It is not possible to modify the load balancer configuration
for ECS Service.
As it is possible to detect this, it's nicer to fail gracefully
than return AWS's less meaningful failure message.
Fix PEP8 compliance
* Moved the encryption to its own action method.
* removed silly default value for encryption type.
* Code formatting issues from pull request ANSIBOT.
* changed version_added to "2.5"
because of new new options available
* changed version_added to "2.5"
because of new new options available
* changed version_added to "2.5"
because of new new options available
* added cloudfont.py, modified cloudfront_facts.py class name and fixed a minor bug
* Improvements to cloudfront_distribution
* Reduce the scope of the cloudfront_distribution module
* Remove presigning
* Remove streaming distribution functionality
* Add full test suite for cloudfront distribution
* Meet Ansible AWS guidelines
* Make requested changes
Fix tests
Use built-in waiter
Update copyright
* Added check to prevent failed empty changesets from being left behind
* Fixing comments from PR 34933, prevent infinte loop and stricter exception catching
* describe_images is very slow if not filtered to owner accounts
*or* if the Owners parameter is passed (unless the Owners parameter
is `self`). Convert Owners parameters to `owner-id` and `owner-alias`
filters where possible. Tests with CLI show that `--owners self` is
fast, `--owners 123456789012` is slow (with or without owner-id filter).
* describe_image_attributes fails against accounts other than your
own. Launch permissions are useful information, but not critical.
* Fix ec2_vpc_net tags
PR #33105 broke the tags returned by ec2_vpc_net - it was returning the raw boto3 list instead of a dict as expected.
* Add a test for tags
* Module DOCUMENTATION should match argspec
Large update of many modules so that DOCUMENTATION option name and
aliases match those defined in the argspec.
Issues identified by https://github.com/ansible/ansible/pull/34809
In addition to many typos and missing aliases, the following notable
changes were made:
* Create `module_docs_fragments/url.py` for `url_argument_spec`
* `dellos*_command` shouldn't have ever had `waitfor` (was incorrectly copied)
* `ce_aaa_server_host.py` `s/raduis_server_type/radius_server_type/g`
* `Junos_lldp` enable should be part of `state`.
* port elb_classic_facts to boto3
update module to use AnsibleAWSModule
* Add RETURN docs for elb_classic_lb_facts
* Remove superfluous exception handling around connection
Fix exit_json call and RETURN docs
* fix broken import
* ansible.module_utils.ec2.HAS_BOTO is already used
* wait_timeout parameter: use 'int' type
* wait is always True there
* doc: use formatting function
* Allow protection of certain keys during camel_to_snake
Create an `ignore_list` parameter that preserves the case
of the contents of certain dictionaries. Most valuable
for `tags` but other uses might arise.
* Port ec2_vpc_route_table to boto3
Update tests to reflect fixes in boto3.
* Add RETURN documentation to ec2_vpc_route_table
* Update DOCUMENTATION to be valid yaml
* Add check mode tests
* Add test for unexpected egress rule in default VPC
When passing rules_egress to ec2_group, the default
egress rule shouldn't be created (if `purge_rules_egress`)
is set. Test this.
* Respect egress rule defintions for default VPC groups
When passing rules_egress and purge_rules_egress, the
default egress rule should not be created
Fixes#34429
* Change AWS credential passing to be YAML anchors
Vastly simplify the AWS tasks by reducing the credentials to a YAML
block
* wrap boto3 connection in try/except and handle exception, add traceback import
* params dont need to be mutually exclusive and support check mode
* add check to set nacl_ids to empty list instead of None for boto3 func
* standard exception handling using traceback
* update current RETURN documentation which is incorrect.
* update logic to check for and return ipv6 cidr instead of ipv4 cidr in a NACL
* ignore default and reserved rule numbers - greater than 32766
* was breaking on non-standard protocol numbers - AWS nacls now support full list -1 to 254
* update port range and icmp type/code handling
* add some more detail to returned nacl entries
* Update exception handling to account for BotoCoreError
Remove exception handling from the boto connection creation since it does nothing
* rules numbers from 32767 to 65535 are reserved for internal AWS use so we ignore here
* Add some integration tests for ec2_asg.
