@ -262,33 +262,29 @@ trail:
sample : { ' environment ' : ' dev ' , ' Name ' : ' default ' }
sample : { ' environment ' : ' dev ' , ' Name ' : ' default ' }
'''
'''
import traceback
try :
try :
from botocore . exceptions import ClientError
from botocore . exceptions import ClientError , BotoCoreError
except ImportError :
except ImportError :
# Handled in main() by imported HAS_BOTO3
pass # Handled by AnsibleAWSModule
pass
from ansible . module_utils . basic import AnsibleModule
from ansible . module_utils . aws . core import AnsibleAWSModule
from ansible . module_utils . ec2 import ( boto3_conn , ec2_argument_spec , get_aws_connection_info ,
from ansible . module_utils . ec2 import ( camel_dict_to_snake_dict ,
HAS_BOTO3 , ansible_dict_to_boto3_tag_list ,
ansible_dict_to_boto3_tag_list , boto3_tag_list_to_ansible_dict )
boto3_tag_list_to_ansible_dict , camel_dict_to_snake_dict )
def create_trail ( module , client , ct_params ) :
def create_trail ( module , client , ct_params ) :
"""
"""
Creates a CloudTrail
Creates a CloudTrail
module : Ansible Module object
module : Ansible AWS Module object
client : boto3 client connection object
client : boto3 client connection object
ct_params : The parameters for the Trail to create
ct_params : The parameters for the Trail to create
"""
"""
resp = { }
resp = { }
try :
try :
resp = client . create_trail ( * * ct_params )
resp = client . create_trail ( * * ct_params )
except ClientError as err :
except ( BotoCoreError , ClientError ) as err :
module . fail_json ( msg = err . message , exception = traceback . format_exc ( ) , * * camel_dict_to_snake_dict ( err . response ) )
module . fail_json _aws( err , msg = " Failed to create Trail " )
return resp
return resp
@ -297,7 +293,7 @@ def tag_trail(module, client, tags, trail_arn, curr_tags=None, dry_run=False):
"""
"""
Creates , updates , removes tags on a CloudTrail resource
Creates , updates , removes tags on a CloudTrail resource
module : Ansible Module object
module : Ansible AWS Module object
client : boto3 client connection object
client : boto3 client connection object
tags : Dict of tags converted from ansible_dict to boto3 list of dicts
tags : Dict of tags converted from ansible_dict to boto3 list of dicts
trail_arn : The ARN of the CloudTrail to operate on
trail_arn : The ARN of the CloudTrail to operate on
@ -331,16 +327,16 @@ def tag_trail(module, client, tags, trail_arn, curr_tags=None, dry_run=False):
if not dry_run :
if not dry_run :
try :
try :
client . remove_tags ( ResourceId = trail_arn , TagsList = removes + updates )
client . remove_tags ( ResourceId = trail_arn , TagsList = removes + updates )
except ClientError as err :
except ( BotoCoreError , ClientError ) as err :
module . fail_json ( msg = err . message , exception = traceback . format_exc ( ) , * * camel_dict_to_snake_dict ( err . response ) )
module . fail_json _aws( err , msg = " Failed to remove tags from Trail " )
if updates or adds :
if updates or adds :
changed = True
changed = True
if not dry_run :
if not dry_run :
try :
try :
client . add_tags ( ResourceId = trail_arn , TagsList = updates + adds )
client . add_tags ( ResourceId = trail_arn , TagsList = updates + adds )
except ClientError as err :
except ( BotoCoreError , ClientError ) as err :
module . fail_json ( msg = err . message , exception = traceback . format_exc ( ) , * * camel_dict_to_snake_dict ( err . response ) )
module . fail_json _aws( err , msg = " Failed to add tags to Trail " )
return changed
return changed
@ -362,7 +358,7 @@ def set_logging(module, client, name, action):
"""
"""
Starts or stops logging based on given state
Starts or stops logging based on given state
module : Ansible Module object
module : Ansible AWS Module object
client : boto3 client connection object
client : boto3 client connection object
name : The name or ARN of the CloudTrail to operate on
name : The name or ARN of the CloudTrail to operate on
action : start or stop
action : start or stop
@ -371,14 +367,14 @@ def set_logging(module, client, name, action):
try :
try :
client . start_logging ( Name = name )
client . start_logging ( Name = name )
return client . get_trail_status ( Name = name )
return client . get_trail_status ( Name = name )
except ClientError as err :
