dms_replication_subnet_group (#56980

* dms_replication_subnet_group implementation
2019-06-26 18:04:27 +01:00 · 2019-06-26 18:04:27 +01:00 · edcb5b6775
commit edcb5b6775
parent bc3c90f2f1
5 changed files with 438 additions and 0 deletions
--- a/lib/ansible/modules/cloud/amazon/dms_replication_subnet_group.py
+++ b/lib/ansible/modules/cloud/amazon/dms_replication_subnet_group.py
@ -0,0 +1,247 @@
+#!/usr/bin/python
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+                    'status': ['preview'],
+                    'supported_by': 'community'}
+
+
+DOCUMENTATION = '''
+---
+module: dms_replication_subnet_group
+short_description: creates or destroys a data migration services subnet group
+description:
+    - Creates or destroys a data migration services subnet group
+version_added: "2.9"
+options:
+    state:
+        description:
+            - State of the subnet group
+        default: present
+        choices: ['present', 'absent']
+        type: str
+    identifier:
+        description:
+            - The name for the replication subnet group.
+              This value is stored as a lowercase string.
+              Must contain no more than 255 alphanumeric characters,
+              periods, spaces, underscores, or hyphens. Must not be "default".
+        type: str
+    description:
+        description:
+            - The description for the subnet group.
+        type: str
+    subnet_ids:
+        description:
+            - A list containing the subnet ids for the replication subnet group,
+              needs to be at least 2 items in the list
+        type: list
+author:
+    - "Rui Moreira (@ruimoreira)"
+extends_documentation_fragment:
+    - aws
+    - ec2
+'''
+
+EXAMPLES = '''
+- dms_replication_subnet_group:
+    state: present
+    identifier: "dev-sngroup"
+    description: "Development Subnet Group asdasdas"
+    subnet_ids: ['subnet-id1','subnet-id2']
+'''
+
+RETURN = ''' # '''
+__metaclass__ = type
+import traceback
+from ansible.module_utils.aws.core import AnsibleAWSModule
+from ansible.module_utils.ec2 import boto3_conn, HAS_BOTO3, \
+    camel_dict_to_snake_dict, get_aws_connection_info, AWSRetry
+try:
+    import botocore
+except ImportError:
+    pass  # caught by AnsibleAWSModule
+
+backoff_params = dict(tries=5, delay=1, backoff=1.5)
+
+
+@AWSRetry.backoff(**backoff_params)
+def describe_subnet_group(connection, subnet_group):
+    """checks if instance exists"""
+    try:
+        subnet_group_filter = dict(Name='replication-subnet-group-id',
+                                   Values=[subnet_group])
+        return connection.describe_replication_subnet_groups(Filters=[subnet_group_filter])
+    except botocore.exceptions.ClientError:
+        return {'ReplicationSubnetGroups': []}
+
+
+@AWSRetry.backoff(**backoff_params)
+def replication_subnet_group_create(connection, **params):
+    """ creates the replication subnet group """
+    return connection.create_replication_subnet_group(**params)
+
+
+@AWSRetry.backoff(**backoff_params)
+def replication_subnet_group_modify(connection, **modify_params):
+    return connection.modify_replication_subnet_group(**modify_params)
+
+
+@AWSRetry.backoff(**backoff_params)
+def replication_subnet_group_delete(module, connection):
+    subnetid = module.params.get('identifier')
+    delete_parameters = dict(ReplicationSubnetGroupIdentifier=subnetid)
+    return connection.delete_replication_subnet_group(**delete_parameters)
+
+
+def get_dms_client(module, aws_connect_params, client_region, ec2_url):
+    client_params = dict(
+        module=module,
+        conn_type='client',
+        resource='dms',
+        region=client_region,
+        endpoint=ec2_url,
+        **aws_connect_params
+    )
+    return boto3_conn(**client_params)
+
+
+def replication_subnet_exists(subnet):
+    """ Returns boolean based on the existance of the endpoint
