{ vpc.vpc.id }}' - tags: - Name: igw-route - Created: '{{ resource_prefix }}' - subnets: '{{ alb_subnets + private_subnets }}' - routes: - - dest: 0.0.0.0/0 - gateway_id: '{{ igw.gateway_id }}' - register: route_table - - ec2_group: - name: '{{ resource_prefix }}' - description: security group for Ansible ALB integration tests - state: present - vpc_id: '{{ vpc.vpc.id }}' - rules: - - proto: tcp - from_port: 1 - to_port: 65535 - cidr_ip: 0.0.0.0/0 - register: sec_group - - name: create a target group for testing - elb_target_group: - name: '{{ tg_name }}' - protocol: http - port: 80 - vpc_id: '{{ vpc.vpc.id }}' - state: present - register: tg - - include_tasks: test_multiple_actions_fail.yml - always: - - name: destroy ALB - elb_application_lb: - name: '{{ alb_name }}' - state: absent - wait: true - wait_timeout: 600 - ignore_errors: true - - name: destroy target group if it was created - elb_target_group: - name: '{{ tg_name }}' - protocol: http - port: 80 - vpc_id: '{{ vpc.vpc.id }}' - state: absent - wait: true - wait_timeout: 600 - register: remove_tg - retries: 10 - delay: 5 - until: remove_tg is success - when: tg is defined - ignore_errors: true - - name: destroy sec group - ec2_group: - name: '{{ sec_group.group_name }}' - description: security group for Ansible ALB integration tests - state: absent - vpc_id: '{{ vpc.vpc.id }}' - register: remove_sg - retries: 10 - delay: 5 - until: remove_sg is success - ignore_errors: true - - name: remove route table - ec2_vpc_route_table: - vpc_id: '{{ vpc.vpc.id }}' - route_table_id: '{{ route_table.route_table.route_table_id }}' - lookup: id - state: absent - register: remove_rt - retries: 10 - delay: 5 - until: remove_rt is success - ignore_errors: true - - name: destroy subnets - ec2_vpc_subnet: - cidr: '{{ item.cidr }}' - vpc_id: '{{ vpc.vpc.id }}' - state: absent - register: remove_subnet - retries: 10 - delay: 5 - until: remove_subnet is success - with_items: - - cidr: 10.228.228.0/24 - - cidr: 10.228.229.0/24 - - cidr: 10.228.230.0/24 - - cidr: 10.228.231.0/24 - ignore_errors: true - - name: destroy internet gateway - ec2_vpc_igw: - vpc_id: '{{ vpc.vpc.id }}' - tags: - Name: '{{ resource_prefix }}' - state: absent - register: remove_igw - retries: 10 - delay: 5 - until: remove_igw is success - ignore_errors: true - - name: destroy VPC - ec2_vpc_net: - cidr_block: 10.228.228.0/22 - name: '{{ resource_prefix }}_vpc' - state: absent - register: remove_vpc - retries: 10 - delay: 5 - until: remove_vpc is success - ignore_errors: true diff --git a/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml b/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml index 7c8bc25e51b..a811e3f3054 100644 --- a/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml +++ b/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml @@ -56,3 +56,13 @@ that: - alb is failed - "'unable to convert to int' in alb.msg" + + always: + # Cleanup + - name: destroy ALB if created + elb_application_lb: + name: '{{ alb_name }}' + state: absent + wait: true + wait_timeout: 600 + ignore_errors: true diff --git a/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions_fail.yml b/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions_fail.yml index aa61cb7377c..2e0d0700825 100644 --- a/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions_fail.yml +++ b/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions_fail.yml @@ -38,3 +38,13 @@ that: - alb.failed - 'alb.msg == "installed version of botocore does not support multiple actions, please upgrade botocore to version 1.10.30 or higher"' + + always: + # Cleanup + - name: destroy ALB if created + elb_application_lb: + name: '{{ alb_name }}' + state: absent + wait: true + wait_timeout: 600 + ignore_errors: true From b249b579aa8dca78e5e1b47c8ef8bb806c5a95e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gon=C3=A9ri=20Le=20Bouder?= Date: Tue, 16 Mar 2021 14:48:00 -0400 Subject: [PATCH 22/52] elb_application_lb: test a rule based on http-header (#347) * elb_application_lb: test a rule based on http-header This should initially fail and be fixed the day https://github.com/ansible-collections/amazon.aws/pull/188 is merged. See: https://github.com/ansible-collections/amazon.aws/pull/187 See: https://github.com/ansible-collections/community.aws/issues/117 Co-authored-by: Mark Chappell This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/8c0ea48b2904b200e30aabc4118f35816ce92544 --- .../tasks/test_multiple_actions.yml | 64 +++++++++++++++---- 1 file changed, 50 insertions(+), 14 deletions(-) diff --git a/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml b/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml index 26bcf2c28f1..da56a98716b 100644 --- a/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml +++ b/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml @@ -159,11 +159,27 @@ - Type: fixed-response FixedResponseConfig: "{{ FixedResponseActionConfig }}" Rules: + - Conditions: + - Field: http-header + HttpHeaderConfig: + HttpHeaderName: 'User-Agent' + Values: ['*Trident/7:0*rv:*'] + - Field: http-header + HttpHeaderConfig: + HttpHeaderName: 'X-Something' + Values: ['foobar'] + Priority: '1' + Actions: + - Type: fixed-response + FixedResponseConfig: + StatusCode: "200" + ContentType: "text/html" + MessageBody: "Hello World!" - Conditions: - Field: path-pattern Values: - "/forward-path/*" - Priority: 1 + Priority: 2 Actions: - Type: forward TargetGroupName: "{{ tg_name }}" @@ -171,7 +187,7 @@ - Field: path-pattern Values: - "/redirect-path/*" - Priority: 2 + Priority: 3 Actions: - Type: redirect RedirectConfig: "{{ RedirectActionConfig }}" @@ -179,7 +195,7 @@ - Field: path-pattern Values: - "/fixed-response-path/" - Priority: 3 + Priority: 4 Actions: - Type: fixed-response FixedResponseConfig: "{{ FixedResponseActionConfig }}" @@ -189,13 +205,15 @@ that: - alb.changed - alb.listeners|length == 1 - - alb.listeners[0].rules|length == 4 ## defaultactions is included as a rule + - alb.listeners[0].rules|length == 5 ## defaultactions is included as a rule - alb.listeners[0].rules[0].actions|length == 1 - - alb.listeners[0].rules[0].actions[0].type == "forward" + - alb.listeners[0].rules[0].actions[0].type == "fixed-response" - alb.listeners[0].rules[1].actions|length == 1 - - alb.listeners[0].rules[1].actions[0].type == "redirect" + - alb.listeners[0].rules[1].actions[0].type == "forward" - alb.listeners[0].rules[2].actions|length == 1 - - alb.listeners[0].rules[2].actions[0].type == "fixed-response" + - alb.listeners[0].rules[2].actions[0].type == "redirect" + - alb.listeners[0].rules[3].actions|length == 1 + - alb.listeners[0].rules[3].actions[0].type == "fixed-response" - name: test idempotence multiple non-default rules elb_application_lb: @@ -210,11 +228,27 @@ - Type: fixed-response FixedResponseConfig: "{{ FixedResponseActionConfig }}" Rules: + - Conditions: + - Field: http-header + HttpHeaderConfig: + HttpHeaderName: 'User-Agent' + Values: ['*Trident/7:0*rv:*'] + - Field: http-header + HttpHeaderConfig: + HttpHeaderName: 'X-Something' + Values: ['foobar'] + Priority: '1' + Actions: + - Type: fixed-response + FixedResponseConfig: + StatusCode: "200" + ContentType: "text/html" + MessageBody: "Hello World!" - Conditions: - Field: path-pattern Values: - "/forward-path/*" - Priority: 1 + Priority: 2 Actions: - Type: forward TargetGroupName: "{{ tg_name }}" @@ -222,7 +256,7 @@ - Field: path-pattern Values: - "/redirect-path/*" - Priority: 2 + Priority: 3 Actions: - Type: redirect RedirectConfig: "{{ RedirectActionConfig }}" @@ -230,7 +264,7 @@ - Field: path-pattern Values: - "/fixed-response-path/" - Priority: 3 + Priority: 4 Actions: - Type: fixed-response FixedResponseConfig: "{{ FixedResponseActionConfig }}" @@ -240,13 +274,15 @@ that: - not alb.changed - alb.listeners|length == 1 - - alb.listeners[0].rules|length == 4 ## defaultactions is included as a rule + - alb.listeners[0].rules|length == 5 ## defaultactions is included as a rule - alb.listeners[0].rules[0].actions|length == 1 - - alb.listeners[0].rules[0].actions[0].type == "forward" + - alb.listeners[0].rules[0].actions[0].type == "fixed-response" - alb.listeners[0].rules[1].actions|length == 1 - - alb.listeners[0].rules[1].actions[0].type == "redirect" + - alb.listeners[0].rules[1].actions[0].type == "forward" - alb.listeners[0].rules[2].actions|length == 1 - - alb.listeners[0].rules[2].actions[0].type == "fixed-response" + - alb.listeners[0].rules[2].actions[0].type == "redirect" + - alb.listeners[0].rules[3].actions|length == 1 + - alb.listeners[0].rules[3].actions[0].type == "fixed-response" # - name: test creating ALB with a default listener with multiple actions From ee981d60d8f56374a527722fe8f63a68a8c889df Mon Sep 17 00:00:00 2001 From: abikouo Date: Thu, 25 Mar 2021 14:23:46 +0100 Subject: [PATCH 23/52] update elb modules adding ip_address_type parameters This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/3ddf6d0f3d0207d50d3678ddb82bc1e5ad307cb1 --- plugins/modules/elb_application_lb.py | 16 +++- plugins/modules/elb_application_lb_info.py | 31 +++---- .../elb_application_lb/tasks/full_test.yml | 32 +++++-- .../test_alb_ip_address_type_options.yml | 93 +++++++++++++++++++ .../targets/elb_application_lb_info/aliases | 2 + .../elb_application_lb_info/defaults/main.yml | 4 + .../elb_application_lb_info/meta/main.yml | 2 + .../tasks/full_test.yml | 11 +++ .../elb_application_lb_info/tasks/main.yml | 40 ++++++++ .../elb_application_lb_info/tasks/setup.yml | 83 +++++++++++++++++ .../tasks/teardown.yml | 83 +++++++++++++++++ .../tasks/test_elb_application_lb_info.yml | 41 ++++++++ 12 files changed, 410 insertions(+), 28 deletions(-) create mode 100644 tests/integration/targets/elb_application_lb/tasks/test_alb_ip_address_type_options.yml create mode 100644 tests/integration/targets/elb_application_lb_info/aliases create mode 100644 tests/integration/targets/elb_application_lb_info/defaults/main.yml create mode 100644 tests/integration/targets/elb_application_lb_info/meta/main.yml create mode 100644 tests/integration/targets/elb_application_lb_info/tasks/full_test.yml create mode 100644 tests/integration/targets/elb_application_lb_info/tasks/main.yml create mode 100644 tests/integration/targets/elb_application_lb_info/tasks/setup.yml create mode 100644 tests/integration/targets/elb_application_lb_info/tasks/teardown.yml create mode 100644 tests/integration/targets/elb_application_lb_info/tasks/test_elb_application_lb_info.yml diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index f154c8803ff..9dcab533c9c 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -179,6 +179,12 @@ - When set to C(no), keep the existing load balancer rules in place. Will modify and add, but will not delete. default: yes type: bool + ip_address_type: + description: + - Sets the type of IP addresses used by the subnets of the specified Application Load Balancer. + default: "ipv4" + choices: [ 'ipv4', 'dualstack' ] + type: str extends_documentation_fragment: - amazon.aws.aws - amazon.aws.ec2 @@ -476,7 +482,6 @@ def create_or_update_elb(elb_obj): """Create ELB or modify main attributes. json_exit here""" - if elb_obj.elb: # ELB exists so check subnets, security groups and tags match what has been passed @@ -562,6 +567,9 @@ def create_or_update_elb(elb_obj): rule_obj.modify() elb_obj.changed = True + # Update ELB ip address type only if option has been provided + if elb_obj.module.params.get('ip_address_type') is not None : + elb_obj.modify_ip_address_type(elb_obj.module.params.get('ip_address_type')) # Get the ELB again elb_obj.update() @@ -583,6 +591,9 @@ def create_or_update_elb(elb_obj): # Change tags to ansible friendly dict snaked_elb['tags'] = boto3_tag_list_to_ansible_dict(snaked_elb['tags']) + # ip address type + snaked_elb['ip_address_type']=elb_obj.get_elb_ip_address_type() + elb_obj.module.exit_json(changed=elb_obj.changed, **snaked_elb) @@ -629,7 +640,8 @@ def main(): tags=dict(type='dict'), wait_timeout=dict(type='int'), wait=dict(default=False, type='bool'), - purge_rules=dict(default=True, type='bool') + purge_rules=dict(default=True, type='bool'), + ip_address_type=dict(type='str', choices=['ipv4', 'dualstack']) ) module = AnsibleAWSModule(argument_spec=argument_spec, diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index e3003789911..9d3ad385556 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -70,96 +70,82 @@ contains: access_logs_s3_bucket: description: The name of the S3 bucket for the access logs. - returned: when status is present type: str sample: mys3bucket access_logs_s3_enabled: description: Indicates whether access logs stored in Amazon S3 are enabled. - returned: when status is present type: str sample: true access_logs_s3_prefix: description: The prefix for the location in the S3 bucket. - returned: when status is present type: str sample: /my/logs availability_zones: description: The Availability Zones for the load balancer. - returned: when status is present type: list sample: "[{'subnet_id': 'subnet-aabbccddff', 'zone_name': 'ap-southeast-2a'}]" canonical_hosted_zone_id: description: The ID of the Amazon Route 53 hosted zone associated with the load balancer. - returned: when status is present type: str sample: ABCDEF12345678 created_time: description: The date and time the load balancer was created. - returned: when status is present type: str sample: "2015-02-12T02:14:02+00:00" deletion_protection_enabled: description: Indicates whether deletion protection is enabled. - returned: when status is present type: str sample: true dns_name: description: The public DNS name of the load balancer. - returned: when status is present type: str sample: internal-my-elb-123456789.ap-southeast-2.elb.amazonaws.com idle_timeout_timeout_seconds: description: The idle timeout value, in seconds. - returned: when status is present type: str sample: 60 ip_address_type: description: The type of IP addresses used by the subnets for the load balancer. - returned: when status is present type: str sample: ipv4 load_balancer_arn: description: The Amazon Resource Name (ARN) of the load balancer. - returned: when status is present type: str sample: arn:aws:elasticloadbalancing:ap-southeast-2:0123456789:loadbalancer/app/my-elb/001122334455 load_balancer_name: description: The name of the load balancer. - returned: when status is present type: str sample: my-elb scheme: description: Internet-facing or internal load balancer. - returned: when status is present type: str sample: internal security_groups: description: The IDs of the security groups for the load balancer. - returned: when status is present type: list sample: ['sg-0011223344'] state: description: The state of the load balancer. - returned: when status is present type: dict sample: "{'code': 'active'}" tags: description: The tags attached to the load balancer. - returned: when status is present type: dict sample: "{ 'Tag': 'Example' }" type: description: The type of load balancer. - returned: when status is present type: str sample: application vpc_id: description: The ID of the VPC for the load balancer. - returned: when status is present type: str sample: vpc-0011223344 + ip_address_type: + description: The type of IP addresses used by the subnets for the load balancer. + type: str + sample: ipv4 ''' try: @@ -213,6 +199,12 @@ def get_load_balancer_tags(connection, module, load_balancer_arn): module.fail_json_aws(e, msg="Failed to describe load balancer tags") +def get_load_balancer_ipaddresstype(connection, load_balancer_arn) : + try: + return connection.describe_load_balancers(LoadBalancerArns=[load_balancer_arn])['LoadBalancers'][0]['IpAddressType'] + except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: + module.fail_json_aws(e, msg="Failed to describe load balancer tags") + def list_load_balancers(connection, module): load_balancer_arns = module.params.get("load_balancer_arns") @@ -242,6 +234,9 @@ def list_load_balancers(connection, module): for listener in load_balancer['listeners']: listener['rules'] = get_listener_rules(connection, module, listener['ListenerArn']) + # Get ELB ip address type + load_balancer['IpAddressType']=get_load_balancer_ipaddresstype(connection, load_balancer['LoadBalancerArn']) + # Turn the boto3 result in to ansible_friendly_snaked_names snaked_load_balancers = [camel_dict_to_snake_dict(load_balancer) for load_balancer in load_balancers['LoadBalancers']] diff --git a/tests/integration/targets/elb_application_lb/tasks/full_test.yml b/tests/integration/targets/elb_application_lb/tasks/full_test.yml index 28386fa4844..bf68f93aefa 100644 --- a/tests/integration/targets/elb_application_lb/tasks/full_test.yml +++ b/tests/integration/targets/elb_application_lb/tasks/full_test.yml @@ -6,6 +6,7 @@ cidr_block: 10.228.228.0/22 name: '{{ resource_prefix }}_vpc' state: present + ipv6_cidr: true register: vpc - name: create internet gateway ec2_vpc_igw: @@ -14,7 +15,7 @@ tags: Name: '{{ resource_prefix }}' register: igw - - name: create public subnet + - name: create private subnet ec2_vpc_subnet: cidr: '{{ item.cidr }}' az: '{{ aws_region}}{{ item.az }}' @@ -24,19 +25,33 @@ Public: '{{ item.public|string }}' Name: '{{ item.public|ternary(''public'', ''private'') }}-{{ item.az }}' with_items: - - cidr: 10.228.228.0/24 - az: a - public: 'True' - - cidr: 10.228.229.0/24 - az: b - public: 'True' - cidr: 10.228.230.0/24 az: a public: 'False' - cidr: 10.228.231.0/24 az: b public: 'False' - register: subnets + + - name: create public subnets with ipv6 + ec2_vpc_subnet: + cidr: '{{ item.cidr }}' + az: '{{ aws_region}}{{ item.az }}' + vpc_id: '{{ vpc.vpc.id }}' + state: present + ipv6_cidr: '{{ item.vpc_ipv6_cidr }}' + tags: + Public: '{{ item.public|string }}' + Name: '{{ item.public|ternary(''public'', ''private'') }}-{{ item.az }}' + with_items: + - cidr: 10.228.228.0/24 + az: a + public: 'True' + vpc_ipv6_cidr: "{{ vpc.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('0::/56','0::/64') }}" + - cidr: 10.228.229.0/24 + az: b + public: 'True' + vpc_ipv6_cidr: "{{ vpc.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('0::/56','1::/64') }}" + - ec2_vpc_subnet_info: filters: vpc-id: '{{ vpc.vpc.id }}' @@ -83,6 +98,7 @@ # Run main tests - include_tasks: test_alb_bad_listener_options.yml + - include_tasks: test_alb_ip_address_type_options.yml - include_tasks: test_alb_tags.yml - include_tasks: test_creating_alb.yml - include_tasks: test_alb_with_asg.yml diff --git a/tests/integration/targets/elb_application_lb/tasks/test_alb_ip_address_type_options.yml b/tests/integration/targets/elb_application_lb/tasks/test_alb_ip_address_type_options.yml new file mode 100644 index 00000000000..788befe2765 --- /dev/null +++ b/tests/integration/targets/elb_application_lb/tasks/test_alb_ip_address_type_options.yml @@ -0,0 +1,93 @@ +- block: + - name: set elb name for ipv6 + set_fact: + elb_name_ipv6: "{{ alb_name ~ 'ipv6' }}" + + - name: test creating an ELB with invalid ip address type + elb_application_lb: + name: "{{ elb_name_ipv6 }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: "ipv6" + ignore_errors: yes + register: elb + + - assert: + that: + - elb is failed + + - name: test creating an ELB with dualstack ip adress type + elb_application_lb: + name: "{{ elb_name_ipv6 }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: "dualstack" + register: elb + + - assert: + that: + - elb.ip_address_type == "dualstack" + + - name: test updating an ELB with ipv4 adress type + elb_application_lb: + name: "{{ elb_name_ipv6 }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: "ipv4" + register: elb + + - assert: + that: + - elb.changed + - elb.ip_address_type == "ipv4" + + - name: test idempotence updating an ELB with ipv4 adress type + elb_application_lb: + name: "{{ elb_name_ipv6 }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: "ipv4" + register: elb + + - assert: + that: + - not elb.changed + - elb.ip_address_type == "ipv4" + + always: + # Cleanup + - name: destroy ALB if created + elb_application_lb: + name: '{{ elb_name_ipv6 }}' + state: absent + wait: true + wait_timeout: 600 + ignore_errors: true diff --git a/tests/integration/targets/elb_application_lb_info/aliases b/tests/integration/targets/elb_application_lb_info/aliases new file mode 100644 index 00000000000..6e3860bee23 --- /dev/null +++ b/tests/integration/targets/elb_application_lb_info/aliases @@ -0,0 +1,2 @@ +cloud/aws +shippable/aws/group2 diff --git a/tests/integration/targets/elb_application_lb_info/defaults/main.yml b/tests/integration/targets/elb_application_lb_info/defaults/main.yml new file mode 100644 index 00000000000..d0c601c6a04 --- /dev/null +++ b/tests/integration/targets/elb_application_lb_info/defaults/main.yml @@ -0,0 +1,4 @@ +--- +resource_short: "{{ '%0.8x'%((16**8) | random(seed=resource_prefix)) }}" +alb_name: "alb-test-{{ resource_short }}" +tg_name: "alb-test-{{ resource_short }}" diff --git a/tests/integration/targets/elb_application_lb_info/meta/main.yml b/tests/integration/targets/elb_application_lb_info/meta/main.yml new file mode 100644 index 00000000000..bc4ebde80b9 --- /dev/null +++ b/tests/integration/targets/elb_application_lb_info/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - setup_remote_tmp_dir \ No newline at end of file diff --git a/tests/integration/targets/elb_application_lb_info/tasks/full_test.yml b/tests/integration/targets/elb_application_lb_info/tasks/full_test.yml new file mode 100644 index 00000000000..c74c2b958de --- /dev/null +++ b/tests/integration/targets/elb_application_lb_info/tasks/full_test.yml @@ -0,0 +1,11 @@ +- name: elb_application_lb full_test + block: + # setup + - include_tasks: setup.yml + + # Run main tests + - include_tasks: test_elb_application_lb_info.yml + + always: + # Cleanup + - include_tasks: teardown.yml \ No newline at end of file diff --git a/tests/integration/targets/elb_application_lb_info/tasks/main.yml b/tests/integration/targets/elb_application_lb_info/tasks/main.yml new file mode 100644 index 00000000000..4ec0660c237 --- /dev/null +++ b/tests/integration/targets/elb_application_lb_info/tasks/main.yml @@ -0,0 +1,40 @@ +- name: 'elb_application_lb_info integration tests' + collections: + - amazon.aws + module_defaults: + group/aws: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token | default(omit) }}' + region: '{{ aws_region }}' + block: + + # Prepare a virtual environment for multiple_actions_fail.yml + - set_fact: + virtualenv: "{{ remote_tmp_dir }}/virtualenv" + virtualenv_command: "{{ ansible_python_interpreter }} -m virtualenv" + + - set_fact: + virtualenv_interpreter: "{{ virtualenv }}/bin/python" + + - pip: + name: virtualenv + + - pip: + name: + - 'botocore<1.10.30' + - boto3 + - boto + - coverage<5 + - cryptography + virtualenv: "{{ virtualenv }}" + virtualenv_command: "{{ virtualenv_command }}" + virtualenv_site_packages: no + + - include_tasks: full_test.yml + + always: + + - file: + path: "{{ virtualenv }}" + state: absent diff --git a/tests/integration/targets/elb_application_lb_info/tasks/setup.yml b/tests/integration/targets/elb_application_lb_info/tasks/setup.yml new file mode 100644 index 00000000000..5dc4122b128 --- /dev/null +++ b/tests/integration/targets/elb_application_lb_info/tasks/setup.yml @@ -0,0 +1,83 @@ +- name: elb_application_lb_info setup + block: + - name: create VPC + ec2_vpc_net: + cidr_block: 10.228.228.0/22 + name: '{{ resource_prefix }}_vpc' + state: present + register: vpc + + - name: create internet gateway + ec2_vpc_igw: + vpc_id: '{{ vpc.vpc.id }}' + state: present + tags: + Name: '{{ resource_prefix }}' + register: igw + + - name: create public subnet + ec2_vpc_subnet: + cidr: '{{ item.cidr }}' + az: '{{ aws_region}}{{ item.az }}' + vpc_id: '{{ vpc.vpc.id }}' + state: present + tags: + Public: '{{ item.public|string }}' + Name: '{{ item.public|ternary(''public'', ''private'') }}-{{ item.az }}' + with_items: + - cidr: 10.228.228.0/24 + az: a + public: 'True' + - cidr: 10.228.229.0/24 + az: b + public: 'True' + - cidr: 10.228.230.0/24 + az: a + public: 'False' + - cidr: 10.228.231.0/24 + az: b + public: 'False' + register: subnets + + - ec2_vpc_subnet_info: + filters: + vpc-id: '{{ vpc.vpc.id }}' + register: vpc_subnets + + - name: create list of subnet ids + set_fact: + alb_subnets: '{{ vpc_subnets|community.general.json_query(''subnets[?tags.Public == `True`].id'') }}' + private_subnets: '{{ vpc_subnets|community.general.json_query(''subnets[?tags.Public != `True`].id'') }}' + + - name: create a route table + ec2_vpc_route_table: + vpc_id: '{{ vpc.vpc.id }}' + tags: + Name: igw-route + Created: '{{ resource_prefix }}' + subnets: '{{ alb_subnets + private_subnets }}' + routes: + - dest: 0.0.0.0/0 + gateway_id: '{{ igw.gateway_id }}' + register: route_table + + - ec2_group: + name: '{{ resource_prefix }}' + description: security group for Ansible ALB integration tests + state: present + vpc_id: '{{ vpc.vpc.id }}' + rules: + - proto: tcp + from_port: 1 + to_port: 65535 + cidr_ip: 0.0.0.0/0 + register: sec_group + + - name: create a target group for testing + elb_target_group: + name: '{{ tg_name }}' + protocol: http + port: 80 + vpc_id: '{{ vpc.vpc.id }}' + state: present + register: tg \ No newline at end of file diff --git a/tests/integration/targets/elb_application_lb_info/tasks/teardown.yml b/tests/integration/targets/elb_application_lb_info/tasks/teardown.yml new file mode 100644 index 00000000000..24326e343a6 --- /dev/null +++ b/tests/integration/targets/elb_application_lb_info/tasks/teardown.yml @@ -0,0 +1,83 @@ +- name: elb_application_lb_info teardown + block: + - name: destroy ALB + elb_application_lb: + name: '{{ alb_name }}' + state: absent + wait: true + wait_timeout: 600 + ignore_errors: true + + - name: destroy target group if it was created + elb_target_group: + name: '{{ tg_name }}' + protocol: http + port: 80 + vpc_id: '{{ vpc.vpc.id }}' + state: absent + wait: true + wait_timeout: 600 + register: remove_tg + retries: 5 + delay: 3 + until: remove_tg is success + when: tg is defined + ignore_errors: true + - name: destroy sec group + ec2_group: + name: '{{ sec_group.group_name }}' + description: security group for Ansible ALB integration tests + state: absent + vpc_id: '{{ vpc.vpc.id }}' + register: remove_sg + retries: 10 + delay: 5 + until: remove_sg is success + ignore_errors: true + - name: remove route table + ec2_vpc_route_table: + vpc_id: '{{ vpc.vpc.id }}' + route_table_id: '{{ route_table.route_table.route_table_id }}' + lookup: id + state: absent + register: remove_rt + retries: 10 + delay: 5 + until: remove_rt is success + ignore_errors: true + - name: destroy subnets + ec2_vpc_subnet: + cidr: '{{ item.cidr }}' + vpc_id: '{{ vpc.vpc.id }}' + state: absent + register: remove_subnet + retries: 10 + delay: 5 + until: remove_subnet is success + with_items: + - cidr: 10.228.228.0/24 + - cidr: 10.228.229.0/24 + - cidr: 10.228.230.0/24 + - cidr: 10.228.231.0/24 + ignore_errors: true + - name: destroy internet gateway + ec2_vpc_igw: + vpc_id: '{{ vpc.vpc.id }}' + tags: + Name: '{{ resource_prefix }}' + state: absent + register: remove_igw + retries: 10 + delay: 5 + until: remove_igw is success + ignore_errors: true + - name: destroy VPC + ec2_vpc_net: + cidr_block: 10.228.228.0/22 + name: '{{ resource_prefix }}_vpc' + state: absent + register: remove_vpc + retries: 10 + delay: 5 + until: remove_vpc is success + ignore_errors: true diff --git a/tests/integration/targets/elb_application_lb_info/tasks/test_elb_application_lb_info.yml b/tests/integration/targets/elb_application_lb_info/tasks/test_elb_application_lb_info.yml new file mode 100644 index 00000000000..229ac43001b --- /dev/null +++ b/tests/integration/targets/elb_application_lb_info/tasks/test_elb_application_lb_info.yml @@ -0,0 +1,41 @@ +- block: + + - name: create ALB with a listener + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ alb_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + register: alb + + - assert: + that: + - alb.changed + - alb.listeners|length == 1 + - alb.listeners[0].rules|length == 1 + + - name: ELB applicaiton