Skip to content

Commit

Permalink
Add deregistration_connection_termination to elb_target_group (#913)
Browse files Browse the repository at this point in the history
Add deregistration_connection_termination to elb_target_group

SUMMARY
Adding support for the deregistration_connection_termination param in the elb_target_group module.
Along with this I've enabled and fixed up the integration tests.
ISSUE TYPE

Feature Pull Request

COMPONENT NAME
elb_target_group
ADDITIONAL INFORMATION
The API param is deregistration_delay.connection_termination.enabled
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/elbv2.html#ElasticLoadBalancingv2.Client.describe_target_group_attributes

Reviewed-by: Mark Woolley <mw@marknet15.com>
Reviewed-by: Markus Bergholz <git@osuv.de>
Reviewed-by: Alina Buzachis <None>
marknet15 authored Feb 4, 2022

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent ca1d33f commit 55962ff
Showing 8 changed files with 128 additions and 165 deletions.
2 changes: 2 additions & 0 deletions changelogs/fragments/913-tg-dereg-conn-param.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
minor_changes:
- elb_target_group - add support for parameter ``deregistration_connection_termination`` (https://github.com/ansible-collections/community.aws/pull/913).
22 changes: 21 additions & 1 deletion plugins/modules/elb_target_group.py
Original file line number Diff line number Diff line change
@@ -22,6 +22,13 @@
- The amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused.
The range is 0-3600 seconds.
type: int
deregistration_connection_termination:
description:
- Indicates whether the load balancer terminates connections at the end of the deregistration timeout.
type: bool
default: false
required: false
version_added: 3.1.0
health_check_protocol:
description:
- The protocol the load balancer uses when performing health checks on targets.
@@ -305,6 +312,11 @@
returned: when state present
type: int
sample: 300
deregistration_connection_termination:
description: Indicates whether the load balancer terminates connections at the end of the deregistration timeout.
returned: when state present
type: bool
sample: True
health_check_interval_seconds:
description: The approximate amount of time, in seconds, between health checks of an individual target.
returned: when state present
@@ -425,7 +437,7 @@ def get_tg_attributes(connection, module, tg_arn):
except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e:
module.fail_json_aws(e, msg="Couldn't get target group attributes")

# Replace '.' with '_' in attribute key names to make it more Ansibley
# Replace '.' with '_' in attribute key names to make it more Ansible friendly
return dict((k.replace('.', '_'), v) for k, v in tg_attributes.items())


@@ -486,6 +498,7 @@ def create_or_update_target_group(connection, module):
tags = module.params.get("tags")
purge_tags = module.params.get("purge_tags")
deregistration_delay_timeout = module.params.get("deregistration_delay_timeout")
deregistration_connection_termination = module.params.get("deregistration_connection_termination")
stickiness_enabled = module.params.get("stickiness_enabled")
stickiness_lb_cookie_duration = module.params.get("stickiness_lb_cookie_duration")
stickiness_type = module.params.get("stickiness_type")
@@ -767,6 +780,9 @@ def create_or_update_target_group(connection, module):
if deregistration_delay_timeout is not None:
if str(deregistration_delay_timeout) != current_tg_attributes['deregistration_delay_timeout_seconds']:
update_attributes.append({'Key': 'deregistration_delay.timeout_seconds', 'Value': str(deregistration_delay_timeout)})
if deregistration_connection_termination is not None:
if deregistration_connection_termination and current_tg_attributes.get('deregistration_delay_connection_termination_enabled') != "true":
update_attributes.append({'Key': 'deregistration_delay.connection_termination.enabled', 'Value': 'true'})
if stickiness_enabled is not None:
if stickiness_enabled and current_tg_attributes['stickiness_enabled'] != "true":
update_attributes.append({'Key': 'stickiness.enabled', 'Value': 'true'})
@@ -855,6 +871,7 @@ def main():
'HTTPS', 'TCP', 'TLS', 'UDP', 'TCP_UDP']
argument_spec = dict(
deregistration_delay_timeout=dict(type='int'),
deregistration_connection_termination=dict(type='bool', default=False),
health_check_protocol=dict(choices=protocols_list),
health_check_port=dict(),
health_check_path=dict(),
@@ -897,6 +914,9 @@ def main():
connection = module.client('elbv2', retry_decorator=AWSRetry.jittered_backoff(retries=10))

if module.params.get('state') == 'present':
if module.params.get('protocol') in ['http', 'https', 'HTTP', 'HTTPS'] and module.params.get('deregistration_connection_termination', None):
module.fail_json(msg="A target group with HTTP/S protocol does not support setting deregistration_connection_termination")

create_or_update_target_group(connection, module)
else:
delete_target_group(connection, module)
4 changes: 1 addition & 3 deletions tests/integration/targets/elb_target/aliases
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
cloud/aws
# currently broken
# e.g: https://3d7660cef77b937e1585-998cb574f2547d50f5110d6a2d4ac097.ssl.cf1.rackcdn.com/636/067f6f84c20701ccf4bf0654471613af598c6e89/check/ansible-test-cloud-integration-aws-py36_2/be6c4b3/job-output.txt
disabled

slow
elb_target_group
5 changes: 3 additions & 2 deletions tests/integration/targets/elb_target/defaults/main.yml
Original file line number Diff line number Diff line change
@@ -4,12 +4,13 @@ unique_id: "ansible-test-{{ tiny_prefix }}"

lambda_role_name: '{{ unique_id }}-elb-target'
lambda_name: '{{ unique_id }}-elb-target'
elb_target_group_name: "{{ unique_id }}-elb-tg"
elb_target_group_name: "{{ unique_id }}-elb"

