archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

ec2_ami can update an ami's launch_permissions

Browse Source
pull/18777/head
Matt Ferrante 10 years ago committed by Matt Clay
parent 2cb83fb196
commit 74b4882415
1 changed files with 68 additions and 1 deletions
Show Stats Download Patch File Download Diff File

69
lib/ansible/modules/cloud/amazon/ec2_ami.py
Unescape Escape View File

@ -86,6 +86,12 @@ options:
required: false required: false
default: null default: null
version_added: "2.0" version_added: "2.0"
launch_permissions:
description:
- Users and groups that should be able to launch the ami. Expects dictionary with a key of user_ids and/or group_names. user_ids should be a list of account ids. group_name should be a list of groups, "all" is the only acceptable value currently.
required: false
default: null
aliases: []
author: "Evan Duffield (@scicoin-project) <eduffield@iacquire.com>" author: "Evan Duffield (@scicoin-project) <eduffield@iacquire.com>"
extends_documentation_fragment: aws extends_documentation_fragment: aws
@ -151,6 +157,25 @@ EXAMPLES = '''
delete_snapshot: False delete_snapshot: False
state: absent state: absent
# Update AMI Launch Permissions, making it public
- ec2_ami:
aws_access_key: xxxxxxxxxxxxxxxxxxxxxxx
aws_secret_key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
region: xxxxxx
image_id: "{{ instance.image_id }}"
state: present
launch_permissions:
group_names: ['all']
# Allow AMI to be launched by another account
- ec2_ami:
aws_access_key: xxxxxxxxxxxxxxxxxxxxxxx
aws_secret_key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
region: xxxxxx
image_id: "{{ instance.image_id }}"
state: present
launch_permissions:
user_ids: ['123456789012']
''' '''
import sys import sys
@ -179,6 +204,7 @@ def create_image(module, ec2):
description = module.params.get('description') description = module.params.get('description')
no_reboot = module.params.get('no_reboot') no_reboot = module.params.get('no_reboot')
tags = module.params.get('tags') tags = module.params.get('tags')
launch_permissions = module.params.get('launch_permissions')
try: try:
params = {'instance_id': instance_id, params = {'instance_id': instance_id,
@ -228,6 +254,12 @@ def create_image(module, ec2):
ec2.create_tags(image_id, tags) ec2.create_tags(image_id, tags)
except boto.exception.EC2ResponseError, e: except boto.exception.EC2ResponseError, e:
module.fail_json(msg = "Image tagging failed => %s: %s" % (e.error_code, e.error_message)) module.fail_json(msg = "Image tagging failed => %s: %s" % (e.error_code, e.error_message))
if launch_permissions:
try:
img = ec2.get_image(image_id)
img.set_launch_permissions(**launch_permissions)
except boto.exception.BotoServerError, e:
module.fail_json(msg="%s: %s" % (e.error_code, e.error_message), image_id=image_id)
module.exit_json(msg="AMI creation operation complete", image_id=image_id, state=img.state, changed=True) module.exit_json(msg="AMI creation operation complete", image_id=image_id, state=img.state, changed=True)
@ -268,6 +300,36 @@ def deregister_image(module, ec2):
sys.exit(0) sys.exit(0)
def update_image(module, ec2):
"""
Updates AMI
"""
image_id = module.params.get('image_id')
launch_permissions = module.params.get('launch_permissions')
if 'user_ids' in launch_permissions:
launch_permissions['user_ids'] = [str(user_id) for user_id in launch_permissions['user_ids']]
img = ec2.get_image(image_id)
if img == None:
module.fail_json(msg = "Image %s does not exist" % image_id, changed=False)
try:
set_permissions = img.get_launch_permissions()
if set_permissions != launch_permissions:
if ('user_ids' in launch_permissions and launch_permissions['user_ids']) or ('group_names' in launch_permissions and launch_permissions['group_names']):
res = img.set_launch_permissions(**launch_permissions)
elif ('user_ids' in set_permissions and set_permissions['user_ids']) or ('group_names' in set_permissions and set_permissions['group_names']):
res = img.remove_launch_permissions(**set_permissions)
else:
module.exit_json(msg="AMI not updated", launch_permissions=set_permissions, changed=False)
module.exit_json(msg="AMI launch permissions updated", launch_permissions=launch_permissions, set_perms=set_permissions, changed=True)
else:
module.exit_json(msg="AMI not updated", launch_permissions=set_permissions, changed=False)
except boto.exception.BotoServerError, e:
module.fail_json(msg = "%s: %s" % (e.error_code, e.error_message))
def main(): def main():
argument_spec = ec2_argument_spec() argument_spec = ec2_argument_spec()
argument_spec.update(dict( argument_spec.update(dict(
@ -280,8 +342,9 @@ def main():
description = dict(default=""), description = dict(default=""),
no_reboot = dict(default=False, type="bool"), no_reboot = dict(default=False, type="bool"),
state = dict(default='present'), state = dict(default='present'),
device_mapping = dict(type='list'),
tags = dict(type='dict'), tags = dict(type='dict'),
launch_permissions = dict(type='dict')
) )
) )
module = AnsibleModule(argument_spec=argument_spec) module = AnsibleModule(argument_spec=argument_spec)
@ -301,6 +364,10 @@ def main():
deregister_image(module, ec2) deregister_image(module, ec2)
elif module.params.get('state') == 'present': elif module.params.get('state') == 'present':
if module.params.get('image_id') and module.params.get('launch_permissions'):
# Update image's launch permissions
update_image(module, ec2)
# Changed is always set to true when provisioning new AMI # Changed is always set to true when provisioning new AMI
if not module.params.get('instance_id'): if not module.params.get('instance_id'):
module.fail_json(msg='instance_id parameter is required for new image') module.fail_json(msg='instance_id parameter is required for new image')

Write Preview
Loading…
Cancel
Save