* Remove uses of assert in production code
* Fix assertion
* Add code smell test for assertions, currently limited to lib/ansible
* Fix assertion
* Add docs for no-assert
* Remove new assert from enos
* Fix assert in module_utils.connection
* Move profile and region checking to module_utils.ec2
Remove ProfileNotFound checking from individual modules
There are plenty of `if not region:` checks that could be removed,
once more thorough testing of this change has occured
The ec2_asg, iam_managed_policy and ec2_vpc_subnet_facts modules
would also benefit from this change but as they do not have tests
and are marked stableinterface, they do not get this change.
Better document what exceptions to handle, when and why.
Describe how to handle client auth exceptions, and that
AWSRetry retries on `XYZNotFound` exceptions.
* When getting the stack events we need to consider the case where we don't have ClientRequestToken fixes#32396
* Adding tests for the case when the ClientRequestToken is not present in the stack creation.
* Renaming the stack that the test for Client Request Token requires so it won't cause collisions with the basic test.
* [ec2_ami_facts] new boto3-based module as a replacement for ec2_ami_find
- new boto3-based module to gather facts about ec2 images
- intended to replace ec2_ami_find which uses boto
- an ami find task (using new module) added to the ec2_ami integration test
* [ec2_ami_facts] Use AnsibleAWSModule. Catch BotoCoreError.
* add ec2_ami_facts alias to tests
* [ec2_ami_facts] return ami launch permissions as well
* Add an example in the `ec2_vpc_route_table` module of deleting a
route table.
* Fix a typo in the AWS development guidelines, from `fail_json.aws()` to
`fail_json_aws()`.
* Amazon kms_facts module
Facts module for Amazon's Key Management Service
* kms_facts provide aliases
Return aliases for keys
Provide `alias` as a filter
Cope when tags can't be listed
Ensure everything is properly snake cased
* Rename kms_facts to aws_kms_facts
There may be conflicting KMS modules for other providers otherwise.
* Fix documentation, add aliases cache
Aliases are called many times, so add a cache
* Reduce amount of info on deleted keys
Getting info on a key is costly (2s) per key, so reduce
info on deleted keys.
* Add policy information to facts
* aws_kms_facts version update
Fix ridiculously long RETURN line
* Remove dangerous-default-value from aws_kms_facts
* Allow cloudformation_facts to exit gracefully if stack does not exist
make cloudformation_facts pep8
remove from legacy files
remove unnecessary if statement
Allow cloudformation_facts to exit gracefully if stack does not exist version 2
fix documentation errors
add an example for a hard-fail if a stack doesn't exist
* Remove extra whitespace
* Use the .response attribute since .message isn't present with Python 3
* Don't fail if no stack name is provided and no stacks exist.
* aws_kms: handle updated policy format+cleanup
- create slightly updated policy in that handles lists instead of a single string; the previous version's policy was being rejected if the key was new enough to have the updated base policy.
- removed `dry_run` conditionals, not committing the policy anyhow.
- return the policy in the return data. Leaving undocumented for now.
- update exception handling: don't rethrow in `do_grant`, don't pass anything to `format_exc`.
* whitespace/indent fail
* fix list-plus-brackets
* str and list fixes for ryansb
* port changes from #31667 over, better listification
* make ec2-ami examples less verbose
* Fix default values in docs to be the actual default values
Fix default values for `architecture`, `virtualization_type` and
`wait_timeout` in docs to be the actual default values.
* Added note about examples not containing auth details
The full traceback is:
Traceback (most recent call last):
File "/tmp/ansible_82dk2ynr/ansible_module_ec2_lc.py", line 317, in create_launch_config
connection.create_launch_configuration(**launch_config)
File "/usr/lib/python3.6/site-packages/botocore/client.py", line 312, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/lib/python3.6/site-packages/botocore/client.py", line 601, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (ValidationError) when calling the CreateLaunchConfiguration operation: Placement tenancy is not supported for spot instances.
fatal: [localhost]: FAILED! => {
"changed": false,
"error": {
"code": "ValidationError",
"message": "Placement tenancy is not supported for spot instances.",
"type": "Sender"
},
"failed": true,
* update ec2_vpc_net_facts module to boto3
updated with RETURN values and other requested changes
removed errant extra blank line
another errant extra line removed...auto-linter not working apparently
updates per review
fix typo in RETURN docs
* fix trailing whitespace issue
* ec2_group: add support for rule descriptions.
* Document rule description feature and add an example using it.
* Fix removing rule descriptions.
* Add integration tests to verify adding/modifying/removing rule descriptions works as expected.
* Add permissions to hacking/aws_config/testing_policies/ec2-policy.json for updating ingress and egress rule descriptions.
