Commit graph

36 commits

Author SHA1 Message Date
Mike Buzzetti
bc1ad708dd Adds support for purge_rules. Similar to how ec2_elb_lb does with zones 2014-08-08 12:36:40 -04:00
Michael Peters
ac0f312ed2 better way to document "state" choices 2014-08-08 09:35:15 -04:00
Michael Peters
c75996d996 Small doc addition to ec2_group to show the various values for "state" 2014-08-08 09:20:23 -04:00
James Cammarata
22f3f2b74a Merge pull request #8174 from altruism/devel
Make ec2_group module not just fail
2014-07-31 15:02:30 -05:00
James Cammarata
745b28072a Check for the numeric "all" value (-1) for the rule protocol
Fixes #7832
2014-07-31 14:01:44 -05:00
Jacob Hickey
ea9af2cbb1 Add missing params to get_target_from_rule
get_target_from_rule was extracted from main() without enough parameters for
all the local variables it took with it from the extraction site.
2014-07-17 11:03:38 -04:00
James Cammarata
bd5cf57e76 Merge pull request #7653 from evanccopengeo/devel
ec2_group: Fix for 500 error when creating new security groups
2014-06-06 10:34:42 -05:00
James Cammarata
b3bbca03d5 Add additional params to get_target_from_rule method in ec2_group
Fixes #7592
2014-06-04 13:52:44 -05:00
evanccopengeo
fac9a64d23 fixing problem where ansible would error out because Amazon was saying the group didnt exist yet (needed to wait a few more seconds for amazon to propagate correctly) 2014-06-03 14:25:48 -04:00
CorbanR
42f54238e4 updating example, to be more consistent with parameter names 2014-05-30 15:57:55 -06:00
James Cammarata
713657d684 Make sure the default ec2_group egress rule is not removed
Upon a second run, the default egress rule will be removed when a
vpc is specified but no other egress rules were set. This patch
corrects that behavior by removing the default egress rule from the
list of unmatched outbound rules.

Fixes #7309
2014-05-07 20:52:03 -05:00
James Cammarata
1ef0402f03 Make sure a default allow out rule exists if no other egress rules do
Fixes #7027
2014-04-17 15:24:18 -05:00
willthames
509561f658 Moved AWS modules over to common module fragments
Created common module doc fragment, and applied to all
modules that use ec2_connect or connect_to_aws as
they definitely share the common doc fragments
2014-04-09 21:19:12 +10:00
Michael DeHaan
5b5ab78183 Add version_added to docs. 2014-03-28 13:51:22 -04:00
Maykel Moya
6a92d48b0f ec2_group: Document group_desc rule param 2014-03-21 08:35:25 +01:00
Maykel Moya
a429ff26dc ec2_group: Add documentation for rules_egress 2014-03-20 17:24:22 +01:00
Maykel Moya
b642e39e67 ec2_group: rules are not a required task argument 2014-03-20 17:24:22 +01:00
Maykel Moya
3156df9931 ec2_group: Request a fresh group object after creation
When a group is created, an egress_rule ALLOW ALL to 0.0.0.0/0 is added
automatically but it's not reflected in the object returned by the AWS API
call. After creation we re-read the group for getting an updated object.
2014-03-20 17:24:22 +01:00
Maykel Moya
649fcd3e1c ec2_group: Auto create missing groups referenced in rules
Suppose a pair of groups, A and B, depending on each other. One solution
for breaking the circular dependency at playbook level:

    - declare group A without dependencies
    - declare group B depending on A
    - declare group A depending on B

This patch breaks the dependency at module level. Whenever a depended-on
group is missing it's first created. This approach requires only two tasks:

    - declare group A depending on B (group B will be auto created)
    - declare group B depending on A

When creating a group EC2 requires you to pass the group description. In
order to fullfil this, rules now accept the `group_desc` param. Note
that group description can't be changed once the group is created so
it's nice to keep descriptions in sync.

