From eb1a31cab7e2266f2d7676212bbf4b7d4bd70f59 Mon Sep 17 00:00:00 2001 From: ichekaldin <39010411+ichekaldin@users.noreply.github.com> Date: Mon, 29 Mar 2021 06:44:41 -0400 Subject: [PATCH] aws_glue_connection: Add multiple connection types, add check mode (#503) * Add multiple connection types and support for check mode Examples: ``` - community.aws.aws_glue_connection: name: My connection availability_zone: us-east-1a connection_properties: JDBC_ENFORCE_SSL: "false" connection_type: NETWORK description: My test connection security_groups: - test subnet_id: subnet-123abc state: present ``` * Add retries. * Add description of how to create a Glue network connection Co-authored-by: Mark Chappell --- ...3-aws_glue_connection-types-check-mode.yml | 3 + plugins/modules/aws_glue_connection.py | 86 +++-- .../aws_glue_connection/tasks/main.yml | 83 +---- .../tasks/test_connection_jdbc.yml | 74 ++++ .../tasks/test_connection_network.yml | 334 ++++++++++++++++++ 5 files changed, 483 insertions(+), 97 deletions(-) create mode 100644 changelogs/fragments/503-aws_glue_connection-types-check-mode.yml create mode 100644 tests/integration/targets/aws_glue_connection/tasks/test_connection_jdbc.yml create mode 100644 tests/integration/targets/aws_glue_connection/tasks/test_connection_network.yml diff --git a/changelogs/fragments/503-aws_glue_connection-types-check-mode.yml b/changelogs/fragments/503-aws_glue_connection-types-check-mode.yml new file mode 100644 index 00000000000..9c02409d087 --- /dev/null +++ b/changelogs/fragments/503-aws_glue_connection-types-check-mode.yml @@ -0,0 +1,3 @@ +minor_changes: + - aws_glue_connection - Added multple connection types (https://github.com/ansible-collections/community.aws/pull/503). + - aws_glue_connection - Added support for check mode (https://github.com/ansible-collections/community.aws/pull/503). diff --git a/plugins/modules/aws_glue_connection.py b/plugins/modules/aws_glue_connection.py index 41bc99816a0..b279509be18 100644 --- a/plugins/modules/aws_glue_connection.py +++ b/plugins/modules/aws_glue_connection.py @@ -16,6 +16,12 @@ requirements: [ boto3 ] author: "Rob White (@wimnat)" options: + availability_zone: + description: + - Availability Zone used by the connection + - Required when I(connection_type=NETWORK). + type: str + version_added: 1.5.0 catalog_id: description: - The ID of the Data Catalog in which to create the connection. If none is supplied, @@ -28,9 +34,9 @@ type: dict connection_type: description: - - The type of the connection. Currently, only JDBC is supported; SFTP is not supported. + - The type of the connection. Currently, SFTP is not supported. default: JDBC - choices: [ 'JDBC', 'SFTP' ] + choices: [ 'CUSTOM', 'JDBC', 'KAFKA', 'MARKETPLACE', 'MONGODB', 'NETWORK' ] type: str description: description: @@ -49,6 +55,7 @@ security_groups: description: - A list of security groups to be used by the connection. Use either security group name or ID. + - Required when I(connection_type=NETWORK). type: list elements: str state: @@ -60,6 +67,7 @@ subnet_id: description: - The subnet ID used by the connection. + - Required when I(connection_type=NETWORK). type: str extends_documentation_fragment: - amazon.aws.aws @@ -79,6 +87,19 @@ PASSWORD: my-password state: present +# Create an AWS Glue network connection +- community.aws.aws_glue_connection: + name: my-glue-network-connection + availability_zone: us-east-1a + connection_properties: + JDBC_ENFORCE_SSL: "false" + connection_type: NETWORK + description: Test connection + security_groups: + - sg-glue + subnet_id: subnet-123abc + state: present + # Delete an AWS Glue connection - community.aws.aws_glue_connection: name: my-glue-connection @@ -142,6 +163,7 @@ from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule from ansible_collections.amazon.aws.plugins.module_utils.core import is_boto3_error_code +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import AWSRetry from