diff --git a/changelogs/fragments/894-add-check_mode-elb_application_lb.yml b/changelogs/fragments/894-add-check_mode-elb_application_lb.yml
new file mode 100644
index 00000000000..4c6a4dd935b
--- /dev/null
+++ b/changelogs/fragments/894-add-check_mode-elb_application_lb.yml
@@ -0,0 +1,3 @@
+minor_changes:
+ - elb_application_lb - add check_mode support and refactor integration tests (https://github.com/ansible-collections/community.aws/pull/894)
+ - elb_application_lb_info - update documentation and refactor integration tests (https://github.com/ansible-collections/community.aws/pull/894)
\ No newline at end of file
diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py
index 4b547ace1c2..32c0f28bd95 100644
--- a/plugins/modules/elb_application_lb.py
+++ b/plugins/modules/elb_application_lb.py
@@ -48,7 +48,7 @@
type: str
deletion_protection:
description:
- - Indicates whether deletion protection for the ELB is enabled.
+ - Indicates whether deletion protection for the ALB is enabled.
- Defaults to C(false).
type: bool
http2:
@@ -62,7 +62,7 @@
type: int
listeners:
description:
- - A list of dicts containing listeners to attach to the ELB. See examples for detail of the dict required. Note that listener keys
+ - A list of dicts containing listeners to attach to the ALB. See examples for detail of the dict required. Note that listener keys
are CamelCased.
type: list
elements: dict
@@ -123,7 +123,7 @@
type: str
purge_listeners:
description:
- - If C(yes), existing listeners will be purged from the ELB to match exactly what is defined by I(listeners) parameter.
+ - If C(yes), existing listeners will be purged from the ALB to match exactly what is defined by I(listeners) parameter.
- If the I(listeners) parameter is not set then listeners will not be modified.
default: yes
type: bool
@@ -149,7 +149,7 @@
elements: str
scheme:
description:
- - Internet-facing or internal load balancer. An ELB scheme can not be modified after creation.
+ - Internet-facing or internal load balancer. An ALB scheme can not be modified after creation.
default: internet-facing
choices: [ 'internet-facing', 'internal' ]
type: str
@@ -195,9 +195,9 @@
EXAMPLES = r'''
# Note: These examples do not set authentication details, see the AWS Guide for details.
-# Create an ELB and attach a listener
+# Create an ALB and attach a listener
- community.aws.elb_application_lb:
- name: myelb
+ name: myalb
security_groups:
- sg-12345678
- my-sec-group
@@ -216,12 +216,12 @@
TargetGroupName: # Required. The name of the target group
state: present
-# Create an ELB and attach a listener with logging enabled
+# Create an ALB and attach a listener with logging enabled
- community.aws.elb_application_lb:
access_logs_enabled: yes
access_logs_s3_bucket: mybucket
access_logs_s3_prefix: "logs"
- name: myelb
+ name: myalb
security_groups:
- sg-12345678
- my-sec-group
@@ -303,9 +303,9 @@
Type: forward
state: present
-# Remove an ELB
+# Remove an ALB
- community.aws.elb_application_lb:
- name: myelb
+ name: myalb
state: absent
'''
@@ -315,27 +315,32 @@
description: The name of the S3 bucket for the access logs.
returned: when state is present
type: str
- sample: mys3bucket
+ sample: "mys3bucket"
access_logs_s3_enabled:
description: Indicates whether access logs stored in Amazon S3 are enabled.
returned: when state is present
- type: str
+ type: bool
sample: true
access_logs_s3_prefix:
description: The prefix for the location in the S3 bucket.
returned: when state is present
type: str
- sample: my/logs
+ sample: "my/logs"
availability_zones:
description: The Availability Zones for the load balancer.
returned: when state is present
type: list
- sample: "[{'subnet_id': 'subnet-aabbccddff', 'zone_name': 'ap-southeast-2a'}]"
+ sample: [{ "load_balancer_addresses": [], "subnet_id": "subnet-aabbccddff", "zone_name": "ap-southeast-2a" }]
canonical_hosted_zone_id:
description: The ID of the Amazon Route 53 hosted zone associated with the load balancer.
returned: when state is present
type: str
- sample: ABCDEF12345678
+ sample: "ABCDEF12345678"
+changed:
+ description: Whether an ALB was created/updated/deleted
+ returned: always
+ type: bool
+ sample: true
created_time:
description: The date and time the load balancer was created.
returned: when state is present
@@ -344,23 +349,23 @@
deletion_protection_enabled:
description: Indicates whether deletion protection is enabled.
returned: when state is present
- type: str
+ type: bool
sample: true
dns_name:
description: The public DNS name of the load balancer.
returned: when state is present
type: str
- sample: internal-my-elb-123456789.ap-southeast-2.elb.amazonaws.com
+ sample: "internal-my-elb-123456789.ap-southeast-2.elb.amazonaws.com"
idle_timeout_timeout_seconds:
description: The idle timeout value, in seconds.
returned: when state is present
type: int
sample: 60
ip_address_type:
- description: The type of IP addresses used by the subnets for the load balancer.
+ description: The type of IP addresses used by the subnets for the load balancer.
returned: when state is present
type: str
- sample: ipv4
+ sample: "ipv4"
listeners:
description: Information about the listeners.
returned: when state is present
@@ -385,7 +390,7 @@
description: The protocol for connections from clients to the load balancer.
returned: when state is present
type: str
- sample: HTTPS
+ sample: "HTTPS"
certificates:
description: The SSL server certificate.
returned: when state is present
@@ -420,22 +425,42 @@
description: The Amazon Resource Name (ARN) of the load balancer.
returned: when state is present
type: str
- sample: arn:aws:elasticloadbalancing:ap-southeast-2:0123456789:loadbalancer/app/my-elb/001122334455
+ sample: "arn:aws:elasticloadbalancing:ap-southeast-2:0123456789:loadbalancer/app/my-alb/001122334455"
load_balancer_name:
description: The name of the load balancer.
returned: when state is present
type: str
- sample: my-elb
+ sample: "my-alb"
routing_http2_enabled:
description: Indicates whether HTTP/2 is enabled.
returned: when state is present
- type: str
+ type: bool
sample: true
+routing_http_desync_mitigation_mode:
+ description: Determines how the load balancer handles requests that might pose a security risk to an application.
+ returned: when state is present
+ type: str
+ sample: "defensive"
+routing_http_drop_invalid_header_fields_enabled:
+ description: Indicates whether HTTP headers with invalid header fields are removed by the load balancer (true) or routed to targets (false).
+ returned: when state is present
+ type: bool
+ sample: false
+routing_http_x_amzn_tls_version_and_cipher_suite_enabled:
+ description: Indicates whether the two headers are added to the client request before sending it to the target.
+ returned: when state is present
+ type: bool
+ sample: false
+routing_http_xff_client_port_enabled:
+ description: Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer.
+ returned: when state is present
+ type: bool
+ sample: false
scheme:
description: Internet-facing or internal load balancer.
returned: when state is present
type: str
- sample: internal
+ sample: "internal"
security_groups:
description: The IDs of the security groups for the load balancer.
returned: when state is present
@@ -445,29 +470,35 @@
description: The state of the load balancer.
returned: when state is present
type: dict
- sample: "{'code': 'active'}"
+ sample: {'code': 'active'}
tags:
description: The tags attached to the load balancer.
returned: when state is present
type: dict
- sample: "{
+ sample: {
'Tag': 'Example'
- }"
+ }
type:
description: The type of load balancer.
returned: when state is present
type: str
- sample: application
+ sample: "application"
vpc_id:
description: The ID of the VPC for the load balancer.
returned: when state is present
type: str
- sample: vpc-0011223344
+ sample: "vpc-0011223344"
+waf_fail_open_enabled:
+ description: Indicates whether to allow a AWS WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF.
+ returned: when state is present
+ type: bool
+ sample: false
'''
from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule
-from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict, boto3_tag_list_to_ansible_dict, compare_aws_tags
-
+from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict
+from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict
+from ansible_collections.amazon.aws.plugins.module_utils.ec2 import compare_aws_tags
from ansible_collections.amazon.aws.plugins.module_utils.elbv2 import (
ApplicationLoadBalancer,
ELBListener,
@@ -478,134 +509,170 @@
from ansible_collections.amazon.aws.plugins.module_utils.elb_utils import get_elb_listener_rules
-def create_or_update_elb(elb_obj):
- """Create ELB or modify main attributes. json_exit here"""
- if elb_obj.elb:
- # ELB exists so check subnets, security groups and tags match what has been passed
-
+def create_or_update_alb(alb_obj):
+ """Create ALB or modify main attributes. json_exit here"""
+ if alb_obj.elb:
+ # ALB exists so check subnets, security groups and tags match what has been passed
# Subnets
- if not elb_obj.compare_subnets():
- elb_obj.modify_subnets()
+ if not alb_obj.compare_subnets():
+ if alb_obj.module.check_mode:
+ alb_obj.module.exit_json(changed=True, msg='Would have updated ALB if not in check mode.')
+ alb_obj.modify_subnets()
# Security Groups
- if not elb_obj.compare_security_groups():
- elb_obj.modify_security_groups()
+ if not alb_obj.compare_security_groups():
+ if alb_obj.module.check_mode:
+ alb_obj.module.exit_json(changed=True, msg='Would have updated ALB if not in check mode.')
+ alb_obj.modify_security_groups()
# Tags - only need to play with tags if tags parameter has been set to something
- if elb_obj.tags is not None:
+ if alb_obj.tags is not None:
+
+ tags_need_modify, tags_to_delete = compare_aws_tags(boto3_tag_list_to_ansible_dict(alb_obj.elb['tags']),
+ boto3_tag_list_to_ansible_dict(alb_obj.tags), alb_obj.purge_tags)
+
+ # Exit on check_mode
+ if alb_obj.module.check_mode and (tags_need_modify or tags_to_delete):
+ alb_obj.module.exit_json(changed=True, msg='Would have updated ALB if not in check mode.')
# Delete necessary tags
- tags_need_modify, tags_to_delete = compare_aws_tags(boto3_tag_list_to_ansible_dict(elb_obj.elb['tags']),
- boto3_tag_list_to_ansible_dict(elb_obj.tags), elb_obj.purge_tags)
if tags_to_delete:
- elb_obj.delete_tags(tags_to_delete)
+ alb_obj.delete_tags(tags_to_delete)
# Add/update tags
if tags_need_modify:
- elb_obj.modify_tags()
+ alb_obj.modify_tags()
else:
# Create load balancer
- elb_obj.create_elb()
+ if alb_obj.module.check_mode:
+ alb_obj.module.exit_json(changed=True, msg='Would have created ALB if not in check mode.')
+ alb_obj.create_elb()
- # ELB attributes
- elb_obj.update_elb_attributes()
- elb_obj.modify_elb_attributes()
+ # ALB attributes
+ alb_obj.update_elb_attributes()
+ alb_obj.modify_elb_attributes()
# Listeners
- listeners_obj = ELBListeners(elb_obj.connection, elb_obj.module, elb_obj.elb['LoadBalancerArn'])
-
+ listeners_obj = ELBListeners(alb_obj.connection, alb_obj.module, alb_obj.elb['LoadBalancerArn'])
listeners_to_add, listeners_to_modify, listeners_to_delete = listeners_obj.compare_listeners()
+ # Exit on check_mode
+ if alb_obj.module.check_mode and (listeners_to_add or listeners_to_modify or listeners_to_delete):
+ alb_obj.module.exit_json(changed=True, msg='Would have updated ALB if not in check mode.')
