diff --git a/changelogs/fragments/1232-ec2_vpc_vgw-purge_tags.yml b/changelogs/fragments/1232-ec2_vpc_vgw-purge_tags.yml new file mode 100644 index 00000000000..47c89a1a123 --- /dev/null +++ b/changelogs/fragments/1232-ec2_vpc_vgw-purge_tags.yml @@ -0,0 +1,5 @@ +minor_changes: +- ec2_vpc_vgw - add support for ``purge_tags`` parameter (https://github.com/ansible-collections/community.aws/pull/1232). +- ec2_vpc_vgw - the default behaviour for ``tags`` has been updated, to remove all tags the ``tags`` parameter must be explicitly set to the empty dict ``{}`` and ``purge_tags`` to ``True`` (https://github.com/ansible-collections/community.aws/pull/1232). +- ec2_vpc_vgw - updated to set tags as part of VGW creation instead of tagging the VGW after creation (https://github.com/ansible-collections/community.aws/pull/1232). +- ec2_vpc_vgw_info - added ``resource_tags`` to the return values (https://github.com/ansible-collections/community.aws/pull/1232). diff --git a/plugins/modules/ec2_vpc_vgw.py b/plugins/modules/ec2_vpc_vgw.py index b46d0f9ac47..126f5ff920d 100644 --- a/plugins/modules/ec2_vpc_vgw.py +++ b/plugins/modules/ec2_vpc_vgw.py @@ -8,7 +8,7 @@ DOCUMENTATION = ''' module: ec2_vpc_vgw -short_description: Create and delete AWS VPN Virtual Gateways. +short_description: Create and delete AWS VPN Virtual Gateways version_added: 1.0.0 description: - Creates AWS VPN Virtual Gateways @@ -18,52 +18,50 @@ options: state: description: - - present to ensure resource is created. - - absent to remove resource + - C(present) to ensure resource is created. + - C(absent) to remove resource. default: present choices: [ "present", "absent"] type: str name: description: - - name of the vgw to be created or deleted + - Name of the VGW to be created or deleted. type: str type: description: - - type of the virtual gateway to be created + - Type of the virtual gateway to be created. choices: [ "ipsec.1" ] default: "ipsec.1" type: str vpn_gateway_id: description: - - vpn gateway id of an existing virtual gateway + - VPN gateway ID of an existing virtual gateway. type: str vpc_id: description: - - the vpc-id of a vpc to attach or detach + - The ID of a VPC to attach or detach to the VGW. type: str asn: description: - - the BGP ASN of the amazon side + - The BGP ASN on the Amazon side. type: int wait_timeout: description: - - number of seconds to wait for status during vpc attach and detach + - Number of seconds to wait for status during VPC attach and detach. default: 320 type: int - tags: - description: - - dictionary of resource tags - aliases: [ "resource_tags" ] - type: dict -author: Nick Aslanidis (@naslanidis) +notes: + - Support for I(purge_tags) was added in release 4.0.0. +author: + - Nick Aslanidis (@naslanidis) extends_documentation_fragment: -- amazon.aws.ec2 -- amazon.aws.aws - + - amazon.aws.ec2 + - amazon.aws.aws + - amazon.aws.tags ''' EXAMPLES = ''' -- name: Create a new vgw attached to a specific VPC +- name: Create a new VGW attached to a specific VPC community.aws.ec2_vpc_vgw: state: present region: ap-southeast-2 @@ -73,7 +71,7 @@ type: ipsec.1 register: created_vgw -- name: Create a new unattached vgw +- name: Create a new unattached VGW community.aws.ec2_vpc_vgw: state: present region: ap-southeast-2 @@ -85,7 +83,7 @@ owner: ABC register: created_vgw -- name: Remove a new vgw using the name +- name: Remove a new VGW using the name community.aws.ec2_vpc_vgw: state: absent region: ap-southeast-2 @@ -94,7 +92,7 @@ type: ipsec.1 register: deleted_vgw -- name: Remove a new vgw using the vpn_gateway_id +- name: Remove a new VGW using the vpn_gateway_id community.aws.ec2_vpc_vgw: state: absent region: ap-southeast-2 @@ -104,10 +102,36 @@ ''' RETURN = ''' -result: - description: The result of the create, or delete action. +vgw: + description: A