diff --git a/hacking/aws_config/testing_policies/iam-policy.json b/hacking/aws_config/testing_policies/iam-policy.json new file mode 100644 index 00000000000..6105e40a92e --- /dev/null +++ b/hacking/aws_config/testing_policies/iam-policy.json @@ -0,0 +1,17 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "AllowAccessToServerCertificates", + "Effect": "Allow", + "Action": [ + "iam:ListServerCertificates", + "iam:UploadServerCertificate", + "iam:UpdateServerCertificate", + "iam:DeleteServerCertificate", + "iam:GetServerCertificate" + ], + "Resource": "*" + } + ] +} diff --git a/lib/ansible/modules/cloud/amazon/elb_network_lb.py b/lib/ansible/modules/cloud/amazon/elb_network_lb.py index ac3db9abe0d..f3de696707d 100644 --- a/lib/ansible/modules/cloud/amazon/elb_network_lb.py +++ b/lib/ansible/modules/cloud/amazon/elb_network_lb.py @@ -103,7 +103,7 @@ EXAMPLES = ''' - subnet-012345678 - subnet-abcdef000 listeners: - - Protocol: TCP # Required. The protocol for connections from clients to the load balancer (Only TCP is available) (case-sensitive). + - Protocol: TCP # Required. The protocol for connections from clients to the load balancer (TCP or TLS) (case-sensitive). Port: 80 # Required. The port on which the load balancer is listening. DefaultActions: - Type: forward # Required. Only 'forward' is accepted at this time @@ -117,7 +117,7 @@ EXAMPLES = ''' - SubnetId: subnet-012345678 AllocationId: eipalloc-aabbccdd listeners: - - Protocol: TCP # Required. The protocol for connections from clients to the load balancer (Only TCP is available) (case-sensitive). + - Protocol: TCP # Required. The protocol for connections from clients to the load balancer (TCP or TLS) (case-sensitive). Port: 80 # Required. The port on which the load balancer is listening. DefaultActions: - Type: forward # Required. Only 'forward' is accepted at this time @@ -402,8 +402,8 @@ def main(): if listeners is not None: for listener in listeners: for key in listener.keys(): - if key == 'Protocol' and listener[key] != 'TCP': - module.fail_json(msg="'Protocol' must be 'TCP'") + if key == 'Protocol' and listener[key] not in ['TCP', 'TLS']: + module.fail_json(msg="'Protocol' must be either 'TCP' or 'TLS'") connection = module.client('elbv2') connection_ec2 = module.client('ec2') diff --git a/test/integration/targets/elb_network_lb/files/cert.pem b/test/integration/targets/elb_network_lb/files/cert.pem new file mode 100644 index 00000000000..81df3a6fa1c --- /dev/null +++ b/test/integration/targets/elb_network_lb/files/cert.