+
# Delete listeners
for listener_to_delete in listeners_to_delete:
- listener_obj = ELBListener(elb_obj.connection, elb_obj.module, listener_to_delete, elb_obj.elb['LoadBalancerArn'])
+ listener_obj = ELBListener(alb_obj.connection, alb_obj.module, listener_to_delete, alb_obj.elb['LoadBalancerArn'])
listener_obj.delete()
listeners_obj.changed = True
# Add listeners
for listener_to_add in listeners_to_add:
- listener_obj = ELBListener(elb_obj.connection, elb_obj.module, listener_to_add, elb_obj.elb['LoadBalancerArn'])
+ listener_obj = ELBListener(alb_obj.connection, alb_obj.module, listener_to_add, alb_obj.elb['LoadBalancerArn'])
listener_obj.add()
listeners_obj.changed = True
# Modify listeners
for listener_to_modify in listeners_to_modify:
- listener_obj = ELBListener(elb_obj.connection, elb_obj.module, listener_to_modify, elb_obj.elb['LoadBalancerArn'])
+ listener_obj = ELBListener(alb_obj.connection, alb_obj.module, listener_to_modify, alb_obj.elb['LoadBalancerArn'])
listener_obj.modify()
listeners_obj.changed = True
- # If listeners changed, mark ELB as changed
+ # If listeners changed, mark ALB as changed
if listeners_obj.changed:
- elb_obj.changed = True
+ alb_obj.changed = True
# Rules of each listener
for listener in listeners_obj.listeners:
if 'Rules' in listener:
- rules_obj = ELBListenerRules(elb_obj.connection, elb_obj.module, elb_obj.elb['LoadBalancerArn'], listener['Rules'], listener['Port'])
-
+ rules_obj = ELBListenerRules(alb_obj.connection, alb_obj.module, alb_obj.elb['LoadBalancerArn'], listener['Rules'], listener['Port'])
rules_to_add, rules_to_modify, rules_to_delete = rules_obj.compare_rules()
+ # Exit on check_mode
+ if alb_obj.module.check_mode and (rules_to_add or rules_to_modify or rules_to_delete):
+ alb_obj.module.exit_json(changed=True, msg='Would have updated ALB if not in check mode.')
+
# Delete rules
- if elb_obj.module.params['purge_rules']:
+ if alb_obj.module.params['purge_rules']:
for rule in rules_to_delete:
- rule_obj = ELBListenerRule(elb_obj.connection, elb_obj.module, {'RuleArn': rule}, rules_obj.listener_arn)
+ rule_obj = ELBListenerRule(alb_obj.connection, alb_obj.module, {'RuleArn': rule}, rules_obj.listener_arn)
rule_obj.delete()
- elb_obj.changed = True
+ alb_obj.changed = True
# Add rules
for rule in rules_to_add:
- rule_obj = ELBListenerRule(elb_obj.connection, elb_obj.module, rule, rules_obj.listener_arn)
+ rule_obj = ELBListenerRule(alb_obj.connection, alb_obj.module, rule, rules_obj.listener_arn)
rule_obj.create()
- elb_obj.changed = True
+ alb_obj.changed = True
# Modify rules
for rule in rules_to_modify:
- rule_obj = ELBListenerRule(elb_obj.connection, elb_obj.module, rule, rules_obj.listener_arn)
+ rule_obj = ELBListenerRule(alb_obj.connection, alb_obj.module, rule, rules_obj.listener_arn)
rule_obj.modify()
- elb_obj.changed = True
+ alb_obj.changed = True
+
+ # Update ALB ip address type only if option has been provided
+ if alb_obj.module.params.get('ip_address_type') and alb_obj.elb_ip_addr_type != alb_obj.module.params.get('ip_address_type'):
+ # Exit on check_mode
+ if alb_obj.module.check_mode:
+ alb_obj.module.exit_json(changed=True, msg='Would have updated ALB if not in check mode.')
- # Update ELB ip address type only if option has been provided
- if elb_obj.module.params.get('ip_address_type') is not None:
- elb_obj.modify_ip_address_type(elb_obj.module.params.get('ip_address_type'))
- # Get the ELB again
- elb_obj.update()
+ alb_obj.modify_ip_address_type(alb_obj.module.params.get('ip_address_type'))
- # Get the ELB listeners again
+ # Exit on check_mode - no changes
+ if alb_obj.module.check_mode:
+ alb_obj.module.exit_json(changed=False, msg='IN CHECK MODE - no changes to make to ALB specified.')
+
+ # Get the ALB again
+ alb_obj.update()
+
+ # Get the ALB listeners again
listeners_obj.update()
- # Update the ELB attributes
- elb_obj.update_elb_attributes()
+ # Update the ALB attributes
+ alb_obj.update_elb_attributes()
# Convert to snake_case and merge in everything we want to return to the user
- snaked_elb = camel_dict_to_snake_dict(elb_obj.elb)
- snaked_elb.update(camel_dict_to_snake_dict(elb_obj.elb_attributes))
- snaked_elb['listeners'] = []
+ snaked_alb = camel_dict_to_snake_dict(alb_obj.elb)
+ snaked_alb.update(camel_dict_to_snake_dict(alb_obj.elb_attributes))
+ snaked_alb['listeners'] = []
for listener in listeners_obj.current_listeners:
# For each listener, get listener rules
- listener['rules'] = get_elb_listener_rules(elb_obj.connection, elb_obj.module, listener['ListenerArn'])
- snaked_elb['listeners'].append(camel_dict_to_snake_dict(listener))
+ listener['rules'] = get_elb_listener_rules(alb_obj.connection, alb_obj.module, listener['ListenerArn'])
+ snaked_alb['listeners'].append(camel_dict_to_snake_dict(listener))
# Change tags to ansible friendly dict
- snaked_elb['tags'] = boto3_tag_list_to_ansible_dict(snaked_elb['tags'])
+ snaked_alb['tags'] = boto3_tag_list_to_ansible_dict(snaked_alb['tags'])
# ip address type
- snaked_elb['ip_address_type'] = elb_obj.get_elb_ip_address_type()
+ snaked_alb['ip_address_type'] = alb_obj.get_elb_ip_address_type()
+
+ alb_obj.module.exit_json(changed=alb_obj.changed, **snaked_alb)
- elb_obj.module.exit_json(changed=elb_obj.changed, **snaked_elb)
+def delete_alb(alb_obj):
-def delete_elb(elb_obj):
+ if alb_obj.elb:
- if elb_obj.elb:
- listeners_obj = ELBListeners(elb_obj.connection, elb_obj.module, elb_obj.elb['LoadBalancerArn'])
+ # Exit on check_mode
+ if alb_obj.module.check_mode:
+ alb_obj.module.exit_json(changed=True, msg='Would have deleted ALB if not in check mode.')
+
+ listeners_obj = ELBListeners(alb_obj.connection, alb_obj.module, alb_obj.elb['LoadBalancerArn'])
for listener_to_delete in [i['ListenerArn'] for i in listeners_obj.current_listeners]:
- listener_obj = ELBListener(elb_obj.connection, elb_obj.module, listener_to_delete, elb_obj.elb['LoadBalancerArn'])
+ listener_obj = ELBListener(alb_obj.connection, alb_obj.module, listener_to_delete, alb_obj.elb['LoadBalancerArn'])
listener_obj.delete()
- elb_obj.delete()
+ alb_obj.delete()
- elb_obj.module.exit_json(changed=elb_obj.changed)
+ else:
+
+ # Exit on check_mode - no changes
+ if alb_obj.module.check_mode:
+ alb_obj.module.exit_json(changed=False, msg='IN CHECK MODE - ALB already absent.')
+
+ alb_obj.module.exit_json(changed=alb_obj.changed)
def main():
@@ -648,7 +715,8 @@ def main():
],
required_together=[
['access_logs_enabled', 'access_logs_s3_bucket']
- ]
+ ],
+ supports_check_mode=True,
)
# Quick check of listeners parameters
@@ -668,12 +736,12 @@ def main():
state = module.params.get("state")
- elb = ApplicationLoadBalancer(connection, connection_ec2, module)
+ alb = ApplicationLoadBalancer(connection, connection_ec2, module)
if state == 'present':
- create_or_update_elb(elb)
- else:
- delete_elb(elb)
+ create_or_update_alb(alb)
+ elif state == 'absent':
+ delete_alb(alb)
if __name__ == '__main__':
diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py
index ddac4fe9629..d1de312df11 100644
--- a/plugins/modules/elb_application_lb_info.py
+++ b/plugins/modules/elb_application_lb_info.py
@@ -10,9 +10,9 @@
---
module: elb_application_lb_info
version_added: 1.0.0
-short_description: Gather information about application ELBs in AWS
+short_description: Gather information about Application Load Balancers in AWS
description:
- - Gather information about application ELBs in AWS
+ - Gather information about Application Load Balancers in AWS
author: Rob White (@wimnat)
options:
load_balancer_arns:
@@ -37,19 +37,19 @@
EXAMPLES = r'''
# Note: These examples do not set authentication details, see the AWS Guide for details.
-- name: Gather information about all target groups
+- name: Gather information about all ALBs
community.aws.elb_application_lb_info:
-- name: Gather information about the target group attached to a particular ELB
+- name: Gather information about a particular ALB given its ARN
community.aws.elb_application_lb_info:
load_balancer_arns:
- - "arn:aws:elasticloadbalancing:ap-southeast-2:001122334455:loadbalancer/app/my-elb/aabbccddeeff"
+ - "arn:aws:elasticloadbalancing:ap-southeast-2:001122334455:loadbalancer/app/my-alb/aabbccddeeff"
-- name: Gather information about a target groups named 'tg1' and 'tg2'
+- name: Gather information about ALBs named 'alb1' and 'alb2'
community.aws.elb_application_lb_info:
names:
- - elb1
- - elb2
+ - alb1
+ - alb2
- name: Gather information about specific ALB
community.aws.elb_application_lb_info:
@@ -69,55 +69,119 @@
access_logs_s3_bucket:
description: The name of the S3 bucket for the access logs.
type: str
- sample: mys3bucket
+ sample: "mys3bucket"
access_logs_s3_enabled:
description: Indicates whether access logs stored in Amazon S3 are enabled.
- type: str
+ type: bool
sample: true
access_logs_s3_prefix:
description: The prefix for the location in the S3 bucket.
type: str
- sample: /my/logs
+ sample: "my/logs"
availability_zones:
description: The Availability Zones for the load balancer.
type: list
- sample: "[{'subnet_id': 'subnet-aabbccddff', 'zone_name': 'ap-southeast-2a'}]"
+ sample: [{ "load_balancer_addresses": [], "subnet_id": "subnet-aabbccddff", "zone_name": "ap-southeast-2a" }]
canonical_hosted_zone_id:
description: The ID of the Amazon Route 53 hosted zone associated with the load balancer.
type: str
- sample: ABCDEF12345678
+ sample: "ABCDEF12345678"
created_time:
description: The date and time the load balancer was created.
type: str
sample: "2015-02-12T02:14:02+00:00"
deletion_protection_enabled:
description: Indicates whether deletion protection is enabled.
- type: str
+ type: bool
sample: true
dns_name:
description: The public DNS name of the load balancer.
type: str
- sample: internal-my-elb-123456789.ap-southeast-2.elb.amazonaws.com
+ sample: "internal-my-alb-123456789.ap-southeast-2.elb.amazonaws.com"
idle_timeout_timeout_seconds:
description: The idle timeout value, in seconds.
- type: str
+ type: int
sample: 60
ip_address_type:
- description: The type of IP addresses used by the subnets for the load balancer.
+ description: The type of IP addresses used by the subnets for the load balancer.
type: str
- sample: ipv4
+ sample: "ipv4"
+ listeners:
+ description: Information about the listeners.
+ type: complex
+ contains:
+ listener_arn:
+ description: The Amazon Resource Name (ARN) of the listener.
+ type: str
+ sample: ""
+ load_balancer_arn:
+ description: The Amazon Resource Name (ARN) of the load balancer.
+ type: str
+ sample: ""
+ port:
+ description: The port on which the load balancer is listening.
+ type: int
+ sample: 80
+ protocol:
+ description: The protocol for connections from clients to the load balancer.
+ type: str
+ sample: "HTTPS"
+ certificates:
+ description: The SSL server certificate.
+ type: complex
+ contains:
+ certificate_arn:
+ description: The Amazon Resource Name (ARN) of the certificate.
+ type: str
+ sample: ""
+ ssl_policy:
+ description: The security policy that defines which ciphers and protocols are supported.
+ type: str
+ sample: ""
+ default_actions:
+ description: The default actions for the listener.
+ type: str
+ contains:
+ type:
+ description: The type of action.
+ type: str
+ sample: ""
+ target_group_arn:
+ description: The Amazon Resource Name (ARN) of the target group.
