From cc6f6f4ce392c28ac962bb4a8ef8aa2120d0d176 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Wed, 8 Jun 2022 13:01:47 +0200 Subject: [PATCH] Tagging - wafv2_web_acl add support for managing and purging tags (#1218) Tagging - wafv2_web_acl add support for managing and purging tags SUMMARY Add support for returning tags Add support for updating tags Add support for purge_tags ISSUE TYPE Feature Pull Request COMPONENT NAME wafv2_web_acl wafv2_web_acl_info ADDITIONAL INFORMATION Reviewed-by: Joseph Torcasso Reviewed-by: Mark Chappell Reviewed-by: Alina Buzachis --- wafv2_web_acl.py | 33 ++++++++++++++++++++++----------- wafv2_web_acl_info.py | 5 +++++ 2 files changed, 27 insertions(+), 11 deletions(-) diff --git a/wafv2_web_acl.py b/wafv2_web_acl.py index d225a0ae890..c51a04e49e7 100644 --- a/wafv2_web_acl.py +++ b/wafv2_web_acl.py @@ -57,10 +57,6 @@ - Name of cloudwatch metrics. - If not given and cloudwatch_metrics is enabled, the name of the web acl itself will be taken. type: str - tags: - description: - - tags for wafv2 web acl. - type: dict rules: description: - The Rule statements used to identify the web requests that you want to allow, block, or count. @@ -102,9 +98,13 @@ default: yes type: bool +notes: + - Support for the I(purge_tags) parameter was added in release 4.0.0. + extends_documentation_fragment: -- amazon.aws.aws -- amazon.aws.ec2 + - amazon.aws.aws + - amazon.aws.ec2 + - amazon.aws.tags ''' @@ -323,6 +323,8 @@ from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict from ansible_collections.amazon.aws.plugins.module_utils.ec2 import snake_dict_to_camel_dict from ansible_collections.community.aws.plugins.module_utils.wafv2 import compare_priority_rules +from ansible_collections.community.aws.plugins.module_utils.wafv2 import describe_wafv2_tags +from ansible_collections.community.aws.plugins.module_utils.wafv2 import ensure_wafv2_tags from ansible_collections.community.aws.plugins.module_utils.wafv2 import wafv2_list_web_acls from ansible_collections.community.aws.plugins.module_utils.wafv2 import wafv2_snake_dict_to_camel_dict @@ -403,6 +405,8 @@ def get_web_acl(self): ) except (BotoCoreError, ClientError) as e: self.fail_json_aws(e, msg="Failed to get wafv2 web acl.") + tags = describe_wafv2_tags(self.wafv2, arn, self.fail_json_aws) + existing_acl['tags'] = tags return existing_acl, id, locktoken def list(self): @@ -461,9 +465,10 @@ def main(): sampled_requests=dict(type='bool', default=False), cloudwatch_metrics=dict(type='bool', default=True), metric_name=dict(type='str'), - tags=dict(type='dict'), + tags=dict(type='dict', aliases=['resource_tags']), + purge_tags=dict(default=True, type='bool'), custom_response_bodies=dict(type='dict'), - purge_rules=dict(default=True, type='bool') + purge_rules=dict(default=True, type='bool'), ) module = AnsibleAWSModule( @@ -482,6 +487,7 @@ def main(): cloudwatch_metrics = module.params.get("cloudwatch_metrics") metric_name = module.params.get("metric_name") tags = module.params.get("tags") + purge_tags = module.params.get("purge_tags") purge_rules = module.params.get("purge_rules") check_mode = module.check_mode @@ -506,12 +512,14 @@ def main(): if not metric_name: metric_name = name - web_acl = WebACL(module.client('wafv2'), name, scope, module.fail_json_aws) + wafv2 = module.client('wafv2') + web_acl = WebACL(wafv2, name, scope, module.fail_json_aws) change = False retval = {} if state == 'present': if web_acl.get(): + tags_changed = ensure_wafv2_tags(wafv2, web_acl.get().get('WebACL').get('ARN'), tags, purge_tags, module.fail_json_aws, module.check_mode) change, rules = compare_priority_rules(web_acl.get().get('WebACL').get('Rules'), rules, purge_rules, state) change = change or (description and web_acl.get().get('WebACL').get('Description') != description) change = change or (default_action and web_acl.get().get('WebACL').get('DefaultAction') != default_action) @@ -526,9 +534,12 @@ def main(): metric_name, custom_response_bodies ) - + elif tags_changed: + retval, id, locktoken = web_acl.get_web_acl() else: - retval = web_acl.get().get('WebACL') + retval = web_acl.get() + + change |= tags_changed else: change = True diff --git a/wafv2_web_acl_info.py b/wafv2_web_acl_info.py index 3fb91fbd802..86fd603e7cc 100644 --- a/wafv2_web_acl_info.py +++ b/wafv2_web_acl_info.py @@ -96,6 +96,7 @@ from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict +from ansible_collections.community.aws.plugins.module_utils.wafv2 import describe_wafv2_tags from ansible_collections.community.aws.plugins.module_utils.wafv2 import wafv2_list_web_acls @@ -132,15 +133,19 @@ def main(): response = wafv2_list_web_acls(wafv2, scope, module.fail_json_aws) id = None + arn = None retval = {} for item in response.get('WebACLs'): if item.get('Name') == name: id = item.get('Id') + arn = item.get('ARN') if id: existing_acl = get_web_acl(wafv2, name, scope, id, module.fail_json_aws) retval = camel_dict_to_snake_dict(existing_acl.get('WebACL')) + tags = describe_wafv2_tags(wafv2, arn, module.fail_json_aws) + retval['tags'] = tags module.exit_json(**retval)