diff --git a/plugins/modules/ec2_vpc_peer.py b/plugins/modules/ec2_vpc_peer.py index cea160d34ff..9c5d35349eb 100644 --- a/plugins/modules/ec2_vpc_peer.py +++ b/plugins/modules/ec2_vpc_peer.py @@ -51,6 +51,12 @@ default: present choices: ['present', 'absent', 'accept', 'reject'] type: str + wait: + description: + - Wait for peering state changes to complete. + required: false + default: false + type: bool author: Mike Mochan (@mmochan) extends_documentation_fragment: - amazon.aws.aws @@ -223,6 +229,24 @@ from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule from ansible_collections.amazon.aws.plugins.module_utils.core import is_boto3_error_code +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import AWSRetry +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ansible_dict_to_boto3_filter_list + + +def wait_for_state(client, module, state, pcx_id): + waiter = client.get_waiter('vpc_peering_connection_exists') + peer_filter = { + 'vpc-peering-connection-id': pcx_id, + 'status-code': state, + } + try: + waiter.wait( + Filters=ansible_dict_to_boto3_filter_list(peer_filter) + ) + except botocore.exceptions.WaiterError as e: + module.fail_json_aws(e, "Failed to wait for state change") + except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: + module.fail_json_aws(e, "Enable to describe Peerig Connection while waiting for state to change") def tags_changed(pcx_id, client, module): @@ -246,18 +270,18 @@ def tags_changed(pcx_id, client, module): def describe_peering_connections(params, client): + peer_filter = { + 'requester-vpc-info.vpc-id': params['VpcId'], + 'accepter-vpc-info.vpc-id': params['PeerVpcId'], + } result = client.describe_vpc_peering_connections( - Filters=[ - {'Name': 'requester-vpc-info.vpc-id', 'Values': [params['VpcId']]}, - {'Name': 'accepter-vpc-info.vpc-id', 'Values': [params['PeerVpcId']]} - ] + aws_retry=True, + Filters=ansible_dict_to_boto3_filter_list(peer_filter), ) if result['VpcPeeringConnections'] == []: result = client.describe_vpc_peering_connections( - Filters=[ - {'Name': 'requester-vpc-info.vpc-id', 'Values': [params['PeerVpcId']]}, - {'Name': 'accepter-vpc-info.vpc-id', 'Values': [params['VpcId']]} - ] + aws_retry=True, + Filters=ansible_dict_to_boto3_filter_list(peer_filter), ) return result @@ -291,8 +315,10 @@ def create_peer_connection(client, module): if is_pending(peering_conn): return (changed, peering_conn['VpcPeeringConnectionId']) try: - peering_conn = client.create_vpc_peering_connection(**params) + peering_conn = client.create_vpc_peering_connection(aws_retry=True, **params) pcx_id = peering_conn['VpcPeeringConnection']['VpcPeeringConnectionId'] + if module.params.get('wait'): + wait_for_state(client, module, 'pending-acceptance', pcx_id) if module.params.get('tags'): create_tags(pcx_id, client, module) changed = True @@ -303,7 +329,9 @@ def create_peer_connection(client, module): def remove_peer_connection(client, module): pcx_id = module.params.get('peering_id') - if not pcx_id: + if pcx_id: + peering_conns = client.describe_vpc_peering_connections(aws_retry=True, VpcPeeringConnectionIds=[pcx_id]) + else: params = dict() params['VpcId'] = module.params.get('vpc_id') params['PeerVpcId'] = module.params.get('peer_vpc_id') @@ -311,15 +339,23 @@ def remove_peer_connection(client, module): if module.params.get('peer_owner_id'): params['PeerOwnerId'] = str(module.params.get('peer_owner_id')) peering_conns = describe_peering_connections(params, client) - if not peering_conns: - module.exit_json(changed=False) - else: - pcx_id = peering_conns['VpcPeeringConnections'][0]['VpcPeeringConnectionId'] + + if not peering_conns: + module.exit_json(changed=False) + else: + pcx_id = pcx_id or peering_conns['VpcPeeringConnections'][0]['VpcPeeringConnectionId'] + + if peering_conns['VpcPeeringConnections'][0]['Status']['Code'] == 'deleted': + module.exit_json(msg='Connection in deleted state.', changed=False) + if peering_conns['VpcPeeringConnections'][0]['Status']['Code'] == 'rejected': + module.exit_json(msg='Connection has been rejected. State cannot be changed and will be removed automatically by AWS', changed=False) try: params = dict() params['VpcPeeringConnectionId'] = pcx_id - client.delete_vpc_peering_connection(**params) + client.delete_vpc_peering_connection(aws_retry=True, **params) + if