Merge pull request #2327 from abikouo/promote_ec2_vpc_egress_igw_2024…

…1008_v2 DNM - Migrate modules ec2_vpc_egress_igw and tests
ansible-collections · Oct 24, 2024 · 1d89abc · 1d89abc
2 parents ccc76b2 + f76958a
commit 1d89abc
Show file tree

Hide file tree

Showing 5 changed files with 477 additions and 0 deletions.
diff --git a/changelogs/fragments/migrate_ec2_vpc_egress_igw.yml b/changelogs/fragments/migrate_ec2_vpc_egress_igw.yml
@@ -0,0 +1,5 @@
+---
+major_changes:
+  - ec2_vpc_egress_igw - The module has been migrated from the ``community.aws`` collection.
+    Playbooks using the Fully Qualified Collection Name for this module should be
+    updated to use ``amazon.aws.ec2_vpc_egress_igw`` (https://api.github.com/repos/ansible-collections/amazon.aws/pulls/2327).
diff --git a/meta/runtime.yml b/meta/runtime.yml
@@ -58,6 +58,7 @@ action_groups:
     - ec2_vol_info
     - ec2_vpc_dhcp_option
     - ec2_vpc_dhcp_option_info
+    - ec2_vpc_egress_igw
     - ec2_vpc_egress_igw_info
     - ec2_vpc_endpoint
     - ec2_vpc_endpoint_info

