diff --git a/changelogs/fragments/remove-ec2_vpc_route_table.yml b/changelogs/fragments/remove-ec2_vpc_route_table.yml new file mode 100644 index 00000000000..4faec435611 --- /dev/null +++ b/changelogs/fragments/remove-ec2_vpc_route_table.yml @@ -0,0 +1,7 @@ +breaking_changes: +- ec2_vpc_route_table - The module has been migrated from the ``community.aws`` collection. + Playbooks using the Fully Qualified Collection Name for this module should be updated + to use ``amazon.aws.ec2_vpc_route_table``. +- ec2_vpc_route_table_info - The module has been migrated from the ``community.aws`` collection. + Playbooks using the Fully Qualified Collection Name for this module should be updated + to use ``amazon.aws.ec2_vpc_route_table_info``. \ No newline at end of file diff --git a/docs/community.aws.ec2_vpc_route_table_info_module.rst b/docs/community.aws.ec2_vpc_route_table_info_module.rst deleted file mode 100644 index 6c025276cdd..00000000000 --- a/docs/community.aws.ec2_vpc_route_table_info_module.rst +++ /dev/null @@ -1,763 +0,0 @@ -.. _community.aws.ec2_vpc_route_table_info_module: - - -************************************** -community.aws.ec2_vpc_route_table_info -************************************** - -**Gather information about ec2 VPC route tables in AWS** - - -Version added: 1.0.0 - -.. contents:: - :local: - :depth: 1 - - -Synopsis --------- -- Gather information about ec2 VPC route tables in AWS - - - -Requirements ------------- -The below requirements are needed on the host that executes this module. - -- python >= 3.6 -- boto3 >= 1.16.0 -- botocore >= 1.19.0 - - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterChoices/DefaultsComments
-
- aws_access_key - -
- string -
- 		- -
AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.
-
If profile is set this parameter is ignored.
-
Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
-

aliases: ec2_access_key, access_key
-
-
- aws_ca_bundle - -
- path -
- 		- -
The location of a CA Bundle to use when validating SSL certificates.
-
Not used by boto 2 based modules.
-
Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
-
-
- aws_config - -
- dictionary -
- 		- -
A dictionary to modify the botocore configuration.
-
Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config.
-
Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
-
-
- aws_secret_key - -
- string -
- 		- -
AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.
-
If profile is set this parameter is ignored.
-
Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
-

aliases: ec2_secret_key, secret_key
-
-
- debug_botocore_endpoint_logs - -
- boolean -
- 		-
    Choices: -
  • no ←
    • -
  • yes
    • -
- 		-
Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
-
-
- ec2_url - -
- string -
- 		- -
URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
-

aliases: aws_endpoint_url, endpoint_url
-
-
- filters - -
- dictionary -
- 		- -
A dict of filters to apply. Each dict item consists of a filter key and a filter value. See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeRouteTables.html for possible filters.
-
-
- profile - -
- string -
- 		- -
Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
-
aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
-

aliases: aws_profile
-
-
- region - -
- string -
- 		- -
The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
-

aliases: aws_region, ec2_region
-
-
- security_token - -
- string -
- 		- -
AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.
-
If profile is set this parameter is ignored.
-
Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
-

aliases: aws_security_token, access_token
-
-
- validate_certs - -
- boolean -
- 		-
    Choices: -
  • no
    • -
  • yes ←
    • -
- 		-
When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
-
-
- - -Notes ------ - -.. note:: - - If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence ``AWS_URL`` or ``EC2_URL``, ``AWS_PROFILE`` or ``AWS_DEFAULT_PROFILE``, ``AWS_ACCESS_KEY_ID`` or ``AWS_ACCESS_KEY`` or ``EC2_ACCESS_KEY``, ``AWS_SECRET_ACCESS_KEY`` or ``AWS_SECRET_KEY`` or ``EC2_SECRET_KEY``, ``AWS_SECURITY_TOKEN`` or ``EC2_SECURITY_TOKEN``, ``AWS_REGION`` or ``EC2_REGION``, ``AWS_CA_BUNDLE`` - - When no credentials are explicitly provided the AWS SDK (boto3) that Ansible uses will fall back to its configuration files (typically ``~/.aws/credentials``). See https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html for more information. - - Modules based on the original AWS SDK (boto) may read their default configuration from different files. See https://boto.readthedocs.io/en/latest/boto_config_tut.html for more information. - - ``AWS_REGION`` or ``EC2_REGION`` can be typically be used to specify the AWS region, when required, but this can also be defined in the configuration files. - - - -Examples --------- - -.. code-block:: yaml - - # Note: These examples do not set authentication details, see the AWS Guide for details. - - - name: Gather information about all VPC route tables - community.aws.ec2_vpc_route_table_info: - - - name: Gather information about a particular VPC route table using route table ID - community.aws.ec2_vpc_route_table_info: - filters: - route-table-id: rtb-00112233 - - - name: Gather information about any VPC route table with a tag key Name and value Example - community.aws.ec2_vpc_route_table_info: - filters: - "tag:Name": Example - - - name: Gather information about any VPC route table within VPC with ID vpc-abcdef00 - community.aws.ec2_vpc_route_table_info: - filters: - vpc-id: vpc-abcdef00 - - - -Return Values -------------- -Common return values are documented `here `_, the following are the fields unique to this module: - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
KeyReturnedDescription
-
- route_tables - -
- complex -
- 		always -
A list of dictionarys describing route tables
- -
-
  -
- associations - -
- complex -
- 		always -
List of subnets associated with the route table
-
-
   -
- association_state - -
- complex -
- 		always -
The state of the association
-
-
    -
- state - -
- string -
- 		always -
The state of the association
-
-
Sample:
-
associated
-
    -
- state_message - -
- string -
- 		when available -
Additional information about the state of the association
-
-
Sample:
-
Creating association
-
   -
- id - -
- string -
- 		always -
ID of association between route table and subnet
-
-
Sample:
-
rtbassoc-ab47cfc3
-
   -
- main - -
- boolean -
- 		always -
Whether this is the main route table
-
-
   -
- route_table_association_id - -
- string -
- 		always -
ID of association between route table and subnet
-
-
Sample:
-
rtbassoc-ab47cfc3
-
   -
- route_table_id - -
- string -
- 		always -
ID of the route table
-
-
Sample:
-
rtb-bf779ed7
-
   -
- subnet_id - -
- string -
- 		always -
ID of the subnet
-
-
Sample:
-
subnet-82055af9
-
  -
- id - -
- string -
- 		always -
ID of the route table (same as route_table_id for backwards compatibility)
-
-
Sample:
-
rtb-bf779ed7
-
  -
- owner_id - -
- string -
- 		always -
ID of the account which owns the route table
-
-
Sample:
-
012345678912
-
  -
- propagating_vgws - -
- list -
- 		always -
List of Virtual Private Gateways propagating routes
-
-
  -
- route_table_id - -
- string -
- 		always -
ID of the route table
-
-
Sample:
-
rtb-bf779ed7
-
  -
- routes - -
- complex -
- 		always -
List of routes in the route table
-
-
   -
- destination_cidr_block - -
- string -
- 		always -
CIDR block of destination
-
-
Sample:
-
10.228.228.0/22
-
   -
- gateway_id - -
- string -
- 		when gateway is local or internet gateway -
ID of the gateway
-
-
Sample:
-
local
-
   -
- instance_id - -
- string -
- 		always -
ID of a NAT instance.
-
Empty unless the route is via an EC2 instance
-
-
Sample:
-
i-abcd123456789
-
   -
- instance_owner_id - -
- string -
- 		always -
AWS account owning the NAT instance
-
Empty unless the route is via an EC2 instance
-
-
Sample:
-
123456789012
-
   -
- nat_gateway_id - -
- string -
- 		when the route is via a NAT gateway -
ID of the NAT gateway
-
-
Sample:
-
local
-
   -
- network_interface_id - -
- string -
- 		always -
The ID of the network interface
-
Empty unless the route is via an EC2 instance
-
-
Sample:
-
123456789012
-
   -
- origin - -
- string -
- 		always -
mechanism through which the route is in the table
-
-
Sample:
-
CreateRouteTable
-
   -
- state - -
- string -
- 		always -
state of the route
-
-
Sample:
-
active
-
  -
- tags - -
- dictionary -
- 		always -
Tags applied to the route table
-
-
Sample:
-
{'Name': 'Public route table', 'Public': 'true'}
-
  -
- vpc_id - -
- string -
- 		always -
ID for the VPC in which the route lives
-
-
Sample:
-
vpc-6e2d2407
-
-