ansible_collections.amazon.aws.plugins.module_utils.ec2 import get_ec2_security_group_ids_from_names @@ -162,7 +184,7 @@ def _get_glue_connection(connection, module): params['CatalogId'] = connection_catalog_id try: - return connection.get_connection(**params)['Connection'] + return connection.get_connection(aws_retry=True, **params)['Connection'] except is_boto3_error_code('EntityNotFoundException'): return None @@ -207,10 +229,29 @@ def _compare_glue_connection_params(user_params, current_params): user_params['ConnectionInput']['PhysicalConnectionRequirements']['SubnetId'] \ != current_params['PhysicalConnectionRequirements']['SubnetId']: return True + if 'AvailabilityZone' in user_params['ConnectionInput']['PhysicalConnectionRequirements'] and \ + user_params['ConnectionInput']['PhysicalConnectionRequirements']['AvailabilityZone'] \ + != current_params['PhysicalConnectionRequirements']['AvailabilityZone']: + return True return False +# Glue module doesn't appear to have any waiters, unlike EC2 or RDS +def _await_glue_connection(connection, module): + start_time = time.time() + wait_timeout = start_time + 30 + check_interval = 5 + + while wait_timeout > time.time(): + glue_connection = _get_glue_connection(connection, module) + if glue_connection and glue_connection.get('Name'): + return glue_connection + time.sleep(check_interval) + + module.fail_json(msg='Timeout waiting for Glue connection %s' % module.params.get('name')) + + def create_or_update_glue_connection(connection, connection_ec2, module, glue_connection): """ Create or update an AWS Glue connection @@ -220,8 +261,8 @@ def create_or_update_glue_connection(connection, connection_ec2, module, glue_co :param glue_connection: a dict of AWS Glue connection parameters or None :return: """ - changed = False + params = dict() params['ConnectionInput'] = dict() params['ConnectionInput']['Name'] = module.params.get("name") @@ -241,6 +282,8 @@ def create_or_update_glue_connection(connection, connection_ec2, module, glue_co params['ConnectionInput']['PhysicalConnectionRequirements']['SecurityGroupIdList'] = security_group_ids if module.params.get("subnet_id") is not None: params['ConnectionInput']['PhysicalConnectionRequirements']['SubnetId'] = module.params.get("subnet_id") + if module.params.get("availability_zone") is not None: + params['ConnectionInput']['PhysicalConnectionRequirements']['AvailabilityZone'] = module.params.get("availability_zone") # If glue_connection is not None then check if it needs to be modified, else create it if glue_connection: @@ -249,27 +292,24 @@ def create_or_update_glue_connection(connection, connection_ec2, module, glue_co # We need to slightly modify the params for an update update_params = copy.deepcopy(params) update_params['Name'] = update_params['ConnectionInput']['Name'] - connection.update_connection(**update_params) + if not module.check_mode: + connection.update_connection(aws_retry=True, **update_params) changed = True except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: module.fail_json_aws(e) else: try: - connection.create_connection(**params) + if not module.check_mode: + connection.create_connection(aws_retry=True, **params) changed = True except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: module.fail_json_aws(e) # If changed, get the Glue connection again - if changed: - glue_connection = None - for i in range(10): - glue_connection = _get_glue_connection(connection, module) - if glue_connection is not None: - break - time.sleep(10) + if changed and not module.check_mode: + glue_connection = _await_glue_connection(connection, module) - module.exit_json(changed=changed, **camel_dict_to_snake_dict(glue_connection)) + module.exit_json(changed=changed, **camel_dict_to_snake_dict(glue_connection or {})) def delete_glue_connection(connection, module, glue_connection): @@ -281,7 +321,6 @@ def delete_glue_connection(connection, module, glue_connection): :param glue_connection: a