* Remove exception handling from ec2_asg boto3 connection since it is handled in boto3_conn().
* Update test failure assertions
* Use yaml anchor for credentials and remove unnecessary dependencies.
* Move AWS boto3 module credentials tests to separate target
* Remove filters from tests
* Use `AnsibleAWSModule`
* Update exception handling to use `fail_json_aws` and check
for `BotoCoreError` exceptions associated with bad connection
parameters.
* Remove connection creation exception handling as it does nothing.
Remove examples from main section and make sure it is all in the examples. Should helpw ith the HTML breakage (it is too wide for most monitors).
tyop fixes too.
* WIP adds network subnetting functions
* adds functions to convert between netmask and masklen
* adds functions to verify netmask and masklen
* adds function to dtermine network and subnet from address / mask pair
* network_common: add a function to get the first 48 bits in a IPv6 address.
ec2_group: only use network bits of a CIDR.
* Add tests for CIDRs with host bits set.
* ec2_group: add warning if CIDR isn't the networking address.
* Fix pep8.
* Improve wording.
* fix import for network utils
* Update tests to use pytest instead of unittest
* add test for to_ipv6_network()
* Fix PEP8
* Port ec2_vpc_net to boto3 and add support to expand existing VPCs
* Add s-hertel as an author for ec2_vpc_net
* Update ec2_vpc_net test for new error triggered by lack of credentials
Fix backwards compatibility
Document new return value
* Fix pep8 and return documentation
* Remove boto usage from boto3 modules
* Remove region checking
boto3_conn now takes care of region checking and handles NoRegionError
exceptions with a standard message
boto3_conn also takes care of other connection exceptions too.
* Document boto3 as a requirement for ec2_eni_facts
* Return id of ENI in addition to network_interface_id. To be compatible to ec2_eni.
* Added documentation for the return values of the ec2_eni_facts module
* Fix typo in docs for ec2_eni_facts
* Readded vital return parameters to the ec2_asg that have been spared for no obvious reason
* Fix typo in ec2_asg docs
* Fixing another typo in ec2_asg docs.
* Bulk pep8 fixes - hand crafted
Fix by hand the remaining issues that autopep8 couldn't
* Next batch of hand crafted pep8 fixes
* Ignore W503
https://github.com/PyCQA/pycodestyle/pull/499
* Revert more of W503
* Fail when attempting to modify unmodifiable target group parameters
As you can't modify Port, Protocol or VPC id for a target group, fail
when this happens rather than pretending to do it.
One could argue that the target group could be recreated rather than
failing, but this has massive knock on implications to other resources
that depend on the TG (all ASGs would need to be updated, the ELB
listener would need to be updated, etc)
* Use `.get()` instead of direct dictionary access
* Added modules to create, delete, and describe EC2 Placement Groups.
* Remove unnecessary print statement
* Update to use boto3.
* De-linting
* Remove facts from this PR
* Update to newer method of handling Boto3 connections and exceptions.
* Futzing around with imports and HAS_BOTO3
* Fix up exception imports.
* Remove redundant default.
* Handle DryRunOperation errors appropriately.
* Remove redundant BOTO3 check.
* Use shorter licence declaration.
* Remove redundant HAS_BOTO3 import.
* Add AWSRetry decorators to API calls.
* Add new 'strategy' parameter to allow for cluster and spread PGs.
* Added module to describe EC2 Placement Groups.
* Update to newer way of handling Boto3 connections and exceptions.
* Futzing around with imports and HAS_BOTO3
* Fix up exception imports.
* Fix license block
* Correct task indenting in doc
* Added list-filtering example to docs
All the values currently documented as return values are returned inside a 'result' key.
So if you registered the output of the task as 'output', then you would need to do 'output.result.zone_id' instead of 'output.zone_id'.