info using load balancer arn + elb_application_lb_info: + load_balancer_arns: + - "{{ alb.load_balancer_arn }}" + register: elb_app_lb_info + + - assert: + that: + - elb_app_lb_info.load_balancers[0].ip_address_type == 'ipv4' + + - name: ELB applicaiton info using load balancer name + elb_application_lb_info: + names: + - "{{ alb.load_balancer_name }}" + register: elb_app_lb_info + + - assert: + that: + - elb_app_lb_info.load_balancers[0].ip_address_type == 'ipv4' From 8f3b22fb9dfba506152e86352f444edc0385bcf9 Mon Sep 17 00:00:00 2001 From: abikouo Date: Mon, 29 Mar 2021 15:04:09 +0200 Subject: [PATCH 24/52] lint validation This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/49c303cd3defb2c2d8131767b5e145f2e2095258 --- plugins/modules/elb_application_lb.py | 1 - plugins/modules/elb_application_lb_info.py | 8 ++------ 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index 9dcab533c9c..0d0695a0352 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -182,7 +182,6 @@ ip_address_type: description: - Sets the type of IP addresses used by the subnets of the specified Application Load Balancer. - default: "ipv4" choices: [ 'ipv4', 'dualstack' ] type: str extends_documentation_fragment: diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index 9d3ad385556..17fd1324683 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -142,10 +142,6 @@ description: The ID of the VPC for the load balancer. type: str sample: vpc-0011223344 - ip_address_type: - description: The type of IP addresses used by the subnets for the load balancer. - type: str - sample: ipv4 ''' try: @@ -199,7 +195,7 @@ def get_load_balancer_tags(connection, module, load_balancer_arn): module.fail_json_aws(e, msg="Failed to describe load balancer tags") -def get_load_balancer_ipaddresstype(connection, load_balancer_arn) : +def get_load_balancer_ipaddresstype(connection, module, load_balancer_arn) : try: return connection.describe_load_balancers(LoadBalancerArns=[load_balancer_arn])['LoadBalancers'][0]['IpAddressType'] except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: @@ -235,7 +231,7 @@ def list_load_balancers(connection, module): listener['rules'] = get_listener_rules(connection, module, listener['ListenerArn']) # Get ELB ip address type - load_balancer['IpAddressType']=get_load_balancer_ipaddresstype(connection, load_balancer['LoadBalancerArn']) + load_balancer['IpAddressType']=get_load_balancer_ipaddresstype(connection,module,load_balancer['LoadBalancerArn']) # Turn the boto3 result in to ansible_friendly_snaked_names snaked_load_balancers = [camel_dict_to_snake_dict(load_balancer) for load_balancer in load_balancers['LoadBalancers']] From 2871a303ea3098fc96616af6eae3315210bf5f5a Mon Sep 17 00:00:00 2001 From: abikouo Date: Mon, 29 Mar 2021 15:58:27 +0200 Subject: [PATCH 25/52] pep8 linting This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/22763336415c4154180dad7eb3af6997ac659cb3 --- plugins/modules/elb_application_lb.py | 6 +++--- plugins/modules/elb_application_lb_info.py | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index 0d0695a0352..284d392891f 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -567,8 +567,8 @@ def create_or_update_elb(elb_obj): elb_obj.changed = True # Update ELB ip address type only if option has been provided - if elb_obj.module.params.get('ip_address_type') is not None : - elb_obj.modify_ip_address_type(elb_obj.module.params.get('ip_address_type')) + if elb_obj.module.params.get('ip_address_type') is not None: + elb_obj.modify_ip_address_type(elb_obj.module.params.get('ip_address_type')) # Get the ELB again elb_obj.update() @@ -591,7 +591,7 @@ def create_or_update_elb(elb_obj): snaked_elb['tags'] = boto3_tag_list_to_ansible_dict(snaked_elb['tags']) # ip address type - snaked_elb['ip_address_type']=elb_obj.get_elb_ip_address_type() + snaked_elb['ip_address_type'] = elb_obj.get_elb_ip_address_type() elb_obj.module.exit_json(changed=elb_obj.changed, **snaked_elb) diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index 17fd1324683..fcf06e1473c 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -195,14 +195,14 @@ def get_load_balancer_tags(connection, module, load_balancer_arn): module.fail_json_aws(e, msg="Failed to describe load balancer tags") -def get_load_balancer_ipaddresstype(connection, module, load_balancer_arn) : +def get_load_balancer_ipaddresstype(connection, module, load_balancer_arn): try: return connection.describe_load_balancers(LoadBalancerArns=[load_balancer_arn])['LoadBalancers'][0]['IpAddressType'] except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: module.fail_json_aws(e, msg="Failed to describe load balancer tags") -def list_load_balancers(connection, module): +def list_load_balancers(connection, module): load_balancer_arns = module.params.get("load_balancer_arns") names = module.params.get("names") @@ -231,7 +231,7 @@ def list_load_balancers(connection, module): listener['rules'] = get_listener_rules(connection, module, listener['ListenerArn']) # Get ELB ip address type - load_balancer['IpAddressType']=get_load_balancer_ipaddresstype(connection,module,load_balancer['LoadBalancerArn']) + load_balancer['IpAddressType'] = get_load_balancer_ipaddresstype(connection, module, load_balancer['LoadBalancerArn']) # Turn the boto3 result in to ansible_friendly_snaked_names snaked_load_balancers = [camel_dict_to_snake_dict(load_balancer) for load_balancer in load_balancers['LoadBalancers']] From b1ba737896ddea5f19571a5fe6fec6f3da7af5dd Mon Sep 17 00:00:00 2001 From: abikouo <79859644+abikouo@users.noreply.github.com> Date: Tue, 20 Apr 2021 11:07:35 +0200 Subject: [PATCH 26/52] Update main.yml This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/c9bd8641d603889b395c7122d95509c5dba70b33 --- tests/integration/targets/elb_application_lb_info/meta/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/targets/elb_application_lb_info/meta/main.yml b/tests/integration/targets/elb_application_lb_info/meta/main.yml index bc4ebde80b9..1810d4bec98 100644 --- a/tests/integration/targets/elb_application_lb_info/meta/main.yml +++ b/tests/integration/targets/elb_application_lb_info/meta/main.yml @@ -1,2 +1,2 @@ dependencies: - - setup_remote_tmp_dir \ No newline at end of file + - setup_remote_tmp_dir From 43145bda20f4337d1d4d53437c7f9839b7b813d7 Mon Sep 17 00:00:00 2001 From: abikouo <79859644+abikouo@users.noreply.github.com> Date: Tue, 20 Apr 2021 11:07:49 +0200 Subject: [PATCH 27/52] Update full_test.yml This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/708b3d5b20b961385bd2c11a744932c6d98998d2 --- .../targets/elb_application_lb_info/tasks/full_test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/targets/elb_application_lb_info/tasks/full_test.yml b/tests/integration/targets/elb_application_lb_info/tasks/full_test.yml index c74c2b958de..7603a0454ab 100644 --- a/tests/integration/targets/elb_application_lb_info/tasks/full_test.yml +++ b/tests/integration/targets/elb_application_lb_info/tasks/full_test.yml @@ -8,4 +8,4 @@ always: # Cleanup - - include_tasks: teardown.yml \ No newline at end of file + - include_tasks: teardown.yml From 1962f50dd53ed5d9c0030d384f2fb90b1143b535 Mon Sep 17 00:00:00 2001 From: abikouo <79859644+abikouo@users.noreply.github.com> Date: Tue, 20 Apr 2021 11:08:10 +0200 Subject: [PATCH 28/52] Update setup.yml This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/1e8e79cb95fef4c2642ba4c1ad1b5e0e058b0f60 --- .../targets/elb_application_lb_info/tasks/setup.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/integration/targets/elb_application_lb_info/tasks/setup.yml b/tests/integration/targets/elb_application_lb_info/tasks/setup.yml index 5dc4122b128..f2304b44e7e 100644 --- a/tests/integration/targets/elb_application_lb_info/tasks/setup.yml +++ b/tests/integration/targets/elb_application_lb_info/tasks/setup.yml @@ -80,4 +80,5 @@ port: 80 vpc_id: '{{ vpc.vpc.id }}' state: present - register: tg \ No newline at end of file + register: tg + From fc287feac3c205423480227bd45554e20cf64e4c Mon Sep 17 00:00:00 2001 From: abikouo <79859644+abikouo@users.noreply.github.com> Date: Fri, 23 Apr 2021 08:29:47 +0200 Subject: [PATCH 29/52] Update plugins/modules/elb_application_lb_info.py Co-authored-by: Jill R <4121322+jillr@users.noreply.github.com> This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/390404150110cd671e5219df78895776f200cfee --- plugins/modules/elb_application_lb_info.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index fcf06e1473c..3848bc4766b 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -199,7 +199,7 @@ def get_load_balancer_ipaddresstype(connection, module, load_balancer_arn): try: return connection.describe_load_balancers(LoadBalancerArns=[load_balancer_arn])['LoadBalancers'][0]['IpAddressType'] except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Failed to describe load balancer tags") + module.fail_json_aws(e, msg="Failed to describe load balancer ip address type") def list_load_balancers(connection, module): From 82940aac785ee51a5a1edfced06efd42095c7bbe Mon Sep 17 00:00:00 2001 From: abikouo <79859644+abikouo@users.noreply.github.com> Date: Fri, 23 Apr 2021 08:32:15 +0200 Subject: [PATCH 30/52] Update test_alb_ip_address_type_options.yml This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/ad8b1b40e930e8d2263f263108f358ae575a31fd --- .../tasks/test_alb_ip_address_type_options.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/targets/elb_application_lb/tasks/test_alb_ip_address_type_options.yml b/tests/integration/targets/elb_application_lb/tasks/test_alb_ip_address_type_options.yml index 788befe2765..9249d1161c0 100644 --- a/tests/integration/targets/elb_application_lb/tasks/test_alb_ip_address_type_options.yml +++ b/tests/integration/targets/elb_application_lb/tasks/test_alb_ip_address_type_options.yml @@ -15,7 +15,7 @@ DefaultActions: - Type: forward TargetGroupName: "{{ tg_name }}" - ip_address_type: "ipv6" + ip_address_type: "ip_addr_v4_v6" ignore_errors: yes register: elb From b6c279d2a6fba49e130f90943190e0ed5f7913ca Mon Sep 17 00:00:00 2001 From: abikouo <79859644+abikouo@users.noreply.github.com> Date: Fri, 23 Apr 2021 08:39:41 +0200 Subject: [PATCH 31/52] Update setup.yml This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/1f46c21df188aac2f054223fdae7b773366b4dbf --- .../targets/elb_application_lb_info/tasks/setup.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/integration/targets/elb_application_lb_info/tasks/setup.yml b/tests/integration/targets/elb_application_lb_info/tasks/setup.yml index f2304b44e7e..8e19ca76e14 100644 --- a/tests/integration/targets/elb_application_lb_info/tasks/setup.yml +++ b/tests/integration/targets/elb_application_lb_info/tasks/setup.yml @@ -46,8 +46,8 @@ - name: create list of subnet ids set_fact: - alb_subnets: '{{ vpc_subnets|community.general.json_query(''subnets[?tags.Public == `True`].id'') }}' - private_subnets: '{{ vpc_subnets|community.general.json_query(''subnets[?tags.Public != `True`].id'') }}' + alb_subnets: '{{ ( vpc_subnets.subnets | selectattr('tags.Public', 'equalto', 'True') | map(attribute='id') | list ) }}' + private_subnets: '{{ ( vpc_subnets.subnets | rejectattr('tags.Public', 'equalto', 'True') | map(attribute='id') | list ) }}' - name: create a route table ec2_vpc_route_table: From bff6672a04d9e31a023bf9cca9461fccb2ae75f1 Mon Sep 17 00:00:00 2001 From: aubin Date: Fri, 23 Apr 2021 09:46:12 +0200 Subject: [PATCH 32/52] sanity This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/608e0d86b54731e6cdcecf9aaf53a532156837f4 --- .../targets/elb_application_lb_info/tasks/setup.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/integration/targets/elb_application_lb_info/tasks/setup.yml b/tests/integration/targets/elb_application_lb_info/tasks/setup.yml index 8e19ca76e14..26289d230d0 100644 --- a/tests/integration/targets/elb_application_lb_info/tasks/setup.yml +++ b/tests/integration/targets/elb_application_lb_info/tasks/setup.yml @@ -46,8 +46,8 @@ - name: create list of subnet ids set_fact: - alb_subnets: '{{ ( vpc_subnets.subnets | selectattr('tags.Public', 'equalto', 'True') | map(attribute='id') | list ) }}' - private_subnets: '{{ ( vpc_subnets.subnets | rejectattr('tags.Public', 'equalto', 'True') | map(attribute='id') | list ) }}' + alb_subnets: "{{ ( vpc_subnets.subnets | selectattr('tags.Public', 'equalto', 'True') | map(attribute='id') | list ) }}" + private_subnets: "{{ ( vpc_subnets.subnets | rejectattr('tags.Public', 'equalto', 'True') | map(attribute='id') | list ) }}" - name: create a route table ec2_vpc_route_table: From efa47695585a55f6eb8c0ac89169e0e54f2bc2e7 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Thu, 6 May 2021 21:01:46 +0200 Subject: [PATCH 33/52] Update the default module requirements from python 2.6/boto to python 3.6/boto3 This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/c097c55293be0834a2b9d394733ec28965d142d7 --- plugins/modules/elb_application_lb.py | 1 - plugins/modules/elb_application_lb_info.py | 1 - 2 files changed, 2 deletions(-) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index 284d392891f..4b547ace1c2 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -25,7 +25,6 @@ short_description: Manage an Application Load Balancer description: - Manage an AWS Application Elastic Load Balancer. See U(https://aws.amazon.com/blogs/aws/new-aws-application-load-balancer/) for details. -requirements: [ boto3 ] author: "Rob White (@wimnat)" options: access_logs_enabled: diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index 3848bc4766b..d04bd0d8261 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -14,7 +14,6 @@ description: - Gather information about application ELBs in AWS - This module was called C(elb_application_lb_facts) before Ansible 2.9. The usage did not change. -requirements: [ boto3 ] author: Rob White (@wimnat) options: load_balancer_arns: From 6dd056be878c58a4ad869ec4c5ddc22508966c90 Mon Sep 17 00:00:00 2001 From: jillr Date: Thu, 29 Apr 2021 21:58:50 +0000 Subject: [PATCH 34/52] Remove shippable references from repo This collection has been operating on Zuul CI for some weeks now This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/4e0d83c65568a99a24307e37a14e6e0b173c948b --- tests/integration/targets/elb_application_lb/aliases | 1 - tests/integration/targets/elb_application_lb_info/aliases | 1 - 2 files changed, 2 deletions(-) diff --git a/tests/integration/targets/elb_application_lb/aliases b/tests/integration/targets/elb_application_lb/aliases index 6e3860bee23..4ef4b2067d0 100644 --- a/tests/integration/targets/elb_application_lb/aliases +++ b/tests/integration/targets/elb_application_lb/aliases @@ -1,2 +1 @@ cloud/aws -shippable/aws/group2 diff --git a/tests/integration/targets/elb_application_lb_info/aliases b/tests/integration/targets/elb_application_lb_info/aliases index 6e3860bee23..4ef4b2067d0 100644 --- a/tests/integration/targets/elb_application_lb_info/aliases +++ b/tests/integration/targets/elb_application_lb_info/aliases @@ -1,2 +1 @@ cloud/aws -shippable/aws/group2 From 07b086f9a6dc162667fd5c545968706c929afd6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gon=C3=A9ri=20Le=20Bouder?= Date: Wed, 14 Jul 2021 10:58:14 +0200 Subject: [PATCH 35/52] tests: flag elb_application_lb as slow elb_application_lb can take more than to 15 minutes to run. This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/8a66ea27e09bbbf0cce6acae491aa886d7ff1e09 --- tests/integration/targets/elb_application_lb/aliases | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/integration/targets/elb_application_lb/aliases b/tests/integration/targets/elb_application_lb/aliases index 4ef4b2067d0..500826a1d4f 100644 --- a/tests/integration/targets/elb_application_lb/aliases +++ b/tests/integration/targets/elb_application_lb/aliases @@ -1 +1,2 @@ cloud/aws +slow From 10202bc51d5b740c82b2fe419526fd114970d61f Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Fri, 6 Aug 2021 11:00:29 +0200 Subject: [PATCH 36/52] Remove integration tests for unsupported versions of boto3/botocore This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/817dab108d670077e2c5d80ed1f8b9f81ab2815e --- .../elb_application_lb/tasks/full_test.yml | 5 -- .../targets/elb_application_lb/tasks/main.yml | 28 ----------- .../tasks/test_multiple_actions_fail.yml | 50 ------------------- .../elb_application_lb_info/tasks/main.yml | 29 ----------- 4 files changed, 112 deletions(-) delete mode 100644 tests/integration/targets/elb_application_lb/tasks/test_multiple_actions_fail.yml diff --git a/tests/integration/targets/elb_application_lb/tasks/full_test.yml b/tests/integration/targets/elb_application_lb/tasks/full_test.yml index bf68f93aefa..e260d0f7f5c 100644 --- a/tests/integration/targets/elb_application_lb/tasks/full_test.yml +++ b/tests/integration/targets/elb_application_lb/tasks/full_test.yml @@ -91,11 +91,6 @@ state: present register: tg - # Run tests for graceful failure with an old version of botocore - - include_tasks: test_multiple_actions_fail.yml - vars: - ansible_python_interpreter: "{{ virtualenv_interpreter }}" - # Run main tests - include_tasks: test_alb_bad_listener_options.yml - include_tasks: test_alb_ip_address_type_options.yml diff --git a/tests/integration/targets/elb_application_lb/tasks/main.yml b/tests/integration/targets/elb_application_lb/tasks/main.yml index 5bf26c54fd5..90914288d88 100644 --- a/tests/integration/targets/elb_application_lb/tasks/main.yml +++ b/tests/integration/targets/elb_application_lb/tasks/main.yml @@ -9,32 +9,4 @@ region: '{{ aws_region }}' block: - # Prepare a virtual environment for multiple_actions_fail.yml - - set_fact: - virtualenv: "{{ remote_tmp_dir }}/virtualenv" - virtualenv_command: "{{ ansible_python_interpreter }} -m virtualenv" - - - set_fact: - virtualenv_interpreter: "{{ virtualenv }}/bin/python" - - - pip: - name: virtualenv - - - pip: - name: - - 'botocore<1.10.30' - - boto3 - - boto - - coverage<5 - - cryptography - virtualenv: "{{ virtualenv }}" - virtualenv_command: "{{ virtualenv_command }}" - virtualenv_site_packages: no - - include_tasks: full_test.yml - - always: - - - file: - path: "{{ virtualenv }}" - state: absent diff --git a/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions_fail.yml b/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions_fail.yml deleted file mode 100644 index 2e0d0700825..00000000000 --- a/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions_fail.yml +++ /dev/null @@ -1,50 +0,0 @@ -- block: - - - name: register dummy OIDC config - set_fact: - AuthenticateOidcActionConfig: - AuthorizationEndpoint: "https://www.example.com/auth" - ClientId: "eeeeeeeeeeeeeeeeeeeeeeeeee" - ClientSecret: "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" - Issuer: "https://www.example.com/issuer" - OnUnauthenticatedRequest: "authenticate" - Scope: "openid" - SessionCookieName: "AWSELBAuthSessionCookie" - SessionTimeout: 604800 - TokenEndpoint: "https://www.example.com/token" - UserInfoEndpoint: "https://www.example.com/userinfo" - - - name: create ALB with multiple DefaultActions - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Order: 2 - - Type: authenticate-oidc - AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" - Order: 1 - register: alb - ignore_errors: yes - - - name: check for a graceful failure message - assert: - that: - - alb.failed - - 'alb.msg == "installed version of botocore does not support multiple actions, please upgrade botocore to version 1.10.30 or higher"' - - always: - # Cleanup - - name: destroy ALB if created - elb_application_lb: - name: '{{ alb_name }}' - state: absent - wait: true - wait_timeout: 600 - ignore_errors: true diff --git a/tests/integration/targets/elb_application_lb_info/tasks/main.yml b/tests/integration/targets/elb_application_lb_info/tasks/main.yml index 4ec0660c237..5d9eb4fe73f 100644 --- a/tests/integration/targets/elb_application_lb_info/tasks/main.yml +++ b/tests/integration/targets/elb_application_lb_info/tasks/main.yml @@ -8,33 +8,4 @@ security_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: - - # Prepare a virtual environment for multiple_actions_fail.yml - - set_fact: - virtualenv: "{{ remote_tmp_dir }}/virtualenv" - virtualenv_command: "{{ ansible_python_interpreter }} -m virtualenv" - - - set_fact: - virtualenv_interpreter: "{{ virtualenv }}/bin/python" - - - pip: - name: virtualenv - - - pip: - name: - - 'botocore<1.10.30' - - boto3 - - boto - - coverage<5 - - cryptography - virtualenv: "{{ virtualenv }}" - virtualenv_command: "{{ virtualenv_command }}" - virtualenv_site_packages: no - - include_tasks: full_test.yml - - always: - - - file: - path: "{{ virtualenv }}" - state: absent From 6b75b6187a3e710a97d457bfde60e4c701508aef Mon Sep 17 00:00:00 2001 From: Jill R <4121322+jillr@users.noreply.github.com> Date: Thu, 2 Dec 2021 02:58:06 -0700 Subject: [PATCH 37/52] Remove deprecated "facts" aliases (#814) Remove deprecated "facts" aliases SUMMARY Modules named "facts.py" that do not return ansible_facts were renamed to "info.py" in 2.9. Remove these aliases now that the deprecation period is over. This PR should be included in 3.0.0 of the collection. ISSUE TYPE Bugfix Pull Request COMPONENT NAME *_facts.py Reviewed-by: Mark Chappell Reviewed-by: Jill R Reviewed-by: None This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/68aaa7057be46a3ab36f572fd0013d64653af909 --- plugins/modules/elb_application_lb_facts.py | 1 - plugins/modules/elb_application_lb_info.py | 4 ---- 2 files changed, 5 deletions(-) delete mode 120000 plugins/modules/elb_application_lb_facts.py diff --git a/plugins/modules/elb_application_lb_facts.py b/plugins/modules/elb_application_lb_facts.py deleted file mode 120000 index c5ee0eaca83..00000000000 --- a/plugins/modules/elb_application_lb_facts.py +++ /dev/null @@ -1 +0,0 @@ -elb_application_lb_info.py \ No newline at end of file diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index d04bd0d8261..ddac4fe9629 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -13,7 +13,6 @@ short_description: Gather information about application ELBs in AWS description: - Gather information about application ELBs in AWS - - This module was called C(elb_application_lb_facts) before Ansible 2.9. The usage did not change. author: Rob White (@wimnat) options: load_balancer_arns: @@ -254,9 +253,6 @@ def main(): mutually_exclusive=[['load_balancer_arns', 'names']], supports_check_mode=True, ) - if module._name == 'elb_application_lb_facts': - module.deprecate("The 'elb_application_lb_facts' module has been renamed to 'elb_application_lb_info'", - date='2021-12-01', collection_name='community.aws') try: connection = module.client('elbv2') From 5d4a479657f454b838a7511f791eaac51ab53099 Mon Sep 17 00:00:00 2001 From: Joseph Torcasso <87090265+jatorcasso@users.noreply.github.com> Date: Wed, 9 Feb 2022 17:44:52 -0500 Subject: [PATCH 38/52] add check_mode for elb_application_lb* & refactor integration tests (#894) add check_mode for elb_application_lb* & refactor integration tests SUMMARY Add check_mode support for elb_application_lb* & refactor integration tests. ISSUE TYPE Feature Pull Request COMPONENT NAME elb_application_lb elb_application_lb_info Reviewed-by: Alina Buzachis Reviewed-by: Joseph Torcasso Reviewed-by: Jill R Reviewed-by: Mark Woolley This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/239136bc63e2d771eff9af0e0108ee50956a845f --- plugins/modules/elb_application_lb.py | 252 ++-- plugins/modules/elb_application_lb_info.py | 135 +- .../targets/elb_application_lb/aliases | 1 + .../elb_application_lb/defaults/main.yml | 10 + .../elb_application_lb/tasks/full_test.yml | 186 --- .../targets/elb_application_lb/tasks/main.yml | 1170 ++++++++++++++++- .../tasks/test_alb_bad_listener_options.yml | 68 - .../test_alb_ip_address_type_options.yml | 93 -- .../tasks/test_alb_tags.yml | 78 -- .../tasks/test_alb_with_asg.yml | 73 - .../tasks/test_creating_alb.yml | 41 - .../tasks/test_deleting_alb.yml | 37 - .../tasks/test_modifying_alb_listeners.yml | 222 ---- .../tasks/test_multiple_actions.yml | 447 ------- .../targets/elb_application_lb_info/aliases | 1 - .../elb_application_lb_info/defaults/main.yml | 4 - .../elb_application_lb_info/meta/main.yml | 2 - .../tasks/full_test.yml | 11 - .../elb_application_lb_info/tasks/main.yml | 11 - .../elb_application_lb_info/tasks/setup.yml | 84 -- .../tasks/teardown.yml | 83 -- .../tasks/test_elb_application_lb_info.yml | 41 - 22 files changed, 1438 insertions(+), 1612 deletions(-) delete mode 100644 tests/integration/targets/elb_application_lb/tasks/full_test.yml delete mode 100644 tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml delete mode 100644 tests/integration/targets/elb_application_lb/tasks/test_alb_ip_address_type_options.yml delete mode 100644 tests/integration/targets/elb_application_lb/tasks/test_alb_tags.yml delete mode 100644 tests/integration/targets/elb_application_lb/tasks/test_alb_with_asg.yml delete mode 100644 tests/integration/targets/elb_application_lb/tasks/test_creating_alb.yml delete mode 100644 tests/integration/targets/elb_application_lb/tasks/test_deleting_alb.yml delete mode 100644 tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml delete mode 100644 tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml delete mode 100644 tests/integration/targets/elb_application_lb_info/aliases delete mode 100644 tests/integration/targets/elb_application_lb_info/defaults/main.yml delete mode 100644 tests/integration/targets/elb_application_lb_info/meta/main.yml delete mode 100644 tests/integration/targets/elb_application_lb_info/tasks/full_test.yml delete mode 100644 tests/integration/targets/elb_application_lb_info/tasks/main.yml delete mode 100644 tests/integration/targets/elb_application_lb_info/tasks/setup.yml delete mode 100644 tests/integration/targets/elb_application_lb_info/tasks/teardown.yml delete mode 100644 tests/integration/targets/elb_application_lb_info/tasks/test_elb_application_lb_info.yml diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index 4b547ace1c2..32c0f28bd95 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -48,7 +48,7 @@ type: str deletion_protection: description: - - Indicates whether deletion protection for the ELB is enabled. + - Indicates whether deletion protection for the ALB is enabled. - Defaults to C(false). type: bool http2: @@ -62,7 +62,7 @@ type: int listeners: description: - - A list of dicts containing listeners to attach to the ELB. See examples for detail of the dict required. Note that listener keys + - A list of dicts containing listeners to attach to the ALB. See examples for detail of the dict required. Note that listener keys are CamelCased. type: list elements: dict @@ -123,7 +123,7 @@ type: str purge_listeners: description: - - If C(yes), existing listeners will be purged from the ELB to match exactly what is defined by I(listeners) parameter. + - If C(yes), existing listeners will be purged from the ALB to match exactly what is defined by I(listeners) parameter. - If the I(listeners) parameter is not set then listeners will not be modified. default: yes type: bool @@ -149,7 +149,7 @@ elements: str scheme: description: - - Internet-facing or internal load balancer. An ELB scheme can not be modified after creation. + - Internet-facing or internal load balancer. An ALB scheme can not be modified after creation. default: internet-facing choices: [ 'internet-facing', 'internal' ] type: str @@ -195,9 +195,9 @@ EXAMPLES = r''' # Note: These examples do not set authentication details, see the AWS Guide for details. -# Create an ELB and attach a listener +# Create an ALB and attach a listener - community.aws.elb_application_lb: - name: myelb + name: myalb security_groups: - sg-12345678 - my-sec-group @@ -216,12 +216,12 @@ TargetGroupName: # Required. The name of the target group state: present -# Create an ELB and attach a listener with logging enabled +# Create an ALB and attach a listener with logging enabled - community.aws.elb_application_lb: access_logs_enabled: yes access_logs_s3_bucket: mybucket access_logs_s3_prefix: "logs" - name: myelb + name: myalb security_groups: - sg-12345678 - my-sec-group @@ -303,9 +303,9 @@ Type: forward state: present -# Remove an ELB +# Remove an ALB - community.aws.elb_application_lb: - name: myelb + name: myalb state: absent ''' @@ -315,27 +315,32 @@ description: The name of the S3 bucket for the access logs. returned: when state is present type: str - sample: mys3bucket + sample: "mys3bucket" access_logs_s3_enabled: description: Indicates whether access logs stored in Amazon S3 are enabled. returned: when state is present - type: str + type: bool sample: true access_logs_s3_prefix: description: The prefix for the location in the S3 bucket. returned: when state is present type: str - sample: my/logs + sample: "my/logs" availability_zones: description: The Availability Zones for the load balancer. returned: when state is present type: list - sample: "[{'subnet_id': 'subnet-aabbccddff', 'zone_name': 'ap-southeast-2a'}]" + sample: [{ "load_balancer_addresses": [], "subnet_id": "subnet-aabbccddff", "zone_name": "ap-southeast-2a" }] canonical_hosted_zone_id: description: The ID of the Amazon Route 53 hosted zone associated with the load balancer. returned: when state is present type: str - sample: ABCDEF12345678 + sample: "ABCDEF12345678" +changed: + description: Whether an ALB was created/updated/deleted + returned: always + type: bool + sample: true created_time: description: The date and time the load balancer was created. returned: when state is present @@ -344,23 +349,23 @@ deletion_protection_enabled: description: Indicates whether deletion protection is enabled. returned: when state is present - type: str + type: bool sample: true dns_name: description: The public DNS name of the load balancer. returned: when state is present type: str - sample: internal-my-elb-123456789.ap-southeast-2.elb.amazonaws.com + sample: "internal-my-elb-123456789.ap-southeast-2.elb.amazonaws.com" idle_timeout_timeout_seconds: description: The idle timeout value, in seconds. returned: when state is present type: int sample: 60 ip_address_type: - description: The type of IP addresses used by the subnets for the load balancer. + description: The type of IP addresses used by the subnets for the load balancer. returned: when state is present type: str - sample: ipv4 + sample: "ipv4" listeners: description: Information about the listeners. returned: when state is present @@ -385,7 +390,7 @@ description: The protocol for connections from clients to the load balancer. returned: when state is present type: str - sample: HTTPS + sample: "HTTPS" certificates: description: The SSL server certificate. returned: when state is present @@ -420,22 +425,42 @@ description: The Amazon Resource Name (ARN) of the load balancer. returned: when state is present type: str - sample: arn:aws:elasticloadbalancing:ap-southeast-2:0123456789:loadbalancer/app/my-elb/001122334455 + sample: "arn:aws:elasticloadbalancing:ap-southeast-2:0123456789:loadbalancer/app/my-alb/001122334455" load_balancer_name: description: The name of the load balancer. returned: when state is present type: str - sample: my-elb + sample: "my-alb" routing_http2_enabled: description: Indicates whether HTTP/2 is enabled. returned: when state is present - type: str + type: bool sample: true +routing_http_desync_mitigation_mode: + description: Determines how the load balancer handles requests that might pose a security risk to an application. + returned: when state is present + type: str + sample: "defensive" +routing_http_drop_invalid_header_fields_enabled: + description: Indicates whether HTTP headers with invalid header fields are removed by the load balancer (true) or routed to targets (false). + returned: when state is present + type: bool + sample: false +routing_http_x_amzn_tls_version_and_cipher_suite_enabled: + description: Indicates whether the two headers are added to the client request before sending it to the target. + returned: when state is present + type: bool + sample: false +routing_http_xff_client_port_enabled: + description: Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer. + returned: when state is present + type: bool + sample: false scheme: description: Internet-facing or internal load balancer. returned: when state is present type: str - sample: internal + sample: "internal" security_groups: description: The IDs of the security groups for the load balancer. returned: when state is present @@ -445,29 +470,35 @@ description: The state of the load balancer. returned: when state is present type: dict - sample: "{'code': 'active'}" + sample: {'code': 'active'} tags: description: The tags attached to the load balancer. returned: when state is present type: dict - sample: "{ + sample: { 'Tag': 'Example' - }" + } type: description: The type of load balancer. returned: when state is present type: str - sample: application + sample: "application" vpc_id: description: The ID of the VPC for the load balancer. returned: when state is present type: str - sample: vpc-0011223344 + sample: "vpc-0011223344" +waf_fail_open_enabled: + description: Indicates whether to allow a AWS WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. + returned: when state is present + type: bool + sample: false ''' from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict, boto3_tag_list_to_ansible_dict, compare_aws_tags - +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import compare_aws_tags from ansible_collections.amazon.aws.plugins.module_utils.elbv2 import ( ApplicationLoadBalancer, ELBListener, @@ -478,134 +509,170 @@ from ansible_collections.amazon.aws.plugins.module_utils.elb_utils import get_elb_listener_rules -def create_or_update_elb(elb_obj): - """Create ELB or modify main attributes. json_exit here""" - if elb_obj.elb: - # ELB exists so check subnets, security groups and tags match what has been passed - +def create_or_update_alb(alb_obj): + """Create ALB or modify main attributes. json_exit here""" + if alb_obj.elb: + # ALB exists so check subnets, security groups and tags match what has been passed # Subnets - if not elb_obj.compare_subnets(): - elb_obj.modify_subnets() + if not alb_obj.compare_subnets(): + if alb_obj.module.check_mode: + alb_obj.module.exit_json(changed=True, msg='Would have updated ALB if not in check mode.') + alb_obj.modify_subnets() # Security Groups - if not elb_obj.compare_security_groups(): - elb_obj.modify_security_groups() + if not alb_obj.compare_security_groups(): + if alb_obj.module.check_mode: + alb_obj.module.exit_json(changed=True, msg='Would have updated ALB if not in check mode.') + alb_obj.modify_security_groups() # Tags - only need to play with tags if tags parameter has been set to something - if elb_obj.tags is not None: + if alb_obj.tags is not None: + + tags_need_modify, tags_to_delete = compare_aws_tags(boto3_tag_list_to_ansible_dict(alb_obj.elb['tags']), + boto3_tag_list_to_ansible_dict(alb_obj.tags), alb_obj.purge_tags) + + # Exit on check_mode + if alb_obj.module.check_mode and (tags_need_modify or tags_to_delete): + alb_obj.module.exit_json(changed=True, msg='Would have updated ALB if not in check mode.') # Delete necessary tags - tags_need_modify, tags_to_delete = compare_aws_tags(boto3_tag_list_to_ansible_dict(elb_obj.elb['tags']), - boto3_tag_list_to_ansible_dict(elb_obj.tags), elb_obj.purge_tags) if tags_to_delete: - elb_obj.delete_tags(tags_to_delete) + alb_obj.delete_tags(tags_to_delete) # Add/update tags if tags_need_modify: - elb_obj.modify_tags() + alb_obj.modify_tags() else: # Create load balancer - elb_obj.create_elb() + if alb_obj.module.check_mode: + alb_obj.module.exit_json(changed=True, msg='Would have created ALB if not in check mode.') + alb_obj.create_elb() - # ELB attributes - elb_obj.update_elb_attributes() - elb_obj.modify_elb_attributes() + # ALB attributes + alb_obj.update_elb_attributes() + alb_obj.modify_elb_attributes() # Listeners - listeners_obj = ELBListeners(elb_obj.connection, elb_obj.module, elb_obj.elb['LoadBalancerArn']) - + listeners_obj = ELBListeners(alb_obj.connection, alb_obj.module, alb_obj.elb['LoadBalancerArn']) listeners_to_add, listeners_to_modify, listeners_to_delete = listeners_obj.compare_listeners() + # Exit on check_mode + if alb_obj.module.check_mode and (listeners_to_add or listeners_to_modify or listeners_to_delete): + alb_obj.module.exit_json(changed=True, msg='Would have updated ALB if not in check mode.') + # Delete listeners for listener_to_delete in listeners_to_delete: - listener_obj = ELBListener(elb_obj.connection, elb_obj.module, listener_to_delete, elb_obj.elb['LoadBalancerArn']) + listener_obj = ELBListener(alb_obj.connection, alb_obj.module, listener_to_delete, alb_obj.elb['LoadBalancerArn']) listener_obj.delete() listeners_obj.changed = True # Add listeners for listener_to_add in listeners_to_add: - listener_obj = ELBListener(elb_obj.connection, elb_obj.module, listener_to_add, elb_obj.elb['LoadBalancerArn']) + listener_obj = ELBListener(alb_obj.connection, alb_obj.module, listener_to_add, alb_obj.elb['LoadBalancerArn']) listener_obj.add() listeners_obj.changed = True # Modify listeners for listener_to_modify in listeners_to_modify: - listener_obj = ELBListener(elb_obj.connection, elb_obj.module, listener_to_modify, elb_obj.elb['LoadBalancerArn']) + listener_obj = ELBListener(alb_obj.connection, alb_obj.module, listener_to_modify, alb_obj.elb['LoadBalancerArn']) listener_obj.modify() listeners_obj.changed = True - # If listeners changed, mark ELB as changed + # If listeners changed, mark ALB as changed if listeners_obj.changed: - elb_obj.changed = True + alb_obj.changed = True # Rules of each listener for listener in listeners_obj.listeners: if 'Rules' in listener: - rules_obj = ELBListenerRules(elb_obj.connection, elb_obj.module, elb_obj.elb['LoadBalancerArn'], listener['Rules'], listener['Port']) - + rules_obj = ELBListenerRules(alb_obj.connection, alb_obj.module, alb_obj.elb['LoadBalancerArn'], listener['Rules'], listener['Port']) rules_to_add, rules_to_modify, rules_to_delete = rules_obj.compare_rules() + # Exit on check_mode + if alb_obj.module.check_mode and (rules_to_add or rules_to_modify or rules_to_delete): + alb_obj.module.exit_json(changed=True, msg='Would have updated ALB if not in check mode.') + # Delete rules - if elb_obj.module.params['purge_rules']: + if alb_obj.module.params['purge_rules']: for rule in rules_to_delete: - rule_obj = ELBListenerRule(elb_obj.connection, elb_obj.module, {'RuleArn': rule}, rules_obj.listener_arn) + rule_obj = ELBListenerRule(alb_obj.connection, alb_obj.module, {'RuleArn': rule}, rules_obj.listener_arn) rule_obj.delete() - elb_obj.changed = True + alb_obj.changed = True # Add rules for rule in rules_to_add: - rule_obj = ELBListenerRule(elb_obj.connection, elb_obj.module, rule, rules_obj.listener_arn) + rule_obj = ELBListenerRule(alb_obj.connection, alb_obj.module, rule, rules_obj.listener_arn) rule_obj.create() - elb_obj.changed = True + alb_obj.changed = True # Modify rules for rule in rules_to_modify: - rule_obj = ELBListenerRule(elb_obj.connection, elb_obj.module, rule, rules_obj.listener_arn) + rule_obj = ELBListenerRule(alb_obj.connection, alb_obj.module, rule, rules_obj.listener_arn) rule_obj.modify() - elb_obj.changed = True + alb_obj.changed = True + + # Update ALB ip address type only if option has been provided + if alb_obj.module.params.get('ip_address_type') and alb_obj.elb_ip_addr_type != alb_obj.module.params.get('ip_address_type'): + # Exit on check_mode + if alb_obj.module.check_mode: + alb_obj.module.exit_json(changed=True, msg='Would have updated ALB if not in check mode.') - # Update ELB ip address type only if option has been provided - if elb_obj.module.params.get('ip_address_type') is not None: - elb_obj.modify_ip_address_type(elb_obj.module.params.get('ip_address_type')) - # Get the ELB again - elb_obj.update() + alb_obj.modify_ip_address_type(alb_obj.module.params.get('ip_address_type')) - # Get the ELB listeners again + # Exit on check_mode - no changes + if alb_obj.module.check_mode: + alb_obj.module.exit_json(changed=False, msg='IN CHECK MODE - no changes to make to ALB specified.') + + # Get the ALB again + alb_obj.update() + + # Get the ALB listeners again listeners_obj.update() - # Update the ELB attributes - elb_obj.update_elb_attributes() + # Update the ALB attributes + alb_obj.update_elb_attributes() # Convert to snake_case and merge in everything we want to return to the user - snaked_elb = camel_dict_to_snake_dict(elb_obj.elb) - snaked_elb.update(camel_dict_to_snake_dict(elb_obj.elb_attributes)) - snaked_elb['listeners'] = [] + snaked_alb = camel_dict_to_snake_dict(alb_obj.elb) + snaked_alb.update(camel_dict_to_snake_dict(alb_obj.elb_attributes)) + snaked_alb['listeners'] = [] for listener in listeners_obj.current_listeners: # For each listener, get listener rules - listener['rules'] = get_elb_listener_rules(elb_obj.connection, elb_obj.module, listener['ListenerArn']) - snaked_elb['listeners'].append(camel_dict_to_snake_dict(listener)) + listener['rules'] = get_elb_listener_rules(alb_obj.connection, alb_obj.module, listener['ListenerArn']) + snaked_alb['listeners'].append(camel_dict_to_snake_dict(listener)) # Change tags to ansible friendly dict - snaked_elb['tags'] = boto3_tag_list_to_ansible_dict(snaked_elb['tags']) + snaked_alb['tags'] = boto3_tag_list_to_ansible_dict(snaked_alb['tags']) # ip address type - snaked_elb['ip_address_type'] = elb_obj.get_elb_ip_address_type() + snaked_alb['ip_address_type'] = alb_obj.get_elb_ip_address_type() + + alb_obj.module.exit_json(changed=alb_obj.changed, **snaked_alb) - elb_obj.module.exit_json(changed=elb_obj.changed, **snaked_elb) +def delete_alb(alb_obj): -def delete_elb(elb_obj): + if alb_obj.elb: - if elb_obj.elb: - listeners_obj = ELBListeners(elb_obj.connection, elb_obj.module, elb_obj.elb['LoadBalancerArn']) + # Exit on check_mode + if alb_obj.module.check_mode: + alb_obj.module.exit_json(changed=True, msg='Would have deleted ALB if not in check mode.') + + listeners_obj = ELBListeners(alb_obj.connection, alb_obj.module, alb_obj.elb['LoadBalancerArn']) for listener_to_delete in [i['ListenerArn'] for i in listeners_obj.current_listeners]: - listener_obj = ELBListener(elb_obj.connection, elb_obj.module, listener_to_delete, elb_obj.elb['LoadBalancerArn']) + listener_obj = ELBListener(alb_obj.connection, alb_obj.module, listener_to_delete, alb_obj.elb['LoadBalancerArn']) listener_obj.delete() - elb_obj.delete() + alb_obj.delete() - elb_obj.module.exit_json(changed=elb_obj.changed) + else: + + # Exit on check_mode - no changes + if alb_obj.module.check_mode: + alb_obj.module.exit_json(changed=False, msg='IN CHECK MODE - ALB already absent.') + + alb_obj.module.exit_json(changed=alb_obj.changed) def main(): @@ -648,7 +715,8 @@ def main(): ], required_together=[ ['access_logs_enabled', 'access_logs_s3_bucket'] - ] + ], + supports_check_mode=True, ) # Quick check of listeners parameters @@ -668,12 +736,12 @@ def main(): state = module.params.get("state") - elb = ApplicationLoadBalancer(connection, connection_ec2, module) + alb = ApplicationLoadBalancer(connection, connection_ec2, module) if state == 'present': - create_or_update_elb(elb) - else: - delete_elb(elb) + create_or_update_alb(alb) + elif state == 'absent': + delete_alb(alb) if __name__ == '__main__': diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index ddac4fe9629..d1de312df11 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -10,9 +10,9 @@ --- module: elb_application_lb_info version_added: 1.0.0 -short_description: Gather information about application ELBs in AWS +short_description: Gather information about Application Load Balancers in AWS description: - - Gather information about application ELBs in AWS + - Gather information about Application Load Balancers in AWS author: Rob White (@wimnat) options: load_balancer_arns: @@ -37,19 +37,19 @@ EXAMPLES = r''' # Note: These examples do not set authentication details, see the AWS Guide for details. -- name: Gather information about all target groups +- name: Gather information about all ALBs community.aws.elb_application_lb_info: -- name: Gather information about the target group attached to a particular ELB +- name: Gather information about a particular ALB given its ARN community.aws.elb_application_lb_info: load_balancer_arns: - - "arn:aws:elasticloadbalancing:ap-southeast-2:001122334455:loadbalancer/app/my-elb/aabbccddeeff" + - "arn:aws:elasticloadbalancing:ap-southeast-2:001122334455:loadbalancer/app/my-alb/aabbccddeeff" -- name: Gather information about a target groups named 'tg1' and 'tg2' +- name: Gather information about ALBs named 'alb1' and 'alb2' community.aws.elb_application_lb_info: names: - - elb1 - - elb2 + - alb1 + - alb2 - name: Gather information about specific ALB community.aws.elb_application_lb_info: @@ -69,55 +69,119 @@ access_logs_s3_bucket: description: The name of the S3 bucket for the access logs. type: str - sample: mys3bucket + sample: "mys3bucket" access_logs_s3_enabled: description: Indicates whether access logs stored in Amazon S3 are enabled. - type: str + type: bool sample: true access_logs_s3_prefix: description: The prefix for the location in the S3 bucket. type: str - sample: /my/logs + sample: "my/logs" availability_zones: description: The Availability Zones for the load balancer. type: list - sample: "[{'subnet_id': 'subnet-aabbccddff', 'zone_name': 'ap-southeast-2a'}]" + sample: [{ "load_balancer_addresses": [], "subnet_id": "subnet-aabbccddff", "zone_name": "ap-southeast-2a" }] canonical_hosted_zone_id: description: The ID of the Amazon Route 53 hosted zone associated with the load balancer. type: str - sample: ABCDEF12345678 + sample: "ABCDEF12345678" created_time: description: The date and time the load balancer was created. type: str sample: "2015-02-12T02:14:02+00:00" deletion_protection_enabled: description: Indicates whether deletion protection is enabled. - type: str + type: bool sample: true dns_name: description: The public DNS name of the load balancer. type: str - sample: internal-my-elb-123456789.ap-southeast-2.elb.amazonaws.com + sample: "internal-my-alb-123456789.ap-southeast-2.elb.amazonaws.com" idle_timeout_timeout_seconds: description: The idle timeout value, in seconds. - type: str + type: int sample: 60 ip_address_type: - description: The type of IP addresses used by the subnets for the load balancer. + description: The type of IP addresses used by the subnets for the load balancer. type: str - sample: ipv4 + sample: "ipv4" + listeners: + description: Information about the listeners. + type: complex + contains: + listener_arn: + description: The Amazon Resource Name (ARN) of the listener. + type: str + sample: "" + load_balancer_arn: + description: The Amazon Resource Name (ARN) of the load balancer. + type: str + sample: "" + port: + description: The port on which the load balancer is listening. + type: int + sample: 80 + protocol: + description: The protocol for connections from clients to the load balancer. + type: str + sample: "HTTPS" + certificates: + description: The SSL server certificate. + type: complex + contains: + certificate_arn: + description: The Amazon Resource Name (ARN) of the certificate. + type: str + sample: "" + ssl_policy: + description: The security policy that defines which ciphers and protocols are supported. + type: str + sample: "" + default_actions: + description: The default actions for the listener. + type: str + contains: + type: + description: The type of action. + type: str + sample: "" + target_group_arn: + description: The Amazon Resource Name (ARN) of the target group. + type: str + sample: "" load_balancer_arn: description: The Amazon Resource Name (ARN) of the load balancer. type: str - sample: arn:aws:elasticloadbalancing:ap-southeast-2:0123456789:loadbalancer/app/my-elb/001122334455 + sample: "arn:aws:elasticloadbalancing:ap-southeast-2:0123456789:loadbalancer/app/my-alb/001122334455" load_balancer_name: description: The name of the load balancer. type: str - sample: my-elb + sample: "my-alb" + routing_http2_enabled: + description: Indicates whether HTTP/2 is enabled. + type: bool + sample: true + routing_http_desync_mitigation_mode: + description: Determines how the load balancer handles requests that might pose a security risk to an application. + type: str + sample: "defensive" + routing_http_drop_invalid_header_fields_enabled: + description: Indicates whether HTTP headers with invalid header fields are removed by the load balancer (true) or routed to targets (false). + type: bool + sample: false + routing_http_x_amzn_tls_version_and_cipher_suite_enabled: + description: Indicates whether the two headers are added to the client request before sending it to the target. + type: bool + sample: false + routing_http_xff_client_port_enabled: + description: Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer. + type: bool + sample: false scheme: description: Internet-facing or internal load balancer. type: str - sample: internal + sample: "internal" security_groups: description: The IDs of the security groups for the load balancer. type: list @@ -125,21 +189,26 @@ state: description: The state of the load balancer. type: dict - sample: "{'code': 'active'}" + sample: {'code': 'active'} tags: description: The tags attached to the load balancer. type: dict - sample: "{ + sample: { 'Tag': 'Example' - }" + } type: description: The type of load balancer. type: str - sample: application + sample: "application" vpc_id: description: The ID of the VPC for the load balancer. type: str - sample: vpc-0011223344 + sample: "vpc-0011223344" + waf_fail_open_enabled: + description: Indicates whether to allow a AWS WAF-enabled load balancer to route requests to targets + if it is unable to forward the request to AWS WAF. + type: bool + sample: false ''' try: @@ -154,12 +223,12 @@ from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict -def get_elb_listeners(connection, module, elb_arn): +def get_alb_listeners(connection, module, alb_arn): try: - return connection.describe_listeners(LoadBalancerArn=elb_arn)['Listeners'] + return connection.describe_listeners(LoadBalancerArn=alb_arn)['Listeners'] except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Failed to describe elb listeners") + module.fail_json_aws(e, msg="Failed to describe alb listeners") def get_listener_rules(connection, module, listener_arn): @@ -218,17 +287,17 @@ def list_load_balancers(connection, module): module.fail_json_aws(e, msg="Failed to list load balancers") for load_balancer in load_balancers['LoadBalancers']: - # Get the attributes for each elb + # Get the attributes for each alb load_balancer.update(get_load_balancer_attributes(connection, module, load_balancer['LoadBalancerArn'])) - # Get the listeners for each elb - load_balancer['listeners'] = get_elb_listeners(connection, module, load_balancer['LoadBalancerArn']) + # Get the listeners for each alb + load_balancer['listeners'] = get_alb_listeners(connection, module, load_balancer['LoadBalancerArn']) # For each listener, get listener rules for listener in load_balancer['listeners']: listener['rules'] = get_listener_rules(connection, module, listener['ListenerArn']) - # Get ELB ip address type + # Get ALB ip address type load_balancer['IpAddressType'] = get_load_balancer_ipaddresstype(connection, module, load_balancer['LoadBalancerArn']) # Turn the boto3 result in to ansible_friendly_snaked_names diff --git a/tests/integration/targets/elb_application_lb/aliases b/tests/integration/targets/elb_application_lb/aliases index 500826a1d4f..948352f2013 100644 --- a/tests/integration/targets/elb_application_lb/aliases +++ b/tests/integration/targets/elb_application_lb/aliases @@ -1,2 +1,3 @@ cloud/aws slow +elb_application_lb_info \ No newline at end of file diff --git a/tests/integration/targets/elb_application_lb/defaults/main.yml b/tests/integration/targets/elb_application_lb/defaults/main.yml index d0c601c6a04..20ced9d88ae 100644 --- a/tests/integration/targets/elb_application_lb/defaults/main.yml +++ b/tests/integration/targets/elb_application_lb/defaults/main.yml @@ -1,4 +1,14 @@ --- +# defaults file for elb_application_lb + resource_short: "{{ '%0.8x'%((16**8) | random(seed=resource_prefix)) }}" alb_name: "alb-test-{{ resource_short }}" tg_name: "alb-test-{{ resource_short }}" + +vpc_cidr: '10.{{ 256 | random(seed=resource_prefix) }}.0.0/16' + +private_subnet_cidr_1: '10.{{ 256 | random(seed=resource_prefix) }}.1.0/24' +private_subnet_cidr_2: '10.{{ 256 | random(seed=resource_prefix) }}.2.0/24' + +public_subnet_cidr_1: '10.{{ 256 | random(seed=resource_prefix) }}.3.0/24' +public_subnet_cidr_2: '10.{{ 256 | random(seed=resource_prefix) }}.4.0/24' \ No newline at end of file diff --git a/tests/integration/targets/elb_application_lb/tasks/full_test.yml b/tests/integration/targets/elb_application_lb/tasks/full_test.yml deleted file mode 100644 index e260d0f7f5c..00000000000 --- a/tests/integration/targets/elb_application_lb/tasks/full_test.yml +++ /dev/null @@ -1,186 +0,0 @@ -- name: elb_application_lb full_test - block: - # Setup - - name: create VPC - ec2_vpc_net: - cidr_block: 10.228.228.0/22 - name: '{{ resource_prefix }}_vpc' - state: present - ipv6_cidr: true - register: vpc - - name: create internet gateway - ec2_vpc_igw: - vpc_id: '{{ vpc.vpc.id }}' - state: present - tags: - Name: '{{ resource_prefix }}' - register: igw - - name: create private subnet - ec2_vpc_subnet: - cidr: '{{ item.cidr }}' - az: '{{ aws_region}}{{ item.az }}' - vpc_id: '{{ vpc.vpc.id }}' - state: present - tags: - Public: '{{ item.public|string }}' - Name: '{{ item.public|ternary(''public'', ''private'') }}-{{ item.az }}' - with_items: - - cidr: 10.228.230.0/24 - az: a - public: 'False' - - cidr: 10.228.231.0/24 - az: b - public: 'False' - - - name: create public subnets with ipv6 - ec2_vpc_subnet: - cidr: '{{ item.cidr }}' - az: '{{ aws_region}}{{ item.az }}' - vpc_id: '{{ vpc.vpc.id }}' - state: present - ipv6_cidr: '{{ item.vpc_ipv6_cidr }}' - tags: - Public: '{{ item.public|string }}' - Name: '{{ item.public|ternary(''public'', ''private'') }}-{{ item.az }}' - with_items: - - cidr: 10.228.228.0/24 - az: a - public: 'True' - vpc_ipv6_cidr: "{{ vpc.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('0::/56','0::/64') }}" - - cidr: 10.228.229.0/24 - az: b - public: 'True' - vpc_ipv6_cidr: "{{ vpc.