From 66a38ac90fef399b092b6895117450c6ba975105 Mon Sep 17 00:00:00 2001 From: Joseph Torcasso Date: Thu, 27 Jan 2022 14:39:24 -0500 Subject: [PATCH 01/13] add check_mode support for elb_application_lb & refactor integration tests --- plugins/modules/elb_application_lb.py | 62 +- .../elb_application_lb/defaults/main.yml | 14 +- .../elb_application_lb/tasks/full_test.yml | 186 --- .../targets/elb_application_lb/tasks/main.yml | 1135 ++++++++++++++++- .../tasks/test_alb_bad_listener_options.yml | 68 - .../test_alb_ip_address_type_options.yml | 93 -- .../tasks/test_alb_tags.yml | 78 -- .../tasks/test_alb_with_asg.yml | 73 -- .../tasks/test_creating_alb.yml | 41 - .../tasks/test_deleting_alb.yml | 37 - .../tasks/test_modifying_alb_listeners.yml | 222 ---- .../tasks/test_multiple_actions.yml | 447 ------- 12 files changed, 1192 insertions(+), 1264 deletions(-) delete mode 100644 tests/integration/targets/elb_application_lb/tasks/full_test.yml delete mode 100644 tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml delete mode 100644 tests/integration/targets/elb_application_lb/tasks/test_alb_ip_address_type_options.yml delete mode 100644 tests/integration/targets/elb_application_lb/tasks/test_alb_tags.yml delete mode 100644 tests/integration/targets/elb_application_lb/tasks/test_alb_with_asg.yml delete mode 100644 tests/integration/targets/elb_application_lb/tasks/test_creating_alb.yml delete mode 100644 tests/integration/targets/elb_application_lb/tasks/test_deleting_alb.yml delete mode 100644 tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml delete mode 100644 tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index 4b547ace1c2..80979dbbfb6 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -102,7 +102,7 @@ type: list elements: dict description: - - A list of ALB Listener Rules. + - A list of ELB Listener Rules. - 'For the complete documentation of possible Conditions and Actions please see the boto3 documentation:' - 'https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/elbv2.html#ElasticLoadBalancingv2.Client.create_rule' suboptions: @@ -240,9 +240,9 @@ TargetGroupName: # Required. The name of the target group state: present -# Create an ALB with listeners and rules +# Create an ELB with listeners and rules - community.aws.elb_application_lb: - name: test-alb + name: test-elb subnets: - subnet-12345678 - subnet-87654321 @@ -466,8 +466,9 @@ ''' from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict, boto3_tag_list_to_ansible_dict, compare_aws_tags - +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import compare_aws_tags from ansible_collections.amazon.aws.plugins.module_utils.elbv2 import ( ApplicationLoadBalancer, ELBListener, @@ -482,21 +483,29 @@ def create_or_update_elb(elb_obj): """Create ELB or modify main attributes. json_exit here""" if elb_obj.elb: # ELB exists so check subnets, security groups and tags match what has been passed - # Subnets if not elb_obj.compare_subnets(): + if elb_obj.module.check_mode: + elb_obj.module.exit_json(changed=True, msg='Would have updated ELB if not in check mode.') elb_obj.modify_subnets() # Security Groups if not elb_obj.compare_security_groups(): + if elb_obj.module.check_mode: + elb_obj.module.exit_json(changed=True, msg='Would have updated ELB if not in check mode.') elb_obj.modify_security_groups() # Tags - only need to play with tags if tags parameter has been set to something if elb_obj.tags is not None: - # Delete necessary tags tags_need_modify, tags_to_delete = compare_aws_tags(boto3_tag_list_to_ansible_dict(elb_obj.elb['tags']), boto3_tag_list_to_ansible_dict(elb_obj.tags), elb_obj.purge_tags) + + # Exit on check_mode + if elb_obj.module.check_mode and (tags_need_modify or tags_to_delete): + elb_obj.module.exit_json(changed=True, msg='Would have updated ELB if not in check mode.') + + # Delete necessary tags if tags_to_delete: elb_obj.delete_tags(tags_to_delete) @@ -506,6 +515,8 @@ def create_or_update_elb(elb_obj): else: # Create load balancer + if elb_obj.module.check_mode: + elb_obj.module.exit_json(changed=True, msg='Would have created ELB if not in check mode.') elb_obj.create_elb() # ELB attributes @@ -514,9 +525,12 @@ def create_or_update_elb(elb_obj): # Listeners listeners_obj = ELBListeners(elb_obj.connection, elb_obj.module, elb_obj.elb['LoadBalancerArn']) - listeners_to_add, listeners_to_modify, listeners_to_delete = listeners_obj.compare_listeners() + # Exit on check_mode + if elb_obj.module.check_mode and (listeners_to_add or listeners_to_modify or listeners_to_delete): + elb_obj.module.exit_json(changed=True, msg='Would have updated ELB if not in check mode.') + # Delete listeners for listener_to_delete in listeners_to_delete: listener_obj = ELBListener(elb_obj.connection, elb_obj.module, listener_to_delete, elb_obj.elb['LoadBalancerArn']) @@ -543,9 +557,12 @@ def create_or_update_elb(elb_obj): for listener in listeners_obj.listeners: if 'Rules' in listener: rules_obj = ELBListenerRules(elb_obj.connection, elb_obj.module, elb_obj.elb['LoadBalancerArn'], listener['Rules'], listener['Port']) - rules_to_add, rules_to_modify, rules_to_delete = rules_obj.compare_rules() + # Exit on check_mode + if elb_obj.module.check_mode and (rules_to_add or rules_to_modify or rules_to_delete): + elb_obj.module.exit_json(changed=True, msg='Would have updated ELB if not in check mode.') + # Delete rules if elb_obj.module.params['purge_rules']: for rule in rules_to_delete: @@ -566,8 +583,17 @@ def create_or_update_elb(elb_obj): elb_obj.changed = True # Update ELB ip address type only if option has been provided - if elb_obj.module.params.get('ip_address_type') is not None: + if elb_obj.module.params.get('ip_address_type') and elb_obj.elb_ip_addr_type != elb_obj.module.params.get('ip_address_type'): + # Exit on check_mode + if elb_obj.module.check_mode: + elb_obj.module.exit_json(changed=True, msg='Would have updated ELB if not in check mode.') + elb_obj.modify_ip_address_type(elb_obj.module.params.get('ip_address_type')) + + # Exit on check_mode - no changes + if elb_obj.module.check_mode: + elb_obj.module.exit_json(changed=False, msg='IN CHECK MODE - no changes to make to ELB specified.') + # Get the ELB again elb_obj.update() @@ -598,6 +624,11 @@ def create_or_update_elb(elb_obj): def delete_elb(elb_obj): if elb_obj.elb: + + # Exit on check_mode + if elb_obj.module.check_mode: + elb_obj.module.exit_json(changed=True, msg='Would have deleted ELB if not in check mode.') + listeners_obj = ELBListeners(elb_obj.connection, elb_obj.module, elb_obj.elb['LoadBalancerArn']) for listener_to_delete in [i['ListenerArn'] for i in listeners_obj.current_listeners]: listener_obj = ELBListener(elb_obj.connection, elb_obj.module, listener_to_delete, elb_obj.elb['LoadBalancerArn']) @@ -605,6 +636,12 @@ def delete_elb(elb_obj): elb_obj.delete() + else: + + # Exit on check_mode - no changes + if elb_obj.module.check_mode: + elb_obj.module.exit_json(changed=False, msg='IN CHECK MODE - ELB already absent.') + elb_obj.module.exit_json(changed=elb_obj.changed) @@ -648,7 +685,8 @@ def main(): ], required_together=[ ['access_logs_enabled', 'access_logs_s3_bucket'] - ] + ], + supports_check_mode=True, ) # Quick check of listeners parameters @@ -672,7 +710,7 @@ def main(): if state == 'present': create_or_update_elb(elb) - else: + elif state == 'absent': delete_elb(elb) diff --git a/tests/integration/targets/elb_application_lb/defaults/main.yml b/tests/integration/targets/elb_application_lb/defaults/main.yml index d0c601c6a04..001da8af9de 100644 --- a/tests/integration/targets/elb_application_lb/defaults/main.yml +++ b/tests/integration/targets/elb_application_lb/defaults/main.yml @@ -1,4 +1,14 @@ --- +# defaults file for elb_application_lb + resource_short: "{{ '%0.8x'%((16**8) | random(seed=resource_prefix)) }}" -alb_name: "alb-test-{{ resource_short }}" -tg_name: "alb-test-{{ resource_short }}" +elb_name: "elb-test-{{ resource_short }}" +tg_name: "elb-test-{{ resource_short }}" + +vpc_cidr: '10.{{ 256 | random(seed=resource_prefix) }}.0.0/16' + +private_subnet_cidr_1: '10.{{ 256 | random(seed=resource_prefix) }}.1.0/24' +private_subnet_cidr_2: '10.{{ 256 | random(seed=resource_prefix) }}.2.0/24' + +public_subnet_cidr_1: '10.{{ 256 | random(seed=resource_prefix) }}.3.0/24' +public_subnet_cidr_2: '10.{{ 256 | random(seed=resource_prefix) }}.4.0/24' \ No newline at end of file diff --git a/tests/integration/targets/elb_application_lb/tasks/full_test.yml b/tests/integration/targets/elb_application_lb/tasks/full_test.yml deleted file mode 100644 index e260d0f7f5c..00000000000 --- a/tests/integration/targets/elb_application_lb/tasks/full_test.yml +++ /dev/null @@ -1,186 +0,0 @@ -- name: elb_application_lb full_test - block: - # Setup - - name: create VPC - ec2_vpc_net: - cidr_block: 10.228.228.0/22 - name: '{{ resource_prefix }}_vpc' - state: present - ipv6_cidr: true - register: vpc - - name: create internet gateway - ec2_vpc_igw: - vpc_id: '{{ vpc.vpc.id }}' - state: present - tags: - Name: '{{ resource_prefix }}' - register: igw - - name: create private subnet - ec2_vpc_subnet: - cidr: '{{ item.cidr }}' - az: '{{ aws_region}}{{ item.az }}' - vpc_id: '{{ vpc.vpc.id }}' - state: present - tags: - Public: '{{ item.public|string }}' - Name: '{{ item.public|ternary(''public'', ''private'') }}-{{ item.az }}' - with_items: - - cidr: 10.228.230.0/24 - az: a - public: 'False' - - cidr: 10.228.231.0/24 - az: b - public: 'False' - - - name: create public subnets with ipv6 - ec2_vpc_subnet: - cidr: '{{ item.cidr }}' - az: '{{ aws_region}}{{ item.az }}' - vpc_id: '{{ vpc.vpc.id }}' - state: present - ipv6_cidr: '{{ item.vpc_ipv6_cidr }}' - tags: - Public: '{{ item.public|string }}' - Name: '{{ item.public|ternary(''public'', ''private'') }}-{{ item.az }}' - with_items: - - cidr: 10.228.228.0/24 - az: a - public: 'True' - vpc_ipv6_cidr: "{{ vpc.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('0::/56','0::/64') }}" - - cidr: 10.228.229.0/24 - az: b - public: 'True' - vpc_ipv6_cidr: "{{ vpc.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('0::/56','1::/64') }}" - - - ec2_vpc_subnet_info: - filters: - vpc-id: '{{ vpc.vpc.id }}' - register: vpc_subnets - - name: create list of subnet ids - set_fact: - alb_subnets: '{{ vpc_subnets|community.general.json_query(''subnets[?tags.Public == `True`].id'') }}' - private_subnets: '{{ vpc_subnets|community.general.json_query(''subnets[?tags.Public != `True`].id'') }}' - - name: create a route table - ec2_vpc_route_table: - vpc_id: '{{ vpc.vpc.id }}' - tags: - Name: igw-route - Created: '{{ resource_prefix }}' - subnets: '{{ alb_subnets + private_subnets }}' - routes: - - dest: 0.0.0.0/0 - gateway_id: '{{ igw.gateway_id }}' - register: route_table - - ec2_group: - name: '{{ resource_prefix }}' - description: security group for Ansible ALB integration tests - state: present - vpc_id: '{{ vpc.vpc.id }}' - rules: - - proto: tcp - from_port: 1 - to_port: 65535 - cidr_ip: 0.0.0.0/0 - register: sec_group - - name: create a target group for testing - elb_target_group: - name: '{{ tg_name }}' - protocol: http - port: 80 - vpc_id: '{{ vpc.vpc.id }}' - state: present - register: tg - - # Run main tests - - include_tasks: test_alb_bad_listener_options.yml - - include_tasks: test_alb_ip_address_type_options.yml - - include_tasks: test_alb_tags.yml - - include_tasks: test_creating_alb.yml - - include_tasks: test_alb_with_asg.yml - - include_tasks: test_modifying_alb_listeners.yml - - include_tasks: test_deleting_alb.yml - - include_tasks: test_multiple_actions.yml - - always: - # Cleanup - - name: destroy ALB - elb_application_lb: - name: '{{ alb_name }}' - state: absent - wait: true - wait_timeout: 600 - ignore_errors: true - - - name: destroy target group if it was created - elb_target_group: - name: '{{ tg_name }}' - protocol: http - port: 80 - vpc_id: '{{ vpc.vpc.id }}' - state: absent - wait: true - wait_timeout: 600 - register: remove_tg - retries: 5 - delay: 3 - until: remove_tg is success - when: tg is defined - ignore_errors: true - - name: destroy sec group - ec2_group: - name: '{{ sec_group.group_name }}' - description: security group for Ansible ALB integration tests - state: absent - vpc_id: '{{ vpc.vpc.id }}' - register: remove_sg - retries: 10 - delay: 5 - until: remove_sg is success - ignore_errors: true - - name: remove route table - ec2_vpc_route_table: - vpc_id: '{{ vpc.vpc.id }}' - route_table_id: '{{ route_table.route_table.route_table_id }}' - lookup: id - state: absent - register: remove_rt - retries: 10 - delay: 5 - until: remove_rt is success - ignore_errors: true - - name: destroy subnets - ec2_vpc_subnet: - cidr: '{{ item.cidr }}' - vpc_id: '{{ vpc.vpc.id }}' - state: absent - register: remove_subnet - retries: 10 - delay: 5 - until: remove_subnet is success - with_items: - - cidr: 10.228.228.0/24 - - cidr: 10.228.229.0/24 - - cidr: 10.228.230.0/24 - - cidr: 10.228.231.0/24 - ignore_errors: true - - name: destroy internet gateway - ec2_vpc_igw: - vpc_id: '{{ vpc.vpc.id }}' - tags: - Name: '{{ resource_prefix }}' - state: absent - register: remove_igw - retries: 10 - delay: 5 - until: remove_igw is success - ignore_errors: true - - name: destroy VPC - ec2_vpc_net: - cidr_block: 10.228.228.0/22 - name: '{{ resource_prefix }}_vpc' - state: absent - register: remove_vpc - retries: 10 - delay: 5 - until: remove_vpc is success - ignore_errors: true diff --git a/tests/integration/targets/elb_application_lb/tasks/main.yml b/tests/integration/targets/elb_application_lb/tasks/main.yml index 90914288d88..1d7c9544654 100644 --- a/tests/integration/targets/elb_application_lb/tasks/main.yml +++ b/tests/integration/targets/elb_application_lb/tasks/main.yml @@ -1,12 +1,1137 @@ - name: 'elb_application_lb integration tests' collections: - amazon.aws + module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region }}' + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + security_token: "{{ security_token | default(omit) }}" + region: "{{ aws_region }}" + block: + - name: Create a test VPC + ec2_vpc_net: + cidr_block: "{{ vpc_cidr }}" + name: '{{ resource_prefix }}_vpc' + state: present + ipv6_cidr: true + tags: + Name: elb_application_lb testing + ResourcePrefix: "{{ resource_prefix }}" + register: vpc + + - name: 'Set fact: VPC ID' + set_fact: + vpc_id: "{{ vpc.vpc.id }}" + + - name: Create an internet gateway + ec2_vpc_igw: + vpc_id: '{{ vpc_id }}' + state: present + tags: + Name: '{{ resource_prefix }}' + register: igw + + - name: Create private subnets + ec2_vpc_subnet: + cidr: '{{ item.cidr }}' + az: '{{ aws_region }}{{ item.az }}' + vpc_id: '{{ vpc_id }}' + state: present + tags: + Public: 'False' + Name: 'private-{{ item.az }}' + with_items: + - cidr: "{{ private_subnet_cidr_1 }}" + az: a + - cidr: "{{ private_subnet_cidr_2 }}" + az: b + + - name: Create public subnets with ipv6 + ec2_vpc_subnet: + cidr: '{{ item.cidr }}' + az: '{{ aws_region }}{{ item.az }}' + vpc_id: '{{ vpc_id }}' + state: present + ipv6_cidr: '{{ item.vpc_ipv6_cidr }}' + tags: + Public: 'True' + Name: 'public-{{ item.az }}' + with_items: + - cidr: "{{ public_subnet_cidr_1 }}" + az: a + vpc_ipv6_cidr: "{{ vpc.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('0::/56','0::/64') }}" + - cidr: "{{ public_subnet_cidr_2 }}" + az: b + vpc_ipv6_cidr: "{{ vpc.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('0::/56','1::/64') }}" + register: public_subnets + + - ec2_vpc_subnet_info: + filters: + vpc-id: '{{ vpc_id }}' + register: vpc_subnets + + - name: Create list of subnet ids + set_fact: + public_subnets: '{{ vpc_subnets|community.general.json_query(''subnets[?tags.Public == `True`].id'') }}' + private_subnets: '{{ vpc_subnets|community.general.json_query(''subnets[?tags.Public != `True`].id'') }}' + + - name: Create a route table + ec2_vpc_route_table: + vpc_id: '{{ vpc_id }}' + tags: + Name: igw-route + Created: '{{ resource_prefix }}' + subnets: '{{ public_subnets + private_subnets }}' + routes: + - dest: 0.0.0.0/0 + gateway_id: '{{ igw.gateway_id }}' + register: route_table + + - name: Create a security group for Ansible ELB integration tests + ec2_group: + name: '{{ resource_prefix }}' + description: security group for Ansible ELB integration tests + state: present + vpc_id: '{{ vpc_id }}' + rules: + - proto: tcp + from_port: 1 + to_port: 65535 + cidr_ip: 0.0.0.0/0 + register: sec_group + + - name: Create another security group for Ansible ELB integration tests + ec2_group: + name: '{{ resource_prefix }}-2' + description: security group for Ansible ELB integration tests + state: present + vpc_id: '{{ vpc_id }}' + rules: + - proto: tcp + from_port: 1 + to_port: 65535 + cidr_ip: 0.0.0.0/0 + register: sec_group2 + + - name: Create a target group for testing + elb_target_group: + name: '{{ tg_name }}' + protocol: http + port: 80 + vpc_id: '{{ vpc_id }}' + state: present + register: tg + + # ================ elb_application_lb tests =================================================== + + - name: Create an ELB (invalid - SslPolicy is required when Protocol == HTTPS) + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTPS + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ignore_errors: yes + register: elb + + - assert: + that: + - elb is failed + - elb.msg is match("'SslPolicy' is a required listener dict key when Protocol = HTTPS") + + - name: Create an ELB (invalid - didn't provide required listener options) + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Port: 80 + ignore_errors: yes + register: elb + + - assert: + that: + - elb is failed + - elb.msg is match("missing required arguments:\ DefaultActions, Protocol found in listeners") + + - name: Create an ELB (invalid - providing an invalid listener option type) + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: "bad type" + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ignore_errors: yes + register: elb + + - assert: + that: + - elb is failed + - "'unable to convert to int' in elb.msg" + + - name: test creating an ELB with invalid ip address type + elb_application_lb: + name: "{{ elb_name_ipv6 }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: "ip_addr_v4_v6" + ignore_errors: yes + register: elb + + - assert: + that: + - elb is failed + + # ------------------------------------------------------------------------------------------ + + - name: Create an ELB with ip address type - check_mode + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: 'dualstack' + register: elb + check_mode: yes + + - assert: + that: + - elb is changed + - elb.msg is match('Would have created ELB if not in check mode.') + + - name: Create an ELB with ip address type + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: 'dualstack' + register: elb + + - assert: + that: + - elb is changed + - elb.ip_address_type == 'dualstack' + - elb.listeners[0].rules | length == 1 + + - name: Create an ELB with ip address type (idempotence) - check_mode + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: 'dualstack' + register: elb + check_mode: yes + + - assert: + that: + - elb is not changed + - elb.msg is match('IN CHECK MODE - no changes to make to ELB specified.') + + - name: Create an ELB with ip