This commit fixes that so that you can do 'output.zone_id'.
* AWS S3: fix method call for fakes3 S3 backend
Fixes#33083
Signed-off-by: Marc-Aurèle Brothier <m@brothier.org>
* Auto append port based on proto
Signed-off-by: Marc-Aurèle Brothier <m@brothier.org>
* Add integration test suite for ec2_vpc_subnet
* wrap boto3 connection in try/except
update module documentation and add RETURN docs
add IPv6 support to VPC subnet module
rename ipv6cidr to ipv6_cidr, use required_if for parameter testing, update some failure messages to be more descriptive
DryRun mode was removed from this function a while ago but exception handling was still checking for it, removed
add wait and timeout for subnet creation process
fixup the ipv6 cidr disassociation logic a bit per review
update RETURN values per review
added module parameter check
removed DryRun parameter from boto3 call since it would always be false here
fix subnet wait loop
add a purge_tags parameter, fix the ensure_tags function, update to use compare_aws_tags func
fix tags type error per review
remove **kwargs use in create_subnet function per review
* rebased on #31870, fixed merge conflicts, and updated error messages
* fixes to pass tests
* add test for failure on invalid ipv6 block and update tags test for purge_tags=true function
* fix pylint issue
* fix exception handling error when run with python3
* add ipv6 tests and fix module code
* Add permissions to hacking/aws_config/testing_policies/ec2-policy.json for adding IPv6 cidr blocks to VPC and subnets
* fix type in tests and update assert conditional to check entire returned value
* add AWS_SESSION_TOKEN into environment for aws cli commands to work in CI
* remove key and value options from call to boto3_tag_list_to_ansible_dict
* remove wait loop and use boto3 EC2 waiter
* remove unused register: result vars
* revert az argument default value to original setting default=None
* Allow backoff for describe_subnets
Improve exception handling to latest standards
* Add integration test suite for ec2_vpc_subnet
* Add test for creating subnet without AZ
Fix bug identified by test
Fixes#31905
* Allow ec2_lc module to use volume_type for block devices
Makes ec2_lc consistent with ec2, ec2_ami, ec2_vol etc.
* Add deprecation message for device_type
New module for obtaining facts from elasticache clusters
Fixes#30373
* Removed unnecessary boto3 and exception checking
* AnsibleAWSModule checks for lack of boto3
* boto3_conn handles error checking of AWS connection
* Several tests were marked as FIXME and should have been fixed with
the boto3 move.
* Improved tags output. Add purge_tags option (default: no)
* Allow description and tags update
* Return launch_permissions
* Allow empty launch permissions for image creation
* Empty launch permissions should work the same way for image
creation as no launch permissions
* Cope with ephemeral devices in AMI block device mapping
* Ephemeral devices can appear in AMI block devices, and this information should be returned
* Fix notation for creating sets from comprehensions
* Remove uses of assert in production code
* Fix assertion
* Add code smell test for assertions, currently limited to lib/ansible
* Fix assertion
* Add docs for no-assert
* Remove new assert from enos
* Fix assert in module_utils.connection
* Move profile and region checking to module_utils.ec2
Remove ProfileNotFound checking from individual modules
There are plenty of `if not region:` checks that could be removed,
once more thorough testing of this change has occured
The ec2_asg, iam_managed_policy and ec2_vpc_subnet_facts modules
would also benefit from this change but as they do not have tests
and are marked stableinterface, they do not get this change.
Better document what exceptions to handle, when and why.
Describe how to handle client auth exceptions, and that
AWSRetry retries on `XYZNotFound` exceptions.
* When getting the stack events we need to consider the case where we don't have ClientRequestToken fixes#32396
* Adding tests for the case when the ClientRequestToken is not present in the stack creation.
* Renaming the stack that the test for Client Request Token requires so it won't cause collisions with the basic test.