except ( BotoCoreError , ClientError ) as err :
module . fail_json ( msg = err . message , exception = traceback . format_exc ( ) , * * camel_dict_to_snake_dict ( err . response ) )
module . fail_json _aws( err , msg = " Failed to start logging " )
elif action == ' stop ' :
elif action == ' stop ' :
try :
try :
client . stop_logging ( Name = name )
client . stop_logging ( Name = name )
return client . get_trail_status ( Name = name )
return client . get_trail_status ( Name = name )
except ClientError as err :
except ( BotoCoreError , ClientError ) as err :
module . fail_json ( msg = err . message , exception = traceback . format_exc ( ) , * * camel_dict_to_snake_dict ( err . response ) )
module . fail_json _aws( err , msg = " Failed to stop logging " )
else :
else :
module . fail_json ( msg = " Unsupported logging action " )
module . fail_json ( msg = " Unsupported logging action " )
@ -387,15 +383,15 @@ def get_trail_facts(module, client, name):
"""
"""
Describes existing trail in an account
Describes existing trail in an account
module : Ansible Module object
module : Ansible AWS Module object
client : boto3 client connection object
client : boto3 client connection object
name : Name of the trail
name : Name of the trail
"""
"""
# get Trail info
# get Trail info
try :
try :
trail_resp = client . describe_trails ( trailNameList = [ name ] )
trail_resp = client . describe_trails ( trailNameList = [ name ] )
except ClientError as err :
except ( BotoCoreError , ClientError ) as err :
module . fail_json ( msg = err . message , exception = traceback . format_exc ( ) , * * camel_dict_to_snake_dict ( err . response ) )
module . fail_json _aws( err , msg = " Failed to describe Trail " )
# Now check to see if our trail exists and get status and tags
# Now check to see if our trail exists and get status and tags
if len ( trail_resp [ ' trailList ' ] ) :
if len ( trail_resp [ ' trailList ' ] ) :
@ -403,8 +399,8 @@ def get_trail_facts(module, client, name):
try :
try :
status_resp = client . get_trail_status ( Name = trail [ ' Name ' ] )
status_resp = client . get_trail_status ( Name = trail [ ' Name ' ] )
tags_list = client . list_tags ( ResourceIdList = [ trail [ ' TrailARN ' ] ] )
tags_list = client . list_tags ( ResourceIdList = [ trail [ ' TrailARN ' ] ] )
except ClientError as err :
except ( BotoCoreError , ClientError ) as err :
module . fail_json ( msg = err . message , exception = traceback . format_exc ( ) , * * camel_dict_to_snake_dict ( err . response ) )
module . fail_json _aws( err , msg = " Failed to describe Trail " )
trail [ ' IsLogging ' ] = status_resp [ ' IsLogging ' ]
trail [ ' IsLogging ' ] = status_resp [ ' IsLogging ' ]
trail [ ' tags ' ] = boto3_tag_list_to_ansible_dict ( tags_list [ ' ResourceTagList ' ] [ 0 ] [ ' TagsList ' ] )
trail [ ' tags ' ] = boto3_tag_list_to_ansible_dict ( tags_list [ ' ResourceTagList ' ] [ 0 ] [ ' TagsList ' ] )
@ -423,33 +419,32 @@ def delete_trail(module, client, trail_arn):
"""
"""
Delete a CloudTrail
Delete a CloudTrail
module : Ansible Module object
module : Ansible AWS Module object
client : boto3 client connection object
client : boto3 client connection object
trail_arn : Full CloudTrail ARN
trail_arn : Full CloudTrail ARN
"""
"""
try :
try :
client . delete_trail ( Name = trail_arn )
client . delete_trail ( Name = trail_arn )
except ClientError as err :
except ( BotoCoreError , ClientError ) as err :
module . fail_json ( msg = err . message , exception = traceback . format_exc ( ) , * * camel_dict_to_snake_dict ( err . response ) )
module . fail_json _aws( err , msg = " Failed to delete Trail " )
def update_trail ( module , client , ct_params ) :
def update_trail ( module , client , ct_params ) :
"""
"""
Delete a CloudTrail
Delete a CloudTrail
module : Ansible Module object
module : Ansible AWS Module object
client : boto3 client connection object
client : boto3 client connection object
ct_params : The parameters for the Trail to update
ct_params : The parameters for the Trail to update
"""
"""
try :
try :
client . update_trail ( * * ct_params )
client . update_trail ( * * ct_params )
except ClientError as err :
except ( BotoCoreError , ClientError ) as err :
module . fail_json ( msg = err . message , exception = traceback . format_exc ( ) , * * camel_dict_to_snake_dict ( err . response ) )