+    :param endpoint: dict containing the described endpoint
+    :return: bool
+    """
+    return bool(len(subnet['ReplicationSubnetGroups']))
+
+
+def create_module_params(module):
+    """
+    Reads the module parameters and returns a dict
+    :return: dict
+    """
+    instance_parameters = dict(
+        # ReplicationSubnetGroupIdentifier gets translated to lower case anyway by the API
+        ReplicationSubnetGroupIdentifier=module.params.get('identifier').lower(),
+        ReplicationSubnetGroupDescription=module.params.get('description'),
+        SubnetIds=module.params.get('subnet_ids'),
+    )
+
+    return instance_parameters
+
+
+def compare_params(module, param_described):
+    """
+    Compares the dict obtained from the describe function and
+    what we are reading from the values in the template We can
+    never compare passwords as boto3's method for describing
+    a DMS endpoint does not return the value for
+    the password for security reasons ( I assume )
+    """
+    modparams = create_module_params(module)
+    changed = False
+    # need to sanitize values that get retured from the API
+    if 'VpcId' in param_described.keys():
+        param_described.pop('VpcId')
+    if 'SubnetGroupStatus' in param_described.keys():
+        param_described.pop('SubnetGroupStatus')
+    for paramname in modparams.keys():
+        if paramname in param_described.keys() and \
+                param_described.get(paramname) == modparams[paramname]:
+            pass
+        elif paramname == 'SubnetIds':
+            subnets = []
+            for subnet in param_described.get('Subnets'):
+                subnets.append(subnet.get('SubnetIdentifier'))
+            for modulesubnet in modparams['SubnetIds']:
+                if modulesubnet in subnets:
+                    pass
+        else:
+            changed = True
+    return changed
+
+
+def create_replication_subnet_group(module, connection):
+    try:
+        params = create_module_params(module)
+        return replication_subnet_group_create(connection, **params)
+    except botocore.exceptions.ClientError as e:
+        module.fail_json(msg="Failed to create DMS replication subnet group.",
+                         exception=traceback.format_exc(),
+                         **camel_dict_to_snake_dict(e.response))
+    except botocore.exceptions.BotoCoreError as e:
+        module.fail_json(msg="Failed to create DMS replication subnet group.",
+                         exception=traceback.format_exc())
+
+
+def modify_replication_subnet_group(module, connection):
+    try:
+        modify_params = create_module_params(module)
+        return replication_subnet_group_modify(connection, **modify_params)
+    except botocore.exceptions.ClientError as e:
+        module.fail_json(msg="Failed to Modify the DMS replication subnet group.",
+                         exception=traceback.format_exc(),
+                         **camel_dict_to_snake_dict(e.response))
+    except botocore.exceptions.BotoCoreError as e:
+        module.fail_json(msg="Failed to Modify the DMS replication subnet group.",
+                         exception=traceback.format_exc())
+
+
+def main():
+    argument_spec = dict(
+        state=dict(type='str', choices=['present', 'absent'], default='present'),
+        identifier=dict(type='str', required=True),
+        description=dict(type='str', required=True),
+        subnet_ids=dict(type='list', elements='str', required=True),
+    )
+    module = AnsibleAWSModule(
+        argument_spec=argument_spec,
+        supports_check_mode=True
+    )
+    exit_message = None
+    changed = False
+    if not HAS_BOTO3:
+        module.fail_json(msg='boto3 required for this module')
+
+    state = module.params.get('state')
+    aws_config_region, ec2_url, aws_connect_params = \
+        get_aws_connection_info(module, boto3=True)