* [ec2_ami_facts] new boto3-based module as a replacement for ec2_ami_find
- new boto3-based module to gather facts about ec2 images
- intended to replace ec2_ami_find which uses boto
- an ami find task (using new module) added to the ec2_ami integration test
* [ec2_ami_facts] Use AnsibleAWSModule. Catch BotoCoreError.
* add ec2_ami_facts alias to tests
* [ec2_ami_facts] return ami launch permissions as well
* Add an example in the `ec2_vpc_route_table` module of deleting a
route table.
* Fix a typo in the AWS development guidelines, from `fail_json.aws()` to
`fail_json_aws()`.
* Amazon kms_facts module
Facts module for Amazon's Key Management Service
* kms_facts provide aliases
Return aliases for keys
Provide `alias` as a filter
Cope when tags can't be listed
Ensure everything is properly snake cased
* Rename kms_facts to aws_kms_facts
There may be conflicting KMS modules for other providers otherwise.
* Fix documentation, add aliases cache
Aliases are called many times, so add a cache
* Reduce amount of info on deleted keys
Getting info on a key is costly (2s) per key, so reduce
info on deleted keys.
* Add policy information to facts
* aws_kms_facts version update
Fix ridiculously long RETURN line
* Remove dangerous-default-value from aws_kms_facts
* Allow cloudformation_facts to exit gracefully if stack does not exist
make cloudformation_facts pep8
remove from legacy files
remove unnecessary if statement
Allow cloudformation_facts to exit gracefully if stack does not exist version 2
fix documentation errors
add an example for a hard-fail if a stack doesn't exist
* Remove extra whitespace
* Use the .response attribute since .message isn't present with Python 3
* Don't fail if no stack name is provided and no stacks exist.
* aws_kms: handle updated policy format+cleanup
- create slightly updated policy in that handles lists instead of a single string; the previous version's policy was being rejected if the key was new enough to have the updated base policy.
- removed `dry_run` conditionals, not committing the policy anyhow.
- return the policy in the return data. Leaving undocumented for now.
- update exception handling: don't rethrow in `do_grant`, don't pass anything to `format_exc`.
* whitespace/indent fail
* fix list-plus-brackets
* str and list fixes for ryansb
* port changes from #31667 over, better listification
* make ec2-ami examples less verbose
* Fix default values in docs to be the actual default values
Fix default values for `architecture`, `virtualization_type` and
`wait_timeout` in docs to be the actual default values.
* Added note about examples not containing auth details
The full traceback is:
Traceback (most recent call last):
File "/tmp/ansible_82dk2ynr/ansible_module_ec2_lc.py", line 317, in create_launch_config
connection.create_launch_configuration(**launch_config)
File "/usr/lib/python3.6/site-packages/botocore/client.py", line 312, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/lib/python3.6/site-packages/botocore/client.py", line 601, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (ValidationError) when calling the CreateLaunchConfiguration operation: Placement tenancy is not supported for spot instances.
fatal: [localhost]: FAILED! => {
"changed": false,
"error": {
"code": "ValidationError",
"message": "Placement tenancy is not supported for spot instances.",
"type": "Sender"
},
"failed": true,
* update ec2_vpc_net_facts module to boto3
updated with RETURN values and other requested changes
removed errant extra blank line
another errant extra line removed...auto-linter not working apparently
updates per review
fix typo in RETURN docs
* fix trailing whitespace issue
* ec2_group: add support for rule descriptions.
* Document rule description feature and add an example using it.
* Fix removing rule descriptions.
* Add integration tests to verify adding/modifying/removing rule descriptions works as expected.
* Add permissions to hacking/aws_config/testing_policies/ec2-policy.json for updating ingress and egress rule descriptions.
* ec2_group: add backwards compatibility with older versions of botocore for rule descriptions.
* Add compatibility with older version of botocore for ec2_group integration tests.
* ec2_group: move HAS_RULE_DESCRIPTION to be checked first.
