From 5a72eef0a30344ad5fcafbd3e95754edf6bbcde5 Mon Sep 17 00:00:00 2001
From: Deepakkothandan <deepak.kdy@gmail.com>
Date: Tue, 19 Jun 2018 14:46:40 +0200
Subject: [PATCH] [ecs_service] fix assign_public ip for network configuration
 (#41685)

* fix assign_public ip for ecs_service

* used module.botocore_at_least instead of distutils
---
 .../modules/cloud/amazon/ecs_service.py       |   5 +
 .../network_assign_public_ip_fail.yml         | 129 ++++++++++++++++++
 test/integration/targets/ecs_cluster/runme.sh |   7 +
 3 files changed, 141 insertions(+)
 create mode 100644 test/integration/targets/ecs_cluster/playbooks/network_assign_public_ip_fail.yml

diff --git a/lib/ansible/modules/cloud/amazon/ecs_service.py b/lib/ansible/modules/cloud/amazon/ecs_service.py
index 97c41fec587..52879bba2e7 100644
--- a/lib/ansible/modules/cloud/amazon/ecs_service.py
+++ b/lib/ansible/modules/cloud/amazon/ecs_service.py
@@ -102,6 +102,7 @@ options:
           - network configuration of the service. Only applicable for task definitions created with C(awsvpc) I(network_mode).
           - I(network_configuration) has two keys, I(subnets), a list of subnet IDs to which the task is attached and I(security_groups),
             a list of group names or group IDs for the task
+          - assign_public_ip requires botocore >= 1.8.4
         version_added: 2.6
     launch_type:
         description:
@@ -324,6 +325,10 @@ class EcsServiceManager:
                 except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e:
                     self.module.fail_json_aws(e, msg="Couldn't look up security groups")
             result['securityGroups'] = groups
+        if 'assign_public_ip' in network_config and self.module.botocore_at_least('1.8.4'):
+            result['assign_public_ip'] = 'assign_public_ip'
+        else:
+            self.module.fail_json(msg='botocore needs to be version 1.8.4 or higher to use assign_public_ip in network_configuration')
         return dict(awsvpcConfiguration=result)
 