diff --git a/plugins/modules/ec2_vpc_egress_igw.py b/plugins/modules/ec2_vpc_egress_igw.py
@@ -0,0 +1,232 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2017 Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+DOCUMENTATION = r"""
+---
+module: ec2_vpc_egress_igw
+version_added: 1.0.0
+version_added_collection: community.aws
+short_description: Manage an AWS VPC Egress Only Internet gateway
+description:
+  - Manage an AWS VPC Egress Only Internet gateway
+author:
+  - Daniel Shepherd (@shepdelacreme)
+options:
+  vpc_id:
+    description:
+      - The VPC ID for the VPC that this Egress Only Internet Gateway should be attached.
+    required: true
+    type: str
+  state:
+    description:
+      - Create or delete the EIGW.
+    default: present
+    choices: [ 'present', 'absent' ]
+    type: str
+notes:
+  - Support for O(tags) and O(purge_tags) was added in release 9.0.0.
+extends_documentation_fragment:
+  - amazon.aws.common.modules
+  - amazon.aws.region.modules
+  - amazon.aws.boto3
+  - amazon.aws.tags.modules
+"""
+
+EXAMPLES = r"""
+# Note: These examples do not set authentication details, see the AWS Guide for details.
+
+# Ensure that the VPC has an Internet Gateway.
+# The Internet Gateway ID is can be accessed via {{eigw.gateway_id}} for use in setting up NATs etc.
+- name: Create Egress internet only gateway
+  amazon.aws.ec2_vpc_egress_igw:
+    vpc_id: vpc-abcdefgh
+    state: present
+
+- name: Delete Egress internet only gateway
+  amazon.aws.ec2_vpc_egress_igw:
+    vpc_id: vpc-abcdefgh
+    state: absent
+"""
+
+RETURN = r"""
+gateway_id:
+    description: The ID of the Egress Only Internet Gateway or Null.
+    returned: always
+    type: str
+    sample: "eigw-0e00cf111ba5bc11e"
+vpc_id:
+    description: The ID of the VPC to attach or detach gateway from.
+    returned: always
+    type: str
+    sample: "vpc-012345678"
+tags:
+    description: Any tags assigned to the internet gateway.
+    returned: always
+    type: dict
+"""
+
+from typing import Any
+from typing import Dict
+from typing import Optional
+from typing import Union
+
+from ansible.module_utils.common.dict_transformations import camel_dict_to_snake_dict
+
+from ansible_collections.amazon.aws.plugins.module_utils.ec2 import AnsibleEC2Error
+from ansible_collections.amazon.aws.plugins.module_utils.ec2 import create_egress_only_internet_gateway
+from ansible_collections.amazon.aws.plugins.module_utils.ec2 import delete_egress_only_internet_gateway
+from ansible_collections.amazon.aws.plugins.module_utils.ec2 import describe_egress_only_internet_gateways
+from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ensure_ec2_tags
+from ansible_collections.amazon.aws.plugins.module_utils.modules import AnsibleAWSModule
+from ansible_collections.amazon.aws.plugins.module_utils.tagging import boto3_tag_list_to_ansible_dict
+
+
+def delete_eigw(module: AnsibleAWSModule, connection, eigw_id: str) -> Dict[str, Union[str, bool]]:
+    """
+    Delete EIGW.
+
+    module     : AnsibleAWSModule object
+    connection : boto3 client connection object
+    eigw_id    : ID of the EIGW to delete
+    """
+
+    vpc_id = module.params.get("vpc_id")
+
+    if module.check_mode:
+        return dict(
+            changed=True, msg=f"Would have deleted Egress internet only Gateway id '{eigw_id}' if not in check mode."
+        )
+
+    try:
+        changed = delete_egress_only_internet_gateway(connection, egress_only_internet_gateway_id=eigw_id)
+    except AnsibleEC2Error as e:
+        module.fail_json_aws(e)
+
+    return dict(changed=changed)
+
+
+def create_eigw(module: AnsibleAWSModule, connection, vpc_id: str) -> Dict[str, Union[str, bool]]:
+    """
+    Create EIGW.
+
+    module       : AnsibleAWSModule object
+    connection   : boto3 client connection object
+    vpc_id       : ID of the VPC we are operating on
+    """
+
+    if module.check_mode:
+        return dict(changed=True, msg="Would have created Egress internet only Gateway if not in check mode.")
+
+    gateway_id = None
+    changed = False
+
+    try:
+        response = create_egress_only_internet_gateway(connection, vpc_id=vpc_id, tags=module.params.get("tags"))
+        changed = True
+    except AnsibleEC2Error as e:
+        module.fail_json_aws(e)
+
+    gateway = response.get("EgressOnlyInternetGateway", {})
+    state = gateway.get("Attachments", [{}])[0].get("State")
+    gateway_id = gateway.get("EgressOnlyInternetGatewayId")
+    tags = boto3_tag_list_to_ansible_dict(gateway.get("Tags", []))
+
+    if not gateway_id or state not in ("attached", "attaching"):
+        # EIGW gave back a bad attachment state or an invalid response so we error out
+        module.fail_json(
+            msg=f"Unable to create and attach Egress Only Internet Gateway to VPCId: {vpc_id}. Bad or no state in response",
+            **camel_dict_to_snake_dict(response),
+        )
+
+    return dict(changed=changed, gateway_id=gateway_id, tags=tags)
+
+
+def find_egress_only_igw(module: AnsibleAWSModule, connection, vpc_id: str) -> Optional[Dict[str, Any]]:
+    """
+    Describe EIGWs.
+
+    module     : AnsibleAWSModule object
+    connection : boto3 client connection object
+    vpc_id     : ID of the VPC we are operating on
+    """
+    result = None
+
+    try:
+        for eigw in describe_egress_only_internet_gateways(connection):
+            for attachment in eigw.get("Attachments", []):
+                if attachment.get("VpcId") == vpc_id and attachment.get("State") in ("attached", "attaching"):
+                    return {
+                        "gateway_id": eigw.get("EgressOnlyInternetGatewayId"),
+                        "tags": boto3_tag_list_to_ansible_dict(eigw.get("Tags", [])),
+                    }
+    except AnsibleEC2Error as e:
+        module.fail_json_aws(e)
+
+    return result
+
+
+def ensure_present(connection, module: AnsibleAWSModule, existing: Optional[Dict[str, Any]]) -> None:
+    vpc_id = module.params.get("vpc_id")
+    result = dict(vpc_id=vpc_id, changed=False)
+
+    if not existing:
+        result.update(create_eigw(module, connection, vpc_id))
+    else:
+        egress_only_igw_id = existing.get("gateway_id")
+        changed = False
+        result = existing
+        tags = module.params.get("tags")
+        purge_tags = module.params.get("purge_tags")
+        if tags is not None:
+            changed = ensure_ec2_tags(
+                connection,
+                module,
+                egress_only_igw_id,
+                resource_type="egress-only-internet-gateway",
+                tags=tags,
+                purge_tags=purge_tags,
+            )
+        result.update(dict(changed=changed, vpc_id=vpc_id))
+
+    module.exit_json(**result)
+
+
+def ensure_absent(connection, module: AnsibleAWSModule, existing: Optional[Dict[str, Any]]) -> None:
+    vpc_id = module.params.get("vpc_id")
+    if not existing:
+        module.exit_json(changed=False, msg=f"No Egress only internet gateway attached to the VPC id '{vpc_id}'")
+
+    egress_only_igw_id = existing.get("gateway_id")
+    result = dict(gateway_id=egress_only_igw_id, vpc_id=vpc_id, changed=False)
+    result.update(delete_eigw(module, connection, egress_only_igw_id))
+    module.exit_json(**result)
+
+
+def main():
+    argument_spec = dict(
+        vpc_id=dict(required=True),
+        state=dict(default="present", choices=["present", "absent"]),
+        tags=dict(type="dict", aliases=["resource_tags"]),
+        purge_tags=dict(type="bool", default=True),
+    )
+
+    module = AnsibleAWSModule(argument_spec=argument_spec, supports_check_mode=True)
+
+    connection = module.client("ec2")
+
+    vpc_id = module.params.get("vpc_id")
+    state = module.params.get("state")
+
+    existing_egress_only_igw = find_egress_only_igw(module, connection, vpc_id)
+
+    if state == "present":
+        ensure_present(connection, module, existing_egress_only_igw)
+    else:
+        ensure_absent(connection, module, existing_egress_only_igw)
+
+
+if __name__ == "__main__":
+    main()
diff --git a/tests/integration/targets/ec2_vpc_egress_igw/aliases b/tests/integration/targets/ec2_vpc_egress_igw/aliases
@@ -0,0 +1,2 @@
+cloud/aws
+ec2_vpc_egress_igw_info