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('0::/56','1::/64') }}" - - - ec2_vpc_subnet_info: - filters: - vpc-id: '{{ vpc.vpc.id }}' - register: vpc_subnets - - name: create list of subnet ids - set_fact: - alb_subnets: '{{ vpc_subnets|community.general.json_query(''subnets[?tags.Public == `True`].id'') }}' - private_subnets: '{{ vpc_subnets|community.general.json_query(''subnets[?tags.Public != `True`].id'') }}' - - name: create a route table - ec2_vpc_route_table: - vpc_id: '{{ vpc.vpc.id }}' - tags: - Name: igw-route - Created: '{{ resource_prefix }}' - subnets: '{{ alb_subnets + private_subnets }}' - routes: - - dest: 0.0.0.0/0 - gateway_id: '{{ igw.gateway_id }}' - register: route_table - - ec2_group: - name: '{{ resource_prefix }}' - description: security group for Ansible ALB integration tests - state: present - vpc_id: '{{ vpc.vpc.id }}' - rules: - - proto: tcp - from_port: 1 - to_port: 65535 - cidr_ip: 0.0.0.0/0 - register: sec_group - - name: create a target group for testing - elb_target_group: - name: '{{ tg_name }}' - protocol: http - port: 80 - vpc_id: '{{ vpc.vpc.id }}' - state: present - register: tg - - # Run main tests - - include_tasks: test_alb_bad_listener_options.yml - - include_tasks: test_alb_ip_address_type_options.yml - - include_tasks: test_alb_tags.yml - - include_tasks: test_creating_alb.yml - - include_tasks: test_alb_with_asg.yml - - include_tasks: test_modifying_alb_listeners.yml - - include_tasks: test_deleting_alb.yml - - include_tasks: test_multiple_actions.yml - - always: - # Cleanup - - name: destroy ALB - elb_application_lb: - name: '{{ alb_name }}' - state: absent - wait: true - wait_timeout: 600 - ignore_errors: true - - - name: destroy target group if it was created - elb_target_group: - name: '{{ tg_name }}' - protocol: http - port: 80 - vpc_id: '{{ vpc.vpc.id }}' - state: absent - wait: true - wait_timeout: 600 - register: remove_tg - retries: 5 - delay: 3 - until: remove_tg is success - when: tg is defined - ignore_errors: true - - name: destroy sec group - ec2_group: - name: '{{ sec_group.group_name }}' - description: security group for Ansible ALB integration tests - state: absent - vpc_id: '{{ vpc.vpc.id }}' - register: remove_sg - retries: 10 - delay: 5 - until: remove_sg is success - ignore_errors: true - - name: remove route table - ec2_vpc_route_table: - vpc_id: '{{ vpc.vpc.id }}' - route_table_id: '{{ route_table.route_table.route_table_id }}' - lookup: id - state: absent - register: remove_rt - retries: 10 - delay: 5 - until: remove_rt is success - ignore_errors: true - - name: destroy subnets - ec2_vpc_subnet: - cidr: '{{ item.cidr }}' - vpc_id: '{{ vpc.vpc.id }}' - state: absent - register: remove_subnet - retries: 10 - delay: 5 - until: remove_subnet is success - with_items: - - cidr: 10.228.228.0/24 - - cidr: 10.228.229.0/24 - - cidr: 10.228.230.0/24 - - cidr: 10.228.231.0/24 - ignore_errors: true - - name: destroy internet gateway - ec2_vpc_igw: - vpc_id: '{{ vpc.vpc.id }}' - tags: - Name: '{{ resource_prefix }}' - state: absent - register: remove_igw - retries: 10 - delay: 5 - until: remove_igw is success - ignore_errors: true - - name: destroy VPC - ec2_vpc_net: - cidr_block: 10.228.228.0/22 - name: '{{ resource_prefix }}_vpc' - state: absent - register: remove_vpc - retries: 10 - delay: 5 - until: remove_vpc is success - ignore_errors: true diff --git a/tests/integration/targets/elb_application_lb/tasks/main.yml b/tests/integration/targets/elb_application_lb/tasks/main.yml index 90914288d88..169ef5b16dd 100644 --- a/tests/integration/targets/elb_application_lb/tasks/main.yml +++ b/tests/integration/targets/elb_application_lb/tasks/main.yml @@ -1,12 +1,1172 @@ - name: 'elb_application_lb integration tests' collections: - amazon.aws + module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region }}' + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + security_token: "{{ security_token | default(omit) }}" + region: "{{ aws_region }}" + block: + - name: Create a test VPC + ec2_vpc_net: + cidr_block: "{{ vpc_cidr }}" + name: '{{ resource_prefix }}_vpc' + state: present + ipv6_cidr: true + tags: + Name: elb_application_lb testing + ResourcePrefix: "{{ resource_prefix }}" + register: vpc + + - name: 'Set fact: VPC ID' + set_fact: + vpc_id: "{{ vpc.vpc.id }}" + + - name: Create an internet gateway + ec2_vpc_igw: + vpc_id: '{{ vpc_id }}' + state: present + tags: + Name: '{{ resource_prefix }}' + register: igw + + - name: Create private subnets + ec2_vpc_subnet: + cidr: '{{ item.cidr }}' + az: '{{ aws_region }}{{ item.az }}' + vpc_id: '{{ vpc_id }}' + state: present + tags: + Public: 'False' + Name: 'private-{{ item.az }}' + with_items: + - cidr: "{{ private_subnet_cidr_1 }}" + az: a + - cidr: "{{ private_subnet_cidr_2 }}" + az: b + register: private_subnets + + - name: Create public subnets with ipv6 + ec2_vpc_subnet: + cidr: '{{ item.cidr }}' + az: '{{ aws_region }}{{ item.az }}' + vpc_id: '{{ vpc_id }}' + state: present + ipv6_cidr: '{{ item.vpc_ipv6_cidr }}' + tags: + Public: 'True' + Name: 'public-{{ item.az }}' + with_items: + - cidr: "{{ public_subnet_cidr_1 }}" + az: a + vpc_ipv6_cidr: "{{ vpc.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('0::/56','0::/64') }}" + - cidr: "{{ public_subnet_cidr_2 }}" + az: b + vpc_ipv6_cidr: "{{ vpc.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('0::/56','1::/64') }}" + register: public_subnets + + - name: Create list of subnet ids + set_fact: + public_subnets: "{{ public_subnets.results | map(attribute='subnet') | map(attribute='id') }}" + private_subnets: "{{ private_subnets.results | map(attribute='subnet') | map(attribute='id') }}" + + - name: Create a route table + ec2_vpc_route_table: + vpc_id: '{{ vpc_id }}' + tags: + Name: igw-route + Created: '{{ resource_prefix }}' + subnets: '{{ public_subnets + private_subnets }}' + routes: + - dest: 0.0.0.0/0 + gateway_id: '{{ igw.gateway_id }}' + register: route_table + + - name: Create a security group for Ansible ALB integration tests + ec2_group: + name: '{{ resource_prefix }}' + description: security group for Ansible ALB integration tests + state: present + vpc_id: '{{ vpc_id }}' + rules: + - proto: tcp + from_port: 1 + to_port: 65535 + cidr_ip: 0.0.0.0/0 + register: sec_group + + - name: Create another security group for Ansible ALB integration tests + ec2_group: + name: '{{ resource_prefix }}-2' + description: security group for Ansible ALB integration tests + state: present + vpc_id: '{{ vpc_id }}' + rules: + - proto: tcp + from_port: 1 + to_port: 65535 + cidr_ip: 0.0.0.0/0 + register: sec_group2 + + - name: Create a target group for testing + elb_target_group: + name: '{{ tg_name }}' + protocol: http + port: 80 + vpc_id: '{{ vpc_id }}' + state: present + register: tg + + # ---------------- elb_application_lb tests --------------------------------------------------- + + - name: Create an ALB (invalid - SslPolicy is required when Protocol == HTTPS) + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTPS + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ignore_errors: yes + register: alb + + - assert: + that: + - alb is failed + - alb.msg is match("'SslPolicy' is a required listener dict key when Protocol = HTTPS") + + - name: Create an ALB (invalid - didn't provide required listener options) + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Port: 80 + ignore_errors: yes + register: alb + + - assert: + that: + - alb is failed + - alb.msg is match("missing required arguments:\ DefaultActions, Protocol found in listeners") + + - name: Create an ALB (invalid - invalid listener option type) + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: "bad type" + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ignore_errors: yes + register: alb + + - assert: + that: + - alb is failed + - "'unable to convert to int' in alb.msg" + + - name: Create an ALB (invalid - invalid ip address type) + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: "ip_addr_v4_v6" + ignore_errors: yes + register: alb + + - assert: + that: + - alb is failed + + # ------------------------------------------------------------------------------------------ + + - name: Create an ALB with ip address type - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: 'dualstack' + register: alb + check_mode: yes + + - assert: + that: + - alb is changed + - alb.msg is match('Would have created ALB if not in check mode.') + + - name: Create an ALB with ip address type + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: 'dualstack' + register: alb + + - assert: + that: + - alb is changed + - alb.ip_address_type == 'dualstack' + - alb.listeners[0].rules | length == 1 + + - name: Create an ALB with ip address type (idempotence) - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: 'dualstack' + register: alb + check_mode: yes + + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Create an ALB with ip address type (idempotence) + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: 'dualstack' + register: alb + + - assert: + that: + - alb is not changed + - alb.ip_address_type == 'dualstack' + + # ------------------------------------------------------------------------------------------ + + - name: Update an ALB with different ip address type - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: 'ipv4' + register: alb + check_mode: yes + + - assert: + that: + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') + + - name: Update an ALB with different ip address type + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: 'ipv4' + register: alb + + - assert: + that: + - alb is changed + - alb.ip_address_type == 'ipv4' + + - name: Update an ALB with different ip address type (idempotence) - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: 'ipv4' + register: alb + check_mode: yes + + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Update an ALB with different ip address type (idempotence) + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: 'ipv4' + register: alb + + - assert: + that: + - alb is not changed + - alb.ip_address_type == 'ipv4' + + # ------------------------------------------------------------------------------------------ + + - name: Update an ALB with different listener by adding rule - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: + - Conditions: + - Field: path-pattern + Values: + - '/test' + Priority: '1' + Actions: + - TargetGroupName: "{{ tg_name }}" + Type: forward + register: alb + check_mode: yes + + - assert: + that: + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') + + - name: Update an ALB with different listener by adding rule + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: + - Conditions: + - Field: path-pattern + Values: + - '/test' + Priority: '1' + Actions: + - TargetGroupName: "{{ tg_name }}" + Type: forward + register: alb + + - assert: + that: + - alb is changed + - alb.listeners[0].rules | length == 2 + - "'1' in {{ alb.listeners[0].rules | map(attribute='priority') }}" + + - name: Update an ALB with different listener by adding rule (idempotence) - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: + - Conditions: + - Field: path-pattern + Values: + - '/test' + Priority: '1' + Actions: + - TargetGroupName: "{{ tg_name }}" + Type: forward + register: alb + check_mode: yes + + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Update an ALB with different listener by adding rule (idempotence) + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: + - Conditions: + - Field: path-pattern + Values: + - '/test' + Priority: '1' + Actions: + - TargetGroupName: "{{ tg_name }}" + Type: forward + register: alb + + - assert: + that: + - alb is not changed + - alb.listeners[0].rules | length == 2 + - "'1' in {{ alb.listeners[0].rules | map(attribute='priority') }}" + + # ------------------------------------------------------------------------------------------ + + - name: Update an ALB with different listener by modifying rule - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: + - Conditions: + - Field: path-pattern + Values: + - '/test' + Priority: '2' + Actions: + - TargetGroupName: "{{ tg_name }}" + Type: forward + register: alb + check_mode: yes + + - assert: + that: + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') + + - name: Update an ALB with different listener by modifying rule + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: + - Conditions: + - Field: path-pattern + Values: + - '/test' + Priority: '2' + Actions: + - TargetGroupName: "{{ tg_name }}" + Type: forward + register: alb + + - assert: + that: + - alb is changed + - alb.listeners[0].rules | length == 2 + - "'2' in {{ alb.listeners[0].rules | map(attribute='priority') }}" + + - name: Update an ALB with different listener by modifying rule (idempotence) - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: + - Conditions: + - Field: path-pattern + Values: + - '/test' + Priority: '2' + Actions: + - TargetGroupName: "{{ tg_name }}" + Type: forward + register: alb + check_mode: yes + + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Update an ALB with different listener by modifying rule (idempotence) + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: + - Conditions: + - Field: path-pattern + Values: + - '/test' + Priority: '2' + Actions: + - TargetGroupName: "{{ tg_name }}" + Type: forward + register: alb + + - assert: + that: + - alb is not changed + - alb.listeners[0].rules | length == 2 + - "'2' in {{ alb.listeners[0].rules | map(attribute='priority') }}" + + # ------------------------------------------------------------------------------------------ + + - name: Update an ALB with different listener by deleting rule - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: [] + register: alb + check_mode: yes + + - assert: + that: + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') + + - name: Update an ALB with different listener by deleting rule + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: [] + register: alb + + - assert: + that: + - alb is changed + - alb.listeners[0].rules | length == 1 + - "'2' not in {{ alb.listeners[0].rules | map(attribute='priority') }}" + + - name: Update an ALB with different listener by deleting rule (idempotence) - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: [] + register: alb + check_mode: yes + + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Update an ALB with different listener by deleting rule (idempotence) + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: [] + register: alb + + - assert: + that: + - alb is not changed + - alb.listeners[0].rules | length == 1 + - "'2' not in {{ alb.listeners[0].rules | map(attribute='priority') }}" + + # ------------------------------------------------------------------------------------------ + + - name: Update an ALB by deleting listener - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: [] + register: alb + check_mode: yes + + - assert: + that: + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') + + - name: Update an ALB by deleting listener + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: [] + register: alb + + - assert: + that: + - alb is changed + - not alb.listeners + + - name: Update an ALB by deleting listener (idempotence) - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: [] + register: alb + check_mode: yes + + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Update an ALB by deleting listener (idempotence) + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: [] + register: alb + + - assert: + that: + - alb is not changed + - not alb.listeners + + # ------------------------------------------------------------------------------------------ + + - name: Update an ALB by adding tags - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: + created_by: "ALB test {{ resource_prefix }}" + register: alb + check_mode: yes + + - assert: + that: + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') + + - name: Update an ALB by adding tags + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: + created_by: "ALB test {{ resource_prefix }}" + register: alb + + - assert: + that: + - alb is changed + - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}"}' + + - name: Update an ALB by adding tags (idempotence) - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: + created_by: "ALB test {{ resource_prefix }}" + register: alb + check_mode: yes + + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Update an ALB by adding tags (idempotence) + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: + created_by: "ALB test {{ resource_prefix }}" + register: alb + + - assert: + that: + - alb is not changed + - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}"}' + + # ------------------------------------------------------------------------------------------ + + - name: Update an ALB by modifying tags - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: + created_by: "ALB test {{ resource_prefix }}-2" + register: alb + check_mode: yes + + - assert: + that: + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') + + - name: Update an ALB by modifying tags + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: + created_by: "ALB test {{ resource_prefix }}-2" + register: alb + + - assert: + that: + - alb is changed + - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}-2"}' + + - name: Update an ALB by modifying tags (idempotence) - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: + created_by: "ALB test {{ resource_prefix }}-2" + register: alb + check_mode: yes + + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Update an ALB by modifying tags (idempotence) + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: + created_by: "ALB test {{ resource_prefix }}-2" + register: alb + + - assert: + that: + - alb is not changed + - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}-2"}' + + # ------------------------------------------------------------------------------------------ + + - name: Update an ALB by removing tags - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: {} + register: alb + check_mode: yes + + - assert: + that: + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') + + - name: Update an ALB by removing tags + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: {} + register: alb + + - assert: + that: + - alb is changed + - not alb.tags + + - name: Update an ALB by removing tags (idempotence) - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: {} + register: alb + check_mode: yes + + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Update an ALB by removing tags (idempotence) + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: {} + register: alb + + - assert: + that: + - alb is not changed + - not alb.tags + + # ------------------------------------------------------------------------------------------ + + - name: Update an ALB by changing security group - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group2.group_id }}" + state: present + register: alb + check_mode: yes + + - assert: + that: + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') + + - name: Update an ALB by changing security group + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group2.group_id }}" + state: present + register: alb + + - assert: + that: + - alb is changed + - alb.security_groups[0] == sec_group2.group_id + + - name: Update an ALB by changing security group (idempotence) - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group2.group_id }}" + state: present + register: alb + check_mode: yes + + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Update an ALB by changing security group (idempotence) + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group2.group_id }}" + state: present + register: alb + + - assert: + that: + - alb is not changed + - alb.security_groups[0] == sec_group2.group_id + + # ------------------------------------------------------------------------------------------ + + - name: Ensure elb_application_lb_info supports check_mode + elb_application_lb_info: + register: alb_info + check_mode: yes + + - assert: + that: + - alb_info.load_balancers | length > 0 + + - name: Get ALB application info using no args + elb_application_lb_info: + register: alb_info + + - assert: + that: + - alb_info.load_balancers | length > 0 + + - name: Get ALB application info using load balancer arn + elb_application_lb_info: + load_balancer_arns: + - "{{ alb.load_balancer_arn }}" + register: alb_info + + - assert: + that: + - alb_info.load_balancers[0].security_groups[0] == sec_group2.group_id + + - name: Get ALB application info using load balancer name + elb_application_lb_info: + names: + - "{{ alb.load_balancer_name }}" + register: alb_info + + - assert: + that: + - alb_info.load_balancers[0].security_groups[0] == sec_group2.group_id + + # ------------------------------------------------------------------------------------------ + + - name: Delete an ALB - check_mode + elb_application_lb: + name: "{{ alb_name }}" + state: absent + register: alb + check_mode: yes + + - assert: + that: + - alb is changed + - alb.msg is match('Would have deleted ALB if not in check mode.') + + - name: Delete an ALB + elb_application_lb: + name: "{{ alb_name }}" + state: absent + register: alb + + - assert: + that: + - alb is changed + + - name: Delete an ALB (idempotence) - check_mode + elb_application_lb: + name: "{{ alb_name }}" + state: absent + register: alb + check_mode: yes + + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - ALB already absent.') + + - name: Delete an ALB (idempotence) + elb_application_lb: + name: "{{ alb_name }}" + state: absent + register: alb + + - assert: + that: + - alb is not changed + + # ----- Cleanup ------------------------------------------------------------------------------ + + always: + - name: Destroy ALB + elb_application_lb: + name: '{{ alb_name }}' + state: absent + wait: true + wait_timeout: 600 + ignore_errors: true + + - name: Destroy target group if it was created + elb_target_group: + name: '{{ tg_name }}' + protocol: http + port: 80 + vpc_id: '{{ vpc_id }}' + state: absent + wait: true + wait_timeout: 600 + register: remove_tg + retries: 5 + delay: 3 + until: remove_tg is success + when: tg is defined + ignore_errors: true + + - name: Destroy sec groups + ec2_group: + name: "{{ item }}" + description: security group for Ansible ALB integration tests + state: absent + vpc_id: '{{ vpc_id }}' + register: remove_sg + retries: 10 + delay: 5 + until: remove_sg is success + ignore_errors: true + with_items: + - "{{ resource_prefix }}" + - "{{ resource_prefix }}-2" + + - name: Destroy route table + ec2_vpc_route_table: + vpc_id: '{{ vpc_id }}' + route_table_id: '{{ route_table.route_table.route_table_id }}' + lookup: id + state: absent + register: remove_rt + retries: 10 + delay: 5 + until: remove_rt is success + ignore_errors: true + + - name: Destroy subnets + ec2_vpc_subnet: + cidr: "{{ item }}" + vpc_id: "{{ vpc_id }}" + state: absent + register: remove_subnet + retries: 10 + delay: 5 + until: remove_subnet is success + with_items: + - "{{ private_subnet_cidr_1 }}" + - "{{ private_subnet_cidr_2 }}" + - "{{ public_subnet_cidr_1 }}" + - "{{ public_subnet_cidr_2 }}" + ignore_errors: true + + - name: Destroy internet gateway + ec2_vpc_igw: + vpc_id: '{{ vpc_id }}' + tags: + Name: '{{ resource_prefix }}' + state: absent + register: remove_igw + retries: 10 + delay: 5 + until: remove_igw is success + ignore_errors: true - - include_tasks: full_test.yml + - name: Destroy VPC + ec2_vpc_net: + cidr_block: "{{ vpc_cidr }}" + name: "{{ resource_prefix }}_vpc" + state: absent + register: remove_vpc + retries: 10 + delay: 5 + until: remove_vpc is success + ignore_errors: true diff --git a/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml b/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml deleted file mode 100644 index a811e3f3054..00000000000 --- a/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml +++ /dev/null @@ -1,68 +0,0 @@ -- block: - - - name: test creating an ALB with invalid listener options - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTPS - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ignore_errors: yes - register: alb - - - assert: - that: - - alb is failed - - - name: test creating an ALB without providing required listener options - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Port: 80 - ignore_errors: yes - register: alb - - - assert: - that: - - alb is failed - - '"missing required arguments" in alb.msg' - - '"Protocol" in alb.msg' - - '"DefaultActions" in alb.msg' - - - name: test creating an ALB providing an invalid listener option type - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: "bad type" - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ignore_errors: yes - register: alb - - - assert: - that: - - alb is failed - - "'unable to convert to int' in alb.msg" - - always: - # Cleanup - - name: destroy ALB if created - elb_application_lb: - name: '{{ alb_name }}' - state: absent - wait: true - wait_timeout: 600 - ignore_errors: true diff --git a/tests/integration/targets/elb_application_lb/tasks/test_alb_ip_address_type_options.yml b/tests/integration/targets/elb_application_lb/tasks/test_alb_ip_address_type_options.yml deleted file mode 100644 index 9249d1161c0..00000000000 --- a/tests/integration/targets/elb_application_lb/tasks/test_alb_ip_address_type_options.yml +++ /dev/null @@ -1,93 +0,0 @@ -- block: - - name: set elb name for ipv6 - set_fact: - elb_name_ipv6: "{{ alb_name ~ 'ipv6' }}" - - - name: test creating an ELB with invalid ip address type - elb_application_lb: - name: "{{ elb_name_ipv6 }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ip_address_type: "ip_addr_v4_v6" - ignore_errors: yes - register: elb - - - assert: - that: - - elb is failed - - - name: test creating an ELB with dualstack ip adress type - elb_application_lb: - name: "{{ elb_name_ipv6 }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ip_address_type: "dualstack" - register: elb - - - assert: - that: - - elb.ip_address_type == "dualstack" - - - name: test updating an ELB with ipv4 adress type - elb_application_lb: - name: "{{ elb_name_ipv6 }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ip_address_type: "ipv4" - register: elb - - - assert: - that: - - elb.changed - - elb.ip_address_type == "ipv4" - - - name: test idempotence updating an ELB with ipv4 adress type - elb_application_lb: - name: "{{ elb_name_ipv6 }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ip_address_type: "ipv4" - register: elb - - - assert: - that: - - not elb.changed - - elb.ip_address_type == "ipv4" - - always: - # Cleanup - - name: destroy ALB if created - elb_application_lb: - name: '{{ elb_name_ipv6 }}' - state: absent - wait: true - wait_timeout: 600 - ignore_errors: true diff --git a/tests/integration/targets/elb_application_lb/tasks/test_alb_tags.yml b/tests/integration/targets/elb_application_lb/tasks/test_alb_tags.yml deleted file mode 100644 index 06b6d0249cc..00000000000 --- a/tests/integration/targets/elb_application_lb/tasks/test_alb_tags.yml +++ /dev/null @@ -1,78 +0,0 @@ -- block: - - - name: create ALB with no listeners - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - register: alb - - - assert: - that: - - alb.changed - - - name: re-create ALB with no listeners - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - register: alb - - - assert: - that: - - not alb.changed - - - name: add tags to ALB - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - tags: - created_by: "ALB test {{ resource_prefix }}" - register: alb - - - assert: - that: - - alb.changed - - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}"}' - - - name: remove tags from ALB - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - tags: {} - register: alb - - - assert: - that: - - alb.changed - - not alb.tags - - - name: test idempotence - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - tags: {} - register: alb - - - assert: - that: - - not alb.changed - - not alb.tags - - - name: destroy ALB with no listeners - elb_application_lb: - name: "{{ alb_name }}" - state: absent - register: alb - - - assert: - that: - - alb.changed diff --git a/tests/integration/targets/elb_application_lb/tasks/test_alb_with_asg.yml b/tests/integration/targets/elb_application_lb/tasks/test_alb_with_asg.yml deleted file mode 100644 index b066d88a210..00000000000 --- a/tests/integration/targets/elb_application_lb/tasks/test_alb_with_asg.yml +++ /dev/null @@ -1,73 +0,0 @@ -- block: - - - ec2_ami_info: - filters: - architecture: x86_64 - virtualization-type: hvm - root-device-type: ebs - name: "amzn-ami-hvm*" - owner-alias: "amazon" - register: amis - - - set_fact: - latest_amazon_linux: "{{ amis.images | sort(attribute='creation_date') | last }}" - - - ec2_asg: - state: absent - name: "{{ resource_prefix }}-webservers" - wait_timeout: 900 - - - ec2_lc: - name: "{{ resource_prefix }}-web-lcfg" - state: absent - - - name: Create launch config for testing - ec2_lc: - name: "{{ resource_prefix }}-web-lcfg" - assign_public_ip: true - image_id: "{{ latest_amazon_linux.image_id }}" - security_groups: "{{ sec_group.group_id }}" - instance_type: t2.medium - user_data: | - #!