- - -Status ------- - - -Authors -~~~~~~~ - -- Rob White (@wimnat) -- Mark Chappell (@tremble) diff --git a/docs/community.aws.ec2_vpc_route_table_module.rst b/docs/community.aws.ec2_vpc_route_table_module.rst deleted file mode 100644 index ad82db6dc69..00000000000 --- a/docs/community.aws.ec2_vpc_route_table_module.rst +++ /dev/null @@ -1,844 +0,0 @@ -.. _community.aws.ec2_vpc_route_table_module: - - -********************************* -community.aws.ec2_vpc_route_table -********************************* - -**Manage route tables for AWS virtual private clouds** - - -Version added: 1.0.0 - -.. contents:: - :local: - :depth: 1 - - -Synopsis --------- -- Manage route tables for AWS virtual private clouds - - - -Requirements ------------- -The below requirements are needed on the host that executes this module. - -- python >= 3.6 -- boto3 >= 1.16.0 -- botocore >= 1.19.0 - - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterChoices/DefaultsComments
-
- aws_access_key - -
- string -
- 		- -
AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.
-
If profile is set this parameter is ignored.
-
Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
-

aliases: ec2_access_key, access_key
-
-
- aws_ca_bundle - -
- path -
- 		- -
The location of a CA Bundle to use when validating SSL certificates.
-
Not used by boto 2 based modules.
-
Note: The CA Bundle is read 'module' side and may need to be explicitly copied from the controller if not run locally.
-
-
- aws_config - -
- dictionary -
- 		- -
A dictionary to modify the botocore configuration.
- -
Only the 'user_agent' key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration.
-
-
- aws_secret_key - -
- string -
- 		- -
AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.
-
If profile is set this parameter is ignored.
-
Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
-

aliases: ec2_secret_key, secret_key
-
-
- debug_botocore_endpoint_logs - -
- boolean -
- 		-
    Choices: -
  • no ←
    • -
  • yes
    • -
- 		-
Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
-
-
- ec2_url - -
- string -
- 		- -
URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
-

aliases: aws_endpoint_url, endpoint_url
-
-
- lookup - -
- string -
- 		-
    Choices: -
  • tag ←
    • -
  • id
    • -
- 		-
Look up route table by either tags or by route table ID. Non-unique tag lookup will fail. If no tags are specified then no lookup for an existing route table is performed and a new route table will be created. To change tags of a route table you must look up by id.
-
-
- profile - -
- string -
- 		- -
Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated.
-
aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.
-

aliases: aws_profile
-
-
- propagating_vgw_ids - -
- list - / elements=string -
- 		- -
Enable route propagation from virtual gateways specified by ID.
-
-
- purge_routes - -
- boolean -
- 		-
    Choices: -
  • no
    • -
  • yes ←
    • -
- 		-
Purge existing routes that are not found in routes.
-
-
- purge_subnets - -
- boolean -
- 		-
    Choices: -
  • no
    • -
  • yes
    • -
- Default:
"true"
- 		-
Purge existing subnets that are not found in subnets. Ignored unless the subnets option is supplied.
-
-
- purge_tags - -
- boolean -
- 		-
    Choices: -
  • no ←
    • -
  • yes
    • -
- 		-
Purge existing tags that are not found in route table.
-
-
- region - -
- string -
- 		- -
The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region
-

aliases: aws_region, ec2_region
-
-
- route_table_id - -
- string -
- 		- -
The ID of the route table to update or delete.
-
Required when lookup=id.
-
-
- routes - -
- list - / elements=dictionary -
- 		- -
List of routes in the route table. Routes are specified as dicts containing the keys 'dest' and one of 'gateway_id', 'instance_id', 'network_interface_id', or 'vpc_peering_connection_id'. If 'gateway_id' is specified, you can refer to the VPC's IGW by using the value 'igw'. Routes are required for present states.
-
-
- security_token - -
- string -
- 		- -
AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.
-
If profile is set this parameter is ignored.
-
Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01.
-

aliases: aws_security_token, access_token
-
-
- state - -
- string -
- 		-
    Choices: -
  • present ←
    • -
  • absent
    • -
- 		-
Create or destroy the VPC route table.
-
-
- subnets - -
- list - / elements=string -
- 		- -
An array of subnets to add to this route table. Subnets may be specified by either subnet ID, Name tag, or by a CIDR such as '10.0.0.0/24'.
-
-
- tags - -
- dictionary -
- 		- -
A dictionary of resource tags of the form: { tag1: value1, tag2: value2 }. Tags are used to uniquely identify route tables within a VPC when the route_table_id is not supplied.
-

aliases: resource_tags
-
-
- validate_certs - -
- boolean -
- 		-
    Choices: -
  • no
    • -
  • yes ←
    • -
- 		-
When set to "no", SSL certificates will not be validated for communication with the AWS APIs.
-
-
- vpc_id - -
- string -
- 		- -
VPC ID of the VPC in which to create the route table.
-
Required when state=present or lookup=tag.
-
-
- - -Notes ------ - -.. note:: - - If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence ``AWS_URL`` or ``EC2_URL``, ``AWS_PROFILE`` or ``AWS_DEFAULT_PROFILE``, ``AWS_ACCESS_KEY_ID`` or ``AWS_ACCESS_KEY`` or ``EC2_ACCESS_KEY``, ``AWS_SECRET_ACCESS_KEY`` or ``AWS_SECRET_KEY`` or ``EC2_SECRET_KEY``, ``AWS_SECURITY_TOKEN`` or ``EC2_SECURITY_TOKEN``, ``AWS_REGION`` or ``EC2_REGION``, ``AWS_CA_BUNDLE`` - - When no credentials are explicitly provided the AWS SDK (boto3) that Ansible uses will fall back to its configuration files (typically ``~/.aws/credentials``). See https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html for more information. - - Modules based on the original AWS SDK (boto) may read their default configuration from different files. See https://boto.readthedocs.io/en/latest/boto_config_tut.html for more information. - - ``AWS_REGION`` or ``EC2_REGION`` can be typically be used to specify the AWS region, when required, but this can also be defined in the configuration files. - - - -Examples --------- - -.. code-block:: yaml - - # Note: These examples do not set authentication details, see the AWS Guide for details. - - # Basic creation example: - - name: Set up public subnet route table - community.aws.ec2_vpc_route_table: - vpc_id: vpc-1245678 - region: us-west-1 - tags: - Name: Public - subnets: - - "{{ jumpbox_subnet.subnet.id }}" - - "{{ frontend_subnet.subnet.id }}" - - "{{ vpn_subnet.subnet_id }}" - routes: - - dest: 0.0.0.0/0 - gateway_id: "{{ igw.gateway_id }}" - register: public_route_table - - - name: Set up NAT-protected route table - community.aws.ec2_vpc_route_table: - vpc_id: vpc-1245678 - region: us-west-1 - tags: - Name: Internal - subnets: - - "{{ application_subnet.subnet.id }}" - - 'Database Subnet' - - '10.0.0.0/8' - routes: - - dest: 0.0.0.0/0 - instance_id: "{{ nat.instance_id }}" - register: nat_route_table - - - name: delete route table - community.aws.ec2_vpc_route_table: - vpc_id: vpc-1245678 - region: us-west-1 - route_table_id: "{{ route_table.id }}" - lookup: id - state: absent - - - -Return Values -------------- -Common return values are documented `here `_, the following are the fields unique to this module: - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
KeyReturnedDescription
-
- route_table - -
- complex -
- 		always -
Route Table result
-
-
  -
- associations - -
- complex -
- 		always -
List of subnets associated with the route table
-
-
   -
- main - -
- boolean -
- 		always -
Whether this is the main route table
-
-
   -
- route_table_association_id - -
- string -
- 		always -
ID of association between route table and subnet
-
-
Sample:
-
rtbassoc-ab47cfc3
-
   -
- route_table_id - -
- string -
- 		always -
ID of the route table
-
-
Sample:
-
rtb-bf779ed7
-
   -
- subnet_id - -
- string -
- 		always -
ID of the subnet
-
-
Sample:
-
subnet-82055af9
-
  -
- id - -
- string -
- 		always -
ID of the route table (same as route_table_id for backwards compatibility)
-
-
Sample:
-
rtb-bf779ed7
-
  -
- propagating_vgws - -
- list -
- 		always -
List of Virtual Private Gateways propagating routes
-
-
  -
- route_table_id - -
- string -
- 		always -
ID of the route table
-
-
Sample:
-
rtb-bf779ed7
-
  -
- routes - -
- complex -
- 		always -
List of routes in the route table
-
-
   -
- destination_cidr_block - -
- string -
- 		always -
CIDR block of destination
-
-
Sample:
-
10.228.228.0/22
-
   -
- gateway_id - -
- string -
- 		when gateway is local or internet gateway -
ID of the gateway
-
-
Sample:
-
local
-
   -
- instance_id - -
- string -
- 		when the route is via an EC2 instance -
ID of a NAT instance
-
-
Sample:
-
i-abcd123456789
-
   -
- instance_owner_id - -
- string -
- 		when the route is via an EC2 instance -
AWS account owning the NAT instance
-
-
Sample:
-
123456789012
-
   -
- nat_gateway_id - -
- string -
- 		when the route is via a NAT gateway -
ID of the NAT gateway
-
-
Sample:
-
local
-
   -
- origin - -
- string -
- 		always -
mechanism through which the route is in the table
-
-
Sample:
-
CreateRouteTable
-
   -
- state - -
- string -
- 		always -
state of the route
-
-
Sample:
-
active
-
  -
- tags - -
- dictionary -
- 		always -
Tags applied to the route table
-
-
Sample:
-
{'Name': 'Public route table', 'Public': 'true'}
-
  -
- vpc_id - -
- string -
- 		always -
ID for the VPC in which the route lives
-
-
Sample:
-
vpc-6e2d2407
-
-