module . fail_json _aws( err , msg = " Failed to update Trail " )
def main ( ) :
def main ( ) :
argument_spec = ec2_argument_spec ( )
argument_spec = dict (
argument_spec . update ( dict (
state = dict ( default = ' present ' , choices = [ ' present ' , ' absent ' , ' enabled ' , ' disabled ' ] ) ,
state = dict ( default = ' present ' , choices = [ ' present ' , ' absent ' , ' enabled ' , ' disabled ' ] ) ,
name = dict ( default = ' default ' ) ,
name = dict ( default = ' default ' ) ,
enable_logging = dict ( default = True , type = ' bool ' ) ,
enable_logging = dict ( default = True , type = ' bool ' ) ,
@ -463,15 +458,12 @@ def main():
cloudwatch_logs_log_group_arn = dict ( ) ,
cloudwatch_logs_log_group_arn = dict ( ) ,
kms_key_id = dict ( ) ,
kms_key_id = dict ( ) ,
tags = dict ( default = { } , type = ' dict ' ) ,
tags = dict ( default = { } , type = ' dict ' ) ,
) )
)
required_if = [ ( ' state ' , ' present ' , [ ' s3_bucket_name ' ] ) , ( ' state ' , ' enabled ' , [ ' s3_bucket_name ' ] ) ]
required_if = [ ( ' state ' , ' present ' , [ ' s3_bucket_name ' ] ) , ( ' state ' , ' enabled ' , [ ' s3_bucket_name ' ] ) ]
required_together = [ ( ' cloudwatch_logs_role_arn ' , ' cloudwatch_logs_log_group_arn ' ) ]
required_together = [ ( ' cloudwatch_logs_role_arn ' , ' cloudwatch_logs_log_group_arn ' ) ]
module = AnsibleModule ( argument_spec = argument_spec , supports_check_mode = True , required_together = required_together , required_if = required_if )
module = AnsibleAWSModule ( argument_spec = argument_spec , supports_check_mode = True , required_together = required_together , required_if = required_if )
if not HAS_BOTO3 :
module . fail_json ( msg = ' boto3 is required for this module ' )
# collect parameters
# collect parameters
if module . params [ ' state ' ] in ( ' present ' , ' enabled ' ) :
if module . params [ ' state ' ] in ( ' present ' , ' enabled ' ) :
@ -505,11 +497,8 @@ def main():
if module . params [ ' kms_key_id ' ] :
if module . params [ ' kms_key_id ' ] :
ct_params [ ' KmsKeyId ' ] = module . params [ ' kms_key_id ' ]
ct_params [ ' KmsKeyId ' ] = module . params [ ' kms_key_id ' ]
try :
client = module . client ( ' cloudtrail ' )
region , ec2_url , aws_connect_params = get_aws_connection_info ( module , boto3 = True )
region = module . region
client = boto3_conn ( module , conn_type = ' client ' , resource = ' cloudtrail ' , region = region , endpoint = ec2_url , * * aws_connect_params )
except ClientError as err :
module . fail_json ( msg = err . message , exception = traceback . format_exc ( ) , * * camel_dict_to_snake_dict ( err . response ) )
results = dict (
results = dict (
changed = False ,
changed = False ,
@ -589,8 +578,8 @@ def main():
# Get the trail status
# Get the trail status
try :
try :
status_resp = client . get_trail_status ( Name = created_trail [ ' Name ' ] )
status_resp = client . get_trail_status ( Name = created_trail [ ' Name ' ] )
except ClientError as err :
except ( BotoCoreError , ClientError ) as err :
module . fail_json ( msg = err . message , exception = traceback . format_exc ( ) , * * camel_dict_to_snake_dict ( err . response ) )
module . fail_json _aws( err , msg = " Failed to fetch Trail statuc " )
# Set the logging state for the trail to desired value
# Set the logging state for the trail to desired value
if enable_logging and not status_resp [ ' IsLogging ' ] :
if enable_logging and not status_resp [ ' IsLogging ' ] :
set_logging ( module , client , name = ct_params [ ' Name ' ] , action = ' start ' )
set_logging ( module , client , name = ct_params [ ' Name ' ] , action = ' start ' )
@ -603,9 +592,9 @@ def main():
if module . check_mode :
if module . check_mode :
acct_id = ' 123456789012 '
acct_id = ' 123456789012 '
try :
try :
sts_client = boto3_conn( module , conn_type = ' client ' , resource = ' sts ' , region = region , endpoint = ec2_url , * * aws_connect_params )
sts_client = module. client ( ' sts ' )
acct_id = sts_client . get_caller_identity ( ) [ ' Account ' ]
acct_id = sts_client . get_caller_identity ( ) [ ' Account ' ]
except ClientError :
except ( BotoCoreError , ClientError ) :
pass
pass
trail = dict ( )
trail = dict ( )
trail . update ( ct_params )
trail . update ( ct_params )