amazon: allow NACL to be removed by its id (#25925)

This commit is contained in:
mihu 2017-06-22 08:46:46 +02:00 committed by Will Thames
parent 6922a18c80
commit 60afe93521

View file

@ -29,11 +29,19 @@ options:
name: name:
description: description:
- Tagged name identifying a network ACL. - Tagged name identifying a network ACL.
required: true - One and only one of the I(name) or I(nacl_id) is required.
required: false
nacl_id:
description:
- NACL id identifying a network ACL.
- One and only one of the I(name) or I(nacl_id) is required.
required: false
version_added: "2.4"
vpc_id: vpc_id:
description: description:
- VPC id of the requesting VPC. - VPC id of the requesting VPC.
required: true - Required when state present.
required: false
subnets: subnets:
description: description:
- The list of subnets that should be associated with the network ACL. - The list of subnets that should be associated with the network ACL.
@ -118,6 +126,11 @@ EXAMPLES = '''
vpc_id: vpc-12345678 vpc_id: vpc-12345678
name: prod-dmz-nacl name: prod-dmz-nacl
state: absent state: absent
- name: "Delete nacl by its id"
ec2_vpc_nacl:
nacl_id: acl-33b4ee5b
state: absent
''' '''
RETURN = ''' RETURN = '''
task: task:
@ -343,10 +356,10 @@ def setup_network_acl(client, module):
def remove_network_acl(client, module): def remove_network_acl(client, module):
changed = False changed = False
result = dict() result = dict()
vpc_id = module.params.get('vpc_id')
nacl = describe_network_acl(client, module) nacl = describe_network_acl(client, module)
if nacl['NetworkAcls']: if nacl['NetworkAcls']:
nacl_id = nacl['NetworkAcls'][0]['NetworkAclId'] nacl_id = nacl['NetworkAcls'][0]['NetworkAclId']
vpc_id = nacl['NetworkAcls'][0]['VpcId']
associations = nacl['NetworkAcls'][0]['Associations'] associations = nacl['NetworkAcls'][0]['Associations']
assoc_ids = [a['NetworkAclAssociationId'] for a in associations] assoc_ids = [a['NetworkAclAssociationId'] for a in associations]
default_nacl_id = find_default_vpc_nacl(vpc_id, client, module) default_nacl_id = find_default_vpc_nacl(vpc_id, client, module)
@ -434,9 +447,14 @@ def describe_acl_associations(subnets, client, module):
def describe_network_acl(client, module): def describe_network_acl(client, module):
try: try:
nacl = client.describe_network_acls(Filters=[ if module.params.get('nacl_id'):
{'Name': 'tag:Name', 'Values': [module.params.get('name')]} nacl = client.describe_network_acls(Filters=[
]) {'Name': 'network-acl-id', 'Values': [module.params.get('nacl_id')]}
])
else:
nacl = client.describe_network_acls(Filters=[
{'Name': 'tag:Name', 'Values': [module.params.get('name')]}
])
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
module.fail_json(msg=str(e)) module.fail_json(msg=str(e))
return nacl return nacl
@ -527,8 +545,9 @@ def subnets_to_associate(nacl, client, module):
def main(): def main():
argument_spec = ec2_argument_spec() argument_spec = ec2_argument_spec()
argument_spec.update(dict( argument_spec.update(dict(
vpc_id=dict(required=True), vpc_id=dict(),
name=dict(required=True), name=dict(),
nacl_id=dict(),
subnets=dict(required=False, type='list', default=list()), subnets=dict(required=False, type='list', default=list()),
tags=dict(required=False, type='dict'), tags=dict(required=False, type='dict'),
ingress=dict(required=False, type='list', default=list()), ingress=dict(required=False, type='list', default=list()),
@ -537,7 +556,9 @@ def main():
), ),
) )
module = AnsibleModule(argument_spec=argument_spec, module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True) supports_check_mode=True,
required_one_of=[['name', 'nacl_id']],
required_if=[['state', 'present', ['vpc_id']]])
if not HAS_BOTO3: if not HAS_BOTO3:
module.fail_json(msg='json, botocore and boto3 are required.') module.fail_json(msg='json, botocore and boto3 are required.')