+    dmsclient = get_dms_client(module, aws_connect_params, aws_config_region, ec2_url)
+    subnet_group = describe_subnet_group(dmsclient,
+                                         module.params.get('identifier'))
+    if state == 'present':
+        if replication_subnet_exists(subnet_group):
+            if compare_params(module, subnet_group["ReplicationSubnetGroups"][0]):
+                if not module.check_mode:
+                    exit_message = modify_replication_subnet_group(module, dmsclient)
+                else:
+                    exit_message = dmsclient
+                changed = True
+            else:
+                exit_message = "No changes to Subnet group"
+        else:
+            if not module.check_mode:
+                exit_message = create_replication_subnet_group(module, dmsclient)
+                changed = True
+            else:
+                exit_message = "Check mode enabled"
+
+    elif state == 'absent':
+        if replication_subnet_exists(subnet_group):
+            if not module.check_mode:
+                replication_subnet_group_delete(module, dmsclient)
+                changed = True
+                exit_message = "Replication subnet group Deleted"
+            else:
+                exit_message = dmsclient
+                changed = True
+
+        else:
+            changed = False
+            exit_message = "Replication subnet group does not exist"
+
+    module.exit_json(changed=changed, msg=exit_message)
+
+
+if __name__ == '__main__':
+    main()
--- a/test/integration/targets/dms_replication_subnet_group/aliases
+++ b/test/integration/targets/dms_replication_subnet_group/aliases
@ -0,0 +1,2 @@
+cloud/aws
+unsupported
--- a/test/integration/targets/dms_replication_subnet_group/defaults/main.yml
+++ b/test/integration/targets/dms_replication_subnet_group/defaults/main.yml
@ -0,0 +1,2 @@
+resource_prefix: "test_dms_sg"
+dms_role_role_name: dms-vpc-role
--- a/test/integration/targets/dms_replication_subnet_group/files/dmsAssumeRolePolicyDocument.json
+++ b/test/integration/targets/dms_replication_subnet_group/files/dmsAssumeRolePolicyDocument.json
@ -0,0 +1,12 @@
+{
+   "Version": "2012-10-17",
+   "Statement": [
+   {
+     "Effect": "Allow",
+     "Principal": {
+        "Service": "dms.amazonaws.com"
+     },
+   "Action": "sts:AssumeRole"
+   }
+ ]
+}
--- a/test/integration/targets/dms_replication_subnet_group/tasks/main.yml
+++ b/test/integration/targets/dms_replication_subnet_group/tasks/main.yml
@ -0,0 +1,175 @@
+---
+
+- name: set connection information for all tasks
+  set_fact:
+    aws_connection_info: &aws_connection_info
+      aws_access_key: "{{ aws_access_key }}"
+      aws_secret_key: "{{ aws_secret_key }}"
+      region: "{{ aws_region }}"
+    dms_sg_identifier: "{{ resource_prefix }}-dms"
+  no_log: yes
+
+- block:
+
+    - name: ensure IAM role exists
+      iam_role:
+        <<: *aws_connection_info
+        name: "{{ dms_role_role_name }}"
+        assume_role_policy_document: "{{ lookup('file','dmsAssumeRolePolicyDocument.json') }}"
+        state: present
+        create_instance_profile: no
+        managed_policy:
+          - 'arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole'
+      register: iam_role_output
+      ignore_errors: yes
+
+    - name: Create VPC for use in testing
+      ec2_vpc_net:
+        name: "{{ resource_prefix }}-vpc"
+        cidr_block: 10.22.32.0/23
+        tags:
+          Name: Ansible ec2_instance Testing VPC
+        tenancy: default
+        <<: *aws_connection_info
+      register: testing_vpc
+
+    - name: create subnet1
+      ec2_vpc_subnet:
+        state: present
+        vpc_id:  "{{ testing_vpc.vpc.id }}"
+        cidr: 10.22.32.16/28
+        az: eu-west-1a
+        <<: *aws_connection_info
+      register: subnet1
+
+    - name: create subnet2
+      ec2_vpc_subnet:
+        state: present
+        vpc_id:  "{{ testing_vpc.vpc.id }}"