description of the VGW returned: success type: dict + contains: + id: + description: The ID of the VGW. + type: str + returned: success + example: "vgw-0123456789abcdef0" + state: + description: The state of the VGW. + type: str + returned: success + example: "available" + tags: + description: A dictionary representing the tags attached to the VGW + type: dict + returned: success + example: { "Name": "ansible-test-ec2-vpc-vgw" } + type: + description: The type of VPN connection the virtual private gateway supports. + type: str + returned: success + example: "ipsec.1" + vpc_id: + description: The ID of the VPC to which the VGW is attached. + type: str + returned: success + example: vpc-123456789abcdef01 ''' import time @@ -120,7 +144,10 @@ from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule from ansible_collections.amazon.aws.plugins.module_utils.core import is_boto3_error_code from ansible_collections.amazon.aws.plugins.module_utils.ec2 import AWSRetry +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ensure_ec2_tags from ansible_collections.amazon.aws.plugins.module_utils.waiters import get_waiter +from ansible_collections.amazon.aws.plugins.module_utils.tagging import boto3_tag_specifications +from ansible_collections.amazon.aws.plugins.module_utils.tagging import boto3_tag_list_to_ansible_dict # AWS uses VpnGatewayLimitExceeded for both 'Too many VGWs' and 'Too many concurrent changes' @@ -159,8 +186,8 @@ def get_vgw_info(vgws): 'tags': dict() } - for tag in vgw['Tags']: - vgw_info['tags'][tag['Key']] = tag['Value'] + if vgw['Tags']: + vgw_info['tags'] = boto3_tag_list_to_ansible_dict(vgw['Tags']) if len(vgw['VpcAttachments']) != 0 and vgw['VpcAttachments'][0]['State'] == 'attached': vgw_info['vpc_id'] = vgw['VpcAttachments'][0]['VpcId'] @@ -234,6 +261,9 @@ def detach_vgw(client, module, vpn_gateway_id, vpc_id=None): def create_vgw(client, module): params = dict() params['Type'] = module.params.get('type') + tags = module.params.get('tags') or {} + tags['Name'] = module.params.get('name') + params['TagSpecifications'] = boto3_tag_specifications(tags, ['vpn-gateway']) if module.params.get('asn'): params['AmazonSideAsn'] = module.params.get('asn') @@ -267,92 +297,6 @@ def delete_vgw(client, module, vpn_gateway_id): return result -def create_tags(client, module, vpn_gateway_id): - params = dict() - - try: - response = client.create_tags(Resources=[vpn_gateway_id], Tags=load_tags(module), aws_retry=True) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Failed to add tags") - - result = response - return result - - -def delete_tags(client, module, vpn_gateway_id, tags_to_delete=None): - params = dict() - - try: - if tags_to_delete: - response = client.delete_tags(Resources=[vpn_gateway_id], Tags=tags_to_delete, aws_retry=True) - else: - response = client.delete_tags(Resources=[vpn_gateway_id], aws_retry=True) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg='Unable to remove tags from gateway') - - result = response - return result - - -def load_tags(module): - tags = [] - - if module.params.get('tags'): - for name, value in module.params.get('tags').items(): - tags.append({'Key': name, 'Value': str(value)}) - tags.append({'Key': "Name", 'Value': module.params.get('name')}) - else: - tags.append({'Key': "Name", 'Value': module.params.get('name')}) - return tags - - -def find_tags(client, module, resource_id=None): - - if resource_id: - try: - response = client.describe_tags(aws_retry=True, Filters=[ - {'Name': 'resource-id', 'Values': [resource_id]}, - ]) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg='Failed to describe tags searching by resource') - - result = response - return result - - -def check_tags(client, module, existing_vgw, vpn_gateway_id): - params = dict() - params['Tags'] = module.params.get('tags') - vgw = existing_vgw - changed = False - tags_list = {} - - # format tags for comparison - for tags in existing_vgw[0]['Tags']: - if tags['Key'] != 'Name': - tags_list[tags['Key']] = tags['Value'] - - # if existing tags don't match the tags arg, delete existing and recreate with new list - if params['Tags'] is not None and tags_list != params['Tags']: - delete_tags(client, module, vpn_gateway_id) - create_tags(client, module, vpn_gateway_id) - vgw = find_vgw(client, module) - changed = True - - # if no tag args are supplied, delete any existing tags with the exception of the name tag - if params['Tags'] is None and tags_list != {}: - tags_to_delete = [] - for tags in existing_vgw[0]['Tags']: - if tags['Key'] != 'Name': - tags_to_delete.append(tags) - - delete_tags(client, module, vpn_gateway_id, tags_to_delete) - vgw = find_vgw(client, module) - changed = True - - return vgw, changed - - def find_vpc(client, module): params = dict() params['vpc_id'] = module.params.get('vpc_id') @@ -409,7 +353,15 @@ def ensure_vgw_present(client, module): if existing_vgw != []: vpn_gateway_id = existing_vgw[0]['VpnGatewayId'] - vgw, changed = check_tags(client, module, existing_vgw, vpn_gateway_id) + desired_tags = module.params.get('tags') + purge_tags = module.params.get('purge_tags') + if desired_tags is None: + desired_tags = dict() + purge_tags = False + tags = dict(Name=module.params.get('name')) + tags.update(desired_tags) + changed = ensure_ec2_tags(client, module, vpn_gateway_id, resource_type='vpn-gateway', + tags=tags, purge_tags=purge_tags) # if a vpc_id was provided, check if it exists and if it's attached if params['VpcId']: @@ -446,9 +398,6 @@ def ensure_vgw_present(client, module): changed = True vpn_gateway_id = new_vgw['VpnGateway']['VpnGatewayId'] - # tag the new virtual gateway - create_tags(client, module, vpn_gateway_id) - # if a vpc-id was supplied, attempt to attach it to the vgw if params['VpcId']: attached_vgw = attach_vgw(client, module, vpn_gateway_id) @@ -559,6 +508,7 @@ def main(): wait_timeout=dict(type='int', default=320), type=dict(default='ipsec.1', choices=['ipsec.1']), tags=dict(default=None, required=False, type='dict', aliases=['resource_tags']), + purge_tags=dict(default=True, type='bool'), ) module = AnsibleAWSModule(argument_spec=argument_spec, required_if=[['state', 'present', ['name']]]) diff --git a/plugins/modules/ec2_vpc_vgw_info.py b/plugins/modules/ec2_vpc_vgw_info.py index aa4a4719ffe..a84b07bf589 100644 --- a/plugins/modules/ec2_vpc_vgw_info.py +++ b/plugins/modules/ec2_vpc_vgw_info.py @@ -12,7 +12,7 @@ version_added: 1.0.0 short_description: Gather information about virtual gateways in AWS description: - - Gather information about virtual gateways in AWS. + - Gather information about virtual gateways in AWS. options: filters: description: @@ -24,11 +24,11 @@ - Get details of a specific Virtual Gateway ID. This value should be provided as a list. type: list elements: str -author: "Nick Aslanidis (@naslanidis)" +author: + - "Nick Aslanidis (@naslanidis)" extends_documentation_fragment: -- amazon.aws.aws -- amazon.aws.ec2 - + - amazon.aws.aws + - amazon.aws.ec2 ''' EXAMPLES = r''' @@ -61,31 +61,64 @@ description: The virtual gateways for the account. returned: always type: list - sample: [ - { - "state": "available", - "tags": [ - { - "key": "Name", - "value": "TEST-VGW" - } - ], - "type": "ipsec.1", - "vpc_attachments": [ - { - "state": "attached", - "vpc_id": "vpc-22a93c74" - } - ], - "vpn_gateway_id": "vgw-23e3d64e" - } - ] - -changed: - description: True if listing the virtual gateways succeeds. - returned: always - type: bool - sample: "false" + elements: dict + contains: + vpn_gateway_id: + description: The ID of the VGW. + type: str + returned: success + example: "vgw-0123456789abcdef0" + state: + description: The current state of the VGW. + type: str + returned: success + example: "available" + type: + description: The type of VPN connection the VGW supports. + type: str + returned: success + example: "ipsec.1" + vpc_attachments: + description: A description of the attachment of VPCs to the VGW. + type: list + elements: dict + returned: success + contains: + state: + description: The current state of the attachment. + type: str + returned: success + example: available + vpc_id: + description: The ID of the VPC. + type: str + returned: success + example: vpc-12345678901234567 + tags: + description: + - A list of dictionaries representing the tags attached to the VGW. + - Represents the same details as I(resource_tags). + type: list + elements: dict + returned: success + contains: + key: + description: The key of the tag. + type: str + returned: success + example: MyKey + value: + description: The value of the tag. + type: str + returned: success + example: MyValue + resource_tags: + description: + - A dictionary representing the tags attached to the VGW. + - Represents the same details as I(tags). + type: dict + returned: success + example: {"MyKey": "MyValue"} ''' try: @@ -97,14 +130,20 @@ from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ansible_dict_to_boto3_filter_list +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict def get_virtual_gateway_info(virtual_gateway): - virtual_gateway_info = {'VpnGatewayId': virtual_gateway['VpnGatewayId'], - 'State': virtual_gateway['State'], - 'Type': virtual_gateway['Type'], - 'VpcAttachments': virtual_gateway['VpcAttachments'], - 'Tags': virtual_gateway.get('Tags', [])} + tags = virtual_gateway.get('Tags', []) + resource_tags = boto3_tag_list_to_ansible_dict(tags) + virtual_gateway_info = dict( + VpnGatewayId=virtual_gateway['VpnGatewayId'], + State=virtual_gateway['State'], + Type=virtual_gateway['Type'], + VpcAttachments=virtual_gateway['VpcAttachments'], + Tags=tags, + ResourceTags=resource_tags, + ) return virtual_gateway_info @@ -122,7 +161,7 @@ def list_virtual_gateways(client, module): except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: module.fail_json_aws(e, msg="Failed to list gateways") - return [camel_dict_to_snake_dict(get_virtual_gateway_info(vgw)) + return [camel_dict_to_snake_dict(get_virtual_gateway_info(vgw), ignore_list=['ResourceTags']) for vgw in all_virtual_gateways['VpnGateways']] diff --git a/tests/integration/targets/ec2_vpc_vgw/defaults/main.yml b/tests/integration/targets/ec2_vpc_vgw/defaults/main.yml new file mode 100644 index 00000000000..b10650336c4 --- /dev/null +++ b/tests/integration/targets/ec2_vpc_vgw/defaults/main.yml @@ -0,0 +1,12 @@ +--- +vpc_name: '{{ resource_prefix }}-ec2-vpc-vgw' +vgw_name: '{{ resource_prefix }}-ec2-vpc-vgw' +subnet_name: '{{ resource_prefix }}-ec2-vpc-vgw' +vpc_cidr: '10.{{ 256 | random(seed=resource_prefix) }}.0.0/16' +subnet_1: '10.{{ 256 | random(seed=resource_prefix) }}.1.0/24' +subnet_2: '10.{{ 256 | random(seed=resource_prefix) }}.2.0/24' +subnet_3: '10.{{ 256 | random(seed=resource_prefix) }}.3.0/24' +subnet_4: '10.{{ 256 | random(seed=resource_prefix) }}.4.0/24' + +vpc_ipv6_cidr: '10.{{ 256 | random(seed=resource_prefix) }}.5.0/25' +vpc_ipv6_name: '{{ vpc_name }}-ipv6' diff --git a/tests/integration/targets/ec2_vpc_vgw/tasks/main.yml b/tests/integration/targets/ec2_vpc_vgw/tasks/main.yml index b0c40bf8572..14fd6b4ea63 100644 --- a/tests/integration/targets/ec2_vpc_vgw/tasks/main.yml +++ b/tests/integration/targets/ec2_vpc_vgw/tasks/main.yml @@ -15,12 +15,11 @@ - name: create a VPC ec2_vpc_net: - name: "{{ resource_prefix }}-vpc-{{ item }}" + name: "{{ vpc_name }}-{{ item }}" state: present - cidr_block: "10.0.0.0/26" + cidr_block: "{{ vpc_cidr }}" tags: - Name: "{{ resource_prefix }}-vpc-{{ item }}" - Description: "Created by ansible-test" + Description: "Created by ansible-test for IGW tests" register: vpc_result loop: [1, 2] @@ -36,62 +35,62 @@ ec2_vpc_vgw: state: present vpc_id: '{{ vpc_id_1 }}' - name: "{{ resource_prefix }}-vgw" + name: "{{ vgw_name }}" register: vgw + - name: use set fact for vgw ids + set_fact: + vgw_id: '{{ vgw.vgw.id }}' + - assert: that: - vgw.changed - - "{{ vgw.vgw.vpc_id == vpc_id_1 }}" - - '"{{ vgw.vgw.tags.Name }}" == "{{ resource_prefix }}-vgw"' + - vgw.vgw.vpc_id == vpc_id_1 + - vgw.vgw.tags.Name == vgw_name - name: test idempotence ec2_vpc_vgw: state: present vpc_id: '{{ vpc_id_1 }}' - name: "{{ resource_prefix }}-vgw" + name: "{{ vgw_name }}" register: vgw - assert: that: - not vgw.changed + - vgw.vgw.id == vgw_id # ============================================================ - name: attach vpn gateway to the other VPC ec2_vpc_vgw: state: present vpc_id: '{{ vpc_id_2 }}' - name: "{{ resource_prefix }}-vgw" + name: "{{ vgw_name }}" register: vgw - assert: that: - vgw.changed - - "{{ vgw.vgw.vpc_id == vpc_id_2 }}" + - vgw.vgw.id == vgw_id + - vgw.vgw.vpc_id == vpc_id_2 # ============================================================ - - name: add tags to the VGW + + - name: detach vpn gateway ec2_vpc_vgw: state: present - vpc_id: '{{ vpc_id_2 }}' - name: "{{ resource_prefix }}-vgw" - tags: - created_by: ec2_vpc_vgw integration tests + name: "{{ vgw_name }}" register: vgw - assert: that: - vgw.changed - - vgw.vgw.tags | length == 2 - - "'created_by' in vgw.vgw.tags" + - not vgw.vgw.vpc_id - name: test idempotence ec2_vpc_vgw: state: present - vpc_id: '{{ vpc_id_2 }}' - name: "{{ resource_prefix }}-vgw" - tags: - created_by: ec2_vpc_vgw integration tests + name: "{{ vgw_name }}" register: vgw - assert: @@ -99,43 +98,31 @@ - not vgw.changed # ============================================================ - - name: remove tags from the VGW - ec2_vpc_vgw: - state: present - vpc_id: '{{ vpc_id_2 }}' - name: "{{ resource_prefix }}-vgw" - register: vgw - - assert: - that: - - vgw.changed - - vgw.vgw.tags | length == 1 - - '"{{ vgw.vgw.tags.Name }}" == "{{ resource_prefix }}-vgw"' + - include_tasks: 'tags.yml' # ============================================================ - - name: detach vpn gateway + + - name: delete vpn gateway ec2_vpc_vgw: - state: present - name: "{{ resource_prefix }}-vgw" + state: absent + name: "{{ vgw_name }}" register: vgw - assert: that: - vgw.changed - - not vgw.vgw.vpc_id - name: test idempotence ec2_vpc_vgw: - state: present - name: "{{ resource_prefix }}-vgw" + state: absent + name: "{{ vgw_name }}" register: vgw - assert: that: - not vgw.changed - # ============================================================ - always: - debug: msg="Removing test dependencies" @@ -148,9 +135,9 @@ - name: delete vpc ec2_vpc_net: - name: "{{ resource_prefix }}-vpc-{{ item }}" + name: "{{ vpc_name }}-{{ item }}" state: absent - cidr_block: "10.0.0.0/26" + cidr_block: "{{ vpc_cidr }}" loop: [1, 2] register: result retries: 10 diff --git a/tests/integration/targets/ec2_vpc_vgw/tasks/tags.yml b/tests/integration/targets/ec2_vpc_vgw/tasks/tags.yml new file mode 100644 index 00000000000..a80521313fb --- /dev/null +++ b/tests/integration/targets/ec2_vpc_vgw/tasks/tags.yml @@ -0,0 +1,333 @@ +- vars: + first_tags: + 'Key with Spaces': Value with spaces + CamelCaseKey: CamelCaseValue + pascalCaseKey: pascalCaseValue + snake_case_key: snake_case_value + second_tags: + 'New Key with Spaces': Value with spaces + NewCamelCaseKey: CamelCaseValue + newPascalCaseKey: pascalCaseValue + new_snake_case_key: snake_case_value + third_tags: + 'Key with Spaces': Value with spaces + CamelCaseKey: CamelCaseValue + pascalCaseKey: pascalCaseValue + snake_case_key: snake_case_value + 'New Key with Spaces': Updated Value with spaces + final_tags: + 