dict of AWS Glue connection parameters or None :return: """ - changed = False params = {'ConnectionName': module.params.get("name")} @@ -290,7 +329,8 @@ def delete_glue_connection(connection, module, glue_connection): if glue_connection: try: - connection.delete_connection(**params) + if not module.check_mode: + connection.delete_connection(aws_retry=True, **params) changed = True except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: module.fail_json_aws(e) @@ -302,9 +342,10 @@ def main(): argument_spec = ( dict( + availability_zone=dict(type='str'), catalog_id=dict(type='str'), connection_properties=dict(type='dict'), - connection_type=dict(type='str', default='JDBC', choices=['JDBC', 'SFTP']), + connection_type=dict(type='str', default='JDBC', choices=['CUSTOM', 'JDBC', 'KAFKA', 'MARKETPLACE', 'MONGODB', 'NETWORK']), description=dict(type='str'), match_criteria=dict(type='list', elements='str'), name=dict(required=True, type='str'), @@ -316,12 +357,15 @@ def main(): module = AnsibleAWSModule(argument_spec=argument_spec, required_if=[ - ('state', 'present', ['connection_properties']) - ] + ('state', 'present', ['connection_properties']), + ('connection_type', 'NETWORK', ['availability_zone', 'security_groups', 'subnet_id']) + ], + supports_check_mode=True ) - connection_glue = module.client('glue') - connection_ec2 = module.client('ec2') + retry_decorator = AWSRetry.jittered_backoff(retries=10) + connection_glue = module.client('glue', retry_decorator=retry_decorator) + connection_ec2 = module.client('ec2', retry_decorator=retry_decorator) glue_connection = _get_glue_connection(connection_glue, module) diff --git a/tests/integration/targets/aws_glue_connection/tasks/main.yml b/tests/integration/targets/aws_glue_connection/tasks/main.yml index 2c037c82f14..837f9bd17e3 100644 --- a/tests/integration/targets/aws_glue_connection/tasks/main.yml +++ b/tests/integration/targets/aws_glue_connection/tasks/main.yml @@ -1,82 +1,13 @@ --- -- name: 'aws_glue_connection integration tests' +- name: aws_glue_connection integration tests collections: - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region }}' + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + security_token: "{{ security_token | default(omit) }}" + region: "{{ aws_region }}" block: - - # TODO: description, match_criteria, security_groups, and subnet_id are unused module options - - - name: create glue connection - aws_glue_connection: - name: "{{ resource_prefix }}" - connection_properties: - JDBC_CONNECTION_URL: "jdbc:mysql://mydb:3306/{{ resource_prefix }}" - USERNAME: my-username - PASSWORD: my-password - state: present - register: result - - - assert: - that: - - result.changed - - - name: test idempotence creating glue connection - aws_glue_connection: - name: "{{ resource_prefix }}" - connection_properties: - JDBC_CONNECTION_URL: "jdbc:mysql://mydb:3306/{{ resource_prefix }}" - USERNAME: my-username - PASSWORD: my-password - state: present - register: result - - - assert: - that: - - not result.changed - - - name: test updating JDBC connection url - aws_glue_connection: - name: "{{ resource_prefix }}" - connection_properties: - JDBC_CONNECTION_URL: "jdbc:mysql://mydb:3306/{{ resource_prefix }}-updated" - USERNAME: my-username - PASSWORD: my-password - state: present - register: result - - - assert: - that: - - result.changed - - - name: delete glue connection - aws_glue_connection: - name: "{{ resource_prefix }}" - state: absent - register: result - - - assert: - that: - - result.changed - - - name: test idempotence removing glue connection - aws_glue_connection: - name: "{{ resource_prefix }}" - state: absent - register: result - - - assert: - that: - - not result.changed - - always: - - - name: delete glue connection - aws_glue_connection: - name: "{{ resource_prefix }}" - state: absent + - include_tasks: test_connection_network.yml + - include_tasks: test_connection_jdbc.yml diff --git