address type (idempotence) + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: 'dualstack' + register: elb + + - assert: + that: + - elb is not changed + - elb.ip_address_type == 'dualstack' + + # ------------------------------------------------------------------------------------------ + + - name: Update an ELB with different ip address type - check_mode + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: 'ipv4' + register: elb + check_mode: yes + + - assert: + that: + - elb is changed + - elb.msg is match('Would have updated ELB if not in check mode.') + + - name: Update an ELB with different ip address type + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: 'ipv4' + register: elb + + - assert: + that: + - elb is changed + - elb.ip_address_type == 'ipv4' + + - name: Update an ELB with different ip address type (idempotence) - check_mode + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: 'ipv4' + register: elb + check_mode: yes + + - assert: + that: + - elb is not changed + - elb.msg is match('IN CHECK MODE - no changes to make to ELB specified.') + + - name: Update an ELB with different ip address type (idempotence) + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: 'ipv4' + register: elb + + - assert: + that: + - elb is not changed + - elb.ip_address_type == 'ipv4' + + # ------------------------------------------------------------------------------------------ + + - name: Update an ELB with different listener by adding rule - check_mode + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: + - Conditions: + - Field: path-pattern + Values: + - '/test' + Priority: '1' + Actions: + - TargetGroupName: "{{ tg_name }}" + Type: forward + register: elb + check_mode: yes + + - assert: + that: + - elb is changed + - elb.msg is match('Would have updated ELB if not in check mode.') + + - name: Update an ELB with different listener by adding rule + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: + - Conditions: + - Field: path-pattern + Values: + - '/test' + Priority: '1' + Actions: + - TargetGroupName: "{{ tg_name }}" + Type: forward + register: elb + + - assert: + that: + - elb is changed + - elb.listeners[0].rules | length == 2 + - "'1' in {{ elb.listeners[0] | community.general.json_query('rules[*].priority') }}" + + - name: Update an ELB with different listener by adding rule (idempotence) - check_mode + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: + - Conditions: + - Field: path-pattern + Values: + - '/test' + Priority: '1' + Actions: + - TargetGroupName: "{{ tg_name }}" + Type: forward + register: elb + check_mode: yes + + - assert: + that: + - elb is not changed + - elb.msg is match('IN CHECK MODE - no changes to make to ELB specified.') + + - name: Update an ELB with different listener by adding rule (idempotence) + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: + - Conditions: + - Field: path-pattern + Values: + - '/test' + Priority: '1' + Actions: + - TargetGroupName: "{{ tg_name }}" + Type: forward + register: elb + + - assert: + that: + - elb is not changed + - elb.listeners[0].rules | length == 2 + - "'1' in {{ elb.listeners[0] | community.general.json_query('rules[*].priority') }}" + + # ------------------------------------------------------------------------------------------ + + - name: Update an ELB with different listener by modifying rule - check_mode + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: + - Conditions: + - Field: path-pattern + Values: + - '/test' + Priority: '2' + Actions: + - TargetGroupName: "{{ tg_name }}" + Type: forward + register: elb + check_mode: yes + + - assert: + that: + - elb is changed + - elb.msg is match('Would have updated ELB if not in check mode.') + + - name: Update an ELB with different listener by modifying rule + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: + - Conditions: + - Field: path-pattern + Values: + - '/test' + Priority: '2' + Actions: + - TargetGroupName: "{{ tg_name }}" + Type: forward + register: elb + + - assert: + that: + - elb is changed + - elb.listeners[0].rules | length == 2 + - "'2' in {{ elb.listeners[0] | community.general.json_query('rules[*].priority') }}" + + - name: Update an ELB with different listener by modifying rule (idempotence) - check_mode + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: + - Conditions: + - Field: path-pattern + Values: + - '/test' + Priority: '2' + Actions: + - TargetGroupName: "{{ tg_name }}" + Type: forward + register: elb + check_mode: yes + + - assert: + that: + - elb is not changed + - elb.msg is match('IN CHECK MODE - no changes to make to ELB specified.') + + - name: Update an ELB with different listener by modifying rule (idempotence) + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: + - Conditions: + - Field: path-pattern + Values: + - '/test' + Priority: '2' + Actions: + - TargetGroupName: "{{ tg_name }}" + Type: forward + register: elb + + - assert: + that: + - elb is not changed + - elb.listeners[0].rules | length == 2 + - "'2' in {{ elb.listeners[0] | community.general.json_query('rules[*].priority') }}" + + # ------------------------------------------------------------------------------------------ + + - name: Update an ELB with different listener by deleting rule - check_mode + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: [] + register: elb + check_mode: yes + + - assert: + that: + - elb is changed + - elb.msg is match('Would have updated ELB if not in check mode.') + + - name: Update an ELB with different listener by deleting rule + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: [] + register: elb + + - assert: + that: + - elb is changed + - elb.listeners[0].rules | length == 1 + - "'2' not in {{ elb.listeners[0] | community.general.json_query('rules[*].priority') }}" + + - name: Update an ELB with different listener by deleting rule (idempotence) - check_mode + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: [] + register: elb + check_mode: yes + + - assert: + that: + - elb is not changed + - elb.msg is match('IN CHECK MODE - no changes to make to ELB specified.') + + - name: Update an ELB with different listener by deleting rule (idempotence) + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + Rules: [] + register: elb + + - assert: + that: + - elb is not changed + - elb.listeners[0].rules | length == 1 + - "'2' not in {{ elb.listeners[0] | community.general.json_query('rules[*].priority') }}" + + # ------------------------------------------------------------------------------------------ + + - name: Update an ELB by deleting listener - check_mode + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: [] + register: elb + check_mode: yes + + - assert: + that: + - elb is changed + - elb.msg is match('Would have updated ELB if not in check mode.') + + - name: Update an ELB by deleting listener + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: [] + register: elb + + - assert: + that: + - elb is changed + - not elb.listeners + + - name: Update an ELB by deleting listener (idempotence) - check_mode + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: [] + register: elb + check_mode: yes + + - assert: + that: + - elb is not changed + - elb.msg is match('IN CHECK MODE - no changes to make to ELB specified.') + + - name: Update an ELB by deleting listener (idempotence) + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: [] + register: elb + + - assert: + that: + - elb is not changed + - not elb.listeners + + # ------------------------------------------------------------------------------------------ + + - name: Update an ELB by adding tags - check_mode + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: + created_by: "ELB test {{ resource_prefix }}" + register: elb + check_mode: yes + + - assert: + that: + - elb is changed + - elb.msg is match('Would have updated ELB if not in check mode.') + + - name: Update an ELB by adding tags + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: + created_by: "ELB test {{ resource_prefix }}" + register: elb + + - assert: + that: + - elb is changed + - 'elb.tags == {"created_by": "ELB test {{ resource_prefix }}"}' + + - name: Update an ELB by adding tags (idempotence) - check_mode + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: + created_by: "ELB test {{ resource_prefix }}" + register: elb + check_mode: yes + + - assert: + that: + - elb is not changed + - elb.msg is match('IN CHECK MODE - no changes to make to ELB specified.') + + - name: Update an ELB by adding tags (idempotence) + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: + created_by: "ELB test {{ resource_prefix }}" + register: elb + + - assert: + that: + - elb is not changed + - 'elb.tags == {"created_by": "ELB test {{ resource_prefix }}"}' + + # ------------------------------------------------------------------------------------------ + + - name: Update an ELB by modifying tags - check_mode + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: + created_by: "ELB test {{ resource_prefix }}-2" + register: elb + check_mode: yes + + - assert: + that: + - elb is changed + - elb.msg is match('Would have updated ELB if not in check mode.') + + - name: Update an ELB by modifying tags + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: + created_by: "ELB test {{ resource_prefix }}-2" + register: elb + + - assert: + that: + - elb is changed + - 'elb.tags == {"created_by": "ELB test {{ resource_prefix }}-2"}' + + - name: Update an ELB by modifying tags (idempotence) - check_mode + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: + created_by: "ELB test {{ resource_prefix }}-2" + register: elb + check_mode: yes + + - assert: + that: + - elb is not changed + - elb.msg is match('IN CHECK MODE - no changes to make to ELB specified.') + + - name: Update an ELB by modifying tags (idempotence) + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: + created_by: "ELB test {{ resource_prefix }}-2" + register: elb + + - assert: + that: + - elb is not changed + - 'elb.tags == {"created_by": "ELB test {{ resource_prefix }}-2"}' + + # ------------------------------------------------------------------------------------------ + + - name: Update an ELB by removing tags - check_mode + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: {} + register: elb + check_mode: yes + + - assert: + that: + - elb is changed + - elb.msg is match('Would have updated ELB if not in check mode.') + + - name: Update an ELB by removing tags + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: {} + register: elb + + - assert: + that: + - elb is changed + - not elb.tags + + - name: Update an ELB by removing tags (idempotence) - check_mode + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: {} + register: elb + check_mode: yes + + - assert: + that: + - elb is not changed + - elb.msg is match('IN CHECK MODE - no changes to make to ELB specified.') + + - name: Update an ELB by removing tags (idempotence) + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + tags: {} + register: elb + + - assert: + that: + - elb is not changed + - not elb.tags + + # ------------------------------------------------------------------------------------------ + + - name: Update an ELB by changing security group - check_mode + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group2.group_id }}" + state: present + register: elb + check_mode: yes + + - assert: + that: + - elb is changed + - elb.msg is match('Would have updated ELB if not in check mode.') + + - name: Update an ELB by changing security group + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group2.group_id }}" + state: present + register: elb + + - assert: + that: + - elb is changed + - elb.security_groups[0] == sec_group2.group_id + + - name: Update an ELB by changing security group (idempotence) - check_mode + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group2.group_id }}" + state: present + register: elb + check_mode: yes + + - assert: + that: + - elb is not changed + - elb.msg is match('IN CHECK MODE - no changes to make to ELB specified.') + + - name: Update an ELB by changing security group (idempotence) + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group2.group_id }}" + state: present + register: elb + + - assert: + that: + - elb is not changed + - elb.security_groups[0] == sec_group2.group_id + + # ------------------------------------------------------------------------------------------ + + - name: Delete an ELB - check_mode + elb_application_lb: + name: "{{ elb_name }}" + state: absent + register: elb + check_mode: yes + + - assert: + that: + - elb is changed + - elb.msg is match('Would have deleted ELB if not in check mode.') + + - name: Delete an ELB + elb_application_lb: + name: "{{ elb_name }}" + state: absent + register: elb + + - assert: + that: + - elb is changed + + - name: Delete an ELB (idempotence) - check_mode + elb_application_lb: + name: "{{ elb_name }}" + state: absent + register: elb + check_mode: yes + + - assert: + that: + - elb is not changed + - elb.msg is match('IN CHECK MODE - ELB already absent.') + + - name: Delete an ELB (idempotence) + elb_application_lb: + name: "{{ elb_name }}" + state: absent + register: elb + + - assert: + that: + - elb is not changed + + # ----- Cleanup ------------------------------------------------------------------------------ + + always: + - name: Destroy ELB + elb_application_lb: + name: '{{ elb_name }}' + state: absent + wait: true + wait_timeout: 600 + ignore_errors: true + + - name: Destroy target group if it was created + elb_target_group: + name: '{{ tg_name }}' + protocol: http + port: 80 + vpc_id: '{{ vpc_id }}' + state: absent + wait: true + wait_timeout: 600 + register: remove_tg + retries: 5 + delay: 3 + until: remove_tg is success + when: tg is defined + ignore_errors: true + + - name: Destroy sec groups + ec2_group: + name: "{{ item }}" + description: security group for Ansible ELB integration tests + state: absent + vpc_id: '{{ vpc_id }}' + register: remove_sg + retries: 10 + delay: 5 + until: remove_sg is success + ignore_errors: true + with_items: + - "{{ resource_prefix }}" + - "{{ resource_prefix }}-2" + + - name: Destroy route table + ec2_vpc_route_table: + vpc_id: '{{ vpc_id }}' + route_table_id: '{{ route_table.route_table.route_table_id }}' + lookup: id + state: absent + register: remove_rt + retries: 10 + delay: 5 + until: remove_rt is success + ignore_errors: true + + - name: Destroy subnets + ec2_vpc_subnet: + cidr: "{{ item }}" + vpc_id: "{{ vpc_id }}" + state: absent + register: remove_subnet + retries: 10 + delay: 5 + until: remove_subnet is success + with_items: + - "{{ private_subnet_cidr_1 }}" + - "{{ private_subnet_cidr_2 }}" + - "{{ public_subnet_cidr_1 }}" + - "{{ public_subnet_cidr_2 }}" + ignore_errors: true + + - name: Destroy internet gateway + ec2_vpc_igw: + vpc_id: '{{ vpc_id }}' + tags: + Name: '{{ resource_prefix }}' + state: absent + register: remove_igw + retries: 10 + delay: 5 + until: remove_igw is success + ignore_errors: true - - include_tasks: full_test.yml + - name: Destroy VPC + ec2_vpc_net: + cidr_block: "{{ vpc_cidr }}" + name: "{{ resource_prefix }}_vpc" + state: absent + register: remove_vpc + retries: 10 + delay: 5 + until: remove_vpc is success + ignore_errors: true diff --git a/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml b/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml deleted file mode 100644 index a811e3f3054..00000000000 --- a/tests/integration/targets/elb_application_lb/tasks/test_alb_bad_listener_options.yml +++ /dev/null @@ -1,68 +0,0 @@ -- block: - - - name: test creating an ALB with invalid listener options - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTPS - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ignore_errors: yes - register: alb - - - assert: - that: - - alb is failed - - - name: test creating an ALB without providing required listener options - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Port: 80 - ignore_errors: yes - register: alb - - - assert: - that: - - alb is failed - - '"missing required arguments" in alb.msg' - - '"Protocol" in alb.msg' - - '"DefaultActions" in alb.msg' - - - name: test creating an ALB providing an invalid listener option type - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: "bad type" - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ignore_errors: yes - register: alb - - - assert: - that: - - alb is failed - - "'unable to convert to int' in alb.msg" - - always: - # Cleanup - - name: destroy ALB if created - elb_application_lb: - name: '{{ alb_name }}' - state: absent - wait: true - wait_timeout: 600 - ignore_errors: true diff --git a/tests/integration/targets/elb_application_lb/tasks/test_alb_ip_address_type_options.yml b/tests/integration/targets/elb_application_lb/tasks/test_alb_ip_address_type_options.yml deleted file mode 100644 index 9249d1161c0..00000000000 --- a/tests/integration/targets/elb_application_lb/tasks/test_alb_ip_address_type_options.yml +++ /dev/null @@ -1,93 +0,0 @@ -- block: - - name: set elb name for ipv6 - set_fact: - elb_name_ipv6: "{{ alb_name ~ 'ipv6' }}" - - - name: test creating an ELB with invalid ip address type - elb_application_lb: - name: "{{ elb_name_ipv6 }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ip_address_type: "ip_addr_v4_v6" - ignore_errors: yes - register: elb - - - assert: - that: - - elb is failed - - - name: test creating an ELB with dualstack ip adress type - elb_application_lb: - name: "{{ elb_name_ipv6 }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ip_address_type: "dualstack" - register: elb - - - assert: - that: - - elb.ip_address_type == "dualstack" - - - name: test updating an ELB with ipv4 adress type - elb_application_lb: - name: "{{ elb_name_ipv6 }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ip_address_type: "ipv4" - register: elb - - - assert: - that: - - elb.changed - - elb.ip_address_type == "ipv4" - - - name: test idempotence updating an ELB with ipv4 adress type - elb_application_lb: - name: "{{ elb_name_ipv6 }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ip_address_type: "ipv4" - register: elb - - - assert: - that: - - not elb.changed - - elb.ip_address_type == "ipv4" - - always: - # Cleanup - - name: destroy ALB if created - elb_application_lb: - name: '{{ elb_name_ipv6 }}' - state: absent - wait: true - wait_timeout: 600 - ignore_errors: true diff --git a/tests/integration/targets/elb_application_lb/tasks/test_alb_tags.yml b/tests/integration/targets/elb_application_lb/tasks/test_alb_tags.yml deleted file mode 100644 index 06b6d0249cc..00000000000 --- a/tests/integration/targets/elb_application_lb/tasks/test_alb_tags.yml +++ /dev/null @@ -1,78 +0,0 @@ -- block: - - - name: create ALB with no listeners - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - register: alb - - - assert: - that: - - alb.changed - - - name: re-create ALB with no listeners - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - register: alb - - - assert: - that: - - not alb.changed - - - name: add tags to ALB - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - tags: - created_by: "ALB test {{ resource_prefix }}" - register: alb - - - assert: - that: - - alb.changed - - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}"}' - - - name: remove tags from ALB - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - tags: {} - register: alb - - - assert: - that: - - alb.changed - - not alb.tags - - - name: test idempotence - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - tags: {} - register: alb - - - assert: - that: - - not alb.changed - - not alb.tags - - - name: destroy ALB with no listeners - elb_application_lb: - name: "{{ alb_name }}" - state: absent - register: alb - - - assert: - that: - - alb.changed diff --git a/tests/integration/targets/elb_application_lb/tasks/test_alb_with_asg.yml b/tests/integration/targets/elb_application_lb/tasks/test_alb_with_asg.yml deleted file mode 100644 index b066d88a210..00000000000 --- a/tests/integration/targets/elb_application_lb/tasks/test_alb_with_asg.yml +++ /dev/null @@ -1,73 +0,0 @@ -- block: - - - ec2_ami_info: - filters: - architecture: x86_64 - virtualization-type: hvm - root-device-type: ebs - name: "amzn-ami-hvm*" - owner-alias: "amazon" - register: amis - - - set_fact: - latest_amazon_linux: "{{ amis.images | sort(attribute='creation_date') | last }}" - - - ec2_asg: - state: absent - name: "{{ resource_prefix }}-webservers" - wait_timeout: 900 - - - ec2_lc: - name: "{{ resource_prefix }}-web-lcfg" - state: absent - - - name: Create launch config for testing - ec2_lc: - name: "{{ resource_prefix }}-web-lcfg" - assign_public_ip: true - image_id: "{{ latest_amazon_linux.image_id }}" - security_groups: "{{ sec_group.group_id }}" - instance_type: t2.medium - user_data: | - #!