- - -Status ------- - - -Authors -~~~~~~~ - -- Robert Estelle (@erydo) -- Rob White (@wimnat) -- Will Thames (@willthames) diff --git a/meta/runtime.yml b/meta/runtime.yml index a6b1773a090..e5e079bf6b0 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -91,8 +91,6 @@ action_groups: - ec2_vpc_nacl_info - ec2_vpc_peer - ec2_vpc_peering_info - - ec2_vpc_route_table - - ec2_vpc_route_table_info - ec2_vpc_vgw - ec2_vpc_vgw_info - ec2_vpc_vpn @@ -211,6 +209,10 @@ plugin_routing: redirect: amazon.aws.ec2_vpc_nat_gateway ec2_vpc_nat_gateway_info: redirect: amazon.aws.ec2_vpc_nat_gateway_info + ec2_vpc_route_table: + redirect: amazon.aws.ec2_vpc_route_table + ec2_vpc_route_table_info: + redirect: amazon.aws.ec2_vpc_route_table_info elb_classic_lb: redirect: amazon.aws.ec2_elb_lb iam_cert: diff --git a/plugins/modules/ec2_vpc_route_table.py b/plugins/modules/ec2_vpc_route_table.py deleted file mode 100644 index afc3487110a..00000000000 --- a/plugins/modules/ec2_vpc_route_table.py +++ /dev/null @@ -1,722 +0,0 @@ -#!/usr/bin/python -# -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) - -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - - -DOCUMENTATION = r''' ---- -module: ec2_vpc_route_table -version_added: 1.0.0 -short_description: Manage route tables for AWS virtual private clouds -description: - - Manage route tables for AWS virtual private clouds -author: -- Robert Estelle (@erydo) -- Rob White (@wimnat) -- Will Thames (@willthames) -options: - lookup: - description: Look up route table by either tags or by route table ID. Non-unique tag lookup will fail. - If no tags are specified then no lookup for an existing route table is performed and a new - route table will be created. To change tags of a route table you must look up by id. - default: tag - choices: [ 'tag', 'id' ] - type: str - propagating_vgw_ids: - description: Enable route propagation from virtual gateways specified by ID. - type: list - elements: str - purge_routes: - description: Purge existing routes that are not found in routes. - type: bool - default: 'yes' - purge_subnets: - description: Purge existing subnets that are not found in subnets. Ignored unless the subnets option is supplied. - default: 'true' - type: bool - purge_tags: - description: Purge existing tags that are not found in route table. - type: bool - default: 'no' - route_table_id: - description: - - The ID of the route table to update or delete. - - Required when I(lookup=id). - type: str - routes: - description: List of routes in the route table. - Routes are specified as dicts containing the keys 'dest' and one of 'gateway_id', - 'instance_id', 'network_interface_id', or 'vpc_peering_connection_id'. - If 'gateway_id' is specified, you can refer to the VPC's IGW by using the value 'igw'. - Routes are required for present states. - type: list - elements: dict - state: - description: Create or destroy the VPC route table. - default: present - choices: [ 'present', 'absent' ] - type: str - subnets: - description: An array of subnets to add to this route table. Subnets may be specified - by either subnet ID, Name tag, or by a CIDR such as '10.0.0.0/24'. - type: list - elements: str - tags: - description: > - A dictionary of resource tags of the form: C({ tag1: value1, tag2: value2 }). Tags are - used to uniquely identify route tables within a VPC when the route_table_id is not supplied. - aliases: [ "resource_tags" ] - type: dict - vpc_id: - description: - - VPC ID of the VPC in which to create the route table. - - Required when I(state=present) or I(lookup=tag). - type: str -extends_documentation_fragment: -- amazon.aws.aws -- amazon.aws.ec2 - -''' - -EXAMPLES = r''' -# Note: These examples do not set authentication details, see the AWS Guide for details. - -# Basic creation example: -- name: Set up public subnet route table - community.aws.ec2_vpc_route_table: - vpc_id: vpc-1245678 - region: us-west-1 - tags: - Name: Public - subnets: - - "{{ jumpbox_subnet.subnet.id }}" - - "{{ frontend_subnet.subnet.id }}" - - "{{ vpn_subnet.subnet_id }}" - routes: - - dest: 0.0.0.0/0 - gateway_id: "{{ igw.gateway_id }}" - register: public_route_table - -- name: Set up NAT-protected route table - community.aws.ec2_vpc_route_table: - vpc_id: vpc-1245678 - region: us-west-1 - tags: - Name: Internal - subnets: - - "{{ application_subnet.subnet.id }}" - - 'Database Subnet' - - '10.0.0.0/8' - routes: - - dest: 0.0.0.0/0 - instance_id: "{{ nat.instance_id }}" - register: nat_route_table - -- name: delete route table - community.aws.ec2_vpc_route_table: - vpc_id: vpc-1245678 - region: us-west-1 - route_table_id: "{{ route_table.id }}" - lookup: id - state: absent -''' - -RETURN = r''' -route_table: - description: Route Table result - returned: always - type: complex - contains: - associations: - description: List of subnets associated with the route table - returned: always - type: complex - contains: - main: - description: Whether this is the main route table - returned: always - type: bool - sample: false - route_table_association_id: - description: ID of association between route table and subnet - returned: always - type: str - sample: rtbassoc-ab47cfc3 - route_table_id: - description: ID of the route table - returned: always - type: str - sample: rtb-bf779ed7 - subnet_id: - description: ID of the subnet - returned: always - type: str - sample: subnet-82055af9 - id: - description: ID of the route table (same as route_table_id for backwards compatibility) - returned: always - type: str - sample: rtb-bf779ed7 - propagating_vgws: - description: List of Virtual Private Gateways propagating routes - returned: always - type: list - sample: [] - route_table_id: - description: ID of the route table - returned: always - type: str - sample: rtb-bf779ed7 - routes: - description: List of routes in the route table - returned: always - type: complex - contains: - destination_cidr_block: - description: CIDR block of destination - returned: always - type: str - sample: 10.228.228.0/22 - gateway_id: - description: ID of the gateway - returned: when gateway is local or internet gateway - type: str - sample: local - instance_id: - description: ID of a NAT instance - returned: when the route is via an EC2 instance - type: str - sample: i-abcd123456789 - instance_owner_id: - description: AWS account owning the NAT instance - returned: when the route is via an EC2 instance - type: str - sample: 123456789012 - nat_gateway_id: - description: ID of the NAT gateway - returned: when the route is via a NAT gateway - type: str - sample: local - origin: - description: mechanism through which the route is in the table - returned: always - type: str - sample: CreateRouteTable - state: - description: state of the route - returned: always - type: str - sample: active - tags: - description: Tags applied to the route table - returned: always - type: dict - sample: - Name: Public route table - Public: 'true' - vpc_id: - description: ID for the VPC in which the route lives - returned: always - type: str - sample: vpc-6e2d2407 -''' - -import re -from time import sleep - -try: - import botocore -except ImportError: - pass # caught by AnsibleAWSModule - -from ansible.module_utils.common.dict_transformations import camel_dict_to_snake_dict -from ansible.module_utils.common.dict_transformations import snake_dict_to_camel_dict - -from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule -from ansible_collections.amazon.aws.plugins.module_utils.core import is_boto3_error_code -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ansible_dict_to_boto3_filter_list -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import AWSRetry -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import describe_ec2_tags -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ensure_ec2_tags -from ansible_collections.amazon.aws.plugins.module_utils.waiters import get_waiter - - -@AWSRetry.jittered_backoff() -def describe_subnets_with_backoff(connection, **params): - paginator = connection.get_paginator('describe_subnets') - return paginator.paginate(**params).build_full_result()['Subnets'] - - -@AWSRetry.jittered_backoff() -def describe_igws_with_backoff(connection, **params): - paginator = connection.get_paginator('describe_internet_gateways') - return paginator.paginate(**params).build_full_result()['InternetGateways'] - - -@AWSRetry.jittered_backoff() -def describe_route_tables_with_backoff(connection, **params): - try: - paginator = connection.get_paginator('describe_route_tables') - return paginator.paginate(**params).build_full_result()['RouteTables'] - except is_boto3_error_code('InvalidRouteTableID.NotFound'): - return None - - -def find_subnets(connection, module, vpc_id, identified_subnets): - """ - Finds a list of subnets, each identified either by a raw ID, a unique - 'Name' tag, or a CIDR such as 10.0.0.0/8. - """ - CIDR_RE = re.compile(r'^(\d{1,3}\.){3}\d{1,3}/\d{1,2}$') - SUBNET_RE = re.compile(r'^subnet-[A-z0-9]+$') - - subnet_ids = [] - subnet_names = [] - subnet_cidrs = [] - for subnet in (identified_subnets or []): - if re.match(SUBNET_RE, subnet): - subnet_ids.append(subnet) - elif re.match(CIDR_RE, subnet): - subnet_cidrs.append(subnet) - else: - subnet_names.append(subnet) - - subnets_by_id = [] - if subnet_ids: - filters = ansible_dict_to_boto3_filter_list({'vpc-id': vpc_id}) - try: - subnets_by_id = describe_subnets_with_backoff(connection, SubnetIds=subnet_ids, Filters=filters) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Couldn't find subnet with id %s" % subnet_ids) - - subnets_by_cidr = [] - if subnet_cidrs: - filters = ansible_dict_to_boto3_filter_list({'vpc-id': vpc_id, 'cidr': subnet_cidrs}) - try: - subnets_by_cidr = describe_subnets_with_backoff(connection, Filters=filters) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Couldn't find subnet with cidr %s" % subnet_cidrs) - - subnets_by_name = [] - if subnet_names: - filters = ansible_dict_to_boto3_filter_list({'vpc-id': vpc_id, 'tag:Name': subnet_names}) - try: - subnets_by_name = describe_subnets_with_backoff(connection, Filters=filters) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Couldn't find subnet with names %s" % subnet_names) - - for name in subnet_names: - matching_count = len([1 for s in subnets_by_name for t in s.get('Tags', []) if t['Key'] == 'Name' and t['Value'] == name]) - if matching_count == 0: - module.fail_json(msg='Subnet named "{0}" does not exist'.format(name)) - elif matching_count > 1: - module.fail_json(msg='Multiple subnets named "{0}"'.format(name)) - - return subnets_by_id + subnets_by_cidr + subnets_by_name - - -def find_igw(connection, module, vpc_id): - """ - Finds the Internet gateway for the given VPC ID. - """ - filters = ansible_dict_to_boto3_filter_list({'attachment.vpc-id': vpc_id}) - try: - igw = describe_igws_with_backoff(connection, Filters=filters) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg='No IGW found for VPC {0}'.format(vpc_id)) - if len(igw) == 1: - return igw[0]['InternetGatewayId'] - elif len(igw) == 0: - module.fail_json(msg='No IGWs found for VPC {0}'.format(vpc_id)) - else: - module.fail_json(msg='Multiple IGWs found for VPC {0}'.format(vpc_id)) - - -def tags_match(match_tags, candidate_tags): - return all((k in candidate_tags and candidate_tags[k] == v - for k, v in match_tags.items())) - - -def get_route_table_by_id(connection, module, route_table_id): - - route_table = None - try: - route_tables = describe_route_tables_with_backoff(connection, RouteTableIds=[route_table_id]) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Couldn't get route table") - if route_tables: - route_table = route_tables[0] - - return route_table - - -def get_route_table_by_tags(connection, module, vpc_id, tags): - count = 0 - route_table = None - filters = ansible_dict_to_boto3_filter_list({'vpc-id': vpc_id}) - try: - route_tables = describe_route_tables_with_backoff(connection, Filters=filters) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Couldn't get route table") - for table in route_tables: - this_tags = describe_ec2_tags(connection, module, table['RouteTableId']) - if tags_match(tags, this_tags): - route_table = table - count += 1 - - if count > 1: - module.fail_json(msg="Tags provided do not identify a unique route table") - else: - return route_table - - -def route_spec_matches_route(route_spec, route): - if route_spec.get('GatewayId') and 'nat-' in route_spec['GatewayId']: - route_spec['NatGatewayId'] = route_spec.pop('GatewayId') - if route_spec.get('GatewayId') and 'vpce-' in route_spec['GatewayId']: - if route_spec.get('DestinationCidrBlock', '').startswith('pl-'): - route_spec['DestinationPrefixListId'] = route_spec.pop('DestinationCidrBlock') - - return set(route_spec.items()).issubset(route.items()) - - -def route_spec_matches_route_cidr(route_spec, route): - return route_spec['DestinationCidrBlock'] == route.get('DestinationCidrBlock') - - -def rename_key(d, old_key, new_key): - d[new_key] = d.pop(old_key) - - -def index_of_matching_route(route_spec, routes_to_match): - for i, route in enumerate(routes_to_match): - if route_spec_matches_route(route_spec, route): - return "exact", i - elif 'Origin' in route_spec and route_spec['Origin'] != 'EnableVgwRoutePropagation': - if route_spec_matches_route_cidr(route_spec, route): - return "replace", i - - -def ensure_routes(connection=None, module=None, route_table=None, route_specs=None, - propagating_vgw_ids=None, check_mode=None, purge_routes=None): - routes_to_match = list(route_table['Routes']) - route_specs_to_create = [] - route_specs_to_recreate = [] - for route_spec in route_specs: - match = index_of_matching_route(route_spec, routes_to_match) - if match is None: - if route_spec.get('DestinationCidrBlock'): - route_specs_to_create.append(route_spec) - else: - module.warn("Skipping creating {0} because it has no destination cidr block. " - "To add VPC endpoints to route tables use the ec2_vpc_endpoint module.".format(route_spec)) - else: - if match[0] == "replace": - if route_spec.get('DestinationCidrBlock'): - route_specs_to_recreate.append(route_spec) - else: - module.warn("Skipping recreating route {0} because it has no destination cidr block.".format(route_spec)) - del routes_to_match[match[1]] - - routes_to_delete = [] - if purge_routes: - for r in routes_to_match: - if not r.get('DestinationCidrBlock'): - module.warn("Skipping purging route {0} because it has no destination cidr block. " - "To remove VPC endpoints from route tables use the ec2_vpc_endpoint module.".format(r)) - continue - if r['Origin'] == 'CreateRoute': - routes_to_delete.append(r) - - changed = bool(routes_to_delete or route_specs_to_create or route_specs_to_recreate) - if changed and not check_mode: - for route in routes_to_delete: - try: - connection.delete_route( - aws_retry=True, - RouteTableId=route_table['RouteTableId'], - DestinationCidrBlock=route['DestinationCidrBlock']) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Couldn't delete route") - - for route_spec in route_specs_to_recreate: - try: - connection.replace_route(aws_retry=True, RouteTableId=route_table['RouteTableId'], **route_spec) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Couldn't recreate route") - - for route_spec in route_specs_to_create: - try: - connection.create_route(aws_retry=True, RouteTableId=route_table['RouteTableId'], **route_spec) - except is_boto3_error_code('RouteAlreadyExists'): - changed = False - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: # pylint: disable=duplicate-except - module.fail_json_aws(e, msg="Couldn't create route") - - return {'changed': bool(changed)} - - -def ensure_subnet_association(connection=None, module=None, vpc_id=None, route_table_id=None, subnet_id=None, - check_mode=None): - filters = ansible_dict_to_boto3_filter_list({'association.subnet-id': subnet_id, 'vpc-id': vpc_id}) - try: - route_tables = describe_route_tables_with_backoff(connection, Filters=filters) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Couldn't get route tables") - for route_table in route_tables: - if route_table['RouteTableId'] is None: - continue - for a in route_table['Associations']: - if a['Main']: - continue - if a['SubnetId'] == subnet_id: - if route_table['RouteTableId'] == route_table_id: - return {'changed': False, 'association_id': a['RouteTableAssociationId']} - else: - if check_mode: - return {'changed': True} - try: - connection.disassociate_route_table( - aws_retry=True, AssociationId=a['RouteTableAssociationId']) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Couldn't disassociate subnet from route table") - - try: - association_id = connection.associate_route_table(aws_retry=True, - RouteTableId=route_table_id, - SubnetId=subnet_id) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Couldn't associate subnet with route table") - return {'changed': True, 'association_id': association_id} - - -def ensure_subnet_associations(connection=None, module=None, route_table=None, subnets=None, - check_mode=None, purge_subnets=None): - current_association_ids = [a['RouteTableAssociationId'] for a in route_table['Associations'] if not a['Main']] - new_association_ids = [] - changed = False - for subnet in subnets: - result = ensure_subnet_association( - connection=connection, module=module, vpc_id=route_table['VpcId'], - route_table_id=route_table['RouteTableId'], subnet_id=subnet['SubnetId'], - check_mode=check_mode) - changed = changed or result['changed'] - if changed and check_mode: - return {'changed': True} - new_association_ids.append(result['association_id']) - - if purge_subnets: - to_delete = [a_id for a_id in current_association_ids - if a_id not in new_association_ids] - - for a_id in to_delete: - changed = True - if not check_mode: - try: - connection.disassociate_route_table(aws_retry=True, AssociationId=a_id) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Couldn't disassociate subnet from route