diff --git a/.config/ansible-lint.yml b/.config/ansible-lint.yml index 73dc4c77..bf7958b7 100644 --- a/.config/ansible-lint.yml +++ b/.config/ansible-lint.yml @@ -6,3 +6,6 @@ skip_list: - meta-no-info # meta/main.yml should contain relevant info. - latest[git] # Result of the command may vary on subsequent runs. - no-handler # Tasks that run when changed should likely be handlers. + - no-changed-when # Commands should not change things if nothing needs doing. +exclude_paths: + - tests/integration diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml index 8df6662a..58ec1e61 100644 --- a/.github/workflows/linters.yml +++ b/.github/workflows/linters.yml @@ -4,7 +4,7 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true -'on': +on: push: pull_request: @@ -17,4 +17,4 @@ jobs: - uses: ansible-network/github_actions/.github/actions/checkout_dependency@main - name: Run ansible-lint - uses: ansible/ansible-lint-action@v6.16.0 + uses: ansible/ansible-lint@v6.21.0 diff --git a/.github/workflows/sanity.yml b/.github/workflows/sanity.yml index 56603d3f..8fa8bdfc 100644 --- a/.github/workflows/sanity.yml +++ b/.github/workflows/sanity.yml @@ -14,76 +14,3 @@ on: jobs: sanity: uses: ansible-network/github_actions/.github/workflows/sanity.yml@main - with: - matrix_include: "[]" - matrix_exclude: >- - [ - { - "ansible-version": "stable-2.9" - }, - { - "ansible-version": "stable-2.12", - "python-version": "3.7" - }, - { - "ansible-version": "stable-2.12", - "python-version": "3.11" - }, - { - "ansible-version": "stable-2.13", - "python-version": "3.7" - }, - { - "ansible-version": "stable-2.13", - "python-version": "3.11" - }, - { - "ansible-version": "stable-2.14", - "python-version": "3.7" - }, - { - "ansible-version": "stable-2.14", - "python-version": "3.8" - }, - { - "ansible-version": "stable-2.15", - "python-version": "3.7" - }, - { - "ansible-version": "stable-2.15", - "python-version": "3.8" - }, - { - "ansible-version": "milestone", - "python-version": "3.7" - }, - { - "ansible-version": "milestone", - "python-version": "3.8" - }, - { - "ansible-version": "milestone", - "python-version": "3.9" - }, - { - "ansible-version": "devel", - "python-version": "3.7" - }, - { - "ansible-version": "devel", - "python-version": "3.8" - }, - { - "ansible-version": "devel", - "python-version": "3.9" - } - ] - all_green: - if: ${{ always() }} - needs: - - sanity - runs-on: ubuntu-latest - steps: - - run: >- - python -c "assert '${{ needs.sanity.result }}' - in ['success', 'failure']" diff --git a/README.md b/README.md index ec0d1f92..cd708fba 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ The collection includes a variety of Ansible roles, playbooks, and rulebooks to ## Ansible version compatibility -This collection has been tested against following Ansible versions: **>=2.13.0**. +This collection has been tested against following Ansible versions: **>=2.14.0**. ## Included content diff --git a/changelogs/fragments/ansible_lint_6_19.yml b/changelogs/fragments/ansible_lint_6_19.yml new file mode 100644 index 00000000..f0ca9d5e --- /dev/null +++ b/changelogs/fragments/ansible_lint_6_19.yml @@ -0,0 +1,32 @@ +breaking_changes: + - Remove support for ansible-core < 2.14 + - roles/awsconfig_multiregion_cloudtrail - ``operation`` option has been renamed to ``awsconfig_multiregion_cloudtrail_operation`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/awsconfig_multiregion_cloudtrail - ``bucket_name`` option has been renamed to ``awsconfig_multiregion_cloudtrail_bucket_name`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/awsconfig_multiregion_cloudtrail - ``key_prefix`` option has been renamed to ``awsconfig_multiregion_cloudtrail_key_prefix`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/awsconfig_multiregion_cloudtrail - ``trail_name`` option has been renamed to ``awsconfig_multiregion_cloudtrail_trail_name`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/backup_create_plan - ``plan_name`` option has been renamed to ``backup_create_plan_plan_name`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/backup_create_plan - ``plan_rules`` option has been renamed to ``backup_create_plan_plan_rules`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/backup_create_plan - ``plan_windows_vss_settings`` option has been renamed to ``backup_create_plan_plan_windows_vss_settings`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/backup_create_plan - ``plan_tags`` option has been renamed to ``backup_create_plan_plan_tags`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/backup_create_plan - ``vault_name`` option has been renamed to ``backup_create_plan_vault_name`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/backup_create_plan - ``vault_encryption_key_arn`` option has been renamed to ``backup_create_plan_vault_encryption_key_arn`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/backup_create_plan - ``vault_tags`` option has been renamed to ``backup_create_planvault_tags`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/backup_select_resources - ``plan_name`` option has been renamed to ``backup_select_resources_plan_name`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/backup_select_resources - ``selection_name`` option has been renamed to ``backup_select_resources_selection_name`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/backup_select_resources - ``selection_tags`` option has been renamed to ``backup_select_resources_selection_tags`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/backup_select_resources - ``selection_conditions`` option has been renamed to ``backup_select_resources_selection_conditions`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/backup_select_resources - ``backup_role_name`` option has been renamed to ``backup_select_resources_backup_role_name`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/customized_ami - ``custom_ami_operation`` option has been renamed to ``customized_ami_operation`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/customized_ami - ``custom_ami_name`` option has been renamed to ``customized_ami_name`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/customized_ami - ``custom_ami_packages`` option has been renamed to ``customized_ami_packages`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/customized_ami - ``custom_ami_recreate_if_exists`` option has been renamed to ``customized_ami_recreate_if_exists`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/customized_ami - ``source_ami_filters`` option has been renamed to ``customized_ami_source_ami_filters`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/customized_ami - ``source_ami_image_id`` option has been renamed to ``customized_ami_source_ami_image_id`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/customized_ami - ``source_ami_user_name`` option has been renamed to ``customized_ami_source_ami_user_name`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/ec2_instance_terminate_by_tag - ``tag_key_to_terminate_instances`` option has been renamed to `` ec2_instance_terminate_by_tag_tag_key_to_terminate_instances`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/ec2_instance_terminate_by_tag - ``tag_value_to_terminate_instances`` option has been renamed to `` ec2_instance_terminate_by_tag_tag_value_to_terminate_instances`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/ec2_instance_terminate_by_tag - ``terminate_protected_instances`` option has been renamed to `` ec2_instance_terminate_by_tag_terminate_protected_instances`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/manage_transit_gateway - ``action`` option has been renamed to `` manage_transit_gateway_action`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/manage_transit_gateway - ``transit_gateway`` option has been renamed to `` manage_transit_gateway_transit_gateway`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/manage_transit_gateway - ``vpc_attachment`` option has been renamed to `` manage_transit_gateway_vpc_attachment`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). + - roles/manage_transit_gateway - ``vpn_attachment`` option has been renamed to `` manage_transit_gateway_vpn_attachment`` (https://github.com/redhat-cop/cloud.aws_ops/pull/84). diff --git a/changelogs/fragments/update_ansible_lint_action.yml b/changelogs/fragments/update_ansible_lint_action.yml new file mode 100644 index 00000000..8a03a3d8 --- /dev/null +++ b/changelogs/fragments/update_ansible_lint_action.yml @@ -0,0 +1,2 @@ +trivial: + - "Use ansible/ansible-lint since ansible/ansible-lint-action has been archived." diff --git a/galaxy.yml b/galaxy.yml index 6ed7a5ea..26e78f17 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -25,3 +25,5 @@ version: 1.0.3 build_ignore: - .DS_Store - '*.tar.gz' + - '*cloud-config-aws.ini' + - '*cloud-config-aws.yml' diff --git a/meta/runtime.yml b/meta/runtime.yml index c2ea6588..be99ccf4 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -1,2 +1,2 @@ --- -requires_ansible: '>=2.12.0' +requires_ansible: '>=2.14.0' diff --git a/playbooks/aws_restore_cloudtrail.yml b/playbooks/aws_restore_cloudtrail.yml index b10caba2..ddc3d451 100644 --- a/playbooks/aws_restore_cloudtrail.yml +++ b/playbooks/aws_restore_cloudtrail.yml @@ -7,10 +7,10 @@ ansible.builtin.include_role: name: cloud.aws_ops.awsconfig_multiregion_cloudtrail vars: - operation: create - bucket_name: "{{ s3_bucket_name }}" - key_prefix: "{{ s3_key_prefix | default(omit) }}" - trail_name: "{{ cloudtrail_name }}" + awsconfig_multiregion_cloudtrail_operation: create + awsconfig_multiregion_cloudtrail_bucket_name: "{{ s3_bucket_name }}" + awsconfig_multiregion_cloudtrail_key_prefix: "{{ s3_key_prefix | default(omit) }}" + awsconfig_multiregion_cloudtrail_trail_name: "{{ cloudtrail_name }}" - name: Include 'cloud.aws_ops.enable_cloudtrail_encryption_with_kms' role ansible.builtin.include_role: diff --git a/playbooks/move_vm_from_on_prem_to_aws/move_vm_from_on_prem_to_aws.yml b/playbooks/move_vm_from_on_prem_to_aws/move_vm_from_on_prem_to_aws.yml index d14b752e..ebeefe42 100644 --- a/playbooks/move_vm_from_on_prem_to_aws/move_vm_from_on_prem_to_aws.yml +++ b/playbooks/move_vm_from_on_prem_to_aws/move_vm_from_on_prem_to_aws.yml @@ -14,23 +14,23 @@ ansible.builtin.import_role: name: cloud.aws_ops.clone_on_prem_vm vars: - clone_on_prem_vm_source_vm_name: "{{ clone_on_prem_vm_source_vm_name }}" - clone_on_prem_vm_image_name: "{{ clone_on_prem_vm_image_name }}" - clone_on_prem_vm_uri: "{{ clone_on_prem_vm_uri }}" - clone_on_prem_vm_local_image_path: "{{ clone_on_prem_vm_local_image_path }}" - clone_on_prem_vm_overwrite: "{{ clone_on_prem_vm_overwrite }}" + clone_on_prem_vm_source_vm_name: "{{ source_vm_name }}" + clone_on_prem_vm_image_name: "{{ image_name }}" + clone_on_prem_vm_uri: "{{ uri }}" + clone_on_prem_vm_local_image_path: "{{ local_image_path }}" + clone_on_prem_vm_overwrite: "{{ overwrite }}" delegate_to: kvm - name: Import 'cloud.aws_ops.import_image_and_run_aws_instance' role ansible.builtin.import_role: name: cloud.aws_ops.import_image_and_run_aws_instance vars: - import_image_and_run_aws_instance_bucket_name: "{{ import_image_and_run_aws_instance_bucket_name }}" - import_image_and_run_aws_instance_image_path: "{{ clone_on_prem_vm_raw_image_path }}" - import_image_and_run_aws_instance_instance_name: "{{ import_image_and_run_aws_instance_instance_name }}" - import_image_and_run_aws_instance_instance_type: "{{ import_image_and_run_aws_instance_instance_type }}" - import_image_and_run_aws_instance_import_image_task_name: "{{ import_image_and_run_aws_instance_import_image_task_name }}" - import_image_and_run_aws_instances_keypair_name: "{{ import_image_and_run_aws_instances_keypair_name }}" - import_image_and_run_aws_instance_security_groups: "{{ import_image_and_run_aws_instance_security_groups }}" - import_image_and_run_aws_instance_vpc_subnet_id: "{{ import_image_and_run_aws_instance_vpc_subnet_id }}" - import_image_and_run_aws_instance_volumes: "{{ import_image_and_run_aws_instance_volumes }}" + import_image_and_run_aws_instance_bucket_name: "{{ bucket_name }}" + import_image_and_run_aws_instance_image_path: "{{ raw_image_path }}" + import_image_and_run_aws_instance_instance_name: "{{ instance_name }}" + import_image_and_run_aws_instance_instance_type: "{{ instance_type }}" + import_image_and_run_aws_instance_import_image_task_name: "{{ import_image_task_name }}" + import_image_and_run_aws_instance_keypair_name: "{{ keypair_name }}" + import_image_and_run_aws_instance_security_groups: "{{ security_groups }}" + import_image_and_run_aws_instance_vpc_subnet_id: "{{ vpc_subnet_id }}" + import_image_and_run_aws_instance_volumes: "{{ volumes }}" diff --git a/playbooks/webapp/webapp_ha_aurora.yaml b/playbooks/webapp/webapp_ha_aurora.yaml index 3997385a..a16a1ccd 100644 --- a/playbooks/webapp/webapp_ha_aurora.yaml +++ b/playbooks/webapp/webapp_ha_aurora.yaml @@ -1,5 +1,5 @@ --- -- name: webapp HA +- name: Webapp HA hosts: localhost gather_facts: false vars_files: diff --git a/plugins/modules/validate_network_acls.py b/plugins/modules/validate_network_acls.py index 53f5ed35..007c73ce 100644 --- a/plugins/modules/validate_network_acls.py +++ b/plugins/modules/validate_network_acls.py @@ -56,37 +56,36 @@ - name: Evaluate network ACLS from EC2 instance to RDS Instance cloud.aws_ops.validate_network_acls: dest_subnet_cidrs: - - 10.1.0.0/24 - - 10.1.2.0/24 + - 10.1.0.0/24 + - 10.1.2.0/24 dest_network_acl_rules: - - egress: - - [100, "all", "allow", "0.0.0.0/0", null, null, 0, 65535] - ingress: - - [100, "all", "allow", "0.0.0.0/0", null, null, 0, 65535] - is_default: true - nacl_id: "acl-01124846ef9f50ff2" - owner_id: "000000000000" - subnets: - - "subnet-0af56e0d353f88cb8" - - "subnet-032f1a2598b6318ed" - vpc_id: "vpc-0274c44deffd7368a" + - egress: + - [100, "all", "allow", "0.0.0.0/0", null, null, 0, 65535] + ingress: + - [100, "all", "allow", "0.0.0.0/0", null, null, 0, 65535] + is_default: true + nacl_id: "acl-01124846ef9f50ff2" + owner_id: "000000000000" + subnets: + - "subnet-0af56e0d353f88cb8" + - "subnet-032f1a2598b6318ed" + vpc_id: "vpc-0274c44deffd7368a" dest_port: - - 5432 + - 5432 src_network_acl_rules: - - egress: - - [100, "all", "allow", "0.0.0.0/0", null, null, 0, 65535] - ingress: - - [100, "all", "allow", "0.0.0.0/0", null, null, 0, 65535] - is_default: true - nacl_id: "acl-01124846ef9f50ff2" - owner_id: "000000000000" - subnets: - - subnet-0af56e0d353f88cb8 - - subnet-032f1a2598b6318ed - vpc_id: "vpc-0274c44deffd7368a" + - egress: + - [100, "all", "allow", "0.0.0.0/0", null, null, 0, 65535] + ingress: + - [100, "all", "allow", "0.0.0.0/0", null, null, 0, 65535] + is_default: true + nacl_id: "acl-01124846ef9f50ff2" + owner_id: "000000000000" + subnets: + - subnet-0af56e0d353f88cb8 + - subnet-032f1a2598b6318ed + vpc_id: "vpc-0274c44deffd7368a" src_private_ip: - - 172.10.3.10 - + - 172.10.3.10 """ RETURN = r""" @@ -136,7 +135,6 @@ def is_port_in_range(port, from_port, to_port): class ValidateNetworkACL(AnsibleModule): def __init__(self): - argument_spec = dict( dest_subnet_cidrs=dict(type="list", elements="str", required=True), dest_network_acl_rules=dict(type="list", elements="dict", required=True), @@ -221,7 +219,6 @@ def execute_module(self): def main(): - ValidateNetworkACL() diff --git a/plugins/modules/validate_route_tables.py b/plugins/modules/validate_route_tables.py index 6654e1fc..7e8f8da0 100644 --- a/plugins/modules/validate_route_tables.py +++ b/plugins/modules/validate_route_tables.py @@ -68,189 +68,188 @@ - name: Evaluate routes from EC2 instance to RDS Instance cloud.aws_ops.validate_route_tables: dest_subnets: - - assign_ipv6_address_on_creation: false - availability_zone: "eu-west-2b" - availability_zone_id: "euw2-az3" - available_ip_address_count: 250 - cidr_block: "172.10.2.0/24" - default_for_az: false - enable_dns64: false - id: "subnet-032f1a2598b6318ed" - ipv6_cidr_block_association_set: [] - ipv6_native: false - map_customer_owned_ip_on_launch: false - map_public_ip_on_launch: false - owner_id: "00000000000" - private_dns_name_options_on_launch: - enable_resource_name_dns_a_record: false - enable_resource_name_dns_aaaa_record: false - hostname_type: "ip-name" - state: "available" - subnet_arn: "arn:aws:ec2:eu-west-2:721066863947:subnet/subnet-032f1a2598b6318ed" - subnet_id: "subnet-032f1a2598b6318ed" - vpc_id: "vpc-0274c44deffd7368a" - - assign_ipv6_address_on_creation: false - availability_zone: "eu-west-2a" - availability_zone_id: "euw2-az2" - available_ip_address_count: 250 - cidr_block: "172.10.1.0/24" - default_for_az: false - enable_dns64: false - id: "subnet-0af56e0d353f88cb8" - ipv6_cidr_block_association_set: [] - ipv6_native: false - map_customer_owned_ip_on_launch: false - map_public_ip_on_launch: false - owner_id: "00000000000" - private_dns_name_options_on_launch: - enable_resource_name_dns_a_record: false - enable_resource_name_dns_aaaa_record: false - hostname_type: "ip-name" - state: "available" - subnet_arn: "arn:aws:ec2:eu-west-2:721066863947:subnet/subnet-0af56e0d353f88cb8" - subnet_id: "subnet-0af56e0d353f88cb8" - vpc_id: "vpc-0274c44deffd7368a" + - assign_ipv6_address_on_creation: false + availability_zone: "eu-west-2b" + availability_zone_id: "euw2-az3" + available_ip_address_count: 250 + cidr_block: "172.10.2.0/24" + default_for_az: false + enable_dns64: false + id: "subnet-032f1a2598b6318ed" + ipv6_cidr_block_association_set: [] + ipv6_native: false + map_customer_owned_ip_on_launch: false + map_public_ip_on_launch: false + owner_id: "00000000000" + private_dns_name_options_on_launch: + enable_resource_name_dns_a_record: false + enable_resource_name_dns_aaaa_record: false + hostname_type: "ip-name" + state: "available" + subnet_arn: "arn:aws:ec2:eu-west-2:721066863947:subnet/subnet-032f1a2598b6318ed" + subnet_id: "subnet-032f1a2598b6318ed" + vpc_id: "vpc-0274c44deffd7368a" + - assign_ipv6_address_on_creation: false + availability_zone: "eu-west-2a" + availability_zone_id: "euw2-az2" + available_ip_address_count: 250 + cidr_block: "172.10.1.0/24" + default_for_az: false + enable_dns64: false + id: "subnet-0af56e0d353f88cb8" + ipv6_cidr_block_association_set: [] + ipv6_native: false + map_customer_owned_ip_on_launch: false + map_public_ip_on_launch: false + owner_id: "00000000000" + private_dns_name_options_on_launch: + enable_resource_name_dns_a_record: false + enable_resource_name_dns_aaaa_record: false + hostname_type: "ip-name" + state: "available" + subnet_arn: "arn:aws:ec2:eu-west-2:721066863947:subnet/subnet-0af56e0d353f88cb8" + subnet_id: "subnet-0af56e0d353f88cb8" + vpc_id: "vpc-0274c44deffd7368a" dest_route_tables: - - associations: - - association_state: - state: "associated" - id: "rtbassoc-0c5c333773772843b" - main: false - route_table_association_id: "rtbassoc-0c5c333773772843b" - route_table_id: "rtb-07a81d1afe14a009c" - subnet_id: "subnet-0ab63680e1e0316e2" - id: "rtb-07a81d1afe14a009c" - owner_id: "721066863947" - propagating_vgws: [] - route_table_id: "rtb-07a81d1afe14a009c" - routes: - - destination_cidr_block: "10.1.0.0/16" - gateway_id: "local" - instance_id: null - interface_id: null - network_interface_id: null - origin: "CreateRouteTable" - state: "active" - - destination_cidr_block: "0.0.0.0/0" - gateway_id: "igw-057753b539008784c" - instance_id: null - interface_id: null - network_interface_id: null - origin: "CreateRoute" - state": "active" - vpc_id: "vpc-0bee28efef41e1de4" + - associations: + - association_state: + state: "associated" + id: "rtbassoc-0c5c333773772843b" + main: false + route_table_association_id: "rtbassoc-0c5c333773772843b" + route_table_id: "rtb-07a81d1afe14a009c" + subnet_id: "subnet-0ab63680e1e0316e2" + id: "rtb-07a81d1afe14a009c" + owner_id: "721066863947" + propagating_vgws: [] + route_table_id: "rtb-07a81d1afe14a009c" + routes: + - destination_cidr_block: "10.1.0.0/16" + gateway_id: "local" + instance_id: null + interface_id: null + network_interface_id: null + origin: "CreateRouteTable" + state: "active" + - destination_cidr_block: "0.0.0.0/0" + gateway_id: "igw-057753b539008784c" + instance_id: null + interface_id: null + network_interface_id: null + origin: "CreateRoute" + state": "active" + vpc_id: "vpc-0bee28efef41e1de4" dest_vpc_route_tables: - - associations: - - association_state: - state: "associated" - id: "rtbassoc-0c5c333773772843b" - main: false - route_table_association_id: "rtbassoc-0c5c333773772843b" - route_table_id: "rtb-07a81d1afe14a009c" - subnet_id: "subnet-0ab63680e1e0316e2" - id: "rtb-07a81d1afe14a009c" - owner_id: "721066863947" - propagating_vgws: [] - route_table_id: "rtb-07a81d1afe14a009c" - routes: - - destination_cidr_block: "10.1.0.0/16" - gateway_id: "local" - instance_id: null - interface_id: null - network_interface_id: null - origin: "CreateRouteTable" - state: "active" - - destination_cidr_block: "0.0.0.0/0" - gateway_id: "igw-057753b539008784c" - instance_id: null - interface_id: null - network_interface_id: null - origin: "CreateRoute" - state": "active" - vpc_id: "vpc-0bee28efef41e1de4" + - associations: + - association_state: + state: "associated" + id: "rtbassoc-0c5c333773772843b" + main: false + route_table_association_id: "rtbassoc-0c5c333773772843b" + route_table_id: "rtb-07a81d1afe14a009c" + subnet_id: "subnet-0ab63680e1e0316e2" + id: "rtb-07a81d1afe14a009c" + owner_id: "721066863947" + propagating_vgws: [] + route_table_id: "rtb-07a81d1afe14a009c" + routes: + - destination_cidr_block: "10.1.0.0/16" + gateway_id: "local" + instance_id: null + interface_id: null + network_interface_id: null + origin: "CreateRouteTable" + state: "active" + - destination_cidr_block: "0.0.0.0/0" + gateway_id: "igw-057753b539008784c" + instance_id: null + interface_id: null + network_interface_id: null + origin: "CreateRoute" + state": "active" + vpc_id: "vpc-0bee28efef41e1de4" src_subnets: - - assign_ipv6_address_on_creation: false - availability_zone: "eu-west-2a" - availability_zone_id: "euw2-az2" - available_ip_address_count: 250 - cidr_block: "172.10.1.0/24" - default_for_az: false - enable_dns64: false - id: "subnet-0af56e0d353f88cb8" - ipv6_cidr_block_association_set: [] - ipv6_native: false - map_customer_owned_ip_on_launch: false - map_public_ip_on_launch: false - owner_id: "00000000000" - private_dns_name_options_on_launch: - enable_resource_name_dns_a_record: false - enable_resource_name_dns_aaaa_record": false - hostname_type: "ip-name" - state: "available" - subnet_arn: "arn:aws:ec2:eu-west-2:721066863947:subnet/subnet-0af56e0d353f88cb8" - subnet_id: "subnet-0af56e0d353f88cb8" - vpc_id: "vpc-0274c44deffd7368a" + - assign_ipv6_address_on_creation: false + availability_zone: "eu-west-2a" + availability_zone_id: "euw2-az2" + available_ip_address_count: 250 + cidr_block: "172.10.1.0/24" + default_for_az: false + enable_dns64: false + id: "subnet-0af56e0d353f88cb8" + ipv6_cidr_block_association_set: [] + ipv6_native: false + map_customer_owned_ip_on_launch: false + map_public_ip_on_launch: false + owner_id: "00000000000" + private_dns_name_options_on_launch: + enable_resource_name_dns_a_record: false + enable_resource_name_dns_aaaa_record": false + hostname_type: "ip-name" + state: "available" + subnet_arn: "arn:aws:ec2:eu-west-2:721066863947:subnet/subnet-0af56e0d353f88cb8" + subnet_id: "subnet-0af56e0d353f88cb8" + vpc_id: "vpc-0274c44deffd7368a" src_private_ip: - - 172.0.1.4 + - 172.0.1.4 src_route_tables: - - associations: - - association_state: - state: "associated" - id: "rtbassoc-0c5c333773772843b" - main: false - route_table_association_id: "rtbassoc-0c5c333773772843b" - route_table_id: "rtb-07a81d1afe14a009c" - subnet_id: "subnet-0ab63680e1e0316e2" - id: "rtb-07a81d1afe14a009c" - owner_id: "721066863947" - propagating_vgws: [] - route_table_id: "rtb-07a81d1afe14a009c" - routes: - - destination_cidr_block: "10.1.0.0/16" - gateway_id: "local" - instance_id: null - interface_id: null - network_interface_id: null - origin: "CreateRouteTable" - state: "active" - - destination_cidr_block: "0.0.0.0/0" - gateway_id: "igw-057753b539008784c" - instance_id: null - interface_id: null - network_interface_id: null - origin: "CreateRoute" - state: "active" - vpc_id: "vpc-0bee28efef41e1de4" + - associations: + - association_state: + state: "associated" + id: "rtbassoc-0c5c333773772843b" + main: false + route_table_association_id: "rtbassoc-0c5c333773772843b" + route_table_id: "rtb-07a81d1afe14a009c" + subnet_id: "subnet-0ab63680e1e0316e2" + id: "rtb-07a81d1afe14a009c" + owner_id: "721066863947" + propagating_vgws: [] + route_table_id: "rtb-07a81d1afe14a009c" + routes: + - destination_cidr_block: "10.1.0.0/16" + gateway_id: "local" + instance_id: null + interface_id: null + network_interface_id: null + origin: "CreateRouteTable" + state: "active" + - destination_cidr_block: "0.0.0.0/0" + gateway_id: "igw-057753b539008784c" + instance_id: null + interface_id: null + network_interface_id: null + origin: "CreateRoute" + state: "active" + vpc_id: "vpc-0bee28efef41e1de4" src_vpc_route_tables: - - associations: - - association_state: - state: "associated" - id: "rtbassoc-0c5c333773772843b" - main: false - route_table_association_id: "rtbassoc-0c5c333773772843b" - route_table_id: "rtb-07a81d1afe14a009c" - subnet_id: "subnet-0ab63680e1e0316e2" - id: "rtb-07a81d1afe14a009c" - owner_id: "721066863947" - propagating_vgws: [] - route_table_id: "rtb-07a81d1afe14a009c" - routes: - - destination_cidr_block: "10.1.0.0/16" - gateway_id: "local" - instance_id: null - interface_id: null - network_interface_id: null - origin: "CreateRouteTable" - state: "active" - - destination_cidr_block: "0.0.0.0/0" - gateway_id: "igw-057753b539008784c" - instance_id: null - interface_id: null - network_interface_id: null - origin: "CreateRoute" - state: "active" - vpc_id: "vpc-0bee28efef41e1de4" - + - associations: + - association_state: + state: "associated" + id: "rtbassoc-0c5c333773772843b" + main: false + route_table_association_id: "rtbassoc-0c5c333773772843b" + route_table_id: "rtb-07a81d1afe14a009c" + subnet_id: "subnet-0ab63680e1e0316e2" + id: "rtb-07a81d1afe14a009c" + owner_id: "721066863947" + propagating_vgws: [] + route_table_id: "rtb-07a81d1afe14a009c" + routes: + - destination_cidr_block: "10.1.0.0/16" + gateway_id: "local" + instance_id: null + interface_id: null + network_interface_id: null + origin: "CreateRouteTable" + state: "active" + - destination_cidr_block: "0.0.0.0/0" + gateway_id: "igw-057753b539008784c" + instance_id: null + interface_id: null + network_interface_id: null + origin: "CreateRoute" + state: "active" + vpc_id: "vpc-0bee28efef41e1de4" """ RETURN = r""" @@ -269,7 +268,6 @@ class ValidateRouteTables(AnsibleModule): def __init__(self): - argument_spec = dict( dest_subnets=dict(type="list", elements="dict", required=True), dest_route_tables=dict(type="list", elements="dict", required=True), @@ -330,7 +328,6 @@ def validate_route_connection( dest_route_tables, b_check_vpc_rtb_rds, ): - # Third verification: Check wheter route is through a peering connection # Verify whether Destination RTBs contains route to Source network for rtb in dest_route_tables: @@ -372,7 +369,6 @@ def validate_route_to_dest_on_source( dest_subnet_cidrs, b_check_vpc_rtb_ec2, ): - # Verify whether Source RTB contains route to Destination network for rtb in src_route_tables: required_cidrs = copy.deepcopy(dest_subnet_cidrs) @@ -496,7 +492,6 @@ def execute_module(self): def main(): - ValidateRouteTables() diff --git a/plugins/modules/validate_security_group_rules.py b/plugins/modules/validate_security_group_rules.py index b1c2c9bf..fe858bcf 100644 --- a/plugins/modules/validate_security_group_rules.py +++ b/plugins/modules/validate_security_group_rules.py @@ -59,55 +59,54 @@ - name: Evaluate Security group rules from EC2 instance to RDS Instance cloud.aws_ops.validate_security_group_rules: dest_subnet_cidrs: - - 10.1.0.0/24 - - 10.1.2.0/24 + - 10.1.0.0/24 + - 10.1.2.0/24 dest_security_groups: - - description: "Security group for EC2 instance" - group_id: "sg-0bd2d9a14af754812" - group_name: "aubin-sg" - ip_permissions: - - from_port: 5432 - to_port: 5432 - ip_protocol: "tcp" - ip_ranges: - - cidr_ip: "0.0.0.0/0" - ipv6_ranges: [] - prefix_list_ids: [] - user_id_group_pairs: [] - ip_permissions_egress: - - ip_protocol: -1 - ip_ranges: - - cidr_ip: "0.0.0.0/0" - ipv6_ranges: [] - prefix_list_ids: [] - user_id_group_pairs: [] - owner_id: "0000000000000" - vpc_id: "vpc-0bee28efef41e1de4" + - description: "Security group for EC2 instance" + group_id: "sg-0bd2d9a14af754812" + group_name: "aubin-sg" + ip_permissions: + - from_port: 5432 + to_port: 5432 + ip_protocol: "tcp" + ip_ranges: + - cidr_ip: "0.0.0.0/0" + ipv6_ranges: [] + prefix_list_ids: [] + user_id_group_pairs: [] + ip_permissions_egress: + - ip_protocol: -1 + ip_ranges: + - cidr_ip: "0.0.0.0/0" + ipv6_ranges: [] + prefix_list_ids: [] + user_id_group_pairs: [] + owner_id: "0000000000000" + vpc_id: "vpc-0bee28efef41e1de4" dest_port: 5432 src_security_groups: - - description: "Security group for EC2 instance" - group_id: "sg-0bd2d9a14af8a8998" - group_name: "aubin-sg" - ip_permissions: - - from_port: 22 - to_port: 22 - ip_protocol: "tcp" - ip_ranges: - - cidr_ip: "0.0.0.0/0" - ipv6_ranges: [] - prefix_list_ids: [] - user_id_group_pairs: [] - ip_permissions_egress: - - ip_protocol: -1 - ip_ranges: - - cidr_ip: "0.0.0.0/0" - ipv6_ranges: [] - prefix_list_ids: [] - user_id_group_pairs: [] - owner_id: "0000000000000" - vpc_id: "vpc-0bee28efef41e1de4" + - description: "Security group for EC2 instance" + group_id: "sg-0bd2d9a14af8a8998" + group_name: "aubin-sg" + ip_permissions: + - from_port: 22 + to_port: 22 + ip_protocol: "tcp" + ip_ranges: + - cidr_ip: "0.0.0.0/0" + ipv6_ranges: [] + prefix_list_ids: [] + user_id_group_pairs: [] + ip_permissions_egress: + - ip_protocol: -1 + ip_ranges: + - cidr_ip: "0.0.0.0/0" + ipv6_ranges: [] + prefix_list_ids: [] + user_id_group_pairs: [] + owner_id: "0000000000000" + vpc_id: "vpc-0bee28efef41e1de4" src_private_ip: "172.10.3.10" - """ RETURN = r""" @@ -126,7 +125,6 @@ class ValidateSecurityGroupRules(AnsibleModule): def __init__(self): - argument_spec = dict( dest_subnet_cidrs=dict(type="list", elements="str", required=True), dest_security_groups=dict(type="list", elements="dict", required=True), @@ -197,7 +195,6 @@ def evaluate_security_group_rules_basedon_ip( ) def execute_module(self): - try: dest_secgroup_ids = [ x["group_id"] for x in self.params.get("dest_security_groups") @@ -250,7 +247,6 @@ def execute_module(self): def main(): - ValidateSecurityGroupRules() diff --git a/roles/aws_setup_credentials/defaults/main.yml b/roles/aws_setup_credentials/defaults/main.yml index d11ab76d..3c29fa5d 100644 --- a/roles/aws_setup_credentials/defaults/main.yml +++ b/roles/aws_setup_credentials/defaults/main.yml @@ -1,5 +1,5 @@ --- -aws_connection_env: +aws_setup_credentials__connection_env: aws_profile: env: - AWS_PROFILE diff --git a/roles/aws_setup_credentials/tasks/main.yml b/roles/aws_setup_credentials/tasks/main.yml index 8a6ae74f..1069ac1a 100644 --- a/roles/aws_setup_credentials/tasks/main.yml +++ b/roles/aws_setup_credentials/tasks/main.yml @@ -5,4 +5,4 @@ - name: Create auth credentials ansible.builtin.include_tasks: read_option.yml - with_dict: "{{ aws_connection_env }}" + with_dict: "{{ aws_setup_credentials__connection_env }}" diff --git a/roles/awsconfig_apigateway_with_lambda_integration/tasks/lambda.yml b/roles/awsconfig_apigateway_with_lambda_integration/tasks/lambda.yml index 9a262bb6..2cf27167 100644 --- a/roles/awsconfig_apigateway_with_lambda_integration/tasks/lambda.yml +++ b/roles/awsconfig_apigateway_with_lambda_integration/tasks/lambda.yml @@ -3,7 +3,7 @@ when: awsconfig_apigateway_with_lambda_integration_operation == 'create' block: - name: Create role for lambda function - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ awsconfig_apigateway_with_lambda_integration__iam_role_name }}" assume_role_policy_document: '{{ lookup("file", "lambda_trust_policy.json") }}' create_instance_profile: false @@ -65,6 +65,6 @@ state: absent - name: Delete IAM role name - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ awsconfig_apigateway_with_lambda_integration__iam_role_name }}" state: absent diff --git a/roles/awsconfig_multiregion_cloudtrail/README.md b/roles/awsconfig_multiregion_cloudtrail/README.md index ea49a09c..1adaaec4 100644 --- a/roles/awsconfig_multiregion_cloudtrail/README.md +++ b/roles/awsconfig_multiregion_cloudtrail/README.md @@ -19,10 +19,10 @@ AWS User Account with the following permission: Role Variables -------------- -* **operation**: Whether to create or delete the Trail. Choices: 'create', 'delete'. Default: 'create'. -* **bucket_name**: The name of the Amazon S3 bucket you want to upload logs to. Required when **operation** is set to **create**. -* **key_prefix**: The Amazon S3 key prefix that comes after the name of the bucket you designated for log file delivery. -* **trail_name**: The name of the CloudTrail trail to be created. +* **awsconfig_multiregion_cloudtrail_operation**: Whether to create or delete the Trail. Choices: 'create', 'delete'. Default: 'create'. +* **awsconfig_multiregion_cloudtrail_bucket_name**: The name of the Amazon S3 bucket you want to upload logs to. Required when **operation** is set to **create**. +* **awsconfig_multiregion_cloudtrail_key_prefix**: The Amazon S3 key prefix that comes after the name of the bucket you designated for log file delivery. +* **awsconfig_multiregion_cloudtrail_trail_name**: The name of the CloudTrail trail to be created. Dependencies ------------ @@ -38,10 +38,10 @@ Example Playbook aws_profile: xxxxxxxxxxx aws_access_key: xxxxxxxxxxx aws_secret_key: xxxxxxxxxxx - operation: create - bucket_name: mys3bucket - key_prefix: The Amazon S3 key prefix that comes after the name of the bucket you designated for log file delivery. - trail_name: mytrail + awsconfig_multiregion_cloudtrail_operation: create + awsconfig_multiregion_cloudtrail_bucket_name: mys3bucket + awsconfig_multiregion_cloudtrail_key_prefix: The Amazon S3 key prefix that comes after the name of the bucket you designated for log file delivery. + awsconfig_multiregion_cloudtrail_trail_name: mytrail License ------- diff --git a/roles/awsconfig_multiregion_cloudtrail/defaults/main.yml b/roles/awsconfig_multiregion_cloudtrail/defaults/main.yml index 636df364..6ca4ff56 100644 --- a/roles/awsconfig_multiregion_cloudtrail/defaults/main.yml +++ b/roles/awsconfig_multiregion_cloudtrail/defaults/main.yml @@ -1,3 +1,3 @@ --- # defaults file for awsconfig_multiregion_cloudtrail -operation: create +awsconfig_multiregion_cloudtrail_operation: create diff --git a/roles/awsconfig_multiregion_cloudtrail/tasks/main.yml b/roles/awsconfig_multiregion_cloudtrail/tasks/main.yml index 66198099..a3386fee 100644 --- a/roles/awsconfig_multiregion_cloudtrail/tasks/main.yml +++ b/roles/awsconfig_multiregion_cloudtrail/tasks/main.yml @@ -1,20 +1,20 @@ --- - name: Fail when unexpected value for operation is provided ansible.builtin.fail: - msg: Unexpected value for operation, should be one of 'create' or 'delete' - when: operation not in ['create', 'delete'] + msg: Unexpected value for awsconfig_multiregion_cloudtrail_operation, should be one of 'create' or 'delete' + when: awsconfig_multiregion_cloudtrail_operation not in ['create', 'delete'] -- name: Fail when 'trail_name' is not defined +- name: Fail when 'awsconfig_multiregion_cloudtrail_trail_name' is not defined ansible.builtin.fail: msg: Cloud trail name must be defined using variable trail_name - when: trail_name is undefined + when: awsconfig_multiregion_cloudtrail_trail_name is undefined -- name: Fail when 'bucket_name' is not defined +- name: Fail when 'awsconfig_multiregion_cloudtrail_bucket_name' is not defined ansible.builtin.fail: - msg: Bucket name must be defined using variable bucket_name + msg: Bucket name must be defined using variable awsconfig_multiregion_cloudtrail_bucket_name when: - - operation == 'create' - - bucket_name is undefined + - awsconfig_multiregion_cloudtrail_operation == 'create' + - awsconfig_multiregion_cloudtrail_bucket_name is undefined - name: Run 'awsconfig_multiregion_cloudtrail' role module_defaults: @@ -23,36 +23,36 @@ block: - name: Create Cloud trail and start logging or Delete existing Cloud trail amazon.aws.cloudtrail: - state: "{{ (operation == 'create') | ternary('present', 'absent') }}" - name: "{{ trail_name }}" + state: "{{ (awsconfig_multiregion_cloudtrail_operation == 'create') | ternary('present', 'absent') }}" + name: "{{ awsconfig_multiregion_cloudtrail_trail_name }}" enable_logging: true - s3_bucket_name: "{{ bucket_name | default(omit) }}" - s3_key_prefix: "{{ key_prefix | default(omit) }}" + s3_bucket_name: "{{ awsconfig_multiregion_cloudtrail_bucket_name | default(omit) }}" + s3_key_prefix: "{{ awsconfig_multiregion_cloudtrail_key_prefix | default(omit) }}" is_multi_region_trail: true register: awsconfig_multiregion_cloudtrail_result - name: Create/update trail - when: operation == 'create' + when: awsconfig_multiregion_cloudtrail_operation == 'create' block: - name: Verify that trail has been created/updated ansible.builtin.debug: - msg: Trail '{{ trail_name }}' successfully created/updated. + msg: Trail '{{ awsconfig_multiregion_cloudtrail_trail_name }}' successfully created/updated. when: awsconfig_multiregion_cloudtrail_result is changed - name: Verify that trail already exists ansible.builtin.debug: - msg: Trail '{{ trail_name }}' already exists. + msg: Trail '{{ awsconfig_multiregion_cloudtrail_trail_name }}' already exists. when: awsconfig_multiregion_cloudtrail_result is not changed - name: Delete trail - when: operation == 'delete' + when: awsconfig_multiregion_cloudtrail_operation == 'delete' block: - name: Verify that trail has been deleted ansible.builtin.debug: - msg: Trail '{{ trail_name }}' successfully deleted. + msg: Trail '{{ awsconfig_multiregion_cloudtrail_trail_name }}' successfully deleted. when: awsconfig_multiregion_cloudtrail_result is changed - name: Verify that trail does not exists anymore ansible.builtin.debug: - msg: Trail '{{ trail_name }}' does not exist. + msg: Trail '{{ awsconfig_multiregion_cloudtrail_trail_name }}' does not exist. when: awsconfig_multiregion_cloudtrail_result is not changed diff --git a/roles/backup_create_plan/README.md b/roles/backup_create_plan/README.md index 4f6ab975..cde20ff6 100644 --- a/roles/backup_create_plan/README.md +++ b/roles/backup_create_plan/README.md @@ -23,21 +23,21 @@ AWS User Account with the following permission: Role Variables -------------- -* **plan_name**: (Required) The name of the backup plan you want to create -* **plan_rules**: (Required) A set of rules for the backup, as a list of dicts -* **plan_windows_vss_settings**: Optional