     def find_in_array(self, array_of_services, service_name, field_name='serviceArn'):
diff --git a/test/integration/targets/ecs_cluster/playbooks/network_assign_public_ip_fail.yml b/test/integration/targets/ecs_cluster/playbooks/network_assign_public_ip_fail.yml
new file mode 100644
index 00000000000..92352bba858
--- /dev/null
+++ b/test/integration/targets/ecs_cluster/playbooks/network_assign_public_ip_fail.yml
@@ -0,0 +1,129 @@
+- hosts: localhost
+  connection: local
+  vars:
+     resource_prefix: 'ansible-testing'
+
+  tasks:
+    - block:
+        - name: set up aws connection info
+          set_fact:
+            aws_connection_info: &aws_connection_info
+              aws_access_key: "{{ aws_access_key }}"
+              aws_secret_key: "{{ aws_secret_key }}"
+              security_token: "{{ security_token }}"
+              region: "{{ aws_region }}"
+          no_log: True
+
+        - name: create ecs cluster
+          ecs_cluster:
+            name: "{{ resource_prefix }}"
+            state: present
+            <<: *aws_connection_info
+
+        - name: create ecs_taskdefinition with bridged network
+          ecs_taskdefinition:
+            containers:
+              - name: my_container
+                image: ubuntu
+                memory: 128
+            family: "{{ resource_prefix }}"
+            state: present
+            network_mode: bridge
+            <<: *aws_connection_info
+          register: ecs_taskdefinition_creation
+
+        - name: create ecs_taskdefinition with awsvpc network
+          ecs_taskdefinition:
+            containers:
+              - name: my_container
+                image: ubuntu
+                memory: 128
+            family: "{{ resource_prefix }}-vpc"
+            state: present
+            network_mode: awsvpc
+            <<: *aws_connection_info
+          register: ecs_taskdefinition_creation_vpc
+
+        - name: ecs_taskdefinition works fine even when older botocore is used
+          assert:
+            that:
+              - ecs_taskdefinition_creation_vpc.changed
+
+        - name: create ecs_service using awsvpc network_configuration
+          ecs_service:
+            name: "{{ resource_prefix }}-vpc"
+            cluster: "{{ resource_prefix }}"
+            task_definition: "{{ resource_prefix }}-vpc"
+            desired_count: 1
+            network_configuration:
+              subnets:
+                - subnet-abcd1234
+              groups:
+                - sg-abcd1234
+              assign_public_ip: true
+            state: present
+            <<: *aws_connection_info
+          register: ecs_service_creation_vpc
+          ignore_errors: yes
+
+        - name: check that graceful failure message is returned from ecs_service
+          assert:
+            that:
+              - ecs_service_creation_vpc.failed
+              - 'ecs_service_creation_vpc.msg == "botocore needs to be version 1.8.4 or higher to use assign_public_ip in network_configuration"'
+
+      always:
+        - name: scale down ecs service
+          ecs_service:
+            name: "{{ resource_prefix }}"
+            cluster: "{{ resource_prefix }}"
+            task_definition: "{{ resource_prefix }}"
+            desired_count: 0
+            state: present
+            <<: *aws_connection_info
+          ignore_errors: yes
+
+        - name: pause to wait for scale down
+          pause:
+            seconds: 30
+
+        - name: remove ecs service
+          ecs_service:
+            name: "{{ resource_prefix }}"
+            cluster: "{{ resource_prefix }}"
+            task_definition: "{{ resource_prefix }}"
+            desired_count: 1
+            state: absent
+            <<: *aws_connection_info
+          ignore_errors: yes
+
+        - name: remove ecs task definition
+          ecs_taskdefinition:
+            containers:
+              - name: my_container
+                image: ubuntu
+                memory: 128
+            family: "{{ resource_prefix }}"
+            revision: "{{ ecs_taskdefinition_creation.taskdefinition.revision }}"
+            state: absent
+            <<: *aws_connection_info
+          ignore_errors: yes
+
+        - name: remove ecs task definition vpc
+          ecs_taskdefinition:
+            containers:
+              - name: my_container
+                image: ubuntu
+                memory: 128
+            family: "{{ resource_prefix }}-vpc"
+            revision: "{{ ecs_taskdefinition_creation_vpc.taskdefinition.revision }}"
+            state: absent
+            <<: *aws_connection_info
+          ignore_errors: yes
+
+        - name: remove ecs cluster
+          ecs_cluster:
+            name: "{{ resource_prefix }}"
+            state: absent
+            <<: *aws_connection_info
+          ignore_errors: yes
diff --git a/test/integration/targets/ecs_cluster/runme.sh b/test/integration/targets/ecs_cluster/runme.sh
index 000334cc716..aebbb5e4124 100755
--- a/test/integration/targets/ecs_cluster/runme.sh
+++ b/test/integration/targets/ecs_cluster/runme.sh
@@ -18,6 +18,13 @@ source "${MYTMPDIR}/botocore-1.7.40/bin/activate"
 $PYTHON -m pip install 'botocore<=1.7.40' boto3
 ansible-playbook -i ../../inventory -e @../../integration_config.yml -e @../../cloud-config-aws.yml -v playbooks/network_fail.yml "$@"
 
+# Test graceful failure for assign public ip
+# applies for botocore >= 1.7.44 and < 1.8.4
+virtualenv --system-site-packages --python "${PYTHON}" "${MYTMPDIR}/botocore-1.7.44"
+source "${MYTMPDIR}/botocore-1.7.44/bin/activate"
+$PYTHON -m pip install 'botocore>=1.7.44,<1.8.4' boto3
+ansible-playbook -i ../../inventory -e @../../integration_config.yml -e @../../cloud-config-aws.yml -v playbooks/network_assign_public_ip_fail.yml "$@"
+
 # Run full test suite
 virtualenv --system-site-packages --python "${PYTHON}" "${MYTMPDIR}/botocore-recent"
 source "${MYTMPDIR}/botocore-recent/bin/activate"