module.params.get('wait'): + wait_for_state(client, module, 'deleted', pcx_id) module.exit_json(changed=True) except botocore.exceptions.ClientError as e: module.fail_json(msg=str(e)) @@ -329,7 +365,7 @@ def peer_status(client, module): params = dict() params['VpcPeeringConnectionIds'] = [module.params.get('peering_id')] try: - vpc_peering_connection = client.describe_vpc_peering_connections(**params) + vpc_peering_connection = client.describe_vpc_peering_connections(aws_retry=True, **params) return vpc_peering_connection['VpcPeeringConnections'][0]['Status']['Code'] except is_boto3_error_code('InvalidVpcPeeringConnectionId.Malformed') as e: module.fail_json_aws(e, msg='Malformed connection ID') @@ -340,16 +376,22 @@ def peer_status(client, module): def accept_reject(state, client, module): changed = False params = dict() - params['VpcPeeringConnectionId'] = module.params.get('peering_id') - if peer_status(client, module) != 'active': + pcx_id = module.params.get('peering_id') + params['VpcPeeringConnectionId'] = pcx_id + current_state = peer_status(client, module) + if current_state not in ['active', 'rejected']: try: if state == 'accept': - client.accept_vpc_peering_connection(**params) + client.accept_vpc_peering_connection(aws_retry=True, **params) + target_state = 'active' else: - client.reject_vpc_peering_connection(**params) + client.reject_vpc_peering_connection(aws_retry=True, **params) + target_state = 'rejected' if module.params.get('tags'): create_tags(params['VpcPeeringConnectionId'], client, module) changed = True + if module.params.get('wait'): + wait_for_state(client, module, target_state, pcx_id) except botocore.exceptions.ClientError as e: module.fail_json(msg=str(e)) if tags_changed(params['VpcPeeringConnectionId'], client, module): @@ -368,21 +410,21 @@ def load_tags(module): def create_tags(pcx_id, client, module): try: delete_tags(pcx_id, client, module) - client.create_tags(Resources=[pcx_id], Tags=load_tags(module)) + client.create_tags(aws_retry=True, Resources=[pcx_id], Tags=load_tags(module)) except botocore.exceptions.ClientError as e: module.fail_json(msg=str(e)) def delete_tags(pcx_id, client, module): try: - client.delete_tags(Resources=[pcx_id]) + client.delete_tags(aws_retry=True, Resources=[pcx_id]) except botocore.exceptions.ClientError as e: module.fail_json(msg=str(e)) def find_pcx_by_id(pcx_id, client, module): try: - return client.describe_vpc_peering_connections(VpcPeeringConnectionIds=[pcx_id]) + return client.describe_vpc_peering_connections(aws_retry=True, VpcPeeringConnectionIds=[pcx_id]) except botocore.exceptions.ClientError as e: module.fail_json(msg=str(e)) @@ -396,6 +438,7 @@ def main(): peer_owner_id=dict(), tags=dict(required=False, type='dict'), state=dict(default='present', choices=['present', 'absent', 'accept', 'reject']), + wait=dict(default=False, type='bool'), ) required_if = [ ('state', 'present', ['vpc_id', 'peer_vpc_id']), @@ -411,7 +454,7 @@ def main(): peer_vpc_id = module.params.get('peer_vpc_id') try: - client = module.client('ec2') + client = module.client('ec2', retry_decorator=AWSRetry.jittered_backoff()) except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: module.fail_json_aws(e, msg='Failed to connect to AWS') diff --git a/plugins/modules/ec2_vpc_peering_info.py b/plugins/modules/ec2_vpc_peering_info.py index 117992e76c6..a086fde3639 100644 --- a/plugins/modules/ec2_vpc_peering_info.py +++ b/plugins/modules/ec2_vpc_peering_info.py @@ -61,6 +61,140 @@ ''' RETURN = r''' +vpc_peering_connections: + description: Details of the matching VPC peering connections. + returned: success + type: list + contains: + accepter_vpc_info: + description: Information about the VPC which accepted the connection. + returned: success + type: complex + contains: + cidr_block: + description: The primary CIDR for the VPC. + returned: when connection is in the accepted state. + type: str + example: '10.10.10.0/23' + cidr_block_set: + description: A list of all CIDRs for the VPC. + returned: when connection is in the accepted state. + type: complex + contains: + cidr_block: + description: A CIDR block used by the VPC. + returned: success + type: str + example: '10.10.10.0/23' + owner_id: + description: The AWS