settings for Windows VSS backup, see [AdvancedBackupSetting object in the AWS Backup API documentation](https://docs.aws.amazon.com/aws-backup/latest/devguide/API_AdvancedBackupSetting.html) for details -* **plan_tags**: Optional tags to apply to all backups created with the plan -* **vault_name**: The name of the vault you want to use or create. If not provided, the role will use (and create if needed) the AWS default vault for the account, named Default. -* **vault_encryption_key_arn**: Optional ARN of key to use for vault encryption -* **vault_tags**: Optional tags to apply to the vault +* **backup_create_plan_plan_name**: (Required) The name of the backup plan you want to create +* **backup_create_plan_plan_rules**: (Required) A set of rules for the backup, as a list of dicts +* **backup_create_plan_plan_windows_vss_settings**: Optional settings for Windows VSS backup, see [AdvancedBackupSetting object in the AWS Backup API documentation](https://docs.aws.amazon.com/aws-backup/latest/devguide/API_AdvancedBackupSetting.html) for details +* **backup_create_plan_plan_tags**: Optional tags to apply to all backups created with the plan +* **backup_create_plan_vault_name**: The name of the vault you want to use or create. If not provided, the role will use (and create if needed) the AWS default vault for the account, named Default. +* **backup_create_plan_vault_encryption_key_arn**: Optional ARN of key to use for vault encryption +* **backup_create_plan_vault_tags**: Optional tags to apply to the vault ### Included sample plan rules variables These are included in vars/main.yaml for use as-is or as examples for modification. -* **hourly_backup**: Rules specifying hourly continous backup at :15 UTC with 7-day retention -* **daily_backup**: Rules specifying daily backup at 5am UTC with Amazon defaults for all other settings -* **weekly_backup**: Rules specifying weekly backup on Mondays at 5am UTC with 90 day retention after quick transition to cold storage -* **monthly_backup**: Rules specifying monthly backup at 5am UTC on 1st of month with copy to additional vault (requires an additional variable **copy_vault_name** be set with the name of the vault to copy to) +* **backup_create_plan_hourly_backup**: Rules specifying hourly continous backup at :15 UTC with 7-day retention +* **backup_create_plan_daily_backup**: Rules specifying daily backup at 5am UTC with Amazon defaults for all other settings +* **backup_create_plan_weekly_backup**: Rules specifying weekly backup on Mondays at 5am UTC with 90 day retention after quick transition to cold storage +* **backup_create_plan_monthly_backup**: Rules specifying monthly backup at 5am UTC on 1st of month with copy to additional vault (requires an additional variable **copy_vault_name** be set with the name of the vault to copy to) Dependencies @@ -52,8 +52,8 @@ Example Playbook roles: - role: cloud.aws_ops.backup_create_plan vars: - plan_name: my-backup-plan - plan_rules: + backup_create_plan_plan_name: my-backup-plan + backup_create_plan_plan_rules: - "{{ daily_backup }}" License diff --git a/roles/backup_create_plan/defaults/main.yaml b/roles/backup_create_plan/defaults/main.yaml index 2d311b4c..a724b6b4 100644 --- a/roles/backup_create_plan/defaults/main.yaml +++ b/roles/backup_create_plan/defaults/main.yaml @@ -1,2 +1,2 @@ --- -vault_name: Default +backup_create_plan_vault_name: Default diff --git a/roles/backup_create_plan/tasks/main.yaml b/roles/backup_create_plan/tasks/main.yaml index d2da44c2..eec5076a 100644 --- a/roles/backup_create_plan/tasks/main.yaml +++ b/roles/backup_create_plan/tasks/main.yaml @@ -6,8 +6,8 @@ msg: "Required variable {{ item }} has not been defined" when: vars[item] is undefined loop: - - plan_name - - plan_rules + - backup_create_plan_plan_name + - backup_create_plan_plan_rules - name: Run backup_create_plan_role module_defaults: @@ -18,36 +18,36 @@ - name: Create or update backup vault amazon.aws.backup_vault: state: present - backup_vault_name: "{{ vault_name }}" - encryption_key_arn: "{{ vault_encryption_key_arn | default(omit) }}" - tags: "{{ vault_tags | default(omit) }}" + backup_vault_name: "{{ backup_create_plan_vault_name }}" + encryption_key_arn: "{{ backup_create_plan_vault_encryption_key_arn | default(omit) }}" + tags: "{{ backup_create_plan_vault_tags | default(omit) }}" register: backup_create_plan_backup_vault_result - name: Verify that vault has been created/updated ansible.builtin.debug: - msg: Vault '{{ vault_name }}' successfully created/updated. + msg: Vault '{{ backup_create_plan_vault_name }}' successfully created/updated. when: backup_create_plan_backup_vault_result is changed - name: Verify that vault already exists ansible.builtin.debug: - msg: Vault '{{ vault_name }}' exists, no updates needed. + msg: Vault '{{ backup_create_plan_vault_name }}' exists, no updates needed. when: backup_create_plan_backup_vault_result is not changed - name: Create or update backup plan amazon.aws.backup_plan: state: present - backup_plan_name: "{{ plan_name }}" - rules: "{{ plan_rules }}" - advanced_backup_settings: "{{ plan_windows_vss_settings | default(omit) }}" - tags: "{{ plan_tags | default(omit) }}" + backup_plan_name: "{{ backup_create_plan_plan_name }}" + rules: "{{ backup_create_plan_plan_rules }}" + advanced_backup_settings: "{{ backup_create_plan_plan_windows_vss_settings | default(omit) }}" + tags: "{{ backup_create_plan_plan_tags | default(omit) }}" register: backup_create_plan_backup_plan_result - name: Verify that plan has been created/updated ansible.builtin.debug: - msg: Plan '{{ plan_name }}' successfully created/updated. + msg: Plan '{{ backup_create_plan_plan_name }}' successfully created/updated. when: backup_create_plan_backup_plan_result is changed - name: Verify that plan already exists ansible.builtin.debug: - msg: Plan '{{ plan_name }}' exists, no updates needed. + msg: Plan '{{ backup_create_plan_plan_name }}' exists, no updates needed. when: backup_create_plan_backup_plan_result is not changed diff --git a/roles/backup_create_plan/vars/main.yaml b/roles/backup_create_plan/vars/main.yaml index 1731a2fb..62a82777 100644 --- a/roles/backup_create_plan/vars/main.yaml +++ b/roles/backup_create_plan/vars/main.yaml @@ -1,5 +1,5 @@ --- -hourly_backup: # Hourly continous backup at :15 with 7-day retention +backup_create_plan_hourly_backup: # Hourly continous backup at :15 with 7-day retention rule_name: hourly target_backup_vault_name: "{{ vault_name }}" schedule_expression: "cron(15 * ? * * *)" @@ -9,12 +9,12 @@ hourly_backup: # Hourly continous backup at :15 with 7-day retention lifecycle: delete_after_days: 7 -daily_backup: # Daily backup at 5am UTC with Amazon defaults for all other settings +backup_create_plan_daily_backup: # Daily backup at 5am UTC with Amazon defaults for all other settings rule_name: daily target_backup_vault_name: "{{ vault_name }}" schedule_expression: "cron(0 5 ? * * *)" -weekly_backup: # Weekly backup on Mondays at 5am UTC with 90 day retention after quick transition to cold storage +backup_create_plan_weekly_backup: # Weekly backup on Mondays at 5am UTC with 90 day retention after quick transition to cold storage rule_name: weekly target_backup_vault_name: "{{ vault_name }}" schedule_expression: "cron(0 5 ? * MON *)" @@ -22,7 +22,7 @@ weekly_backup: # Weekly backup on Mondays at 5am UTC with 90 day retention afte delete_after_days: 91 move_to_cold_storage_after_days: 1 -monthly_backup: # Monthly backup at 5am UTC on 1st of month with copy to additional vault +backup_create_plan_monthly_backup: # Monthly backup at 5am UTC on 1st of month with copy to additional vault rule_name: monthly target_backup_vault_name: "{{ vault_name }}" schedule_expression: "cron(0 5 1 * ? *)" diff --git a/roles/backup_select_resources/README.md b/roles/backup_select_resources/README.md index ea188a80..9ca71702 100644 --- a/roles/backup_select_resources/README.md +++ b/roles/backup_select_resources/README.md @@ -20,13 +20,13 @@ AWS User Account with the following permission: Role Variables -------------- -* **plan_name**: (Required) The name of the backup plan you want to use for the selected resources. -* **selection_name**: (Required) The display name of the resource selection you want to back up. -* **selection_resources**: (Required) List of resources selected for backup. Can use wild cards and/or combine with selection options below to precisely restrict resources based on various conditions. See included vars for examples. -* **selection_excluded_resources**: List of resources to exclude from backup -* **selection_tags**: List of resource tags selected for backup -* **selection_conditions**: Conditions for resources to back up -* **backup_role_name**: (Required) The name of an IAM role with permissions to perform all needed backup actions for the selected resources. Alternatively, provide a name for a new IAM role which will be created with the same permissions as the AWSBackupDefaultServiceRole (note: these permissions allow backups and restores for all resources). +* **backup_select_resources_plan_name**: (Required) The name of the backup plan you want to use for the selected resources. +* **backup_select_resources_selection_name**: (Required) The display name of the resource selection you want to back up. +* **backup_select_resources_selection_resources**: (Required) List of resources selected for backup. Can use wild cards and/or combine with selection options below to precisely restrict resources based on various conditions. See included vars for examples. +* **backup_select_resources_selection_excluded_resources**: List of resources to exclude from backup +* **backup_select_resources_selection_tags**: List of resource tags selected for backup +* **backup_select_resources_selection_conditions**: Conditions for resources to back up +* **backup_select_resources_backup_role_name**: (Required) The name of an IAM role with permissions to perform all needed backup actions for the selected resources. Alternatively, provide a name for a new IAM role which will be created with the same permissions as the AWSBackupDefaultServiceRole (note: these permissions allow backups and restores for all resources). ### Included sample resource selection variables These are included in vars/main.yaml for use as-is or as examples for modification. @@ -34,8 +34,8 @@ These are included in vars/main.yaml for use as-is or as examples for modificati * **all_resources**: All AWS resources * **all_s3_buckets** All S3 buckets * **all_rds_db_instances**: All RDS database instances -* **tag_list_backup_or_prod**: Resources tagged {"backup": "true"} OR {"env": "prod"}, for use with the **selection_tags** role variable -* **conditions_tagged_backup_and_prod**: Resources tagged {"backup": "true"} AND {"env": "prod"}, for use with the **selection_conditions** role variable +* **tag_list_backup_or_prod**: Resources tagged {"backup": "true"} OR {"env": "prod"}, for use with the **backup_select_resources_selection_tags** role variable +* **conditions_tagged_backup_and_prod**: Resources tagged {"backup": "true"} AND {"env": "prod"}, for use with the **backup_select_resources_selection_conditions** role variable Dependencies ------------ @@ -50,11 +50,11 @@ Example Playbooks roles: - role: cloud.aws_ops.backup_select_resources vars: - plan_name: my-backup-plan - selection_name: s3_buckets - selection_resources: + backup_select_resources_plan_name: my-backup-plan + backup_select_resources_selection_name: s3_buckets + backup_select_resources_selection_resources: - "{{ all_s3_buckets }}" - backup_role_name: my-iam-role + backup_select_resources_backup_role_name: my-iam-role ### Create backup plan and select resources @@ -62,19 +62,19 @@ Example Playbooks roles: - role: cloud.aws_ops.backup_create_plan vars: - plan_name: my-backup-plan - plan_rules: + backup_select_resources_plan_name: my-backup-plan + backup_select_resources_plan_rules: - "{{ daily_backup }}" - hosts: localhost roles: - role: cloud.aws_ops.backup_select_resources vars: - plan_name: my-backup-plan - selection_name: s3_buckets - selection_resources: + backup_select_resources_plan_name: my-backup-plan + backup_select_resources_selection_name: s3_buckets + backup_select_resources_selection_resources: - "{{ all_s3_buckets }}" - backup_role_name: my-iam-role + backup_select_resources_backup_role_name: my-iam-role License ------- diff --git a/roles/backup_select_resources/tasks/main.yaml b/roles/backup_select_resources/tasks/main.yaml index 9ccd26cd..52b1fda3 100644 --- a/roles/backup_select_resources/tasks/main.yaml +++ b/roles/backup_select_resources/tasks/main.yaml @@ -4,10 +4,10 @@ msg: "Required variable {{ item }} has not been defined" when: vars[item] is undefined loop: - - backup_role_name - - plan_name - - selection_name - - selection_resources + - backup_select_resources_backup_role_name + - backup_select_resources_plan_name + - backup_select_resources_selection_name + - backup_select_resources_selection_resources - name: Run backup_select_resources role module_defaults: @@ -16,25 +16,25 @@ - name: Get plan info amazon.aws.backup_plan_info: backup_plan_names: - - "{{ plan_name }}" + - "{{ backup_select_resources_plan_name }}" register: backup_select_resources_backup_plan_info - name: Fail when backup plan does not exist ansible.builtin.fail: - msg: Backup plan {{ plan_name }} does not exist, please create or confirm plan name is correct. + msg: Backup plan {{ backup_select_resources_plan_name }} does not exist, please create or confirm plan name is correct. when: backup_select_resources_backup_plan_info.backup_plans | length == 0 - name: Get provided IAM role info - community.aws.iam_role_info: - name: "{{ backup_role_name }}" + amazon.aws.iam_role_info: + name: "{{ backup_select_resources_backup_role_name }}" register: backup_select_resources_role_info - name: Create new role when IAM role does not exist when: backup_select_resources_role_info.iam_roles | length == 0 block: - name: Create role - community.aws.iam_role: - name: "{{ backup_role_name }}" + amazon.aws.iam_role: + name: "{{ backup_select_resources_backup_role_name }}" state: present assume_role_policy_document: '{{ lookup("file", "backup-policy.json") }}' create_instance_profile: false @@ -58,21 +58,21 @@ - name: Create or update backup selection amazon.aws.backup_selection: state: present - backup_plan_name: "{{ plan_name }}" - selection_name: "{{ selection_name }}" + backup_plan_name: "{{ backup_select_resources_plan_name }}" + selection_name: "{{ backup_select_resources_selection_name }}" iam_role_arn: "{{ backup_select_resources_backup_role_arn }}" - resources: "{{ selection_resources }}" - list_of_tags: "{{ selection_tags | default(omit) }}" - not_resources: "{{ selection_excluded_resources | default(omit) }}" - conditions: "{{ selection_conditions | default(omit) }}" + resources: "{{ backup_select_resources_selection_resources }}" + list_of_tags: "{{ backup_select_resources_selection_tags | default(omit) }}" + not_resources: "{{ backup_select_resources_selection_excluded_resources | default(omit) }}" + conditions: "{{ backup_select_resources_selection_conditions | default(omit) }}" register: backup_select_resources_selection_result - name: Verify that selection has been created/updated ansible.builtin.debug: - msg: Backup selection '{{ selection_name }}' successfully created/updated. + msg: Backup selection '{{ backup_select_resources_selection_name }}' successfully created/updated. when: backup_select_resources_selection_result is changed - name: Verify that selection already exists ansible.builtin.debug: - msg: Backup selection '{{ selection_name }}' exists, no updates needed. + msg: Backup selection '{{ backup_select_resources_selection_name }}' exists, no updates needed. when: backup_select_resources_selection_result is not changed diff --git a/roles/backup_select_resources/vars/main.yaml b/roles/backup_select_resources/vars/main.yaml index 837254ba..6beece7d 100644 --- a/roles/backup_select_resources/vars/main.yaml +++ b/roles/backup_select_resources/vars/main.yaml @@ -1,9 +1,9 @@ --- -all_resources: "*" -all_s3_buckets: "arn:aws:s3:::*" -all_rds_db_instances: "arn:aws:rds:*:*:db:*" +backup_select_resources_all_resources: "*" +backup_select_resources_all_s3_buckets: "arn:aws:s3:::*" +backup_select_resources_all_rds_db_instances: "arn:aws:rds:*:*:db:*" -tag_list_backup_or_prod: # Resources tagged {"backup": "true"} OR {"env": "prod"} +backup_select_resources_tag_list_backup_or_prod: # Resources tagged {"backup": "true"} OR {"env": "prod"} - condition_type: "STRINGEQUALS" condition_key: "backup" condition_value: "true" @@ -11,7 +11,7 @@ tag_list_backup_or_prod: # Resources tagged {"backup": "true"} OR {"env": "prod condition_key: "env" condition_value: "prod" -conditions_tagged_backup_and_prod: # Resources tagged {"backup": "true"} AND {"env": "prod"} +backup_select_resources_conditions_tagged_backup_and_prod: # Resources tagged {"backup": "true"} AND {"env": "prod"} string_equals: - condition_key: "aws:ResourceTag/backup" condition_value: "true" diff --git a/roles/clone_on_prem_vm/tasks/main.yml b/roles/clone_on_prem_vm/tasks/main.yml index 8807f73f..88fed226 100644 --- a/roles/clone_on_prem_vm/tasks/main.yml +++ b/roles/clone_on_prem_vm/tasks/main.yml @@ -9,13 +9,13 @@ manager: auto register: package_facts -- name: qemu is not installed - debug: +- name: Qemu is not installed + ansible.builtin.debug: msg: "qemu is not installed" when: "'qemu' not in package_facts.ansible_facts.packages" -- name: qemu-img is not installed - debug: +- name: Qemu-img is not installed + ansible.builtin.debug: msg: "qemu-img is not installed" when: "'qemu-img' not in package_facts.ansible_facts.packages" @@ -79,7 +79,7 @@ clone_on_prem_vm__clone_path: "{{ clone_on_prem_vm__tmpdir.path }}/{{ clone_on_prem_vm_image_name }}.qcow2" clone_on_prem_vm__raw_image_path: "{{ clone_on_prem_vm__tmpdir.path }}/{{ clone_on_prem_vm_image_name }}.raw" -- name: Cloning {{ clone_on_prem_vm_source_vm_name }} on prem VM +- name: Cloning on prem VM {{ clone_on_prem_vm_source_vm_name }} ansible.builtin.command: | virt-clone --original {{ clone_on_prem_vm_source_vm_name }} \ --name {{ clone_on_prem_vm_image_name }} \ @@ -100,7 +100,7 @@ {{ clone_on_prem_vm__clone_path }} \ {{ clone_on_prem_vm__raw_image_path }} become: true - become_method: sudo + become_method: ansible.builtin.sudo environment: LIBVIRT_DEFAULT_URI: "{{ clone_on_prem_vm_uri }}" when: clone_on_prem_vm__clone_info.stat.exists and clone_on_prem_vm__clone_info.stat.pw_name == "root" diff --git a/roles/customized_ami/README.md b/roles/customized_ami/README.md index 79f389ce..810ff52d 100644 --- a/roles/customized_ami/README.md +++ b/roles/customized_ami/README.md @@ -11,28 +11,28 @@ AWS credentials with valid permission. Role Variables -------------- -* **custom_ami_operation** (str) - Operation to perform. Valid values are 'create', 'delete'. Default: 'create'. -* **custom_ami_name** (str) - Name of the AMI to create. **Required** -* **custom_ami_packages** (list) - List of packages to install. -* **custom_ami_recreate_if_exists** (bool) - Whether to recreate the AMI if it already exists. Default: False. -* **source_ami_filters** (dict) - A dict of filters to apply to find the source AMI id. See [AWS documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeImages.html) for possible filters. The following are used by the role, by default: +* **customized_ami_operation** (str) - Operation to perform. Valid values are 'create', 'delete'. Default: 'create'. +* **customized_ami_name** (str) - Name of the AMI to create. **Required** +* **customized_ami_packages** (list) - List of packages to install. +* **customized_ami_recreate_if_exists** (bool) - Whether to recreate the AMI if it already exists. Default: False. +* **customized_ami_source_ami_filters** (dict) - A dict of filters to apply to find the source AMI id. See [AWS documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeImages.html) for possible filters. The following are used by the role, by default: **architecture** (str) - Architecture supported by the AMI. Default: 'x86_64'. **virtualization-type** (str) - Virtualization supported by the AMI. Default: 'hvm'. **root-device-type** (str) - Root Device Type supported by the AMI. Default: 'ebs' **name** (str) - Name of the AMI. Default: 'Fedora-Cloud-Base-37-*' -* **source_ami_image_id** (str) - Image id of the AMI to be used as source. When not specified, we will use **source_ami_filters** to determine source AMI image id. -* **source_ami_user_name** (str) - User name to connect to EC2 instance used to create custom AMI. Default value is **ec2-user**. Default: 'fedora'. -* **custom_ami_vpc_cidr** (str) - VPC CIDR for the ec2 instance. Default: '10.1.0.0/16' -* **custom_ami_subnet_cidr** (str) - Subnet CIDR for the ec2 instance. Default: '10.1.0.0/24' -* **custom_ami_ec2_instance_name** (str) - Name of EC2 instance. Default: '{{ custom_ami_name }}-ec2' -* **custom_ami_ec2_instance_type** (str) - EC2 instance type. Default: 't2.large' -* **custom_ami_resource_tags** (dict) - Resouce tags. Default: '{'role': 'customized_ami', 'customized_ami_name': '{{ custom_ami_name }}'}. -* **custom_ami_vpc_name** (str) - Name of VPC. Default: 'vpc-{{ custom_ami_name }}' -* **custom_ami_security_group** (str) - Name of Security Group. Default: 'security-{{ custom_ami_name }}' -* **custom_ami_key_name** (str) - Name of the key pair. Default: 'key-{{ custom_ami_name }}' -* **custom_ami_public_key_file** (str) - Name of the public key file. Default: '~/.ssh/id_rsa.pub' -* **custom_ami_private_key_file** (str) - Name of the private key file. Default: '~/.ssh/id_rsa' -* **custom_ami_security_group_desc** (str) - Description of Security Group. Default: 'Security group allowing SSH connection to EC2 instance' +* **customized_ami_source_ami_image_id** (str) - Image id of the AMI to be used as source. When not specified, we will use **source_ami_filters** to determine source AMI image id. +* **customized_ami_source_ami_user_name** (str) - User name to connect to EC2 instance used to create custom AMI. Default value is **ec2-user**. Default: 'fedora'. +* **customized_ami_vpc_cidr** (str) - VPC CIDR for the ec2 instance. Default: '10.1.0.0/16' +* **customized_ami_subnet_cidr** (str) - Subnet CIDR for the ec2 instance. Default: '10.1.0.0/24' +* **customized_ami_ec2_instance_name** (str) - Name of EC2 instance. Default: '{{ customized_ami_name }}-ec2' +* **customized_ami_ec2_instance_type** (str) - EC2 instance type. Default: 't2.large' +* **customized_ami_resource_tags** (dict) - Resouce tags. Default: '{'role': 'customized_ami', 'customized_ami_name': '{{ customized_ami_name }}'}. +* **custom_ami_vpc_name** (str) - Name of VPC. Default: 'vpc-{{ customized_ami_name }}' +* **custom_ami_security_group** (str) - Name of Security Group. Default: 'security-{{ customized_ami_name }}' +* **customized_ami_key_name** (str) - Name of the key pair. Default: 'key-{{ customized_ami_name }}' +* **customized_ami_public_key_file** (str) - Name of the public key file. Default: '~/.ssh/id_rsa.pub' +* **customized_ami_private_key_file** (str) - Name of the private key file. Default: '~/.ssh/id_rsa' +* **customized_ami_security_group_desc** (str) - Description of Security Group. Default: 'Security group allowing SSH connection to EC2 instance' Dependencies ------------ @@ -45,8 +45,8 @@ Example Playbook - hosts: servers roles: - role: cloud.aws_ops.customized_ami - custom_ami_name: my_customized_ami_name - custom_ami_packages: + customized_ami_name: my_customized_ami_name + customized_ami_packages: - package1 - package2 - package3 diff --git a/roles/customized_ami/defaults/main.yml b/roles/customized_ami/defaults/main.yml index c7903459..5cb33dfc 100644 --- a/roles/customized_ami/defaults/main.yml +++ b/roles/customized_ami/defaults/main.yml @@ -1,26 +1,26 @@ --- -custom_ami_operation: create -source_ami_filters: +customized_ami_operation: create +customized_ami_source_ami_filters: architecture: x86_64 virtualization-type: hvm root-device-type: ebs name: Fedora-Cloud-Base-37-* -source_ami_user_name: fedora +customized_ami_source_ami_user_name: fedora -custom_ami_vpc_cidr: 10.1.0.0/16 -custom_ami_subnet_cidr: 10.1.0.0/24 -custom_ami_ec2_instance_name: "{{ custom_ami_name }}-ec2" -custom_ami_ec2_instance_type: t2.large +customized_ami_vpc_cidr: 10.1.0.0/16 +customized_ami_subnet_cidr: 10.1.0.0/24 +customized_ami_ec2_instance_name: "{{ customized_ami_name }}-ec2" +customized_ami_ec2_instance_type: t2.large -custom_ami_resource_tags: +customized_ami_resource_tags: role: customized_ami customized_ami_name: "{{ custom_ami_name }}" -custom_ami_vpc_name: "vpc-{{ custom_ami_name }}" -custom_ami_security_group: "security-{{ custom_ami_name }}" -custom_ami_key_name: "key-{{ custom_ami_name }}" -custom_ami_public_key_file: ~/.ssh/id_rsa.pub -custom_ami_private_key_file: ~/.ssh/id_rsa -custom_ami_security_group_desc: "Security group allowing SSH connection to EC2 instance" +customized_ami_vpc_name: "vpc-{{ customized_ami_name }}" +customized_ami_security_group: "security-{{ customized_ami_name }}" +customized_ami_key_name: "key-{{ customized_ami_name }}" +customized_ami_public_key_file: ~/.ssh/id_rsa.pub +customized_ami_private_key_file: ~/.ssh/id_rsa +customized_ami_security_group_desc: "Security group allowing SSH connection to EC2 instance" -custom_ami_recreate_if_exists: false +customized_ami_recreate_if_exists: false diff --git a/roles/customized_ami/tasks/create.yaml b/roles/customized_ami/tasks/create.yaml index 687c014d..a5a67ffe 100644 --- a/roles/customized_ami/tasks/create.yaml +++ b/roles/customized_ami/tasks/create.yaml @@ -19,7 +19,7 @@ - name: Check that existing AMI found ansible.builtin.debug: - msg: "Existing AMI found with name: '{{ custom_ami_name }}'" + msg: "Existing