* Make requested change
* Pass around a variable instead of client
* Make sure has_rule_description defaults to None
* Fail if rule_desc is in any ingress/egress rules and the the botocore version < 1.7.2
* Remove unnecessary variable
* Fix indentation for changed=True when updating rule descriptions.
* minor refactor to remove duplicate code
* add missing parameter
* Fix pep8
* Update test policy.
* Start using ClientRequestTokens in event lists
* Include request token in all reqs that support it (basically all but check mode/changeset)
* Update placebo recordings
* Add comments for CRQ popping
* Move compare_policies and hashable_policy functions into module_utils/ec2
* Use compare_policies which is compatible with python 2 and 3.
* rename function to indicate internal use
* s3_bucket: don't set changed to false if it has had the chance to be changed to true already.
The current code flow precludes the use of the policy_path module
parameter that's documented. It's actually called policy_file in the
code.
What's worse is that the policy_file branch actually tries to open the
file named by the policy parameter, even though policy and policy_file
are marked as mutually-exclusive.
This change fixes the logic bug in policy_file and updates the
documentation to reference policy_file. The old parameter policy_path
is provided as an alias
* Support 'termination protection' for cloudformation stacks
- Pass in the stack_name and desired termination protection state to update_termination_protection
* Fix for failing cloudformation unit test
* Check if cfn has update_termination_protection attr
* Use hasattr to test if cfn supports update_termination_protection
* termination_protection shouldn't prevent update_stack call for existing stacks
- added `role_arn` to the "role example" example
- removed the irrelevant parameters to the "role example" example
- updated comment on one of the examples
- removed the last example as it was a duplicate of "role example" example
- some other minor changes
* Module option metadata are extra arguments rather than S3 object metadata: update ExtraArgs variable.
* Remove hyphens from ExtraArgs to maintain backwards compatibility
* Map lowercase extra args to CamelCase
* Maintain backwards compatibility by guessing at content type rather than always defaulting to binary/octet-stream.
* Fix ExtraArgs for non-hyphenated options
* Simplify logic
- new module: ssm_parameter_store
- new lookup: ssm
* lookup module ssm - adjust error message
* Pacify pylint erroring on botocore not found
* adjust to version 2.5
* Addition of TCP protocol to ELB target group as target groups support HTTP/S and TCP now
* Fixup stickiness type so that it checks if the current_tg has the stickiness_type key in the dict, as TCP ones do not
Trying to associate an already-associated ElasticIP was failing.
This is however supported by the `boto` method that is used
under the hood, `associate_address`:
To quote `boto` documentation:
```
This option to allow an Elastic IP address that is already
associated with another networkinterface or instance to be
re-associated with the specified instance or interface.
```
This defaults to False, both per backwards-compatibility
and to mirror the boto default value.
Fixes#27385
* Set desired capacity to min_size if no instances exist
* Improve readability of if/then clause
* Only update null desired_capacity to min_size on initial create
Any future updates to the ASG will be able to reference the existing
capacity.
* Return correct changed status when EIP is reused
When reusing an existing EIP, the changed status
should be False, not True.
* If public_ip is given and it exists, return it
Ensure EIP allocation returns existing public_ip correctly
* Added ecs_taskdefinition_facts module
* Expanding documentation
Now includes all possible return values
* Fixed boto dependency
* Converting results to snake case.
* Remove EcsTaskManager class, move to main()
Remove unnecessary `except` block
* Change botocore import method
Also make Profile exception message less redundant
* Changing case conversion of the results
Now converts only the root level keys
Commented is a version that would not convert only container_definitions
Avoid the following seen when running ec2_ami tests on python3,
presumably because the return type of `map` is different between
python2 and python3.