account that owns the VPC. + returned: success + type: str + example: 012345678901 + peering_options: + description: Additional peering configuration. + returned: when connection is in the accepted state. + type: dict + contains: + allow_dns_resolution_from_remote_vpc: + description: Indicates whether a VPC can resolve public DNS hostnames to private IP addresses when queried from instances in a peer VPC. + returned: success + type: bool + allow_egress_from_local_classic_link_to_remote_vpc: + description: Indicates whether a local ClassicLink connection can communicate with the peer VPC over the VPC peering connection. + returned: success + type: bool + allow_egress_from_local_vpc_to_remote_classic_link: + description: Indicates whether a local VPC can communicate with a ClassicLink connection in the peer VPC over the VPC peering connection. + returned: success + type: bool + region: + description: The AWS region that the VPC is in. + returned: success + type: str + example: us-east-1 + vpc_id: + description: The ID of the VPC + returned: success + type: str + example: vpc-0123456789abcdef0 + requester_vpc_info: + description: Information about the VPC which requested the connection. + returned: success + type: complex + contains: + cidr_block: + description: The primary CIDR for the VPC. + returned: when connection is not in the deleted state. + type: str + example: '10.10.10.0/23' + cidr_block_set: + description: A list of all CIDRs for the VPC. + returned: when connection is not in the deleted state. + type: complex + contains: + cidr_block: + description: A CIDR block used by the VPC + returned: success + type: str + example: '10.10.10.0/23' + owner_id: + description: The AWS account that owns the VPC. + returned: success + type: str + example: 012345678901 + peering_options: + description: Additional peering configuration. + returned: when connection is not in the deleted state. + type: dict + contains: + allow_dns_resolution_from_remote_vpc: + description: Indicates whether a VPC can resolve public DNS hostnames to private IP addresses when queried from instances in a peer VPC. + returned: success + type: bool + allow_egress_from_local_classic_link_to_remote_vpc: + description: Indicates whether a local ClassicLink connection can communicate with the peer VPC over the VPC peering connection. + returned: success + type: bool + allow_egress_from_local_vpc_to_remote_classic_link: + description: Indicates whether a local VPC can communicate with a ClassicLink connection in the peer VPC over the VPC peering connection. + returned: success + type: bool + region: + description: The AWS region that the VPC is in. + returned: success + type: str + example: us-east-1 + vpc_id: + description: The ID of the VPC + returned: success + type: str + example: vpc-0123456789abcdef0 + status: + description: Details of the current status of the connection. + returned: success + type: complex + contains: + code: + description: A short code describing the status of the connection. + returned: success + type: str + example: active + message: + description: Additional information about the status of the connection. + returned: success + type: str + example: Pending Acceptance by 012345678901 + tags: + description: Tags applied to the connection. + returned: success + type: dict + vpc_peering_connection_id: + description: The ID of the VPC peering connection. + returned: success + type: str + example: "pcx-0123456789abcdef0" + result: description: The result of the describe. returned: success @@ -121,7 +255,7 @@ def main(): for peer in results: peer['tags'] = boto3_tag_list_to_ansible_dict(peer.get('tags', [])) - module.exit_json(result=results) + module.exit_json(result=results, vpc_peering_connections=results) if __name__ == '__main__': diff --git a/tests/integration/targets/ec2_vpc_peer/aliases b/tests/integration/targets/ec2_vpc_peer/aliases new file mode 100644 index 00000000000..0e90cab464b --- /dev/null +++ b/tests/integration/targets/ec2_vpc_peer/aliases @@ -0,0 +1,4 @@ +cloud/aws +shippable/aws/group1 + +ec2_vpc_peering_info diff --git a/tests/integration/targets/ec2_vpc_peer/defaults/main.yml b/tests/integration/targets/ec2_vpc_peer/defaults/main.yml new file mode 100644 index 00000000000..0ff34455b45 --- /dev/null +++ b/tests/integration/targets/ec2_vpc_peer/defaults/main.yml @@ -0,0 +1,6 @@ +--- +vpc_seed: '{{ resource_prefix }}' +vpc_1_name: '{{ resource_prefix }}-vpc-1' +vpc_1_cidr: '10.