+ type: str
+ sample: ""
load_balancer_arn:
description: The Amazon Resource Name (ARN) of the load balancer.
type: str
- sample: arn:aws:elasticloadbalancing:ap-southeast-2:0123456789:loadbalancer/app/my-elb/001122334455
+ sample: "arn:aws:elasticloadbalancing:ap-southeast-2:0123456789:loadbalancer/app/my-alb/001122334455"
load_balancer_name:
description: The name of the load balancer.
type: str
- sample: my-elb
+ sample: "my-alb"
+ routing_http2_enabled:
+ description: Indicates whether HTTP/2 is enabled.
+ type: bool
+ sample: true
+ routing_http_desync_mitigation_mode:
+ description: Determines how the load balancer handles requests that might pose a security risk to an application.
+ type: str
+ sample: "defensive"
+ routing_http_drop_invalid_header_fields_enabled:
+ description: Indicates whether HTTP headers with invalid header fields are removed by the load balancer (true) or routed to targets (false).
+ type: bool
+ sample: false
+ routing_http_x_amzn_tls_version_and_cipher_suite_enabled:
+ description: Indicates whether the two headers are added to the client request before sending it to the target.
+ type: bool
+ sample: false
+ routing_http_xff_client_port_enabled:
+ description: Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer.
+ type: bool
+ sample: false
scheme:
description: Internet-facing or internal load balancer.
type: str
- sample: internal
+ sample: "internal"
security_groups:
description: The IDs of the security groups for the load balancer.
type: list
@@ -125,21 +189,26 @@
state:
description: The state of the load balancer.
type: dict
- sample: "{'code': 'active'}"
+ sample: {'code': 'active'}
tags:
description: The tags attached to the load balancer.
type: dict
- sample: "{
+ sample: {
'Tag': 'Example'
- }"
+ }
type:
description: The type of load balancer.
type: str
- sample: application
+ sample: "application"
vpc_id:
description: The ID of the VPC for the load balancer.
type: str
- sample: vpc-0011223344
+ sample: "vpc-0011223344"
+ waf_fail_open_enabled:
+ description: Indicates whether to allow a AWS WAF-enabled load balancer to route requests to targets
+ if it is unable to forward the request to AWS WAF.
+ type: bool
+ sample: false
'''
try:
@@ -154,12 +223,12 @@
from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict
-def get_elb_listeners(connection, module, elb_arn):
+def get_alb_listeners(connection, module, alb_arn):
try:
- return connection.describe_listeners(LoadBalancerArn=elb_arn)['Listeners']
+ return connection.describe_listeners(LoadBalancerArn=alb_arn)['Listeners']
except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e:
- module.fail_json_aws(e, msg="Failed to describe elb listeners")
+ module.fail_json_aws(e, msg="Failed to describe alb listeners")
def get_listener_rules(connection, module, listener_arn):
@@ -218,17 +287,17 @@ def list_load_balancers(connection, module):
module.fail_json_aws(e, msg="Failed to list load balancers")
for load_balancer in load_balancers['LoadBalancers']:
- # Get the attributes for each elb
+ # Get the attributes for each alb
load_balancer.update(get_load_balancer_attributes(connection, module, load_balancer['LoadBalancerArn']))
- # Get the listeners for each elb
- load_balancer['listeners'] = get_elb_listeners(connection, module, load_balancer['LoadBalancerArn'])
+ # Get the listeners for each alb
+ load_balancer['listeners'] = get_alb_listeners(connection, module, load_balancer['LoadBalancerArn'])
# For each listener, get listener rules
for listener in load_balancer['listeners']:
listener['rules'] = get_listener_rules(connection, module, listener['ListenerArn'])
- # Get ELB ip address type
+ # Get ALB ip address type
load_balancer['IpAddressType'] = get_load_balancer_ipaddresstype(connection, module, load_balancer['LoadBalancerArn'])
# Turn the boto3 result in to ansible_friendly_snaked_names
diff --git a/tests/integration/targets/elb_application_lb/aliases b/tests/integration/targets/elb_application_lb/aliases
index 500826a1d4f..948352f2013 100644
--- a/tests/integration/targets/elb_application_lb/aliases
+++ b/tests/integration/targets/elb_application_lb/aliases
@@ -1,2 +1,3 @@
cloud/aws
slow
+elb_application_lb_info
\ No newline at end of file
diff --git a/tests/integration/targets/elb_application_lb/defaults/main.yml b/tests/integration/targets/elb_application_lb/defaults/main.yml
index d0c601c6a04..20ced9d88ae 100644
--- a/tests/integration/targets/elb_application_lb/defaults/main.yml
+++ b/tests/integration/targets/elb_application_lb/defaults/main.yml
@@ -1,4 +1,14 @@
---
+# defaults file for elb_application_lb
+
resource_short: "{{ '%0.8x'%((16**8) | random(seed=resource_prefix)) }}"
alb_name: "alb-test-{{ resource_short }}"
tg_name: "alb-test-{{ resource_short }}"
+
+vpc_cidr: '10.{{ 256 | random(seed=resource_prefix) }}.0.0/16'
+
+private_subnet_cidr_1: '10.{{ 256 | random(seed=resource_prefix) }}.1.0/24'
+private_subnet_cidr_2: '10.{{ 256 | random(seed=resource_prefix) }}.2.0/24'
+
+public_subnet_cidr_1: '10.{{ 256 | random(seed=resource_prefix) }}.3.0/24'
+public_subnet_cidr_2: '10.{{ 256 | random(seed=resource_prefix) }}.4.0/24'
\ No newline at end of file
diff --git a/tests/integration/targets/elb_application_lb/tasks/full_test.yml b/tests/integration/targets/elb_application_lb/tasks/full_test.yml
deleted file mode 100644
index e260d0f7f5c..00000000000
--- a/tests/integration/targets/elb_application_lb/tasks/full_test.yml
+++ /dev/null
@@ -1,186 +0,0 @@
-- name: elb_application_lb full_test
- block:
- # Setup
- - name: create VPC
- ec2_vpc_net:
- cidr_block: 10.228.228.0/22
- name: '{{ resource_prefix }}_vpc'
- state: present
- ipv6_cidr: true
- register: vpc
- - name: create internet gateway
- ec2_vpc_igw:
- vpc_id: '{{ vpc.vpc.id }}'
- state: present
- tags:
- Name: '{{ resource_prefix }}'
- register: igw
- - name: create private subnet
- ec2_vpc_subnet:
- cidr: '{{ item.cidr }}'
- az: '{{ aws_region}}{{ item.az }}'
- vpc_id: '{{ vpc.vpc.id }}'
- state: present
- tags:
- Public: '{{ item.public|string }}'
- Name: '{{ item.public|ternary(''public'', ''private'') }}-{{ item.az }}'
- with_items:
- - cidr: 10.228.230.0/24
- az: a
- public: 'False'
- - cidr: 10.228.231.0/24
- az: b
- public: 'False'
-
- - name: create public subnets with ipv6
- ec2_vpc_subnet:
- cidr: '{{ item.cidr }}'
- az: '{{ aws_region}}{{ item.az }}'
- vpc_id: '{{ vpc.vpc.id }}'
- state: present
- ipv6_cidr: '{{ item.vpc_ipv6_cidr }}'
- tags:
- Public: '{{ item.public|string }}'
- Name: '{{ item.public|ternary(''public'', ''private'') }}-{{ item.az }}'
- with_items:
- - cidr: 10.228.228.0/24
- az: a
- public: 'True'
- vpc_ipv6_cidr: "{{ vpc.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('0::/56','0::/64') }}"
- - cidr: 10.228.229.0/24
- az: b
- public: 'True'
- vpc_ipv6_cidr: "{{ vpc.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('0::/56','1::/64') }}"
-
- - ec2_vpc_subnet_info:
- filters:
- vpc-id: '{{ vpc.vpc.id }}'
- register: vpc_subnets
- - name: create list of subnet ids
- set_fact:
- alb_subnets: '{{ vpc_subnets|community.general.json_query(''subnets[?tags.Public == `True`].id'') }}'
- private_subnets: '{{ vpc_subnets|community.general.json_query(''subnets[?tags.Public != `True`].id'') }}'
- - name: create a route table
- ec2_vpc_route_table:
- vpc_id: '{{ vpc.vpc.id }}'
- tags:
- Name: igw-route
- Created: '{{ resource_prefix }}'
- subnets: '{{ alb_subnets + private_subnets }}'
- routes:
- - dest: 0.0.0.0/0
- gateway_id: '{{ igw.gateway_id }}'
- register: route_table
- - ec2_group:
- name: '{{ resource_prefix }}'
- description: security group for Ansible ALB integration tests
- state: present
- vpc_id: '{{ vpc.vpc.id }}'
- rules:
- - proto: tcp
- from_port: 1
- to_port: 65535
- cidr_ip: 0.0.0.0/0
- register: sec_group
- - name: create a target group for testing
- elb_target_group:
- name: '{{ tg_name }}'
- protocol: http
- port: 80
- vpc_id: '{{ vpc.vpc.id }}'
- state: present
- register: tg
-
- # Run main tests
- - include_tasks: test_alb_bad_listener_options.yml
- - include_tasks: test_alb_ip_address_type_options.yml
- - include_tasks: test_alb_tags.yml
- - include_tasks: test_creating_alb.yml
- - include_tasks: test_alb_with_asg.yml
- - include_tasks: test_modifying_alb_listeners.yml
- - include_tasks: test_deleting_alb.yml
- - include_tasks: test_multiple_actions.yml
-
- always:
- # Cleanup
- - name: destroy ALB
- elb_application_lb:
- name: '{{ alb_name }}'
- state: absent
- wait: true
- wait_timeout: 600
- ignore_errors: true
-
- - name: destroy target group if it was created
- elb_target_group:
- name: '{{ tg_name }}'
- protocol: http
- port: 80
- vpc_id: '{{ vpc.vpc.id }}'
- state: absent
- wait: true
- wait_timeout: 600
- register: remove_tg
- retries: 5
- delay: 3
- until: remove_tg is success
- when: tg is defined
- ignore_errors: true
- - name: destroy sec group
- ec2_group:
- name: '{{ sec_group.group_name }}'
- description: security group for Ansible ALB integration tests
- state: absent
- vpc_id: '{{ vpc.vpc.id }}'
- register: remove_sg
- retries: 10
- delay: 5
- until: remove_sg is success
- ignore_errors: true
- - name: remove route table
- ec2_vpc_route_table:
- vpc_id: '{{ vpc.vpc.id }}'
- route_table_id: '{{ route_table.route_table.route_table_id }}'
- lookup: id
- state: absent
- register: remove_rt
- retries: 10
- delay: 5
- until: remove_rt is success
- ignore_errors: true
- - name: destroy subnets
- ec2_vpc_subnet:
- cidr: '{{ item.cidr }}'
- vpc_id: '{{ vpc.vpc.id }}'
- state: absent
- register: remove_subnet
- retries: 10
- delay: 5
- until: remove_subnet is success
- with_items:
- - cidr: 10.228.228.0/24
- - cidr: 10.228.229.0/24
- - cidr: 10.228.230.0/24
- - cidr: 10.228.231.0/24
- ignore_errors: true
- - name: destroy internet gateway
- ec2_vpc_igw:
- vpc_id: '{{ vpc.vpc.id }}'
- tags:
- Name: '{{ resource_prefix }}'
- state: absent
- register: remove_igw
- retries: 10
- delay: 5
- until: remove_igw is success
- ignore_errors: true
- - name: destroy VPC
- ec2_vpc_net:
- cidr_block: 10.228.228.0/22
- name: '{{ resource_prefix }}_vpc'
- state: absent
- register: remove_vpc
- retries: 10
- delay: 5
- until: remove_vpc is success
- ignore_errors: true
diff --git a/tests/integration/targets/elb_application_lb/tasks/main.yml b/tests/integration/targets/elb_application_lb/tasks/main.yml
index 90914288d88..169ef5b16dd 100644
--- a/tests/integration/targets/elb_application_lb/tasks/main.yml
+++ b/tests/integration/targets/elb_application_lb/tasks/main.yml
@@ -1,12 +1,1172 @@
- name: 'elb_application_lb integration tests'
collections:
