diff --git a/lib/ansible/modules/cloud/amazon/ec2_vpc_net.py b/lib/ansible/modules/cloud/amazon/ec2_vpc_net.py index 33c711e7683..41186ed0ab2 100644 --- a/lib/ansible/modules/cloud/amazon/ec2_vpc_net.py +++ b/lib/ansible/modules/cloud/amazon/ec2_vpc_net.py @@ -17,10 +17,11 @@ DOCUMENTATION = ''' --- module: ec2_vpc_net -short_description: configure AWS virtual private clouds +short_description: Configure AWS virtual private clouds description: - - Create or terminates AWS virtual private clouds. This module has a dependency on python-boto. + - Create or terminate AWS virtual private clouds. This module has a dependency on python-boto. version_added: "2.0" +author: Jonathan Davila (@defionscode) options: name: description: @@ -30,23 +31,25 @@ options: description: - The CIDR of the VPC required: yes - aliases: [] tenancy: description: - Whether to be default or dedicated tenancy. This cannot be changed after the VPC has been created. required: false default: default + choices: [ 'default', 'dedicated' ] dns_support: description: - Whether to enable AWS DNS support. required: false - default: true + default: yes + choices: [ 'yes', 'no' ] dns_hostnames: description: - Whether to enable AWS hostname support. required: false - default: true - dhcp_id: + default: yes + choices: [ 'yes', 'no' ] + dhcp_opts_id: description: - the id of the DHCP options to use for this vpc default: null @@ -61,30 +64,32 @@ options: - The state of the VPC. Either absent or present. default: present required: false + choices: [ 'present', 'absent' ] multi_ok: description: - By default the module will not create another VPC if there is another VPC with the same name and CIDR block. Specify this as true if you want duplicate VPCs created. default: false required: false -author: Jonathan Davila + extends_documentation_fragment: aws ''' EXAMPLES = ''' +# Note: These examples do not set authentication details, see the AWS Guide for details. + # Create a VPC with dedicate tenancy and a couple of tags -- ec2_vpc: +- ec2_vpc_net: name: Module_dev2 - cidr_block: 170.10.0.0/16 + cidr_block: 10.10.0.0/16 region: us-east-1 tags: - new_vpc: ec2_vpc_module - this: works22 + module: ec2_vpc_net + this: works tenancy: dedicated ''' - import time import sys @@ -92,8 +97,7 @@ try: import boto import boto.ec2 import boto.vpc - from boto.exception import EC2ResponseError - + from boto.exception import BotoServerError HAS_BOTO=True except ImportError: HAS_BOTO=False @@ -110,12 +114,11 @@ def boto_exception(err): return error def vpc_exists(module, vpc, name, cidr_block, multi): - """Returns True or False in regards to the existance of a VPC. When supplied + """Returns True or False in regards to the existence of a VPC. When supplied with a CIDR, it will check for matching tags to determine if it is a match otherwise it will assume the VPC does not exist and thus return false. """ - exists=False - matched_vpc=None + matched_vpc = None try: matching_vpcs=vpc.get_all_vpcs(filters={'tag:Name' : name, 'cidr-block' : cidr_block}) @@ -123,114 +126,69 @@ def vpc_exists(module, vpc, name, cidr_block, multi): e_msg=boto_exception(e) module.fail_json(msg=e_msg) - if len(matching_vpcs) == 1 and not multi: - exists=True - matched_vpc=str(matching_vpcs).split(':')[1].split(']')[0] - elif len(matching_vpcs) > 1 and not multi: - module.fail_json(msg='Currently there are %d VPCs that have the same name and ' + if len(matching_vpcs) == 1: + matched_vpc = matching_vpcs[0] + elif len(matching_vpcs) > 1: + if multi: + module.fail_json(msg='Currently there are %d VPCs that have the same name and ' 'CIDR block you specified. If you would like to create ' - 'the VPC anyways please pass True to the multi_ok param.' % len(matching_vpcs)) - - return exists, matched_vpc - -def vpc_needs_update(module, vpc, vpc_id, dns_support, dns_hostnames, dhcp_id, tags): - """This returns True or False. Intended to run after vpc_exists. - It will check all the characteristics of the parameters passed and compare them - to the active VPC. If any discrepancy is found, it will report true, meaning that - the VPC needs to be update in order to match the specified state in the params. - """ - - update_dhcp=False - update_tags=False - dhcp_match=False - - try: - dhcp_list=vpc.get_all_dhcp_options() - - if dhcp_id is not None: - has_default=vpc.get_all_vpcs(filters={'dhcp-options-id' : 'default', 'vpc-id' : vpc_id}) - for opts in dhcp_list: - if (str(opts).split(':')[1] == dhcp_id) or has_default: - dhcp_match=True - break - else: - pass - except Exception, e: - e_msg=boto_exception(e) - module.fail_json(msg=e_msg) - - if not dhcp_match or (has_default and dhcp_id != 'default'): - update_dhcp=True + 'the VPC anyway please pass True to the multi_ok param.' % len(matching_vpcs)) + + return matched_vpc - if dns_hostnames and dns_support == False: - module.fail_json('In order to enable DNS Hostnames you must have DNS support enabled') - else: - - # Note: Boto currently doesn't currently provide an interface to ec2-describe-vpc-attribute - # which is needed in order to detect the current status of DNS options. For now we just update - # the attribute each time and is not used as a changed-factor. - try: - vpc.modify_vpc_attribute(vpc_id, enable_dns_support=dns_support) - vpc.modify_vpc_attribute(vpc_id, enable_dns_hostnames=dns_hostnames) - except Exception, e: - e_msg=boto_exception(e) - module.fail_json(msg=e_msg) - if tags: - try: - current_tags = dict((t.name, t.value) for t in vpc.get_all_tags(filters={'resource-id': vpc_id})) - if not set(tags.items()).issubset(set(current_tags.items())): - update_tags=True - except Exception, e: - e_msg=boto_exception(e) - module.fail_json(msg=e_msg) - - return update_dhcp, update_tags - - -def update_vpc_tags(module, vpc, vpc_id, tags, name): +def update_vpc_tags(vpc, module, vpc_obj, tags, name): + + if tags is None: + tags = dict() + tags.update({'Name': name}) try: - vpc.create_tags(vpc_id, tags) - updated_tags=dict((t.name, t.value) for t in vpc.get_all_tags(filters={'resource-id': vpc_id})) - except Exception, e: - e_msg=boto_exception(e) - module.fail_json(msg=e_msg) - - return updated_tags - - -def update_dhcp_opts(module, vpc, vpc_id, dhcp_id): - try: - vpc.associate_dhcp_options(dhcp_id, vpc_id) - dhcp_list=vpc.get_all_dhcp_options() + current_tags = dict((t.name, t.value) for t in vpc.get_all_tags(filters={'resource-id': vpc_obj.id})) + if sorted(current_tags) != sorted(tags): + vpc.create_tags(vpc_obj.id, tags) + return True + else: + return False except Exception, e: e_msg=boto_exception(e) module.fail_json(msg=e_msg) + - for opts in dhcp_list: - vpc_dhcp=vpc.get_all_vpcs(filters={'dhcp-options-id' : opts, 'vpc-id' : vpc_id}) - matched=False - if opts == dhcp_id: - matched=True - return opts - - if matched == False: - return dhcp_id +def update_dhcp_opts(connection, module, vpc_obj, dhcp_id): + + if vpc_obj.dhcp_options_id != dhcp_id: + connection.associate_dhcp_options(dhcp_id, vpc_obj.id) + return True + else: + return False + +def get_vpc_values(vpc_obj): + + if vpc_obj is not None: + vpc_values = vpc_obj.__dict__ + if "region" in vpc_values: + vpc_values.pop("region") + if "item" in vpc_values: + vpc_values.pop("item") + if "connection" in vpc_values: + vpc_values.pop("connection") + return vpc_values + else: + return None def main(): argument_spec=ec2_argument_spec() argument_spec.update(dict( - name=dict(type='str', default=None, required=True), - cidr_block=dict(type='str', default=None, required=True), - tenancy=dict(choices=['default', 'dedicated'], default='default'), - dns_support=dict(type='bool', default=True), - dns_hostnames=dict(type='bool', default=True), - dhcp_opts_id=dict(type='str', default=None, required=False), - tags=dict(type='dict', required=False, default=None), - state=dict(choices=['present', 'absent'], default='present'), - region=dict(type='str', required=True), - multi_ok=dict(type='bool', default=False) + name = dict(type='str', default=None, required=True), + cidr_block = dict(type='str', default=None, required=True), + tenancy = dict(choices=['default', 'dedicated'], default='default'), + dns_support = dict(type='bool', default=True), + dns_hostnames = dict(type='bool', default=True), + dhcp_opts_id = dict(type='str', default=None, required=False), + tags = dict(type='dict', required=False, default=None), + state = dict(choices=['present', 'absent'], default='present'), + multi_ok = dict(type='bool', default=False) ) ) @@ -239,7 +197,7 @@ def main(): ) if not HAS_BOTO: - module.fail_json(msg='Boto is required for this module') + module.fail_json(msg='boto is required for this module') name=module.params.get('name') cidr_block=module.params.get('cidr_block') @@ -250,93 +208,85 @@ def main(): tags=module.params.get('tags') state=module.params.get('state') multi=module.params.get('multi_ok') - + changed=False - new_dhcp_opts=None - new_tags=None - update_dhcp=False - update_tags=False - region, ec2_url, aws_connect_kwargs=get_aws_connection_info(module) - - try: - vpc=boto.vpc.connect_to_region( - region, - **aws_connect_kwargs - ) - except