{{ 256 | random(seed=vpc_seed) }}.0.0/23' +vpc_2_name: '{{ resource_prefix }}-vpc-1' +vpc_2_cidr: '10.{{ 256 | random(seed=vpc_seed) }}.2.0/23' diff --git a/tests/integration/targets/ec2_vpc_peer/tasks/main.yml b/tests/integration/targets/ec2_vpc_peer/tasks/main.yml new file mode 100644 index 00000000000..5d6f7851bc2 --- /dev/null +++ b/tests/integration/targets/ec2_vpc_peer/tasks/main.yml @@ -0,0 +1,481 @@ +--- +- name: ec2_vpc_igw tests + collections: + - amazon.aws + module_defaults: + group/aws: + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + security_token: "{{ security_token | default(omit) }}" + region: "{{ aws_region }}" + block: + - name: get ARN of calling user + aws_caller_info: + register: aws_caller_info + - name: Store Account ID for later use + set_fact: + account_id: '{{ aws_caller_info.account }}' + + # ============================================================ + - name: Fetch Peers in check_mode + ec2_vpc_peering_info: + register: peers_info + check_mode: True + - name: Assert success + assert: + that: + - peers_info is successful + - '"result" in peers_info' + + # ============================================================ + - name: create VPC 1 + ec2_vpc_net: + name: "{{ vpc_1_name }}" + state: present + cidr_block: "{{ vpc_1_cidr }}" + tags: + Name: "{{ vpc_1_name }}" + TestPrefex: "{{ resource_prefix }}" + register: vpc_1_result + - name: Assert success + assert: + that: + - vpc_1_result is successful + + - name: create VPC 2 + ec2_vpc_net: + name: "{{ vpc_2_name }}" + state: present + cidr_block: "{{ vpc_2_cidr }}" + tags: + Name: "{{ vpc_2_name }}" + TestPrefex: "{{ resource_prefix }}" + register: vpc_2_result + - name: Assert success + assert: + that: + - vpc_2_result is successful + + - name: Store VPC IDs + set_fact: + vpc_1: '{{ vpc_1_result.vpc.id }}' + vpc_2: '{{ vpc_2_result.vpc.id }}' + + - name: Set a name to use with the connections + set_fact: + connection_name: 'Peering connection for VPC {{ vpc_1 }} to VPC {{ vpc_2 }}' + + - name: Create local account VPC peering Connection + ec2_vpc_peer: + vpc_id: '{{ vpc_1 }}' + peer_vpc_id: '{{ vpc_2 }}' + state: present + tags: + Name: 'Peering connection for VPC {{ vpc_1 }} to VPC {{ vpc_2 }}' + register: vpc_peer + - name: Assert success + assert: + that: + - vpc_peer is changed + - vpc_peer is successful + - "'peering_id' in vpc_peer" + - vpc_peer.peering_id.startswith('pcx-') + + - name: Store Connection ID + set_fact: + peer_id_1: '{{ vpc_peer.peering_id }}' + + - name: (re-) Create local account VPC peering Connection (idempotency) + ec2_vpc_peer: + vpc_id: '{{ vpc_1 }}' + peer_vpc_id: '{{ vpc_2 }}' + state: present + tags: + Name: '{{ connection_name }}' + register: vpc_peer + - name: Assert success + assert: + that: + - vpc_peer is not changed + - vpc_peer is successful + - vpc_peer.peering_id == peer_id_1 + + - name: Get details on specific VPC peer + ec2_vpc_peering_info: + peer_connection_ids: + - '{{ peer_id_1 }}' + register: peer_info + - name: Assert expected values + assert: + that: + - peer_info is successful + - "'vpc_peering_connections' in peer_info" + - "'result' in peer_info" + - "'accepter_vpc_info' in peer_details" + - "'requester_vpc_info' in peer_details" + - "'status' in peer_details" + - "'code' in peer_details.status" + - peer_details.status.code == "pending-acceptance" + - "'message' in peer_details.status" + - "'tags' in peer_details" + - "'Name' in peer_details.tags" + - peer_details.tags.Name == connection_name + - "'vpc_peering_connection_id' in peer_details" + - peer_details.vpc_peering_connection_id == peer_id_1 + # Acceptor info isn't available until the connection has been accepted + - "'cidr_block' not in acceptor_details" + - "'cidr_block_set' not in acceptor_details" + - "'peering_options' not in acceptor_details" + - "'owner_id' in acceptor_details" + - acceptor_details.owner_id == account_id + - "'region' in acceptor_details" + - acceptor_details.region == aws_region + - "'vpc_id' in acceptor_details" + - acceptor_details.vpc_id == vpc_2 + # Information about the 'requesting' VPC + - "'cidr_block' in