mirror of https://github.com/ansible/ansible.git
ability to use lambda target in elb_target_group (#57394)
* enable elb_lambda_target testpull/59831/head
parent
e07c4f41d7
commit
196347ff32
@ -0,0 +1,8 @@
|
||||
import json
|
||||
|
||||
|
||||
def lambda_handler(event, context):
|
||||
return {
|
||||
'statusCode': 200,
|
||||
'body': json.dumps('Hello from Lambda!')
|
||||
}
|
@ -0,0 +1,8 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": {
|
||||
"Effect": "Allow",
|
||||
"Principal": { "Service": "lambda.amazonaws.com" },
|
||||
"Action": "sts:AssumeRole"
|
||||
}
|
||||
}
|
@ -0,0 +1,135 @@
|
||||
---
|
||||
- name: set up aws connection info
|
||||
set_fact:
|
||||
aws_connection_info: &aws_connection_info
|
||||
aws_access_key: "{{ aws_access_key }}"
|
||||
aws_secret_key: "{{ aws_secret_key }}"
|
||||
security_token: "{{ security_token }}"
|
||||
region: "{{ aws_region }}"
|
||||
no_log: yes
|
||||
|
||||
- name: set up lambda as elb_target
|
||||
|
||||
block:
|
||||
- name: create zip to deploy lambda code
|
||||
archive:
|
||||
path: "{{ role_path }}/files/ansible_lambda_target.py"
|
||||
dest: /tmp/lambda.zip
|
||||
format: zip
|
||||
|
||||
- name: "create or update service-role for lambda"
|
||||
iam_role:
|
||||
<<: *aws_connection_info
|
||||
name: ansible_lambda_execution
|
||||
assume_role_policy_document: "{{ lookup('file', role_path + '/files/assume-role.json') }}"
|
||||
managed_policy:
|
||||
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
|
||||
register: ROLE_ARN
|
||||
|
||||
- name: when it is to fast, the role is not usable.
|
||||
pause:
|
||||
minutes: 1
|
||||
|
||||
- name: deploy lambda.zip to ansible_lambda_target function
|
||||
lambda:
|
||||
<<: *aws_connection_info
|
||||
name: "ansible_lambda_target"
|
||||
state: present
|
||||
zip_file: "/tmp/lambda.zip"
|
||||
runtime: "python3.7"
|
||||
role: "{{ ROLE_ARN.arn }}"
|
||||
handler: "ansible_lambda_target.lambda_handler"
|
||||
timeout: 30
|
||||
register: lambda_function
|
||||
retries: 3
|
||||
delay: 15
|
||||
until: lambda_function.changed
|
||||
|
||||
- name: create empty target group
|
||||
elb_target_group:
|
||||
<<: *aws_connection_info
|
||||
name: ansible-lambda-targetgroup
|
||||
target_type: lambda
|
||||
state: present
|
||||
modify_targets: False
|
||||
register: elb_target_group
|
||||
|
||||
- name: tg is created, state must be changed
|
||||
assert:
|
||||
that:
|
||||
- elb_target_group.changed
|
||||
|
||||
- name: allow elb to invoke the lambda function
|
||||
lambda_policy:
|
||||
<<: *aws_connection_info
|
||||
state: present
|
||||
function_name: ansible_lambda_target
|
||||
version: "{{ lambda_function.configuration.version }}"
|
||||
statement_id: elb1
|
||||
action: lambda:InvokeFunction
|
||||
principal: elasticloadbalancing.amazonaws.com
|
||||
source_arn: "{{ elb_target_group.target_group_arn }}"
|
||||
|
||||
- name: add lambda to elb target
|
||||
elb_target_group:
|
||||
<<: *aws_connection_info
|
||||
name: ansible-lambda-targetgroup
|
||||
target_type: lambda
|
||||
state: present
|
||||
targets:
|
||||
- Id: "{{ lambda_function.configuration.function_arn }}"
|
||||
register: elb_target_group
|
||||
|
||||
- name: target is updated, state must be changed
|
||||
assert:
|
||||
that:
|
||||
- elb_target_group.changed
|
||||
|
||||
- name: re-add lambda to elb target (idempotency)
|
||||
elb_target_group:
|
||||
<<: *aws_connection_info
|
||||
name: ansible-lambda-targetgroup
|
||||
target_type: lambda
|
||||
state: present
|
||||
targets:
|
||||
- Id: "{{ lambda_function.configuration.function_arn }}"
|
||||
register: elb_target_group
|
||||
|
||||
- name: target is still the same, state must not be changed (idempotency)
|
||||
assert:
|
||||
that:
|
||||
- not elb_target_group.changed
|
||||
|
||||
- name: remove lambda target from target group
|
||||
elb_target_group:
|
||||
<<: *aws_connection_info
|
||||
name: ansible-lambda-targetgroup
|
||||
target_type: lambda
|
||||
state: absent
|
||||
targets: []
|
||||
register: elb_target_group
|
||||
|
||||
- name: target is still the same, state must not be changed (idempotency)
|
||||
assert:
|
||||
that:
|
||||
- elb_target_group.changed
|
||||
|
||||
always:
|
||||
- name: remove elb target group
|
||||
elb_target_group:
|
||||
<<: *aws_connection_info
|
||||
name: ansible-lambda-targetgroup
|
||||
target_type: lambda
|
||||
state: absent
|
||||
|
||||
- name: remove lambda function
|
||||
lambda:
|
||||
<<: *aws_connection_info
|
||||
name: "ansible_lambda_target"
|
||||
state: absent
|
||||
|
||||
- name: remove iam role for lambda
|
||||
iam_role:
|
||||
<<: *aws_connection_info
|
||||
name: ansible_lambda_execution
|
||||
state: absent
|
Loading…
Reference in New Issue