boto.exception.NoAuthHandlerFound, e: - module.fail_json(msg=str(e)) - - already_exists, vpc_id=vpc_exists(module, vpc, name, cidr_block, multi) - - if already_exists: - update_dhcp, update_tags=vpc_needs_update(module, vpc, vpc_id, dns_support, dns_hostnames, dhcp_id, tags) - if update_dhcp or update_tags: - changed=True + region, ec2_url, aws_connect_params = get_aws_connection_info(module) + + if region: + try: + connection = connect_to_aws(boto.vpc, region, **aws_connect_params) + except (boto.exception.NoAuthHandlerFound, StandardError), e: + module.fail_json(msg=str(e)) + else: + module.fail_json(msg="region must be specified") + + if dns_hostnames and not dns_support: + module.fail_json('In order to enable DNS Hostnames you must also enable DNS support') + if state == 'present': + + # Check if VPC exists + vpc_obj = vpc_exists(module, connection, name, cidr_block, multi) + + if vpc_obj is None: + try: + vpc_obj = connection.create_vpc(cidr_block, instance_tenancy=tenancy) + changed = True + except BotoServerError, e: + module.fail_json(msg=e) + + if dhcp_id is not None: + try: + if update_dhcp_opts(connection, module, vpc_obj, dhcp_id): + changed = True + except BotoServerError, e: + module.fail_json(msg=e) + + if tags is not None or name is not None: + try: + if update_vpc_tags(connection, module, vpc_obj, tags, name): + changed = True + except BotoServerError, e: + module.fail_json(msg=e) + + + # Note: Boto currently doesn't currently provide an interface to ec2-describe-vpc-attribute + # which is needed in order to detect the current status of DNS options. For now we just update + # the attribute each time and is not used as a changed-factor. try: - e_tags=dict((t.name, t.value) for t in vpc.get_all_tags(filters={'resource-id': vpc_id})) - dhcp_list=vpc.get_all_dhcp_options() - has_default=vpc.get_all_vpcs(filters={'dhcp-options-id' : 'default', 'vpc-id' : vpc_id}) - except Exception, e: + connection.modify_vpc_attribute(vpc_obj.id, enable_dns_support=dns_support) + connection.modify_vpc_attribute(vpc_obj.id, enable_dns_hostnames=dns_hostnames) + except BotoServerError, e: e_msg=boto_exception(e) module.fail_json(msg=e_msg) - - dhcp_opts=None - + + # get the vpc obj again in case it has changed try: - for opts in dhcp_list: - if vpc.get_all_vpcs(filters={'dhcp-options-id' : opts, 'vpc-id' : vpc_id}): - dhcp_opts=opts - break - else: - pass - except Exception, e: + vpc_obj = connection.get_all_vpcs(vpc_obj.id)[0] + except BotoServerError, e: e_msg=boto_exception(e) module.fail_json(msg=e_msg) + + module.exit_json(changed=changed, vpc=get_vpc_values(vpc_obj)) - if not dhcp_opts and has_default: - dhcp_opts='default' - - if state == 'present': - - if not changed and already_exists: - module.exit_json(changed=changed, vpc_id=vpc_id) - elif changed: - if update_dhcp: - dhcp_opts=update_dhcp_opts(module, vpc, vpc_id, dhcp_id) - if update_tags: - e_tags=update_vpc_tags(module, vpc, vpc_id, tags, name) - - module.exit_json(changed=changed, name=name, dhcp_options_id=dhcp_opts, tags=e_tags) - - if not already_exists: - try: - vpc_id=str(vpc.create_vpc(cidr_block, instance_tenancy=tenancy)).split(':')[1] - vpc.create_tags(vpc_id, dict(Name=name)) - except Exception, e: - e_msg=boto_exception(e) - module.fail_json(msg=e_msg) - - update_dhcp, update_tags=vpc_needs_update(module, vpc, vpc_id, dns_support, dns_hostnames, dhcp_id, tags) - - if update_dhcp: - new_dhcp_opts=update_dhcp_opts(module, vpc, vpc_id, dhcp_id) - if update_tags: - new_tags=update_vpc_tags(module, vpc, vpc_id, tags, name) - module.exit_json(changed=True, name=name, vpc_id=vpc_id, dhcp_options=new_dhcp_opts, tags=new_tags) elif state == 'absent': - if already_exists: - changed=True + + # Check if VPC exists + vpc_obj = vpc_exists(module, connection, name, cidr_block, multi) + + if vpc_obj is not None: try: - vpc.delete_vpc(vpc_id) - module.exit_json(changed=changed, vpc_id=vpc_id) - except Exception, e: - e_msg=boto_exception(e) + connection.delete_vpc(vpc_obj.id) + vpc_obj = None + changed = True + except BotoServerError, e: + e_msg = boto_exception(e) module.fail_json(msg="%s. You may want to use the ec2_vpc_subnet, ec2_vpc_igw, " - "and/or ec2_vpc_rt modules to ensure the other components are absent." % e_msg) - else: - module.exit_json(msg="VPC is absent") + "and/or ec2_vpc_route_table modules to ensure the other components are absent." % e_msg) + + module.exit_json(changed=changed, vpc=get_vpc_values(vpc_obj)) + # import module snippets from ansible.module_utils.basic import * from ansible.module_utils.ec2 import *