table") - - return {'changed': changed} - - -def ensure_propagation(connection=None, module=None, route_table=None, propagating_vgw_ids=None, - check_mode=None): - changed = False - gateways = [gateway['GatewayId'] for gateway in route_table['PropagatingVgws']] - to_add = set(propagating_vgw_ids) - set(gateways) - if to_add: - changed = True - if not check_mode: - for vgw_id in to_add: - try: - connection.enable_vgw_route_propagation( - aws_retry=True, - RouteTableId=route_table['RouteTableId'], - GatewayId=vgw_id) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Couldn't enable route propagation") - - return {'changed': changed} - - -def ensure_route_table_absent(connection, module): - - lookup = module.params.get('lookup') - route_table_id = module.params.get('route_table_id') - tags = module.params.get('tags') - vpc_id = module.params.get('vpc_id') - purge_subnets = module.params.get('purge_subnets') - - if lookup == 'tag': - if tags is not None: - route_table = get_route_table_by_tags(connection, module, vpc_id, tags) - else: - route_table = None - elif lookup == 'id': - route_table = get_route_table_by_id(connection, module, route_table_id) - - if route_table is None: - return {'changed': False} - - # disassociate subnets before deleting route table - if not module.check_mode: - ensure_subnet_associations(connection=connection, module=module, route_table=route_table, - subnets=[], check_mode=False, purge_subnets=purge_subnets) - try: - connection.delete_route_table(aws_retry=True, RouteTableId=route_table['RouteTableId']) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Error deleting route table") - - return {'changed': True} - - -def get_route_table_info(connection, module, route_table): - result = get_route_table_by_id(connection, module, route_table['RouteTableId']) - try: - result['Tags'] = describe_ec2_tags(connection, module, route_table['RouteTableId']) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Couldn't get tags for route table") - result = camel_dict_to_snake_dict(result, ignore_list=['Tags']) - # backwards compatibility - result['id'] = result['route_table_id'] - return result - - -def create_route_spec(connection, module, vpc_id): - routes = module.params.get('routes') - - for route_spec in routes: - rename_key(route_spec, 'dest', 'destination_cidr_block') - - if route_spec.get('gateway_id') and route_spec['gateway_id'].lower() == 'igw': - igw = find_igw(connection, module, vpc_id) - route_spec['gateway_id'] = igw - if route_spec.get('gateway_id') and route_spec['gateway_id'].startswith('nat-'): - rename_key(route_spec, 'gateway_id', 'nat_gateway_id') - - return snake_dict_to_camel_dict(routes, capitalize_first=True) - - -def ensure_route_table_present(connection, module): - - lookup = module.params.get('lookup') - propagating_vgw_ids = module.params.get('propagating_vgw_ids') - purge_routes = module.params.get('purge_routes') - purge_subnets = module.params.get('purge_subnets') - purge_tags = module.params.get('purge_tags') - route_table_id = module.params.get('route_table_id') - subnets = module.params.get('subnets') - tags = module.params.get('tags') - vpc_id = module.params.get('vpc_id') - routes = create_route_spec(connection, module, vpc_id) - - changed = False - tags_valid = False - - if lookup == 'tag': - if tags is not None: - try: - route_table = get_route_table_by_tags(connection, module, vpc_id, tags) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Error finding route table with lookup 'tag'") - else: - route_table = None - elif lookup == 'id': - try: - route_table = get_route_table_by_id(connection, module, route_table_id) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Error finding route table with lookup 'id'") - - # If no route table returned then create new route table - if route_table is None: - changed = True - if not module.check_mode: - try: - route_table = connection.create_route_table(aws_retry=True, VpcId=vpc_id)['RouteTable'] - # try to wait for route table to be present before moving on - get_waiter( - connection, 'route_table_exists' - ).wait( - RouteTableIds=[route_table['RouteTableId']], - ) - except botocore.exceptions.WaiterError as e: - module.fail_json_aws(e, msg='Timeout waiting for route table creation') - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, msg="Error creating route table") - else: - route_table = {"id": "rtb-xxxxxxxx", "route_table_id": "rtb-xxxxxxxx", "vpc_id": vpc_id} - module.exit_json(changed=changed, route_table=route_table) - - if routes is not None: - result = ensure_routes(connection=connection, module=module, route_table=route_table, - route_specs=routes, propagating_vgw_ids=propagating_vgw_ids, - check_mode=module.check_mode, purge_routes=purge_routes) - changed = changed or result['changed'] - - if propagating_vgw_ids is not None: - result = ensure_propagation(connection=connection, module=module, route_table=route_table, - propagating_vgw_ids=propagating_vgw_ids, check_mode=module.check_mode) - changed = changed or result['changed'] - - if not tags_valid and tags is not None: - changed |= ensure_ec2_tags(connection, module, route_table['RouteTableId'], - tags=tags, purge_tags=purge_tags, - retry_codes=['InvalidRouteTableID.NotFound']) - route_table['Tags'] = describe_ec2_tags(connection, module, route_table['RouteTableId']) - - if subnets is not None: - associated_subnets = find_subnets(connection, module, vpc_id, subnets) - - result = ensure_subnet_associations(connection=connection, module=module, route_table=route_table, - subnets=associated_subnets, check_mode=module.check_mode, - purge_subnets=purge_subnets) - changed = changed or result['changed'] - - if changed: - # pause to allow route table routes/subnets/associations to be updated before exiting with final state - sleep(5) - module.exit_json(changed=changed, route_table=get_route_table_info(connection, module, route_table)) - - -def main(): - argument_spec = dict( - lookup=dict(default='tag', choices=['tag', 'id']), - propagating_vgw_ids=dict(type='list', elements='str'), - purge_routes=dict(default=True, type='bool'), - purge_subnets=dict(default=True, type='bool'), - purge_tags=dict(default=False, type='bool'), - route_table_id=dict(), - routes=dict(default=[], type='list', elements='dict'), - state=dict(default='present', choices=['present', 'absent']), - subnets=dict(type='list', elements='str'), - tags=dict(type='dict', aliases=['resource_tags']), - vpc_id=dict() - ) - - module = AnsibleAWSModule(argument_spec=argument_spec, - required_if=[['lookup', 'id', ['route_table_id']], - ['lookup', 'tag', ['vpc_id']], - ['state', 'present', ['vpc_id']]], - supports_check_mode=True) - - # The tests for RouteTable existing uses its own decorator, we can safely - # retry on InvalidRouteTableID.NotFound - retry_decorator = AWSRetry.jittered_backoff(retries=10, catch_extra_error_codes=['InvalidRouteTableID.NotFound']) - connection = module.client('ec2', retry_decorator=retry_decorator) - - state = module.params.get('state') - - if state == 'present': - result = ensure_route_table_present(connection, module) - elif state == 'absent': - result = ensure_route_table_absent(connection, module) - - module.exit_json(**result) - - -if __name__ == '__main__': - main() diff --git a/plugins/modules/ec2_vpc_route_table_info.py b/plugins/modules/ec2_vpc_route_table_info.py deleted file mode 100644 index a84245d47ee..00000000000 --- a/plugins/modules/ec2_vpc_route_table_info.py +++ /dev/null @@ -1,279 +0,0 @@ -#!/usr/bin/python -# Copyright: Ansible Project -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) - -from __future__ import absolute_import, division, print_function -__metaclass__ = type - - -DOCUMENTATION = r''' ---- -module: ec2_vpc_route_table_info -version_added: 1.0.0 -short_description: Gather information about ec2 VPC route tables in AWS -description: - - Gather information about ec2 VPC route tables in AWS -author: -- "Rob White (@wimnat)" -- "Mark Chappell (@tremble)" -options: - filters: - description: - - A dict of filters to apply. Each dict item consists of a filter key and a filter value. - See U(https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeRouteTables.html) for possible filters. - type: dict -extends_documentation_fragment: -- amazon.aws.aws -- amazon.aws.ec2 - -''' - -EXAMPLES = r''' -# Note: These examples do not set authentication details, see the AWS Guide for details. - -- name: Gather information about all VPC route tables - community.aws.ec2_vpc_route_table_info: - -- name: Gather information about a particular VPC route table using route table ID - community.aws.ec2_vpc_route_table_info: - filters: - route-table-id: rtb-00112233 - -- name: Gather information about any VPC route table with a tag key Name and value Example - community.aws.ec2_vpc_route_table_info: - filters: - "tag:Name": Example - -- name: Gather information about any VPC route table within VPC with ID vpc-abcdef00 - community.aws.ec2_vpc_route_table_info: - filters: - vpc-id: vpc-abcdef00 -''' - -RETURN = r''' -route_tables: - description: - - A list of dictionarys describing route tables - - See also U(https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2.html#EC2.Client.describe_route_tables) - returned: always - type: complex - contains: - associations: - description: List of subnets associated with the route table - returned: always - type: complex - contains: - main: - description: Whether this is the main route table - returned: always - type: bool - sample: false - id: - description: ID of association between route table and subnet - returned: always - type: str - sample: rtbassoc-ab47cfc3 - route_table_association_id: - description: ID of association between route table and subnet - returned: always - type: str - sample: rtbassoc-ab47cfc3 - route_table_id: - description: ID of the route table - returned: always - type: str - sample: rtb-bf779ed7 - subnet_id: - description: ID of the subnet - returned: always - type: str - sample: subnet-82055af9 - association_state: - description: The state of the association - returned: always - type: complex - contains: - state: - description: The state of the association - returned: always - type: str - sample: associated - state_message: - description: Additional information about the state of the association - returned: when available - type: str - sample: 'Creating association' - id: - description: ID of the route table (same as route_table_id for backwards compatibility) - returned: always - type: str - sample: rtb-bf779ed7 - owner_id: - description: ID of the account which owns the route table - returned: always - type: str - sample: '012345678912' - propagating_vgws: - description: List of Virtual Private Gateways propagating routes - returned: always - type: list - sample: [] - route_table_id: - description: ID of the route table - returned: always - type: str - sample: rtb-bf779ed7 - routes: - description: List of routes in the route table - returned: always - type: complex - contains: - destination_cidr_block: - description: CIDR block of destination - returned: always - type: str - sample: 10.228.228.0/22 - gateway_id: - description: ID of the gateway - returned: when gateway is local or internet gateway - type: str - sample: local - instance_id: - description: - - ID of a NAT instance. - - Empty unless the route is via an EC2 instance - returned: always - type: str - sample: i-abcd123456789 - instance_owner_id: - description: - - AWS account owning the NAT instance - - Empty unless the route is via an EC2 instance - returned: always - type: str - sample: 123456789012 - network_interface_id: - description: - - The ID of the network interface - - Empty unless the route is via an EC2 instance - returned: always - type: str - sample: 123456789012 - nat_gateway_id: - description: ID of the NAT gateway - returned: when the route is via a NAT gateway - type: str - sample: local - origin: - description: mechanism through which the route is in the table - returned: always - type: str - sample: CreateRouteTable - state: - description: state of the route - returned: always - type: str - sample: active - tags: - description: Tags applied to the route table - returned: always - type: dict - sample: - Name: Public route table - Public: 'true' - vpc_id: - description: ID for the VPC in which the route lives - returned: always - type: str - sample: vpc-6e2d2407 -''' - -try: - import botocore -except ImportError: - pass # Handled by AnsibleAWSModule - -from ansible.module_utils.common.dict_transformations import camel_dict_to_snake_dict - -from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule -from ansible_collections.amazon.aws.plugins.module_utils.core import is_boto3_error_code -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import AWSRetry -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ansible_dict_to_boto3_filter_list -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict - - -@AWSRetry.jittered_backoff() -def describe_route_tables_with_backoff(connection, **params): - try: - paginator = connection.get_paginator('describe_route_tables') - return paginator.paginate(**params).build_full_result() - except is_boto3_error_code('InvalidRouteTableID.NotFound'): - return None - - -def normalize_route(route): - # Historically these were all there, but set to null when empty' - for legacy_key in ['DestinationCidrBlock', 'GatewayId', 'InstanceId', - 'Origin', 'State', 'NetworkInterfaceId']: - if legacy_key not in route: - route[legacy_key] = None - route['InterfaceId'] = route['NetworkInterfaceId'] - return route - - -def normalize_association(assoc): - # Name change between boto v2 and boto v3, return both - assoc['Id'] = assoc['RouteTableAssociationId'] - return assoc - - -def normalize_route_table(table): - table['tags'] = boto3_tag_list_to_ansible_dict(table['Tags']) - table['Associations'] = [normalize_association(assoc) for assoc in table['Associations']] - table['Routes'] = [normalize_route(route) for route in table['Routes']] - table['Id'] = table['RouteTableId'] - del table['Tags'] - return camel_dict_to_snake_dict(table, ignore_list=['tags']) - - -def normalize_results(results): - """ - We used to be a boto v2 module, make sure that the old return values are - maintained and the shape of the return values are what people expect - """ - - routes = [normalize_route_table(route) for route in results['RouteTables']] - del results['RouteTables'] - results = camel_dict_to_snake_dict(results) - results['route_tables'] = routes - return results - - -def list_ec2_vpc_route_tables(connection, module): - - filters = ansible_dict_to_boto3_filter_list(module.params.get("filters")) - - try: - results = describe_route_tables_with_backoff(connection, Filters=filters) - except (botocore.exceptions.BotoCoreError, botocore.exceptions.ClientError) as e: - module.fail_json_aws(e, msg="Failed to get route tables") - - results = normalize_results(results) - module.exit_json(changed=False, **results) - - -def main(): - argument_spec = dict( - filters=dict(default=None, type='dict'), - ) - - module = AnsibleAWSModule(argument_spec=argument_spec, - supports_check_mode=True) - - connection = module.client('ec2', retry_decorator=AWSRetry.jittered_backoff(retries=10)) - - list_ec2_vpc_route_tables(connection, module) - - -if __name__ == '__main__': - main() diff --git a/tests/integration/targets/ec2_vpc_route_table/aliases b/tests/integration/targets/ec2_vpc_route_table/aliases deleted file mode 100644 index 7bfd75cbb9f..00000000000 --- a/tests/integration/targets/ec2_vpc_route_table/aliases +++ /dev/null @@ -1,3 +0,0 @@ -cloud/aws - -ec2_vpc_route_table_info diff --git a/tests/integration/targets/ec2_vpc_route_table/meta/main.yml b/tests/integration/targets/ec2_vpc_route_table/meta/main.yml deleted file mode 100644 index 1f64f1169a9..00000000000 --- a/tests/integration/targets/ec2_vpc_route_table/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - prepare_tests - - setup_ec2 diff --git a/tests/integration/targets/ec2_vpc_route_table/tasks/main.yml b/tests/integration/targets/ec2_vpc_route_table/tasks/main.yml deleted file mode 100644 index 3a96fed7650..00000000000 --- a/tests/integration/targets/ec2_vpc_route_table/tasks/main.yml +++ /dev/null @@ -1,754 +0,0 @@ ---- -- name: 'ec2_vpc_route_table integration tests' - collections: - - amazon.aws - module_defaults: - group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region }}' - block: - - - name: create VPC - ec2_vpc_net: - cidr_block: 10.228.228.0/22 - name: "{{ resource_prefix }}_vpc" - state: present - register: vpc - - - name: create subnets - ec2_vpc_subnet: - cidr: "{{ item.cidr }}" - az: "{{ aws_region}}{{ item.az }}" - vpc_id: "{{ vpc.vpc.id }}" - state: present - tags: - Public: "{{ item.public|string }}" - Name: "{{ (item.public|bool)|ternary('public', 'private') }}-{{ item.az }}" - with_items: - - cidr: 10.228.228.0/24 - az: "a" - public: "True" - - cidr: 10.228.229.0/24 - az: "b" - public: "True" - - cidr: 10.228.230.0/24 - az: "a" - public: "False" - - cidr: 10.228.231.0/24 - az: "b" - public: "False" - register: subnets - - - ec2_vpc_subnet_info: - filters: - vpc-id: "{{ vpc.vpc.id }}" - register: vpc_subnets - - - set_fact: - public_subnets: "{{ (vpc_subnets.subnets| selectattr('tags.Public', 'equalto', 'True')| map(attribute='id')| list) }}" - public_cidrs: "{{ (vpc_subnets.subnets| selectattr('tags.Public', 'equalto', 'True')| map(attribute='cidr_block')| list) }}" - private_subnets: "{{ (vpc_subnets.subnets| selectattr('tags.Public', 'equalto', 'False')| map(attribute='id')| list) }}" - - - name: create IGW - ec2_vpc_igw: - vpc_id: "{{ vpc.vpc.id }}" - - - name: create NAT GW - ec2_vpc_nat_gateway: - if_exist_do_not_create: yes - wait: yes - subnet_id: "{{ subnets.results[0].subnet.id }}" - register: nat_gateway - - - name: CHECK MODE - route table should be created - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - tags: - Public: "true" - Name: "Public route table" - check_mode: true - register: check_mode_results - - - name: assert that the public route table would be created - assert: - that: - - check_mode_results.changed - - - name: create public route table - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - tags: - Public: "true" - Name: "Public route table" - register: create_public_table - - - name: assert that public route table has an id - assert: - that: - - create_public_table.changed - - "create_public_table.route_table.id.startswith('rtb-')" - - "'Public' in create_public_table.route_table.tags and create_public_table.route_table.tags['Public'] == 'true'" - - create_public_table.route_table.routes|length == 1 - - create_public_table.route_table.associations|length == 0 - - create_public_table.route_table.vpc_id == "{{ vpc.vpc.id }}" - - create_public_table.route_table.propagating_vgws|length == 0 - - create_public_table.route_table.routes|length == 1 - - - name: CHECK MODE - route table should already exist - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - tags: - Public: "true" - Name: "Public route table" - check_mode: True - register: check_mode_results - - - name: assert the table already exists - assert: - that: - - not check_mode_results.changed - - - name: recreate public route table - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - tags: - Public: "true" - Name: "Public route table" - register: recreate_public_route_table - - - name: assert that public route table did not change - assert: - that: - - not recreate_public_route_table.changed - - "create_public_table.route_table.id.startswith('rtb-')" - - "'Public' in create_public_table.route_table.tags and create_public_table.route_table.tags['Public'] == 'true'" - - create_public_table.route_table.routes|length == 1 - - create_public_table.route_table.associations|length == 0 - - create_public_table.route_table.vpc_id == "{{ vpc.vpc.id }}" - - create_public_table.route_table.propagating_vgws|length == 0 - - create_public_table.route_table.routes|length == 1 - - - name: CHECK MODE - add route to public route table - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - tags: - Public: "true" - Name: "Public route table" - routes: - - dest: 0.0.0.0/0 - gateway_id: igw - check_mode: True - register: check_mode_results - - - name: assert a route would be added - assert: - that: - - check_mode_results.changed - - - name: add a route to public route table - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - tags: - Public: "true" - Name: "Public route table" - routes: - - dest: 0.0.0.0/0 - gateway_id: igw - register: add_routes - - - name: assert route table contains new route - assert: - that: - - add_routes.changed - - add_routes.route_table.routes|length == 2 - - "add_routes.route_table.id.startswith('rtb-')" - - "'Public' in add_routes.route_table.tags and add_routes.route_table.tags['Public'] == 'true'" - - add_routes.route_table.routes|length == 2 - - add_routes.route_table.associations|length == 0 - - add_routes.route_table.vpc_id == "{{ vpc.vpc.id }}" - - add_routes.route_table.propagating_vgws|length == 0 - - - name: CHECK MODE - re-add route to public route table - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - tags: - Public: "true" - Name: "Public route table" - routes: - - dest: 0.0.0.0/0 - gateway_id: igw - check_mode: True - register: check_mode_results - - - name: assert a route would not be added - assert: - that: - - check_mode_results is not changed - - - name: re-add a route to public route table - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - tags: - Public: "true" - Name: "Public route table" - routes: - - dest: 0.0.0.0/0 - gateway_id: igw - register: add_routes - - - name: assert route table contains route - assert: - that: - - add_routes is not changed - - add_routes.route_table.routes|length == 2 - - - name: CHECK MODE - add subnets to public route table - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - tags: - Public: "true" - Name: "Public route table" - routes: - - dest: 0.0.0.0/0 - gateway_id: igw - subnets: "{{ public_subnets }}" - check_mode: True - register: check_mode_results - - - name: assert the subnets would be added to the route table - assert: - that: - - check_mode_results.changed - - - name: add subnets to public route table - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - tags: - Public: "true" - Name: "Public route table" - routes: - - dest: 0.0.0.0/0 - gateway_id: igw - subnets: "{{ public_subnets }}" - register: add_subnets - - - name: assert route table contains subnets - assert: - that: - - add_subnets.changed - - add_subnets.route_table.associations|length == 2 - - - name: add a route to public route table - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - tags: - Public: "true" - Name: "Public route table" - routes: - - dest: 0.0.0.0/0 - gateway_id: igw - register: add_routes - - - name: CHECK MODE - no routes but purge_routes set to false - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - tags: - Public: "true" - Name: "Public route table" - purge_routes: no - subnets: "{{ public_subnets }}" - check_mode: True - register: check_mode_results - - - name: assert no routes would be removed - assert: - that: - - not check_mode_results.changed - - - name: rerun with purge_routes set to false - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - tags: - Public: "true" - Name: "Public route table" - purge_routes: no - subnets: "{{ public_subnets }}" - register: no_purge_routes - - - name: assert route table still has routes - assert: - that: - - not no_purge_routes.changed - - no_purge_routes.route_table.routes|length == 2 - - no_purge_routes.route_table.associations|length == 2 - - - name: rerun with purge_subnets set to false - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - tags: - Public: "true" - Name: "Public route table" - purge_subnets: no - routes: - - dest: 0.0.0.0/0 - gateway_id: igw - register: no_purge_subnets - - - name: assert route table still has subnets - assert: - that: - - not no_purge_subnets.changed - - no_purge_subnets.route_table.routes|length == 2 - - no_purge_subnets.route_table.associations|length == 2 - - - name: rerun with purge_tags not set (implicitly false) - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - routes: - - dest: 0.0.0.0/0 - gateway_id: igw - lookup: id - route_table_id: "{{ create_public_table.route_table.id }}" - subnets: "{{ public_subnets }}" - register: no_purge_tags - - - name: assert route table still has tags - assert: - that: - - not no_purge_tags.changed - - "'Public' in no_purge_tags.route_table.tags and no_purge_tags.route_table.tags['Public'] == 'true'" - - - name: CHECK MODE - purge subnets - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - routes: - - dest: 0.0.0.0/0 - gateway_id: igw - subnets: [] - tags: - Public: "true" - Name: "Public route table" - check_mode: True - register: check_mode_results - - - name: assert subnets would be removed - assert: - that: - - check_mode_results.changed - - - name: purge subnets - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - routes: - - dest: 0.0.0.0/0 - gateway_id: igw - subnets: [] - tags: - Public: "true" - Name: "Public route table" - register: purge_subnets - - - name: assert purge subnets worked - assert: - that: - - purge_subnets.changed - - purge_subnets.route_table.associations|length == 0 - - purge_subnets.route_table.id == create_public_table.route_table.id - - - name: CHECK MODE - purge routes - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - tags: - Public: "true" - Name: "Public route table" - routes: [] - check_mode: True - register: check_mode_results - - - name: assert routes would be removed - assert: - that: - - check_mode_results.changed - - - name: add subnets by cidr to public route table - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - routes: - - dest: 0.0.0.0/0 - gateway_id: igw - subnets: "{{ public_cidrs }}" - lookup: id - route_table_id: "{{ create_public_table.route_table.id }}" - register: add_subnets_cidr - - - name: assert route table contains subnets added by cidr - assert: - that: - - add_subnets_cidr.changed - - add_subnets_cidr.route_table.associations|length == 2 - - - name: purge subnets added by cidr - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - routes: - - dest: 0.0.0.0/0 - gateway_id: igw - subnets: [] - lookup: id - route_table_id: "{{ create_public_table.route_table.id }}" - register: purge_subnets_cidr - - - name: assert purge subnets added by cidr worked - assert: - that: - - purge_subnets_cidr.changed - - purge_subnets_cidr.route_table.associations|length == 0 - - - name: add subnets by name to public route table - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - routes: - - dest: 0.0.0.0/0 - gateway_id: igw - subnets: "{{ public_subnets }}" - lookup: id - route_table_id: "{{ create_public_table.route_table.id }}" - register: add_subnets_name - - - name: assert