- amazon.aws
+
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
- region: '{{ aws_region }}'
+ aws_access_key: "{{ aws_access_key }}"
+ aws_secret_key: "{{ aws_secret_key }}"
+ security_token: "{{ security_token | default(omit) }}"
+ region: "{{ aws_region }}"
+
block:
+ - name: Create a test VPC
+ ec2_vpc_net:
+ cidr_block: "{{ vpc_cidr }}"
+ name: '{{ resource_prefix }}_vpc'
+ state: present
+ ipv6_cidr: true
+ tags:
+ Name: elb_application_lb testing
+ ResourcePrefix: "{{ resource_prefix }}"
+ register: vpc
+
+ - name: 'Set fact: VPC ID'
+ set_fact:
+ vpc_id: "{{ vpc.vpc.id }}"
+
+ - name: Create an internet gateway
+ ec2_vpc_igw:
+ vpc_id: '{{ vpc_id }}'
+ state: present
+ tags:
+ Name: '{{ resource_prefix }}'
+ register: igw
+
+ - name: Create private subnets
+ ec2_vpc_subnet:
+ cidr: '{{ item.cidr }}'
+ az: '{{ aws_region }}{{ item.az }}'
+ vpc_id: '{{ vpc_id }}'
+ state: present
+ tags:
+ Public: 'False'
+ Name: 'private-{{ item.az }}'
+ with_items:
+ - cidr: "{{ private_subnet_cidr_1 }}"
+ az: a
+ - cidr: "{{ private_subnet_cidr_2 }}"
+ az: b
+ register: private_subnets
+
+ - name: Create public subnets with ipv6
+ ec2_vpc_subnet:
+ cidr: '{{ item.cidr }}'
+ az: '{{ aws_region }}{{ item.az }}'
+ vpc_id: '{{ vpc_id }}'
+ state: present
+ ipv6_cidr: '{{ item.vpc_ipv6_cidr }}'
+ tags:
+ Public: 'True'
+ Name: 'public-{{ item.az }}'
+ with_items:
+ - cidr: "{{ public_subnet_cidr_1 }}"
+ az: a
+ vpc_ipv6_cidr: "{{ vpc.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('0::/56','0::/64') }}"
+ - cidr: "{{ public_subnet_cidr_2 }}"
+ az: b
+ vpc_ipv6_cidr: "{{ vpc.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('0::/56','1::/64') }}"
+ register: public_subnets
+
+ - name: Create list of subnet ids
+ set_fact:
+ public_subnets: "{{ public_subnets.results | map(attribute='subnet') | map(attribute='id') }}"
+ private_subnets: "{{ private_subnets.results | map(attribute='subnet') | map(attribute='id') }}"
+
+ - name: Create a route table
+ ec2_vpc_route_table:
+ vpc_id: '{{ vpc_id }}'
+ tags:
+ Name: igw-route
+ Created: '{{ resource_prefix }}'
+ subnets: '{{ public_subnets + private_subnets }}'
+ routes:
+ - dest: 0.0.0.0/0
+ gateway_id: '{{ igw.gateway_id }}'
+ register: route_table
+
+ - name: Create a security group for Ansible ALB integration tests
+ ec2_group:
+ name: '{{ resource_prefix }}'
+ description: security group for Ansible ALB integration tests
+ state: present
+ vpc_id: '{{ vpc_id }}'
+ rules:
+ - proto: tcp
+ from_port: 1
+ to_port: 65535
+ cidr_ip: 0.0.0.0/0
+ register: sec_group
+
+ - name: Create another security group for Ansible ALB integration tests
+ ec2_group:
+ name: '{{ resource_prefix }}-2'
+ description: security group for Ansible ALB integration tests
+ state: present
+ vpc_id: '{{ vpc_id }}'
+ rules:
+ - proto: tcp
+ from_port: 1
+ to_port: 65535
+ cidr_ip: 0.0.0.0/0
+ register: sec_group2
+
+ - name: Create a target group for testing
+ elb_target_group:
+ name: '{{ tg_name }}'
+ protocol: http
+ port: 80
+ vpc_id: '{{ vpc_id }}'
+ state: present
+ register: tg
+
+ # ---------------- elb_application_lb tests ---------------------------------------------------
+
+ - name: Create an ALB (invalid - SslPolicy is required when Protocol == HTTPS)
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Protocol: HTTPS
+ Port: 80
+ DefaultActions:
+ - Type: forward
+ TargetGroupName: "{{ tg_name }}"
+ ignore_errors: yes
+ register: alb
+
+ - assert:
+ that:
+ - alb is failed
+ - alb.msg is match("'SslPolicy' is a required listener dict key when Protocol = HTTPS")
+
+ - name: Create an ALB (invalid - didn't provide required listener options)
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Port: 80
+ ignore_errors: yes
+ register: alb
+
+ - assert:
+ that:
+ - alb is failed
+ - alb.msg is match("missing required arguments:\ DefaultActions, Protocol found in listeners")
+
+ - name: Create an ALB (invalid - invalid listener option type)
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Protocol: HTTP
+ Port: "bad type"
+ DefaultActions:
+ - Type: forward
+ TargetGroupName: "{{ tg_name }}"
+ ignore_errors: yes
+ register: alb
+
+ - assert:
+ that:
+ - alb is failed
+ - "'unable to convert to int' in alb.msg"
+
+ - name: Create an ALB (invalid - invalid ip address type)
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Protocol: HTTP
+ Port: 80
+ DefaultActions:
+ - Type: forward
+ TargetGroupName: "{{ tg_name }}"
+ ip_address_type: "ip_addr_v4_v6"
+ ignore_errors: yes
+ register: alb
+
+ - assert:
+ that:
+ - alb is failed
+
+ # ------------------------------------------------------------------------------------------
+
+ - name: Create an ALB with ip address type - check_mode
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Protocol: HTTP
+ Port: 80
+ DefaultActions:
+ - Type: forward
+ TargetGroupName: "{{ tg_name }}"
+ ip_address_type: 'dualstack'
+ register: alb
+ check_mode: yes
+
+ - assert:
+ that:
+ - alb is changed
+ - alb.msg is match('Would have created ALB if not in check mode.')
+
+ - name: Create an ALB with ip address type
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Protocol: HTTP
+ Port: 80
+ DefaultActions:
+ - Type: forward
+ TargetGroupName: "{{ tg_name }}"
+ ip_address_type: 'dualstack'
+ register: alb
+
+ - assert:
+ that:
+ - alb is changed
+ - alb.ip_address_type == 'dualstack'
+ - alb.listeners[0].rules | length == 1
+
+ - name: Create an ALB with ip address type (idempotence) - check_mode
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Protocol: HTTP
+ Port: 80
+ DefaultActions:
+ - Type: forward
+ TargetGroupName: "{{ tg_name }}"
+ ip_address_type: 'dualstack'
+ register: alb
+ check_mode: yes
+
+ - assert:
+ that:
+ - alb is not changed
+ - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.')
+
+ - name: Create an ALB with ip address type (idempotence)
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Protocol: HTTP
+ Port: 80
+ DefaultActions:
+ - Type: forward
+ TargetGroupName: "{{ tg_name }}"
+ ip_address_type: 'dualstack'
+ register: alb
+
+ - assert:
+ that:
+ - alb is not changed
+ - alb.ip_address_type == 'dualstack'
+
+ # ------------------------------------------------------------------------------------------
+
+ - name: Update an ALB with different ip address type - check_mode
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Protocol: HTTP
+ Port: 80
+ DefaultActions:
+ - Type: forward
+ TargetGroupName: "{{ tg_name }}"
+ ip_address_type: 'ipv4'
+ register: alb
+ check_mode: yes
+
+ - assert:
+ that:
+ - alb is changed
+ - alb.msg is match('Would have updated ALB if not in check mode.')
+
+ - name: Update an ALB with different ip address type
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Protocol: HTTP
+ Port: 80
+ DefaultActions:
+ - Type: forward
+ TargetGroupName: "{{ tg_name }}"
+ ip_address_type: 'ipv4'
+ register: alb
+
+ - assert:
+ that:
+ - alb is changed
+ - alb.ip_address_type == 'ipv4'
+
+ - name: Update an ALB with different ip address type (idempotence) - check_mode
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Protocol: HTTP
+ Port: 80
+ DefaultActions:
+ - Type: forward
+ TargetGroupName: "{{ tg_name }}"
+ ip_address_type: 'ipv4'
+ register: alb
+ check_mode: yes
+
+ - assert:
+ that:
+ - alb is not changed
+ - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.')
+
+ - name: Update an ALB with different ip address type (idempotence)
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Protocol: HTTP
+ Port: 80
+ DefaultActions:
+ - Type: forward
+ TargetGroupName: "{{ tg_name }}"
+ ip_address_type: 'ipv4'
+ register: alb
+
+ - assert:
+ that:
+ - alb is not changed
+ - alb.ip_address_type == 'ipv4'
+
+ # ------------------------------------------------------------------------------------------
+
+ - name: Update an ALB with different listener by adding rule - check_mode
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Protocol: HTTP
+ Port: 80
+ DefaultActions:
+ - Type: forward
+ TargetGroupName: "{{ tg_name }}"
+ Rules:
+ - Conditions:
+ - Field: path-pattern
+ Values:
+ - '/test'
+ Priority: '1'
+ Actions:
+ - TargetGroupName: "{{ tg_name }}"
+ Type: forward
+ register: alb
+ check_mode: yes
+
+ - assert:
+ that:
+ - alb is changed
+ - alb.msg is match('Would have updated ALB if not in check mode.')
+
+ - name: Update an ALB with different listener by adding rule
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Protocol: HTTP
+ Port: 80
+ DefaultActions:
+ - Type: forward
+ TargetGroupName: "{{ tg_name }}"
+ Rules:
+ - Conditions:
+ - Field: path-pattern
+ Values:
+ - '/test'
+ Priority: '1'
+ Actions:
+ - TargetGroupName: "{{ tg_name }}"
+ Type: forward
+ register: alb
+
+ - assert:
+ that:
+ - alb is changed
+ - alb.listeners[0].rules | length == 2
+ - "'1' in {{ alb.listeners[0].rules | map(attribute='priority') }}"
+
+ - name: Update an ALB with different listener by adding rule (idempotence) - check_mode
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Protocol: HTTP
+ Port: 80
+ DefaultActions:
+ - Type: forward
+ TargetGroupName: "{{ tg_name }}"
+ Rules:
+ - Conditions:
+ - Field: path-pattern
+ Values:
+ - '/test'
+ Priority: '1'
+ Actions:
+ - TargetGroupName: "{{ tg_name }}"
+ Type: forward
+ register: alb
+ check_mode: yes
+
+ - assert:
+ that:
+ - alb is not changed
+ - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.')
+
+ - name: Update an ALB with different listener by adding rule (idempotence)
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Protocol: HTTP
+ Port: 80
+ DefaultActions:
+ - Type: forward
+ TargetGroupName: "{{ tg_name }}"
+ Rules:
+ - Conditions:
+ - Field: path-pattern
+ Values:
+ - '/test'
+ Priority: '1'
+ Actions:
+ - TargetGroupName: "{{ tg_name }}"
+ Type: forward
+ register: alb
+
+ - assert:
+ that:
+ - alb is not changed
+ - alb.listeners[0].rules | length == 2
+ - "'1' in {{ alb.listeners[0].rules | map(attribute='priority') }}"
+
+ # ------------------------------------------------------------------------------------------
+
+ - name: Update an ALB with different listener by modifying rule - check_mode
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Protocol: HTTP
+ Port: 80
+ DefaultActions:
+ - Type: forward
+ TargetGroupName: "{{ tg_name }}"
+ Rules:
+ - Conditions:
+ - Field: path-pattern
+ Values:
+ - '/test'
+ Priority: '2'
+ Actions:
+ - TargetGroupName: "{{ tg_name }}"
+ Type: forward
+ register: alb
+ check_mode: yes
+
+ - assert:
+ that:
+ - alb is changed
+ - alb.msg is match('Would have updated ALB if not in check mode.')