/bin/bash - set -x - yum update -y --nogpgcheck - yum install -y --nogpgcheck httpd - echo "Hello Ansiblings!" >> /var/www/html/index.html - service httpd start - volumes: - - device_name: /dev/xvda - volume_size: 10 - volume_type: gp2 - delete_on_termination: true - - - name: Create autoscaling group for app server fleet - ec2_asg: - name: "{{ resource_prefix }}-webservers" - vpc_zone_identifier: "{{ alb_subnets }}" - launch_config_name: "{{ resource_prefix }}-web-lcfg" - termination_policies: - - OldestLaunchConfiguration - - Default - health_check_period: 600 - health_check_type: EC2 - replace_all_instances: true - min_size: 0 - max_size: 2 - desired_capacity: 1 - wait_for_instances: true - target_group_arns: - - "{{ tg.target_group_arn }}" - - always: - - - ec2_asg: - state: absent - name: "{{ resource_prefix }}-webservers" - wait_timeout: 900 - ignore_errors: yes - - - ec2_lc: - name: "{{ resource_prefix }}-web-lcfg" - state: absent - ignore_errors: yes diff --git a/tests/integration/targets/elb_application_lb/tasks/test_creating_alb.yml b/tests/integration/targets/elb_application_lb/tasks/test_creating_alb.yml deleted file mode 100644 index f5e75ab3872..00000000000 --- a/tests/integration/targets/elb_application_lb/tasks/test_creating_alb.yml +++ /dev/null @@ -1,41 +0,0 @@ -- block: - - - name: create ALB with a listener - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - register: alb - - - assert: - that: - - alb.changed - - alb.listeners|length == 1 - - alb.listeners[0].rules|length == 1 - - - name: test idempotence creating ALB with a listener - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - register: alb - - - assert: - that: - - not alb.changed - - alb.listeners|length == 1 - - alb.listeners[0].rules|length == 1 diff --git a/tests/integration/targets/elb_application_lb/tasks/test_deleting_alb.yml b/tests/integration/targets/elb_application_lb/tasks/test_deleting_alb.yml deleted file mode 100644 index cf1335d6dbd..00000000000 --- a/tests/integration/targets/elb_application_lb/tasks/test_deleting_alb.yml +++ /dev/null @@ -1,37 +0,0 @@ -- block: - - - name: destroy ALB with listener - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: absent - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - wait: yes - wait_timeout: 300 - register: alb - - - name: test idempotence - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: absent - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - wait: yes - wait_timeout: 300 - register: alb - - - assert: - that: - - not alb.changed diff --git a/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml b/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml deleted file mode 100644 index 3cc8a857bca..00000000000 --- a/tests/integration/targets/elb_application_lb/tasks/test_modifying_alb_listeners.yml +++ /dev/null @@ -1,222 +0,0 @@ -- block: - - - name: add a rule to the listener - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: - - Conditions: - - Field: path-pattern - Values: - - '/test' - Priority: '1' - Actions: - - TargetGroupName: "{{ tg_name }}" - Type: forward - register: alb - - - assert: - that: - - alb.changed - - alb.listeners[0].rules|length == 2 - - - name: test replacing the rule with one with the same priority - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - purge_listeners: true - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: - - Conditions: - - Field: path-pattern - Values: - - '/new' - Priority: '1' - Actions: - - TargetGroupName: "{{ tg_name }}" - Type: forward - register: alb - - - assert: - that: - - alb.changed - - alb.listeners[0].rules|length == 2 - - - name: test the rule will not be removed without purge_listeners - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - register: alb - - - assert: - that: - - not alb.changed - - alb.listeners[0].rules|length == 2 - - - name: test a rule can be added and other rules will not be removed when purge_rules is no. - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - purge_rules: no - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: - - Conditions: - - Field: path-pattern - Values: - - '/new' - Priority: '2' - Actions: - - TargetGroupName: "{{ tg_name }}" - Type: forward - register: alb - - - assert: - that: - - alb.changed - - alb.listeners[0].rules|length == 3 - - - name: add a rule that uses the host header condition to the listener - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - purge_rules: no - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: - - Conditions: - - Field: host-header - Values: - - 'local.mydomain.com' - Priority: '3' - Actions: - - TargetGroupName: "{{ tg_name }}" - Type: forward - register: alb - - - assert: - that: - - alb.changed - - alb.listeners[0].rules|length == 4 - # - '{{ alb|community.general.json_query("listeners[].rules[].conditions[].host_header_config.values[]")|length == 1 }}' - - - name: test replacing the rule that uses the host header condition with multiple host header conditions - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - purge_rules: no - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: - - Conditions: - - Field: host-header - Values: - - 'local.mydomain.com' - - 'alternate.mydomain.com' - Priority: '3' - Actions: - - TargetGroupName: "{{ tg_name }}" - Type: forward - register: alb - - - assert: - that: - - alb.changed - - alb.listeners[0].rules|length == 4 - #- '{{ alb|community.general.json_query("listeners[].rules[].conditions[].host_header_config.values[]")|length == 2 }}' - - - name: remove the rule - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - purge_listeners: true - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - Rules: [] - register: alb - - - assert: - that: - - alb.changed - - alb.listeners[0].rules|length == 1 - - - name: remove listener from ALB - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: [] - register: alb - - - assert: - that: - - alb.changed - - not alb.listeners - - - name: add the listener to the ALB - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - register: alb - - - assert: - that: - - alb.changed - - alb.listeners|length == 1 - - alb.availability_zones|length == 2 diff --git a/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml b/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml deleted file mode 100644 index da56a98716b..00000000000 --- a/tests/integration/targets/elb_application_lb/tasks/test_multiple_actions.yml +++ /dev/null @@ -1,447 +0,0 @@ -- block: - - - name: register dummy OIDC config - set_fact: - AuthenticateOidcActionConfig: - AuthorizationEndpoint: "https://www.example.com/auth" - ClientId: "eeeeeeeeeeeeeeeeeeeeeeeeee" - ClientSecret: "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" - Issuer: "https://www.example.com/issuer" - OnUnauthenticatedRequest: "authenticate" - Scope: "openid" - SessionCookieName: "AWSELBAuthSessionCookie" - SessionTimeout: 604800 - TokenEndpoint: "https://www.example.com/token" - UserInfoEndpoint: "https://www.example.com/userinfo" - UseExistingClientSecret: true - - - name: register fixed response action - set_fact: - FixedResponseActionConfig: - ContentType: "text/plain" - MessageBody: "This is the page you're looking for" - StatusCode: "200" - - - name: register redirect action - set_fact: - RedirectActionConfig: - Host: "#{host}" - Path: "/example/redir" # or /#{path} - Port: "#{port}" - Protocol: "#{protocol}" - Query: "#{query}" - StatusCode: "HTTP_302" # or HTTP_301 - - - name: delete existing ALB to avoid target group association issues - elb_application_lb: - name: "{{ alb_name }}" - state: absent - wait: yes - wait_timeout: 600 - - - name: cleanup tg to avoid target group association issues - elb_target_group: - name: "{{ tg_name }}" - protocol: http - port: 80 - vpc_id: "{{ vpc.vpc.id }}" - state: absent - wait: yes - wait_timeout: 600 - register: cleanup_tg - retries: 5 - delay: 3 - until: cleanup_tg is success - - - name: recreate a target group - elb_target_group: - name: "{{ tg_name }}" - protocol: http - port: 80 - vpc_id: "{{ vpc.vpc.id }}" - state: present - register: tg - - - name: create ALB with redirect DefaultAction - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: redirect - RedirectConfig: "{{ RedirectActionConfig }}" - register: alb - - - assert: - that: - - alb.changed - - alb.listeners|length == 1 - - alb.listeners[0].rules[0].actions|length == 1 - - alb.listeners[0].rules[0].actions[0].type == "redirect" - - - name: test idempotence with redirect DefaultAction - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: redirect - RedirectConfig: "{{ RedirectActionConfig }}" - register: alb - - - assert: - that: - - not alb.changed - - alb.listeners|length == 1 - - alb.listeners[0].rules[0].actions|length == 1 - - alb.listeners[0].rules[0].actions[0].type == "redirect" - - - name: update ALB with fixed-response DefaultAction - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: fixed-response - FixedResponseConfig: "{{ FixedResponseActionConfig }}" - register: alb - - - assert: - that: - - alb.changed - - alb.listeners|length == 1 - - alb.listeners[0].rules[0].actions|length == 1 - - alb.listeners[0].rules[0].actions[0].type == "fixed-response" - - - name: test idempotence with fixed-response DefaultAction - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: fixed-response - FixedResponseConfig: "{{ FixedResponseActionConfig }}" - register: alb - - - assert: - that: - - not alb.changed - - alb.listeners|length == 1 - - alb.listeners[0].rules[0].actions|length == 1 - - alb.listeners[0].rules[0].actions[0].type == "fixed-response" - - - name: test multiple non-default rules - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: fixed-response - FixedResponseConfig: "{{ FixedResponseActionConfig }}" - Rules: - - Conditions: - - Field: http-header - HttpHeaderConfig: - HttpHeaderName: 'User-Agent' - Values: ['*Trident/7:0*rv:*'] - - Field: http-header - HttpHeaderConfig: - HttpHeaderName: 'X-Something' - Values: ['foobar'] - Priority: '1' - Actions: - - Type: fixed-response - FixedResponseConfig: - StatusCode: "200" - ContentType: "text/html" - MessageBody: "Hello World!" - - Conditions: - - Field: path-pattern - Values: - - "/forward-path/*" - Priority: 2 - Actions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - - Conditions: - - Field: path-pattern - Values: - - "/redirect-path/*" - Priority: 3 - Actions: - - Type: redirect - RedirectConfig: "{{ RedirectActionConfig }}" - - Conditions: - - Field: path-pattern - Values: - - "/fixed-response-path/" - Priority: 4 - Actions: - - Type: fixed-response - FixedResponseConfig: "{{ FixedResponseActionConfig }}" - register: alb - - - assert: - that: - - alb.changed - - alb.listeners|length == 1 - - alb.listeners[0].rules|length == 5 ## defaultactions is included as a rule - - alb.listeners[0].rules[0].actions|length == 1 - - alb.listeners[0].rules[0].actions[0].type == "fixed-response" - - alb.listeners[0].rules[1].actions|length == 1 - - alb.listeners[0].rules[1].actions[0].type == "forward" - - alb.listeners[0].rules[2].actions|length == 1 - - alb.listeners[0].rules[2].actions[0].type == "redirect" - - alb.listeners[0].rules[3].actions|length == 1 - - alb.listeners[0].rules[3].actions[0].type == "fixed-response" - - - name: test idempotence multiple non-default rules - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: fixed-response - FixedResponseConfig: "{{ FixedResponseActionConfig }}" - Rules: - - Conditions: - - Field: http-header - HttpHeaderConfig: - HttpHeaderName: 'User-Agent' - Values: ['*Trident/7:0*rv:*'] - - Field: http-header - HttpHeaderConfig: - HttpHeaderName: 'X-Something' - Values: ['foobar'] - Priority: '1' - Actions: - - Type: fixed-response - FixedResponseConfig: - StatusCode: "200" - ContentType: "text/html" - MessageBody: "Hello World!" - - Conditions: - - Field: path-pattern - Values: - - "/forward-path/*" - Priority: 2 - Actions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - - Conditions: - - Field: path-pattern - Values: - - "/redirect-path/*" - Priority: 3 - Actions: - - Type: redirect - RedirectConfig: "{{ RedirectActionConfig }}" - - Conditions: - - Field: path-pattern - Values: - - "/fixed-response-path/" - Priority: 4 - Actions: - - Type: fixed-response - FixedResponseConfig: "{{ FixedResponseActionConfig }}" - register: alb - - - assert: - that: - - not alb.changed - - alb.listeners|length == 1 - - alb.listeners[0].rules|length == 5 ## defaultactions is included as a rule - - alb.listeners[0].rules[0].actions|length == 1 - - alb.listeners[0].rules[0].actions[0].type == "fixed-response" - - alb.listeners[0].rules[1].actions|length == 1 - - alb.listeners[0].rules[1].actions[0].type == "forward" - - alb.listeners[0].rules[2].actions|length == 1 - - alb.listeners[0].rules[2].actions[0].type == "redirect" - - alb.listeners[0].rules[3].actions|length == 1 - - alb.listeners[0].rules[3].actions[0].type == "fixed-response" - - -# - name: test creating ALB with a default listener with multiple actions -# elb_application_lb: -# name: "{{ alb_name }}" -# subnets: "{{ alb_subnets }}" -# security_groups: "{{ sec_group.group_id }}" -# state: present -# listeners: -# - Protocol: HTTP -# Port: 80 -# DefaultActions: -# - Type: forward -# TargetGroupName: "{{ tg_name }}" -# Order: 2 -# - Type: authenticate-oidc -# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" -# Order: 1 -# register: alb -# -# - assert: -# that: -# - alb.listeners|length == 1 -# - alb.listeners[0].rules[0].actions|length == 2 -# -# - name: test changing order of actions -# elb_application_lb: -# name: "{{ alb_name }}" -# subnets: "{{ alb_subnets }}" -# security_groups: "{{ sec_group.group_id }}" -# state: present -# listeners: -# - Protocol: HTTP -# Port: 80 -# DefaultActions: -# - Type: authenticate-oidc -# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" -# Order: 1 -# - Type: forward -# TargetGroupName: "{{ tg_name }}" -# Order: 2 -# register: alb -# -# - assert: -# that: -# - not alb.changed -# - alb.listeners|length == 1 -# - alb.listeners[0].rules[0].actions|length == 2 -# -# - name: test non-default rule with multiple actions -# elb_application_lb: -# name: "{{ alb_name }}" -# subnets: "{{ alb_subnets }}" -# security_groups: "{{ sec_group.group_id }}" -# state: present -# listeners: -# - Protocol: HTTP -# Port: 80 -# DefaultActions: -# - Type: authenticate-oidc -# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" -# Order: 1 -# - Type: forward -# TargetGroupName: "{{ tg_name }}" -# Order: 2 -# Rules: -# - Conditions: -# - Field: path-pattern -# Values: -# - "*" -# Priority: 1 -# Actions: -# - Type: forward -# TargetGroupName: "{{ tg_name }}" -# Order: 2 -# - Type: authenticate-oidc -# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" -# Order: 1 -# register: alb -# -# - assert: -# that: -# - alb.changed -# - alb.listeners|length == 1 -# - alb.listeners[0].rules[0].actions|length == 2 -# - alb.listeners[0].rules[1].actions|length == 2 -# -# - name: test idempotency non-default rule with multiple actions -# elb_application_lb: -# name: "{{ alb_name }}" -# subnets: "{{ alb_subnets }}" -# security_groups: "{{ sec_group.group_id }}" -# state: present -# listeners: -# - Protocol: HTTP -# Port: 80 -# DefaultActions: -# - Type: authenticate-oidc -# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" -# Order: 1 -# - Type: forward -# TargetGroupName: "{{ tg_name }}" -# Order: 2 -# Rules: -# - Conditions: -# - Field: path-pattern -# Values: -# - "*" -# Priority: 1 -# Actions: -# - Type: forward -# TargetGroupName: "{{ tg_name }}" -# Order: 2 -# - Type: authenticate-oidc -# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" -# Order: 1 -# register: alb -# -# - assert: -# that: -# - not alb.changed -# - alb.listeners|length == 1 -# - alb.listeners[0].rules[0].actions|length == 2 -# - alb.listeners[0].rules[1].actions|length == 2 -# -# - name: test non-default rule action order change -# elb_application_lb: -# name: "{{ alb_name }}" -# subnets: "{{ alb_subnets }}" -# security_groups: "{{ sec_group.group_id }}" -# state: present -# listeners: -# - Protocol: HTTP -# Port: 80 -# DefaultActions: -# - Type: authenticate-oidc -# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" -# Order: 1 -# - Type: forward -# TargetGroupName: "{{ tg_name }}" -# Order: 2 -# Rules: -# - Conditions: -# - Field: path-pattern -# Values: -# - "*" -# Priority: 1 -# Actions: -# - Type: authenticate-oidc -# AuthenticateOidcConfig: "{{ AuthenticateOidcActionConfig }}" -# Order: 1 -# - Type: forward -# TargetGroupName: "{{ tg_name }}" -# Order: 2 -# register: alb -# -# - assert: -# that: -# - not alb.changed -# - alb.listeners|length == 1 -# - alb.listeners[0].rules[0].actions|length == 2 -# - alb.listeners[0].rules[1].actions|length == 2 From 128c2ae895347718da3b35aba90918367508c6c9 Mon Sep 17 00:00:00 2001 From: Joseph Torcasso Date: Thu, 27 Jan 2022 14:48:32 -0500 Subject: [PATCH 02/13] add changelog --- changelogs/fragments/894-add-check_mode-elb_application_lb.