/bin/bash - set -x - yum update -y --nogpgcheck - yum install -y --nogpgcheck httpd - echo "Hello Ansiblings!" >> /var/www/html/index.html - service httpd start - volumes: - - device_name: /dev/xvda - volume_size: 10 - volume_type: gp2 - delete_on_termination: true - - - name: Create autoscaling group for app server fleet - ec2_asg: - name: "{{ resource_prefix }}-webservers" - vpc_zone_identifier: "{{ alb_subnets }}" - launch_config_name: "{{ resource_prefix }}-web-lcfg" - termination_policies: - - OldestLaunchConfiguration - - Default - health_check_period: 600 - health_check_type: EC2 - replace_all_instances: true - min_size: 0 - max_size: 2 - desired_capacity: 1 - wait_for_instances: true - target_group_arns: - - "{{ tg.target_group_arn }}" - - always: - - - ec2_asg: - state: absent - name: "{{ resource_prefix }}-webservers" - wait_timeout: 900 - ignore_errors: yes - - - ec2_lc: - name: "{{ resource_prefix }}-web-lcfg" - state: absent - ignore_errors: yes diff --git a/tests/integration/targets/elb_application_lb/tasks/test_creating_alb.yml b/tests/integration/targets/elb_application_lb/tasks/test_creating_alb.yml deleted file mode 100644 index f5e75ab3872..00000000000 --- a/tests/integration/targets/elb_application_lb/tasks/test_creating_alb.yml +++ /dev/null @@ -1,41 +0,0 @@ -- block: - - - name: create ALB with a listener - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - register: alb - - - assert: - that: - - alb.changed - - alb.listeners|length == 1 - - alb.listeners[0].rules|length == 1 - - - name: test idempotence creating ALB with a listener - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - register: alb - - - assert: - that: - - not alb.changed - - alb.listeners|length == 1 - - alb.listeners[0].rules|length == 1 diff --git a/tests/integration/targets/elb_application_lb/tasks/test_deleting_alb.yml b/tests/integration/targets/elb_application_lb/tasks/test_deleting_alb.yml deleted file mode 100644 index cf1335d6dbd..00000000000 --- a/tests/integration/targets/elb_application_lb/tasks/test_deleting_alb.yml +++ /dev/null @@ -1,37 +0,0 @@ -- block: - - - name: destroy ALB with listener - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: absent - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - wait: yes - wait_timeout: 300 - register: alb - - - name: test idempotence - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: absent - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - wait: yes - wait_timeout: 300 - register: alb - - - assert: - that: - - not alb.changed diff --git a/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml b/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml deleted file mode 100644 index 3cc8a857bca..00000000000 --- a/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml +++ /dev/null @@ -1,222 +0,0 @@ -- block: - - - name: add a rule to the listener - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: - - Conditions: - - Field: path-pattern - Values: - - '/test' - Priority: '1' - Actions: - - TargetGroupName: "{{ tg_name }}" - Type: forward - register: alb - - - assert: - that: - - alb.changed - - alb.listeners[0].rules|length == 2 - - - name: test replacing the rule with one with the same priority - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - purge_listeners: true - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: - - Conditions: - - Field: path-pattern - Values: - - '/new' - Priority: '1' - Actions: - - TargetGroupName: "{{ tg_name }}" - Type: forward - register: alb - - - assert: - that: - - alb.changed - - alb.listeners[0].rules|length == 2 - - - name: test the rule will not be removed without purge_listeners - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - register: alb - - - assert: - that: - - not alb.changed - - alb.listeners[0].rules|length == 2 - - - name: test a rule can be added and other rules will not be removed when purge_rules is no. - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - purge_rules: no - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: - - Conditions: - - Field: path-pattern - Values: - - '/new' - Priority: '2' - Actions: - - TargetGroupName: "{{ tg_name }}" - Type: forward - register: alb - - - assert: - that: - - alb.changed - - alb.listeners[0].rules|length == 3 - - - name: add a rule that uses the host header condition to the listener - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - purge_rules: no - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: - - Conditions: - - Field: host-header - Values: - - 'local.mydomain.com' - Priority: '3' - Actions: - - TargetGroupName: "{{ tg_name }}" - Type: forward - register: alb - - - assert: - that: - - alb.changed - - alb.listeners[0].rules|length == 4 - # - '{{ alb|community.general.json_query("listeners[].rules[].conditions[].host_header_config.values[]")|length == 1 }}' - - - name: test replacing the rule that uses the host header condition with multiple host header conditions - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - purge_rules: no - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: - - Conditions: - - Field: host-header - Values: - - 'local.mydomain.com' - - 'alternate.mydomain.com' - Priority: '3' - Actions: - - TargetGroupName: "{{ tg_name }}" - Type: forward - register: alb - - - assert: - that: - - alb.changed - - alb.listeners[0].rules|length == 4 - #- '{{ alb|community.general.json_query("listeners[].rules[].conditions[].host_header_config.values[]")|length == 2 }}' - - - name: remove the rule - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - purge_listeners: true - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: [] - register: alb - - - assert: - that: - - alb.changed - - alb.listeners[0].rules|length == 1 - - - name: remove listener from ALB - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: [] - register: alb - - - assert: - that: - - alb.changed - - not alb.listeners - - - name: add the listener to the ALB - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - register: alb - - - assert: - that: - - alb.changed - - alb.listeners|length == 1 - - alb.availability_zones|length == 2 diff --git a/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml b/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml deleted file mode 100644 index da56a98716b..00000000000 --- a/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml +++ /dev/null @@ -1,447 +0,0 @@ -- block: - - - name: register dummy OIDC config - set_fact: - AuthenticateOidcActionConfig: - AuthorizationEndpoint: "https://www.example.com/auth" - ClientId: "eeeeeeeeeeeeeeeeeeeeeeeeee" - ClientSecret: "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" - Issuer: "https://www.example.com/issuer" - OnUnauthenticatedRequest: "authenticate" - Scope: "openid" - SessionCookieName: "AWSELBAuthSessionCookie" - SessionTimeout: 604800 - TokenEndpoint: "https://www.example.com/token" - UserInfoEndpoint: "https://www.example.com/userinfo" - UseExistingClientSecret: true - - - name: register fixed response action - set_fact: - FixedResponseActionConfig: - ContentType: "text/plain" - MessageBody: "This is the page you're looking for" - StatusCode: "200" - - - name: register redirect action - set_fact: - RedirectActionConfig: - Host: "#{host}" - Path: "/example/redir" # or /#{path} - Port: "#{port}" - Protocol: "#{protocol}" - Query: "#{query}" - StatusCode: "HTTP_302" # or HTTP_301 - - - name: delete existing ALB to avoid target group association issues - elb_application_lb: - name: "{{ alb_name }}" - state: absent - wait: yes - wait_timeout: 600 - - - name: cleanup tg to avoid target group association issues - elb_target_group: - name: "{{ tg_name }}" - protocol: http - port: 80 - vpc_id: "{{ vpc.vpc.id }}" - state: absent - wait: yes - wait_timeout: 600 - register: cleanup_tg - retries: 5 - delay: 3 - until: cleanup_tg is success - - - name: recreate a target group - elb_target_group: - name: "{{ tg_name }}" - protocol: http - port: 80 - vpc_id: "{{ vpc.vpc.id }}" - state: present - register: tg - - - name: create ALB with redirect DefaultAction - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: redirect - RedirectConfig: "{{ RedirectActionConfig }}" - register: alb - - - assert: - that: - - alb.changed - - alb.listeners|length == 1 - - alb.listeners[0].rules[0].actions|length == 1 - - alb.listeners[0].rules[0].actions[0].type == "redirect" - - - name: test idempotence with redirect DefaultAction - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: redirect - RedirectConfig: "{{ RedirectActionConfig }}" - register: alb - - - assert: - that: - - not alb.changed - - alb.listeners|length == 1 - - alb.listeners[0].rules[0].actions|length == 1 - - alb.listeners[0].rules[0].actions[0].type == "redirect" - - - name: update ALB with fixed-response DefaultAction - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: fixed-response - FixedResponseConfig: "{{ FixedResponseActionConfig }}" - register: alb - - - assert: - that: - - alb.changed - - alb.listeners|length == 1 - - alb.listeners[0].rules[0].actions|length == 1 - - alb.listeners[0].rules[0].actions[0].type == "fixed-response" - - - name: test idempotence with fixed-response DefaultAction - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: fixed-response - FixedResponseConfig: "{{ FixedResponseActionConfig }}" - register: alb - - - assert: - that: - - not alb.changed - - alb.listeners|length == 1 - - alb.listeners[0].rules[0].actions|length == 1 - - alb.listeners[0].rules[0].actions[0].type == "fixed-response" - - - name: test multiple non-default rules - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: fixed-response - FixedResponseConfig: "{{ FixedResponseActionConfig }}" - Rules: - - Conditions: - - Field: http-header - HttpHeaderConfig: - HttpHeaderName: 'User-Agent' - Values: ['*Trident/7:0*rv:*'] - - Field: http-header - HttpHeaderConfig: - HttpHeaderName: 'X-Something' - Values: ['foobar'] - Priority: '1' - Actions: - - Type: fixed-response - FixedResponseConfig: - StatusCode: "200" - ContentType: "text/html" - MessageBody: "Hello World!" - - Conditions: - - Field: path-pattern - Values: - - "/forward-path/*" - Priority: 2 - Actions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - - Conditions: - - Field: path-pattern - Values: - - "/redirect-path/*" - Priority: 3 - Actions: - - Type: redirect - RedirectConfig: "{{ RedirectActionConfig }}" - - Conditions: - - Field: path-pattern - Values: - - "/fixed-response-path/" - Priority: 4 - Actions: - - Type: fixed-response - FixedResponseConfig: "{{ FixedResponseActionConfig }}" - register: alb - - - assert: - that: - - alb.changed - - alb.listeners|length == 1 - - alb.listeners[0].rules|length == 5 ## defaultactions is included as a rule - - alb.listeners[0].rules[0].actions|length == 1 - - alb.listeners[0].rules[0].actions[0].type == "fixed-response" - - alb.listeners[0].rules[1].actions|length == 1 - - alb.listeners[0].rules[1].actions[0].type == "forward" - - alb.listeners[0].rules[2].actions|length == 1 - - alb.listeners[0].rules[2].actions[0].type == "redirect" - - alb.listeners[0].rules[3].actions|length == 1 - - alb.listeners[0].rules[3].actions[0].type == "fixed-response" - - - name: test idempotence multiple non-default rules - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: fixed-response - FixedResponseConfig: "{{ FixedResponseActionConfig }}" - Rules: - - Conditions: - - Field: http-header - HttpHeaderConfig: - HttpHeaderName: 'User-Agent' - Values: ['*Trident/7:0*rv:*'] - - Field: http-header - HttpHeaderConfig: - HttpHeaderName: 'X-Something' - Values: ['foobar'] - Priority: '1' - Actions: - - Type: fixed-response - FixedResponseConfig: - StatusCode: "200" - ContentType: "text/html" - MessageBody: "Hello World!" - - Conditions: - - Field: path-pattern - Values: - - "/forward-path/*" - Priority: 2 - Actions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - - Conditions: - - Field: path-pattern - Values: - - "/redirect-path/*" - Priority: 3 - Actions: - - Type: redirect - RedirectConfig: "{{ RedirectActionConfig }}" - - Conditions: - - Field: path-pattern - Values: - - "/fixed-response-path/" - Priority: 4 - Actions: - - Type: fixed-response - FixedResponseConfig: "{{ FixedResponseActionConfig }}" - register: alb - - - assert: - that: - - not alb.changed - - alb.listeners|length == 1 - - alb.listeners[0].rules|length == 5 ## defaultactions is included as a rule - - alb.listeners[0].rules[0].actions|length == 1 - - alb.listeners[0].rules[0].actions[0].type == "fixed-response" - - alb.listeners[0].rules[1].actions|length == 1 - - alb.listeners[0].rules[1].actions[0].type == "forward" - - alb.listeners[0].rules[2].actions|length == 1 - - alb.listeners[0].rules[2].actions[0].type == "redirect" - - alb.listeners[0].rules[3].actions|length == 1 - - alb.listeners[0].rules[3].actions[0].type == "fixed-response" - - -# - name: test creating ALB with a default listener with multiple actions -# elb_application_lb: -# name: "{{ alb_name }}" -# subnets: "{{ alb_subnets }}" -# security_groups: "{{ sec_group.group_id }}" -# state: present -# listeners: -# - Protocol: HTTP -# Port: 80 -# DefaultActions: -# - Type: forward -# TargetGroupName: "{{ tg_name }}" -# Order: 2 -# - Type: authenticate-oidc -# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" -# Order: 1 -# register: alb -# -# - assert: -# that: -# - alb.listeners|length == 1 -# - alb.listeners[0].rules[0].actions|length == 2 -# -# - name: test changing order of actions -# elb_application_lb: -# name: "{{ alb_name }}" -# subnets: "{{ alb_subnets }}" -# security_groups: "{{ sec_group.group_id }}" -# state: present -# listeners: -# - Protocol: HTTP -# Port: 80 -# DefaultActions: -# - Type: authenticate-oidc -# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" -# Order: 1 -# - Type: forward -# TargetGroupName: "{{ tg_name }}" -# Order: 2 -# register: alb -# -# - assert: -# that: -# - not alb.changed -# - alb.listeners|length == 1 -# - alb.listeners[0].rules[0].actions|length == 2 -# -# - name: test non-default rule with multiple actions -# elb_application_lb: -# name: "{{ alb_name }}" -# subnets: "{{ alb_subnets }}" -# security_groups: "{{ sec_group.group_id }}" -# state: present -# listeners: -# - Protocol: HTTP -# Port: 80 -# DefaultActions: -# - Type: authenticate-oidc -# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" -# Order: 1 -# - Type: forward -# TargetGroupName: "{{ tg_name }}" -# Order: 2 -# Rules: -# - Conditions: -# - Field: path-pattern -# Values: -# - "*" -# Priority: 1 -# Actions: -# - Type: forward -# TargetGroupName: "{{ tg_name }}" -# Order: 2 -# - Type: authenticate-oidc -# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" -# Order: 1 -# register: alb -# -# - assert: -# that: -# - alb.changed -# - alb.listeners|length == 1 -# - alb.listeners[0].rules[0].actions|length == 2 -# - alb.listeners[0].rules[1].actions|length == 2 -# -# - name: test idempotency non-default rule with multiple actions -# elb_application_lb: -# name: "{{ alb_name }}" -# subnets: "{{ alb_subnets }}" -# security_groups: "{{ sec_group.group_id }}" -# state: present -# listeners: -# - Protocol: HTTP -# Port: 80 -# DefaultActions: -# - Type: authenticate-oidc -# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" -# Order: 1 -# - Type: forward -# TargetGroupName: "{{ tg_name }}" -# Order: 2 -# Rules: -# - Conditions: -# - Field: path-pattern -# Values: -# - "*" -# Priority: 1 -# Actions: -# - Type: forward -# TargetGroupName: "{{ tg_name }}" -# Order: 2 -# - Type: authenticate-oidc -# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" -# Order: 1 -# register: alb -# -# - assert: -# that: -# - not alb.changed -# - alb.listeners|length == 1 -# - alb.listeners[0].rules[0].actions|length == 2 -# - alb.listeners[0].rules[1].actions|length == 2 -# -# - name: test non-default rule action order change -# elb_application_lb: -# name: "{{ alb_name }}" -# subnets: "{{ alb_subnets }}" -# security_groups: "{{ sec_group.group_id }}" -# state: present -# listeners: -# - Protocol: HTTP -# Port: 80 -# DefaultActions: -# - Type: authenticate-oidc -# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" -# Order: 1 -# - Type: forward -# TargetGroupName: "{{ tg_name }}" -# Order: 2 -# Rules: -# - Conditions: -# - Field: path-pattern -# Values: -# - "*" -# Priority: 1 -# Actions: -# - Type: authenticate-oidc -# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" -# Order: 1 -# - Type: forward -# TargetGroupName: "{{ tg_name }}" -# Order: 2 -# register: alb -# -# - assert: -# that: -# - not alb.changed -# - alb.listeners|length == 1 -# - alb.listeners[0].rules[0].actions|length == 2 -# - alb.listeners[0].rules[1].actions|length == 2 diff --git a/tests/integration/targets/elb_application_lb_info/aliases b/tests/integration/targets/elb_application_lb_info/aliases deleted file mode 100644 index 4ef4b2067d0..00000000000 --- a/tests/integration/targets/elb_application_lb_info/aliases +++ /dev/null @@ -1 +0,0 @@ -cloud/aws diff --git a/tests/integration/targets/elb_application_lb_info/defaults/main.yml b/tests/integration/targets/elb_application_lb_info/defaults/main.yml deleted file mode 100644 index d0c601c6a04..00000000000 --- a/tests/integration/targets/elb_application_lb_info/defaults/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -resource_short: "{{ '%0.8x'%((16**8) | random(seed=resource_prefix)) }}" -alb_name: "alb-test-{{ resource_short }}" -tg_name: "alb-test-{{ resource_short }}" diff --git a/tests/integration/targets/elb_application_lb_info/meta/main.yml b/tests/integration/targets/elb_application_lb_info/meta/main.yml deleted file mode 100644 index 1810d4bec98..00000000000 --- a/tests/integration/targets/elb_application_lb_info/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - setup_remote_tmp_dir diff --git a/tests/integration/targets/elb_application_lb_info/tasks/full_test.yml b/tests/integration/targets/elb_application_lb_info/tasks/full_test.yml deleted file mode 100644 index 7603a0454ab..00000000000 --- a/tests/integration/targets/elb_application_lb_info/tasks/full_test.yml +++ /dev/null @@ -1,11 +0,0 @@ -- name: elb_application_lb full_test - block: - # setup - - include_tasks: setup.yml - - # Run main tests - - include_tasks: test_elb_application_lb_info.yml - - always: - # Cleanup - - include_tasks: teardown.yml diff --git a/tests/integration/targets/elb_application_lb_info/tasks/main.yml b/tests/integration/targets/elb_application_lb_info/tasks/main.yml deleted file mode 100644 index 5d9eb4fe73f..00000000000 --- a/tests/integration/targets/elb_application_lb_info/tasks/main.yml +++ /dev/null @@ -1,11 +0,0 @@ -- name: 'elb_application_lb_info integration tests' - collections: - - amazon.aws - module_defaults: - group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region }}' - block: - - include_tasks: full_test.yml diff --git a/tests/integration/targets/elb_application_lb_info/tasks/setup.yml b/tests/integration/targets/elb_application_lb_info/tasks/setup.yml deleted file mode 100644 index 26289d230d0..00000000000 --- a/tests/integration/targets/elb_application_lb_info/tasks/setup.yml +++ /dev/null @@ -1,84 +0,0 @@ -- name: elb_application_lb_info setup - block: - - name: create VPC - ec2_vpc_net: - cidr_block: 10.228.228.0/22 - name: '{{ resource_prefix }}_vpc' - state: present - register: vpc - - - name: create internet gateway - ec2_vpc_igw: - vpc_id: '{{ vpc.vpc.id }}' - state: present - tags: - Name: '{{ resource_prefix }}' - register: igw - - - name: create public subnet - ec2_vpc_subnet: - cidr: '{{ item.cidr }}' - az: '{{ aws_region}}{{ item.az }}' - vpc_id: '{{ vpc.vpc.id }}' - state: present - tags: - Public: '{{ item.public|string }}' - Name: '{{ item.public|ternary(''public'', ''private'') }}-{{ item.az }}' - with_items: - - cidr: 10.228.228.0/24 - az: a - public: 'True' - - cidr: 10.228.229.0/24 - az: b - public: 'True' - - cidr: 10.228.230.0/24 - az: a - public: 'False' - - cidr: 10.228.231.0/24 - az: b - public: 'False' - register: subnets - - - ec2_vpc_subnet_info: - filters: - vpc-id: '{{ vpc.vpc.id }}' - register: vpc_subnets - - - name: create list of subnet ids - set_fact: - alb_subnets: "{{ ( vpc_subnets.subnets | selectattr('tags.Public', 'equalto', 'True') | map(attribute='id') | list ) }}" - private_subnets: "{{ ( vpc_subnets.subnets | rejectattr('tags.Public', 'equalto', 'True') | map(attribute='id') | list ) }}" - - - name: create a route table - ec2_vpc_route_table: - vpc_id: '{{ vpc.vpc.id }}' - tags: - Name: igw-route - Created: '{{ resource_prefix }}' - subnets: '{{ alb_subnets + private_subnets }}' - routes: - - dest: 0.0.0.0/0 - gateway_id: '{{ igw.gateway_id }}' - register: route_table - - - ec2_group: - name: '{{ resource_prefix }}' - description: security group for Ansible ALB integration tests - state: present - vpc_id: '{{ vpc.vpc.id }}' - rules: - - proto: tcp - from_port: 1 - to_port: 65535 - cidr_ip: 0.0.0.0/0 - register: sec_group - - - name: create a target group for testing - elb_target_group: - name: '{{ tg_name }}' - protocol: http - port: 80 - vpc_id: '{{ vpc.vpc.id }}' - state: present - register: tg - diff --git a/tests/integration/targets/elb_application_lb_info/tasks/teardown.yml b/tests/integration/targets/elb_application_lb_info/tasks/teardown.yml deleted file mode 100644 index 24326e343a6..00000000000 --- a/tests/integration/targets/elb_application_lb_info/tasks/teardown.yml +++ /dev/null @@ -1,83 +0,0 @@ -- name: elb_application_lb_info teardown - block: - - name: destroy ALB - elb_application_lb: - name: '{{ alb_name }}' - state: absent - wait: true - wait_timeout: 600 - ignore_errors: true - - - name: destroy target group if it was created - elb_target_group: - name: '{{ tg_name }}' - protocol: http - port: 80 - vpc_id: '{{ vpc.vpc.id }}' - state: absent - wait: true - wait_timeout: 600 - register: remove_tg - retries: 5 - delay: 3 - until: remove_tg is success - when: tg is defined - ignore_errors: true - - name: destroy sec group - ec2_group: - name: '{{ sec_group.group_name }}' - description: security group for Ansible ALB integration tests - state: absent - vpc_id: '{{ vpc.vpc.id }}' - register: remove_sg - retries: 10 - delay: 5 - until: remove_sg is success - ignore_errors: true - - name: remove route table - ec2_vpc_route_table: - vpc_id: '{{ vpc.vpc.id }}' - route_table_id: '{{ route_table.route_table.route_table_id }}' - lookup: id - state: absent - register: remove_rt - retries: 10 - delay: 5 - until: remove_rt is success - ignore_errors: true - - name: destroy subnets - ec2_vpc_subnet: - cidr: '{{ item.cidr }}' - vpc_id: '{{ vpc.vpc.id }}' - state: absent - register: remove_subnet - retries: 10 - delay: 5 - until: remove_subnet is success - with_items: - - cidr: 10.228.228.0/24 - - cidr: 10.228.229.0/24 - - cidr: 10.228.230.0/24 - - cidr: 10.228.231.0/24 - ignore_errors: true - - name: destroy internet gateway - ec2_vpc_igw: - vpc_id: '{{ vpc.vpc.id }}' - tags: - Name: '{{ resource_prefix }}' - state: absent - register: remove_igw - retries: 10 - delay: 5 - until: remove_igw is success - ignore_errors: true - - name: destroy VPC - ec2_vpc_net: - cidr_block: 10.228.228.0/22 - name: '{{ resource_prefix }}_vpc' - state: absent - register: remove_vpc - retries: 10 - delay: 5 - until: remove_vpc is success - ignore_errors: true diff --git a/tests/integration/targets/elb_application_lb_info/tasks/test_elb_application_lb_info.yml b/tests/integration/targets/elb_application_lb_info/tasks/test_elb_application_lb_info.yml deleted file mode 100644 index 229ac43001b..00000000000 --- a/tests/integration/targets/elb_application_lb_info/tasks/test_elb_application_lb_info.yml +++ /dev/null @@ -1,41 +0,0 @@ -- block: - - - name: create ALB with a listener - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - register: alb - - - assert: - that: - - alb.changed - - alb.listeners|length == 1 - - alb.listeners[0].rules|length == 1 - - - name: ELB applicaiton info using load balancer arn - elb_application_lb_info: - load_balancer_arns: - - "{{ alb.load_balancer_arn }}" - register: elb_app_lb_info - - - assert: - that: - - elb_app_lb_info.load_balancers[0].ip_address_type == 'ipv4' - - - name: ELB applicaiton info using load balancer name - elb_application_lb_info: - names: - - "{{ alb.load_balancer_name }}" - register: elb_app_lb_info - - - assert: - that: - - elb_app_lb_info.load_balancers[0].ip_address_type == 'ipv4' From e89eac85ed62f5688a9a1d42c2ff7740fb45a848 Mon Sep 17 00:00:00 2001 From: Joseph Torcasso <87090265+jatorcasso@users.noreply.github.com> Date: Mon, 14 Mar 2022 15:21:40 -0400 Subject: [PATCH 39/52] elb_application_lb - treat empty security group as VPC default (#971) elb_application_lb - treat empty security group as VPC default SUMMARY Fixes idempotency issue when security_groups = [] by treating [] as using the VPC's default security group (like it does on creation). Fixes #28 Used same logic as amazon.aws.ec2_vpc_route_table does for using default igw Added integration tests ISSUE TYPE Bugfix Pull Request COMPONENT NAME elb_application_lb Reviewed-by: Jill R Reviewed-by: Mark Woolley This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/20b726a682dc9bde1fa3f0d7353b6d8667e310e7 --- plugins/modules/elb_application_lb.py | 38 +++++++- .../targets/elb_application_lb/tasks/main.yml | 95 ++++++++++++++++++- 2 files changed, 128 insertions(+), 5 deletions(-) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index 32c0f28bd95..448eba4c1aa 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -144,7 +144,7 @@ description: - A list of the names or IDs of the security groups to assign to the load balancer. - Required if I(state=present). - default: [] + - If C([]), the VPC's default security group will be used. type: list elements: str scheme: @@ -494,10 +494,16 @@ type: bool sample: false ''' +try: + import botocore +except ImportError: + pass # caught by AnsibleAWSModule from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ansible_dict_to_boto3_filter_list +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import AWSRetry from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict from ansible_collections.amazon.aws.plugins.module_utils.ec2 import compare_aws_tags from ansible_collections.amazon.aws.plugins.module_utils.elbv2 import ( ApplicationLoadBalancer, @@ -509,6 +515,29 @@ from ansible_collections.amazon.aws.plugins.module_utils.elb_utils import get_elb_listener_rules +@AWSRetry.jittered_backoff() +def describe_sgs_with_backoff(connection, **params): + paginator = connection.get_paginator('describe_security_groups') + return paginator.paginate(**params).build_full_result()['SecurityGroups'] + + +def find_default_sg(connection, module, vpc_id): + """ + Finds the default security group for the given VPC ID. + """ + filters = ansible_dict_to_boto3_filter_list({'vpc-id': vpc_id, 'group-name': 'default'}) + try: + sg = describe_sgs_with_backoff(connection, Filters=filters) + except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: + module.fail_json_aws(e, msg='No default security group found for VPC {0}'.format(vpc_id)) + if len(sg) == 1: + return sg[0]['GroupId'] + elif len(sg) == 0: + module.fail_json(msg='No default security group found for VPC {0}'.format(vpc_id)) + else: + module.fail_json(msg='Multiple security groups named "default" found for VPC {0}'.format(vpc_id)) + + def create_or_update_alb(alb_obj): """Create ALB or modify main attributes. json_exit here""" if alb_obj.elb: @@ -738,6 +767,11 @@ def main(): alb = ApplicationLoadBalancer(connection, connection_ec2, module) + # Update security group if default is specified + if alb.elb and module.params.get('security_groups') == []: + module.params['security_groups'] = [find_default_sg(connection_ec2, module, alb.elb['VpcId'])] + alb = ApplicationLoadBalancer(connection, connection_ec2, module) + if state == 'present': create_or_update_alb(alb) elif state == 'absent': diff --git a/tests/integration/targets/elb_application_lb/tasks/main.yml b/tests/integration/targets/elb_application_lb/tasks/main.yml index 169ef5b16dd..81ebf4cdfce 100644 --- a/tests/integration/targets/elb_application_lb/tasks/main.yml +++ b/tests/integration/targets/elb_application_lb/tasks/main.yml @@ -25,6 +25,12 @@ set_fact: vpc_id: "{{ vpc.vpc.id }}" + - name: Get VPC's default security group + ec2_group_info: + filters: + vpc-id: "{{ vpc_id }}" + register: default_sg + - name: Create an internet gateway ec2_vpc_igw: vpc_id: '{{ vpc_id }}' @@ -200,7 +206,90 @@ # ------------------------------------------------------------------------------------------ - - name: Create an ALB with ip address type - check_mode + - name: Create an ALB with defaults - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: [] + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + register: alb + check_mode: yes + + - assert: + that: + - alb is changed + - alb.msg is match('Would have created ALB if not in check mode.') + + - name: Create an ALB with defaults + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: [] + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + register: alb + + - assert: + that: + - alb is changed + - alb.listeners[0].rules | length == 1 + - alb.security_groups | length == 1 + - alb.security_groups[0] == default_sg.security_groups[0].group_id + + - name: Create an ALB with defaults (idempotence) - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: [] + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + register: alb + check_mode: yes + + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Create an ALB with defaults (idempotence) + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: [] + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + register: alb + + - assert: + that: + - alb is not changed + - alb.listeners[0].rules | length == 1 + - alb.security_groups[0] == default_sg.security_groups[0].group_id + + # ------------------------------------------------------------------------------------------ + + - name: Update an ALB with ip address type - check_mode elb_application_lb: name: "{{ alb_name }}" subnets: "{{ public_subnets }}" @@ -219,9 +308,9 @@ - assert: that: - alb is changed - - alb.msg is match('Would have created ALB if not in check mode.') + - alb.msg is match('Would have updated ALB if not in check mode.') - - name: Create an ALB with ip address type + - name: Update an ALB with ip address type elb_application_lb: name: "{{ alb_name }}" subnets: "{{ public_subnets }}" From 3a156257741da4027caf376e3b833c7398a1a71b Mon Sep 17 00:00:00 2001 From: Mark Woolley Date: Tue, 15 Mar 2022 11:52:43 +0000 Subject: [PATCH 40/52] Add backoff logic to elb_application_lb_info (#977) Add backoff logic to elb_application_lb_info SUMMARY From time to time rate limiting failures occur on the usage of this module, this PR adds backoff logic to the module to improve its stability. fatal: [127.0.0.1 -> 127.0.0.1]: FAILED! => changed=false boto3_version: 1.20.34 botocore_version: 1.23.34 error: code: Throttling message: Rate exceeded type: Sender msg: 'Failed to list load balancers: An error occurred (Throttling) when calling the DescribeLoadBalancers operation (reached max retries: 4): Rate exceeded' response_metadata: http_headers: content-length: '271' content-type: text/xml date: Thu, 10 Mar 2022 10:34:23 GMT x-amzn-requestid: xxxxx http_status_code: 400 max_attempts_reached: true request_id: xxxxx retry_attempts: 4 ISSUE TYPE Bugfix Pull Request COMPONENT NAME elb_application_lb_info ADDITIONAL INFORMATION Reviewed-by: Markus Bergholz Reviewed-by: Alina Buzachis This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/280d7a2f130d5aaa993ed45dc501fa66f69d9582 --- plugins/modules/elb_application_lb_info.py | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index d1de312df11..dbd4b7e0ab6 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -220,7 +220,13 @@ from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule from ansible_collections.amazon.aws.plugins.module_utils.core import is_boto3_error_code -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import AWSRetry, boto3_tag_list_to_ansible_dict + + +@AWSRetry.jittered_backoff() +def get_paginator(connection, **kwargs): + paginator = connection.get_paginator('describe_load_balancers') + return paginator.paginate(**kwargs).build_full_result() def get_alb_listeners(connection, module, alb_arn): @@ -274,13 +280,12 @@ def list_load_balancers(connection, module): names = module.params.get("names") try: - load_balancer_paginator = connection.get_paginator('describe_load_balancers') if not load_balancer_arns and not names: - load_balancers = load_balancer_paginator.paginate().build_full_result() + load_balancers = get_paginator(connection) if load_balancer_arns: - load_balancers = load_balancer_paginator.paginate(LoadBalancerArns=load_balancer_arns).build_full_result() + load_balancers = get_paginator(connection, LoadBalancerArns=load_balancer_arns) if names: - load_balancers = load_balancer_paginator.paginate(Names=names).build_full_result() + load_balancers = get_paginator(connection, Names=names) except is_boto3_error_code('LoadBalancerNotFound'): module.exit_json(load_balancers=[]) except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: # pylint: disable=duplicate-except @@ -324,7 +329,7 @@ def main(): ) try: - connection = module.client('elbv2') + connection = module.client('elbv2', retry_decorator=AWSRetry.jittered_backoff(retries=10)) except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: module.fail_json_aws(e, msg='Failed to connect to AWS') From a95015e05e72c48cdd613eb9ba0f63d1d571bce0 Mon Sep 17 00:00:00 2001 From: Joseph Torcasso <87090265+jatorcasso@users.noreply.github.com> Date: Sat, 26 Mar 2022 14:58:32 -0400 Subject: [PATCH 41/52] elb_application_lb - support alb attributes (#963) elb_application_lb - support alb attributes SUMMARY Support modifying different alb specific attributes Fixes #571 Depends-On ansible-collections/amazon.aws#696 ISSUE TYPE Feature Pull Request COMPONENT NAME elb_application_lb Reviewed-by: Jill R Reviewed-by: Markus Bergholz Reviewed-by: Alina Buzachis Reviewed-by: Joseph Torcasso This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/85bfce4de8d3d00b33ec3a1f010164f3073f8692 --- plugins/modules/elb_application_lb.py | 51 +++++- .../targets/elb_application_lb/tasks/main.yml | 168 ++++++++++++++++++ 2 files changed, 213 insertions(+), 6 deletions(-) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index 448eba4c1aa..430647e7995 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -49,13 +49,38 @@ deletion_protection: description: - Indicates whether deletion protection for the ALB is enabled. - - Defaults to C(false). + - Defaults to C(False). type: bool http2: description: - Indicates whether to enable HTTP2 routing. - - Defaults to C(false). + - Defaults to C(True). type: bool + http_desync_mitigation_mode: + description: + - Determines how the load balancer handles requests that might pose a security risk to an application. + - Defaults to C('defensive') + type: str + choices: ['monitor', 'defensive', 'strictest'] + version_added: 3.2.0 + http_drop_invalid_header_fields: + description: + - Indicates whether HTTP headers with invalid header fields are removed by the load balancer C(True) or routed to targets C(False). + - Defaults to C(False). + type: bool + version_added: 3.2.0 + http_x_amzn_tls_version_and_cipher_suite: + description: + - Indicates whether the two headers are added to the client request before sending it to the target. + - Defaults to C(False). + type: bool + version_added: 3.2.0 + http_xff_client_port: + description: + - Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer. + - Defaults to C(False). + type: bool + version_added: 3.2.0 idle_timeout: description: - The number of seconds to wait before an idle connection is closed. @@ -183,6 +208,12 @@ - Sets the type of IP addresses used by the subnets of the specified Application Load Balancer. choices: [ 'ipv4', 'dualstack' ] type: str + waf_fail_open: + description: + - Indicates whether to allow a AWS WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. + - Defaults to C(False). + type: bool + version_added: 3.2.0 extends_documentation_fragment: - amazon.aws.aws - amazon.aws.ec2 @@ -554,6 +585,13 @@ def create_or_update_alb(alb_obj): alb_obj.module.exit_json(changed=True, msg='Would have updated ALB if not in check mode.') alb_obj.modify_security_groups() + # ALB attributes + if not alb_obj.compare_elb_attributes(): + if alb_obj.module.check_mode: + alb_obj.module.exit_json(changed=True, msg='Would have updated ALB if not in check mode.') + alb_obj.update_elb_attributes() + alb_obj.modify_elb_attributes() + # Tags - only need to play with tags if tags parameter has been set to something if alb_obj.tags is not None: @@ -578,10 +616,6 @@ def create_or_update_alb(alb_obj): alb_obj.module.exit_json(changed=True, msg='Would have created ALB if not in check mode.') alb_obj.create_elb() - # ALB attributes - alb_obj.update_elb_attributes() - alb_obj.modify_elb_attributes() - # Listeners listeners_obj = ELBListeners(alb_obj.connection, alb_obj.module, alb_obj.elb['LoadBalancerArn']) listeners_to_add, listeners_to_modify, listeners_to_delete = listeners_obj.compare_listeners() @@ -712,6 +746,10 @@ def main(): access_logs_s3_prefix=dict(type='str'), deletion_protection=dict(type='bool'), http2=dict(type='bool'), + http_desync_mitigation_mode=dict(type='str', choices=['monitor', 'defensive', 'strictest']), + http_drop_invalid_header_fields=dict(type='bool'), + http_x_amzn_tls_version_and_cipher_suite=dict(type='bool'), + http_xff_client_port=dict(type='bool'), idle_timeout=dict(type='int'), listeners=dict(type='list', elements='dict', @@ -732,6 +770,7 @@ def main(): scheme=dict(default='internet-facing', choices=['internet-facing', 'internal']), state=dict(choices=['present', 'absent'], default='present'), tags=dict(type='dict'), + waf_fail_open=dict(type='bool'), wait_timeout=dict(type='int'), wait=dict(default=False, type='bool'), purge_rules=dict(default=True, type='bool'), diff --git a/tests/integration/targets/elb_application_lb/tasks/main.yml b/tests/integration/targets/elb_application_lb/tasks/main.yml index 81ebf4cdfce..f4a2f2658be 100644 --- a/tests/integration/targets/elb_application_lb/tasks/main.yml +++ b/tests/integration/targets/elb_application_lb/tasks/main.yml @@ -330,6 +330,12 @@ - alb is changed - alb.ip_address_type == 'dualstack' - alb.listeners[0].rules | length == 1 + - alb.routing_http2_enabled | bool + - alb.routing_http_desync_mitigation_mode == 'defensive' + - not alb.routing_http_drop_invalid_header_fields_enabled | bool + - not alb.routing_http_x_amzn_tls_version_and_cipher_suite_enabled | bool + - not alb.routing_http_xff_client_port_enabled | bool + - not alb.waf_fail_open_enabled | bool - name: Create an ALB with ip address type (idempotence) - check_mode elb_application_lb: @@ -371,6 +377,132 @@ that: - alb is not changed - alb.ip_address_type == 'dualstack' + - alb.routing_http2_enabled | bool + - alb.routing_http_desync_mitigation_mode == 'defensive' + - not alb.routing_http_drop_invalid_header_fields_enabled | bool + - not alb.routing_http_x_amzn_tls_version_and_cipher_suite_enabled | bool + - not alb.routing_http_xff_client_port_enabled | bool + - not alb.waf_fail_open_enabled | bool + + # ------------------------------------------------------------------------------------------ + + - name: Update an ALB with different attributes - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: 'dualstack' + http2: no + http_desync_mitigation_mode: monitor + http_drop_invalid_header_fields: yes + http_x_amzn_tls_version_and_cipher_suite: yes + http_xff_client_port: yes + waf_fail_open: yes + register: alb + check_mode: yes + + - assert: + that: + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') + + - name: Update an ALB with different attributes + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: 'dualstack' + http2: no + http_desync_mitigation_mode: monitor + http_drop_invalid_header_fields: yes + http_x_amzn_tls_version_and_cipher_suite: yes + http_xff_client_port: yes + waf_fail_open: yes + register: alb + + - assert: + that: + - alb is changed + - alb.ip_address_type == 'dualstack' + - not alb.routing_http2_enabled | bool + - alb.routing_http_desync_mitigation_mode == 'monitor' + - alb.routing_http_drop_invalid_header_fields_enabled | bool + - alb.routing_http_x_amzn_tls_version_and_cipher_suite_enabled | bool + - alb.routing_http_xff_client_port_enabled | bool + - alb.waf_fail_open_enabled | bool + + - name: Update an ALB with different attributes (idempotence) - check_mode + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: 'dualstack' + http2: no + http_desync_mitigation_mode: monitor + http_drop_invalid_header_fields: yes + http_x_amzn_tls_version_and_cipher_suite: yes + http_xff_client_port: yes + waf_fail_open: yes + register: alb + check_mode: yes + + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Update an ALB with different attributes (idempotence) + elb_application_lb: + name: "{{ alb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: 'dualstack' + http2: no + http_desync_mitigation_mode: monitor + http_drop_invalid_header_fields: yes + http_x_amzn_tls_version_and_cipher_suite: yes + http_xff_client_port: yes + waf_fail_open: yes + register: alb + + - assert: + that: + - alb is not changed + - alb.ip_address_type == 'dualstack' + - not alb.routing_http2_enabled | bool + - alb.routing_http_desync_mitigation_mode == 'monitor' + - alb.routing_http_drop_invalid_header_fields_enabled | bool + - alb.routing_http_x_amzn_tls_version_and_cipher_suite_enabled | bool + - alb.routing_http_xff_client_port_enabled | bool + - alb.waf_fail_open_enabled | bool # ------------------------------------------------------------------------------------------ @@ -387,6 +519,12 @@ - Type: forward TargetGroupName: "{{ tg_name }}" ip_address_type: 'ipv4' + http2: no + http_desync_mitigation_mode: monitor + http_drop_invalid_header_fields: yes + http_x_amzn_tls_version_and_cipher_suite: yes + http_xff_client_port: yes + waf_fail_open: yes register: alb check_mode: yes @@ -408,12 +546,24 @@ - Type: forward TargetGroupName: "{{ tg_name }}" ip_address_type: 'ipv4' + http2: no + http_desync_mitigation_mode: monitor + http_drop_invalid_header_fields: yes + http_x_amzn_tls_version_and_cipher_suite: yes + http_xff_client_port: yes + waf_fail_open: yes register: alb - assert: that: - alb is changed - alb.ip_address_type == 'ipv4' + - not alb.routing_http2_enabled | bool + - alb.routing_http_desync_mitigation_mode == 'monitor' + - alb.routing_http_drop_invalid_header_fields_enabled | bool + - alb.routing_http_x_amzn_tls_version_and_cipher_suite_enabled | bool + - alb.routing_http_xff_client_port_enabled | bool + - alb.waf_fail_open_enabled | bool - name: Update an ALB with different ip address type (idempotence) - check_mode elb_application_lb: @@ -428,6 +578,12 @@ - Type: forward TargetGroupName: "{{ tg_name }}" ip_address_type: 'ipv4' + http2: no + http_desync_mitigation_mode: monitor + http_drop_invalid_header_fields: yes + http_x_amzn_tls_version_and_cipher_suite: yes + http_xff_client_port: yes + waf_fail_open: yes register: alb check_mode: yes @@ -449,12 +605,24 @@ - Type: forward TargetGroupName: "{{ tg_name }}" ip_address_type: 'ipv4' + http2: no + http_desync_mitigation_mode: monitor + http_drop_invalid_header_fields: yes + http_x_amzn_tls_version_and_cipher_suite: yes + http_xff_client_port: yes + waf_fail_open: yes register: alb - assert: that: - alb is not changed - alb.ip_address_type == 'ipv4' + - not alb.routing_http2_enabled | bool + - alb.routing_http_desync_mitigation_mode == 'monitor' + - alb.routing_http_drop_invalid_header_fields_enabled | bool + - alb.routing_http_x_amzn_tls_version_and_cipher_suite_enabled | bool + - alb.routing_http_xff_client_port_enabled | bool + - alb.waf_fail_open_enabled | bool # ------------------------------------------------------------------------------------------ From d5346b368ff05ddbd4f26cbf2bc5aadeefcb38f0 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Fri, 22 Apr 2022 11:44:07 +0200 Subject: [PATCH 42/52] Integration test dependency cleanup (#1086) Integration test dependency cleanup SUMMARY remove dependencies on setup_remote_tmp_dir where it's not used (often just copy & paste from another test) remove setup_ec2 (no main.yml means it's not doing anything) remove prepare_tests (empty main.yml means it's not doing anything) ISSUE TYPE Feature Pull Request COMPONENT NAME tests/integration/targets ADDITIONAL INFORMATION By cleaning up what we have we reduce the chance of people copying things about "because that's what test XYZ did". Reviewed-by: Alina Buzachis Reviewed-by: Mark Woolley This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/dd12046a1e2d5f39692b1890ff07e06c56b3bf0e --- tests/integration/targets/elb_application_lb/meta/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/integration/targets/elb_application_lb/meta/main.yml b/tests/integration/targets/elb_application_lb/meta/main.yml index 1810d4bec98..32cf5dda7ed 100644 --- a/tests/integration/targets/elb_application_lb/meta/main.yml +++ b/tests/integration/targets/elb_application_lb/meta/main.yml @@ -1,2 +1 @@ -dependencies: - - setup_remote_tmp_dir +dependencies: [] From 459f12598093ae7347abf62877f3572e1eecb6f7 Mon Sep 17 00:00:00 2001 From: Joseph Torcasso <87090265+jatorcasso@users.noreply.github.com> Date: Thu, 5 May 2022 17:54:19 -0400 Subject: [PATCH 43/52] Add missing `elements` option to type: list that did not specify (#1116) Add missing `elements` option to type: list that did not specify SUMMARY Fixes #1114 ISSUE TYPE Docs Pull Request COMPONENT NAME cloudfront_distribution ecs_taskdefinition elb_application_lb rds_option_group Reviewed-by: Alina Buzachis Reviewed-by: Jill R This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/c1d47ddaa20f847c4e36b6410f2a4cfa501112d8 --- plugins/modules/elb_application_lb.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index 430647e7995..a7c75c00cd3 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -134,12 +134,14 @@ Conditions: type: list description: Conditions which must be met for the actions to be applied. + elements: dict Priority: type: int description: The rule priority. Actions: type: list description: Actions to apply if all of the rule's conditions are met. + elements: dict name: description: - The name of the load balancer. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric From 6c7f91f5d2b509bcf7df97b831979fe46770bf8f Mon Sep 17 00:00:00 2001 From: Mark Woolley Date: Tue, 17 May 2022 10:31:57 +0100 Subject: [PATCH 44/52] Add retries to elb / target group info modules (#1113) SUMMARY Currently there is backoff retries applied with 10 attempts overall, but due to the pagination its defaulting back to 4 ISSUE TYPE Bugfix Pull Request COMPONENT NAME elb_application_lb_info elb_target_group_info ADDITIONAL INFORMATION This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/87947845c892216d49deac6cbcab09422d024167 --- plugins/modules/elb_application_lb_info.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index dbd4b7e0ab6..9a6e817469f 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -223,7 +223,7 @@ from ansible_collections.amazon.aws.plugins.module_utils.ec2 import AWSRetry, boto3_tag_list_to_ansible_dict -@AWSRetry.jittered_backoff() +@AWSRetry.jittered_backoff(retries=10) def get_paginator(connection, **kwargs): paginator = connection.get_paginator('describe_load_balancers') return paginator.paginate(**kwargs).build_full_result() From 608745ea5fb8499267d9bbd160ff4a0c912484f7 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Wed, 1 Jun 2022 15:03:38 +0200 Subject: [PATCH 45/52] Tagging fragment - Move simplest cases over to the docs fragment. (#1182) Tagging fragment - Move simplest cases over to the docs fragment. Depends-On: ansible-collections/amazon.aws#844 SUMMARY Migrate simplest cases over to the new docs fragment and add resource_tags as an alias to tags. ISSUE TYPE Docs Pull Request Feature Pull Request COMPONENT NAME changelogs/fragments/1182-tagging.yml plugins/modules/aws_glue_job.py plugins/modules/aws_msk_cluster.py plugins/modules/aws_secret.py plugins/modules/aws_step_functions_state_machine.py plugins/modules/dynamodb_table.py plugins/modules/ec2_eip.py plugins/modules/ec2_transit_gateway_vpc_attachment.py plugins/modules/ec2_vpc_peer.py plugins/modules/elb_application_lb.py plugins/modules/elb_network_lb.py plugins/modules/iam_role.py plugins/modules/iam_user.py plugins/modules/networkfirewall.py plugins/modules/networkfirewall_policy.py plugins/modules/networkfirewall_rule_group.py plugins/modules/rds_cluster.py plugins/modules/rds_instance.py plugins/modules/rds_instance_snapshot.py plugins/modules/rds_option_group.py plugins/modules/rds_subnet_group.py plugins/modules/redshift.py ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/b11ffaed2b3450f6fee9721878090da404401021 --- plugins/modules/elb_application_lb.py | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index a7c75c00cd3..2e84242d382 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -24,8 +24,9 @@ version_added: 1.0.0 short_description: Manage an Application Load Balancer description: - - Manage an AWS Application Elastic Load Balancer. See U(https://aws.amazon.com/blogs/aws/new-aws-application-load-balancer/) for details. -author: "Rob White (@wimnat)" + - Manage an AWS Application Elastic Load Balancer. See U(https://aws.amazon.com/blogs/aws/new-aws-application-load-balancer/) for details. +author: + - "Rob White (@wimnat)" options: access_logs_enabled: description: @@ -154,12 +155,6 @@ - If the I(listeners) parameter is not set then listeners will not be modified. default: yes type: bool - purge_tags: - description: - - If yes, existing tags will be purged from the resource to match exactly what is defined by I(tags) parameter. - - If the I(tags) parameter is not set then tags will not be modified. - default: yes - type: bool subnets: description: - A list of the IDs of the subnets to attach to the load balancer. You can specify only one subnet per Availability Zone. You must specify subnets from @@ -186,10 +181,6 @@ default: present choices: [ 'present', 'absent' ] type: str - tags: - description: - - A dictionary of one or more tags to assign to the load balancer. - type: dict wait: description: - Wait for the load balancer to have a state of 'active' before completing. A status check is @@ -217,8 +208,9 @@ type: bool version_added: 3.2.0 extends_documentation_fragment: -- amazon.aws.aws -- amazon.aws.ec2 + - amazon.aws.aws + - amazon.aws.ec2 + - amazon.aws.tags notes: - Listeners are matched based on port. If a listener's port is changed then a new listener will be created. @@ -771,7 +763,7 @@ def main(): security_groups=dict(type='list', elements='str'), scheme=dict(default='internet-facing', choices=['internet-facing', 'internal']), state=dict(choices=['present', 'absent'], default='present'), - tags=dict(type='dict'), + tags=dict(type='dict', aliases=['resource_tags']), waf_fail_open=dict(type='bool'), wait_timeout=dict(type='int'), wait=dict(default=False, type='bool'), From 2ce87e7c2fc2b3510ef29ae0ff75add67b6d86fa Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Fri, 22 Jul 2022 11:41:50 +0200 Subject: [PATCH 46/52] Add documentation for TargetGroupName (#1366) elb_application_lb/elb_network_lb - Add documentation for TargetGroupName SUMMARY fixes: #915 elb_application_lb and elb_network_lb have a poorly documented feature, that you can use TargetGroupName instead of TargetGroupArn. While this is shown in the examples, it's in the options documentation. While undocumented the feature's been there since at release 1.0.0 ISSUE TYPE Docs Pull Request COMPONENT NAME plugins/modules/elb_application_lb.py plugins/modules/elb_network_lb.py ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/9fe9fc458dcb86aba8049e7531029346fa31bc0e --- plugins/modules/elb_application_lb.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index 2e84242d382..2a2dd771528 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -122,8 +122,14 @@ description: The type of action. type: str TargetGroupArn: - description: The Amazon Resource Name (ARN) of the target group. + description: + - The Amazon Resource Name (ARN) of the target group. + - Mutually exclusive with I(TargetGroupName). type: str + TargetGroupName: + description: + - The name of the target group. + - Mutually exclusive with I(TargetGroupArn). Rules: type: list elements: dict From 9a845c393e884465a75033f9de69b9ab6fda87cc Mon Sep 17 00:00:00 2001 From: Markus Bergholz Date: Fri, 26 Aug 2022 12:14:21 +0200 Subject: [PATCH 47/52] adjust booleans (#1420) adjust booleans: use true/false Depends-On: #1423 SUMMARY ansible-community/community-topics#116 ISSUE TYPE Docs Pull Request Reviewed-by: Mark Chappell Reviewed-by: Alina Buzachis This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/cb9716e14d44357aaadd2be733bbaa0dd8a522bc --- plugins/modules/elb_application_lb.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index 2a2dd771528..37f771355d1 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -157,9 +157,9 @@ type: str purge_listeners: description: - - If C(yes), existing listeners will be purged from the ALB to match exactly what is defined by I(listeners) parameter. + - If C(true), existing listeners will be purged from the ALB to match exactly what is defined by I(listeners) parameter. - If the I(listeners) parameter is not set then listeners will not be modified. - default: yes + default: true type: bool subnets: description: @@ -191,7 +191,7 @@ description: - Wait for the load balancer to have a state of 'active' before completing. A status check is performed every 15 seconds until a successful state is reached. An error is returned after 40 failed checks. - default: no + default: false type: bool wait_timeout: description: @@ -200,7 +200,7 @@ purge_rules: description: - When set to C(no), keep the existing load balancer rules in place. Will modify and add, but will not delete. - default: yes + default: true type: bool ip_address_type: description: @@ -249,7 +249,7 @@ # Create an ALB and attach a listener with logging enabled - community.aws.elb_application_lb: - access_logs_enabled: yes + access_logs_enabled: true access_logs_s3_bucket: mybucket access_logs_s3_prefix: "logs" name: myalb From ba55f71fcf898c6ba2f2a6df9ff3624a8075860a Mon Sep 17 00:00:00 2001 From: GomathiselviS Date: Tue, 20 Sep 2022 15:27:23 -0400 Subject: [PATCH 48/52] Update runtime --- meta/runtime.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/runtime.yml b/meta/runtime.yml index 17f07211260..f5637af3cc5 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -45,6 +45,8 @@ action_groups: - elb_classic_lb - s3_bucket - s3_object + - elb_application_lb + - elb_application_lb_info plugin_routing: action: aws_s3: From 6ae654a1ce9227c62633359c657b07058eaa439f Mon Sep 17 00:00:00 2001 From: GomathiselviS Date: Tue, 20 Sep 2022 15:27:23 -0400 Subject: [PATCH 49/52] Update FQDN --- plugins/modules/elb_application_lb.py | 8 ++++---- plugins/modules/elb_application_lb_info.py | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index 37f771355d1..791ce6c8dbd 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -227,7 +227,7 @@ # Note: These examples do not set authentication details, see the AWS Guide for details. # Create an ALB and attach a listener -- community.aws.elb_application_lb: +- amazon.aws.elb_application_lb: name: myalb security_groups: - sg-12345678 @@ -248,7 +248,7 @@ state: present # Create an ALB and attach a listener with logging enabled -- community.aws.elb_application_lb: +- amazon.aws.elb_application_lb: access_logs_enabled: true access_logs_s3_bucket: mybucket access_logs_s3_prefix: "logs" @@ -272,7 +272,7 @@ state: present # Create an ALB with listeners and rules -- community.aws.elb_application_lb: +- amazon.aws.elb_application_lb: name: test-alb subnets: - subnet-12345678 @@ -335,7 +335,7 @@ state: present # Remove an ALB -- community.aws.elb_application_lb: +- amazon.aws.elb_application_lb: name: myalb state: absent diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index 9a6e817469f..c4034586608 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -38,21 +38,21 @@ # Note: These examples do not set authentication details, see the AWS Guide for details. - name: Gather information about all ALBs - community.aws.elb_application_lb_info: + amazon.aws.elb_application_lb_info: - name: Gather information about a particular ALB given its ARN - community.aws.elb_application_lb_info: + amazon.aws.elb_application_lb_info: load_balancer_arns: - "arn:aws:elasticloadbalancing:ap-southeast-2:001122334455:loadbalancer/app/my-alb/aabbccddeeff" - name: Gather information about ALBs named 'alb1' and 'alb2' - community.aws.elb_application_lb_info: + amazon.aws.elb_application_lb_info: names: - alb1 - alb2 - name: Gather information about specific ALB - community.aws.elb_application_lb_info: + amazon.aws.elb_application_lb_info: names: "alb-name" region: "aws-region" register: alb_info From de6ac10a8c95810a1c1a964bb39e48a1470b2f06 Mon Sep 17 00:00:00 2001 From: GomathiselviS Date: Tue, 20 Sep 2022 15:27:24 -0400 Subject: [PATCH 50/52] Remove collection reference inside the tests --- .../elb_application_lb/defaults/main.yml | 18 +- .../targets/elb_application_lb/tasks/main.yml | 2685 ++++++++--------- 2 files changed, 1312 insertions(+), 1391 deletions(-) diff --git a/tests/integration/targets/elb_application_lb/defaults/main.yml b/tests/integration/targets/elb_application_lb/defaults/main.yml index 20ced9d88ae..f475f05c51e 100644 --- a/tests/integration/targets/elb_application_lb/defaults/main.yml +++ b/tests/integration/targets/elb_application_lb/defaults/main.yml @@ -1,14 +1,10 @@ ---- # defaults file for elb_application_lb resource_short: "{{ '%0.8x'%((16**8) | random(seed=resource_prefix)) }}" -alb_name: "alb-test-{{ resource_short }}" -tg_name: "alb-test-{{ resource_short }}" - -vpc_cidr: '10.