+
+ - name: Update an ALB with different listener by modifying rule
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Protocol: HTTP
+ Port: 80
+ DefaultActions:
+ - Type: forward
+ TargetGroupName: "{{ tg_name }}"
+ Rules:
+ - Conditions:
+ - Field: path-pattern
+ Values:
+ - '/test'
+ Priority: '2'
+ Actions:
+ - TargetGroupName: "{{ tg_name }}"
+ Type: forward
+ register: alb
+
+ - assert:
+ that:
+ - alb is changed
+ - alb.listeners[0].rules | length == 2
+ - "'2' in {{ alb.listeners[0].rules | map(attribute='priority') }}"
+
+ - name: Update an ALB with different listener by modifying rule (idempotence) - check_mode
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Protocol: HTTP
+ Port: 80
+ DefaultActions:
+ - Type: forward
+ TargetGroupName: "{{ tg_name }}"
+ Rules:
+ - Conditions:
+ - Field: path-pattern
+ Values:
+ - '/test'
+ Priority: '2'
+ Actions:
+ - TargetGroupName: "{{ tg_name }}"
+ Type: forward
+ register: alb
+ check_mode: yes
+
+ - assert:
+ that:
+ - alb is not changed
+ - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.')
+
+ - name: Update an ALB with different listener by modifying rule (idempotence)
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Protocol: HTTP
+ Port: 80
+ DefaultActions:
+ - Type: forward
+ TargetGroupName: "{{ tg_name }}"
+ Rules:
+ - Conditions:
+ - Field: path-pattern
+ Values:
+ - '/test'
+ Priority: '2'
+ Actions:
+ - TargetGroupName: "{{ tg_name }}"
+ Type: forward
+ register: alb
+
+ - assert:
+ that:
+ - alb is not changed
+ - alb.listeners[0].rules | length == 2
+ - "'2' in {{ alb.listeners[0].rules | map(attribute='priority') }}"
+
+ # ------------------------------------------------------------------------------------------
+
+ - name: Update an ALB with different listener by deleting rule - check_mode
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Protocol: HTTP
+ Port: 80
+ DefaultActions:
+ - Type: forward
+ TargetGroupName: "{{ tg_name }}"
+ Rules: []
+ register: alb
+ check_mode: yes
+
+ - assert:
+ that:
+ - alb is changed
+ - alb.msg is match('Would have updated ALB if not in check mode.')
+
+ - name: Update an ALB with different listener by deleting rule
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Protocol: HTTP
+ Port: 80
+ DefaultActions:
+ - Type: forward
+ TargetGroupName: "{{ tg_name }}"
+ Rules: []
+ register: alb
+
+ - assert:
+ that:
+ - alb is changed
+ - alb.listeners[0].rules | length == 1
+ - "'2' not in {{ alb.listeners[0].rules | map(attribute='priority') }}"
+
+ - name: Update an ALB with different listener by deleting rule (idempotence) - check_mode
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Protocol: HTTP
+ Port: 80
+ DefaultActions:
+ - Type: forward
+ TargetGroupName: "{{ tg_name }}"
+ Rules: []
+ register: alb
+ check_mode: yes
+
+ - assert:
+ that:
+ - alb is not changed
+ - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.')
+
+ - name: Update an ALB with different listener by deleting rule (idempotence)
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners:
+ - Protocol: HTTP
+ Port: 80
+ DefaultActions:
+ - Type: forward
+ TargetGroupName: "{{ tg_name }}"
+ Rules: []
+ register: alb
+
+ - assert:
+ that:
+ - alb is not changed
+ - alb.listeners[0].rules | length == 1
+ - "'2' not in {{ alb.listeners[0].rules | map(attribute='priority') }}"
+
+ # ------------------------------------------------------------------------------------------
+
+ - name: Update an ALB by deleting listener - check_mode
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners: []
+ register: alb
+ check_mode: yes
+
+ - assert:
+ that:
+ - alb is changed
+ - alb.msg is match('Would have updated ALB if not in check mode.')
+
+ - name: Update an ALB by deleting listener
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners: []
+ register: alb
+
+ - assert:
+ that:
+ - alb is changed
+ - not alb.listeners
+
+ - name: Update an ALB by deleting listener (idempotence) - check_mode
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners: []
+ register: alb
+ check_mode: yes
+
+ - assert:
+ that:
+ - alb is not changed
+ - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.')
+
+ - name: Update an ALB by deleting listener (idempotence)
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ listeners: []
+ register: alb
+
+ - assert:
+ that:
+ - alb is not changed
+ - not alb.listeners
+
+ # ------------------------------------------------------------------------------------------
+
+ - name: Update an ALB by adding tags - check_mode
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ tags:
+ created_by: "ALB test {{ resource_prefix }}"
+ register: alb
+ check_mode: yes
+
+ - assert:
+ that:
+ - alb is changed
+ - alb.msg is match('Would have updated ALB if not in check mode.')
+
+ - name: Update an ALB by adding tags
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ tags:
+ created_by: "ALB test {{ resource_prefix }}"
+ register: alb
+
+ - assert:
+ that:
+ - alb is changed
+ - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}"}'
+
+ - name: Update an ALB by adding tags (idempotence) - check_mode
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ tags:
+ created_by: "ALB test {{ resource_prefix }}"
+ register: alb
+ check_mode: yes
+
+ - assert:
+ that:
+ - alb is not changed
+ - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.')
+
+ - name: Update an ALB by adding tags (idempotence)
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ tags:
+ created_by: "ALB test {{ resource_prefix }}"
+ register: alb
+
+ - assert:
+ that:
+ - alb is not changed
+ - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}"}'
+
+ # ------------------------------------------------------------------------------------------
+
+ - name: Update an ALB by modifying tags - check_mode
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ tags:
+ created_by: "ALB test {{ resource_prefix }}-2"
+ register: alb
+ check_mode: yes
+
+ - assert:
+ that:
+ - alb is changed
+ - alb.msg is match('Would have updated ALB if not in check mode.')
+
+ - name: Update an ALB by modifying tags
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ tags:
+ created_by: "ALB test {{ resource_prefix }}-2"
+ register: alb
+
+ - assert:
+ that:
+ - alb is changed
+ - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}-2"}'
+
+ - name: Update an ALB by modifying tags (idempotence) - check_mode
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ tags:
+ created_by: "ALB test {{ resource_prefix }}-2"
+ register: alb
+ check_mode: yes
+
+ - assert:
+ that:
+ - alb is not changed
+ - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.')
+
+ - name: Update an ALB by modifying tags (idempotence)
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ tags:
+ created_by: "ALB test {{ resource_prefix }}-2"
+ register: alb
+
+ - assert:
+ that:
+ - alb is not changed
+ - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}-2"}'
+
+ # ------------------------------------------------------------------------------------------
+
+ - name: Update an ALB by removing tags - check_mode
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ tags: {}
+ register: alb
+ check_mode: yes
+
+ - assert:
+ that:
+ - alb is changed
+ - alb.msg is match('Would have updated ALB if not in check mode.')
+
+ - name: Update an ALB by removing tags
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ tags: {}
+ register: alb
+
+ - assert:
+ that:
+ - alb is changed
+ - not alb.tags
+
+ - name: Update an ALB by removing tags (idempotence) - check_mode
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ tags: {}
+ register: alb
+ check_mode: yes
+
+ - assert:
+ that:
+ - alb is not changed
+ - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.')
+
+ - name: Update an ALB by removing tags (idempotence)
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group.group_id }}"
+ state: present
+ tags: {}
+ register: alb
+
+ - assert:
+ that:
+ - alb is not changed
+ - not alb.tags
+
+ # ------------------------------------------------------------------------------------------
+
+ - name: Update an ALB by changing security group - check_mode
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group2.group_id }}"
+ state: present
+ register: alb
+ check_mode: yes
+
+ - assert:
+ that:
+ - alb is changed
+ - alb.msg is match('Would have updated ALB if not in check mode.')
+
+ - name: Update an ALB by changing security group
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group2.group_id }}"
+ state: present
+ register: alb
+
+ - assert:
+ that:
+ - alb is changed
+ - alb.security_groups[0] == sec_group2.group_id
+
+ - name: Update an ALB by changing security group (idempotence) - check_mode
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group2.group_id }}"
+ state: present
+ register: alb
+ check_mode: yes
+
+ - assert:
+ that:
+ - alb is not changed
+ - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.')
+
+ - name: Update an ALB by changing security group (idempotence)
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ subnets: "{{ public_subnets }}"
+ security_groups: "{{ sec_group2.group_id }}"
+ state: present
+ register: alb
+
+ - assert:
+ that:
+ - alb is not changed
+ - alb.security_groups[0] == sec_group2.group_id
+
+ # ------------------------------------------------------------------------------------------
+
+ - name: Ensure elb_application_lb_info supports check_mode
+ elb_application_lb_info:
+ register: alb_info
+ check_mode: yes
+
+ - assert:
+ that:
+ - alb_info.load_balancers | length > 0
+
+ - name: Get ALB application info using no args
+ elb_application_lb_info:
+ register: alb_info
+
+ - assert:
+ that:
+ - alb_info.load_balancers | length > 0
+
+ - name: Get ALB application info using load balancer arn
+ elb_application_lb_info:
+ load_balancer_arns:
+ - "{{ alb.load_balancer_arn }}"
+ register: alb_info
+
+ - assert:
+ that:
+ - alb_info.load_balancers[0].security_groups[0] == sec_group2.group_id
+
+ - name: Get ALB application info using load balancer name
+ elb_application_lb_info:
+ names:
+ - "{{ alb.load_balancer_name }}"
+ register: alb_info
+
+ - assert:
+ that:
+ - alb_info.load_balancers[0].security_groups[0] == sec_group2.group_id
+
+ # ------------------------------------------------------------------------------------------
+
+ - name: Delete an ALB - check_mode
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ state: absent
+ register: alb
+ check_mode: yes
+
+ - assert:
+ that:
+ - alb is changed
+ - alb.msg is match('Would have deleted ALB if not in check mode.')
+
+ - name: Delete an ALB
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ state: absent
+ register: alb
+
+ - assert:
+ that:
+ - alb is changed
+
+ - name: Delete an ALB (idempotence) - check_mode
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ state: absent
+ register: alb
+ check_mode: yes
+
+ - assert:
+ that:
+ - alb is not changed
+ - alb.msg is match('IN CHECK MODE - ALB already absent.')