* ec2_group: add backwards compatibility with older versions of botocore for rule descriptions.
* Add compatibility with older version of botocore for ec2_group integration tests.
* ec2_group: move HAS_RULE_DESCRIPTION to be checked first.
* Make requested change
* Pass around a variable instead of client
* Make sure has_rule_description defaults to None
* Fail if rule_desc is in any ingress/egress rules and the the botocore version < 1.7.2
* Remove unnecessary variable
* Fix indentation for changed=True when updating rule descriptions.
* minor refactor to remove duplicate code
* add missing parameter
* Fix pep8
* Update test policy.
* Start using ClientRequestTokens in event lists
* Include request token in all reqs that support it (basically all but check mode/changeset)
* Update placebo recordings
* Add comments for CRQ popping
* Move compare_policies and hashable_policy functions into module_utils/ec2
* Use compare_policies which is compatible with python 2 and 3.
* rename function to indicate internal use
* s3_bucket: don't set changed to false if it has had the chance to be changed to true already.
The current code flow precludes the use of the policy_path module
parameter that's documented. It's actually called policy_file in the
code.
What's worse is that the policy_file branch actually tries to open the
file named by the policy parameter, even though policy and policy_file
are marked as mutually-exclusive.
This change fixes the logic bug in policy_file and updates the
documentation to reference policy_file. The old parameter policy_path
is provided as an alias
* Support 'termination protection' for cloudformation stacks
- Pass in the stack_name and desired termination protection state to update_termination_protection
* Fix for failing cloudformation unit test
* Check if cfn has update_termination_protection attr
* Use hasattr to test if cfn supports update_termination_protection
* termination_protection shouldn't prevent update_stack call for existing stacks
- added `role_arn` to the "role example" example
- removed the irrelevant parameters to the "role example" example
- updated comment on one of the examples
- removed the last example as it was a duplicate of "role example" example
- some other minor changes
* Module option metadata are extra arguments rather than S3 object metadata: update ExtraArgs variable.
* Remove hyphens from ExtraArgs to maintain backwards compatibility
* Map lowercase extra args to CamelCase
* Maintain backwards compatibility by guessing at content type rather than always defaulting to binary/octet-stream.
* Fix ExtraArgs for non-hyphenated options
* Simplify logic
- new module: ssm_parameter_store
- new lookup: ssm
* lookup module ssm - adjust error message
* Pacify pylint erroring on botocore not found
* adjust to version 2.5
* Addition of TCP protocol to ELB target group as target groups support HTTP/S and TCP now
* Fixup stickiness type so that it checks if the current_tg has the stickiness_type key in the dict, as TCP ones do not
Trying to associate an already-associated ElasticIP was failing.
This is however supported by the `boto` method that is used
under the hood, `associate_address`:
To quote `boto` documentation:
```
This option to allow an Elastic IP address that is already
associated with another networkinterface or instance to be
re-associated with the specified instance or interface.
```
This defaults to False, both per backwards-compatibility
and to mirror the boto default value.
Fixes#27385
* Set desired capacity to min_size if no instances exist
* Improve readability of if/then clause
* Only update null desired_capacity to min_size on initial create
Any future updates to the ASG will be able to reference the existing
capacity.
* Return correct changed status when EIP is reused
When reusing an existing EIP, the changed status
should be False, not True.
* If public_ip is given and it exists, return it
Ensure EIP allocation returns existing public_ip correctly
* Added ecs_taskdefinition_facts module
* Expanding documentation
Now includes all possible return values
* Fixed boto dependency
* Converting results to snake case.
* Remove EcsTaskManager class, move to main()
Remove unnecessary `except` block
* Change botocore import method
Also make Profile exception message less redundant
* Changing case conversion of the results
Now converts only the root level keys
Commented is a version that would not convert only container_definitions
Avoid the following seen when running ec2_ami tests on python3,
presumably because the return type of `map` is different between
python2 and python3.
```
Traceback (most recent call last):
File "/tmp/ansible_e44v27uj/ansible_module_ec2_snapshot_facts.py", line 242, in <module>
main()
File "/tmp/ansible_e44v27uj/ansible_module_ec2_snapshot_facts.py", line 238, in main
list_ec2_snapshots(connection, module)
File "/tmp/ansible_e44v27uj/ansible_module_ec2_snapshot_facts.py", line 193, in list_ec2_snapshots
snapshots = connection.describe_snapshots(SnapshotIds=snapshot_ids, OwnerIds=owner_ids, RestorableByUserIds=restorable_by_user_ids, Filters=filters)
File "/usr/local/lib/python3.5/dist-packages/botocore/client.py", line 312, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/local/lib/python3.5/dist-packages/botocore/client.py", line 575, in _make_api_call
api_params, operation_model, context=request_context)
File "/usr/local/lib/python3.5/dist-packages/botocore/client.py", line 630, in _convert_to_request_dict
api_params, operation_model)
File "/usr/local/lib/python3.5/dist-packages/botocore/validate.py", line 291, in serialize_to_request
raise ParamValidationError(report=report.generate_report())
botocore.exceptions.ParamValidationError: Parameter validation failed:
Invalid type for parameter OwnerIds, value: <map object at 0x7ff577511048>, type: <class 'map'>, valid types: <class 'list'>, <class 'tuple'>
```
https://github.com/ansible/ansible/pull/30435#issuecomment-330750498
* Fix cloudwatchevent_rule exception handling
Where it is currently present, this change fixes the exception handling.