{{ 256 | random(seed=resource_prefix) }}.0.0/16' - -private_subnet_cidr_1: '10.{{ 256 | random(seed=resource_prefix) }}.1.0/24' -private_subnet_cidr_2: '10.{{ 256 | random(seed=resource_prefix) }}.2.0/24' - -public_subnet_cidr_1: '10.{{ 256 | random(seed=resource_prefix) }}.3.0/24' -public_subnet_cidr_2: '10.{{ 256 | random(seed=resource_prefix) }}.4.0/24' \ No newline at end of file +alb_name: alb-test-{{ resource_short }} +tg_name: alb-test-{{ resource_short }} +vpc_cidr: 10.{{ 256 | random(seed=resource_prefix) }}.0.0/16 +private_subnet_cidr_1: 10.{{ 256 | random(seed=resource_prefix) }}.1.0/24 +private_subnet_cidr_2: 10.{{ 256 | random(seed=resource_prefix) }}.2.0/24 +public_subnet_cidr_1: 10.{{ 256 | random(seed=resource_prefix) }}.3.0/24 +public_subnet_cidr_2: 10.{{ 256 | random(seed=resource_prefix) }}.4.0/24 diff --git a/tests/integration/targets/elb_application_lb/tasks/main.yml b/tests/integration/targets/elb_application_lb/tasks/main.yml index f4a2f2658be..31354ccfa1b 100644 --- a/tests/integration/targets/elb_application_lb/tasks/main.yml +++ b/tests/integration/targets/elb_application_lb/tasks/main.yml @@ -1,1429 +1,1354 @@ -- name: 'elb_application_lb integration tests' - collections: - - amazon.aws - +- name: elb_application_lb integration tests module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" - region: "{{ aws_region }}" - + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token | default(omit) }}' + region: '{{ aws_region }}' block: - - name: Create a test VPC - ec2_vpc_net: - cidr_block: "{{ vpc_cidr }}" - name: '{{ resource_prefix }}_vpc' - state: present - ipv6_cidr: true - tags: - Name: elb_application_lb testing - ResourcePrefix: "{{ resource_prefix }}" - register: vpc - - - name: 'Set fact: VPC ID' - set_fact: - vpc_id: "{{ vpc.vpc.id }}" - - - name: Get VPC's default security group - ec2_group_info: - filters: - vpc-id: "{{ vpc_id }}" - register: default_sg - - - name: Create an internet gateway - ec2_vpc_igw: - vpc_id: '{{ vpc_id }}' - state: present - tags: - Name: '{{ resource_prefix }}' - register: igw - - - name: Create private subnets - ec2_vpc_subnet: - cidr: '{{ item.cidr }}' - az: '{{ aws_region }}{{ item.az }}' - vpc_id: '{{ vpc_id }}' - state: present - tags: - Public: 'False' - Name: 'private-{{ item.az }}' - with_items: - - cidr: "{{ private_subnet_cidr_1 }}" - az: a - - cidr: "{{ private_subnet_cidr_2 }}" - az: b - register: private_subnets - - - name: Create public subnets with ipv6 - ec2_vpc_subnet: - cidr: '{{ item.cidr }}' - az: '{{ aws_region }}{{ item.az }}' - vpc_id: '{{ vpc_id }}' - state: present - ipv6_cidr: '{{ item.vpc_ipv6_cidr }}' - tags: - Public: 'True' - Name: 'public-{{ item.az }}' - with_items: - - cidr: "{{ public_subnet_cidr_1 }}" - az: a - vpc_ipv6_cidr: "{{ vpc.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('0::/56','0::/64') }}" - - cidr: "{{ public_subnet_cidr_2 }}" - az: b - vpc_ipv6_cidr: "{{ vpc.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('0::/56','1::/64') }}" - register: public_subnets - - - name: Create list of subnet ids - set_fact: - public_subnets: "{{ public_subnets.results | map(attribute='subnet') | map(attribute='id') }}" - private_subnets: "{{ private_subnets.results | map(attribute='subnet') | map(attribute='id') }}" - - - name: Create a route table - ec2_vpc_route_table: - vpc_id: '{{ vpc_id }}' - tags: - Name: igw-route - Created: '{{ resource_prefix }}' - subnets: '{{ public_subnets + private_subnets }}' - routes: - - dest: 0.0.0.0/0 - gateway_id: '{{ igw.gateway_id }}' - register: route_table - - - name: Create a security group for Ansible ALB integration tests - ec2_group: - name: '{{ resource_prefix }}' - description: security group for Ansible ALB integration tests - state: present - vpc_id: '{{ vpc_id }}' - rules: - - proto: tcp - from_port: 1 - to_port: 65535 - cidr_ip: 0.0.0.0/0 - register: sec_group - - - name: Create another security group for Ansible ALB integration tests - ec2_group: - name: '{{ resource_prefix }}-2' - description: security group for Ansible ALB integration tests - state: present - vpc_id: '{{ vpc_id }}' - rules: - - proto: tcp - from_port: 1 - to_port: 65535 - cidr_ip: 0.0.0.0/0 - register: sec_group2 - - - name: Create a target group for testing - elb_target_group: - name: '{{ tg_name }}' - protocol: http - port: 80 - vpc_id: '{{ vpc_id }}' - state: present - register: tg - - # ---------------- elb_application_lb tests --------------------------------------------------- - - - name: Create an ALB (invalid - SslPolicy is required when Protocol == HTTPS) - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTPS - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ignore_errors: yes - register: alb - - - assert: - that: - - alb is failed - - alb.msg is match("'SslPolicy' is a required listener dict key when Protocol = HTTPS") - - - name: Create an ALB (invalid - didn't provide required listener options) - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Port: 80 - ignore_errors: yes - register: alb - - - assert: - that: - - alb is failed - - alb.msg is match("missing required arguments:\ DefaultActions, Protocol found in listeners") - - - name: Create an ALB (invalid - invalid listener option type) - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: "bad type" - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ignore_errors: yes - register: alb - - - assert: - that: - - alb is failed - - "'unable to convert to int' in alb.msg" - - - name: Create an ALB (invalid - invalid ip address type) - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ip_address_type: "ip_addr_v4_v6" - ignore_errors: yes - register: alb - - - assert: - that: - - alb is failed + - name: Create a test VPC + ec2_vpc_net: + cidr_block: '{{ vpc_cidr }}' + name: '{{ resource_prefix }}_vpc' + state: present + ipv6_cidr: true + tags: + Name: elb_application_lb testing + ResourcePrefix: '{{ resource_prefix }}' + register: vpc + - name: 'Set fact: VPC ID' + set_fact: + vpc_id: '{{ vpc.vpc.id }}' + - name: Get VPC's default security group + ec2_group_info: + filters: + vpc-id: '{{ vpc_id }}' + register: default_sg + - name: Create an internet gateway + ec2_vpc_igw: + vpc_id: '{{ vpc_id }}' + state: present + tags: + Name: '{{ resource_prefix }}' + register: igw + - name: Create private subnets + ec2_vpc_subnet: + cidr: '{{ item.cidr }}' + az: '{{ aws_region }}{{ item.az }}' + vpc_id: '{{ vpc_id }}' + state: present + tags: + Public: 'False' + Name: private-{{ item.az }} + with_items: + - cidr: '{{ private_subnet_cidr_1 }}' + az: a + - cidr: '{{ private_subnet_cidr_2 }}' + az: b + register: private_subnets + - name: Create public subnets with ipv6 + ec2_vpc_subnet: + cidr: '{{ item.cidr }}' + az: '{{ aws_region }}{{ item.az }}' + vpc_id: '{{ vpc_id }}' + state: present + ipv6_cidr: '{{ item.vpc_ipv6_cidr }}' + tags: + Public: 'True' + Name: public-{{ item.az }} + with_items: + - cidr: '{{ public_subnet_cidr_1 }}' + az: a + vpc_ipv6_cidr: "{{ vpc.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block\ + \ | replace('0::/56','0::/64') }}" + - cidr: '{{ public_subnet_cidr_2 }}' + az: b + vpc_ipv6_cidr: "{{ vpc.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block\ + \ | replace('0::/56','1::/64') }}" + register: public_subnets + - name: Create list of subnet ids + set_fact: + public_subnets: "{{ public_subnets.results | map(attribute='subnet') | map(attribute='id')\ + \ }}" + private_subnets: "{{ private_subnets.results | map(attribute='subnet') | map(attribute='id')\ + \ }}" + - name: Create a route table + ec2_vpc_route_table: + vpc_id: '{{ vpc_id }}' + tags: + Name: igw-route + Created: '{{ resource_prefix }}' + subnets: '{{ public_subnets + private_subnets }}' + routes: + - dest: 0.0.0.0/0 + gateway_id: '{{ igw.gateway_id }}' + register: route_table + - name: Create a security group for Ansible ALB integration tests + ec2_group: + name: '{{ resource_prefix }}' + description: security group for Ansible ALB integration tests + state: present + vpc_id: '{{ vpc_id }}' + rules: + - proto: tcp + from_port: 1 + to_port: 65535 + cidr_ip: 0.0.0.0/0 + register: sec_group + - name: Create another security group for Ansible ALB integration tests + ec2_group: + name: '{{ resource_prefix }}-2' + description: security group for Ansible ALB integration tests + state: present + vpc_id: '{{ vpc_id }}' + rules: + - proto: tcp + from_port: 1 + to_port: 65535 + cidr_ip: 0.0.0.0/0 + register: sec_group2 + - name: Create a target group for testing + elb_target_group: + name: '{{ tg_name }}' + protocol: http + port: 80 + vpc_id: '{{ vpc_id }}' + state: present + register: tg + - name: Create an ALB (invalid - SslPolicy is required when Protocol == HTTPS) + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTPS + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + ignore_errors: yes + register: alb + - assert: + that: + - alb is failed + - alb.msg is match("'SslPolicy' is a required listener dict key when Protocol + = HTTPS") + + - name: Create an ALB (invalid - didn't provide required listener options) + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Port: 80 + ignore_errors: yes + register: alb + - assert: + that: + - alb is failed + - alb.msg is match("missing required arguments:\ DefaultActions, Protocol found + in listeners") + + - name: Create an ALB (invalid - invalid listener option type) + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: bad type + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + ignore_errors: yes + register: alb + - assert: + that: + - alb is failed + - "'unable to convert to int' in alb.msg" + + - name: Create an ALB (invalid - invalid ip address type) + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + ip_address_type: ip_addr_v4_v6 + ignore_errors: yes + register: alb + - assert: + that: + - alb is failed # ------------------------------------------------------------------------------------------ - - name: Create an ALB with defaults - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: [] - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - register: alb - check_mode: yes - - - assert: - that: - - alb is changed - - alb.msg is match('Would have created ALB if not in check mode.') - - - name: Create an ALB with defaults - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: [] - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - register: alb - - - assert: - that: - - alb is changed - - alb.listeners[0].rules | length == 1 - - alb.security_groups | length == 1 - - alb.security_groups[0] == default_sg.security_groups[0].group_id - - - name: Create an ALB with defaults (idempotence) - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: [] - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - register: alb - check_mode: yes - - - assert: - that: - - alb is not changed - - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') - - - name: Create an ALB with defaults (idempotence) - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: [] - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - register: alb - - - assert: - that: - - alb is not changed - - alb.listeners[0].rules | length == 1 - - alb.security_groups[0] == default_sg.security_groups[0].group_id + - name: Create an ALB with defaults - check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: [] + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + register: alb + check_mode: yes + - assert: + that: + - alb is changed + - alb.msg is match('Would have created ALB if not in check mode.') + + - name: Create an ALB with defaults + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: [] + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + register: alb + - assert: + that: + - alb is changed + - alb.listeners[0].rules | length == 1 + - alb.security_groups | length == 1 + - alb.security_groups[0] == default_sg.security_groups[0].group_id + + - name: Create an ALB with defaults (idempotence) - check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: [] + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + register: alb + check_mode: yes + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Create an ALB with defaults (idempotence) + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: [] + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + register: alb + - assert: + that: + - alb is not changed + - alb.listeners[0].rules | length == 1 + - alb.security_groups[0] == default_sg.security_groups[0].group_id # ------------------------------------------------------------------------------------------ - - name: Update an ALB with ip address type - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ip_address_type: 'dualstack' - register: alb - check_mode: yes - - - assert: - that: - - alb is changed - - alb.msg is match('Would have updated ALB if not in check mode.') - - - name: Update an ALB with ip address type - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ip_address_type: 'dualstack' - register: alb - - - assert: - that: - - alb is changed - - alb.ip_address_type == 'dualstack' - - alb.listeners[0].rules | length == 1 - - alb.routing_http2_enabled | bool - - alb.routing_http_desync_mitigation_mode == 'defensive' - - not alb.routing_http_drop_invalid_header_fields_enabled | bool - - not alb.routing_http_x_amzn_tls_version_and_cipher_suite_enabled | bool - - not alb.routing_http_xff_client_port_enabled | bool - - not alb.waf_fail_open_enabled | bool - - - name: Create an ALB with ip address type (idempotence) - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ip_address_type: 'dualstack' - register: alb - check_mode: yes - - - assert: - that: - - alb is not changed - - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') - - - name: Create an ALB with ip address type (idempotence) - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ip_address_type: 'dualstack' - register: alb - - - assert: - that: - - alb is not changed - - alb.ip_address_type == 'dualstack' - - alb.routing_http2_enabled | bool - - alb.routing_http_desync_mitigation_mode == 'defensive' - - not alb.routing_http_drop_invalid_header_fields_enabled | bool - - not alb.routing_http_x_amzn_tls_version_and_cipher_suite_enabled | bool - - not alb.routing_http_xff_client_port_enabled | bool - - not alb.waf_fail_open_enabled | bool + - name: Update an ALB with ip address type - check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + ip_address_type: dualstack + register: alb + check_mode: yes + - assert: + that: + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') + + - name: Update an ALB with ip address type + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + ip_address_type: dualstack + register: alb + - assert: + that: + - alb is changed + - alb.ip_address_type == 'dualstack' + - alb.listeners[0].rules | length == 1 + - alb.routing_http2_enabled | bool + - alb.routing_http_desync_mitigation_mode == 'defensive' + - not alb.routing_http_drop_invalid_header_fields_enabled | bool + - not alb.routing_http_x_amzn_tls_version_and_cipher_suite_enabled | bool + - not alb.routing_http_xff_client_port_enabled | bool + - not alb.waf_fail_open_enabled | bool + + - name: Create an ALB with ip address type (idempotence) - check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + ip_address_type: dualstack + register: alb + check_mode: yes + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Create an ALB with ip address type (idempotence) + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + ip_address_type: dualstack + register: alb + - assert: + that: + - alb is not changed + - alb.ip_address_type == 'dualstack' + - alb.routing_http2_enabled | bool + - alb.routing_http_desync_mitigation_mode == 'defensive' + - not alb.routing_http_drop_invalid_header_fields_enabled | bool + - not alb.routing_http_x_amzn_tls_version_and_cipher_suite_enabled | bool + - not alb.routing_http_xff_client_port_enabled | bool + - not alb.waf_fail_open_enabled | bool # ------------------------------------------------------------------------------------------ - - name: Update an ALB with different attributes - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ip_address_type: 'dualstack' - http2: no - http_desync_mitigation_mode: monitor - http_drop_invalid_header_fields: yes - http_x_amzn_tls_version_and_cipher_suite: yes - http_xff_client_port: yes - waf_fail_open: yes - register: alb - check_mode: yes - - - assert: - that: - - alb is changed - - alb.msg is match('Would have updated ALB if not in check mode.') - - - name: Update an ALB with different attributes - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ip_address_type: 'dualstack' - http2: no - http_desync_mitigation_mode: monitor - http_drop_invalid_header_fields: yes - http_x_amzn_tls_version_and_cipher_suite: yes - http_xff_client_port: yes - waf_fail_open: yes - register: alb - - - assert: - that: - - alb is changed - - alb.ip_address_type == 'dualstack' - - not alb.routing_http2_enabled | bool - - alb.routing_http_desync_mitigation_mode == 'monitor' - - alb.routing_http_drop_invalid_header_fields_enabled | bool - - alb.routing_http_x_amzn_tls_version_and_cipher_suite_enabled | bool - - alb.routing_http_xff_client_port_enabled | bool - - alb.waf_fail_open_enabled | bool - - - name: Update an ALB with different attributes (idempotence) - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ip_address_type: 'dualstack' - http2: no - http_desync_mitigation_mode: monitor - http_drop_invalid_header_fields: yes - http_x_amzn_tls_version_and_cipher_suite: yes - http_xff_client_port: yes - waf_fail_open: yes - register: alb - check_mode: yes - - - assert: - that: - - alb is not changed - - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') - - - name: Update an ALB with different attributes (idempotence) - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ip_address_type: 'dualstack' - http2: no - http_desync_mitigation_mode: monitor - http_drop_invalid_header_fields: yes - http_x_amzn_tls_version_and_cipher_suite: yes - http_xff_client_port: yes - waf_fail_open: yes - register: alb - - - assert: - that: - - alb is not changed - - alb.ip_address_type == 'dualstack' - - not alb.routing_http2_enabled | bool - - alb.routing_http_desync_mitigation_mode == 'monitor' - - alb.routing_http_drop_invalid_header_fields_enabled | bool - - alb.routing_http_x_amzn_tls_version_and_cipher_suite_enabled | bool - - alb.routing_http_xff_client_port_enabled | bool - - alb.waf_fail_open_enabled | bool + - name: Update an ALB with different attributes - check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + ip_address_type: dualstack + http2: no + http_desync_mitigation_mode: monitor + http_drop_invalid_header_fields: yes + http_x_amzn_tls_version_and_cipher_suite: yes + http_xff_client_port: yes + waf_fail_open: yes + register: alb + check_mode: yes + - assert: + that: + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') + + - name: Update an ALB with different attributes + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + ip_address_type: dualstack + http2: no + http_desync_mitigation_mode: monitor + http_drop_invalid_header_fields: yes + http_x_amzn_tls_version_and_cipher_suite: yes + http_xff_client_port: yes + waf_fail_open: yes + register: alb + - assert: + that: + - alb is changed + - alb.ip_address_type == 'dualstack' + - not alb.routing_http2_enabled | bool + - alb.routing_http_desync_mitigation_mode == 'monitor' + - alb.routing_http_drop_invalid_header_fields_enabled | bool + - alb.routing_http_x_amzn_tls_version_and_cipher_suite_enabled | bool + - alb.routing_http_xff_client_port_enabled | bool + - alb.waf_fail_open_enabled | bool + + - name: Update an ALB with different attributes (idempotence) - check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + ip_address_type: dualstack + http2: no + http_desync_mitigation_mode: monitor + http_drop_invalid_header_fields: yes + http_x_amzn_tls_version_and_cipher_suite: yes + http_xff_client_port: yes + waf_fail_open: yes + register: alb + check_mode: yes + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Update an ALB with different attributes (idempotence) + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + ip_address_type: dualstack + http2: no + http_desync_mitigation_mode: monitor + http_drop_invalid_header_fields: yes + http_x_amzn_tls_version_and_cipher_suite: yes + http_xff_client_port: yes + waf_fail_open: yes + register: alb + - assert: + that: + - alb is not changed + - alb.ip_address_type == 'dualstack' + - not alb.routing_http2_enabled | bool + - alb.routing_http_desync_mitigation_mode == 'monitor' + - alb.routing_http_drop_invalid_header_fields_enabled | bool + - alb.routing_http_x_amzn_tls_version_and_cipher_suite_enabled | bool + - alb.routing_http_xff_client_port_enabled | bool + - alb.waf_fail_open_enabled | bool # ------------------------------------------------------------------------------------------ - - name: Update an ALB with different ip address type - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ip_address_type: 'ipv4' - http2: no - http_desync_mitigation_mode: monitor - http_drop_invalid_header_fields: yes - http_x_amzn_tls_version_and_cipher_suite: yes - http_xff_client_port: yes - waf_fail_open: yes - register: alb - check_mode: yes - - - assert: - that: - - alb is changed - - alb.msg is match('Would have updated ALB if not in check mode.') - - - name: Update an ALB with different ip address type - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ip_address_type: 'ipv4' - http2: no - http_desync_mitigation_mode: monitor - http_drop_invalid_header_fields: yes - http_x_amzn_tls_version_and_cipher_suite: yes - http_xff_client_port: yes - waf_fail_open: yes - register: alb - - - assert: - that: - - alb is changed - - alb.ip_address_type == 'ipv4' - - not alb.routing_http2_enabled | bool - - alb.routing_http_desync_mitigation_mode == 'monitor' - - alb.routing_http_drop_invalid_header_fields_enabled | bool - - alb.routing_http_x_amzn_tls_version_and_cipher_suite_enabled | bool - - alb.routing_http_xff_client_port_enabled | bool - - alb.waf_fail_open_enabled | bool - - - name: Update an ALB with different ip address type (idempotence) - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ip_address_type: 'ipv4' - http2: no - http_desync_mitigation_mode: monitor - http_drop_invalid_header_fields: yes - http_x_amzn_tls_version_and_cipher_suite: yes - http_xff_client_port: yes - waf_fail_open: yes - register: alb - check_mode: yes - - - assert: - that: - - alb is not changed - - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') - - - name: Update an ALB with different ip address type (idempotence) - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ip_address_type: 'ipv4' - http2: no - http_desync_mitigation_mode: monitor - http_drop_invalid_header_fields: yes - http_x_amzn_tls_version_and_cipher_suite: yes - http_xff_client_port: yes - waf_fail_open: yes - register: alb - - - assert: - that: - - alb is not changed - - alb.ip_address_type == 'ipv4' - - not alb.routing_http2_enabled | bool - - alb.routing_http_desync_mitigation_mode == 'monitor' - - alb.routing_http_drop_invalid_header_fields_enabled | bool - - alb.routing_http_x_amzn_tls_version_and_cipher_suite_enabled | bool - - alb.routing_http_xff_client_port_enabled | bool - - alb.waf_fail_open_enabled | bool + - name: Update an ALB with different ip address type - check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + ip_address_type: ipv4 + http2: no + http_desync_mitigation_mode: monitor + http_drop_invalid_header_fields: yes + http_x_amzn_tls_version_and_cipher_suite: yes + http_xff_client_port: yes + waf_fail_open: yes + register: alb + check_mode: yes + - assert: + that: + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') + + - name: Update an ALB with different ip address type + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + ip_address_type: ipv4 + http2: no + http_desync_mitigation_mode: monitor + http_drop_invalid_header_fields: yes + http_x_amzn_tls_version_and_cipher_suite: yes + http_xff_client_port: yes + waf_fail_open: yes + register: alb + - assert: + that: + - alb is changed + - alb.ip_address_type == 'ipv4' + - not alb.routing_http2_enabled | bool + - alb.routing_http_desync_mitigation_mode == 'monitor' + - alb.routing_http_drop_invalid_header_fields_enabled | bool + - alb.routing_http_x_amzn_tls_version_and_cipher_suite_enabled | bool + - alb.routing_http_xff_client_port_enabled | bool + - alb.waf_fail_open_enabled | bool + + - name: Update an ALB with different ip address type (idempotence) - check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + ip_address_type: ipv4 + http2: no + http_desync_mitigation_mode: monitor + http_drop_invalid_header_fields: yes + http_x_amzn_tls_version_and_cipher_suite: yes + http_xff_client_port: yes + waf_fail_open: yes + register: alb + check_mode: yes + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Update an ALB with different ip address type (idempotence) + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + ip_address_type: ipv4 + http2: no + http_desync_mitigation_mode: monitor + http_drop_invalid_header_fields: yes + http_x_amzn_tls_version_and_cipher_suite: yes + http_xff_client_port: yes + waf_fail_open: yes + register: alb + - assert: + that: + - alb is not changed + - alb.ip_address_type == 'ipv4' + - not alb.routing_http2_enabled | bool + - alb.routing_http_desync_mitigation_mode == 'monitor' + - alb.routing_http_drop_invalid_header_fields_enabled | bool + - alb.routing_http_x_amzn_tls_version_and_cipher_suite_enabled | bool + - alb.routing_http_xff_client_port_enabled | bool + - alb.waf_fail_open_enabled | bool # ------------------------------------------------------------------------------------------ - - name: Update an ALB with different listener by adding rule - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: - - Conditions: - - Field: path-pattern - Values: - - '/test' - Priority: '1' - Actions: - - TargetGroupName: "{{ tg_name }}" - Type: forward - register: alb - check_mode: yes - - - assert: - that: - - alb is changed - - alb.msg is match('Would have updated ALB if not in check mode.') - - - name: Update an ALB with different listener by adding rule - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: - - Conditions: - - Field: path-pattern - Values: - - '/test' - Priority: '1' - Actions: - - TargetGroupName: "{{ tg_name }}" - Type: forward - register: alb - - - assert: - that: - - alb is changed - - alb.listeners[0].rules | length == 2 - - "'1' in {{ alb.listeners[0].rules | map(attribute='priority') }}" - - - name: Update an ALB with different listener by adding rule (idempotence) - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: - - Conditions: - - Field: path-pattern - Values: - - '/test' - Priority: '1' - Actions: - - TargetGroupName: "{{ tg_name }}" - Type: forward - register: alb - check_mode: yes - - - assert: - that: - - alb is not changed - - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') - - - name: Update an ALB with different listener by adding rule (idempotence) - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: - - Conditions: - - Field: path-pattern - Values: - - '/test' - Priority: '1' - Actions: - - TargetGroupName: "{{ tg_name }}" - Type: forward - register: alb - - - assert: - that: - - alb is not changed - - alb.listeners[0].rules | length == 2 - - "'1' in {{ alb.listeners[0].rules | map(attribute='priority') }}" + - name: Update an ALB with different listener by adding rule - check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + Rules: + - Conditions: + - Field: path-pattern + Values: + - /test + Priority: '1' + Actions: + - TargetGroupName: '{{ tg_name }}' + Type: forward + register: alb + check_mode: yes + - assert: + that: + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') + + - name: Update an ALB with different listener by adding rule + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + Rules: + - Conditions: + - Field: path-pattern + Values: + - /test + Priority: '1' + Actions: + - TargetGroupName: '{{ tg_name }}' + Type: forward + register: alb + - assert: + that: + - alb is changed + - alb.listeners[0].rules | length == 2 + - "'1' in {{ alb.listeners[0].rules | map(attribute='priority') }}" + + - name: Update an ALB with different listener by adding rule (idempotence) - check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + Rules: + - Conditions: + - Field: path-pattern + Values: + - /test + Priority: '1' + Actions: + - TargetGroupName: '{{ tg_name }}' + Type: forward + register: alb + check_mode: yes + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Update an ALB with different listener by adding rule (idempotence) + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + Rules: + - Conditions: + - Field: path-pattern + Values: + - /test + Priority: '1' + Actions: + - TargetGroupName: '{{ tg_name }}' + Type: forward + register: alb + - assert: + that: + - alb is not changed + - alb.listeners[0].rules | length == 2 + - "'1' in {{ alb.listeners[0].rules | map(attribute='priority') }}" # ------------------------------------------------------------------------------------------ - - name: Update an ALB with different listener by modifying rule - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: - - Conditions: - - Field: path-pattern - Values: - - '/test' - Priority: '2' - Actions: - - TargetGroupName: "{{ tg_name }}" - Type: forward - register: alb - check_mode: yes - - - assert: - that: - - alb is changed - - alb.msg is match('Would have updated ALB if not in check mode.') - - - name: Update an ALB with different listener by modifying rule - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: - - Conditions: - - Field: path-pattern - Values: - - '/test' - Priority: '2' - Actions: - - TargetGroupName: "{{ tg_name }}" - Type: forward - register: alb - - - assert: - that: - - alb is changed - - alb.listeners[0].rules | length == 2 - - "'2' in {{ alb.listeners[0].rules | map(attribute='priority') }}" - - - name: Update an ALB with different listener by modifying rule (idempotence) - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: - - Conditions: - - Field: path-pattern - Values: - - '/test' - Priority: '2' - Actions: - - TargetGroupName: "{{ tg_name }}" - Type: forward - register: alb - check_mode: yes - - - assert: - that: - - alb is not changed - - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') - - - name: Update an ALB with different listener by modifying rule (idempotence) - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: - - Conditions: - - Field: path-pattern - Values: - - '/test' - Priority: '2' - Actions: - - TargetGroupName: "{{ tg_name }}" - Type: forward - register: alb - - - assert: - that: - - alb is not changed - - alb.listeners[0].rules | length == 2 - - "'2' in {{ alb.listeners[0].rules | map(attribute='priority') }}" + - name: Update an ALB with different listener by modifying rule - check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + Rules: + - Conditions: + - Field: path-pattern + Values: + - /test + Priority: '2' + Actions: + - TargetGroupName: '{{ tg_name }}' + Type: forward + register: alb + check_mode: yes + - assert: + that: + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') + + - name: Update an ALB with different listener by modifying rule + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + Rules: + - Conditions: + - Field: path-pattern + Values: + - /test + Priority: '2' + Actions: + - TargetGroupName: '{{ tg_name }}' + Type: forward + register: alb + - assert: + that: + - alb is changed + - alb.listeners[0].rules | length == 2 + - "'2' in {{ alb.listeners[0].rules | map(attribute='priority') }}" + + - name: Update an ALB with different listener by modifying rule (idempotence) - + check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + Rules: + - Conditions: + - Field: path-pattern + Values: + - /test + Priority: '2' + Actions: + - TargetGroupName: '{{ tg_name }}' + Type: forward + register: alb + check_mode: yes + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Update an ALB with different listener by modifying rule (idempotence) + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + Rules: + - Conditions: + - Field: path-pattern + Values: + - /test + Priority: '2' + Actions: + - TargetGroupName: '{{ tg_name }}' + Type: forward + register: alb + - assert: + that: + - alb is not changed + - alb.listeners[0].rules | length == 2 + - "'2' in {{ alb.listeners[0].rules | map(attribute='priority') }}" # ------------------------------------------------------------------------------------------ - - name: Update an ALB with different listener by deleting rule - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: [] - register: alb - check_mode: yes - - - assert: - that: - - alb is changed - - alb.msg is match('Would have updated ALB if not in check mode.') - - - name: Update an ALB with different listener by deleting rule - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: [] - register: alb - - - assert: - that: - - alb is changed - - alb.listeners[0].rules | length == 1 - - "'2' not in {{ alb.listeners[0].rules | map(attribute='priority') }}" - - - name: Update an ALB with different listener by deleting rule (idempotence) - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: [] - register: alb - check_mode: yes - - - assert: - that: - - alb is not changed - - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') - - - name: Update an ALB with different listener by deleting rule (idempotence) - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: [] - register: alb - - - assert: - that: - - alb is not changed - - alb.listeners[0].rules | length == 1 - - "'2' not in {{ alb.listeners[0].rules | map(attribute='priority') }}" + - name: Update an ALB with different listener by deleting rule - check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + Rules: [] + register: alb + check_mode: yes + - assert: + that: + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') + + - name: Update an ALB with different listener by deleting rule + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + Rules: [] + register: alb + - assert: + that: + - alb is changed + - alb.listeners[0].rules | length == 1 + - "'2' not in {{ alb.listeners[0].rules | map(attribute='priority') }}" + + - name: Update an ALB with different listener by deleting rule (idempotence) - check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + Rules: [] + register: alb + check_mode: yes + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Update an ALB with different listener by deleting rule (idempotence) + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: '{{ tg_name }}' + Rules: [] + register: alb + - assert: + that: + - alb is not changed + - alb.listeners[0].rules | length == 1 + - "'2' not in {{ alb.listeners[0].rules | map(attribute='priority') }}" # ------------------------------------------------------------------------------------------ - - name: Update an ALB by deleting listener - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: [] - register: alb - check_mode: yes - - - assert: - that: - - alb is changed - - alb.msg is match('Would have updated ALB if not in check mode.') - - - name: Update an ALB by deleting listener - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: [] - register: alb - - - assert: - that: - - alb is changed - - not alb.listeners - - - name: Update an ALB by deleting listener (idempotence) - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: [] - register: alb - check_mode: yes - - - assert: - that: - - alb is not changed - - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') - - - name: Update an ALB by deleting listener (idempotence) - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: [] - register: alb - - - assert: - that: - - alb is not changed - - not alb.listeners + - name: Update an ALB by deleting listener - check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: [] + register: alb + check_mode: yes + - assert: + that: + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') + + - name: Update an ALB by deleting listener + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: [] + register: alb + - assert: + that: + - alb is changed + - not alb.listeners + + - name: Update an ALB by deleting listener (idempotence) - check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: [] + register: alb + check_mode: yes + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Update an ALB by deleting listener (idempotence) + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + listeners: [] + register: alb + - assert: + that: + - alb is not changed + - not alb.listeners # ------------------------------------------------------------------------------------------ - - name: Update an ALB by adding tags - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - tags: - created_by: "ALB test {{ resource_prefix }}" - register: alb - check_mode: yes - - - assert: - that: - - alb is changed - - alb.msg is match('Would have updated ALB if not in check mode.') - - - name: Update an ALB by adding tags - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - tags: - created_by: "ALB test {{ resource_prefix }}" - register: alb - - - assert: - that: - - alb is changed - - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}"}' - - - name: Update an ALB by adding tags (idempotence) - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - tags: - created_by: "ALB test {{ resource_prefix }}" - register: alb - check_mode: yes - - - assert: - that: - - alb is not changed - - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') - - - name: Update an ALB by adding tags (idempotence) - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - tags: - created_by: "ALB test {{ resource_prefix }}" - register: alb - - - assert: - that: - - alb is not changed - - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}"}' + - name: Update an ALB by adding tags - check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + tags: + created_by: ALB test {{ resource_prefix }} + register: alb + check_mode: yes + - assert: + that: + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') + + - name: Update an ALB by adding tags + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + tags: + created_by: ALB test {{ resource_prefix }} + register: alb + - assert: + that: + - alb is changed + - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}"}' + + - name: Update an ALB by adding tags (idempotence) - check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + tags: + created_by: ALB test {{ resource_prefix }} + register: alb + check_mode: yes + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Update an ALB by adding tags (idempotence) + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + tags: + created_by: ALB test {{ resource_prefix }} + register: alb + - assert: + that: + - alb is not changed + - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}"}' # ------------------------------------------------------------------------------------------ - - name: Update an ALB by modifying tags - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - tags: - created_by: "ALB test {{ resource_prefix }}-2" - register: alb - check_mode: yes - - - assert: - that: - - alb is changed - - alb.msg is match('Would have updated ALB if not in check mode.') - - - name: Update an ALB by modifying tags - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - tags: - created_by: "ALB test {{ resource_prefix }}-2" - register: alb - - - assert: - that: - - alb is changed - - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}-2"}' - - - name: Update an ALB by modifying tags (idempotence) - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - tags: - created_by: "ALB test {{ resource_prefix }}-2" - register: alb - check_mode: yes - - - assert: - that: - - alb is not changed - - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') - - - name: Update an ALB by modifying tags (idempotence) - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - tags: - created_by: "ALB test {{ resource_prefix }}-2" - register: alb - - - assert: - that: - - alb is not changed - - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}-2"}' + - name: Update an ALB by modifying tags - check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + tags: + created_by: ALB test {{ resource_prefix }}-2 + register: alb + check_mode: yes + - assert: + that: + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') + + - name: Update an ALB by modifying tags + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + tags: + created_by: ALB test {{ resource_prefix }}-2 + register: alb + - assert: + that: + - alb is changed + - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}-2"}' + + - name: Update an ALB by modifying tags (idempotence) - check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + tags: + created_by: ALB test {{ resource_prefix }}-2 + register: alb + check_mode: yes + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Update an ALB by modifying tags (idempotence) + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + tags: + created_by: ALB test {{ resource_prefix }}-2 + register: alb + - assert: + that: + - alb is not changed + - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}-2"}' # ------------------------------------------------------------------------------------------ - - name: Update an ALB by removing tags - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - tags: {} - register: alb - check_mode: yes - - - assert: - that: - - alb is changed - - alb.msg is match('Would have updated ALB if not in check mode.') - - - name: Update an ALB by removing tags - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - tags: {} - register: alb - - - assert: - that: - - alb is changed - - not alb.tags - - - name: Update an ALB by removing tags (idempotence) - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - tags: {} - register: alb - check_mode: yes - - - assert: - that: - - alb is not changed - - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') - - - name: Update an ALB by removing tags (idempotence) - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - tags: {} - register: alb - - - assert: - that: - - alb is not changed - - not alb.tags + - name: Update an ALB by removing tags - check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + tags: {} + register: alb + check_mode: yes + - assert: + that: + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') + + - name: Update an ALB by removing tags + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + tags: {} + register: alb + - assert: + that: + - alb is changed + - not alb.tags + + - name: Update an ALB by removing tags (idempotence) - check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + tags: {} + register: alb + check_mode: yes + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Update an ALB by removing tags (idempotence) + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group.group_id }}' + state: present + tags: {} + register: alb + - assert: + that: + - alb is not changed + - not alb.tags # ------------------------------------------------------------------------------------------ - - name: Update an ALB by changing security group - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group2.group_id }}" - state: present - register: alb - check_mode: yes - - - assert: - that: - - alb is changed - - alb.msg is match('Would have updated ALB if not in check mode.') - - - name: Update an ALB by changing security group - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group2.group_id }}" - state: present - register: alb - - - assert: - that: - - alb is changed - - alb.security_groups[0] == sec_group2.group_id - - - name: Update an ALB by changing security group (idempotence) - check_mode - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group2.group_id }}" - state: present - register: alb - check_mode: yes - - - assert: - that: - - alb is not changed - - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') - - - name: Update an ALB by changing security group (idempotence) - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group2.group_id }}" - state: present - register: alb - - - assert: - that: - - alb is not changed - - alb.security_groups[0] == sec_group2.group_id + - name: Update an ALB by changing security group - check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group2.group_id }}' + state: present + register: alb + check_mode: yes + - assert: + that: + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') + + - name: Update an ALB by changing security group + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group2.group_id }}' + state: present + register: alb + - assert: + that: + - alb is changed + - alb.security_groups[0] == sec_group2.group_id + + - name: Update an ALB by changing security group (idempotence) - check_mode + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group2.group_id }}' + state: present + register: alb + check_mode: yes + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') + + - name: Update an ALB by changing security group (idempotence) + elb_application_lb: + name: '{{ alb_name }}' + subnets: '{{ public_subnets }}' + security_groups: '{{ sec_group2.group_id }}' + state: present + register: alb + - assert: + that: + - alb is not changed + - alb.security_groups[0] == sec_group2.group_id # ------------------------------------------------------------------------------------------ - - name: Ensure elb_application_lb_info supports check_mode - elb_application_lb_info: - register: alb_info - check_mode: yes - - - assert: - that: - - alb_info.load_balancers | length > 0 - - - name: Get ALB application info using no args - elb_application_lb_info: - register: alb_info - - - assert: - that: - - alb_info.load_balancers | length > 0 - - - name: Get ALB application info using load balancer arn - elb_application_lb_info: - load_balancer_arns: - - "{{ alb.load_balancer_arn }}" - register: alb_info - - - assert: - that: - - alb_info.load_balancers[0].security_groups[0] == sec_group2.group_id - - - name: Get ALB application info using load balancer name - elb_application_lb_info: - names: - - "{{ alb.load_balancer_name }}" - register: alb_info - - - assert: - that: - - alb_info.load_balancers[0].security_groups[0] == sec_group2.group_id + - name: Ensure elb_application_lb_info supports check_mode + elb_application_lb_info: + register: alb_info + check_mode: yes + - assert: + that: + - alb_info.load_balancers | length > 0 + + - name: Get ALB application info using no args + elb_application_lb_info: + register: alb_info + - assert: + that: + - alb_info.load_balancers | length > 0 + + - name: Get ALB application info using load balancer arn + elb_application_lb_info: + load_balancer_arns: + - '{{ alb.load_balancer_arn }}' + register: alb_info + - assert: + that: + - alb_info.load_balancers[0].security_groups[0] == sec_group2.group_id + + - name: Get ALB application info using load balancer name + elb_application_lb_info: + names: + - '{{ alb.load_balancer_name }}' + register: alb_info + - assert: + that: + - alb_info.load_balancers[0].security_groups[0] == sec_group2.group_id # ------------------------------------------------------------------------------------------ - - name: Delete an ALB - check_mode - elb_application_lb: - name: "{{ alb_name }}" - state: absent - register: alb - check_mode: yes - - - assert: - that: - - alb is changed - - alb.msg is match('Would have deleted ALB if not in check mode.') - - - name: Delete an ALB - elb_application_lb: - name: "{{ alb_name }}" - state: absent - register: alb - - - assert: - that: - - alb is changed - - - name: Delete an ALB (idempotence) - check_mode - elb_application_lb: - name: "{{ alb_name }}" - state: absent - register: alb - check_mode: yes - - - assert: - that: - - alb is not changed - - alb.msg is match('IN CHECK MODE - ALB already absent.') - - - name: Delete an ALB (idempotence) - elb_application_lb: - name: "{{ alb_name }}" - state: absent - register: alb - - - assert: - that: - - alb is not changed + - name: Delete an ALB - check_mode + elb_application_lb: + name: '{{ alb_name }}' + state: absent + register: alb + check_mode: yes + - assert: + that: + - alb is changed + - alb.msg is match('Would have deleted ALB if not in check mode.') + + - name: Delete an ALB + elb_application_lb: + name: '{{ alb_name }}' + state: absent + register: alb + - assert: + that: + - alb is changed + + - name: Delete an ALB (idempotence) - check_mode + elb_application_lb: + name: '{{ alb_name }}' + state: absent + register: alb + check_mode: yes + - assert: + that: + - alb is not changed + - alb.msg is match('IN CHECK MODE - ALB already absent.') + + - name: Delete an ALB (idempotence) + elb_application_lb: + name: '{{ alb_name }}' + state: absent + register: alb + - assert: + that: + - alb is not changed # ----- Cleanup ------------------------------------------------------------------------------ always: - - name: Destroy ALB - elb_application_lb: - name: '{{ alb_name }}' - state: absent - wait: true - wait_timeout: 600 - ignore_errors: true - - - name: Destroy target group if it was created - elb_target_group: - name: '{{ tg_name }}' - protocol: http - port: 80 - vpc_id: '{{ vpc_id }}' - state: absent - wait: true - wait_timeout: 600 - register: remove_tg - retries: 5 - delay: 3 - until: remove_tg is success - when: tg is defined - ignore_errors: true - - - name: Destroy sec groups - ec2_group: - name: "{{ item }}" - description: security group for Ansible ALB integration tests - state: absent - vpc_id: '{{ vpc_id }}' - register: remove_sg - retries: 10 - delay: 5 - until: remove_sg is success - ignore_errors: true - with_items: - - "{{ resource_prefix }}" - - "{{ resource_prefix }}-2" - - - name: Destroy route table - ec2_vpc_route_table: - vpc_id: '{{ vpc_id }}' - route_table_id: '{{ route_table.route_table.route_table_id }}' - lookup: id - state: absent - register: remove_rt - retries: 10 - delay: 5 - until: remove_rt is success - ignore_errors: true - - - name: Destroy subnets - ec2_vpc_subnet: - cidr: "{{ item }}" - vpc_id: "{{ vpc_id }}" - state: absent - register: remove_subnet - retries: 10 - delay: 5 - until: remove_subnet is success - with_items: - - "{{ private_subnet_cidr_1 }}" - - "{{ private_subnet_cidr_2 }}" - - "{{ public_subnet_cidr_1 }}" - - "{{ public_subnet_cidr_2 }}" - ignore_errors: true - - - name: Destroy internet gateway - ec2_vpc_igw: - vpc_id: '{{ vpc_id }}' - tags: - Name: '{{ resource_prefix }}' - state: absent - register: remove_igw - retries: 10 - delay: 5 - until: remove_igw is success - ignore_errors: true - - - name: Destroy VPC - ec2_vpc_net: - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}_vpc" - state: absent - register: remove_vpc - retries: 10 - delay: 5 - until: remove_vpc is success - ignore_errors: true + - name: Destroy ALB + elb_application_lb: + name: '{{ alb_name }}' + state: absent + wait: true + wait_timeout: 600 + ignore_errors: true + - name: Destroy target group if it was created + elb_target_group: + name: '{{ tg_name }}' + protocol: http + port: 80 + vpc_id: '{{ vpc_id }}' + state: absent + wait: true + wait_timeout: 600 + register: remove_tg + retries: 5 + delay: 3 + until: remove_tg is success + when: tg is defined + ignore_errors: true + - name: Destroy sec groups + ec2_group: + name: '{{ item }}' + description: security group for Ansible ALB integration tests + state: absent + vpc_id: '{{ vpc_id }}' + register: remove_sg + retries: 10 + delay: 5 + until: remove_sg is success + ignore_errors: true + with_items: + - '{{ resource_prefix }}' + - '{{ resource_prefix }}-2' + + - name: Destroy route table + ec2_vpc_route_table: + vpc_id: '{{ vpc_id }}' + route_table_id: '{{ route_table.route_table.route_table_id }}' + lookup: id + state: absent + register: remove_rt + retries: 10 + delay: 5 + until: remove_rt is success + ignore_errors: true + - name: Destroy subnets + ec2_vpc_subnet: + cidr: '{{ item }}' + vpc_id: '{{ vpc_id }}' + state: absent + register: remove_subnet + retries: 10 + delay: 5 + until: remove_subnet is success + with_items: + - '{{ private_subnet_cidr_1 }}' + - '{{ private_subnet_cidr_2 }}' + - '{{ public_subnet_cidr_1 }}' + - '{{ public_subnet_cidr_2 }}' + ignore_errors: true + - name: Destroy internet gateway + ec2_vpc_igw: + vpc_id: '{{ vpc_id }}' + tags: + Name: '{{ resource_prefix }}' + state: absent + register: remove_igw + retries: 10 + delay: 5 + until: remove_igw is success + ignore_errors: true + - name: Destroy VPC + ec2_vpc_net: + cidr_block: '{{ vpc_cidr }}' + name: '{{ resource_prefix }}_vpc' + state: absent + register: remove_vpc + retries: 10 + delay: 5 + until: remove_vpc is success + ignore_errors: true From 7f8407c11b549228ec1452a95470fca390128599 Mon Sep 17 00:00:00 2001 From: GomathiselviS Date: Tue, 20 Sep 2022 15:27:24 -0400 Subject: [PATCH 51/52] Add changelog fragment --- changelogs/fragments/migrate_elb_application_lb.yml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 changelogs/fragments/migrate_elb_application_lb.yml diff --git a/changelogs/fragments/migrate_elb_application_lb.yml b/changelogs/fragments/migrate_elb_application_lb.yml new file mode 100644 index 00000000000..2f0294d8786 --- /dev/null +++ b/changelogs/fragments/migrate_elb_application_lb.yml @@ -0,0 +1,7 @@ +major_changes: +- elb_application_lb - The module has been migrated from the ``community.aws`` collection. + Playbooks using the Fully Qualified Collection Name for this module should be updated + to use ``amazon.aws.elb_application_lb``. +- elb_application_lb_info - The module has been migrated from the ``community.aws`` + collection. Playbooks using the Fully Qualified Collection Name for this module + should be updated to use ``amazon.aws.elb_application_lb_info``. From cf3986d3e1f76ce3178ce39409b564daeac1a642 Mon Sep 17 00:00:00 2001 From: GomathiselviS Date: Wed, 21 Sep 2022 09:40:24 -0400 Subject: [PATCH 52/52] deleted tests/integration/targets/elb_application_lb/meta/main.yml --- tests/integration/targets/elb_application_lb/meta/main.yml | 1 - 1 file changed, 1 deletion(-) delete mode 100644 tests/integration/targets/elb_application_lb/meta/main.yml diff --git a/tests/integration/targets/elb_application_lb/meta/main.yml b/tests/integration/targets/elb_application_lb/meta/main.yml deleted file mode 100644 index 32cf5dda7ed..00000000000 --- a/tests/integration/targets/elb_application_lb/meta/main.yml +++ /dev/null @@ -1 +0,0 @@ -dependencies: []