# Defaults used by the EC2 based test
ec2_ami_name: 'amzn2-ami-hvm-2.0.20190612-x86_64-gp2'
tg_name: "{{ unique_id }}-tg"
tg_tcpudp_name: "{{ unique_id }}-tgtcpudp"
tg_used_name: "{{ unique_id }}-tgu"
tg_tcpudp_name: "{{ unique_id }}-udp"
lb_name: "{{ unique_id }}-lb"
healthy_state:
state: 'healthy'
3 changes: 3 additions & 0 deletions tests/integration/targets/elb_target/meta/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
dependencies:
- prepare_tests
- setup_ec2
205 changes: 71 additions & 134 deletions tests/integration/targets/elb_target/tasks/ec2_target.yml

Large diffs are not rendered by default.

47 changes: 24 additions & 23 deletions tests/integration/targets/elb_target/tasks/lambda_target.yml
Original file line number Diff line number Diff line change
@@ -1,29 +1,30 @@
- name: set up lambda as elb_target
block:

- name: create zip to deploy lambda code
archive:
path: '{{ role_path }}/files/ansible_lambda_target.py'
dest: /tmp/lambda.zip
format: zip
path: "{{ role_path }}/files/ansible_lambda_target.py"
dest: "/tmp/lambda.zip"

- name: create or update service-role for lambda
iam_role:
name: '{{ lambda_role_name }}'
name: "{{ lambda_role_name }}"
assume_role_policy_document: '{{ lookup("file", role_path + "/files/assume-role.json") }}'
managed_policy:
- 'arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess'
- "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess"
register: ROLE_ARN

- name: when it is too fast, the role is not usable.
pause:
seconds: 10

- name: deploy lambda.zip to ansible_lambda_target function
lambda:
name: '{{ lambda_name }}'
name: "{{ lambda_name }}"
state: present
zip_file: /tmp/lambda.zip
runtime: python3.7
role: '{{ ROLE_ARN.arn }}'
role: "{{ ROLE_ARN.arn }}"
handler: ansible_lambda_target.lambda_handler
timeout: 30
register: lambda_function
@@ -33,7 +34,7 @@

- name: create empty target group
elb_target_group:
name: '{{ elb_target_group_name }}'
name: "{{ elb_target_group_name }}"
target_type: lambda
state: present
modify_targets: false
@@ -42,49 +43,49 @@
- name: tg is created, state must be changed
assert:
that:
- elb_target_group.changed
- elb_target_group.changed

- name: allow elb to invoke the lambda function
lambda_policy:
state: present
function_name: '{{ lambda_name }}'
version: '{{ lambda_function.configuration.version }}'
function_name: "{{ lambda_name }}"
version: "{{ lambda_function.configuration.version }}"
statement_id: elb1
action: lambda:InvokeFunction
principal: elasticloadbalancing.amazonaws.com
source_arn: '{{ elb_target_group.target_group_arn }}'
source_arn: "{{ elb_target_group.target_group_arn }}"

- name: add lambda to elb target
elb_target_group:
name: '{{ elb_target_group_name }}'
name: "{{ elb_target_group_name }}"
target_type: lambda
state: present
targets:
- Id: '{{ lambda_function.configuration.function_arn }}'
- Id: "{{ lambda_function.configuration.function_arn }}"
register: elb_target_group

- name: target is updated, state must be changed
assert:
that:
- elb_target_group.changed
- elb_target_group.changed

- name: re-add lambda to elb target (idempotency)
elb_target_group:
name: '{{ elb_target_group_name }}'
name: "{{ elb_target_group_name }}"
target_type: lambda
state: present
targets:
- Id: '{{ lambda_function.configuration.function_arn }}'
- Id: "{{ lambda_function.configuration.function_arn }}"
register: elb_target_group

- name: target is still the same, state must not be changed (idempotency)
assert:
that:
- not elb_target_group.changed
- not elb_target_group.changed

- name: remove lambda target from target group
elb_target_group:
name: '{{ elb_target_group_name }}'
name: "{{ elb_target_group_name }}"
target_type: lambda
state: absent
targets: []
@@ -93,24 +94,24 @@
- name: target is still the same, state must not be changed (idempotency)
assert:
that:
- elb_target_group.changed
- elb_target_group.changed

always:
- name: remove elb target group
elb_target_group:
name: '{{ elb_target_group_name }}'
name: "{{ elb_target_group_name }}"
target_type: lambda
state: absent
ignore_errors: true

- name: remove lambda function
lambda:
name: '{{ lambda_name }}'
name: "{{ lambda_name }}"
state: absent
ignore_errors: true

- name: remove iam role for lambda
iam_role:
name: '{{ lambda_role_name }}'
name: "{{ lambda_role_name }}"
state: absent
ignore_errors: true
5 changes: 3 additions & 2 deletions tests/integration/targets/elb_target/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -7,7 +7,8 @@
security_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
collections:
- community.general
- amazon.aws
block:
- include_tasks: lambda_target.yml
- include_tasks: ec2_target.yml
- include_tasks: ec2_target.yml
- include_tasks: lambda_target.yml

0 comments on commit 55962ff

Please sign in to comment.