AMI found with name: '{{ customized_ami_name }}'" when: - customized_ami__existing_amis.images | length > 0 - - not (custom_ami_recreate_if_exists | bool) + - not (customized_ami_recreate_if_exists | bool) diff --git a/roles/customized_ami/tasks/create_ami.yaml b/roles/customized_ami/tasks/create_ami.yaml index 72f4ea28..f0fdb28c 100644 --- a/roles/customized_ami/tasks/create_ami.yaml +++ b/roles/customized_ami/tasks/create_ami.yaml @@ -1,16 +1,16 @@ --- - name: Install required packages - when: custom_ami_packages is defined + when: customized_ami_packages is defined become: true delegate_to: ec2 ansible.builtin.package: name: "{{ item }}" state: present - with_items: "{{ custom_ami_packages }}" + with_items: "{{ customized_ami_packages }}" - name: Create custom AMI from instance id amazon.aws.ec2_ami: instance_id: "{{ customized_ami__instance_id }}" - name: "{{ custom_ami_name }}" + name: "{{ customized_ami_name }}" wait: true state: present diff --git a/roles/customized_ami/tasks/create_ec2_resources.yaml b/roles/customized_ami/tasks/create_ec2_resources.yaml index b00b1008..164110ee 100644 --- a/roles/customized_ami/tasks/create_ec2_resources.yaml +++ b/roles/customized_ami/tasks/create_ec2_resources.yaml @@ -1,22 +1,22 @@ --- - name: Create a VPC to work in amazon.aws.ec2_vpc_net: - cidr_block: "{{ custom_ami_vpc_cidr }}" - name: "{{ custom_ami_vpc_name }}" - tags: "{{ custom_ami_resource_tags }}" + cidr_block: "{{ customized_ami_vpc_cidr }}" + name: "{{ customized_ami_vpc_name }}" + tags: "{{ customized_ami_resource_tags }}" register: customized_ami__vpc - name: Create a public subnet amazon.aws.ec2_vpc_subnet: vpc_id: "{{ customized_ami__vpc.vpc.id }}" - cidr: "{{ custom_ami_subnet_cidr }}" - tags: "{{ custom_ami_resource_tags }}" + cidr: "{{ customized_ami_subnet_cidr }}" + tags: "{{ customized_ami_resource_tags }}" register: customized_ami__subnet - name: Create internet gateway attached to the VPC amazon.aws.ec2_vpc_igw: vpc_id: "{{ customized_ami__vpc.vpc.id }}" - tags: "{{ custom_ami_resource_tags }}" + tags: "{{ customized_ami_resource_tags }}" state: present register: customized_ami__internet_gateway @@ -29,14 +29,14 @@ - dest: 0.0.0.0/0 gateway_id: "{{ customized_ami__internet_gateway.gateway_id }}" lookup: tag - tags: "{{ custom_ami_resource_tags }}" + tags: "{{ customized_ami_resource_tags }}" state: present - name: Create security group allowing SSH connection amazon.aws.ec2_security_group: - name: "{{ custom_ami_security_group }}" + name: "{{ customized_ami_security_group }}" vpc_id: "{{ customized_ami__vpc.vpc.id }}" - description: "{{ custom_ami_security_group_desc }}" + description: "{{ customized_ami_security_group_desc }}" rules: - cidr_ip: 0.0.0.0/0 proto: tcp @@ -45,22 +45,22 @@ rules_egress: - cidr_ip: 0.0.0.0/0 proto: -1 - tags: "{{ custom_ami_resource_tags }}" + tags: "{{ customized_ami_resource_tags }}" state: present register: customized_ami__security_group - name: Create key pair to connect to the VM amazon.aws.ec2_key: - name: "{{ custom_ami_key_name }}" - key_material: "{{ lookup('file', custom_ami_public_key_file) }}" - tags: "{{ custom_ami_resource_tags }}" + name: "{{ customized_ami_key_name }}" + key_material: "{{ lookup('file', customized_ami_public_key_file) }}" + tags: "{{ customized_ami_resource_tags }}" - name: Create a virtual machine amazon.aws.ec2_instance: - name: "{{ custom_ami_ec2_instance_name }}" - instance_type: "{{ custom_ami_ec2_instance_type }}" + name: "{{ customized_ami_ec2_instance_name }}" + instance_type: "{{ customized_ami_ec2_instance_type }}" image_id: "{{ customized_ami__source_ami_image_id }}" - key_name: "{{ custom_ami_key_name }}" + key_name: "{{ customized_ami_key_name }}" subnet_id: "{{ customized_ami__subnet.subnet.id }}" network: assign_public_ip: true @@ -69,7 +69,7 @@ security_groups: - "{{ customized_ami__security_group.group_id }}" wait: true - tags: "{{ custom_ami_resource_tags }}" + tags: "{{ customized_ami_resource_tags }}" state: started register: customized_ami__ec2 @@ -80,9 +80,9 @@ - name: Add host to inventory ansible.builtin.add_host: hostname: ec2 - ansible_ssh_user: "{{ source_ami_user_name }}" + ansible_ssh_user: "{{ customized_ami_source_ami_user_name }}" ansible_host: "{{ customized_ami__ec2.instances.0.public_ip_address }}" - ansible_ssh_common_args: -o "UserKnownHostsFile=/dev/null" -o StrictHostKeyChecking=no -i {{ custom_ami_private_key_file }} + ansible_ssh_common_args: -o "UserKnownHostsFile=/dev/null" -o StrictHostKeyChecking=no -i {{ customized_ami_private_key_file }} ansible_python_interpreter: auto - name: Gather facts from ec2 instance diff --git a/roles/customized_ami/tasks/delete.yaml b/roles/customized_ami/tasks/delete.yaml index 4440ed93..f22a949e 100644 --- a/roles/customized_ami/tasks/delete.yaml +++ b/roles/customized_ami/tasks/delete.yaml @@ -2,7 +2,7 @@ - name: List existing AMI by name amazon.aws.ec2_ami_info: filters: - name: "{{ custom_ami_name }}" + name: "{{ customized_ami_name }}" register: customized_ami__existing_amis - name: Delete AMI @@ -14,4 +14,4 @@ with_items: "{{ customized_ami__existing_amis.images }}" when: - customized_ami__existing_amis.images | length > 0 - - (custom_ami_operation == 'create') | ternary(custom_ami_recreate_if_exists, 'true') | bool + - (customized_ami_operation == 'create') | ternary(customized_ami_recreate_if_exists, 'true') | bool diff --git a/roles/customized_ami/tasks/delete_ec2_resources.yaml b/roles/customized_ami/tasks/delete_ec2_resources.yaml index d4290462..a9b5e627 100644 --- a/roles/customized_ami/tasks/delete_ec2_resources.yaml +++ b/roles/customized_ami/tasks/delete_ec2_resources.yaml @@ -2,7 +2,7 @@ - name: Get vpc information amazon.aws.ec2_vpc_net_info: filters: - tag:Name: "{{ custom_ami_vpc_name }}" + tag:Name: "{{ customized_ami_vpc_name }}" register: customized_ami__vpc - name: Delete EC2 resources @@ -27,14 +27,14 @@ - name: Delete key pair to connect to the VM amazon.aws.ec2_key: - name: "{{ custom_ami_key_name }}" + name: "{{ customized_ami_key_name }}" state: absent - name: List Security group from VPC amazon.aws.ec2_security_group_info: filters: vpc-id: "{{ customized_ami__vpc_id }}" - description: "{{ custom_ami_security_group_desc }}" + description: "{{ customized_ami_security_group_desc }}" register: customized_ami__security_groups - name: Delete security groups @@ -65,7 +65,7 @@ - name: Delete subnets amazon.aws.ec2_vpc_subnet: - cidr: "{{ custom_ami_subnet_cidr }}" + cidr: "{{ customized_ami_subnet_cidr }}" state: absent vpc_id: "{{ customized_ami__vpc_id }}" diff --git a/roles/customized_ami/tasks/main.yml b/roles/customized_ami/tasks/main.yml index 15d9aec8..00935590 100644 --- a/roles/customized_ami/tasks/main.yml +++ b/roles/customized_ami/tasks/main.yml @@ -1,8 +1,8 @@ --- -- name: Fail when 'custom_ami_name' is not defined +- name: Fail when 'customized_ami_name' is not defined ansible.builtin.fail: - msg: Custom AMI name should be defined using variable custom_ami_name - when: custom_ami_name is undefined + msg: Custom AMI name should be defined using variable customized_ami_name + when: customized_ami_name is undefined - name: Run 'customized_ami' role module_defaults: @@ -10,4 +10,4 @@ block: - name: Include file - ansible.builtin.include_tasks: "{{ custom_ami_operation }}.yaml" + ansible.builtin.include_tasks: "{{ customized_ami_operation }}.yaml" diff --git a/roles/customized_ami/tasks/read_source_ami.yaml b/roles/customized_ami/tasks/read_source_ami.yaml index 240eef8a..dc3d126a 100644 --- a/roles/customized_ami/tasks/read_source_ami.yaml +++ b/roles/customized_ami/tasks/read_source_ami.yaml @@ -1,15 +1,15 @@ --- - name: Set source AMI ansible.builtin.set_fact: - customized_ami__source_ami_image_id: "{{ source_ami_image_id }}" - when: source_ami_image_id is defined + customized_ami__source_ami_image_id: "{{ customized_ami_source_ami_image_id }}" + when: customized_ami_source_ami_image_id is defined - name: Define source AMI image id when not supplied as input - when: source_ami_image_id is undefined + when: customized_ami_source_ami_image_id is undefined block: - name: Get source AMI image ID using filters amazon.aws.ec2_ami_info: - filters: "{{ source_ami_filters }}" + filters: "{{ customized_ami_source_ami_filters }}" register: customized_ami__source_images # very spammy no_log: true diff --git a/roles/ec2_instance_terminate_by_tag/README.md b/roles/ec2_instance_terminate_by_tag/README.md index 94d31b94..f90bcd19 100644 --- a/roles/ec2_instance_terminate_by_tag/README.md +++ b/roles/ec2_instance_terminate_by_tag/README.md @@ -7,9 +7,9 @@ Instances with termination_protection enabled will not be terminated. To terminate instances with termination_protection enabled, please set `terminate_protected_instances` to `True`. ## Specify following values in role vars -- tag_key_to_terminate_instances -- tag_value_to_terminate_instances -- terminate_protected_instances +- ec2_instance_terminate_by_tag_tag_key_to_terminate_instances +- ec2_instance_terminate_by_tag_tag_value_to_terminate_instances +- ec2_instance_terminate_by_tag_terminate_protected_instances ## Role and instances in a AutoScalingGroup (ASG) @@ -34,9 +34,9 @@ Dependencies roles: - role: cloud.aws_ops.ec2_instance_terminate_by_tag vars: - tag_key_to_terminate_instances: instances-to-terminate - tag_value_to_terminate_instances: "True" - terminate_protected_instances: True + ec2_instance_terminate_by_tag_tag_key_to_terminate_instances: instances-to-terminate + ec2_instance_terminate_by_tag_tag_value_to_terminate_instances: "True" + ec2_instance_terminate_by_tag_terminate_protected_instances: True ``` License diff --git a/roles/ec2_instance_terminate_by_tag/defaults/main.yml b/roles/ec2_instance_terminate_by_tag/defaults/main.yml index b3344f1e..f6d786ab 100644 --- a/roles/ec2_instance_terminate_by_tag/defaults/main.yml +++ b/roles/ec2_instance_terminate_by_tag/defaults/main.yml @@ -1,3 +1,3 @@ --- -tag_value_to_terminate_instances: -terminate_protected_instances: false +ec2_instance_terminate_by_tag_tag_value_to_terminate_instances: +ec2_instance_terminate_by_tag_terminate_protected_instances: false diff --git a/roles/ec2_instance_terminate_by_tag/tasks/main.yml b/roles/ec2_instance_terminate_by_tag/tasks/main.yml index 43bb9604..cc5a56a6 100644 --- a/roles/ec2_instance_terminate_by_tag/tasks/main.yml +++ b/roles/ec2_instance_terminate_by_tag/tasks/main.yml @@ -6,12 +6,12 @@ block: - name: Verify that tag to terminate instances with was provided ansible.builtin.fail: - msg: -"Please set 'tag_key_to_terminate_instances' to a tag based on which instances should be terminated..." - when: tag_key_to_terminate_instances | length == 0 + msg: -"Please set 'ec2_instance_terminate_by_tag_tag_key_to_terminate_instances' to a tag based on which instances should be terminated..." + when: ec2_instance_terminate_by_tag_tag_key_to_terminate_instances | length == 0 - name: Prepare filters dict to filter running instances with specified tag ansible.builtin.set_fact: - ec2_instance_terminate_by_tag__filters: "{{ {'instance-state-name': 'running', 'tag:' + tag_key_to_terminate_instances: tag_value_to_terminate_instances} }}" + ec2_instance_terminate_by_tag__filters: "{{ {'instance-state-name': 'running', 'tag:' + ec2_instance_terminate_by_tag_tag_key_to_terminate_instances: ec2_instance_terminate_by_tag_tag_value_to_terminate_instances} }}" - name: Get instances to be terminated amazon.aws.ec2_instance_info: @@ -23,16 +23,16 @@ ec2_instance_terminate_by_tag__instance_ids: "{{ ec2_instance_terminate_by_tag__tagged_instances.instances | map(attribute='instance_id') | list }}" - name: Disable 'termination_protection' - when: terminate_protected_instances + when: ec2_instance_terminate_by_tag_terminate_protected_instances block: - - name: Verify that terminate_protected_instances=True + - name: Verify that ec2_instance_terminate_by_tag_terminate_protected_instances=True ansible.builtin.debug: msg: - - "'terminate_protected_instances' is set to True..." + - "'ec2_instance_terminate_by_tag_terminate_protected_instances' is set to True..." - Instances with termination protection enabled will also be terminated... when: ec2_instance_terminate_by_tag__instance_ids | length != 0 - - name: Disable instance termination protection if terminate_protected_instances is true + - name: Disable instance termination protection if ec2_instance_terminate_by_tag_terminate_protected_instances is true amazon.aws.ec2_instance: instance_ids: - "{{ item }}" diff --git a/roles/import_image_and_run_aws_instance/tasks/main.yml b/roles/import_image_and_run_aws_instance/tasks/main.yml index e691db52..539cb144 100644 --- a/roles/import_image_and_run_aws_instance/tasks/main.yml +++ b/roles/import_image_and_run_aws_instance/tasks/main.yml @@ -25,7 +25,7 @@ when: import_image_and_run_aws_instance_import_image_task_name is undefined - name: Get information about the S3 bucket - community.aws.s3_bucket_info: + amazon.aws.s3_bucket_info: name: "{{ import_image_and_run_aws_instance_bucket_name }}" register: import_image_and_run_aws_instance__bucket_info diff --git a/roles/manage_transit_gateway/README.md b/roles/manage_transit_gateway/README.md index 069a79f1..672bc14c 100644 --- a/roles/manage_transit_gateway/README.md +++ b/roles/manage_transit_gateway/README.md @@ -21,21 +21,17 @@ AWS User Account with the following permission: Role Variables -------------- -* **action** (str): Whether to create or delete the transit gateway. Choices: 'create', 'delete'. -* **transit_gateway** (dict): A dict of parameters needed to create transit gateway. - **asn** (int): A private Autonomous System Number (ASN) for the Amazon side of a BGP session. - **tags** (dict): A dict of tags for the transit gateway. - **description** (str): Description for the transit gateway. -* **vpc_attachment** (list(dict)): A list of dict of parameters to create vpc attachments. - **name** (str): Name for the VPC attachment. - **tags** (dict): A dict of tags for the attachment. - **subnets** (list(str)): A list of subnets to be added to the attachment. -* **vpn_attachment** list(dict): A list of dict of parameters to create vpn attachments. - **customer_gateway_id** (str): Id of the customer gateway. -* **vpc_route_table** (list(dict)): Route table entries for the VPC. - **vpc_id** (str): VPC id for which the route should be added.. - **cidr_block** (str): Destination CIDR block. - **tags** (dict): A dict of tags for the route table. +* **manage_transit_gateway_action**: Whether to create or delete the transit gateway. Choices: 'create', 'delete'. +* **manage_transit_gateway_transit_gateway**: A dict of parameters needed to create transit gateway. + **asn**: A private Autonomous System Number (ASN) for the Amazon side of a BGP session. + **tags**: A dict of tags for the transit gateway. + **description**: Description for the transit gateway. +* **manage_transit_gateway_vpc_attachment**: A list of dict of parameters to create vpc attachments. + **name**: Name for the VPC attachment. + **tags**: A dict of tags for the attachment. + **subnets**: A list of subnets to be added to the attachment. +* **manage_transit_gateway_vpn_attachment**: A list of dict of parameters to create vpn attachments. + **customer_gateway_id**: Id of the customer gateway. Dependencies ------------ @@ -53,13 +49,13 @@ Example Playbook ansible.builtin.include_role: name: cloud.aws_ops.manage_transit_gateway vars: - action: "create" - transit_gateway: + manage_transit_gateway_action: "create" + manage_transit_gateway_transit_gateway: asn: 4200000000 description: "TGW for Cloud team" tags: "team": "cloud" - vpc_attachment: + manage_transit_gateway_vpc_attachment: - name: "vpc-attachment-001" tags: "team": "cloud" @@ -81,13 +77,13 @@ Example Playbook ansible.builtin.include_role: name: cloud.aws_ops.manage_transit_gateway vars: - action: "create" - transit_gateway: + manage_transit_gateway_action: "create" + manage_transit_gateway_transit_gateway: asn: 4200000000 description: "TGW for Cloud team" tags: "team": "cloud" - vpn_attachment: + manage_transit_gateway_vpn_attachment: - customer_gateway_id: "cgw-01b56884848a25446" License diff --git a/roles/manage_transit_gateway/meta/argument_specs.yaml b/roles/manage_transit_gateway/meta/argument_specs.yaml index 99e014f3..d6cb7aba 100644 --- a/roles/manage_transit_gateway/meta/argument_specs.yaml +++ b/roles/manage_transit_gateway/meta/argument_specs.yaml @@ -3,12 +3,12 @@ argument_specs: main: short_description: Creation/Deletion of transit gateway with vpc/vpn attachment options: - action: + manage_transit_gateway_action: description: Action to be done. type: "str" default: "create" choices: ["create", "delete"] - transit_gateway: + manage_transit_gateway_transit_gateway: description: Transit Gateway to be created. type: dict required: True @@ -25,7 +25,7 @@ argument_specs: tags: description: A dict of tags for the transit gateway. type: dict - vpc_attachment: + manage_transit_gateway_vpc_attachment: description: VPC to be attached. type: list elements: dict @@ -40,7 +40,7 @@ argument_specs: tags: description: A dict of tags for the attachment. type: dict - vpn_attachment: + manage_transit_gateway_vpn_attachment: description: VPC to be attached. type: list elements: dict @@ -48,7 +48,7 @@ argument_specs: customer_gateway_id: description: id of the customer gateway for the vpn attachment. type: str - vpc_route_table: + manage_transit_gateway_vpc_route_table: description: Route table entries for the VPC type: list elements: dict diff --git a/roles/manage_transit_gateway/tasks/create.yaml b/roles/manage_transit_gateway/tasks/create.yaml index 0396e49c..58c301fa 100644 --- a/roles/manage_transit_gateway/tasks/create.yaml +++ b/roles/manage_transit_gateway/tasks/create.yaml @@ -4,9 +4,9 @@ - name: Create transit gateway community.aws.ec2_transit_gateway: state: present - description: "{{ transit_gateway.description }}" - asn: "{{ transit_gateway.asn }}" - tags: "{{ transit_gateway.tags }}" + description: "{{ manage_transit_gateway_transit_gateway.description }}" + asn: "{{ manage_transit_gateway_transit_gateway.asn }}" + tags: "{{ manage_transit_gateway_transit_gateway.tags }}" register: manage_transit_gateway_tgw_result - name: Verify that transit gateway has been created/updated @@ -20,16 +20,16 @@ when: not manage_transit_gateway_tgw_result.changed - name: Create VPC attachment - when: vars["vpc_attachment"] is defined + when: vars["manage_transit_gateway_vpc_attachment"] is defined ansible.builtin.include_tasks: create_vpc_attachment.yaml - loop: "{{ vpc_attachment }}" + loop: "{{ manage_transit_gateway_vpc_attachment }}" - name: Create VPN attachment - when: vars["vpn_attachment"] is defined + when: vars["manage_transit_gateway_vpn_attachment"] is defined ansible.builtin.include_tasks: create_vpn_attachment.yaml - loop: "{{ vpn_attachment }}" + loop: "{{ manage_transit_gateway_vpn_attachment }}" - name: Create route table entries - when: vars["vpc_route_table"] is defined + when: vars["manage_transit_gateway_vpc_route_table"] is defined ansible.builtin.include_tasks: add_vpc_route_entries.yaml - loop: "{{ vpc_route_table }}" + loop: "{{ manage_transit_gateway_vpc_route_table }}" diff --git a/roles/manage_transit_gateway/tasks/delete.yaml b/roles/manage_transit_gateway/tasks/delete.yaml index 3f65dc73..e6e23590 100644 --- a/roles/manage_transit_gateway/tasks/delete.yaml +++ b/roles/manage_transit_gateway/tasks/delete.yaml @@ -9,7 +9,7 @@ ansible.builtin.set_fact: manage_transit_gateway_gw: "{{ item }}" when: - - item.description == transit_gateway.description + - item.description == manage_transit_gateway_transit_gateway.description - item.state == "available" loop: "{{ manage_transit_gateway_info.transit_gateways }}" diff --git a/roles/manage_transit_gateway/tasks/main.yaml b/roles/manage_transit_gateway/tasks/main.yaml index a702f53b..c6ef4d1a 100644 --- a/roles/manage_transit_gateway/tasks/main.yaml +++ b/roles/manage_transit_gateway/tasks/main.yaml @@ -5,4 +5,4 @@ block: - name: Include file - ansible.builtin.include_tasks: "{{ action }}.yaml" + ansible.builtin.include_tasks: "{{ manage_transit_gateway_action }}.yaml" diff --git a/tests/integration/targets/test_awsconfig_multiregion_cloudtrail/tasks/main.yml b/tests/integration/targets/test_awsconfig_multiregion_cloudtrail/tasks/main.yml index 914f83c9..6551a255 100644 --- a/tests/integration/targets/test_awsconfig_multiregion_cloudtrail/tasks/main.yml +++ b/tests/integration/targets/test_awsconfig_multiregion_cloudtrail/tasks/main.yml @@ -16,10 +16,10 @@ ansible.builtin.include_role: name: cloud.aws_ops.awsconfig_multiregion_cloudtrail vars: - operation: create - bucket_name: "{{ s3_bucket_name }}" - trail_name: "{{ cloud_trail_name }}" - key_prefix: ansible + awsconfig_multiregion_cloudtrail_operation: create + awsconfig_multiregion_cloudtrail_bucket_name: "{{ s3_bucket_name }}" + awsconfig_multiregion_cloudtrail_trail_name: "{{ cloud_trail_name }}" + awsconfig_multiregion_cloudtrail_key_prefix: ansible # Validate that the cloud trail has been created - name: Validate that cloud trail has been created @@ -44,8 +44,8 @@ ansible.builtin.include_role: name: cloud.aws_ops.awsconfig_multiregion_cloudtrail vars: - operation: delete - trail_name: "{{ cloud_trail_name }}" + awsconfig_multiregion_cloudtrail_operation: delete + awsconfig_multiregion_cloudtrail_trail_name: "{{ cloud_trail_name }}" # Validate that the cloud trail has been deleted - name: Validate that cloud trail has been deleted diff --git a/tests/integration/targets/test_backup_create_plan/defaults/main.yml b/tests/integration/targets/test_backup_create_plan/defaults/main.yml index ad1e2410..ee697c05 100644 --- a/tests/integration/targets/test_backup_create_plan/defaults/main.yml +++ b/tests/integration/targets/test_backup_create_plan/defaults/main.yml @@ -1,2 +1,24 @@ --- aws_security_token: '{{ security_token | default(omit) }}' +plan_name: "ansible-test-{{ tiny_prefix }}-plan" +vault_name: "ansible-test-{{ tiny_prefix }}-vault" +daily_backup: # Daily backup at 5am UTC with Amazon defaults for all other settings + rule_name: daily + target_backup_vault_name: "{{ vault_name }}" + schedule_expression: "cron(0 5 ? * * *)" +weekly_backup: # Weekly backup on Mondays at 5am UTC with 90 day retention after quick transition to cold storage + rule_name: weekly + target_backup_vault_name: "{{ vault_name }}" + schedule_expression: "cron(0 5 ? * MON *)" + lifecycle: + delete_after_days: 91 + move_to_cold_storage_after_days: 1 +hourly_backup: # Hourly continous backup at :15 with 7-day retention + rule_name: hourly + target_backup_vault_name: "{{ vault_name }}" + schedule_expression: "cron(15 * ? * * *)" + start_window_minutes: 60 + completion_window_minutes: 120 + enable_continuous_backup: true + lifecycle: + delete_after_days: 7 diff --git a/tests/integration/targets/test_backup_create_plan/tasks/main.yml b/tests/integration/targets/test_backup_create_plan/tasks/main.yml index f226b95a..60d83ecd 100644 --- a/tests/integration/targets/test_backup_create_plan/tasks/main.yml +++ b/tests/integration/targets/test_backup_create_plan/tasks/main.yml @@ -16,7 +16,9 @@ ansible.builtin.include_role: name: cloud.aws_ops.backup_create_plan vars: - plan_rules: + backup_create_plan_vault_name: "{{ vault_name }}" + backup_create_plan_plan_name: "{{ plan_name }}" + backup_create_plan_plan_rules: - "{{ daily_backup }}" - name: Get backup plan info @@ -33,15 +35,13 @@ - plan_create_result.backup_plans[0].backup_plan.rules[0].rule_name == "daily" - not plan_create_result.backup_plans[0].tags - - name: Set vault name variable - ansible.builtin.set_fact: - vault_name: "{{ resource_prefix }}-vault" - - name: Include 'backup_create_plan' role to create vault and plan ansible.builtin.include_role: name: cloud.aws_ops.backup_create_plan vars: - plan_rules: + backup_create_plan_plan_name: "{{ plan_name }}" + backup_create_plan_vault_name: "{{ vault_name }}" + backup_create_plan_plan_rules: - "{{ weekly_backup }}" - name: Get backup vault info @@ -74,11 +74,13 @@ ansible.builtin.include_role: name: cloud.aws_ops.backup_create_plan vars: - vault_tags: + backup_create_plan_plan_name: "{{ plan_name }}" + backup_create_plan_vault_name: "{{ vault_name }}" + backup_create_plan_vault_tags: environment: test - plan_rules: + backup_create_plan_plan_rules: - "{{ hourly_backup }}" - plan_tags: + backup_create_plan_plan_tags: environment: test - name: Get backup vault info diff --git a/tests/integration/targets/test_backup_select_resources/defaults/main.yml b/tests/integration/targets/test_backup_select_resources/defaults/main.yml index bb61b33d..b5a53944 100644 --- a/tests/integration/targets/test_backup_select_resources/defaults/main.yml +++ b/tests/integration/targets/test_backup_select_resources/defaults/main.yml @@ -6,3 +6,7 @@ selection_two: "{{ resource_prefix }}-selection-2" test_iam_role_name: "{{ resource_prefix }}-iam-role" test_iam_role_name_new: "{{ resource_prefix }}-iam-role-new" test_vault_name: "{{ resource_prefix }}-vault" +daily_backup: # Daily backup at 5am UTC with Amazon defaults for all other settings + rule_name: daily + target_backup_vault_name: "{{ test_vault_name }}" + schedule_expression: "cron(0 5 ? * * *)" diff --git a/tests/integration/targets/test_backup_select_resources/tasks/main.yml b/tests/integration/targets/test_backup_select_resources/tasks/main.yml index 608de74e..d8295b79 100644 --- a/tests/integration/targets/test_backup_select_resources/tasks/main.yml +++ b/tests/integration/targets/test_backup_select_resources/tasks/main.yml @@ -15,9 +15,11 @@ ansible.builtin.include_role: name: cloud.aws_ops.backup_select_resources vars: - backup_role_name: "{{ test_iam_role_name_new }}" - selection_resources: - - "{{ all_resources }}" + backup_select_resources_plan_name: "{{ plan_name }}" + backup_select_resources_selection_name: "{{ selection_name }}" + backup_select_resources_backup_role_name: "{{ test_iam_role_name_new }}" + backup_select_resources_selection_resources: + - "{{ backup_select_resources_all_resources }}" - name: Get backup selection info amazon.aws.backup_selection_info: @@ -35,9 +37,11 @@ ansible.builtin.include_role: name: cloud.aws_ops.backup_select_resources vars: - backup_role_name: "{{ test_iam_role_name }}" - selection_resources: - - "{{ all_resources }}" + backup_select_resources_plan_name: "{{ plan_name }}" + backup_select_resources_selection_name: "{{ selection_name }}" + backup_select_resources_backup_role_name: "{{ test_iam_role_name }}" + backup_select_resources_selection_resources: + - "{{ backup_select_resources_all_resources }}" - name: Get backup selection info amazon.aws.backup_selection_info: @@ -55,10 +59,12 @@ ansible.builtin.include_role: name: cloud.aws_ops.backup_select_resources vars: - backup_role_name: "{{ test_iam_role_name }}" - selection_resources: - - "{{ all_s3_buckets }}" - selection_tags: "{{ tag_list_backup_or_prod }}" + backup_select_resources_plan_name: "{{ plan_name }}" + backup_select_resources_selection_name: "{{ selection_name }}" + backup_select_resources_backup_role_name: "{{ test_iam_role_name }}" + backup_select_resources_selection_resources: + - "{{ backup_select_resources_all_s3_buckets }}" + backup_select_resources_selection_tags: "{{ backup_select_resources_tag_list_backup_or_prod }}" - name: Get updated backup selection info amazon.aws.backup_selection_info: @@ -77,13 +83,14 @@ ansible.builtin.include_role: name: cloud.aws_ops.backup_select_resources vars: - backup_role_name: "{{ test_iam_role_name }}" - selection_name: "{{ selection_two }}" - selection_resources: - - "{{ all_resources }}" - selection_excluded_resources: - - "{{ all_rds_db_instances }}" - selection_conditions: "{{ conditions_tagged_backup_and_prod }}" + backup_select_resources_backup_role_name: "{{ test_iam_role_name }}" + backup_select_resources_selection_name: "{{ selection_two }}" + backup_select_resources_plan_name: "{{ plan_name }}" + backup_select_resources_selection_resources: + - "{{ backup_select_resources_all_resources }}" + backup_select_resources_selection_excluded_resources: + - "{{ backup_select_resources_all_rds_db_instances }}" + backup_select_resources_selection_conditions: "{{ backup_select_resources_conditions_tagged_backup_and_prod }}" - name: Get updated backup selection info amazon.aws.backup_selection_info: diff --git a/tests/integration/targets/test_backup_select_resources/tasks/setup.yml b/tests/integration/targets/test_backup_select_resources/tasks/setup.yml index b5db7b63..a61b6810 100644 --- a/tests/integration/targets/test_backup_select_resources/tasks/setup.yml +++ b/tests/integration/targets/test_backup_select_resources/tasks/setup.yml @@ -1,6 +1,6 @@ --- - name: Create an IAM Role for backup - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_iam_role_name }}" state: present assume_role_policy_document: '{{ lookup("file", "backup-policy.json") }}' @@ -19,6 +19,7 @@ ansible.builtin.include_role: name: cloud.aws_ops.backup_create_plan vars: - vault_name: "{{ test_vault_name }}" - plan_rules: + backup_create_plan_vault_name: "{{ test_vault_name }}" + backup_create_plan_plan_name: "{{ plan_name }}" + backup_create_plan_plan_rules: - "{{ daily_backup }}" diff --git a/tests/integration/targets/test_backup_select_resources/tasks/teardown.yml b/tests/integration/targets/test_backup_select_resources/tasks/teardown.yml index 335386a9..96885fef 100644 --- a/tests/integration/targets/test_backup_select_resources/tasks/teardown.yml +++ b/tests/integration/targets/test_backup_select_resources/tasks/teardown.yml @@ -26,7 +26,7 @@ ignore_errors: true - name: Delete IAM role created for test - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_iam_role_name }}" state: absent wait: true @@ -34,7 +34,7 @@ ignore_errors: true - name: Delete IAM role created during test - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_iam_role_name_new }}" state: absent wait: true diff --git a/tests/integration/targets/test_customized_ami/tasks/main.yml b/tests/integration/targets/test_customized_ami/tasks/main.yml index 919ee3be..78f486af 100644 --- a/tests/integration/targets/test_customized_ami/tasks/main.yml +++ b/tests/integration/targets/test_customized_ami/tasks/main.yml @@ -1,17 +1,21 @@ --- - name: Test role 'customized_ami' + collections: + - amazon.aws + - community.crypto vars: - custom_ami_ec2_instance_type: t2.micro - custom_ami_public_key_file: "{{ setup_rsa_keys__public_key_file }}" - custom_ami_private_key_file: "{{ setup_rsa_keys__private_key_file }}" + customized_ami_ec2_instance_type: t2.micro + customized_ami_public_key_file: "{{ setup_rsa_keys__public_key_file }}" + customized_ami_private_key_file: "{{ setup_rsa_keys__private_key_file }}" block: # Test: create custom AMI - name: Create AMI with initial settings ansible.builtin.include_role: name: cloud.aws_ops.customized_ami vars: - custom_ami_packages: + customized_ami_packages: - podman + customized_ami_name: "{{ custom_ami_name }}" - name: Validate settings for initial AMI vars: @@ -31,9 +35,10 @@ ansible.builtin.include_role: name: cloud.aws_ops.customized_ami vars: - custom_ami_packages: + customized_ami_name: "{{ custom_ami_name }}" + customized_ami_packages: - libvirt - custom_ami_recreate_if_exists: true + customized_ami_recreate_if_exists: true - name: Validate settings for updated AMI vars: @@ -67,7 +72,8 @@ ansible.builtin.include_role: name: cloud.aws_ops.customized_ami vars: - custom_ami_operation: delete + customized_ami_name: "{{ custom_ami_name }}" + customized_ami_operation: delete - name: Get custom AMI information amazon.aws.ec2_ami_info: @@ -92,4 +98,5 @@ ansible.builtin.include_role: name: cloud.aws_ops.customized_ami vars: - custom_ami_operation: delete + customized_ami_name: "{{ custom_ami_name }}" + customized_ami_operation: delete diff --git a/tests/integration/targets/test_deploy_flask_app/aliases b/tests/integration/targets/test_deploy_flask_app/aliases index de2fdf2f..931f237c 100644 --- a/tests/integration/targets/test_deploy_flask_app/aliases +++ b/tests/integration/targets/test_deploy_flask_app/aliases @@ -1,3 +1,7 @@ cloud/aws role/deploy_flask_app time=35m + +# Integration tests are broken +# fatal: [testhost -> bastion]: UNREACHABLE! +disabled \ No newline at end of file diff --git a/tests/integration/targets/test_deploy_flask_app/vars/main.yaml b/tests/integration/targets/test_deploy_flask_app/vars/main.yaml index 638b72bb..488fd0cc 100644 --- a/tests/integration/targets/test_deploy_flask_app/vars/main.yaml +++ b/tests/integration/targets/test_deploy_flask_app/vars/main.yaml @@ -22,7 +22,7 @@ rds_engine: postgres rds_engine_version: "14.8" bastion_host_type: t3.micro bastion_host_venv_path: ~/env -image_filter: Fedora-Cloud-Base-35-* +image_filter: Fedora-Cloud-Base-37-* # vars for the deploy_flask_app role and create task # ================================================= diff --git a/tests/integration/targets/test_ec2_instance_terminate_by_tag/tasks/main.yml b/tests/integration/targets/test_ec2_instance_terminate_by_tag/tasks/main.yml index 680acdea..31f7cb62 100644 --- a/tests/integration/targets/test_ec2_instance_terminate_by_tag/tasks/main.yml +++ b/tests/integration/targets/test_ec2_instance_terminate_by_tag/tasks/main.yml @@ -8,8 +8,8 @@ ansible.builtin.include_role: name: cloud.aws_ops.ec2_instance_terminate_by_tag vars: - tag_key_to_terminate_instances: "{{ ec2_instances.0.tags.keys() | first }}" - tag_value_to_terminate_instances: "{{ ec2_instances.0.tags.values() | first }}" + ec2_instance_terminate_by_tag_tag_key_to_terminate_instances: "{{ ec2_instances.0.tags.keys() | first }}" + ec2_instance_terminate_by_tag_tag_value_to_terminate_instances: "{{ ec2_instances.0.tags.values() | first }}" - name: Validate that first instance was deleted and second still exists ansible.builtin.include_tasks: ensure_instance.yml @@ -23,8 +23,8 @@ ansible.builtin.include_role: name: cloud.aws_ops.ec2_instance_terminate_by_tag vars: - tag_key_to_terminate_instances: "{{ ec2_instances.1.tags.keys() | first }}" - tag_value_to_terminate_instances: "{{ ec2_instances.0.tags.values() | first }}" + ec2_instance_terminate_by_tag_tag_key_to_terminate_instances: "{{ ec2_instances.1.tags.keys() | first }}" + ec2_instance_terminate_by_tag_tag_value_to_terminate_instances: "{{ ec2_instances.0.tags.values() | first }}" - name: Ensure second instance was not deleted ansible.builtin.include_tasks: ensure_instance.yml @@ -36,8 +36,8 @@ ansible.builtin.include_role: name: cloud.aws_ops.ec2_instance_terminate_by_tag vars: - tag_key_to_terminate_instances: "{{ ec2_instances.1.tags.keys() | first }}" - tag_value_to_terminate_instances: "{{ ec2_instances.1.tags.values() | first }}" + ec2_instance_terminate_by_tag_tag_key_to_terminate_instances: "{{ ec2_instances.1.tags.keys() | first }}" + ec2_instance_terminate_by_tag_tag_value_to_terminate_instances: "{{ ec2_instances.1.tags.values() | first }}" - name: Ensure second instance was not deleted ansible.builtin.include_tasks: ensure_instance.yml diff --git a/tests/integration/targets/test_manage_transit_gateway/tasks/cleanup.yml b/tests/integration/targets/test_manage_transit_gateway/tasks/cleanup.yml index b176425b..3d1a8351 100644 --- a/tests/integration/targets/test_manage_transit_gateway/tasks/cleanup.yml +++ b/tests/integration/targets/test_manage_transit_gateway/tasks/cleanup.yml @@ -3,8 +3,8 @@ ansible.builtin.include_role: name: cloud.aws_ops.manage_transit_gateway vars: - action: "delete" - transit_gateway: + manage_transit_gateway_action: "delete" + manage_transit_gateway_transit_gateway: asn: 4200000000 description: "TGW for Cloud team" tags: diff --git a/tests/integration/targets/test_manage_transit_gateway/tasks/vpc_attachments.yml b/tests/integration/targets/test_manage_transit_gateway/tasks/vpc_attachments.yml index 08a80bde..a4b10fb9 100644 --- a/tests/integration/targets/test_manage_transit_gateway/tasks/vpc_attachments.yml +++ b/tests/integration/targets/test_manage_transit_gateway/tasks/vpc_attachments.yml @@ -6,13 +6,13 @@ ansible.builtin.include_role: name: cloud.aws_ops.manage_transit_gateway vars: - action: "create" - transit_gateway: + manage_transit_gateway_action: "create" + manage_transit_gateway_transit_gateway: asn: 4200000000 description: "TGW for Cloud team" tags: "team": "cloud" - vpc_attachment: + manage_transit_gateway_vpc_attachment: - name: "vpc-attachment-001" tags: "team": "cloud" @@ -24,7 +24,7 @@ subnets: - "{{ subnet_id_b_1 }}" - - name: List all the transit gateway attachments + - name: List all the transit gateways community.aws.ec2_transit_gateway_info: register: manage_transit_gateway_gw_info @@ -33,10 +33,18 @@ gw: "{{ item }}" when: - item.description == "TGW for Cloud team" - - item.state == "available" loop: "{{ manage_transit_gateway_gw_info.transit_gateways }}" - - name: Describe attachments on a specific VPC + - name: Wait until the transit gateway becomes available + community.aws.ec2_transit_gateway_info: + filters: + transit-gateway-id: '{{ gw.transit_gateway_id }}' + register: manage_transit_gateway_gw_available + retries: 30 + delay: 5 + until: manage_transit_gateway_gw_available.transit_gateways[0].state == 'available' + + - name: Describe AWS Transit Gateway VPC attachments community.aws.ec2_transit_gateway_vpc_attachment_info: filters: transit-gateway-id: '{{ gw.transit_gateway_id }}' diff --git a/tests/integration/targets/test_manage_transit_gateway/tasks/vpn_attachments.yml b/tests/integration/targets/test_manage_transit_gateway/tasks/vpn_attachments.yml index 10b4cfc6..f7c3155b 100644 --- a/tests/integration/targets/test_manage_transit_gateway/tasks/vpn_attachments.yml +++ b/tests/integration/targets/test_manage_transit_gateway/tasks/vpn_attachments.yml @@ -2,17 +2,17 @@ - name: Test 'manage_transit_gateway' role block: # Creation - - name: Create Transit Gateway with VPC attachemnt + - name: Create Transit Gateway with VPC attachment ansible.builtin.include_role: name: cloud.aws_ops.manage_transit_gateway vars: - action: "create" - transit_gateway: + manage_transit_gateway_action: "create" + manage_transit_gateway_transit_gateway: asn: 4200000000 description: "TGW for Cloud team" tags: "team": "cloud" - vpn_attachment: + manage_transit_gateway_vpn_attachment: - customer_gateway_id: "{{ customer_gw_id }}" - name: Get vpn connections info diff --git a/tox.ini b/tox.ini index 4aab8522..ac04eaae 100644 --- a/tox.ini +++ b/tox.ini @@ -9,16 +9,16 @@ install_command = pip install {opts} {packages} [testenv:black] deps = - black >= 22.0, < 23.0 + black >= 23.0, < 24.0 commands = black {toxinidir}/plugins {toxinidir}/tests [testenv:ansible-lint] deps = - ansible-lint==6.16.0 + ansible-lint==6.21.0 changedir = {toxinidir} -commands = +commands = ansible-lint [testenv:linters]