+
+ - name: Delete an ALB (idempotence)
+ elb_application_lb:
+ name: "{{ alb_name }}"
+ state: absent
+ register: alb
+
+ - assert:
+ that:
+ - alb is not changed
+
+ # ----- Cleanup ------------------------------------------------------------------------------
+
+ always:
+ - name: Destroy ALB
+ elb_application_lb:
+ name: '{{ alb_name }}'
+ state: absent
+ wait: true
+ wait_timeout: 600
+ ignore_errors: true
+
+ - name: Destroy target group if it was created
+ elb_target_group:
+ name: '{{ tg_name }}'
+ protocol: http
+ port: 80
+ vpc_id: '{{ vpc_id }}'
+ state: absent
+ wait: true
+ wait_timeout: 600
+ register: remove_tg
+ retries: 5
+ delay: 3
+ until: remove_tg is success
+ when: tg is defined
+ ignore_errors: true
+
+ - name: Destroy sec groups
+ ec2_group:
+ name: "{{ item }}"
+ description: security group for Ansible ALB integration tests
+ state: absent
+ vpc_id: '{{ vpc_id }}'
+ register: remove_sg
+ retries: 10
+ delay: 5
+ until: remove_sg is success
+ ignore_errors: true
+ with_items:
+ - "{{ resource_prefix }}"
+ - "{{ resource_prefix }}-2"
+
+ - name: Destroy route table
+ ec2_vpc_route_table:
+ vpc_id: '{{ vpc_id }}'
+ route_table_id: '{{ route_table.route_table.route_table_id }}'
+ lookup: id
+ state: absent
+ register: remove_rt
+ retries: 10
+ delay: 5
+ until: remove_rt is success
+ ignore_errors: true
+
+ - name: Destroy subnets
+ ec2_vpc_subnet:
+ cidr: "{{ item }}"
+ vpc_id: "{{ vpc_id }}"
+ state: absent
+ register: remove_subnet
+ retries: 10
+ delay: 5
+ until: remove_subnet is success
+ with_items:
+ - "{{ private_subnet_cidr_1 }}"
+ - "{{ private_subnet_cidr_2 }}"
+ - "{{ public_subnet_cidr_1 }}"
+ - "{{ public_subnet_cidr_2 }}"
+ ignore_errors: true
+
+ - name: Destroy internet gateway
+ ec2_vpc_igw:
+ vpc_id: '{{ vpc_id }}'
+ tags:
+ Name: '{{ resource_prefix }}'
+ state: absent
+ register: remove_igw
+ retries: 10
+ delay: 5
+ until: remove_igw is success
+ ignore_errors: true
- - include_tasks: full_test.yml
+ - name: Destroy VPC
+ ec2_vpc_net:
+ cidr_block: "{{ vpc_cidr }}"
+ name: "{{ resource_prefix }}_vpc"
+ state: absent
+ register: remove_vpc
+ retries: 10
+ delay: 5
+ until: remove_vpc is success
+ ignore_errors: true
diff --git a/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml b/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml
deleted file mode 100644
index a811e3f3054..00000000000
--- a/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml
+++ /dev/null
@@ -1,68 +0,0 @@
-- block:
-
- - name: test creating an ALB with invalid listener options
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- listeners:
- - Protocol: HTTPS
- Port: 80
- DefaultActions:
- - Type: forward
- TargetGroupName: "{{ tg_name }}"
- ignore_errors: yes
- register: alb
-
- - assert:
- that:
- - alb is failed
-
- - name: test creating an ALB without providing required listener options
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- listeners:
- - Port: 80
- ignore_errors: yes
- register: alb
-
- - assert:
- that:
- - alb is failed
- - '"missing required arguments" in alb.msg'
- - '"Protocol" in alb.msg'
- - '"DefaultActions" in alb.msg'
-
- - name: test creating an ALB providing an invalid listener option type
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- listeners:
- - Protocol: HTTP
- Port: "bad type"
- DefaultActions:
- - Type: forward
- TargetGroupName: "{{ tg_name }}"
- ignore_errors: yes
- register: alb
-
- - assert:
- that:
- - alb is failed
- - "'unable to convert to int' in alb.msg"
-
- always:
- # Cleanup
- - name: destroy ALB if created
- elb_application_lb:
- name: '{{ alb_name }}'
- state: absent
- wait: true
- wait_timeout: 600
- ignore_errors: true
diff --git a/tests/integration/targets/elb_application_lb/tasks/test_alb_ip_address_type_options.yml b/tests/integration/targets/elb_application_lb/tasks/test_alb_ip_address_type_options.yml
deleted file mode 100644
index 9249d1161c0..00000000000
--- a/tests/integration/targets/elb_application_lb/tasks/test_alb_ip_address_type_options.yml
+++ /dev/null
@@ -1,93 +0,0 @@
-- block:
- - name: set elb name for ipv6
- set_fact:
- elb_name_ipv6: "{{ alb_name ~ 'ipv6' }}"
-
- - name: test creating an ELB with invalid ip address type
- elb_application_lb:
- name: "{{ elb_name_ipv6 }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- listeners:
- - Protocol: HTTP
- Port: 80
- DefaultActions:
- - Type: forward
- TargetGroupName: "{{ tg_name }}"
- ip_address_type: "ip_addr_v4_v6"
- ignore_errors: yes
- register: elb
-
- - assert:
- that:
- - elb is failed
-
- - name: test creating an ELB with dualstack ip adress type
- elb_application_lb:
- name: "{{ elb_name_ipv6 }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- listeners:
- - Protocol: HTTP
- Port: 80
- DefaultActions:
- - Type: forward
- TargetGroupName: "{{ tg_name }}"
- ip_address_type: "dualstack"
- register: elb
-
- - assert:
- that:
- - elb.ip_address_type == "dualstack"
-
- - name: test updating an ELB with ipv4 adress type
- elb_application_lb:
- name: "{{ elb_name_ipv6 }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- listeners:
- - Protocol: HTTP
- Port: 80
- DefaultActions:
- - Type: forward
- TargetGroupName: "{{ tg_name }}"
- ip_address_type: "ipv4"
- register: elb
-
- - assert:
- that:
- - elb.changed
- - elb.ip_address_type == "ipv4"
-
- - name: test idempotence updating an ELB with ipv4 adress type
- elb_application_lb:
- name: "{{ elb_name_ipv6 }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- listeners:
- - Protocol: HTTP
- Port: 80
- DefaultActions:
- - Type: forward
- TargetGroupName: "{{ tg_name }}"
- ip_address_type: "ipv4"
- register: elb
-
- - assert:
- that:
- - not elb.changed
- - elb.ip_address_type == "ipv4"
-
- always:
- # Cleanup
- - name: destroy ALB if created
- elb_application_lb:
- name: '{{ elb_name_ipv6 }}'
- state: absent
- wait: true
- wait_timeout: 600
- ignore_errors: true
diff --git a/tests/integration/targets/elb_application_lb/tasks/test_alb_tags.yml b/tests/integration/targets/elb_application_lb/tasks/test_alb_tags.yml
deleted file mode 100644
index 06b6d0249cc..00000000000
--- a/tests/integration/targets/elb_application_lb/tasks/test_alb_tags.yml
+++ /dev/null
@@ -1,78 +0,0 @@
-- block:
-
- - name: create ALB with no listeners
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- register: alb
-
- - assert:
- that:
- - alb.changed
-
- - name: re-create ALB with no listeners
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- register: alb
-
- - assert:
- that:
- - not alb.changed
-
- - name: add tags to ALB
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- tags:
- created_by: "ALB test {{ resource_prefix }}"
- register: alb
-
- - assert:
- that:
- - alb.changed
- - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}"}'
-
- - name: remove tags from ALB
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- tags: {}
- register: alb
-
- - assert:
- that:
- - alb.changed
- - not alb.tags
-
- - name: test idempotence
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- tags: {}
- register: alb
-
- - assert:
- that:
- - not alb.changed
- - not alb.tags
-
- - name: destroy ALB with no listeners
- elb_application_lb:
- name: "{{ alb_name }}"
- state: absent
- register: alb
-
- - assert:
- that:
- - alb.changed
diff --git a/tests/integration/targets/elb_application_lb/tasks/test_alb_with_asg.yml b/tests/integration/targets/elb_application_lb/tasks/test_alb_with_asg.yml
deleted file mode 100644
index b066d88a210..00000000000
--- a/tests/integration/targets/elb_application_lb/tasks/test_alb_with_asg.yml
+++ /dev/null
@@ -1,73 +0,0 @@
-- block:
-
- - ec2_ami_info:
- filters:
- architecture: x86_64
- virtualization-type: hvm
- root-device-type: ebs
- name: "amzn-ami-hvm*"
- owner-alias: "amazon"
- register: amis
-
- - set_fact:
- latest_amazon_linux: "{{ amis.images | sort(attribute='creation_date') | last }}"
-
- - ec2_asg:
- state: absent
- name: "{{ resource_prefix }}-webservers"
- wait_timeout: 900
-
- - ec2_lc:
- name: "{{ resource_prefix }}-web-lcfg"
- state: absent
-
- - name: Create launch config for testing
- ec2_lc:
- name: "{{ resource_prefix }}-web-lcfg"
- assign_public_ip: true
- image_id: "{{ latest_amazon_linux.image_id }}"
- security_groups: "{{ sec_group.group_id }}"
- instance_type: t2.medium
- user_data: |
- #!/bin/bash
- set -x
- yum update -y --nogpgcheck
- yum install -y --nogpgcheck httpd
- echo "Hello Ansiblings!" >> /var/www/html/index.html
- service httpd start
- volumes:
- - device_name: /dev/xvda
- volume_size: 10
- volume_type: gp2
- delete_on_termination: true
-
- - name: Create autoscaling group for app server fleet
- ec2_asg:
- name: "{{ resource_prefix }}-webservers"
- vpc_zone_identifier: "{{ alb_subnets }}"
- launch_config_name: "{{ resource_prefix }}-web-lcfg"
- termination_policies:
- - OldestLaunchConfiguration
- - Default
- health_check_period: 600
- health_check_type: EC2
- replace_all_instances: true
- min_size: 0
- max_size: 2
- desired_capacity: 1
- wait_for_instances: true
- target_group_arns:
- - "{{ tg.target_group_arn }}"
-
- always:
-
- - ec2_asg:
- state: absent
- name: "{{ resource_prefix }}-webservers"
- wait_timeout: 900
- ignore_errors: yes
-
- - ec2_lc:
- name: "{{ resource_prefix }}-web-lcfg"
- state: absent
- ignore_errors: yes
diff --git a/tests/integration/targets/elb_application_lb/tasks/test_creating_alb.yml b/tests/integration/targets/elb_application_lb/tasks/test_creating_alb.yml
deleted file mode 100644
index f5e75ab3872..00000000000
--- a/tests/integration/targets/elb_application_lb/tasks/test_creating_alb.yml
+++ /dev/null
@@ -1,41 +0,0 @@
-- block:
-
- - name: create ALB with a listener
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- listeners:
- - Protocol: HTTP
- Port: 80
- DefaultActions:
- - Type: forward
- TargetGroupName: "{{ tg_name }}"
- register: alb
-
- - assert:
- that:
- - alb.changed
- - alb.listeners|length == 1
- - alb.listeners[0].rules|length == 1
-
- - name: test idempotence creating ALB with a listener
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- listeners:
- - Protocol: HTTP
- Port: 80
- DefaultActions:
- - Type: forward
- TargetGroupName: "{{ tg_name }}"
- register: alb
-
- - assert:
- that:
- - not alb.changed
- - alb.listeners|length == 1
- - alb.listeners[0].rules|length == 1
diff --git a/tests/integration/targets/elb_application_lb/tasks/test_deleting_alb.yml b/tests/integration/targets/elb_application_lb/tasks/test_deleting_alb.yml
deleted file mode 100644
index cf1335d6dbd..00000000000
--- a/tests/integration/targets/elb_application_lb/tasks/test_deleting_alb.yml
+++ /dev/null
@@ -1,37 +0,0 @@
-- block:
-
- - name: destroy ALB with listener
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: absent
- listeners:
- - Protocol: HTTP
- Port: 80
- DefaultActions:
- - Type: forward
- TargetGroupName: "{{ tg_name }}"
- wait: yes
- wait_timeout: 300
- register: alb
-
- - name: test idempotence
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: absent
- listeners:
- - Protocol: HTTP
- Port: 80
- DefaultActions:
- - Type: forward
- TargetGroupName: "{{ tg_name }}"
- wait: yes
- wait_timeout: 300
- register: alb
-
- - assert:
- that:
- - not alb.changed
diff --git a/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml b/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml
deleted file mode 100644
index 3cc8a857bca..00000000000
--- a/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml
+++ /dev/null
@@ -1,222 +0,0 @@
-- block:
-
- - name: add a rule to the listener
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- listeners:
- - Protocol: HTTP
- Port: 80
- DefaultActions:
- - Type: forward
- TargetGroupName: "{{ tg_name }}"
- Rules:
- - Conditions:
- - Field: path-pattern
- Values:
- - '/test'
- Priority: '1'
- Actions:
- - TargetGroupName: "{{ tg_name }}"
- Type: forward
- register: alb
-
- - assert:
- that:
- - alb.changed
- - alb.listeners[0].rules|length == 2
-
- - name: test replacing the rule with one with the same priority
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- purge_listeners: true
- listeners:
- - Protocol: HTTP
- Port: 80
- DefaultActions:
- - Type: forward
- TargetGroupName: "{{ tg_name }}"
- Rules:
- - Conditions:
- - Field: path-pattern
- Values:
- - '/new'
- Priority: '1'
- Actions:
- - TargetGroupName: "{{ tg_name }}"
- Type: forward
- register: alb
-
- - assert:
- that:
- - alb.changed
- - alb.listeners[0].rules|length == 2
-
- - name: test the rule will not be removed without purge_listeners
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- listeners:
- - Protocol: HTTP
- Port: 80
- DefaultActions:
- - Type: forward
- TargetGroupName: "{{ tg_name }}"
- register: alb
-
- - assert:
- that:
- - not alb.changed
- - alb.listeners[0].rules|length == 2
-
- - name: test a rule can be added and other rules will not be removed when purge_rules is no.