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFiTCCA3GgAwIBAgIJAKE+XLUKdWtPMA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxFDASBgNVBAMMC2V4YW1wbGUuY29tMB4XDTE5MDYxNDEx +MzIzM1oXDTIwMDYxMzExMzIzM1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNv +bWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEUMBIG +A1UEAwwLZXhhbXBsZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDOFNh5eQ6+9tYvtzjrqvFDzPoXmZuOFeqFS7iBH4gLorvmQQIQcVEAH7O+tkhW +Z8+6PgvXXd43GFtEbY8jZoBQwupl7lIdzywFRoyZYkREXodmDixkwxlPvUWdrb3r +ZDRON6qIbX8LrzTPD1+JL4Rtkgr1RTlLrHT3ABEqEV1fQODOdbRd7rq6fmqwPlbl +zS5kN3RPFuJVDZrnCPcEMOA3QftQgDTzyOlZJYWDZsJxel7H/O9qZjPBTitNJxg1 +ierPaIXT6u6CdWA0A7t3Knyn2+vcyvemjsbQg9v/U5zKR3h+6F0slqgOT/ZnrEos +AzxdeaA5POJFy6xCHZiVgsE7OVaPB9imWrrAYbKsHVLP2rdlhnGZQnnebmTYCll5 +SvXWCIr5vp4i1qxIa95QBU/xmEY6kTy9GjAOSmYXj7UnwnBZwgEop0yUdBMb4s9G +x8S6Yxaj1DZVyiyrzInBri9lqabkPLPQNaK7wTKN5zl7r5pSCsF8rl4R+mvcxyyY +dS+cqseGjn98ubdd/vyQWqLbQtr5Njk4ROs5Rv6/2z/RUFdwsqB5aXztxOs3J7aJ +5ScTgmoK+wkQY+tej6H5pgT02vKuXLwe4wHKKAYepgH7Azkm7XoFlHhBEUy+uUsI +PMBm2Meo1JzOc8E5QqLX2YO/MDiZhI+NYOMJF0/huWqM7wIDAQABo1AwTjAdBgNV +HQ4EFgQU3cPtQEUQYkj4lTM5fbdkd8FSVVIwHwYDVR0jBBgwFoAU3cPtQEUQYkj4 +lTM5fbdkd8FSVVIwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEACWQX +CJK6f+/Zci1e7Gvw0gd+1xV8jbz2lH2zOGSpoQ6UCRVrANEX+p0nZZRpnTTrJfGa +Yx+TjIJ4SSoaCud+N2IGXWxzuMan+NskyycTaHSA/i6OwZ8jKki/iVvE5XQN+gHw +h5lWnEh5PiGG91lYi+FShUN0DX7Su776UK3mloLlq+ANCubWxDycWc0xBNH8iD2U +xBV7MfuCX9rSei+2NU+hnOPrzh0OKNGOTSPHY1N1KU3grxTLTpF8PTMHC55sEy2E +EMokRb3V/lFyrfX755KT5cQG6uQKQorI95BoxoNjeek54tuBUjenLfOH6dMO/6Xd +WaouLXiDM73fwFI0ByQ5CTJizC0ehoZtv2XB7yjZJEuI7zz4wXBBwgNlBV2j4aJJ +0wNG9210ZC7NxNH7MRfZfzLQpsOMTm9UP85TXsB1ieaN6OD2CnHP9O6umy633Aie +dsQt5yaC9+N86NBceb44IlkqlTv720BQjq7Dz5UCthhNg0VYpICzymD9kAKPfx9Z +1ug2gB4i2r6eHqFIexwSfa29DxW+KEPlL7pP9P9FVsYNyZYOvX8OgVERkA/9L53i +MpzRPPzTyjW/sJcDWVfrQU0NhPj5lOxdMcbvvU+KD3afraUXPiN4N4+FFWENOFZ/ +HEKjPj+As/3OHNyUXrCciYjq6gCLZ6SV945l2h8= +-----END CERTIFICATE----- diff --git a/test/integration/targets/elb_network_lb/files/key.pem b/test/integration/targets/elb_network_lb/files/key.pem new file mode 100644 index 00000000000..3b4da6feda5 --- /dev/null +++ b/test/integration/targets/elb_network_lb/files/key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDOFNh5eQ6+9tYv +tzjrqvFDzPoXmZuOFeqFS7iBH4gLorvmQQIQcVEAH7O+tkhWZ8+6PgvXXd43GFtE +bY8jZoBQwupl7lIdzywFRoyZYkREXodmDixkwxlPvUWdrb3rZDRON6qIbX8LrzTP +D1+JL4Rtkgr1RTlLrHT3ABEqEV1fQODOdbRd7rq6fmqwPlblzS5kN3RPFuJVDZrn +CPcEMOA3QftQgDTzyOlZJYWDZsJxel7H/O9qZjPBTitNJxg1ierPaIXT6u6CdWA0 +A7t3Knyn2+vcyvemjsbQg9v/U5zKR3h+6F0slqgOT/ZnrEosAzxdeaA5POJFy6xC +HZiVgsE7OVaPB9imWrrAYbKsHVLP2rdlhnGZQnnebmTYCll5SvXWCIr5vp4i1qxI +a95QBU/xmEY6kTy9GjAOSmYXj7UnwnBZwgEop0yUdBMb4s9Gx8S6Yxaj1DZVyiyr +zInBri9lqabkPLPQNaK7wTKN5zl7r5pSCsF8rl4R+mvcxyyYdS+cqseGjn98ubdd +/vyQWqLbQtr5Njk4ROs5Rv6/2z/RUFdwsqB5aXztxOs3J7aJ5ScTgmoK+wkQY+te +j6H5pgT02vKuXLwe4wHKKAYepgH7Azkm7XoFlHhBEUy+uUsIPMBm2Meo1JzOc8E5 +QqLX2YO/MDiZhI+NYOMJF0/huWqM7wIDAQABAoICAB3iqAH1rE3FPgptZ7PFdnd+ +okYJ4KUaSIhMEtWm3PPTBay+gK4hwL1j240sohDlvRolJVJ2KmOTBKlHuhpIIxOT +MKrXhNEN2jRpproXpg7EJp6GL6ntIR6PNClJqOEaBvvQ1soyFtp67g2ZDSG34lyB +cVVgVI7E07F+MP8IxaGqpu9J4n48wJeK/a3RXIi22KNv504Q44GyF2SpyCizbdCV +oPxrm0I/QJfM+S+1Fz2doWEfLRkg+SBvVZg6sygQeBzb64xv5WbF3s2sPONrJeix +2+KJDKD605ophR3h4jrzYmYFDH4K2xQ4RGOEeL0pOvfTS4kBa07z2mc8I4SLEbpi +VzQblmftRvwye2eKk74GVhJho7Il6ssTL29TJxIyzEljVFrprILkmAVEV8SOn544 +pgSj6i7gDcav4OdhxldT6dk7PNqMq49p3acYzLtXCknlLkHOODEFH3BWP1oAWN6e +m34kwPGFviKEIYkurWV0LGV9h/zLL3kxjdbgFyLY24jVbvWuJ9VeJkcHVgL3Rs1A +5irHFpW9TSKYg+R8zLM50S5HRcnL0wV+hl02TcJbkjyVToFh5FeDdyIxN+sQnh+a +b+g/IA+um2RbqjEUoaVxCdIo7/oPzzj0u8Pw5FvAedNM1a8sZiUJ/1CW7In8yRPC +Nb5rONsL/eEHAJU9EWIBAoIBAQDnzEl7NUZ50wjqBTna69u9luxb6ixJM3o9asnY +BXU90Bp7kl14WbHUmTPYGKoGIEKDmmKpA/LhGwD1vykjtHWkUcgGYYucXIBuzRb7 +hEcAa9qkce6Ik4HS8khRmmikNDu/t5zJU2tkgNuGVQlHvsjpJz/rdX857G5Cv8v7 +GSBL4aNxhp9OoMav3/XEUpRSoccR7WEAdfeTfiR4EgaIy864w4twxr2nLroB6SzN +dYSPZ4hMkTS34ixzjO233QioAGiEnG22XyBA7DTB41EoRFIBcbPrCMqDONkNHbeO +j25g4okNjK+7ihmIHZBP0awN+mlfNHnDXuJ6L2LCrxWHQQtHAoIBAQDjmS6h51/H +gcBDUxot16M/7PPJZUbJ8y+qqPbaqu3ORADyvguE/Ww80we+8xeaOa5tVpVE6diZ +tg5BfBGwltyCEwKDAG1g9/D3IVw3yE1AuxyG0+1q0/rTcdZl01PgGVwi+28YCLyO +VxgyIvpGFwgQ9WV22l16JatyhsZLRIWFk78ECJO3v5X8KuCJLnKfcd9nkem9DXdS +iKqiylOXzvIKGUe5HxeDd/itI8V8b8OTQQxM0jEwCOZQg1o1BNN0uEJo4dENkuYa +dZyJFYe0ZsM5ZRm5HmcIYMlPejcYaINRX30TZHRNE/X+fCfrIwg0LmJxFVieFcc3 +Dc3ZU1K5T3UZAoIBAQDCAK3ji+RPY/xK+VLB0rOYSy/JggXMwmPl8XG79l14/aqc +kBTg/JkkqZDFpWbwN6HTyawXb3GhS9uS0oqZEpl/jN8P0CZsGNN5aPd6TOysApj9 +F0ogTuzSY+t5OPWpsPns7L0xlzsD5AFXveZFgP1gfnQ2GqIAFcz22tXbc90fBVup +UZYV1eRVIOnuhXsUachWTcno+9LZRDM7t0J2zbVX2HnlSsFCoo4VuVXBJEFtUKa4 +BrQLzyWLFIGFaF6tVaIkk1QT1iwFimxhdmLfg8bq5IJEDZiJGVQ4cQ3HKG6mchNp +Hr2aBex2it/UnlUVYec9QotCpDCDORO8g5NOH3dTAoIBAQCJH9htqVYWgIESzvW9 +2ua7dAqpM0CEGeWFH8mik0s1c9lSZtfP51OYDdjj3dhBjjEeJQVIANAERCCwqYyK +5UmzgLqJrO85dgiTDGFgJmkM7+7O+M5ZB6BeVn7C2KD3KrBNT0lupIzeAXFNe69o +HSY5+W+JPSUGm72BAdxkqsL7aLm0N2qwUViPFlIztG1QzS25W7sEsSFL85VDAT1+ +ACvpk7OXwDjNd7G2tw+b2kZt6Mn9WsJR23rP1WO6/85ay00PncXzNKc4F9YY7YTW +VveWE+h8lOmkrZN8M/kP1qAPncVgsqwzaCxUh/8Q9wlRTwT2dtLuY9ajv8hfAImd +pla5AoIBAQCduiA3aZBDqGrUTH9bcMRtyU8RTlc2Y5+jFSBP4KfcS/ORoILVdvZz +v+o0jw01keGAtW77Mq70ZCpc8HjOm8Ju8GYtwUGmPRS+hQaZwT8/QseF6q2Q+Bi5 +Wc0Lqa4YA0cI7XViJRhHIPfdV8YEEAW8rIAUqFSoAT6G7z/o0K4zlSa+2RbG0l1v +zLWmJtF8OJfM8IboIyER0PHrWjNFzxKCJssu2WE7WT6/Rupus04XVXRR+Fb6DAGb +yw2MpB3kLvjugQpolx4YbXE4n+F1mkqm9fHjo4fbfSwjmeFnPsRvRmiRTomHxq/s +DUZ6eZM8TIlGhUrx/Y1TP0GQjKxDN6ZQ +-----END PRIVATE KEY----- diff --git a/test/integration/targets/elb_network_lb/tasks/main.yml b/test/integration/targets/elb_network_lb/tasks/main.yml index 6d5e5a90640..7cee4422a77 100644 --- a/test/integration/targets/elb_network_lb/tasks/main.yml +++ b/test/integration/targets/elb_network_lb/tasks/main.yml @@ -9,6 +9,15 @@ region: "{{ aws_region }}" no_log: yes + - name: create certificate + iam_cert: + name: test_cert + state: present + cert: "{{ lookup('file', 'cert.pem') }}" + key: "{{ lookup('file', 'key.pem') }}" + <<: *aws_connection_info + register: cert + - name: create VPC ec2_vpc_net: cidr_block: 10.228.228.0/22 @@ -203,3 +212,10 @@ delay: 5 until: remove_vpc is success ignore_errors: yes + + - name: destroy certificate + iam_cert: + name: test_cert + state: absent + <<: *aws_connection_info + ignore_errors: yes diff --git a/test/integration/targets/elb_network_lb/tasks/test_creating_nlb.yml b/test/integration/targets/elb_network_lb/tasks/test_creating_nlb.yml index 9b0d204e480..ca502452a1a 100644 --- a/test/integration/targets/elb_network_lb/tasks/test_creating_nlb.yml +++ b/test/integration/targets/elb_network_lb/tasks/test_creating_nlb.yml @@ -9,7 +9,7 @@ region: "{{ aws_region }}" no_log: yes - - name: create NLB with a listener + - name: create NLB with listeners elb_network_lb: name: "{{ nlb_name }}" subnets: "{{ nlb_subnets }}" @@ -20,15 +20,22 @@ DefaultActions: - Type: forward TargetGroupName: "{{ tg_name }}" + - Protocol: TLS + Port: 443 + Certificates: + - CertificateArn: "{{ cert.arn }}" + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" <<: *aws_connection_info register: nlb - assert: that: - nlb.changed - - nlb.listeners|length == 1 + - nlb.listeners|length == 2 - - name: test idempotence creating NLB with a listener + - name: test idempotence creating NLB with listeners elb_network_lb: name: "{{ nlb_name }}" subnets: "{{ nlb_subnets }}" @@ -39,10 +46,17 @@ DefaultActions: - Type: forward TargetGroupName: "{{ tg_name }}" + - Protocol: TLS + Port: 443 + Certificates: + - CertificateArn: "{{ cert.arn }}" + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" <<: *aws_connection_info register: nlb - assert: that: - not nlb.changed - - nlb.listeners|length == 1 + - nlb.listeners|length == 2 \ No newline at end of file