route table contains subnets added by name - assert: - that: - - add_subnets_name.changed - - add_subnets_name.route_table.associations|length == 2 - - - name: purge subnets added by name - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - routes: - - dest: 0.0.0.0/0 - gateway_id: igw - subnets: [] - lookup: id - route_table_id: "{{ create_public_table.route_table.id }}" - register: purge_subnets_name - - - name: assert purge subnets added by name worked - assert: - that: - - purge_subnets_name.changed - - purge_subnets_name.route_table.associations|length == 0 - - - name: purge routes - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - tags: - Public: "true" - Name: "Public route table" - routes: [] - register: purge_routes - - - name: assert purge routes worked - assert: - that: - - purge_routes.changed - - purge_routes.route_table.routes|length == 1 - - purge_routes.route_table.id == create_public_table.route_table.id - - - name: CHECK MODE - update tags - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - route_table_id: "{{ create_public_table.route_table.id }}" - lookup: id - purge_tags: yes - tags: - Name: Public route table - Updated: new_tag - check_mode: True - register: check_mode_results - - - name: assert tags would be changed - assert: - that: - - check_mode_results.changed - - - name: update tags - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - route_table_id: "{{ create_public_table.route_table.id }}" - lookup: id - purge_tags: yes - tags: - Name: Public route table - Updated: new_tag - register: update_tags - - - name: assert update tags worked - assert: - that: - - update_tags.changed - - "'Updated' in update_tags.route_table.tags and update_tags.route_table.tags['Updated'] == 'new_tag'" - - "'Public' not in update_tags.route_table.tags" - - - name: create NAT GW - ec2_vpc_nat_gateway: - if_exist_do_not_create: yes - wait: yes - subnet_id: "{{ subnets.results[0].subnet.id }}" - register: nat_gateway - - - name: CHECK MODE - create private route table - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - tags: - Public: "false" - Name: "Private route table" - routes: - - gateway_id: "{{ nat_gateway.nat_gateway_id }}" - dest: 0.0.0.0/0 - subnets: "{{ private_subnets }}" - check_mode: True - register: check_mode_results - - - name: assert the route table would be created - assert: - that: - - check_mode_results.changed - - - name: create private route table - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - tags: - Public: "false" - Name: "Private route table" - routes: - - gateway_id: "{{ nat_gateway.nat_gateway_id }}" - dest: 0.0.0.0/0 - subnets: "{{ private_subnets }}" - register: create_private_table - - - name: assert creating private route table worked - assert: - that: - - create_private_table.changed - - create_private_table.route_table.id != create_public_table.route_table.id - - "'Public' in create_private_table.route_table.tags" - - - name: CHECK MODE - destroy public route table by tags - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - state: absent - tags: - Updated: new_tag - Name: Public route table - check_mode: True - register: check_mode_results - - - name: assert the route table would be deleted - assert: - that: - check_mode_results.changed - - - name: destroy public route table by tags - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - state: absent - tags: - Updated: new_tag - Name: Public route table - register: destroy_table - - - name: assert destroy table worked - assert: - that: - - destroy_table.changed - - - name: CHECK MODE - redestroy public route table - ec2_vpc_route_table: - route_table_id: "{{ create_public_table.route_table.id }}" - lookup: id - state: absent - check_mode: True - register: check_mode_results - - - name: assert the public route table does not exist - assert: - that: - - not check_mode_results.changed - - - name: redestroy public route table - ec2_vpc_route_table: - route_table_id: "{{ create_public_table.route_table.id }}" - lookup: id - state: absent - register: redestroy_table - - - name: assert redestroy table worked - assert: - that: - - not redestroy_table.changed - - - name: destroy NAT GW - ec2_vpc_nat_gateway: - state: absent - wait: yes - release_eip: yes - subnet_id: "{{ subnets.results[0].subnet.id }}" - nat_gateway_id: "{{ nat_gateway.nat_gateway_id }}" - register: nat_gateway - - - name: show route table info, get table using route-table-id - ec2_vpc_route_table_info: - filters: - route-table-id: "{{ create_private_table.route_table.id }}" - register: route_table_info - - - name: assert route_table_info has correct attributes - assert: - that: - - '"route_tables" in route_table_info' - - 'route_table_info.route_tables | length == 1' - - '"id" in route_table_info.route_tables[0]' - - '"routes" in route_table_info.route_tables[0]' - - '"associations" in route_table_info.route_tables[0]' - - '"tags" in route_table_info.route_tables[0]' - - '"vpc_id" in route_table_info.route_tables[0]' - - 'route_table_info.route_tables[0].id == create_private_table.route_table.id' - - '"propagating_vgws" in route_table_info.route_tables[0]' - - - name: show route table info, get table using tags - ec2_vpc_route_table_info: - filters: - "tag:Public": "false" - "tag:Name": "Private route table" - vpc-id: "{{ vpc.vpc.id }}" - register: route_table_info - - - name: assert route_table_info has correct tags - assert: - that: - - 'route_table_info.route_tables | length == 1' - - '"tags" in route_table_info.route_tables[0]' - - '"Public" in route_table_info.route_tables[0].tags and route_table_info.route_tables[0].tags["Public"] == "false"' - - '"Name" in route_table_info.route_tables[0].tags and route_table_info.route_tables[0].tags["Name"] == "Private route table"' - - - name: create NAT GW - ec2_vpc_nat_gateway: - if_exist_do_not_create: yes - wait: yes - subnet_id: "{{ subnets.results[0].subnet.id }}" - register: nat_gateway - - - name: show route table info - ec2_vpc_route_table_info: - filters: - route-table-id: "{{ create_private_table.route_table.id }}" - - - name: recreate private route table with new NAT GW - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - tags: - Public: "false" - Name: "Private route table" - routes: - - nat_gateway_id: "{{ nat_gateway.nat_gateway_id }}" - dest: 0.0.0.0/0 - subnets: "{{ private_subnets }}" - register: recreate_private_table - - - name: assert creating private route table worked - assert: - that: - - recreate_private_table.changed - - recreate_private_table.route_table.id != create_public_table.route_table.id - - - name: create a VPC endpoint to test ec2_vpc_route_table ignores it - ec2_vpc_endpoint: - state: present - vpc_id: "{{ vpc.vpc.id }}" - service: "com.amazonaws.{{ aws_region }}.s3" - route_table_ids: - - "{{ recreate_private_table.route_table.route_table_id }}" - register: vpc_endpoint - - - name: purge routes - ec2_vpc_route_table: - vpc_id: "{{ vpc.vpc.id }}" - tags: - Public: "false" - Name: "Private route table" - routes: - - nat_gateway_id: "{{ nat_gateway.nat_gateway_id }}" - dest: 0.0.0.0/0 - subnets: "{{ private_subnets }}" - purge_routes: true - register: result - - - name: Get endpoint infos to verify that it wasn't purged from the route table - ec2_vpc_endpoint_info: - query: endpoints - vpc_endpoint_ids: - - "{{ vpc_endpoint.result.vpc_endpoint_id }}" - register: endpoint_details - - - name: assert the route table is associated with the VPC endpoint - assert: - that: - - endpoint_details.vpc_endpoints[0].route_table_ids[0] == recreate_private_table.route_table.route_table_id - - always: - ############################################################################# - # TEAR DOWN STARTS HERE - ############################################################################# - - name: remove the VPC endpoint - ec2_vpc_endpoint: - state: absent - vpc_endpoint_id: "{{ vpc_endpoint.result.vpc_endpoint_id }}" - when: vpc_endpoint is defined - ignore_errors: yes - - - name: destroy route tables - ec2_vpc_route_table: - route_table_id: "{{ item.route_table.id }}" - lookup: id - state: absent - with_items: - - "{{ create_public_table|default() }}" - - "{{ create_private_table|default() }}" - when: item and not item.failed - ignore_errors: yes - - - name: destroy NAT GW - ec2_vpc_nat_gateway: - state: absent - wait: yes - release_eip: yes - subnet_id: "{{ subnets.results[0].subnet.id }}" - nat_gateway_id: "{{ nat_gateway.nat_gateway_id }}" - ignore_errors: yes - - - name: destroy IGW - ec2_vpc_igw: - vpc_id: "{{ vpc.vpc.id }}" - state: absent - ignore_errors: yes - - - name: destroy subnets - ec2_vpc_subnet: - cidr: "{{ item.cidr }}" - vpc_id: "{{ vpc.vpc.id }}" - state: absent - with_items: - - cidr: 10.228.228.0/24 - - cidr: 10.228.229.0/24 - - cidr: 10.228.230.0/24 - - cidr: 10.228.231.0/24 - ignore_errors: yes - - - name: destroy VPC - ec2_vpc_net: - cidr_block: 10.228.228.0/22 - name: "{{ resource_prefix }}_vpc" - state: absent - ignore_errors: yes