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- purge_rules: no
- listeners:
- - Protocol: HTTP
- Port: 80
- DefaultActions:
- - Type: forward
- TargetGroupName: "{{ tg_name }}"
- Rules:
- - Conditions:
- - Field: path-pattern
- Values:
- - '/new'
- Priority: '2'
- Actions:
- - TargetGroupName: "{{ tg_name }}"
- Type: forward
- register: alb
-
- - assert:
- that:
- - alb.changed
- - alb.listeners[0].rules|length == 3
-
- - name: add a rule that uses the host header condition to the listener
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- purge_rules: no
- listeners:
- - Protocol: HTTP
- Port: 80
- DefaultActions:
- - Type: forward
- TargetGroupName: "{{ tg_name }}"
- Rules:
- - Conditions:
- - Field: host-header
- Values:
- - 'local.mydomain.com'
- Priority: '3'
- Actions:
- - TargetGroupName: "{{ tg_name }}"
- Type: forward
- register: alb
-
- - assert:
- that:
- - alb.changed
- - alb.listeners[0].rules|length == 4
- # - '{{ alb|community.general.json_query("listeners[].rules[].conditions[].host_header_config.values[]")|length == 1 }}'
-
- - name: test replacing the rule that uses the host header condition with multiple host header conditions
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- purge_rules: no
- state: present
- listeners:
- - Protocol: HTTP
- Port: 80
- DefaultActions:
- - Type: forward
- TargetGroupName: "{{ tg_name }}"
- Rules:
- - Conditions:
- - Field: host-header
- Values:
- - 'local.mydomain.com'
- - 'alternate.mydomain.com'
- Priority: '3'
- Actions:
- - TargetGroupName: "{{ tg_name }}"
- Type: forward
- register: alb
-
- - assert:
- that:
- - alb.changed
- - alb.listeners[0].rules|length == 4
- #- '{{ alb|community.general.json_query("listeners[].rules[].conditions[].host_header_config.values[]")|length == 2 }}'
-
- - name: remove the rule
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- purge_listeners: true
- listeners:
- - Protocol: HTTP
- Port: 80
- DefaultActions:
- - Type: forward
- TargetGroupName: "{{ tg_name }}"
- Rules: []
- register: alb
-
- - assert:
- that:
- - alb.changed
- - alb.listeners[0].rules|length == 1
-
- - name: remove listener from ALB
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- listeners: []
- register: alb
-
- - assert:
- that:
- - alb.changed
- - not alb.listeners
-
- - name: add the listener to the ALB
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- listeners:
- - Protocol: HTTP
- Port: 80
- DefaultActions:
- - Type: forward
- TargetGroupName: "{{ tg_name }}"
- register: alb
-
- - assert:
- that:
- - alb.changed
- - alb.listeners|length == 1
- - alb.availability_zones|length == 2
diff --git a/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml b/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml
deleted file mode 100644
index da56a98716b..00000000000
--- a/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml
+++ /dev/null
@@ -1,447 +0,0 @@
-- block:
-
- - name: register dummy OIDC config
- set_fact:
- AuthenticateOidcActionConfig:
- AuthorizationEndpoint: "https://www.example.com/auth"
- ClientId: "eeeeeeeeeeeeeeeeeeeeeeeeee"
- ClientSecret: "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"
- Issuer: "https://www.example.com/issuer"
- OnUnauthenticatedRequest: "authenticate"
- Scope: "openid"
- SessionCookieName: "AWSELBAuthSessionCookie"
- SessionTimeout: 604800
- TokenEndpoint: "https://www.example.com/token"
- UserInfoEndpoint: "https://www.example.com/userinfo"
- UseExistingClientSecret: true
-
- - name: register fixed response action
- set_fact:
- FixedResponseActionConfig:
- ContentType: "text/plain"
- MessageBody: "This is the page you're looking for"
- StatusCode: "200"
-
- - name: register redirect action
- set_fact:
- RedirectActionConfig:
- Host: "#{host}"
- Path: "/example/redir" # or /#{path}
- Port: "#{port}"
- Protocol: "#{protocol}"
- Query: "#{query}"
- StatusCode: "HTTP_302" # or HTTP_301
-
- - name: delete existing ALB to avoid target group association issues
- elb_application_lb:
- name: "{{ alb_name }}"
- state: absent
- wait: yes
- wait_timeout: 600
-
- - name: cleanup tg to avoid target group association issues
- elb_target_group:
- name: "{{ tg_name }}"
- protocol: http
- port: 80
- vpc_id: "{{ vpc.vpc.id }}"
- state: absent
- wait: yes
- wait_timeout: 600
- register: cleanup_tg
- retries: 5
- delay: 3
- until: cleanup_tg is success
-
- - name: recreate a target group
- elb_target_group:
- name: "{{ tg_name }}"
- protocol: http
- port: 80
- vpc_id: "{{ vpc.vpc.id }}"
- state: present
- register: tg
-
- - name: create ALB with redirect DefaultAction
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- listeners:
- - Protocol: HTTP
- Port: 80
- DefaultActions:
- - Type: redirect
- RedirectConfig: "{{ RedirectActionConfig }}"
- register: alb
-
- - assert:
- that:
- - alb.changed
- - alb.listeners|length == 1
- - alb.listeners[0].rules[0].actions|length == 1
- - alb.listeners[0].rules[0].actions[0].type == "redirect"
-
- - name: test idempotence with redirect DefaultAction
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- listeners:
- - Protocol: HTTP
- Port: 80
- DefaultActions:
- - Type: redirect
- RedirectConfig: "{{ RedirectActionConfig }}"
- register: alb
-
- - assert:
- that:
- - not alb.changed
- - alb.listeners|length == 1
- - alb.listeners[0].rules[0].actions|length == 1
- - alb.listeners[0].rules[0].actions[0].type == "redirect"
-
- - name: update ALB with fixed-response DefaultAction
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- listeners:
- - Protocol: HTTP
- Port: 80
- DefaultActions:
- - Type: fixed-response
- FixedResponseConfig: "{{ FixedResponseActionConfig }}"
- register: alb
-
- - assert:
- that:
- - alb.changed
- - alb.listeners|length == 1
- - alb.listeners[0].rules[0].actions|length == 1
- - alb.listeners[0].rules[0].actions[0].type == "fixed-response"
-
- - name: test idempotence with fixed-response DefaultAction
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- listeners:
- - Protocol: HTTP
- Port: 80
- DefaultActions:
- - Type: fixed-response
- FixedResponseConfig: "{{ FixedResponseActionConfig }}"
- register: alb
-
- - assert:
- that:
- - not alb.changed
- - alb.listeners|length == 1
- - alb.listeners[0].rules[0].actions|length == 1
- - alb.listeners[0].rules[0].actions[0].type == "fixed-response"
-
- - name: test multiple non-default rules
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- listeners:
- - Protocol: HTTP
- Port: 80
- DefaultActions:
- - Type: fixed-response
- FixedResponseConfig: "{{ FixedResponseActionConfig }}"
- Rules:
- - Conditions:
- - Field: http-header
- HttpHeaderConfig:
- HttpHeaderName: 'User-Agent'
- Values: ['*Trident/7:0*rv:*']
- - Field: http-header
- HttpHeaderConfig:
- HttpHeaderName: 'X-Something'
- Values: ['foobar']
- Priority: '1'
- Actions:
- - Type: fixed-response
- FixedResponseConfig:
- StatusCode: "200"
- ContentType: "text/html"
- MessageBody: "Hello World!"
- - Conditions:
- - Field: path-pattern
- Values:
- - "/forward-path/*"
- Priority: 2
- Actions:
- - Type: forward
- TargetGroupName: "{{ tg_name }}"
- - Conditions:
- - Field: path-pattern
- Values:
- - "/redirect-path/*"
- Priority: 3
- Actions:
- - Type: redirect
- RedirectConfig: "{{ RedirectActionConfig }}"
- - Conditions:
- - Field: path-pattern
- Values:
- - "/fixed-response-path/"
- Priority: 4
- Actions:
- - Type: fixed-response
- FixedResponseConfig: "{{ FixedResponseActionConfig }}"
- register: alb
-
- - assert:
- that:
- - alb.changed
- - alb.listeners|length == 1
- - alb.listeners[0].rules|length == 5 ## defaultactions is included as a rule
- - alb.listeners[0].rules[0].actions|length == 1
- - alb.listeners[0].rules[0].actions[0].type == "fixed-response"
- - alb.listeners[0].rules[1].actions|length == 1
- - alb.listeners[0].rules[1].actions[0].type == "forward"
- - alb.listeners[0].rules[2].actions|length == 1
- - alb.listeners[0].rules[2].actions[0].type == "redirect"
- - alb.listeners[0].rules[3].actions|length == 1
- - alb.listeners[0].rules[3].actions[0].type == "fixed-response"
-
- - name: test idempotence multiple non-default rules
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- listeners:
- - Protocol: HTTP
- Port: 80
- DefaultActions:
- - Type: fixed-response
- FixedResponseConfig: "{{ FixedResponseActionConfig }}"
- Rules:
- - Conditions:
- - Field: http-header
- HttpHeaderConfig:
- HttpHeaderName: 'User-Agent'
- Values: ['*Trident/7:0*rv:*']
- - Field: http-header
- HttpHeaderConfig:
- HttpHeaderName: 'X-Something'
- Values: ['foobar']
- Priority: '1'
- Actions:
- - Type: fixed-response
- FixedResponseConfig:
- StatusCode: "200"
- ContentType: "text/html"
- MessageBody: "Hello World!"