However, there are many places that it is lacking.
Fixes#30806
* Add new exception handling for cloudwatchevent_rule
Ensure all API calls are wrapped with exception handling
* PEP8 tidy up
* Remove unnecessary HAS_BOTO3 import and checks
Tidy up documentation so that NO_QA can be removed
* Undeprecate ec2_elb_*
* Make ec2_elb* full fledged modules rather than aliases
* Split tests for ec2_elb_lb and elb_classicb_lb
* Change names in documentation of old and new elb modules
Add tests for ec2_elb_lb
* Fix tags in ec2_instance_facts
The method boto3_tag_list_to_ansible_dict in module_utils/ec2.py changed
and does no longer check whether the returned result of boto3 uses
"key" or "Key" as the tag key identifier.
This fixes ec2_instance_facts to make this check in its own, since boto3
may return "key" instead of "Key"
* Since the indices for the tags are already formatted to lowercase
by the snaking, we can assume, that the index for the tags are already
formatted
* Replace pause in integration tests with until.
Use resource prefix instead of generating a random number
Only try to delete keys if they exist
* Add alias to tests
* ec2_group: Handle name conflict with empty vpc_id.
If several groups exist with the same name (and vpc_id is None) then
treat the group outside the vpc as preferred (same as it would for a vpc
group with vpc_id specified). Also don't run the egress rules code in
that case.
* Handle lack of `IpPermissionsEgress` attribute on EC2 classic groups
In EC2 classic groups, the `while True` loop checking for egress
permissions will continue infinitely.
* Handle incompatible combinations of EC2 Classic + VPC groups
* Fix integration tests in accounts lacking EC2 classic
This change checks against the security group created, instead of the
module parameters, for VPC ID. This means that new accounts with a
default VPC will still wait properly for the first egress rule to
populate.
* Fix conditional for storing described groups with preference for matching VPC IDs
* Revert `vpc_id is None` on conditional to allow for default VPCs
* update ec2_vpc_subnet_facts module to use boto3 and support gathering updated fact items from AWS API
add version_added to new parameter
added return docs and other requested changes
removed errant extra blank line
updates per review
* update per review: fix AWSRetry backoff implementation and fix example that was not correct
* Create instance-store AMI instances with 'terminate' as the shutdown behavior since it is required.
* Match on the error code instead of searching for a string in the message.
* Narrow conditional to only fix shutdown behavior if fixing it would help
* Fix pep8.
The ec2_vpc_route_table module notifies about a change on the route table when the instance Id of the NAT instance has changed, but in fact, nothing changes. The module call the create_route function the AWS SDK to add a new route with the same cidr. The AWS SDK should return an error instead of nothing.
Call replace_route function instead of create_route when a route table with the same cidr but with different target destination is present.
This prevents errors when adding new rules that conflict with existing
ones that will be deleted. For example this allows adding a new rule
with the same priority of a rule that will be purged.
Fix appearance of failure when creating a cloudformation changeset after a rollback. When creating a cloudformation changeset it shouldn't matter if the last event was.
_ROLLBACK_COMPLETE since creating a changeset is not an event. Fixes#27853.
* s3_sync: add delete option - fixes#25884
Add `delete` option. Maintain existing upload strategies. When delete
is requested files present on remote that are not in source list are
removed after upload.
* S3_sync: Delete objects in chunks of 1000 instead of one at a time.