'Key with Spaces': Value with spaces + CamelCaseKey: CamelCaseValue + pascalCaseKey: pascalCaseValue + snake_case_key: snake_case_value + 'New Key with Spaces': Updated Value with spaces + NewCamelCaseKey: CamelCaseValue + newPascalCaseKey: pascalCaseValue + new_snake_case_key: snake_case_value + name_tags: + Name: '{{ vgw_name }}' + module_defaults: + ec2_vpc_vgw: + name: '{{ vgw_name }}' + ec2_vpc_vgw_info: + vpn_gateway_ids: ['{{ vgw_id }}'] + block: + + # ============================================================ + +# - name: (check) add tags +# ec2_vpc_vgw: +# tags: '{{ first_tags }}' +# state: 'present' +# register: tag_vgw +# check_mode: True +# +# - name: assert would change +# assert: +# that: +# - tag_vgw is changed +# - tag_vgw.vgw.id == vgw_id + + - name: add tags + ec2_vpc_vgw: + tags: '{{ first_tags }}' + state: 'present' + register: tag_vgw + + - name: get VPC VGW facts + ec2_vpc_vgw_info: {} + register: tag_vgw_info + + - name: verify the tags were added + assert: + that: + - tag_vgw is changed + - tag_vgw.vgw.id == vgw_id + - tag_vgw_info.virtual_gateways[0].vpn_gateway_id == vgw_id + - tag_vgw_info.virtual_gateways[0].resource_tags == ( first_tags | combine(name_tags) ) + +# - name: (check) add tags - IDEMPOTENCY +# ec2_vpc_vgw: +# tags: '{{ first_tags }}' +# state: 'present' +# register: tag_vgw +# check_mode: True +# +# - name: assert would not change +# assert: +# that: +# - tag_vgw is not changed +# - tag_vgw.vgw.id == vgw_id + + - name: add tags - IDEMPOTENCY + ec2_vpc_vgw: + tags: '{{ first_tags }}' + state: 'present' + register: tag_vgw + - name: get VPC VGW facts + ec2_vpc_vgw_info: {} + register: tag_vgw_info + + - name: verify no change + assert: + that: + - tag_vgw is not changed + - tag_vgw.vgw.id == vgw_id + - tag_vgw_info.virtual_gateways[0].vpn_gateway_id == vgw_id + - tag_vgw_info.virtual_gateways[0].resource_tags == ( first_tags | combine(name_tags) ) + + # ============================================================ + + - name: get VPC VGW facts by filter + ec2_vpc_vgw_info: + filters: + 'tag:Name': '{{ vgw_name }}' + vpn_gateway_ids: '{{ omit }}' + register: tag_vgw_info + + - name: assert the facts are the same as before + assert: + that: + - tag_vgw_info.virtual_gateways | length == 1 + - tag_vgw.vgw.id == vgw_id + - tag_vgw_info.virtual_gateways[0].vpn_gateway_id == vgw_id + + # ============================================================ + +# - name: (check) modify tags with purge +# ec2_vpc_vgw: +# tags: '{{ second_tags }}' +# state: 'present' +# register: tag_vgw +# check_mode: True +# +# - name: assert would change +# assert: +# that: +# - tag_vgw is changed +# - tag_vgw.vgw.id == vgw_id + + - name: modify tags with purge + ec2_vpc_vgw: + tags: '{{ second_tags }}' + state: 'present' + register: tag_vgw + - name: get VPC VGW facts + ec2_vpc_vgw_info: + register: tag_vgw_info + + - name: verify the tags were added + assert: + that: + - tag_vgw is changed + - tag_vgw.vgw.id == vgw_id + - tag_vgw_info.virtual_gateways[0].vpn_gateway_id == vgw_id + - tag_vgw_info.virtual_gateways[0].resource_tags == ( second_tags | combine(name_tags) ) + +# - name: (check) modify tags with purge - IDEMPOTENCY +# ec2_vpc_vgw: +# tags: '{{ second_tags }}' +# state: 'present' +# register: tag_vgw +# check_mode: True +# +# - name: assert would not change +# assert: +# that: +# - tag_vgw is not changed +# - tag_vgw.vgw.id == vgw_id + + - name: modify tags with purge - IDEMPOTENCY + ec2_vpc_vgw: + tags: '{{ second_tags }}' + state: 'present' + register: tag_vgw + - name: get VPC VGW facts + ec2_vpc_vgw_info: + register: tag_vgw_info + + - name: verify no change + assert: + that: + - tag_vgw is not changed + - tag_vgw.vgw.id == vgw_id + - tag_vgw_info.virtual_gateways[0].vpn_gateway_id == vgw_id + - tag_vgw_info.virtual_gateways[0].resource_tags == ( second_tags | combine(name_tags) ) + + # ============================================================ + +# - name: (check) modify tags without purge +# ec2_vpc_vgw: +# tags: '{{ third_tags }}' +# state: 'present' +# purge_tags: False +# register: tag_vgw +# check_mode: True +# +# - name: assert would change +# assert: +# that: +# - tag_vgw is changed +# - tag_vgw.vgw.id == vgw_id + + - name: modify tags without purge + ec2_vpc_vgw: + tags: '{{ third_tags }}' + state: 'present' + purge_tags: False + register: tag_vgw + - name: get VPC VGW facts + ec2_vpc_vgw_info: + register: tag_vgw_info + + - name: verify the tags were added + assert: + that: + - tag_vgw is changed + - tag_vgw.vgw.id == vgw_id + - tag_vgw_info.virtual_gateways[0].vpn_gateway_id == vgw_id + - tag_vgw_info.virtual_gateways[0].resource_tags == ( final_tags | combine(name_tags) ) + +# - name: (check) modify tags without purge - IDEMPOTENCY +# ec2_vpc_vgw: +# tags: '{{ third_tags }}' +# state: 'present' +# purge_tags: False +# register: tag_vgw +# check_mode: True +# +# - name: assert would not change +# assert: +# that: +# - tag_vgw is not changed +# - tag_vgw.vgw.id == vgw_id + + - name: modify tags without purge - IDEMPOTENCY + ec2_vpc_vgw: + tags: '{{ third_tags }}' + state: 'present' + purge_tags: False + register: tag_vgw + - name: get VPC VGW facts + ec2_vpc_vgw_info: + register: tag_vgw_info + + - name: verify no change + assert: + that: + - tag_vgw is not changed + - tag_vgw.vgw.id == vgw_id + - tag_vgw_info.virtual_gateways[0].vpn_gateway_id == vgw_id + - tag_vgw_info.virtual_gateways[0].resource_tags == ( final_tags | combine(name_tags) ) + + # ============================================================ + +# - name: (check) No change to tags without setting tags +# ec2_vpc_vgw: +# state: 'present' +# register: tag_vgw +# check_mode: True +# +# - name: assert would change +# assert: +# that: +# - tag_vgw is not changed +# - tag_vgw.vgw.id == vgw_id + + - name: No change to tags without setting tags + ec2_vpc_vgw: + state: 'present' + register: tag_vgw + - name: get VPC VGW facts + ec2_vpc_vgw_info: + register: tag_vgw_info + + - name: verify the tags were added + assert: + that: + - tag_vgw is not changed + - tag_vgw.vgw.id == vgw_id + - tag_vgw_info.virtual_gateways[0].vpn_gateway_id == vgw_id + - tag_vgw_info.virtual_gateways[0].resource_tags == ( final_tags | combine(name_tags) ) + + # ============================================================ + +# - name: (check) remove non name tags +# ec2_vpc_vgw: +# tags: {} +# state: 'present' +# register: tag_vgw +# check_mode: True +# +# - name: assert would change +# assert: +# that: +# - tag_vgw is changed +# - tag_vgw.vgw.id == vgw_id + + - name: remove non name tags + ec2_vpc_vgw: + tags: {} + state: 'present' + register: tag_vgw + - name: get VPC VGW facts + ec2_vpc_vgw_info: + register: tag_vgw_info + + - name: verify the tags were added + assert: + that: + - tag_vgw is changed + - tag_vgw.vgw.id == vgw_id + - tag_vgw_info.virtual_gateways[0].vpn_gateway_id == vgw_id + - tag_vgw_info.virtual_gateways[0].resource_tags == name_tags + +# - name: (check) remove non name tags - IDEMPOTENCY +# ec2_vpc_vgw: +# tags: {} +# state: 'present' +# register: tag_vgw +# check_mode: True +# +# - name: assert would not change +# assert: +# that: +# - tag_vgw is not changed +# - tag_vgw.vgw.id == vgw_id + + - name: remove non name tags - IDEMPOTENCY + ec2_vpc_vgw: + tags: {} + state: 'present' + register: tag_vgw + - name: get VPC VGW facts + ec2_vpc_vgw_info: + register: tag_vgw_info + + - name: verify no change + assert: + that: + - tag_vgw is not changed + - tag_vgw.vgw.id == vgw_id + - tag_vgw_info.virtual_gateways[0].vpn_gateway_id == vgw_id + - tag_vgw_info.virtual_gateways[0].resource_tags == name_tags