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 changelogs/fragments/894-add-check_mode-elb_application_lb.yml diff --git a/changelogs/fragments/894-add-check_mode-elb_application_lb.yml b/changelogs/fragments/894-add-check_mode-elb_application_lb.yml new file mode 100644 index 00000000000..2cc11a97d1a --- /dev/null +++ b/changelogs/fragments/894-add-check_mode-elb_application_lb.yml @@ -0,0 +1,2 @@ +minor_changes: + - elb_application_lb - add check_mode support and refactor integration tests (https://github.com/ansible-collections/community.aws/pull/894) \ No newline at end of file From 7bc1d503b66e976c8f93c4c13dc99b2d42496843 Mon Sep 17 00:00:00 2001 From: Joseph Torcasso Date: Fri, 28 Jan 2022 15:52:14 -0500 Subject: [PATCH 03/13] remove community.general references --- .../targets/elb_application_lb/tasks/main.yml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/tests/integration/targets/elb_application_lb/tasks/main.yml b/tests/integration/targets/elb_application_lb/tasks/main.yml index 1d7c9544654..a428b15ad87 100644 --- a/tests/integration/targets/elb_application_lb/tasks/main.yml +++ b/tests/integration/targets/elb_application_lb/tasks/main.yml @@ -47,6 +47,7 @@ az: a - cidr: "{{ private_subnet_cidr_2 }}" az: b + register: private_subnets - name: Create public subnets with ipv6 ec2_vpc_subnet: @@ -74,8 +75,8 @@ - name: Create list of subnet ids set_fact: - public_subnets: '{{ vpc_subnets|community.general.json_query(''subnets[?tags.Public == `True`].id'') }}' - private_subnets: '{{ vpc_subnets|community.general.json_query(''subnets[?tags.Public != `True`].id'') }}' + public_subnets: "{{ public_subnets.results | map(attribute='subnet') | map(attribute='id') }}" + private_subnets: "{{ private_subnets.results | map(attribute='subnet') | map(attribute='id') }}" - name: Create a route table ec2_vpc_route_table: @@ -429,7 +430,7 @@ that: - elb is changed - elb.listeners[0].rules | length == 2 - - "'1' in {{ elb.listeners[0] | community.general.json_query('rules[*].priority') }}" + - "'1' in {{ elb.listeners[0].rules | map(attribute='priority') }}" - name: Update an ELB with different listener by adding rule (idempotence) - check_mode elb_application_lb: @@ -487,7 +488,7 @@ that: - elb is not changed - elb.listeners[0].rules | length == 2 - - "'1' in {{ elb.listeners[0] | community.general.json_query('rules[*].priority') }}" + - "'1' in {{ elb.listeners[0].rules | map(attribute='priority') }}" # ------------------------------------------------------------------------------------------ @@ -547,7 +548,7 @@ that: - elb is changed - elb.listeners[0].rules | length == 2 - - "'2' in {{ elb.listeners[0] | community.general.json_query('rules[*].priority') }}" + - "'2' in {{ elb.listeners[0].rules | map(attribute='priority') }}" - name: Update an ELB with different listener by modifying rule (idempotence) - check_mode elb_application_lb: @@ -605,7 +606,7 @@ that: - elb is not changed - elb.listeners[0].rules | length == 2 - - "'2' in {{ elb.listeners[0] | community.general.json_query('rules[*].priority') }}" + - "'2' in {{ elb.listeners[0].rules | map(attribute='priority') }}" # ------------------------------------------------------------------------------------------ @@ -649,7 +650,7 @@ that: - elb is changed - elb.listeners[0].rules | length == 1 - - "'2' not in {{ elb.listeners[0] | community.general.json_query('rules[*].priority') }}" + - "'2' not in {{ elb.listeners[0].rules | map(attribute='priority') }}" - name: Update an ELB with different listener by deleting rule (idempotence) - check_mode elb_application_lb: @@ -691,7 +692,7 @@ that: - elb is not changed - elb.listeners[0].rules | length == 1 - - "'2' not in {{ elb.listeners[0] | community.general.json_query('rules[*].priority') }}" + - "'2' not in {{ elb.listeners[0].rules | map(attribute='priority') }}" # ------------------------------------------------------------------------------------------ From 02e12d42900981a03e2a47b4361b56185e7b1eba Mon Sep 17 00:00:00 2001 From: Joseph Torcasso Date: Mon, 31 Jan 2022 15:15:41 -0500 Subject: [PATCH 04/13] WIP - refactor & add _info tests --- plugins/modules/elb_application_lb_info.py | 18 +- .../targets/elb_application_lb/tasks/main.yml | 7 +- .../elb_application_lb_info/defaults/main.yml | 14 +- .../tasks/full_test.yml | 11 - .../elb_application_lb_info/tasks/main.yml | 241 +++++++++++++++++- .../elb_application_lb_info/tasks/setup.yml | 84 ------ .../tasks/teardown.yml | 83 ------ .../tasks/test_elb_application_lb_info.yml | 41 --- 8 files changed, 262 insertions(+), 237 deletions(-) delete mode 100644 tests/integration/targets/elb_application_lb_info/tasks/full_test.yml delete mode 100644 tests/integration/targets/elb_application_lb_info/tasks/setup.yml delete mode 100644 tests/integration/targets/elb_application_lb_info/tasks/teardown.yml delete mode 100644 tests/integration/targets/elb_application_lb_info/tasks/test_elb_application_lb_info.yml diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index ddac4fe9629..8f42cc422e4 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -37,27 +37,27 @@ EXAMPLES = r''' # Note: These examples do not set authentication details, see the AWS Guide for details. -- name: Gather information about all target groups +- name: Gather information about all ELBs community.aws.elb_application_lb_info: -- name: Gather information about the target group attached to a particular ELB +- name: Gather information about a particular ELB given its ARN community.aws.elb_application_lb_info: load_balancer_arns: - "arn:aws:elasticloadbalancing:ap-southeast-2:001122334455:loadbalancer/app/my-elb/aabbccddeeff" -- name: Gather information about a target groups named 'tg1' and 'tg2' +- name: Gather information about ELBs named 'elb1' and 'elb2' community.aws.elb_application_lb_info: names: - elb1 - elb2 -- name: Gather information about specific ALB +- name: Gather information about specific ELB community.aws.elb_application_lb_info: - names: "alb-name" + names: "elb-name" region: "aws-region" - register: alb_info + register: elb_info - ansible.builtin.debug: - var: alb_info + var: elb_info ''' RETURN = r''' @@ -244,8 +244,8 @@ def list_load_balancers(connection, module): def main(): argument_spec = dict( - load_balancer_arns=dict(type='list', elements='str'), - names=dict(type='list', elements='str') + load_balancer_arns=dict(type='list', elements='str', required='no'), + names=dict(type='list', elements='str', required='no') ) module = AnsibleAWSModule( diff --git a/tests/integration/targets/elb_application_lb/tasks/main.yml b/tests/integration/targets/elb_application_lb/tasks/main.yml index a428b15ad87..d586959a8bf 100644 --- a/tests/integration/targets/elb_application_lb/tasks/main.yml +++ b/tests/integration/targets/elb_application_lb/tasks/main.yml @@ -68,11 +68,6 @@ vpc_ipv6_cidr: "{{ vpc.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('0::/56','1::/64') }}" register: public_subnets - - ec2_vpc_subnet_info: - filters: - vpc-id: '{{ vpc_id }}' - register: vpc_subnets - - name: Create list of subnet ids set_fact: public_subnets: "{{ public_subnets.results | map(attribute='subnet') | map(attribute='id') }}" @@ -125,7 +120,7 @@ state: present register: tg - # ================ elb_application_lb tests =================================================== + # ---------------- elb_application_lb tests --------------------------------------------------- - name: Create an ELB (invalid - SslPolicy is required when Protocol == HTTPS) elb_application_lb: diff --git a/tests/integration/targets/elb_application_lb_info/defaults/main.yml b/tests/integration/targets/elb_application_lb_info/defaults/main.yml index d0c601c6a04..854b7504639 100644 --- a/tests/integration/targets/elb_application_lb_info/defaults/main.yml +++ b/tests/integration/targets/elb_application_lb_info/defaults/main.yml @@ -1,4 +1,14 @@ --- +# defaults file for elb_application_lb_info + resource_short: "{{ '%0.8x'%((16**8) | random(seed=resource_prefix)) }}" -alb_name: "alb-test-{{ resource_short }}" -tg_name: "alb-test-{{ resource_short }}" +elb_name: "elb-test-{{ resource_short }}" +tg_name: "elb-test-{{ resource_short }}" + +vpc_cidr: '10.{{ 256 | random(seed=resource_prefix) }}.0.0/16' + +private_subnet_cidr_1: '10.{{ 256 | random(seed=resource_prefix) }}.1.0/24' +private_subnet_cidr_2: '10.{{ 256 | random(seed=resource_prefix) }}.2.0/24' + +public_subnet_cidr_1: '10.{{ 256 | random(seed=resource_prefix) }}.3.0/24' +public_subnet_cidr_2: '10.{{ 256 | random(seed=resource_prefix) }}.4.0/24' \ No newline at end of file diff --git a/tests/integration/targets/elb_application_lb_info/tasks/full_test.yml b/tests/integration/targets/elb_application_lb_info/tasks/full_test.yml deleted file mode 100644 index 7603a0454ab..00000000000 --- a/tests/integration/targets/elb_application_lb_info/tasks/full_test.yml +++ /dev/null @@ -1,11 +0,0 @@ -- name: elb_application_lb full_test - block: - # setup - - include_tasks: setup.yml - - # Run main tests - - include_tasks: test_elb_application_lb_info.yml - - always: - # Cleanup - - include_tasks: teardown.yml diff --git a/tests/integration/targets/elb_application_lb_info/tasks/main.yml b/tests/integration/targets/elb_application_lb_info/tasks/main.yml index 5d9eb4fe73f..a6a58461f6f 100644 --- a/tests/integration/targets/elb_application_lb_info/tasks/main.yml +++ b/tests/integration/targets/elb_application_lb_info/tasks/main.yml @@ -1,11 +1,250 @@ - name: 'elb_application_lb_info integration tests' collections: - amazon.aws + module_defaults: group/aws: aws_access_key: '{{ aws_access_key }}' aws_secret_key: '{{ aws_secret_key }}' security_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' + block: - - include_tasks: full_test.yml + - name: Create a test VPC + ec2_vpc_net: + cidr_block: "{{ vpc_cidr }}" + name: '{{ resource_prefix }}_vpc' + state: present + ipv6_cidr: true + tags: + Name: elb_application_lb testing + ResourcePrefix: "{{ resource_prefix }}" + register: vpc + + - name: 'Set fact: VPC ID' + set_fact: + vpc_id: "{{ vpc.vpc.id }}" + + - name: Create an internet gateway + ec2_vpc_igw: + vpc_id: '{{ vpc_id }}' + state: present + tags: + Name: '{{ resource_prefix }}' + register: igw + + - name: Create private subnets + ec2_vpc_subnet: + cidr: '{{ item.cidr }}' + az: '{{ aws_region }}{{ item.az }}' + vpc_id: '{{ vpc_id }}' + state: present + tags: + Public: 'False' + Name: 'private-{{ item.az }}' + with_items: + - cidr: "{{ private_subnet_cidr_1 }}" + az: a + - cidr: "{{ private_subnet_cidr_2 }}" + az: b + register: private_subnets + + - name: Create public subnets with ipv6 + ec2_vpc_subnet: + cidr: '{{ item.cidr }}' + az: '{{ aws_region }}{{ item.az }}' + vpc_id: '{{ vpc_id }}' + state: present + ipv6_cidr: '{{ item.vpc_ipv6_cidr }}' + tags: + Public: 'True' + Name: 'public-{{ item.az }}' + with_items: + - cidr: "{{ public_subnet_cidr_1 }}" + az: a + vpc_ipv6_cidr: "{{ vpc.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('0::/56','0::/64') }}" + - cidr: "{{ public_subnet_cidr_2 }}" + az: b + vpc_ipv6_cidr: "{{ vpc.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('0::/56','1::/64') }}" + register: public_subnets + + - name: Create list of subnet ids + set_fact: + public_subnets: "{{ public_subnets.results | map(attribute='subnet') | map(attribute='id') }}" + private_subnets: "{{ private_subnets.results | map(attribute='subnet') | map(attribute='id') }}" + + - name: Create a route table + ec2_vpc_route_table: + vpc_id: '{{ vpc_id }}' + tags: + Name: igw-route + Created: '{{ resource_prefix }}' + subnets: '{{ public_subnets + private_subnets }}' + routes: + - dest: 0.0.0.0/0 + gateway_id: '{{ igw.gateway_id }}' + register: route_table + + - name: Create a security group for Ansible ELB integration tests + ec2_group: + name: '{{ resource_prefix }}' + description: security group for Ansible ELB integration tests + state: present + vpc_id: '{{ vpc_id }}' + rules: + - proto: tcp + from_port: 1 + to_port: 65535 + cidr_ip: 0.0.0.0/0 + register: sec_group + + - name: Create a target group for testing + elb_target_group: + name: '{{ tg_name }}' + protocol: http + port: 80 + vpc_id: '{{ vpc_id }}' + state: present + register: tg + + # ----- elb_application_lb_info tests ------------------------------------------------------ + + - name: Create an ELB with a listener & ip address type + elb_application_lb: + name: "{{ elb_name }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + listeners: + - Protocol: HTTP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ip_address_type: 'dualstack' + register: elb + + - assert: + that: + - elb.changed + - elb.listeners | length == 1 + - elb.listeners[0].rules | length == 1 + - elb.ip_address_type == 'dualstack' + + - name: Get ELB application info using no args + elb_application_lb: + register: elb_app_lb_info + + - assert: + that: + - elb_app_lb_info.load_balancers | length > 0 + + - name: Get ELB application info using load balancer arn + elb_application_lb_info: + load_balancer_arns: + - "{{ elb.load_balancer_arn }}" + register: elb_app_lb_info + + - assert: + that: + - elb_app_lb_info.load_balancers[0].ip_address_type == 'dualstack' + + - name: Get ELB application info using load balancer name + elb_application_lb_info: + names: + - "{{ elb.load_balancer_name }}" + register: elb_app_lb_info + + - assert: + that: + - elb_app_lb_info.load_balancers[0].ip_address_type == 'dualstack' + + # ----- Cleanup ------------------------------------------------------------------------------ + + always: + - name: Destroy ELB + elb_application_lb: + name: '{{ elb_name }}' + state: absent + wait: true + wait_timeout: 600 + ignore_errors: true + + - name: Destroy target group if it was created + elb_target_group: + name: '{{ tg_name }}' + protocol: http + port: 80 + vpc_id: '{{ vpc_id }}' + state: absent + wait: true + wait_timeout: 600 + register: remove_tg + retries: 5 + delay: 3 + until: remove_tg is success + when: tg is defined + ignore_errors: true + + - name: Destroy sec group + ec2_group: + name: "{{ resource_prefix }}" + description: security group for Ansible ELB integration tests + state: absent + vpc_id: '{{ vpc_id }}' + register: remove_sg + retries: 10 + delay: 5 + until: remove_sg is success + ignore_errors: true + + - name: Destroy route table + ec2_vpc_route_table: + vpc_id: '{{ vpc_id }}' + route_table_id: '{{ route_table.route_table.route_table_id }}' + lookup: id + state: absent + register: remove_rt + retries: 10 + delay: 5 + until: remove_rt is success + ignore_errors: true + + - name: Destroy subnets + ec2_vpc_subnet: + cidr: "{{ item }}" + vpc_id: "{{ vpc_id }}" + state: absent + register: remove_subnet + retries: 10 + delay: 5 + until: remove_subnet is success + with_items: + - "{{ private_subnet_cidr_1 }}" + - "{{ private_subnet_cidr_2 }}" + - "{{ public_subnet_cidr_1 }}" + - "{{ public_subnet_cidr_2 }}" + ignore_errors: true + + - name: Destroy internet gateway + ec2_vpc_igw: + vpc_id: '{{ vpc_id }}' + tags: + Name: '{{ resource_prefix }}' + state: absent + register: remove_igw + retries: 10 + delay: 5 + until: remove_igw is success + ignore_errors: true + + - name: Destroy VPC + ec2_vpc_net: + cidr_block: "{{ vpc_cidr }}" + name: "{{ resource_prefix }}_vpc" + state: absent + register: remove_vpc + retries: 10 + delay: 5 + until: remove_vpc is success + ignore_errors: true diff --git a/tests/integration/targets/elb_application_lb_info/tasks/setup.yml b/tests/integration/targets/elb_application_lb_info/tasks/setup.yml deleted file mode 100644 index 26289d230d0..00000000000 --- a/tests/integration/targets/elb_application_lb_info/tasks/setup.yml +++ /dev/null @@ -1,84 +0,0 @@ -- name: elb_application_lb_info setup - block: - - name: create VPC - ec2_vpc_net: - cidr_block: 10.228.228.0/22 - name: '{{ resource_prefix }}_vpc' - state: present - register: vpc - - - name: create internet gateway - ec2_vpc_igw: - vpc_id: '{{ vpc.vpc.id }}' - state: present - tags: - Name: '{{ resource_prefix }}' - register: igw - - - name: create public subnet - ec2_vpc_subnet: - cidr: '{{ item.cidr }}' - az: '{{ aws_region}}{{ item.az }}' - vpc_id: '{{ vpc.vpc.id }}' - state: present - tags: - Public: '{{ item.public|string }}' - Name: '{{ item.public|ternary(''public'', ''private'') }}-{{ item.az }}' - with_items: - - cidr: 10.228.228.0/24 - az: a - public: 'True' - - cidr: 10.228.229.0/24 - az: b - public: 'True' - - cidr: 10.228.230.0/24 - az: a - public: 'False' - - cidr: 10.228.231.0/24 - az: b - public: 'False' - register: subnets - - - ec2_vpc_subnet_info: - filters: - vpc-id: '{{ vpc.vpc.id }}' - register: vpc_subnets - - - name: create list of subnet ids - set_fact: - alb_subnets: "{{ ( vpc_subnets.subnets | selectattr('tags.Public', 'equalto', 'True') | map(attribute='id') | list ) }}" - private_subnets: "{{ ( vpc_subnets.subnets | rejectattr('tags.Public', 'equalto', 'True') | map(attribute='id') | list ) }}" - - - name: create a route table - ec2_vpc_route_table: - vpc_id: '{{ vpc.vpc.id }}' - tags: - Name: igw-route - Created: '{{ resource_prefix }}' - subnets: '{{ alb_subnets + private_subnets }}' - routes: - - dest: 0.0.0.0/0 - gateway_id: '{{ igw.gateway_id }}' - register: route_table - - - ec2_group: - name: '{{ resource_prefix }}' - description: security group for Ansible ALB integration tests - state: present - vpc_id: '{{ vpc.vpc.id }}' - rules: - - proto: tcp - from_port: 1 - to_port: 65535 - cidr_ip: 0.0.0.0/0 - register: sec_group - - - name: create a target group for testing - elb_target_group: - name: '{{ tg_name }}' - protocol: http - port: 80 - vpc_id: '{{ vpc.vpc.id }}' - state: present - register: tg - diff --git a/tests/integration/targets/elb_application_lb_info/tasks/teardown.yml b/tests/integration/targets/elb_application_lb_info/tasks/teardown.yml deleted file mode 100644 index 24326e343a6..00000000000 --- a/tests/integration/targets/elb_application_lb_info/tasks/teardown.yml +++ /dev/null @@ -1,83 +0,0 @@ -- name: elb_application_lb_info teardown - block: - - name: destroy ALB - elb_application_lb: - name: '{{ alb_name }}' - state: absent - wait: true - wait_timeout: 600 - ignore_errors: true - - - name: destroy target group if it was created - elb_target_group: - name: '{{ tg_name }}' - protocol: http - port: 80 - vpc_id: '{{ vpc.vpc.id }}' - state: absent - wait: true - wait_timeout: 600 - register: remove_tg - retries: 5 - delay: 3 - until: remove_tg is success - when: tg is defined - ignore_errors: true - - name: destroy sec group - ec2_group: - name: '{{ sec_group.group_name }}' - description: security group for Ansible ALB integration tests - state: absent - vpc_id: '{{ vpc.vpc.id }}' - register: remove_sg - retries: 10 - delay: 5 - until: remove_sg is success - ignore_errors: true - - name: remove route table - ec2_vpc_route_table: - vpc_id: '{{ vpc.vpc.id }}' - route_table_id: '{{ route_table.route_table.route_table_id }}' - lookup: id - state: absent - register: remove_rt - retries: 10 - delay: 5 - until: remove_rt is success - ignore_errors: true - - name: destroy subnets - ec2_vpc_subnet: - cidr: '{{ item.cidr }}' - vpc_id: '{{ vpc.vpc.id }}' - state: absent - register: remove_subnet - retries: 10 - delay: 5 - until: remove_subnet is success - with_items: - - cidr: 10.228.228.0/24 - - cidr: 10.228.229.0/24 - - cidr: 10.228.230.0/24 - - cidr: 10.228.231.0/24 - ignore_errors: true - - name: destroy internet gateway - ec2_vpc_igw: - vpc_id: '{{ vpc.vpc.id }}' - tags: - Name: '{{ resource_prefix }}' - state: absent - register: remove_igw - retries: 10 - delay: 5 - until: remove_igw is success - ignore_errors: true - - name: destroy VPC - ec2_vpc_net: - cidr_block: 10.228.228.0/22 - name: '{{ resource_prefix }}_vpc' - state: absent - register: remove_vpc - retries: 10 - delay: 5 - until: remove_vpc is success - ignore_errors: true diff --git a/tests/integration/targets/elb_application_lb_info/tasks/test_elb_application_lb_info.yml b/tests/integration/targets/elb_application_lb_info/tasks/test_elb_application_lb_info.yml deleted file mode 100644 index 229ac43001b..00000000000 --- a/tests/integration/targets/elb_application_lb_info/tasks/test_elb_application_lb_info.yml +++ /dev/null @@ -1,41 +0,0 @@ -- block: - - - name: create ALB with a listener - elb_application_lb: - name: "{{ alb_name }}" - subnets: "{{ alb_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - register: alb - - - assert: - that: - - alb.changed - - alb.listeners|length == 1 - - alb.listeners[0].rules|length == 1 - - - name: ELB applicaiton info using load balancer arn - elb_application_lb_info: - load_balancer_arns: - - "{{ alb.load_balancer_arn }}" - register: elb_app_lb_info - - - assert: - that: - - elb_app_lb_info.load_balancers[0].ip_address_type == 'ipv4' - - - name: ELB applicaiton info using load balancer name - elb_application_lb_info: - names: - - "{{ alb.load_balancer_name }}" - register: elb_app_lb_info - - - assert: - that: - - elb_app_lb_info.load_balancers[0].ip_address_type == 'ipv4' From e88c68757980ef2f6070e9a7ffb85f58091de8e4 Mon Sep 17 00:00:00 2001 From: Joseph Torcasso Date: Mon, 31 Jan 2022 15:55:31 -0500 Subject: [PATCH 05/13] fix module name in tests --- plugins/modules/elb_application_lb_info.py | 4 ++-- .../targets/elb_application_lb_info/tasks/main.