Concrete example:

- ec2_group:
    name: mysql-client
    description: MySQL Client
    rules_egress:
      - proto: tcp
        from_port: 3306
        to_port: 3306
        group_name: mysql-server
        group_desc: MySQL Server

- ec2_group:
    name: mysql-server
    description: MySQL Server
    rules:
      - proto: tcp
        from_port: 3306
        to_port: 3306
        group_name: mysql-client
2014-03-20 17:24:17 +01:00
Maykel Moya
77d7165dde ec2_group: Deduplicate rule parsing/validation code 2014-03-20 16:19:35 +01:00
Maykel Moya
f97243d6ed ec2_group: Add support for handling egress rules 2014-03-20 15:50:08 +01:00
James Cammarata
8ca3bb4137 Updating profile/security_token version_added labels 2014-03-11 10:48:16 -05:00
Will Thames
b9a7352e0a Work to allow security tokens and profiles to work with Ansible
Allow security tokens and profiles to be used as arguments
to the 'common' ec2 modules

Mostly refactoring to provide two new methods,
`get_aws_connection_info`, which results in a dict that can be
passed through to the boto `connect_to_region` calls, and
`connect_to_aws` that can pass that dict through to the
`connect_to_region` method of the appropriate module.

Tidied up some variable names

Works around boto/boto#2100

profiles don't work with boto < 2.24, but this detects for that
and fails with an appropriate message. It is designed to work
if profile is not passed but boto < 2.24 is installed.

Modifications to allow empty aws auth variables to be passed
(this is useful if wanting to have the keys as an optional
parameter in ec2 calls - if set, use this value, if not set,
use boto config or env variables)

Reworked validate_certs improvements to work with refactoring

Added documentation for profile and security_token to affected modules
2014-03-06 16:28:30 +10:00
Patryk Zawadzki
da1efee21f Properly match existing security group
If we don't care about `vpc_id` then neither should the code.
2014-02-26 13:39:03 +01:00
James Cammarata
056d54ebd3 Adding 'validate_certs' option to EC2 modules
When disabled, the boto connection will be instantiated without validating
the SSL certificate from the target endpoint. This allows the modules to connect
to Eucalyptus instances running with self-signed certs without errors.

Fixes #3978
2014-02-13 12:32:49 -06:00
Will Thames
7600c664fe Create a common EC2 connection argument spec for EC2 modules
Refactor the currently well-factored ec2 modules (i.e. those that already use ec2_connect) to
have a common argument spec. The idea is that new modules can use this spec without duplication
of code, and that new functionality can be added to the ec2 connection code (e.g. security
token argument)
2014-02-06 15:27:41 +10:00
jctanner
821858ed08 Merge pull request #5380 from dhml/devel
ec2_group: rules can't reference containing group fix #5309
2014-01-27 11:41:21 -08:00
David Hummel
c5433d9742 Check for group_name and cidr_ip. 2013-12-23 15:57:47 -05:00
David Hummel
bd67c6756a Add rule group_name parameter whose value can reference containing group name. 2013-12-20 16:06:55 -05:00
willthames
12005a1cd0 Move more responsibility to common EC2 module
Moved `AWS_REGIONS` into `ec2` module
Created `ec2_connect` method in `ec2` module
Updated modules able to use `ec2_connect` and `AWS_REGIONS`
2013-12-17 14:07:24 +10:00
Michael DeHaan
f7c3975f21 Add version_added to all modules missing version_added information, the docs formatter will now
raise errors when omitted, updated changelog with new modules.
2013-11-18 18:55:49 -05:00
James Tanner
afa5988391 Fixes #4540 Use shared module snippet to evaluate ec2 credentials 2013-11-01 11:59:24 -04:00
Brian Schott
bdc8ea828e added aws_access_key and aws_secret_key aliases to ec2_group arguments 2013-10-17 15:23:24 -04:00
James Laska
e002496f0e Add idempotency support to ec2_group 2013-10-02 11:29:59 -04:00
James Cammarata
77b98df63b Minor fix, vpc_id is not required for the ec2_group 2013-08-19 11:38:06 -05:00
Andrew de Quincey
58e85855e4 Add module to control EC2 security groups 2013-08-19 11:38:06 -05:00