diff --git a/changelogs/fragments/migrate_ec2_vpc_egress_igw.yml b/changelogs/fragments/migrate_ec2_vpc_egress_igw.yml new file mode 100644 index 00000000000..e98eb6dbd53 --- /dev/null +++ b/changelogs/fragments/migrate_ec2_vpc_egress_igw.yml @@ -0,0 +1,5 @@ +--- +breaking_changes: + - ec2_vpc_egress_igw - The module has been migrated from the ``community.aws`` collection. + Playbooks using the Fully Qualified Collection Name for this module should be + updated to use ``amazon.aws.ec2_vpc_egress_igw`` (https://api.github.com/repos/ansible-collections/community.aws/pulls/2169). \ No newline at end of file diff --git a/meta/runtime.yml b/meta/runtime.yml index ea50b016258..3e3f8d67779 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -114,7 +114,6 @@ action_groups: - ec2_transit_gateway_info - ec2_transit_gateway_vpc_attachment - ec2_transit_gateway_vpc_attachment_info - - ec2_vpc_egress_igw - ec2_vpc_nacl - ec2_vpc_nacl_info - ec2_vpc_peer @@ -520,6 +519,8 @@ plugin_routing: redirect: amazon.aws.s3_bucket_info sts_assume_role: redirect: amazon.aws.sts_assume_role + ec2_vpc_egress_igw: + redirect: amazon.aws.ec2_vpc_egress_igw module_utils: route53: redirect: amazon.aws.route53 \ No newline at end of file diff --git a/plugins/modules/ec2_vpc_egress_igw.py b/plugins/modules/ec2_vpc_egress_igw.py deleted file mode 100644 index 8a1a520b7aa..00000000000 --- a/plugins/modules/ec2_vpc_egress_igw.py +++ /dev/null @@ -1,232 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- - -# Copyright (c) 2017 Ansible Project -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) - -DOCUMENTATION = r""" ---- -module: ec2_vpc_egress_igw -version_added: 1.0.0 -short_description: Manage an AWS VPC Egress Only Internet gateway -description: - - Manage an AWS VPC Egress Only Internet gateway -author: - - Daniel Shepherd (@shepdelacreme) -options: - vpc_id: - description: - - The VPC ID for the VPC that this Egress Only Internet Gateway should be attached. - required: true - type: str - state: - description: - - Create or delete the EIGW. - default: present - choices: [ 'present', 'absent' ] - type: str -notes: - - Support for O(tags) and O(purge_tags) was added in release 9.0.0. -extends_documentation_fragment: - - amazon.aws.common.modules - - amazon.aws.region.modules - - amazon.aws.boto3 - - amazon.aws.tags.modules -""" - -EXAMPLES = r""" -# Note: These examples do not set authentication details, see the AWS Guide for details. - -# Ensure that the VPC has an Internet Gateway. -# The Internet Gateway ID is can be accessed via {{eigw.gateway_id}} for use in setting up NATs etc. -- name: Create Egress internet only gateway - community.aws.ec2_vpc_egress_igw: - vpc_id: vpc-abcdefgh - state: present - -- name: Delete Egress internet only gateway - community.aws.ec2_vpc_egress_igw: - vpc_id: vpc-abcdefgh - state: absent -""" - -RETURN = r""" -gateway_id: - description: The ID of the Egress Only Internet Gateway or Null. - returned: always - type: str - sample: eigw-0e00cf111ba5bc11e -vpc_id: - description: The ID of the VPC to attach or detach gateway from. - returned: always - type: str - sample: vpc-012345678 -tags: - description: Any tags assigned to the internet gateway. - returned: always - type: dict -""" - -from typing import Any -from typing import Dict -from typing import Optional -from typing import Union - -from ansible.module_utils.common.dict_transformations import camel_dict_to_snake_dict - -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import AnsibleEC2Error -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import create_egress_only_internet_gateway -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import delete_egress_only_internet_gateway -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import describe_egress_only_internet_gateways -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ensure_ec2_tags -from ansible_collections.amazon.aws.plugins.module_utils.tagging import boto3_tag_list_to_ansible_dict - -from ansible_collections.community.aws.plugins.module_utils.modules import AnsibleCommunityAWSModule as AnsibleAWSModule - - -def delete_eigw(module: AnsibleAWSModule, connection, eigw_id: str) -> Dict[str, Union[str, bool]]: - """ - Delete EIGW. - - module : AnsibleAWSModule object - connection : boto3 client connection object - eigw_id : ID of the EIGW to delete - """ - - vpc_id = module.params.get("vpc_id") - - if module.check_mode: - return dict( - changed=True, msg=f"Would have deleted Egress internet only Gateway id '{eigw_id}' if not in check mode." - ) - - try: - changed = delete_egress_only_internet_gateway(connection, egress_only_internet_gateway_id=eigw_id) - except AnsibleEC2Error as e: - module.fail_json_aws(e) - - return dict(changed=changed) - - -def create_eigw(module: AnsibleAWSModule, connection, vpc_id: str) -> Dict[str, Union[str, bool]]: - """ - Create EIGW. - - module : AnsibleAWSModule