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index 8f42cc422e4..9ad74d32878 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -244,8 +244,8 @@ def list_load_balancers(connection, module): def main(): argument_spec = dict( - load_balancer_arns=dict(type='list', elements='str', required='no'), - names=dict(type='list', elements='str', required='no') + load_balancer_arns=dict(type='list', elements='str'), + names=dict(type='list', elements='str') ) module = AnsibleAWSModule( diff --git a/tests/integration/targets/elb_application_lb_info/tasks/main.yml b/tests/integration/targets/elb_application_lb_info/tasks/main.yml index a6a58461f6f..47a02d9b8ba 100644 --- a/tests/integration/targets/elb_application_lb_info/tasks/main.yml +++ b/tests/integration/targets/elb_application_lb_info/tasks/main.yml @@ -132,7 +132,7 @@ - elb.ip_address_type == 'dualstack' - name: Get ELB application info using no args - elb_application_lb: + elb_application_lb_info: register: elb_app_lb_info - assert: From fed58c4f3a5fa4df07c359a2f2e8703d47cd712e Mon Sep 17 00:00:00 2001 From: Joseph Torcasso Date: Mon, 31 Jan 2022 16:00:28 -0500 Subject: [PATCH 06/13] update changelog --- changelogs/fragments/894-add-check_mode-elb_application_lb.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/changelogs/fragments/894-add-check_mode-elb_application_lb.yml b/changelogs/fragments/894-add-check_mode-elb_application_lb.yml index 2cc11a97d1a..4c6a4dd935b 100644 --- a/changelogs/fragments/894-add-check_mode-elb_application_lb.yml +++ b/changelogs/fragments/894-add-check_mode-elb_application_lb.yml @@ -1,2 +1,3 @@ minor_changes: - - elb_application_lb - add check_mode support and refactor integration tests (https://github.com/ansible-collections/community.aws/pull/894) \ No newline at end of file + - elb_application_lb - add check_mode support and refactor integration tests (https://github.com/ansible-collections/community.aws/pull/894) + - elb_application_lb_info - update documentation and refactor integration tests (https://github.com/ansible-collections/community.aws/pull/894) \ No newline at end of file From 7235051d4c9482fc754d3a4bf94fef01e6621bf2 Mon Sep 17 00:00:00 2001 From: Joseph Torcasso Date: Wed, 2 Feb 2022 12:06:47 -0500 Subject: [PATCH 07/13] add `waf_fail_open_enabled` to return docs --- plugins/modules/elb_application_lb.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index 80979dbbfb6..bee20148aaa 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -463,6 +463,11 @@ returned: when state is present type: str sample: vpc-0011223344 +waf_fail_open_enabled: + description: Indicates whether to allow a AWS WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. + returned: when state is present + type: bool + sample: false ''' from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule From cf089671de647ba23e2d248c4e40149da0e8fcf5 Mon Sep 17 00:00:00 2001 From: Joseph Torcasso Date: Wed, 2 Feb 2022 12:58:24 -0500 Subject: [PATCH 08/13] move _info tests to main module test suite --- .../targets/elb_application_lb/aliases | 1 + .../targets/elb_application_lb/tasks/main.yml | 39 +++ .../targets/elb_application_lb_info/aliases | 1 - .../elb_application_lb_info/defaults/main.yml | 14 - .../elb_application_lb_info/meta/main.yml | 2 - .../elb_application_lb_info/tasks/main.yml | 250 ------------------ 6 files changed, 40 insertions(+), 267 deletions(-) delete mode 100644 tests/integration/targets/elb_application_lb_info/aliases delete mode 100644 tests/integration/targets/elb_application_lb_info/defaults/main.yml delete mode 100644 tests/integration/targets/elb_application_lb_info/meta/main.yml delete mode 100644 tests/integration/targets/elb_application_lb_info/tasks/main.yml diff --git a/tests/integration/targets/elb_application_lb/aliases b/tests/integration/targets/elb_application_lb/aliases index 500826a1d4f..948352f2013 100644 --- a/tests/integration/targets/elb_application_lb/aliases +++ b/tests/integration/targets/elb_application_lb/aliases @@ -1,2 +1,3 @@ cloud/aws slow +elb_application_lb_info \ No newline at end of file diff --git a/tests/integration/targets/elb_application_lb/tasks/main.yml b/tests/integration/targets/elb_application_lb/tasks/main.yml index d586959a8bf..8e5b6c79498 100644 --- a/tests/integration/targets/elb_application_lb/tasks/main.yml +++ b/tests/integration/targets/elb_application_lb/tasks/main.yml @@ -995,6 +995,45 @@ # ------------------------------------------------------------------------------------------ + - name: Ensure elb_application_lb_info supports check_mode + elb_application_lb_info: + register: elb_info + check_mode: yes + + - assert: + that: + - elb_info.load_balancers | length > 0 + + - name: Get ELB application info using no args + elb_application_lb_info: + register: elb_info + + - assert: + that: + - elb_info.load_balancers | length > 0 + + - name: Get ELB application info using load balancer arn + elb_application_lb_info: + load_balancer_arns: + - "{{ elb.load_balancer_arn }}" + register: elb_info + + - assert: + that: + - elb_info.load_balancers[0].security_groups[0] == sec_group2.group_id + + - name: Get ELB application info using load balancer name + elb_application_lb_info: + names: + - "{{ elb.load_balancer_name }}" + register: elb_info + + - assert: + that: + - elb_info.load_balancers[0].security_groups[0] == sec_group2.group_id + + # ------------------------------------------------------------------------------------------ + - name: Delete an ELB - check_mode elb_application_lb: name: "{{ elb_name }}" diff --git a/tests/integration/targets/elb_application_lb_info/aliases b/tests/integration/targets/elb_application_lb_info/aliases deleted file mode 100644 index 4ef4b2067d0..00000000000 --- a/tests/integration/targets/elb_application_lb_info/aliases +++ /dev/null @@ -1 +0,0 @@ -cloud/aws diff --git a/tests/integration/targets/elb_application_lb_info/defaults/main.yml b/tests/integration/targets/elb_application_lb_info/defaults/main.yml deleted file mode 100644 index 854b7504639..00000000000 --- a/tests/integration/targets/elb_application_lb_info/defaults/main.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# defaults file for elb_application_lb_info - -resource_short: "{{ '%0.8x'%((16**8) | random(seed=resource_prefix)) }}" -elb_name: "elb-test-{{ resource_short }}" -tg_name: "elb-test-{{ resource_short }}" - -vpc_cidr: '10.{{ 256 | random(seed=resource_prefix) }}.0.0/16' - -private_subnet_cidr_1: '10.{{ 256 | random(seed=resource_prefix) }}.1.0/24' -private_subnet_cidr_2: '10.{{ 256 | random(seed=resource_prefix) }}.2.0/24' - -public_subnet_cidr_1: '10.{{ 256 | random(seed=resource_prefix) }}.3.0/24' -public_subnet_cidr_2: '10.{{ 256 | random(seed=resource_prefix) }}.4.0/24' \ No newline at end of file diff --git a/tests/integration/targets/elb_application_lb_info/meta/main.yml b/tests/integration/targets/elb_application_lb_info/meta/main.yml deleted file mode 100644 index 1810d4bec98..00000000000 --- a/tests/integration/targets/elb_application_lb_info/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - setup_remote_tmp_dir diff --git a/tests/integration/targets/elb_application_lb_info/tasks/main.yml b/tests/integration/targets/elb_application_lb_info/tasks/main.yml deleted file mode 100644 index 47a02d9b8ba..00000000000 --- a/tests/integration/targets/elb_application_lb_info/tasks/main.yml +++ /dev/null @@ -1,250 +0,0 @@ -- name: 'elb_application_lb_info integration tests' - collections: - - amazon.aws - - module_defaults: - group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region }}' - - block: - - name: Create a test VPC - ec2_vpc_net: - cidr_block: "{{ vpc_cidr }}" - name: '{{ resource_prefix }}_vpc' - state: present - ipv6_cidr: true - tags: - Name: elb_application_lb testing - ResourcePrefix: "{{ resource_prefix }}" - register: vpc - - - name: 'Set fact: VPC ID' - set_fact: - vpc_id: "{{ vpc.vpc.id }}" - - - name: Create an internet gateway - ec2_vpc_igw: - vpc_id: '{{ vpc_id }}' - state: present - tags: - Name: '{{ resource_prefix }}' - register: igw - - - name: Create private subnets - ec2_vpc_subnet: - cidr: '{{ item.cidr }}' - az: '{{ aws_region }}{{ item.az }}' - vpc_id: '{{ vpc_id }}' - state: present - tags: - Public: 'False' - Name: 'private-{{ item.az }}' - with_items: - - cidr: "{{ private_subnet_cidr_1 }}" - az: a - - cidr: "{{ private_subnet_cidr_2 }}" - az: b - register: private_subnets - - - name: Create public subnets with ipv6 - ec2_vpc_subnet: - cidr: '{{ item.cidr }}' - az: '{{ aws_region }}{{ item.az }}' - vpc_id: '{{ vpc_id }}' - state: present - ipv6_cidr: '{{ item.vpc_ipv6_cidr }}' - tags: - Public: 'True' - Name: 'public-{{ item.az }}' - with_items: - - cidr: "{{ public_subnet_cidr_1 }}" - az: a - vpc_ipv6_cidr: "{{ vpc.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('0::/56','0::/64') }}" - - cidr: "{{ public_subnet_cidr_2 }}" - az: b - vpc_ipv6_cidr: "{{ vpc.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | replace('0::/56','1::/64') }}" - register: public_subnets - - - name: Create list of subnet ids - set_fact: - public_subnets: "{{ public_subnets.results | map(attribute='subnet') | map(attribute='id') }}" - private_subnets: "{{ private_subnets.results | map(attribute='subnet') | map(attribute='id') }}" - - - name: Create a route table - ec2_vpc_route_table: - vpc_id: '{{ vpc_id }}' - tags: - Name: igw-route - Created: '{{ resource_prefix }}' - subnets: '{{ public_subnets + private_subnets }}' - routes: - - dest: 0.0.0.0/0 - gateway_id: '{{ igw.gateway_id }}' - register: route_table - - - name: Create a security group for Ansible ELB integration tests - ec2_group: - name: '{{ resource_prefix }}' - description: security group for Ansible ELB integration tests - state: present - vpc_id: '{{ vpc_id }}' - rules: - - proto: tcp - from_port: 1 - to_port: 65535 - cidr_ip: 0.0.0.0/0 - register: sec_group - - - name: Create a target group for testing - elb_target_group: - name: '{{ tg_name }}' - protocol: http - port: 80 - vpc_id: '{{ vpc_id }}' - state: present - register: tg - - # ----- elb_application_lb_info tests ------------------------------------------------------ - - - name: Create an ELB with a listener & ip address type - elb_application_lb: - name: "{{ elb_name }}" - subnets: "{{ public_subnets }}" - security_groups: "{{ sec_group.group_id }}" - state: present - listeners: - - Protocol: HTTP - Port: 80 - DefaultActions: - - Type: forward - TargetGroupName: "{{ tg_name }}" - ip_address_type: 'dualstack' - register: elb - - - assert: - that: - - elb.changed - - elb.listeners | length == 1 - - elb.listeners[0].rules | length == 1 - - elb.ip_address_type == 'dualstack' - - - name: Get ELB application info using no args - elb_application_lb_info: - register: elb_app_lb_info - - - assert: - that: - - elb_app_lb_info.load_balancers | length > 0 - - - name: Get ELB application info using load balancer arn - elb_application_lb_info: - load_balancer_arns: - - "{{ elb.load_balancer_arn }}" - register: elb_app_lb_info - - - assert: - that: - - elb_app_lb_info.load_balancers[0].ip_address_type == 'dualstack' - - - name: Get ELB application info using load balancer name - elb_application_lb_info: - names: - - "{{ elb.load_balancer_name }}" - register: elb_app_lb_info - - - assert: - that: - - elb_app_lb_info.load_balancers[0].ip_address_type == 'dualstack' - - # ----- Cleanup ------------------------------------------------------------------------------ - - always: - - name: Destroy ELB - elb_application_lb: - name: '{{ elb_name }}' - state: absent - wait: true - wait_timeout: 600 - ignore_errors: true - - - name: Destroy target group if it was created - elb_target_group: - name: '{{ tg_name }}' - protocol: http - port: 80 - vpc_id: '{{ vpc_id }}' - state: absent - wait: true - wait_timeout: 600 - register: remove_tg - retries: 5 - delay: 3 - until: remove_tg is success - when: tg is defined - ignore_errors: true - - - name: Destroy sec group - ec2_group: - name: "{{ resource_prefix }}" - description: security group for Ansible ELB integration tests - state: absent - vpc_id: '{{ vpc_id }}' - register: remove_sg - retries: 10 - delay: 5 - until: remove_sg is success - ignore_errors: true - - - name: Destroy route table - ec2_vpc_route_table: - vpc_id: '{{ vpc_id }}' - route_table_id: '{{ route_table.route_table.route_table_id }}' - lookup: id - state: absent - register: remove_rt - retries: 10 - delay: 5 - until: remove_rt is success - ignore_errors: true - - - name: Destroy subnets - ec2_vpc_subnet: - cidr: "{{ item }}" - vpc_id: "{{ vpc_id }}" - state: absent - register: remove_subnet - retries: 10 - delay: 5 - until: remove_subnet is success - with_items: - - "{{ private_subnet_cidr_1 }}" - - "{{ private_subnet_cidr_2 }}" - - "{{ public_subnet_cidr_1 }}" - - "{{ public_subnet_cidr_2 }}" - ignore_errors: true - - - name: Destroy internet gateway - ec2_vpc_igw: - vpc_id: '{{ vpc_id }}' - tags: - Name: '{{ resource_prefix }}' - state: absent - register: remove_igw - retries: 10 - delay: 5 - until: remove_igw is success - ignore_errors: true - - - name: Destroy VPC - ec2_vpc_net: - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}_vpc" - state: absent - register: remove_vpc - retries: 10 - delay: 5 - until: remove_vpc is success - ignore_errors: true From 6443f6d3dc6346dace118c5ad76465767525eb13 Mon Sep 17 00:00:00 2001 From: Joseph Torcasso Date: Thu, 3 Feb 2022 15:45:00 -0500 Subject: [PATCH 09/13] update DOCUMENTATION and RETURN sections --- plugins/modules/elb_application_lb.py | 73 +++++++++---- plugins/modules/elb_application_lb_info.py | 116 +++++++++++++++++---- 2 files changed, 152 insertions(+), 37 deletions(-) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index bee20148aaa..fffaf1a8620 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -315,27 +315,32 @@ description: The name of the S3 bucket for the access logs. returned: when state is present type: str - sample: mys3bucket + sample: "mys3bucket" access_logs_s3_enabled: description: Indicates whether access logs stored in Amazon S3 are enabled. returned: when state is present - type: str + type: bool sample: true access_logs_s3_prefix: description: The prefix for the location in the S3 bucket. returned: when state is present type: str - sample: my/logs + sample: "my/logs" availability_zones: description: The Availability Zones for the load balancer. returned: when state is present type: list - sample: "[{'subnet_id': 'subnet-aabbccddff', 'zone_name': 'ap-southeast-2a'}]" + sample: [{ "load_balancer_addresses": [], "subnet_id": "subnet-aabbccddff", "zone_name": "ap-southeast-2a" }] canonical_hosted_zone_id: description: The ID of the Amazon Route 53 hosted zone associated with the load balancer. returned: when state is present type: str - sample: ABCDEF12345678 + sample: "ABCDEF12345678" +changed: + description: Whether an ELB was created/updated/deleted + returned: always + type: bool + sample: true created_time: description: The date and time the load balancer was created. returned: when state is present @@ -344,23 +349,28 @@ deletion_protection_enabled: description: Indicates whether deletion protection is enabled. returned: when state is present - type: str + type: bool sample: true dns_name: description: The public DNS name of the load balancer. returned: when state is present type: str - sample: internal-my-elb-123456789.ap-southeast-2.elb.amazonaws.com + sample: "internal-my-elb-123456789.ap-southeast-2.elb.amazonaws.com" +failed: + description: Indicates whether or not the action has failed. + returned: always + type: bool + sample: false idle_timeout_timeout_seconds: description: The idle timeout value, in seconds. returned: when state is present type: int sample: 60 ip_address_type: - description: The type of IP addresses used by the subnets for the load balancer. + description: The type of IP addresses used by the subnets for the load balancer. returned: when state is present type: str - sample: ipv4 + sample: "ipv4" listeners: description: Information about the listeners. returned: when state is present @@ -385,7 +395,7 @@ description: The protocol for connections from clients to the load balancer. returned: when state is present type: str - sample: HTTPS + sample: "HTTPS" certificates: description: The SSL server certificate. returned: when state is present @@ -420,22 +430,47 @@ description: The Amazon Resource Name (ARN) of the load balancer. returned: when state is present type: str - sample: arn:aws:elasticloadbalancing:ap-southeast-2:0123456789:loadbalancer/app/my-elb/001122334455 + sample: "arn:aws:elasticloadbalancing:ap-southeast-2:0123456789:loadbalancer/app/my-elb/001122334455" load_balancer_name: description: The name of the load balancer. returned: when state is present type: str - sample: my-elb + sample: "my-elb" +resource_actions: + description: List of AWS actions performed. + returned: always + type: list + sample: ["elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers"] routing_http2_enabled: description: Indicates whether HTTP/2 is enabled. returned: when state is present - type: str + type: bool sample: true +routing_http_desync_mitigation_mode: + description: Determines how the load balancer handles requests that might pose a security risk to an application. + returned: when state is present + type: str + sample: "defensive" +routing_http_drop_invalid_header_fields_enabled: + description: Indicates whether HTTP headers with invalid header fields are removed by the load balancer (true) or routed to targets (false). + returned: when state is present + type: bool + sample: false +routing_http_x_amzn_tls_version_and_cipher_suite_enabled: + description: Indicates whether the two headers are added to the client request before sending it to the target. + returned: when state is present + type: bool + sample: false +routing_http_xff_client_port_enabled: + description: Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer. + returned: when state is present + type: bool + sample: false scheme: description: Internet-facing or internal load balancer. returned: when state is present type: str - sample: internal + sample: "internal" security_groups: description: The IDs of the security groups for the load balancer. returned: when state is present @@ -445,24 +480,24 @@ description: The state of the load balancer. returned: when state is present type: dict - sample: "{'code': 'active'}" + sample: {'code': 'active'} tags: description: The tags attached to the load balancer. returned: when state is present type: dict - sample: "{ + sample: { 'Tag': 'Example' - }" + } type: description: The type of load balancer. returned: when state is present type: str - sample: application + sample: "application" vpc_id: description: The ID of the VPC for the load balancer. returned: when state is present type: str - sample: vpc-0011223344 + sample: "vpc-0011223344" waf_fail_open_enabled: description: Indicates whether to allow a AWS WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. returned: when state is present diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index 9ad74d32878..379e133ac82 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -69,55 +69,131 @@ access_logs_s3_bucket: description: The name of the S3 bucket for the access logs. type: str - sample: mys3bucket + sample: "mys3bucket" access_logs_s3_enabled: description: Indicates whether access logs stored in Amazon S3 are enabled. - type: str + type: bool sample: true access_logs_s3_prefix: description: The prefix for the location in the S3 bucket. type: str - sample: /my/logs + sample: "my/logs" availability_zones: description: The Availability Zones for the load balancer. type: list - sample: "[{'subnet_id': 'subnet-aabbccddff', 'zone_name': 'ap-southeast-2a'}]" + sample: [{ "load_balancer_addresses": [], "subnet_id": "subnet-aabbccddff", "zone_name": "ap-southeast-2a" }] canonical_hosted_zone_id: description: The ID of the Amazon Route 53 hosted zone associated with the load balancer. type: str - sample: ABCDEF12345678 + sample: "ABCDEF12345678" + changed: + description: Whether an ELB was created/updated/deleted + type: bool + sample: true created_time: description: The date and time the load balancer was created. type: str sample: "2015-02-12T02:14:02+00:00" deletion_protection_enabled: description: Indicates whether deletion protection is enabled. - type: str + type: bool sample: true dns_name: description: The public DNS name of the load balancer. type: str - sample: internal-my-elb-123456789.ap-southeast-2.elb.amazonaws.com + sample: "internal-my-elb-123456789.ap-southeast-2.elb.amazonaws.com" + failed: + description: Indicates whether or not the action has failed. + type: bool + sample: false idle_timeout_timeout_seconds: description: The idle timeout value, in seconds. - type: str + type: int sample: 60 ip_address_type: - description: The type of IP addresses used by the subnets for the load balancer. + description: The type of IP addresses used by the subnets for the load balancer. type: str - sample: ipv4 + sample: "ipv4" + listeners: + description: Information about the listeners. + type: complex + contains: + listener_arn: + description: The Amazon Resource Name (ARN) of the listener. + type: str + sample: "" + load_balancer_arn: + description: The Amazon Resource Name (ARN) of the load balancer. + type: str + sample: "" + port: + description: The port on which the load balancer is listening. + type: int + sample: 80 + protocol: + description: The protocol for connections from clients to the load balancer. + type: str + sample: "HTTPS" + certificates: + description: The SSL server certificate. + type: complex + contains: + certificate_arn: + description: The Amazon Resource Name (ARN) of the certificate. + type: str + sample: "" + ssl_policy: + description: The security policy that defines which ciphers and protocols are supported. + type: str + sample: "" + default_actions: + description: The default actions for the listener. + type: str + contains: + type: + description: The type of action. + type: str + sample: "" + target_group_arn: + description: The Amazon Resource Name (ARN) of the target group. + type: str + sample: "" load_balancer_arn: description: The Amazon Resource Name (ARN) of the load balancer. type: str - sample: arn:aws:elasticloadbalancing:ap-southeast-2:0123456789:loadbalancer/app/my-elb/001122334455 + sample: "arn:aws:elasticloadbalancing:ap-southeast-2:0123456789:loadbalancer/app/my-elb/001122334455" load_balancer_name: description: The name of the load balancer. type: str - sample: my-elb + sample: "my-elb" + resource_actions: + description: List of AWS actions performed. + type: list + sample: ["elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers"] + routing_http2_enabled: + description: Indicates whether HTTP/2 is enabled. + type: bool + sample: true + routing_http_desync_mitigation_mode: + description: Determines how the load balancer handles requests that might pose a security risk to an application. + type: str + sample: "defensive" + routing_http_drop_invalid_header_fields_enabled: + description: Indicates whether HTTP headers with invalid header fields are removed by the load balancer (true) or routed to targets (false). + type: bool + sample: false + routing_http_x_amzn_tls_version_and_cipher_suite_enabled: + description: Indicates whether the two headers are added to the client request before sending it to the target. + type: bool + sample: false + routing_http_xff_client_port_enabled: + description: Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer. + type: bool + sample: false scheme: description: Internet-facing or internal load balancer. type: str - sample: internal + sample: "internal" security_groups: description: The IDs of the security groups for the load balancer. type: list @@ -125,21 +201,25 @@ state: description: The state of the load balancer. type: dict - sample: "{'code': 'active'}" + sample: {'code': 'active'} tags: description: The tags attached to the load balancer. type: dict - sample: "{ + sample: { 'Tag': 'Example' - }" + } type: description: The type of load balancer. type: str - sample: application + sample: "application" vpc_id: description: The ID of the VPC for the load balancer. type: str - sample: vpc-0011223344 + sample: "vpc-0011223344" + waf_fail_open_enabled: + description: Indicates whether to allow a AWS WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. + type: bool + sample: false ''' try: From c0f0f518fb0a17bce79d8fa20ea378f2245f0874 Mon Sep 17 00:00:00 2001 From: Joseph Torcasso Date: Thu, 3 Feb 2022 16:56:35 -0500 Subject: [PATCH 10/13] fix sanity check error --- plugins/modules/elb_application_lb_info.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index 379e133ac82..96b1fe8b5cd 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -217,7 +217,8 @@ type: str sample: "vpc-0011223344" waf_fail_open_enabled: - description: Indicates whether to allow a AWS WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. + description: Indicates whether to allow a AWS WAF-enabled load balancer to route requests to targets + if it is unable to forward the request to AWS WAF. type: bool sample: false ''' From 25c959acc471cc44c43794361cc1cefd631a5c11 Mon Sep 17 00:00:00 2001 From: Joseph Torcasso Date: Fri, 4 Feb 2022 10:39:22 -0500 Subject: [PATCH 11/13] remove `resource_actions` from RETURN --- plugins/modules/elb_application_lb.py | 5 ----- plugins/modules/elb_application_lb_info.py | 4 ---- 2 files changed, 9 deletions(-) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index fffaf1a8620..7611ba3fce4 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -436,11 +436,6 @@ returned: when state is present type: str sample: "my-elb" -resource_actions: - description: List of AWS actions performed. - returned: always - type: list - sample: ["elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers"] routing_http2_enabled: description: Indicates whether HTTP/2 is enabled. returned: when state is present diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index 96b1fe8b5cd..07631f05617 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -166,10 +166,6 @@ description: The name of the load balancer. type: str sample: "my-elb" - resource_actions: - description: List of AWS actions performed. - type: list - sample: ["elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers"] routing_http2_enabled: description: Indicates whether HTTP/2 is enabled. type: bool From 2da4cce3e495ce7b9986b5932a15357c14761210 Mon Sep 17 00:00:00 2001 From: Joseph Torcasso Date: Fri, 4 Feb 2022 10:57:41 -0500 Subject: [PATCH 12/13] remove more unnecessary parameters in RETURN --- plugins/modules/elb_application_lb.py | 5 ----- plugins/modules/elb_application_lb_info.py | 8 -------- 2 files changed, 13 deletions(-) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index 7611ba3fce4..113f8e3a684 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -356,11 +356,6 @@ returned: when state is present type: str sample: "internal-my-elb-123456789.ap-southeast-2.elb.amazonaws.com" -failed: - description: Indicates whether or not the action has failed. - returned: always - type: bool - sample: false idle_timeout_timeout_seconds: description: The idle timeout value, in seconds. returned: when state is present diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index 07631f05617..7faba868f01 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -86,10 +86,6 @@ description: The ID of the Amazon Route 53 hosted zone associated with the load balancer. type: str sample: "ABCDEF12345678" - changed: - description: Whether an ELB was created/updated/deleted - type: bool - sample: true created_time: description: The date and time the load balancer was created. type: str @@ -102,10 +98,6 @@ description: The public DNS name of the load balancer. type: str sample: "internal-my-elb-123456789.ap-southeast-2.elb.amazonaws.com" - failed: - description: Indicates whether or not the action has failed. - type: bool - sample: false idle_timeout_timeout_seconds: description: The idle timeout value, in seconds. type: int From e3d21ec913b2d4246be597a53d8607bd502e344d Mon Sep 17 00:00:00 2001 From: Joseph Torcasso Date: Mon, 7 Feb 2022 15:31:50 -0500 Subject: [PATCH 13/13] retain ALB naming --- plugins/modules/elb_application_lb.py | 184 +++--- plugins/modules/elb_application_lb_info.py | 44 +- .../elb_application_lb/defaults/main.yml | 4 +- .../targets/elb_application_lb/tasks/main.yml | 544 +++++++++--------- 4 files changed, 388 insertions(+), 388 deletions(-) diff --git a/plugins/modules/elb_application_lb.py b/plugins/modules/elb_application_lb.py index 113f8e3a684..32c0f28bd95 100644 --- a/plugins/modules/elb_application_lb.py +++ b/plugins/modules/elb_application_lb.py @@ -48,7 +48,7 @@ type: str deletion_protection: description: - - Indicates whether deletion protection for the ELB is enabled. + - Indicates whether deletion protection for the ALB is enabled. - Defaults to C(false). type: bool http2: @@ -62,7 +62,7 @@ type: int listeners: description: - - A list of dicts containing listeners to attach to the ELB. See examples for detail of the dict required. Note that listener keys + - A list of dicts containing listeners to attach to the ALB. See examples for detail of the dict required. Note that listener keys are CamelCased. type: list elements: dict @@ -102,7 +102,7 @@ type: list elements: dict description: - - A list of ELB Listener Rules. + - A list of ALB Listener Rules. - 'For the complete documentation of possible Conditions and Actions please see the boto3 documentation:' - 'https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/elbv2.html#ElasticLoadBalancingv2.Client.create_rule' suboptions: @@ -123,7 +123,7 @@ type: str purge_listeners: description: - - If C(yes), existing listeners will be purged from the ELB to match exactly what is defined by I(listeners) parameter. + - If C(yes), existing listeners will be purged from the ALB to match exactly what is defined by I(listeners) parameter. - If the I(listeners) parameter is not set then listeners will not be modified. default: yes type: bool @@ -149,7 +149,7 @@ elements: str scheme: description: - - Internet-facing or internal load balancer. An ELB scheme can not be modified after creation. + - Internet-facing or internal load balancer. An ALB scheme can not be modified after creation. default: internet-facing choices: [ 'internet-facing', 'internal' ] type: str @@ -195,9 +195,9 @@ EXAMPLES = r''' # Note: These examples do not set authentication details, see the AWS Guide for details. -# Create an ELB and attach a listener +# Create an ALB and attach a listener - community.aws.elb_application_lb: - name: myelb + name: myalb security_groups: - sg-12345678 - my-sec-group @@ -216,12 +216,12 @@ TargetGroupName: # Required. The name of the target group state: present -# Create an ELB and attach a listener with logging enabled +# Create an ALB and attach a listener with logging enabled - community.aws.elb_application_lb: access_logs_enabled: yes access_logs_s3_bucket: mybucket access_logs_s3_prefix: "logs" - name: myelb + name: myalb security_groups: - sg-12345678 - my-sec-group @@ -240,9 +240,9 @@ TargetGroupName: # Required. The name of the target group state: present -# Create an ELB with listeners and rules +# Create an ALB with listeners and rules - community.aws.elb_application_lb: - name: test-elb + name: test-alb subnets: - subnet-12345678 - subnet-87654321 @@ -303,9 +303,9 @@ Type: forward state: present -# Remove an ELB +# Remove an ALB - community.aws.elb_application_lb: - name: myelb + name: myalb state: absent ''' @@ -337,7 +337,7 @@ type: str sample: "ABCDEF12345678" changed: - description: Whether an ELB was created/updated/deleted + description: Whether an ALB was created/updated/deleted returned: always type: bool sample: true @@ -425,12 +425,12 @@ description: The Amazon Resource Name (ARN) of the load balancer. returned: when state is present type: str - sample: "arn:aws:elasticloadbalancing:ap-southeast-2:0123456789:loadbalancer/app/my-elb/001122334455" + sample: "arn:aws:elasticloadbalancing:ap-southeast-2:0123456789:loadbalancer/app/my-alb/001122334455" load_balancer_name: description: The name of the load balancer. returned: when state is present type: str - sample: "my-elb" + sample: "my-alb" routing_http2_enabled: description: Indicates whether HTTP/2 is enabled. returned: when state is present @@ -509,170 +509,170 @@ from ansible_collections.amazon.aws.plugins.module_utils.elb_utils import get_elb_listener_rules -def create_or_update_elb(elb_obj): - """Create ELB or modify main attributes. json_exit here""" - if elb_obj.elb: - # ELB exists so check subnets, security groups and tags match what has been passed +def create_or_update_alb(alb_obj): + """Create ALB or modify main attributes. json_exit here""" + if alb_obj.elb: + # ALB exists so check subnets, security groups and tags match what has been passed # Subnets - if not elb_obj.compare_subnets(): - if elb_obj.module.check_mode: - elb_obj.module.exit_json(changed=True, msg='Would have updated ELB if not in check mode.') - elb_obj.modify_subnets() + if not alb_obj.compare_subnets(): + if alb_obj.module.check_mode: + alb_obj.module.exit_json(changed=True, msg='Would have updated ALB if not in check mode.') + alb_obj.modify_subnets() # Security Groups - if not elb_obj.compare_security_groups(): - if elb_obj.module.check_mode: - elb_obj.module.exit_json(changed=True, msg='Would have updated ELB if not in check mode.') - elb_obj.modify_security_groups() + if not alb_obj.compare_security_groups(): + if alb_obj.module.check_mode: + alb_obj.module.exit_json(changed=True, msg='Would have updated ALB if not in check mode.') + alb_obj.modify_security_groups() # Tags - only need to play with tags if tags parameter has been set to something - if elb_obj.tags is not None: + if alb_obj.tags is not None: - tags_need_modify, tags_to_delete = compare_aws_tags(boto3_tag_list_to_ansible_dict(elb_obj.elb['tags']), - boto3_tag_list_to_ansible_dict(elb_obj.tags), elb_obj.purge_tags) + tags_need_modify, tags_to_delete = compare_aws_tags(boto3_tag_list_to_ansible_dict(alb_obj.elb['tags']), + boto3_tag_list_to_ansible_dict(alb_obj.tags), alb_obj.purge_tags) # Exit on check_mode - if elb_obj.module.check_mode and (tags_need_modify or tags_to_delete): - elb_obj.module.exit_json(changed=True, msg='Would have updated ELB if not in check mode.') + if alb_obj.module.check_mode and (tags_need_modify or tags_to_delete): + alb_obj.module.exit_json(changed=True, msg='Would have updated ALB if not in check mode.') # Delete necessary tags if tags_to_delete: - elb_obj.delete_tags(tags_to_delete) + alb_obj.delete_tags(tags_to_delete) # Add/update tags if tags_need_modify: - elb_obj.modify_tags() + alb_obj.modify_tags() else: # Create load balancer - if elb_obj.module.check_mode: - elb_obj.module.exit_json(changed=True, msg='Would have created ELB if not in check mode.') - elb_obj.create_elb() + if alb_obj.module.check_mode: + alb_obj.module.exit_json(changed=True, msg='Would have created ALB if not in check mode.') + alb_obj.create_elb() - # ELB attributes - elb_obj.update_elb_attributes() - elb_obj.modify_elb_attributes() + # ALB attributes + alb_obj.update_elb_attributes() + alb_obj.modify_elb_attributes() # Listeners - listeners_obj = ELBListeners(elb_obj.connection, elb_obj.module, elb_obj.elb['LoadBalancerArn']) + listeners_obj = ELBListeners(alb_obj.connection, alb_obj.module, alb_obj.elb['LoadBalancerArn']) listeners_to_add, listeners_to_modify, listeners_to_delete = listeners_obj.compare_listeners() # Exit on check_mode - if elb_obj.module.check_mode and (listeners_to_add or listeners_to_modify or listeners_to_delete): - elb_obj.module.exit_json(changed=True, msg='Would have updated ELB if not in check mode.') + if alb_obj.module.check_mode and (listeners_to_add or listeners_to_modify or listeners_to_delete): + alb_obj.module.exit_json(changed=True, msg='Would have updated ALB if not in check mode.') # Delete listeners for listener_to_delete in listeners_to_delete: - listener_obj = ELBListener(elb_obj.connection, elb_obj.module, listener_to_delete, elb_obj.elb['LoadBalancerArn']) + listener_obj = ELBListener(alb_obj.connection, alb_obj.module, listener_to_delete, alb_obj.elb['LoadBalancerArn']) listener_obj.delete() listeners_obj.changed = True # Add listeners for listener_to_add in listeners_to_add: - listener_obj = ELBListener(elb_obj.connection, elb_obj.module, listener_to_add, elb_obj.elb['LoadBalancerArn']) + listener_obj = ELBListener(alb_obj.connection, alb_obj.module, listener_to_add, alb_obj.elb['LoadBalancerArn']) listener_obj.add() listeners_obj.changed = True # Modify listeners for listener_to_modify in listeners_to_modify: - listener_obj = ELBListener(elb_obj.connection, elb_obj.module, listener_to_modify, elb_obj.elb['LoadBalancerArn']) + listener_obj = ELBListener(alb_obj.connection, alb_obj.module, listener_to_modify, alb_obj.elb['LoadBalancerArn']) listener_obj.modify() listeners_obj.changed = True - # If listeners changed, mark ELB as changed + # If listeners changed, mark ALB as changed if listeners_obj.changed: - elb_obj.changed = True + alb_obj.changed = True # Rules of each listener for listener in listeners_obj.listeners: if 'Rules' in listener: - rules_obj = ELBListenerRules(elb_obj.connection, elb_obj.module, elb_obj.elb['LoadBalancerArn'], listener['Rules'], listener['Port']) + rules_obj = ELBListenerRules(alb_obj.connection, alb_obj.module, alb_obj.elb['LoadBalancerArn'], listener['Rules'], listener['Port']) rules_to_add, rules_to_modify, rules_to_delete = rules_obj.compare_rules() # Exit on check_mode - if elb_obj.module.check_mode and (rules_to_add or rules_to_modify or rules_to_delete): - elb_obj.module.exit_json(changed=True, msg='Would have updated ELB if not in check mode.') + if alb_obj.module.check_mode and (rules_to_add or rules_to_modify or rules_to_delete): + alb_obj.module.exit_json(changed=True, msg='Would have updated ALB if not in check mode.') # Delete rules - if elb_obj.module.params['purge_rules']: + if alb_obj.module.params['purge_rules']: for rule in rules_to_delete: - rule_obj = ELBListenerRule(elb_obj.connection, elb_obj.module, {'RuleArn': rule}, rules_obj.listener_arn) + rule_obj = ELBListenerRule(alb_obj.connection, alb_obj.module, {'RuleArn': rule}, rules_obj.listener_arn) rule_obj.delete() - elb_obj.changed = True + alb_obj.changed = True # Add rules for rule in rules_to_add: - rule_obj = ELBListenerRule(elb_obj.connection, elb_obj.module, rule, rules_obj.listener_arn) + rule_obj = ELBListenerRule(alb_obj.connection, alb_obj.module, rule, rules_obj.listener_arn) rule_obj.create() - elb_obj.changed = True + alb_obj.changed = True # Modify rules for rule in rules_to_modify: - rule_obj = ELBListenerRule(elb_obj.connection, elb_obj.module, rule, rules_obj.listener_arn) + rule_obj = ELBListenerRule(alb_obj.connection, alb_obj.module, rule, rules_obj.listener_arn) rule_obj.modify() - elb_obj.changed = True + alb_obj.changed = True - # Update ELB ip address type only if option has been provided - if elb_obj.module.params.get('ip_address_type') and elb_obj.elb_ip_addr_type != elb_obj.module.params.get('ip_address_type'): + # Update ALB ip address type only if option has been provided + if alb_obj.module.params.get('ip_address_type') and alb_obj.elb_ip_addr_type != alb_obj.module.params.get('ip_address_type'): # Exit on check_mode - if elb_obj.module.check_mode: - elb_obj.module.exit_json(changed=True, msg='Would have updated ELB if not in check mode.') + if alb_obj.module.check_mode: + alb_obj.module.exit_json(changed=True, msg='Would have updated ALB if not in check mode.') - elb_obj.modify_ip_address_type(elb_obj.module.params.get('ip_address_type')) + alb_obj.modify_ip_address_type(alb_obj.module.params.get('ip_address_type')) # Exit on check_mode - no changes - if elb_obj.module.check_mode: - elb_obj.module.exit_json(changed=False, msg='IN CHECK MODE - no changes to make to ELB specified.') + if alb_obj.module.check_mode: + alb_obj.module.exit_json(changed=False, msg='IN CHECK MODE - no changes to make to ALB specified.') - # Get the ELB again - elb_obj.update() + # Get the ALB again + alb_obj.update() - # Get the ELB listeners again + # Get the ALB listeners again listeners_obj.update() - # Update the ELB attributes - elb_obj.update_elb_attributes() + # Update the ALB attributes + alb_obj.update_elb_attributes() # Convert to snake_case and merge in everything we want to return to the user - snaked_elb = camel_dict_to_snake_dict(elb_obj.elb) - snaked_elb.update(camel_dict_to_snake_dict(elb_obj.elb_attributes)) - snaked_elb['listeners'] = [] + snaked_alb = camel_dict_to_snake_dict(alb_obj.elb) + snaked_alb.update(camel_dict_to_snake_dict(alb_obj.elb_attributes)) + snaked_alb['listeners'] = [] for listener in listeners_obj.current_listeners: # For each listener, get listener rules - listener['rules'] = get_elb_listener_rules(elb_obj.connection, elb_obj.module, listener['ListenerArn']) - snaked_elb['listeners'].append(camel_dict_to_snake_dict(listener)) + listener['rules'] = get_elb_listener_rules(alb_obj.connection, alb_obj.module, listener['ListenerArn']) + snaked_alb['listeners'].append(camel_dict_to_snake_dict(listener)) # Change tags to ansible friendly dict - snaked_elb['tags'] = boto3_tag_list_to_ansible_dict(snaked_elb['tags']) + snaked_alb['tags'] = boto3_tag_list_to_ansible_dict(snaked_alb['tags']) # ip address type - snaked_elb['ip_address_type'] = elb_obj.get_elb_ip_address_type() + snaked_alb['ip_address_type'] = alb_obj.get_elb_ip_address_type() - elb_obj.module.exit_json(changed=elb_obj.changed, **snaked_elb) + alb_obj.module.exit_json(changed=alb_obj.changed, **snaked_alb) -def delete_elb(elb_obj): +def delete_alb(alb_obj): - if elb_obj.elb: + if alb_obj.elb: # Exit on check_mode - if elb_obj.module.check_mode: - elb_obj.module.exit_json(changed=True, msg='Would have deleted ELB if not in check mode.') + if alb_obj.module.check_mode: + alb_obj.module.exit_json(changed=True, msg='Would have deleted ALB if not in check mode.') - listeners_obj = ELBListeners(elb_obj.connection, elb_obj.module, elb_obj.elb['LoadBalancerArn']) + listeners_obj = ELBListeners(alb_obj.connection, alb_obj.module, alb_obj.elb['LoadBalancerArn']) for listener_to_delete in [i['ListenerArn'] for i in listeners_obj.current_listeners]: - listener_obj = ELBListener(elb_obj.connection, elb_obj.module, listener_to_delete, elb_obj.elb['LoadBalancerArn']) + listener_obj = ELBListener(alb_obj.connection, alb_obj.module, listener_to_delete, alb_obj.elb['LoadBalancerArn']) listener_obj.delete() - elb_obj.delete() + alb_obj.delete() else: # Exit on check_mode - no changes - if elb_obj.module.check_mode: - elb_obj.module.exit_json(changed=False, msg='IN CHECK MODE - ELB already absent.') + if alb_obj.module.check_mode: + alb_obj.module.exit_json(changed=False, msg='IN CHECK MODE - ALB already absent.') - elb_obj.module.exit_json(changed=elb_obj.changed) + alb_obj.module.exit_json(changed=alb_obj.changed) def main(): @@ -736,12 +736,12 @@ def main(): state = module.params.get("state") - elb = ApplicationLoadBalancer(connection, connection_ec2, module) + alb = ApplicationLoadBalancer(connection, connection_ec2, module) if state == 'present': - create_or_update_elb(elb) + create_or_update_alb(alb) elif state == 'absent': - delete_elb(elb) + delete_alb(alb) if __name__ == '__main__': diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index 7faba868f01..d1de312df11 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -10,9 +10,9 @@ --- module: elb_application_lb_info version_added: 1.0.0 -short_description: Gather information about application ELBs in AWS +short_description: Gather information about Application Load Balancers in AWS description: - - Gather information about application ELBs in AWS + - Gather information about Application Load Balancers in AWS author: Rob White (@wimnat) options: load_balancer_arns: @@ -37,27 +37,27 @@ EXAMPLES = r''' # Note: These examples do not set authentication details, see the AWS Guide for details. -- name: Gather information about all ELBs +- name: Gather information about all ALBs community.aws.elb_application_lb_info: -- name: Gather information about a particular ELB given its ARN +- name: Gather information about a particular ALB given its ARN community.aws.elb_application_lb_info: load_balancer_arns: - - "arn:aws:elasticloadbalancing:ap-southeast-2:001122334455:loadbalancer/app/my-elb/aabbccddeeff" + - "arn:aws:elasticloadbalancing:ap-southeast-2:001122334455:loadbalancer/app/my-alb/aabbccddeeff" -- name: Gather information about ELBs named 'elb1' and 'elb2' +- name: Gather information about ALBs named 'alb1' and 'alb2' community.aws.elb_application_lb_info: names: - - elb1 - - elb2 + - alb1 + - alb2 -- name: Gather information about specific ELB +- name: Gather information about specific ALB community.aws.elb_application_lb_info: - names: "elb-name" + names: "alb-name" region: "aws-region" - register: elb_info + register: alb_info - ansible.builtin.debug: - var: elb_info + var: alb_info ''' RETURN = r''' @@ -97,7 +97,7 @@ dns_name: description: The public DNS name of the load balancer. type: str - sample: "internal-my-elb-123456789.ap-southeast-2.elb.amazonaws.com" + sample: "internal-my-alb-123456789.ap-southeast-2.elb.amazonaws.com" idle_timeout_timeout_seconds: description: The idle timeout value, in seconds. type: int @@ -153,11 +153,11 @@ load_balancer_arn: description: The Amazon Resource Name (ARN) of the load balancer. type: str - sample: "arn:aws:elasticloadbalancing:ap-southeast-2:0123456789:loadbalancer/app/my-elb/001122334455" + sample: "arn:aws:elasticloadbalancing:ap-southeast-2:0123456789:loadbalancer/app/my-alb/001122334455" load_balancer_name: description: The name of the load balancer. type: str - sample: "my-elb" + sample: "my-alb" routing_http2_enabled: description: Indicates whether HTTP/2 is enabled. type: bool @@ -223,12 +223,12 @@ from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict -def get_elb_listeners(connection, module, elb_arn): +def get_alb_listeners(connection, module, alb_arn): try: - return connection.describe_listeners(LoadBalancerArn=elb_arn)['Listeners'] + return connection.describe_listeners(LoadBalancerArn=alb_arn)['Listeners'] except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Failed to describe elb listeners") + module.fail_json_aws(e, msg="Failed to describe alb listeners") def get_listener_rules(connection, module, listener_arn): @@ -287,17 +287,17 @@ def list_load_balancers(connection, module): module.fail_json_aws(e, msg="Failed to list load balancers") for load_balancer in load_balancers['LoadBalancers']: - # Get the attributes for each elb + # Get the attributes for each alb load_balancer.update(get_load_balancer_attributes(connection, module, load_balancer['LoadBalancerArn'])) - # Get the listeners for each elb - load_balancer['listeners'] = get_elb_listeners(connection, module, load_balancer['LoadBalancerArn']) + # Get the listeners for each alb + load_balancer['listeners'] = get_alb_listeners(connection, module, load_balancer['LoadBalancerArn']) # For each listener, get listener rules for listener in load_balancer['listeners']: listener['rules'] = get_listener_rules(connection, module, listener['ListenerArn']) - # Get ELB ip address type + # Get ALB ip address type load_balancer['IpAddressType'] = get_load_balancer_ipaddresstype(connection, module, load_balancer['LoadBalancerArn']) # Turn the boto3 result in to ansible_friendly_snaked_names diff --git a/tests/integration/targets/elb_application_lb/defaults/main.yml b/tests/integration/targets/elb_application_lb/defaults/main.yml index 001da8af9de..20ced9d88ae 100644 --- a/tests/integration/targets/elb_application_lb/defaults/main.yml +++ b/tests/integration/targets/elb_application_lb/defaults/main.yml @@ -2,8 +2,8 @@ # defaults file for elb_application_lb resource_short: "{{ '%0.8x'%((16**8) | random(seed=resource_prefix)) }}" -elb_name: "elb-test-{{ resource_short }}" -tg_name: "elb-test-{{ resource_short }}" +alb_name: "alb-test-{{ resource_short }}" +tg_name: "alb-test-{{ resource_short }}" vpc_cidr: '10.{{ 256 | random(seed=resource_prefix) }}.0.0/16' diff --git a/tests/integration/targets/elb_application_lb/tasks/main.yml b/tests/integration/targets/elb_application_lb/tasks/main.yml index 8e5b6c79498..169ef5b16dd 100644 --- a/tests/integration/targets/elb_application_lb/tasks/main.yml +++ b/tests/integration/targets/elb_application_lb/tasks/main.yml @@ -85,10 +85,10 @@ gateway_id: '{{ igw.gateway_id }}' register: route_table - - name: Create a security group for Ansible ELB integration tests + - name: Create a security group for Ansible ALB integration tests ec2_group: name: '{{ resource_prefix }}' - description: security group for Ansible ELB integration tests + description: security group for Ansible ALB integration tests state: present vpc_id: '{{ vpc_id }}' rules: @@ -98,10 +98,10 @@ cidr_ip: 0.0.0.0/0 register: sec_group - - name: Create another security group for Ansible ELB integration tests + - name: Create another security group for Ansible ALB integration tests ec2_group: name: '{{ resource_prefix }}-2' - description: security group for Ansible ELB integration tests + description: security group for Ansible ALB integration tests state: present vpc_id: '{{ vpc_id }}' rules: @@ -122,9 +122,9 @@ # ---------------- elb_application_lb tests --------------------------------------------------- - - name: Create an ELB (invalid - SslPolicy is required when Protocol == HTTPS) + - name: Create an ALB (invalid - SslPolicy is required when Protocol == HTTPS) elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present @@ -135,32 +135,32 @@ - Type: forward TargetGroupName: "{{ tg_name }}" ignore_errors: yes - register: elb + register: alb - assert: that: - - elb is failed - - elb.msg is match("'SslPolicy' is a required listener dict key when Protocol = HTTPS") + - alb is failed + - alb.msg is match("'SslPolicy' is a required listener dict key when Protocol = HTTPS") - - name: Create an ELB (invalid - didn't provide required listener options) + - name: Create an ALB (invalid - didn't provide required listener options) elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present listeners: - Port: 80 ignore_errors: yes - register: elb + register: alb - assert: that: - - elb is failed - - elb.msg is match("missing required arguments:\ DefaultActions, Protocol found in listeners") + - alb is failed + - alb.msg is match("missing required arguments:\ DefaultActions, Protocol found in listeners") - - name: Create an ELB (invalid - providing an invalid listener option type) + - name: Create an ALB (invalid - invalid listener option type) elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present @@ -171,16 +171,16 @@ - Type: forward TargetGroupName: "{{ tg_name }}" ignore_errors: yes - register: elb + register: alb - assert: that: - - elb is failed - - "'unable to convert to int' in elb.msg" + - alb is failed + - "'unable to convert to int' in alb.msg" - - name: test creating an ELB with invalid ip address type + - name: Create an ALB (invalid - invalid ip address type) elb_application_lb: - name: "{{ elb_name_ipv6 }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present @@ -192,17 +192,17 @@ TargetGroupName: "{{ tg_name }}" ip_address_type: "ip_addr_v4_v6" ignore_errors: yes - register: elb + register: alb - assert: that: - - elb is failed + - alb is failed # ------------------------------------------------------------------------------------------ - - name: Create an ELB with ip address type - check_mode + - name: Create an ALB with ip address type - check_mode elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present @@ -213,17 +213,17 @@ - Type: forward TargetGroupName: "{{ tg_name }}" ip_address_type: 'dualstack' - register: elb + register: alb check_mode: yes - assert: that: - - elb is changed - - elb.msg is match('Would have created ELB if not in check mode.') + - alb is changed + - alb.msg is match('Would have created ALB if not in check mode.') - - name: Create an ELB with ip address type + - name: Create an ALB with ip address type elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present @@ -234,17 +234,17 @@ - Type: forward TargetGroupName: "{{ tg_name }}" ip_address_type: 'dualstack' - register: elb + register: alb - assert: that: - - elb is changed - - elb.ip_address_type == 'dualstack' - - elb.listeners[0].rules | length == 1 + - alb is changed + - alb.ip_address_type == 'dualstack' + - alb.listeners[0].rules | length == 1 - - name: Create an ELB with ip address type (idempotence) - check_mode + - name: Create an ALB with ip address type (idempotence) - check_mode elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present @@ -255,17 +255,17 @@ - Type: forward TargetGroupName: "{{ tg_name }}" ip_address_type: 'dualstack' - register: elb + register: alb check_mode: yes - assert: that: - - elb is not changed - - elb.msg is match('IN CHECK MODE - no changes to make to ELB specified.') + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') - - name: Create an ELB with ip address type (idempotence) + - name: Create an ALB with ip address type (idempotence) elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present @@ -276,18 +276,18 @@ - Type: forward TargetGroupName: "{{ tg_name }}" ip_address_type: 'dualstack' - register: elb + register: alb - assert: that: - - elb is not changed - - elb.ip_address_type == 'dualstack' + - alb is not changed + - alb.ip_address_type == 'dualstack' # ------------------------------------------------------------------------------------------ - - name: Update an ELB with different ip address type - check_mode + - name: Update an ALB with different ip address type - check_mode elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present @@ -298,17 +298,17 @@ - Type: forward TargetGroupName: "{{ tg_name }}" ip_address_type: 'ipv4' - register: elb + register: alb check_mode: yes - assert: that: - - elb is changed - - elb.msg is match('Would have updated ELB if not in check mode.') + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') - - name: Update an ELB with different ip address type + - name: Update an ALB with different ip address type elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present @@ -319,16 +319,16 @@ - Type: forward TargetGroupName: "{{ tg_name }}" ip_address_type: 'ipv4' - register: elb + register: alb - assert: that: - - elb is changed - - elb.ip_address_type == 'ipv4' + - alb is changed + - alb.ip_address_type == 'ipv4' - - name: Update an ELB with different ip address type (idempotence) - check_mode + - name: Update an ALB with different ip address type (idempotence) - check_mode elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present @@ -339,17 +339,17 @@ - Type: forward TargetGroupName: "{{ tg_name }}" ip_address_type: 'ipv4' - register: elb + register: alb check_mode: yes - assert: that: - - elb is not changed - - elb.msg is match('IN CHECK MODE - no changes to make to ELB specified.') + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') - - name: Update an ELB with different ip address type (idempotence) + - name: Update an ALB with different ip address type (idempotence) elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present @@ -360,18 +360,18 @@ - Type: forward TargetGroupName: "{{ tg_name }}" ip_address_type: 'ipv4' - register: elb + register: alb - assert: that: - - elb is not changed - - elb.ip_address_type == 'ipv4' + - alb is not changed + - alb.ip_address_type == 'ipv4' # ------------------------------------------------------------------------------------------ - - name: Update an ELB with different listener by adding rule - check_mode + - name: Update an ALB with different listener by adding rule - check_mode elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present @@ -390,17 +390,17 @@ Actions: - TargetGroupName: "{{ tg_name }}" Type: forward - register: elb + register: alb check_mode: yes - assert: that: - - elb is changed - - elb.msg is match('Would have updated ELB if not in check mode.') + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') - - name: Update an ELB with different listener by adding rule + - name: Update an ALB with different listener by adding rule elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present @@ -419,17 +419,17 @@ Actions: - TargetGroupName: "{{ tg_name }}" Type: forward - register: elb + register: alb - assert: that: - - elb is changed - - elb.listeners[0].rules | length == 2 - - "'1' in {{ elb.listeners[0].rules | map(attribute='priority') }}" + - alb is changed + - alb.listeners[0].rules | length == 2 + - "'1' in {{ alb.listeners[0].rules | map(attribute='priority') }}" - - name: Update an ELB with different listener by adding rule (idempotence) - check_mode + - name: Update an ALB with different listener by adding rule (idempotence) - check_mode elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present @@ -448,17 +448,17 @@ Actions: - TargetGroupName: "{{ tg_name }}" Type: forward - register: elb + register: alb check_mode: yes - assert: that: - - elb is not changed - - elb.msg is match('IN CHECK MODE - no changes to make to ELB specified.') + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') - - name: Update an ELB with different listener by adding rule (idempotence) + - name: Update an ALB with different listener by adding rule (idempotence) elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present @@ -477,19 +477,19 @@ Actions: - TargetGroupName: "{{ tg_name }}" Type: forward - register: elb + register: alb - assert: that: - - elb is not changed - - elb.listeners[0].rules | length == 2 - - "'1' in {{ elb.listeners[0].rules | map(attribute='priority') }}" + - alb is not changed + - alb.listeners[0].rules | length == 2 + - "'1' in {{ alb.listeners[0].rules | map(attribute='priority') }}" # ------------------------------------------------------------------------------------------ - - name: Update an ELB with different listener by modifying rule - check_mode + - name: Update an ALB with different listener by modifying rule - check_mode elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present @@ -508,17 +508,17 @@ Actions: - TargetGroupName: "{{ tg_name }}" Type: forward - register: elb + register: alb check_mode: yes - assert: that: - - elb is changed - - elb.msg is match('Would have updated ELB if not in check mode.') + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') - - name: Update an ELB with different listener by modifying rule + - name: Update an ALB with different listener by modifying rule elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present @@ -537,17 +537,17 @@ Actions: - TargetGroupName: "{{ tg_name }}" Type: forward - register: elb + register: alb - assert: that: - - elb is changed - - elb.listeners[0].rules | length == 2 - - "'2' in {{ elb.listeners[0].rules | map(attribute='priority') }}" + - alb is changed + - alb.listeners[0].rules | length == 2 + - "'2' in {{ alb.listeners[0].rules | map(attribute='priority') }}" - - name: Update an ELB with different listener by modifying rule (idempotence) - check_mode + - name: Update an ALB with different listener by modifying rule (idempotence) - check_mode elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present @@ -566,17 +566,17 @@ Actions: - TargetGroupName: "{{ tg_name }}" Type: forward - register: elb + register: alb check_mode: yes - assert: that: - - elb is not changed - - elb.msg is match('IN CHECK MODE - no changes to make to ELB specified.') + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') - - name: Update an ELB with different listener by modifying rule (idempotence) + - name: Update an ALB with different listener by modifying rule (idempotence) elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present @@ -595,19 +595,19 @@ Actions: - TargetGroupName: "{{ tg_name }}" Type: forward - register: elb + register: alb - assert: that: - - elb is not changed - - elb.listeners[0].rules | length == 2 - - "'2' in {{ elb.listeners[0].rules | map(attribute='priority') }}" + - alb is not changed + - alb.listeners[0].rules | length == 2 + - "'2' in {{ alb.listeners[0].rules | map(attribute='priority') }}" # ------------------------------------------------------------------------------------------ - - name: Update an ELB with different listener by deleting rule - check_mode + - name: Update an ALB with different listener by deleting rule - check_mode elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present @@ -618,17 +618,17 @@ - Type: forward TargetGroupName: "{{ tg_name }}" Rules: [] - register: elb + register: alb check_mode: yes - assert: that: - - elb is changed - - elb.msg is match('Would have updated ELB if not in check mode.') + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') - - name: Update an ELB with different listener by deleting rule + - name: Update an ALB with different listener by deleting rule elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present @@ -639,17 +639,17 @@ - Type: forward TargetGroupName: "{{ tg_name }}" Rules: [] - register: elb + register: alb - assert: that: - - elb is changed - - elb.listeners[0].rules | length == 1 - - "'2' not in {{ elb.listeners[0].rules | map(attribute='priority') }}" + - alb is changed + - alb.listeners[0].rules | length == 1 + - "'2' not in {{ alb.listeners[0].rules | map(attribute='priority') }}" - - name: Update an ELB with different listener by deleting rule (idempotence) - check_mode + - name: Update an ALB with different listener by deleting rule (idempotence) - check_mode elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present @@ -660,17 +660,17 @@ - Type: forward TargetGroupName: "{{ tg_name }}" Rules: [] - register: elb + register: alb check_mode: yes - assert: that: - - elb is not changed - - elb.msg is match('IN CHECK MODE - no changes to make to ELB specified.') + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') - - name: Update an ELB with different listener by deleting rule (idempotence) + - name: Update an ALB with different listener by deleting rule (idempotence) elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present @@ -681,409 +681,409 @@ - Type: forward TargetGroupName: "{{ tg_name }}" Rules: [] - register: elb + register: alb - assert: that: - - elb is not changed - - elb.listeners[0].rules | length == 1 - - "'2' not in {{ elb.listeners[0].rules | map(attribute='priority') }}" + - alb is not changed + - alb.listeners[0].rules | length == 1 + - "'2' not in {{ alb.listeners[0].rules | map(attribute='priority') }}" # ------------------------------------------------------------------------------------------ - - name: Update an ELB by deleting listener - check_mode + - name: Update an ALB by deleting listener - check_mode elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present listeners: [] - register: elb + register: alb check_mode: yes - assert: that: - - elb is changed - - elb.msg is match('Would have updated ELB if not in check mode.') + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') - - name: Update an ELB by deleting listener + - name: Update an ALB by deleting listener elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present listeners: [] - register: elb + register: alb - assert: that: - - elb is changed - - not elb.listeners + - alb is changed + - not alb.listeners - - name: Update an ELB by deleting listener (idempotence) - check_mode + - name: Update an ALB by deleting listener (idempotence) - check_mode elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present listeners: [] - register: elb + register: alb check_mode: yes - assert: that: - - elb is not changed - - elb.msg is match('IN CHECK MODE - no changes to make to ELB specified.') + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') - - name: Update an ELB by deleting listener (idempotence) + - name: Update an ALB by deleting listener (idempotence) elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present listeners: [] - register: elb + register: alb - assert: that: - - elb is not changed - - not elb.listeners + - alb is not changed + - not alb.listeners # ------------------------------------------------------------------------------------------ - - name: Update an ELB by adding tags - check_mode + - name: Update an ALB by adding tags - check_mode elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present tags: - created_by: "ELB test {{ resource_prefix }}" - register: elb + created_by: "ALB test {{ resource_prefix }}" + register: alb check_mode: yes - assert: that: - - elb is changed - - elb.msg is match('Would have updated ELB if not in check mode.') + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') - - name: Update an ELB by adding tags + - name: Update an ALB by adding tags elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present tags: - created_by: "ELB test {{ resource_prefix }}" - register: elb + created_by: "ALB test {{ resource_prefix }}" + register: alb - assert: that: - - elb is changed - - 'elb.tags == {"created_by": "ELB test {{ resource_prefix }}"}' + - alb is changed + - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}"}' - - name: Update an ELB by adding tags (idempotence) - check_mode + - name: Update an ALB by adding tags (idempotence) - check_mode elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present tags: - created_by: "ELB test {{ resource_prefix }}" - register: elb + created_by: "ALB test {{ resource_prefix }}" + register: alb check_mode: yes - assert: that: - - elb is not changed - - elb.msg is match('IN CHECK MODE - no changes to make to ELB specified.') + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') - - name: Update an ELB by adding tags (idempotence) + - name: Update an ALB by adding tags (idempotence) elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present tags: - created_by: "ELB test {{ resource_prefix }}" - register: elb + created_by: "ALB test {{ resource_prefix }}" + register: alb - assert: that: - - elb is not changed - - 'elb.tags == {"created_by": "ELB test {{ resource_prefix }}"}' + - alb is not changed + - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}"}' # ------------------------------------------------------------------------------------------ - - name: Update an ELB by modifying tags - check_mode + - name: Update an ALB by modifying tags - check_mode elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present tags: - created_by: "ELB test {{ resource_prefix }}-2" - register: elb + created_by: "ALB test {{ resource_prefix }}-2" + register: alb check_mode: yes - assert: that: - - elb is changed - - elb.msg is match('Would have updated ELB if not in check mode.') + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') - - name: Update an ELB by modifying tags + - name: Update an ALB by modifying tags elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present tags: - created_by: "ELB test {{ resource_prefix }}-2" - register: elb + created_by: "ALB test {{ resource_prefix }}-2" + register: alb - assert: that: - - elb is changed - - 'elb.tags == {"created_by": "ELB test {{ resource_prefix }}-2"}' + - alb is changed + - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}-2"}' - - name: Update an ELB by modifying tags (idempotence) - check_mode + - name: Update an ALB by modifying tags (idempotence) - check_mode elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present tags: - created_by: "ELB test {{ resource_prefix }}-2" - register: elb + created_by: "ALB test {{ resource_prefix }}-2" + register: alb check_mode: yes - assert: that: - - elb is not changed - - elb.msg is match('IN CHECK MODE - no changes to make to ELB specified.') + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') - - name: Update an ELB by modifying tags (idempotence) + - name: Update an ALB by modifying tags (idempotence) elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present tags: - created_by: "ELB test {{ resource_prefix }}-2" - register: elb + created_by: "ALB test {{ resource_prefix }}-2" + register: alb - assert: that: - - elb is not changed - - 'elb.tags == {"created_by": "ELB test {{ resource_prefix }}-2"}' + - alb is not changed + - 'alb.tags == {"created_by": "ALB test {{ resource_prefix }}-2"}' # ------------------------------------------------------------------------------------------ - - name: Update an ELB by removing tags - check_mode + - name: Update an ALB by removing tags - check_mode elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present tags: {} - register: elb + register: alb check_mode: yes - assert: that: - - elb is changed - - elb.msg is match('Would have updated ELB if not in check mode.') + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') - - name: Update an ELB by removing tags + - name: Update an ALB by removing tags elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present tags: {} - register: elb + register: alb - assert: that: - - elb is changed - - not elb.tags + - alb is changed + - not alb.tags - - name: Update an ELB by removing tags (idempotence) - check_mode + - name: Update an ALB by removing tags (idempotence) - check_mode elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present tags: {} - register: elb + register: alb check_mode: yes - assert: that: - - elb is not changed - - elb.msg is match('IN CHECK MODE - no changes to make to ELB specified.') + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') - - name: Update an ELB by removing tags (idempotence) + - name: Update an ALB by removing tags (idempotence) elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group.group_id }}" state: present tags: {} - register: elb + register: alb - assert: that: - - elb is not changed - - not elb.tags + - alb is not changed + - not alb.tags # ------------------------------------------------------------------------------------------ - - name: Update an ELB by changing security group - check_mode + - name: Update an ALB by changing security group - check_mode elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group2.group_id }}" state: present - register: elb + register: alb check_mode: yes - assert: that: - - elb is changed - - elb.msg is match('Would have updated ELB if not in check mode.') + - alb is changed + - alb.msg is match('Would have updated ALB if not in check mode.') - - name: Update an ELB by changing security group + - name: Update an ALB by changing security group elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group2.group_id }}" state: present - register: elb + register: alb - assert: that: - - elb is changed - - elb.security_groups[0] == sec_group2.group_id + - alb is changed + - alb.security_groups[0] == sec_group2.group_id - - name: Update an ELB by changing security group (idempotence) - check_mode + - name: Update an ALB by changing security group (idempotence) - check_mode elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group2.group_id }}" state: present - register: elb + register: alb check_mode: yes - assert: that: - - elb is not changed - - elb.msg is match('IN CHECK MODE - no changes to make to ELB specified.') + - alb is not changed + - alb.msg is match('IN CHECK MODE - no changes to make to ALB specified.') - - name: Update an ELB by changing security group (idempotence) + - name: Update an ALB by changing security group (idempotence) elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" subnets: "{{ public_subnets }}" security_groups: "{{ sec_group2.group_id }}" state: present - register: elb + register: alb - assert: that: - - elb is not changed - - elb.security_groups[0] == sec_group2.group_id + - alb is not changed + - alb.security_groups[0] == sec_group2.group_id # ------------------------------------------------------------------------------------------ - name: Ensure elb_application_lb_info supports check_mode elb_application_lb_info: - register: elb_info + register: alb_info check_mode: yes - assert: that: - - elb_info.load_balancers | length > 0 + - alb_info.load_balancers | length > 0 - - name: Get ELB application info using no args + - name: Get ALB application info using no args elb_application_lb_info: - register: elb_info + register: alb_info - assert: that: - - elb_info.load_balancers | length > 0 + - alb_info.load_balancers | length > 0 - - name: Get ELB application info using load balancer arn + - name: Get ALB application info using load balancer arn elb_application_lb_info: load_balancer_arns: - - "{{ elb.load_balancer_arn }}" - register: elb_info + - "{{ alb.load_balancer_arn }}" + register: alb_info - assert: that: - - elb_info.load_balancers[0].security_groups[0] == sec_group2.group_id + - alb_info.load_balancers[0].security_groups[0] == sec_group2.group_id - - name: Get ELB application info using load balancer name + - name: Get ALB application info using load balancer name elb_application_lb_info: names: - - "{{ elb.load_balancer_name }}" - register: elb_info + - "{{ alb.load_balancer_name }}" + register: alb_info - assert: that: - - elb_info.load_balancers[0].security_groups[0] == sec_group2.group_id + - alb_info.load_balancers[0].security_groups[0] == sec_group2.group_id # ------------------------------------------------------------------------------------------ - - name: Delete an ELB - check_mode + - name: Delete an ALB - check_mode elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" state: absent - register: elb + register: alb check_mode: yes - assert: that: - - elb is changed - - elb.msg is match('Would have deleted ELB if not in check mode.') + - alb is changed + - alb.msg is match('Would have deleted ALB if not in check mode.') - - name: Delete an ELB + - name: Delete an ALB elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" state: absent - register: elb + register: alb - assert: that: - - elb is changed + - alb is changed - - name: Delete an ELB (idempotence) - check_mode + - name: Delete an ALB (idempotence) - check_mode elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" state: absent - register: elb + register: alb check_mode: yes - assert: that: - - elb is not changed - - elb.msg is match('IN CHECK MODE - ELB already absent.') + - alb is not changed + - alb.msg is match('IN CHECK MODE - ALB already absent.') - - name: Delete an ELB (idempotence) + - name: Delete an ALB (idempotence) elb_application_lb: - name: "{{ elb_name }}" + name: "{{ alb_name }}" state: absent - register: elb + register: alb - assert: that: - - elb is not changed + - alb is not changed # ----- Cleanup ------------------------------------------------------------------------------ always: - - name: Destroy ELB + - name: Destroy ALB elb_application_lb: - name: '{{ elb_name }}' + name: '{{ alb_name }}' state: absent wait: true wait_timeout: 600 @@ -1108,7 +1108,7 @@ - name: Destroy sec groups ec2_group: name: "{{ item }}" - description: security group for Ansible ELB integration tests + description: security group for Ansible ALB integration tests state: absent vpc_id: '{{ vpc_id }}' register: remove_sg