[cloud] allow ec2_lc to take user data from binary files w/ user_data_path (#20138)

* Add user_data_path parameter to ec2_lc module

* Improve user_data_path parameter documentation

- Specify mutual exclusivity
- Specify `version_added`
- Change module parameter type to `path`

* Use correct comparison for user_data result

* Include traceback on error and use with block

* Only hide user data if provided in file

lib/ansible/modules/cloud/amazon/ec2_lc.py

@@ -65,8 +65,13 @@ options:
     required: false
   user_data:
     description:
-      - opaque blob of data which is made available to the ec2 instance
+      - opaque blob of data which is made available to the ec2 instance. Mutually exclusive with I(user_data_path).
     required: false
+  user_data_path:
+    description:
+      - Path to the file that contains userdata for the ec2 instances. Mutually exclusive with I(user_data).
+    required: false
+    version_added: "2.3"
   kernel_id:
     description:
       - Kernel id for the EC2 instance
@@ -134,6 +139,7 @@ EXAMPLES = '''
       ephemeral: ephemeral0
 
 '''
+import traceback
 
 from ansible.module_utils.basic import *
 from ansible.module_utils.ec2 import *
@@ -175,6 +181,7 @@ def create_launch_config(connection, module):
     key_name = module.params.get('key_name')
     security_groups = module.params['security_groups']
     user_data = module.params.get('user_data')
+    user_data_path = module.params.get('user_data_path')
     volumes = module.params['volumes']
     instance_type = module.params.get('instance_type')
     spot_price = module.params.get('spot_price')
@@ -188,6 +195,13 @@ def create_launch_config(connection, module):
     classic_link_vpc_security_groups = module.params.get('classic_link_vpc_security_groups')
     bdm = BlockDeviceMapping()
 
+    if user_data_path:
+        try:
+            with open(user_data_path, 'r') as user_data_file:
+                user_data = user_data_file.read()
+        except IOError as e:
+            module.fail_json(msg=str(e), exception=traceback.format_exc())
+
     if volumes:
         for volume in volumes:
             if 'device_name' not in volume:
@@ -250,6 +264,8 @@ def create_launch_config(connection, module):
             if bdm.ebs is not None:
                 result['block_device_mappings'][-1]['ebs'] = dict(snapshot_id=bdm.ebs.snapshot_id, volume_size=bdm.ebs.volume_size)
 
+    if user_data_path:
+        result['user_data'] = "hidden" # Otherwise, we dump binary to the user's terminal
 
     module.exit_json(changed=changed, name=result['name'], created_time=result['created_time'],
                      image_id=result['image_id'], arn=result['launch_configuration_arn'],
@@ -277,6 +293,7 @@ def main():
             key_name=dict(type='str'),
             security_groups=dict(type='list'),
             user_data=dict(type='str'),
+            user_data_path=dict(type='path'),
             kernel_id=dict(type='str'),
             volumes=dict(type='list'),
             instance_type=dict(type='str'),
@@ -293,7 +310,10 @@ def main():
         )
     )
 
-    module = AnsibleModule(argument_spec=argument_spec)
+    module = AnsibleModule(
+        argument_spec=argument_spec,
+        mutually_exclusive = [['user_data', 'user_data_path']]
+    )
 
     if not HAS_BOTO:
         module.fail_json(msg='boto required for this module')