object - connection : boto3 client connection object - vpc_id : ID of the VPC we are operating on - """ - - if module.check_mode: - return dict(changed=True, msg="Would have created Egress internet only Gateway if not in check mode.") - - gateway_id = None - changed = False - - try: - response = create_egress_only_internet_gateway(connection, vpc_id=vpc_id, tags=module.params.get("tags")) - changed = True - except AnsibleEC2Error as e: - module.fail_json_aws(e) - - gateway = response.get("EgressOnlyInternetGateway", {}) - state = gateway.get("Attachments", [{}])[0].get("State") - gateway_id = gateway.get("EgressOnlyInternetGatewayId") - tags = boto3_tag_list_to_ansible_dict(gateway.get("Tags", [])) - - if not gateway_id or state not in ("attached", "attaching"): - # EIGW gave back a bad attachment state or an invalid response so we error out - module.fail_json( - msg=f"Unable to create and attach Egress Only Internet Gateway to VPCId: {vpc_id}. Bad or no state in response", - **camel_dict_to_snake_dict(response), - ) - - return dict(changed=changed, gateway_id=gateway_id, tags=tags) - - -def find_egress_only_igw(module: AnsibleAWSModule, connection, vpc_id: str) -> Optional[Dict[str, Any]]: - """ - Describe EIGWs. - - module : AnsibleAWSModule object - connection : boto3 client connection object - vpc_id : ID of the VPC we are operating on - """ - result = None - - try: - for eigw in describe_egress_only_internet_gateways(connection): - for attachment in eigw.get("Attachments", []): - if attachment.get("VpcId") == vpc_id and attachment.get("State") in ("attached", "attaching"): - return { - "gateway_id": eigw.get("EgressOnlyInternetGatewayId"), - "tags": boto3_tag_list_to_ansible_dict(eigw.get("Tags", [])), - } - except AnsibleEC2Error as e: - module.fail_json_aws(e) - - return result - - -def ensure_present(connection, module: AnsibleAWSModule, existing: Optional[Dict[str, Any]]) -> None: - vpc_id = module.params.get("vpc_id") - result = dict(vpc_id=vpc_id, changed=False) - - if not existing: - result.update(create_eigw(module, connection, vpc_id)) - else: - egress_only_igw_id = existing.get("gateway_id") - changed = False - result = existing - tags = module.params.get("tags") - purge_tags = module.params.get("purge_tags") - if tags is not None: - changed = ensure_ec2_tags( - connection, - module, - egress_only_igw_id, - resource_type="egress-only-internet-gateway", - tags=tags, - purge_tags=purge_tags, - ) - result.update(dict(changed=changed, vpc_id=vpc_id)) - - module.exit_json(**result) - - -def ensure_absent(connection, module: AnsibleAWSModule, existing: Optional[Dict[str, Any]]) -> None: - vpc_id = module.params.get("vpc_id") - if not existing: - module.exit_json(changed=False, msg=f"No Egress only internet gateway attached to the VPC id '{vpc_id}'") - - egress_only_igw_id = existing.get("gateway_id") - result = dict(gateway_id=egress_only_igw_id, vpc_id=vpc_id, changed=False) - result.update(delete_eigw(module, connection, egress_only_igw_id)) - module.exit_json(**result) - - -def main(): - argument_spec = dict( - vpc_id=dict(required=True), - state=dict(default="present", choices=["present", "absent"]), - tags=dict(type="dict", aliases=["resource_tags"]), - purge_tags=dict(type="bool", default=True), - ) - - module = AnsibleAWSModule(argument_spec=argument_spec, supports_check_mode=True) - - connection = module.client("ec2") - - vpc_id = module.params.get("vpc_id") - state = module.params.get("state") - - existing_egress_only_igw = find_egress_only_igw(module, connection, vpc_id) - - if state == "present": - ensure_present(connection, module, existing_egress_only_igw) - else: - ensure_absent(connection, module, existing_egress_only_igw) - - -if __name__ == "__main__": - main() diff --git a/tests/integration/targets/ec2_vpc_egress_igw/aliases b/tests/integration/targets/ec2_vpc_egress_igw/aliases deleted file mode 100644 index 4ef4b2067d0..00000000000 --- a/tests/integration/targets/ec2_vpc_egress_igw/aliases +++ /dev/null @@ -1 +0,0 @@ -cloud/aws diff --git a/tests/integration/targets/ec2_vpc_egress_igw/tasks/main.yml b/tests/integration/targets/ec2_vpc_egress_igw/tasks/main.yml deleted file mode 100644 index 56bb89decaf..00000000000 --- a/tests/integration/targets/ec2_vpc_egress_igw/tasks/main.yml +++ /dev/null @@ -1,181 +0,0 @@ ---- -- name: Run ec2_vpc_egress_igw integration tests - module_defaults: - group/aws: - access_key: '{{ aws_access_key }}' - secret_key: '{{ aws_secret_key }}' - session_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region }}' - block: - - # ============================================================ - - name: Test failure with no parameters - community.aws.ec2_vpc_egress_igw: - register: result - ignore_errors: true - - - name: Assert failure with no parameters - ansible.builtin.assert: - that: - - result is failed - - 'result.msg == "missing required arguments: vpc_id"' - - # ============================================================ - - name: Test failure with non-existent VPC ID - community.aws.ec2_vpc_egress_igw: - state: present - vpc_id: vpc-02394e50abc1807e8 - register: result - ignore_errors: true - - - name: Assert failure with non-existent VPC ID - ansible.builtin.assert: - that: - - result is failed - - e_msg in result.exception - vars: - e_msg: "The vpc ID 'vpc-02394e50abc1807e8' does not exist" - - # ============================================================ - - name: Create a VPC - amazon.aws.ec2_vpc_net: - name: "{{ resource_prefix }}-vpc" - state: present - cidr_block: "10.232.232.128/26" - tags: - Name: "{{ resource_prefix }}-vpc" - Description: "Created by ansible-test" - register: vpc_result - - # ============================================================ - - name: Create egress-only internet gateway using check_mode=true - community.aws.ec2_vpc_egress_igw: - state: present - vpc_id: "{{ vpc_result.vpc.id }}" - register: vpc_eigw_create_check_mode - check_mode: true - - - name: Assert module returned changed and the Egress IGW was not created - ansible.builtin.assert: - that: - - vpc_eigw_create_check_mode is changed - - # # ============================================================ - - name: Create egress-only internet gateway (expected changed=true) - community.aws.ec2_vpc_egress_igw: - state: present - vpc_id: "{{ vpc_result.vpc.id }}" - register: vpc_eigw_create - - - name: Assert module returned changed and the Egress IGW was not created - ansible.builtin.assert: - that: - - vpc_eigw_create is changed - - # # ============================================================ - - name: Create egress-only internet gateway once again (idempotency) - community.aws.ec2_vpc_egress_igw: - state: present - vpc_id: "{{ vpc_result.vpc.id }}" - register: vpc_eigw_create_idempotency - - - name: Assert module returned changed and the Egress IGW was not created - assert: - that: - - vpc_eigw_create_idempotency is not changed - - vpc_eigw_create_idempotency.gateway_id == vpc_eigw_create.gateway_id - - # # ============================================================ - - name: Delete egress-only internet gateway (check_mode) - ec2_vpc_egress_igw: - state: absent - vpc_id: "{{ vpc_result.vpc.id }}" - register: vpc_eigw_delete_check_mode - check_mode: true - - - name: Assert module returned changed and the Egress IGW was not created - ansible.builtin.assert: - that: - - vpc_eigw_delete_check_mode is changed - - vpc_eigw_create_idempotency.gateway_id == vpc_eigw_delete_check_mode.gateway_id - - # # ============================================================ - - name: Delete egress-only internet gateway once again (idempotency) - community.aws.ec2_vpc_egress_igw: - state: absent - vpc_id: "{{ vpc_result.vpc.id }}" - register: vpc_eigw_delete - - - name: Assert module returned changed and the Egress IGW was not created - ansible.builtin.assert: - that: - - vpc_eigw_delete is changed - - vpc_eigw_create_idempotency.gateway_id == vpc_eigw_delete.gateway_id - - # # ============================================================ - - name: Delete egress-only internet gateway - ec2_vpc_egress_igw: - state: absent - vpc_id: "{{ vpc_result.vpc.id }}" - register: vpc_eigw_delete_idempotency - - - name: Assert module returned changed and the Egress IGW was not created - ansible.builtin.assert: - that: - - vpc_eigw_delete_idempotency is not changed - - ## ============================================================ - ## Tagging - - name: Create Egress only internet gateway with tags - community.aws.ec2_vpc_egress_igw: - vpc_id: "{{ vpc_result.vpc.id }}" - tags: - ResourcePrefix: "{{ resource_prefix }}" - VpcId: "{{ vpc_result.vpc.id }}" - register: create_with_tags - - - name: Assert that the Egress IGW was created with tags - ansible.builtin.assert: - that: - - create_with_tags is changed - - - name: Trying to update tags (no change) - community.aws.ec2_vpc_egress_igw: - vpc_id: "{{ vpc_result.vpc.id }}" - tags: - ResourcePrefix: "{{ resource_prefix }}" - VpcId: "{{ vpc_result.vpc.id }}" - register: update_tags - - - name: Assert that the Egress IGW was not updated - ansible.builtin.assert: - that: - - update_tags is not changed - - - name: Add tag to existing tags - community.aws.ec2_vpc_egress_igw: - vpc_id: "{{ vpc_result.vpc.id }}" - tags: - Phase: integration - purge_tags: false - register: add_tag - - - name: Assert that the Egress IGW was created with tags - ansible.builtin.assert: - that: - - add_tag is changed - - always: - # ============================================================ - - name: Tidy up EIGW - community.aws.ec2_vpc_egress_igw: - state: absent - vpc_id: "{{ vpc_result.vpc.id }}" - ignore_errors: true - - - name: Tidy up VPC - amazon.aws.ec2_vpc_net: - name: "{{ resource_prefix }}-vpc" - state: absent - cidr_block: "10.232.232.128/26" - ignore_errors: true