* Add the ability to modify shard count to kinesis_stream module
* Fixed an issue in kinesis_stream where update() reports not changed when it is changed
* Remove unreachable message and make the try and catch block shorter
In cases where the boto3 call to create a Kinesis stream failed, the
error message was silently ignored because the error message wasn't
returned out of `stream_action`
Also switch `str` calls to `to_native`
- Fixes to lambda
- reformatting + tests for lambda_facts
- lambda module integration test
- switch lambda and lambda_facts to AnsibleAwsModule
- Get the account ID from STS, GetUser, and finally error message
* Update RDS parameter group for boto3
* Update to boto3
* Update to latest ansible standards
* Remove choices list for valid engines (See #19221 for context)
* Allow tagging
* Return some useful information, and document that information
* Add tests for rds_param_group
* Improve testing of rds_param_group
* Add purge_tags option for rds_param_group
* Fix remaining broken rds_param_group tests
* Ensure the group name is lowercased. Fixes integration tests when run on OSX
* + Add DBName in RDS Facts if it's not null
* - remove 2 offending lines for automatic tests
* Syntax change for shorter code and improved readability
* Fix typo (#25161)
* Fixed cluster deletion: added final snapshot management
This adds 2 new options to the module API (only for the "delete" command):
* skip_final_cluster_snapshot: skip a final snapshot before deleting the cluster
* final_cluster_snapshot_identifier: identifier of the final snapshot to be created before deleting the cluster
Ref: http://boto.cloudhackers.com/en/latest/ref/redshift.html
* Fixed cluster deletion: added final snapshot management
This adds 2 new options to the module API (only for the "delete" command):
* skip_final_cluster_snapshot: skip a final snapshot before deleting the cluster
* final_cluster_snapshot_identifier: identifier of the final snapshot to be created before deleting the cluster
Ref: http://boto.cloudhackers.com/en/latest/ref/redshift.html
* add version_added information
* Review corrections:
* used required_if instead of checking parameters compatibility inside the code
* renamed aliases to be more explicit
Also added an example for the "delete" command
* Review corrections correction - make "delete" command specific parameters mandatory only when the command is "delete"
* updated doc with aliases
* Fix YAML docs syntax
* Set default to match API for skip_final_cluster_snapshot.
* cloudformation: dummy check mode
* cloudformation: use changesets to implement check mode
* cloudformation: wait at most 5min for change set
* cloudformation: handle stack creation and deletion in check mode
* cloudformation: standardize output format in check mode
msg is a string, meta is a list
* cloudformation: use same naming convention in get_changeset as create_changeset
also add comment about code duplication between said functions
* Remove unused imports
* PEP8 whitespace fix
* Fix CI, convert success=True check to for/else
* Add VPN module and unittests
* remove unnecessary imports
* fix documentation
* raise custom exception rather than passing module everywhere
* remove recordings
Rerecord tests
Fix docs
Ensure vpn_connection_id is a list of strings when checking if it exists
* fix check mode
* Rerecord tests
* remove superfluous code and comments and make exception handling uniform
fix docs
* Fix ec2_vpc_vpn documentation
* make ec2_vpc_vpn compatible with python 2.6 and make check mode logic more succinct
* fix comparison of list of dicts
* Fix typos and docstrings
make requested changes for imports
make code clearer
* Fix copyright and metadata version.
Initial implementation of waf_facts module
* Enhance waf_facts module to provide more info
Support check_mode trivially
Enhance rule and predicate information
Use AWSretry and wrap proper exception handling
Finish documentation
Remove arbitrary limits
Meet latest ansible standards.
* Rename module to use aws_ prefix.
Fix copyright.
Fix metadata version.
* Fixing Issue #27270 regarding a TypeError invoked by the addition of a Filter type and List type.
* Fix SecurityGroup from always being reported as changed on PY3
On Python3, filter returns a generator. This causes us to report that
security groups are always defined on Python3 even when there are none.
Also change filter() calls into list comprehensions.
Matt Martz
Prasad Katti
Sloane Hertel
Will Thames
Rob
Dan O'Brien
Bryan Weber
patlachance
Jonathan Nuñez
Toshio Kuratomi
David Kretch
Joseph S. Tate
Willem van Ketwich
Ted Timmons
Marc Mercer
Ryan Brown
dgilbert82
awkspace
Daniel Shepherd
Marek Nogacki
Johannes Weißl
Michael Fenn
adambanker
Takuya Sato
Javier Cortejoso
John Kerkstra
Kenny Gillen
Samprita Hegde
Pilou
arnonki
Bill Wang
Ryan Fitzpatrick
Kaz Cheng
Jean-Frédéric
Bradford Dabbs
Dave Grochowski
jonjozwiak
Gustavo Maia
Will Thames
Reid Wahl
Vladimir Utenkov
Matt Clay
Wolfgang Felbermeier
KrdLab
Stepan Stipl
Abhijit Menon-Sen
Lorin Hochstein
Abhijeet Kasurde
Antoine Rouaze
Ross Williams
Joel Thompson
Tomaž Šifrer
Markus Juopperi
mikedlr
Deepakkothandan
James Kassemi
jacky.chen
opapy
mestudd
René Moser
Constantin
Michael De La Rue
Radu Epure
banzo
Joel Kaasinen
Matt
Patrick Murray
Michael Tinning