a/tests/integration/targets/aws_glue_connection/tasks/test_connection_jdbc.yml b/tests/integration/targets/aws_glue_connection/tasks/test_connection_jdbc.yml new file mode 100644 index 00000000000..966d8156f9d --- /dev/null +++ b/tests/integration/targets/aws_glue_connection/tasks/test_connection_jdbc.yml @@ -0,0 +1,74 @@ +--- +- name: 'aws_glue_connection integration tests (JDBC)' + block: + + # TODO: description, match_criteria, security_groups, and subnet_id are unused module options + + - name: create glue connection + aws_glue_connection: + name: "{{ resource_prefix }}" + connection_properties: + JDBC_CONNECTION_URL: "jdbc:mysql://mydb:3306/{{ resource_prefix }}" + USERNAME: my-username + PASSWORD: my-password + state: present + register: result + + - assert: + that: + - result.changed + + - name: test idempotence creating glue connection + aws_glue_connection: + name: "{{ resource_prefix }}" + connection_properties: + JDBC_CONNECTION_URL: "jdbc:mysql://mydb:3306/{{ resource_prefix }}" + USERNAME: my-username + PASSWORD: my-password + state: present + register: result + + - assert: + that: + - not result.changed + + - name: test updating JDBC connection url + aws_glue_connection: + name: "{{ resource_prefix }}" + connection_properties: + JDBC_CONNECTION_URL: "jdbc:mysql://mydb:3306/{{ resource_prefix }}-updated" + USERNAME: my-username + PASSWORD: my-password + state: present + register: result + + - assert: + that: + - result.changed + + - name: delete glue connection + aws_glue_connection: + name: "{{ resource_prefix }}" + state: absent + register: result + + - assert: + that: + - result.changed + + - name: test idempotence removing glue connection + aws_glue_connection: + name: "{{ resource_prefix }}" + state: absent + register: result + + - assert: + that: + - not result.changed + + always: + + - name: delete glue connection + aws_glue_connection: + name: "{{ resource_prefix }}" + state: absent diff --git a/tests/integration/targets/aws_glue_connection/tasks/test_connection_network.yml b/tests/integration/targets/aws_glue_connection/tasks/test_connection_network.yml new file mode 100644 index 00000000000..ce8af4d2f21 --- /dev/null +++ b/tests/integration/targets/aws_glue_connection/tasks/test_connection_network.yml @@ -0,0 +1,334 @@ +--- +- name: aws_glue_connection integration tests (network) + block: + - name: Install AWS CLI + pip: + name: awscli + state: present + + - name: Create VPC + ec2_vpc_net: + name: "{{ resource_prefix }}-vpc" + cidr_block: 10.22.32.0/23 + tags: + Name: Ansible ec2_instance Testing VPC + tenancy: default + register: glue_vpc + + - name: Create default subnet in zone A + ec2_vpc_subnet: + az: "{{ aws_region }}a" + cidr: 10.22.32.0/24 + vpc_id: "{{ glue_vpc.vpc.id }}" + resource_tags: + Name: "{{ resource_prefix }}-subnet-a" + state: present + register: glue_subnet_a + + - name: Create security group 1 + ec2_group: + name: "{{ resource_prefix }}-sg-glue-1" + description: A security group for Ansible tests + vpc_id: "{{ glue_vpc.vpc.id }}" + rules: + - proto: -1 + ports: -1 + group_name: "{{ resource_prefix }}-sg-glue-1" + rule_desc: Connections from Glue + + - name: Create security group 2 + ec2_group: + name: "{{ resource_prefix }}-sg-glue-2" + description: A security group for Ansible tests + vpc_id: "{{ glue_vpc.vpc.id }}" + rules: + - proto: -1 + ports: -1 + group_name: "{{ resource_prefix }}-sg-glue-2" + rule_desc: Connections from Glue + + - name: Create Glue connection (check mode) + aws_glue_connection: + name: "{{ resource_prefix }}" + availability_zone: "{{ aws_region }}a" + connection_properties: + jdbc_enforce_ssl: "false" + connection_type: NETWORK + description: Test connection + security_groups: + - "{{ resource_prefix }}-sg-glue-1" + subnet_id: "{{ glue_subnet_a.subnet.id }}" + state: present + check_mode: true + register: glue_connection_check + + - name: Verity that Glue connection was not created in check mode + assert: + that: + - glue_connection_check.changed + - glue_connection_check.description is not defined + + - name: Create Glue connection + aws_glue_connection: + name: "{{ resource_prefix }}" + availability_zone: "{{ aws_region }}a" + connection_properties: + jdbc_enforce_ssl: "false" + connection_type: NETWORK + description: Test connection + security_groups: + - "{{ resource_prefix }}-sg-glue-1" + subnet_id: "{{ glue_subnet_a.subnet.id }}" + state: present + register: glue_connection + + - name: Get info on Glue connection + command: "aws glue get-connection --name {{ resource_prefix }}" + environment: + AWS_ACCESS_KEY_ID: "{{ aws_access_key }}" + AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}" + AWS_SESSION_TOKEN: "{{ security_token | default('') }}" + AWS_DEFAULT_REGION: "{{ aws_region }}" + register: connection_info_query + + - name: Convert it to an object + set_fact: + connection_info: "{{ connection_info_query.stdout | from_json }}" + + - name: Verity that Glue connection was created + assert: + that: + - glue_connection.changed + - glue_connection.name == connection_info["Connection"]["Name"] + - glue_connection.description == connection_info["Connection"]["Description"] + - glue_connection.connection_properties == connection_info["Connection"]["ConnectionProperties"] + - glue_connection.connection_type == connection_info["Connection"]["ConnectionType"] + - glue_connection.physical_connection_requirements.subnet_id == connection_info["Connection"]["PhysicalConnectionRequirements"]["SubnetId"] + - glue_connection.physical_connection_requirements.security_group_id_list == connection_info["Connection"]["PhysicalConnectionRequirements"]["SecurityGroupIdList"] + - glue_connection.physical_connection_requirements.availability_zone == connection_info["Connection"]["PhysicalConnectionRequirements"]["AvailabilityZone"] + + - name: Create Glue connection (idempotent) (check mode) + aws_glue_connection: + name: "{{ resource_prefix }}" + availability_zone: "{{ aws_region }}a" + connection_properties: + jdbc_enforce_ssl: "false" + connection_type: NETWORK + description: Test connection + security_groups: + - "{{ resource_prefix }}-sg-glue-1" + subnet_id: "{{ glue_subnet_a.subnet.id }}" + state: present + check_mode: true + register: glue_connection_idempotent_check + + - name: Get info on Glue connection + command: "aws glue get-connection --name {{ resource_prefix }}" + environment: + AWS_ACCESS_KEY_ID: "{{ aws_access_key }}" + AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}" + AWS_SESSION_TOKEN: "{{ security_token | default('') }}" + AWS_DEFAULT_REGION: "{{ aws_region }}" + register: connection_info_query_idempotent_check + + - name: Convert it to an object + set_fact: + connection_info_idempotent_check: "{{ connection_info_query_idempotent_check.stdout | from_json }}" + + - name: Verity that Glue connection was not modified in check mode + assert: + that: + - not glue_connection_idempotent_check.changed + - connection_info_idempotent_check["Connection"]["Name"] == connection_info["Connection"]["Name"] + - connection_info_idempotent_check["Connection"]["Description"] == connection_info["Connection"]["Description"] + - connection_info_idempotent_check["Connection"]["ConnectionProperties"] == connection_info["Connection"]["ConnectionProperties"] + - connection_info_idempotent_check["Connection"]["ConnectionType"] == connection_info["Connection"]["ConnectionType"] + - connection_info_idempotent_check["Connection"]["PhysicalConnectionRequirements"]["SubnetId"] == connection_info["Connection"]["PhysicalConnectionRequirements"]["SubnetId"] + - connection_info_idempotent_check["Connection"]["PhysicalConnectionRequirements"]["SecurityGroupIdList"]== connection_info["Connection"]["PhysicalConnectionRequirements"]["SecurityGroupIdList"] + - connection_info_idempotent_check["Connection"]["PhysicalConnectionRequirements"]["AvailabilityZone"] == connection_info["Connection"]["PhysicalConnectionRequirements"]["AvailabilityZone"] + + - name: Create Glue connection (idempotent) + aws_glue_connection: + name: "{{ resource_prefix }}" + availability_zone: "{{ aws_region }}a" + connection_properties: + jdbc_enforce_ssl: "false" + connection_type: NETWORK + description: Test connection + security_groups: + - "{{ resource_prefix }}-sg-glue-1" + subnet_id: "{{ glue_subnet_a.subnet.id }}" + state: present + register: glue_connection_idempotent + + - name: Get info on Glue connection + command: "aws glue get-connection --name {{ resource_prefix }}" + environment: + AWS_ACCESS_KEY_ID: "{{ aws_access_key }}" + AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}" + AWS_SESSION_TOKEN: "{{ security_token | default('') }}" + AWS_DEFAULT_REGION: "{{ aws_region }}" + register: connection_info_query_idempotent + + - name: Convert it to an object + set_fact: + connection_info_idempotent: "{{ connection_info_query_idempotent.stdout | from_json }}" + + - name: Verity that Glue connection was not modified + assert: + that: + - not glue_connection_idempotent.changed + - connection_info_idempotent["Connection"]["Name"] == connection_info["Connection"]["Name"] + - connection_info_idempotent["Connection"]["Description"] == connection_info["Connection"]["Description"] + - connection_info_idempotent["Connection"]["ConnectionProperties"] == connection_info["Connection"]["ConnectionProperties"] + - connection_info_idempotent["Connection"]["ConnectionType"] == connection_info["Connection"]["ConnectionType"] + - connection_info_idempotent["Connection"]["PhysicalConnectionRequirements"]["SubnetId"] == connection_info["Connection"]["PhysicalConnectionRequirements"]["SubnetId"] + - connection_info_idempotent["Connection"]["PhysicalConnectionRequirements"]["SecurityGroupIdList"]== connection_info["Connection"]["PhysicalConnectionRequirements"]["SecurityGroupIdList"] + - connection_info_idempotent["Connection"]["PhysicalConnectionRequirements"]["AvailabilityZone"] == connection_info["Connection"]["PhysicalConnectionRequirements"]["AvailabilityZone"] + + - name: Update Glue connection (check mode) + aws_glue_connection: + name: "{{ resource_prefix }}" + availability_zone: "{{ aws_region }}a" + connection_properties: + jdbc_enforce_ssl: "false" + connection_type: NETWORK + description: Test connection modified + security_groups: + - "{{ resource_prefix }}-sg-glue-2" + subnet_id: "{{ glue_subnet_a.subnet.id }}" + state: present + check_mode: true + register: glue_connection_update_check + + - name: Get info on Glue connection + command: "aws glue get-connection --name {{ resource_prefix }}" + environment: + AWS_ACCESS_KEY_ID: "{{ aws_access_key }}" + AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}" + AWS_SESSION_TOKEN: "{{ security_token | default('') }}" + AWS_DEFAULT_REGION: "{{ aws_region }}" + register: connection_info_query_update_check + + - name: Convert it to an object + set_fact: + connection_info_update_check: "{{ connection_info_query_update_check.stdout | from_json }}" + + - name: Verity that Glue connection was not modified in check mode + assert: + that: + - glue_connection_update_check.changed + - glue_connection_update_check.name == connection_info_update_check["Connection"]["Name"] + - glue_connection_update_check.description == connection_info_update_check["Connection"]["Description"] + - glue_connection_update_check.connection_properties == connection_info_update_check["Connection"]["ConnectionProperties"] + - glue_connection_update_check.connection_type == connection_info_update_check["Connection"]["ConnectionType"] + - glue_connection_update_check.physical_connection_requirements.subnet_id == connection_info_update_check["Connection"]["PhysicalConnectionRequirements"]["SubnetId"] + - glue_connection_update_check.physical_connection_requirements.security_group_id_list == connection_info_update_check["Connection"]["PhysicalConnectionRequirements"]["SecurityGroupIdList"] + - glue_connection_update_check.physical_connection_requirements.availability_zone == connection_info_update_check["Connection"]["PhysicalConnectionRequirements"]["AvailabilityZone"] + + - name: Update Glue connection + aws_glue_connection: + name: "{{ resource_prefix }}" + availability_zone: "{{ aws_region }}a" + connection_properties: + jdbc_enforce_ssl: "false" + connection_type: NETWORK + description: Test connection modified + security_groups: + - "{{ resource_prefix }}-sg-glue-2" + subnet_id: "{{ glue_subnet_a.subnet.id }}" + state: present + register: glue_connection_update + + - name: Get info on Glue connection + command: "aws glue get-connection --name {{ resource_prefix }}" + environment: + AWS_ACCESS_KEY_ID: "{{ aws_access_key }}" + AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}" + AWS_SESSION_TOKEN: "{{ security_token | default('') }}" + AWS_DEFAULT_REGION: "{{ aws_region }}" + register: connection_info_query_update + + - name: Convert it to an object + set_fact: + connection_info_update: "{{ connection_info_query_update.stdout | from_json }}" + + - name: Verity that Glue connection was modified + assert: + that: + - glue_connection_update.changed + - glue_connection_update.name == connection_info_update["Connection"]["Name"] + - glue_connection_update.description == connection_info_update["Connection"]["Description"] + - glue_connection_update.connection_properties == connection_info_update["Connection"]["ConnectionProperties"] + - glue_connection_update.connection_type == connection_info_update["Connection"]["ConnectionType"] + - glue_connection_update.physical_connection_requirements.subnet_id == connection_info_update["Connection"]["PhysicalConnectionRequirements"]["SubnetId"] + - glue_connection_update.physical_connection_requirements.security_group_id_list == connection_info_update["Connection"]["PhysicalConnectionRequirements"]["SecurityGroupIdList"] + - glue_connection_update.physical_connection_requirements.availability_zone == connection_info_update["Connection"]["PhysicalConnectionRequirements"]["AvailabilityZone"] + + - name: Delete Glue connection (check mode) + aws_glue_connection: + name: "{{ resource_prefix }}" + state: absent + check_mode: true + register: glue_connection_delete_check + + - name: Get info on Glue connection + command: "aws glue get-connection --name {{ resource_prefix }}" + environment: + AWS_ACCESS_KEY_ID: "{{ aws_access_key }}" + AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}" + AWS_SESSION_TOKEN: "{{ security_token | default('') }}" + AWS_DEFAULT_REGION: "{{ aws_region }}" + register: connection_info_query_delete_check + + - name: Convert it to an object + set_fact: + connection_info_delete_check: "{{ connection_info_query_delete_check.stdout | from_json }}" + + - name: Verity that Glue connection was not deleted in check mode + assert: + that: + - glue_connection_delete_check.changed + - connection_info["Connection"]["Name"] == connection_info_delete_check["Connection"]["Name"] + + - name: Delete Glue connection + aws_glue_connection: + name: "{{ resource_prefix }}" + state: absent + register: glue_connection_delete + + - name: Verity that Glue connection was deleted + assert: + that: + - glue_connection_delete.changed + + always: + - name: Delete Glue connection + aws_glue_connection: + name: "{{ resource_prefix }}" + state: absent + ignore_errors: true + - name: Delete security group 1 + ec2_group: + name: "{{ resource_prefix }}-sg-glue-1" + state: absent + ignore_errors: true + - name: Delete security group 2 + ec2_group: + name: "{{ resource_prefix }}-sg-glue-2" + state: absent + ignore_errors: true + - name: Delete default subnet in zone A + ec2_vpc_subnet: + az: "{{ aws_region }}a" + cidr: 10.22.32.0/24 + vpc_id: "{{ glue_vpc.vpc.id }}" + state: absent + register: glue_subnet_a + ignore_errors: true + - name: Delete VPC + ec2_vpc_net: + name: "{{ resource_prefix }}-vpc" + cidr_block: 10.22.32.0/23 + state: absent + ignore_errors: true