- - Conditions:
- - Field: path-pattern
- Values:
- - "/forward-path/*"
- Priority: 2
- Actions:
- - Type: forward
- TargetGroupName: "{{ tg_name }}"
- - Conditions:
- - Field: path-pattern
- Values:
- - "/redirect-path/*"
- Priority: 3
- Actions:
- - Type: redirect
- RedirectConfig: "{{ RedirectActionConfig }}"
- - Conditions:
- - Field: path-pattern
- Values:
- - "/fixed-response-path/"
- Priority: 4
- Actions:
- - Type: fixed-response
- FixedResponseConfig: "{{ FixedResponseActionConfig }}"
- register: alb
-
- - assert:
- that:
- - not alb.changed
- - alb.listeners|length == 1
- - alb.listeners[0].rules|length == 5 ## defaultactions is included as a rule
- - alb.listeners[0].rules[0].actions|length == 1
- - alb.listeners[0].rules[0].actions[0].type == "fixed-response"
- - alb.listeners[0].rules[1].actions|length == 1
- - alb.listeners[0].rules[1].actions[0].type == "forward"
- - alb.listeners[0].rules[2].actions|length == 1
- - alb.listeners[0].rules[2].actions[0].type == "redirect"
- - alb.listeners[0].rules[3].actions|length == 1
- - alb.listeners[0].rules[3].actions[0].type == "fixed-response"
-
-
-# - name: test creating ALB with a default listener with multiple actions
-# elb_application_lb:
-# name: "{{ alb_name }}"
-# subnets: "{{ alb_subnets }}"
-# security_groups: "{{ sec_group.group_id }}"
-# state: present
-# listeners:
-# - Protocol: HTTP
-# Port: 80
-# DefaultActions:
-# - Type: forward
-# TargetGroupName: "{{ tg_name }}"
-# Order: 2
-# - Type: authenticate-oidc
-# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}"
-# Order: 1
-# register: alb
-#
-# - assert:
-# that:
-# - alb.listeners|length == 1
-# - alb.listeners[0].rules[0].actions|length == 2
-#
-# - name: test changing order of actions
-# elb_application_lb:
-# name: "{{ alb_name }}"
-# subnets: "{{ alb_subnets }}"
-# security_groups: "{{ sec_group.group_id }}"
-# state: present
-# listeners:
-# - Protocol: HTTP
-# Port: 80
-# DefaultActions:
-# - Type: authenticate-oidc
-# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}"
-# Order: 1
-# - Type: forward
-# TargetGroupName: "{{ tg_name }}"
-# Order: 2
-# register: alb
-#
-# - assert:
-# that:
-# - not alb.changed
-# - alb.listeners|length == 1
-# - alb.listeners[0].rules[0].actions|length == 2
-#
-# - name: test non-default rule with multiple actions
-# elb_application_lb:
-# name: "{{ alb_name }}"
-# subnets: "{{ alb_subnets }}"
-# security_groups: "{{ sec_group.group_id }}"
-# state: present
-# listeners:
-# - Protocol: HTTP
-# Port: 80
-# DefaultActions:
-# - Type: authenticate-oidc
-# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}"
-# Order: 1
-# - Type: forward
-# TargetGroupName: "{{ tg_name }}"
-# Order: 2
-# Rules:
-# - Conditions:
-# - Field: path-pattern
-# Values:
-# - "*"
-# Priority: 1
-# Actions:
-# - Type: forward
-# TargetGroupName: "{{ tg_name }}"
-# Order: 2
-# - Type: authenticate-oidc
-# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}"
-# Order: 1
-# register: alb
-#
-# - assert:
-# that:
-# - alb.changed
-# - alb.listeners|length == 1
-# - alb.listeners[0].rules[0].actions|length == 2
-# - alb.listeners[0].rules[1].actions|length == 2
-#
-# - name: test idempotency non-default rule with multiple actions
-# elb_application_lb:
-# name: "{{ alb_name }}"
-# subnets: "{{ alb_subnets }}"
-# security_groups: "{{ sec_group.group_id }}"
-# state: present
-# listeners:
-# - Protocol: HTTP
-# Port: 80
-# DefaultActions:
-# - Type: authenticate-oidc
-# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}"
-# Order: 1
-# - Type: forward
-# TargetGroupName: "{{ tg_name }}"
-# Order: 2
-# Rules:
-# - Conditions:
-# - Field: path-pattern
-# Values:
-# - "*"
-# Priority: 1
-# Actions:
-# - Type: forward
-# TargetGroupName: "{{ tg_name }}"
-# Order: 2
-# - Type: authenticate-oidc
-# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}"
-# Order: 1
-# register: alb
-#
-# - assert:
-# that:
-# - not alb.changed
-# - alb.listeners|length == 1
-# - alb.listeners[0].rules[0].actions|length == 2
-# - alb.listeners[0].rules[1].actions|length == 2
-#
-# - name: test non-default rule action order change
-# elb_application_lb:
-# name: "{{ alb_name }}"
-# subnets: "{{ alb_subnets }}"
-# security_groups: "{{ sec_group.group_id }}"
-# state: present
-# listeners:
-# - Protocol: HTTP
-# Port: 80
-# DefaultActions:
-# - Type: authenticate-oidc
-# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}"
-# Order: 1
-# - Type: forward
-# TargetGroupName: "{{ tg_name }}"
-# Order: 2
-# Rules:
-# - Conditions:
-# - Field: path-pattern
-# Values:
-# - "*"
-# Priority: 1
-# Actions:
-# - Type: authenticate-oidc
-# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}"
-# Order: 1
-# - Type: forward
-# TargetGroupName: "{{ tg_name }}"
-# Order: 2
-# register: alb
-#
-# - assert:
-# that:
-# - not alb.changed
-# - alb.listeners|length == 1
-# - alb.listeners[0].rules[0].actions|length == 2
-# - alb.listeners[0].rules[1].actions|length == 2
diff --git a/tests/integration/targets/elb_application_lb_info/aliases b/tests/integration/targets/elb_application_lb_info/aliases
deleted file mode 100644
index 4ef4b2067d0..00000000000
--- a/tests/integration/targets/elb_application_lb_info/aliases
+++ /dev/null
@@ -1 +0,0 @@
-cloud/aws
diff --git a/tests/integration/targets/elb_application_lb_info/defaults/main.yml b/tests/integration/targets/elb_application_lb_info/defaults/main.yml
deleted file mode 100644
index d0c601c6a04..00000000000
--- a/tests/integration/targets/elb_application_lb_info/defaults/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-resource_short: "{{ '%0.8x'%((16**8) | random(seed=resource_prefix)) }}"
-alb_name: "alb-test-{{ resource_short }}"
-tg_name: "alb-test-{{ resource_short }}"
diff --git a/tests/integration/targets/elb_application_lb_info/meta/main.yml b/tests/integration/targets/elb_application_lb_info/meta/main.yml
deleted file mode 100644
index 1810d4bec98..00000000000
--- a/tests/integration/targets/elb_application_lb_info/meta/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-dependencies:
- - setup_remote_tmp_dir
diff --git a/tests/integration/targets/elb_application_lb_info/tasks/full_test.yml b/tests/integration/targets/elb_application_lb_info/tasks/full_test.yml
deleted file mode 100644
index 7603a0454ab..00000000000
--- a/tests/integration/targets/elb_application_lb_info/tasks/full_test.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-- name: elb_application_lb full_test
- block:
- # setup
- - include_tasks: setup.yml
-
- # Run main tests
- - include_tasks: test_elb_application_lb_info.yml
-
- always:
- # Cleanup
- - include_tasks: teardown.yml
diff --git a/tests/integration/targets/elb_application_lb_info/tasks/main.yml b/tests/integration/targets/elb_application_lb_info/tasks/main.yml
deleted file mode 100644
index 5d9eb4fe73f..00000000000
--- a/tests/integration/targets/elb_application_lb_info/tasks/main.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-- name: 'elb_application_lb_info integration tests'
- collections:
- - amazon.aws
- module_defaults:
- group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
- region: '{{ aws_region }}'
- block:
- - include_tasks: full_test.yml
diff --git a/tests/integration/targets/elb_application_lb_info/tasks/setup.yml b/tests/integration/targets/elb_application_lb_info/tasks/setup.yml
deleted file mode 100644
index 26289d230d0..00000000000
--- a/tests/integration/targets/elb_application_lb_info/tasks/setup.yml
+++ /dev/null
@@ -1,84 +0,0 @@
-- name: elb_application_lb_info setup
- block:
- - name: create VPC
- ec2_vpc_net:
- cidr_block: 10.228.228.0/22
- name: '{{ resource_prefix }}_vpc'
- state: present
- register: vpc
-
- - name: create internet gateway
- ec2_vpc_igw:
- vpc_id: '{{ vpc.vpc.id }}'
- state: present
- tags:
- Name: '{{ resource_prefix }}'
- register: igw
-
- - name: create public subnet
- ec2_vpc_subnet:
- cidr: '{{ item.cidr }}'
- az: '{{ aws_region}}{{ item.az }}'
- vpc_id: '{{ vpc.vpc.id }}'
- state: present
- tags:
- Public: '{{ item.public|string }}'
- Name: '{{ item.public|ternary(''public'', ''private'') }}-{{ item.az }}'
- with_items:
- - cidr: 10.228.228.0/24
- az: a
- public: 'True'
- - cidr: 10.228.229.0/24
- az: b
- public: 'True'
- - cidr: 10.228.230.0/24
- az: a
- public: 'False'
- - cidr: 10.228.231.0/24
- az: b
- public: 'False'
- register: subnets
-
- - ec2_vpc_subnet_info:
- filters:
- vpc-id: '{{ vpc.vpc.id }}'
- register: vpc_subnets
-
- - name: create list of subnet ids
- set_fact:
- alb_subnets: "{{ ( vpc_subnets.subnets | selectattr('tags.Public', 'equalto', 'True') | map(attribute='id') | list ) }}"
- private_subnets: "{{ ( vpc_subnets.subnets | rejectattr('tags.Public', 'equalto', 'True') | map(attribute='id') | list ) }}"
-
- - name: create a route table
- ec2_vpc_route_table:
- vpc_id: '{{ vpc.vpc.id }}'
- tags:
- Name: igw-route
- Created: '{{ resource_prefix }}'
- subnets: '{{ alb_subnets + private_subnets }}'
- routes:
- - dest: 0.0.0.0/0
- gateway_id: '{{ igw.gateway_id }}'
- register: route_table
-
- - ec2_group:
- name: '{{ resource_prefix }}'
- description: security group for Ansible ALB integration tests
- state: present
- vpc_id: '{{ vpc.vpc.id }}'
- rules:
- - proto: tcp
- from_port: 1
- to_port: 65535
- cidr_ip: 0.0.0.0/0
- register: sec_group
-
- - name: create a target group for testing
- elb_target_group:
- name: '{{ tg_name }}'
- protocol: http
- port: 80
- vpc_id: '{{ vpc.vpc.id }}'
- state: present
- register: tg
-
diff --git a/tests/integration/targets/elb_application_lb_info/tasks/teardown.yml b/tests/integration/targets/elb_application_lb_info/tasks/teardown.yml
deleted file mode 100644
index 24326e343a6..00000000000
--- a/tests/integration/targets/elb_application_lb_info/tasks/teardown.yml
+++ /dev/null
@@ -1,83 +0,0 @@
-- name: elb_application_lb_info teardown
- block:
- - name: destroy ALB
- elb_application_lb:
- name: '{{ alb_name }}'
- state: absent
- wait: true
- wait_timeout: 600
- ignore_errors: true
-
- - name: destroy target group if it was created
- elb_target_group:
- name: '{{ tg_name }}'
- protocol: http
- port: 80
- vpc_id: '{{ vpc.vpc.id }}'
- state: absent
- wait: true
- wait_timeout: 600
- register: remove_tg
- retries: 5
- delay: 3
- until: remove_tg is success
- when: tg is defined
- ignore_errors: true
- - name: destroy sec group
- ec2_group:
- name: '{{ sec_group.group_name }}'
- description: security group for Ansible ALB integration tests
- state: absent
- vpc_id: '{{ vpc.vpc.id }}'
- register: remove_sg
- retries: 10
- delay: 5
- until: remove_sg is success
- ignore_errors: true
- - name: remove route table
- ec2_vpc_route_table:
- vpc_id: '{{ vpc.vpc.id }}'
- route_table_id: '{{ route_table.route_table.route_table_id }}'
- lookup: id
- state: absent
- register: remove_rt
- retries: 10
- delay: 5
- until: remove_rt is success
- ignore_errors: true
- - name: destroy subnets
- ec2_vpc_subnet:
- cidr: '{{ item.cidr }}'
- vpc_id: '{{ vpc.vpc.id }}'
- state: absent
- register: remove_subnet
- retries: 10
- delay: 5
- until: remove_subnet is success
- with_items:
- - cidr: 10.228.228.0/24
- - cidr: 10.228.229.0/24
- - cidr: 10.228.230.0/24
- - cidr: 10.228.231.0/24
- ignore_errors: true
- - name: destroy internet gateway
- ec2_vpc_igw:
- vpc_id: '{{ vpc.vpc.id }}'
- tags:
- Name: '{{ resource_prefix }}'
- state: absent
- register: remove_igw
- retries: 10
- delay: 5
- until: remove_igw is success
- ignore_errors: true
- - name: destroy VPC
- ec2_vpc_net:
- cidr_block: 10.228.228.0/22
- name: '{{ resource_prefix }}_vpc'
- state: absent
- register: remove_vpc
- retries: 10
- delay: 5
- until: remove_vpc is success
- ignore_errors: true
diff --git a/tests/integration/targets/elb_application_lb_info/tasks/test_elb_application_lb_info.yml b/tests/integration/targets/elb_application_lb_info/tasks/test_elb_application_lb_info.yml
deleted file mode 100644
index 229ac43001b..00000000000
--- a/tests/integration/targets/elb_application_lb_info/tasks/test_elb_application_lb_info.yml
+++ /dev/null
@@ -1,41 +0,0 @@
-- block:
-
- - name: create ALB with a listener
- elb_application_lb:
- name: "{{ alb_name }}"
- subnets: "{{ alb_subnets }}"
- security_groups: "{{ sec_group.group_id }}"
- state: present
- listeners:
- - Protocol: HTTP
- Port: 80
- DefaultActions:
- - Type: forward
- TargetGroupName: "{{ tg_name }}"
- register: alb
-
- - assert:
- that:
- - alb.changed
- - alb.listeners|length == 1
- - alb.listeners[0].rules|length == 1
-
- - name: ELB applicaiton info using load balancer arn
- elb_application_lb_info:
- load_balancer_arns:
- - "{{ alb.load_balancer_arn }}"
- register: elb_app_lb_info
-
- - assert:
- that:
- - elb_app_lb_info.load_balancers[0].ip_address_type == 'ipv4'
-
- - name: ELB applicaiton info using load balancer name
- elb_application_lb_info:
- names:
- - "{{ alb.load_balancer_name }}"
- register: elb_app_lb_info
-
- - assert:
- that:
- - elb_app_lb_info.load_balancers[0].ip_address_type == 'ipv4'