```
Traceback (most recent call last):
File "/tmp/ansible_e44v27uj/ansible_module_ec2_snapshot_facts.py", line 242, in <module>
main()
File "/tmp/ansible_e44v27uj/ansible_module_ec2_snapshot_facts.py", line 238, in main
list_ec2_snapshots(connection, module)
File "/tmp/ansible_e44v27uj/ansible_module_ec2_snapshot_facts.py", line 193, in list_ec2_snapshots
snapshots = connection.describe_snapshots(SnapshotIds=snapshot_ids, OwnerIds=owner_ids, RestorableByUserIds=restorable_by_user_ids, Filters=filters)
File "/usr/local/lib/python3.5/dist-packages/botocore/client.py", line 312, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/local/lib/python3.5/dist-packages/botocore/client.py", line 575, in _make_api_call
api_params, operation_model, context=request_context)
File "/usr/local/lib/python3.5/dist-packages/botocore/client.py", line 630, in _convert_to_request_dict
api_params, operation_model)
File "/usr/local/lib/python3.5/dist-packages/botocore/validate.py", line 291, in serialize_to_request
raise ParamValidationError(report=report.generate_report())
botocore.exceptions.ParamValidationError: Parameter validation failed:
Invalid type for parameter OwnerIds, value: <map object at 0x7ff577511048>, type: <class 'map'>, valid types: <class 'list'>, <class 'tuple'>
```
https://github.com/ansible/ansible/pull/30435#issuecomment-330750498
* Fix cloudwatchevent_rule exception handling
Where it is currently present, this change fixes the exception handling.
However, there are many places that it is lacking.
Fixes#30806
* Add new exception handling for cloudwatchevent_rule
Ensure all API calls are wrapped with exception handling
* PEP8 tidy up
* Remove unnecessary HAS_BOTO3 import and checks
Tidy up documentation so that NO_QA can be removed
* Undeprecate ec2_elb_*
* Make ec2_elb* full fledged modules rather than aliases
* Split tests for ec2_elb_lb and elb_classicb_lb
* Change names in documentation of old and new elb modules
Add tests for ec2_elb_lb
* Fix tags in ec2_instance_facts
The method boto3_tag_list_to_ansible_dict in module_utils/ec2.py changed
and does no longer check whether the returned result of boto3 uses
"key" or "Key" as the tag key identifier.
This fixes ec2_instance_facts to make this check in its own, since boto3
may return "key" instead of "Key"
* Since the indices for the tags are already formatted to lowercase
by the snaking, we can assume, that the index for the tags are already
formatted
* Replace pause in integration tests with until.
Use resource prefix instead of generating a random number
Only try to delete keys if they exist
* Add alias to tests
Will Thames
Chetan-CSI
Christopher Warner
Prasad Katti
clarkst
Matt Martz
RobReus
Matt Clay
Brandon Davidson
kwerey
John R Barker
Sloane Hertel
Madhura-CSI
Pilou
Daniel Shepherd
Vinay Dandekar
René Moser
Takuya Sato
Mohit Kumar
Abhijeet Kasurde
Will Thames
Igor (Tsigankov) Eyrich
Ted Timmons
Gustavo Maia
Rob
Kim Egede Jakobsen
Gobin Sougrakpam
Brian Lamar
Øyvind Saltvik
Matthew Staebler
Mamad Purbo
Stefan Horning
Ryan S. Brown
mikedlr
Justin Menga
Matt Doller
Brad Macpherson
Deepakkothandan
Christopher Bradley
Kaz Cheng
Daniel Temme
Brad Chamberlain
Simon Fullick
Marc-Aurèle Brothier
Dan O'Brien
Bryan Weber
patlachance
Jonathan Nuñez
Toshio Kuratomi
David Kretch
Joseph S. Tate
Willem van Ketwich
Marc Mercer
dgilbert82
awkspace
Marek Nogacki
Johannes Weißl
Michael Fenn
adambanker
Javier Cortejoso
John Kerkstra
Kenny Gillen
Samprita Hegde
arnonki
Bill Wang
Ryan Fitzpatrick
Jean-Frédéric
Bradford Dabbs
Dave Grochowski
jonjozwiak
Reid Wahl
Vladimir Utenkov
Wolfgang Felbermeier
KrdLab
Stepan Stipl