+        cidr: 10.22.32.32/28
+        az: eu-west-1c
+        <<: *aws_connection_info
+      register: subnet2
+
+    - name: create replication subnet group
+      dms_replication_subnet_group:
+        state: present
+        identifier: "{{ dms_sg_identifier }}"
+        description: "Development Subnet Group"
+        subnet_ids: [ "{{ subnet1.subnet.id }}", "{{ subnet2.subnet.id }}"]
+        <<: *aws_connection_info
+      register: result
+
+    - assert:
+        that:
+          - result is changed
+          - result is not failed
+
+    - name: create subnet group no change
+      dms_replication_subnet_group:
+        state: present
+        identifier: "{{ dms_sg_identifier }}"
+        description: "Development Subnet Group"
+        subnet_ids: [ "{{ subnet1.subnet.id }}", "{{ subnet2.subnet.id }}"]
+        <<: *aws_connection_info
+      register: result
+
+    - assert:
+        that:
+          - result is not changed
+          - result is not failed
+
+    - name: update subnet group
+      dms_replication_subnet_group:
+        state: present
+        identifier: "{{ dms_sg_identifier }}"
+        description: "Development Subnet Group updated"
+        subnet_ids: [ "{{ subnet1.subnet.id }}", "{{ subnet2.subnet.id }}"]
+        <<: *aws_connection_info
+      register: result
+
+    - assert:
+        that:
+          - result is changed
+          - result is not failed
+
+    - name: update subnet group no change
+      dms_replication_subnet_group:
+        state: present
+        identifier: "{{ dms_sg_identifier }}"
+        description: "Development Subnet Group updated"
+        subnet_ids: [ "{{ subnet1.subnet.id }}", "{{ subnet2.subnet.id }}"]
+        <<: *aws_connection_info
+      register: result
+
+    - assert:
+        that:
+          - result is not changed
+          - result is not failed
+
+  always:
+    - name: delete subnet group no change
+      dms_replication_subnet_group:
+        state: absent
+        identifier: "{{ dms_sg_identifier }}"
+        description: "Development Subnet Group updated"
+        subnet_ids: [ "{{ subnet1.subnet.id }}", "{{ subnet2.subnet.id }}"]
+        <<: *aws_connection_info
+      register: result
+
+    - assert:
+        that:
+          - result is changed
+          - result is not failed
+
+    - name: delete subnet group no change
+      dms_replication_subnet_group:
+        state: absent
+        identifier: "{{ dms_sg_identifier }}"
+        description: "Development Subnet Group updated"
+        subnet_ids: [ "{{ subnet1.subnet.id }}", "{{ subnet2.subnet.id }}"]
+        <<: *aws_connection_info
+      register: result
+
+    - assert:
+        that:
+          - result is not changed
+          - result is not failed
+
+    - name: delete subnet1
+      ec2_vpc_subnet:
+        state: absent
+        vpc_id:  "{{ testing_vpc.vpc.id }}"
+        cidr: 10.22.32.16/28
+        az: eu-west-1a
+        <<: *aws_connection_info
+
+    - name: delete subnet2
+      ec2_vpc_subnet:
+        state: absent
+        vpc_id:  "{{ testing_vpc.vpc.id }}"
+        cidr: 10.22.32.32/28
+        az: eu-west-1c
+        <<: *aws_connection_info
+
+    - name: delete VPC for use in testing
+      ec2_vpc_net:
+        name: "{{ resource_prefix }}-vpc"
+        cidr_block: 10.22.32.0/23
+        tags:
+          Name: Ansible ec2_instance Testing VPC
+        tenancy: default
+        state: absent
+        <<: *aws_connection_info
+
+    - name: delete dms-vpc role
+      iam_role:
+        <<: *aws_connection_info
+        name: "{{ dms_role_role_name }}"
+        assume_role_policy_document: "{{ lookup('file','dmsAssumeRolePolicyDocument.json') }}"
+        state: absent
+        create_instance_profile: no
+        managed_policy:
+          - 'arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole'
+      register: iam_role_output
+      ignore_errors: yes