requester_details" + - requester_details.cidr_block == vpc_1_cidr + - "'cidr_block_set' in requester_details" + - requester_details.cidr_block_set | length == 1 + - "'cidr_block' in requester_details.cidr_block_set[0]" + - requester_details.cidr_block_set[0].cidr_block == vpc_1_cidr + - "'peering_options' in requester_details" + - "'owner_id' in requester_details" + - requester_details.owner_id == account_id + - "'region' in requester_details" + - requester_details.region == aws_region + - "'vpc_id' in requester_details" + - requester_details.vpc_id == vpc_1 + vars: + peer_details: '{{ peer_info.vpc_peering_connections[0] }}' + acceptor_details: '{{ peer_details["accepter_vpc_info"] }}' + requester_details: '{{ peer_details["requester_vpc_info"] }}' + + - name: Get all vpc peers with specific filters + ec2_vpc_peering_info: + filters: + status-code: ['pending-acceptance'] + register: pending_vpc_peers + - name: Assert expected values + assert: + that: + # Not guaranteed to just be us, only assert the shape + - pending_vpc_peers is successful + - "'vpc_peering_connections' in peer_info" + - "'result' in peer_info" + - "'accepter_vpc_info' in peer_details" + - "'requester_vpc_info' in peer_details" + - "'status' in peer_details" + - "'code' in peer_details.status" + - peer_details.status.code == "pending-acceptance" + - "'message' in peer_details.status" + - "'tags' in peer_details" + - "'vpc_peering_connection_id' in peer_details" + # Acceptor info isn't available until the connection has been accepted + - "'cidr_block' not in acceptor_details" + - "'cidr_block_set' not in acceptor_details" + - "'peering_options' not in acceptor_details" + - "'owner_id' in acceptor_details" + - "'region' in acceptor_details" + - "'vpc_id' in acceptor_details" + # Information about the 'requesting' VPC + - "'cidr_block' in requester_details" + - "'cidr_block_set' in requester_details" + - "'cidr_block' in requester_details.cidr_block_set[0]" + - "'peering_options' in requester_details" + - "'owner_id' in requester_details" + - "'region' in requester_details" + - "'vpc_id' in requester_details" + vars: + peer_details: '{{ pending_vpc_peers.vpc_peering_connections[0] }}' + acceptor_details: '{{ peer_details["accepter_vpc_info"] }}' + requester_details: '{{ peer_details["requester_vpc_info"] }}' + + - name: Update tags on the VPC Peering Connection + ec2_vpc_peer: + vpc_id: '{{ vpc_1 }}' + peer_vpc_id: '{{ vpc_2 }}' + state: present + tags: + Name: '{{ connection_name }}' + testPrefix: '{{ resource_prefix }}' + register: tag_peer + - name: Assert success + assert: + that: + - tag_peer is changed + - tag_peer is successful + - tag_peer.peering_id == peer_id_1 + + - name: (re-) Update tags on the VPC Peering Connection (idempotency) + ec2_vpc_peer: + vpc_id: '{{ vpc_1 }}' + peer_vpc_id: '{{ vpc_2 }}' + state: present + tags: + Name: '{{ connection_name }}' + testPrefix: '{{ resource_prefix }}' + register: tag_peer + - name: Assert success + assert: + that: + - tag_peer is not changed + - tag_peer is successful + - tag_peer.peering_id == peer_id_1 + + - name: Get details on specific VPC peer + ec2_vpc_peering_info: + peer_connection_ids: + - '{{ peer_id_1 }}' + register: peer_info + - name: Assert expected tags + assert: + that: + - peer_info is successful + - "'tags' in peer_details" + - "'Name' in peer_details.tags" + - "'testPrefix' in peer_details.tags" + - peer_details.tags.Name == connection_name + - peer_details.tags.testPrefix == resource_prefix + vars: + peer_details: '{{ peer_info.vpc_peering_connections[0] }}' + + - name: Accept local VPC peering request + ec2_vpc_peer: + peering_id: "{{ vpc_peer.peering_id }}" + state: accept + wait: True + register: action_peer + - name: Assert success + assert: + that: + - action_peer is changed + - action_peer is successful + - action_peer.peering_id == peer_id_1 + + - name: Get details on specific VPC peer + ec2_vpc_peering_info: + peer_connection_ids: + - '{{ peer_id_1 }}' + register: peer_info + - name: Assert expected values + assert: + that: + - peer_info is successful + - "'vpc_peering_connections' in peer_info" + - "'result' in peer_info" + - "'accepter_vpc_info' in peer_details" + - "'requester_vpc_info' in peer_details" + - "'status' in peer_details" + - "'code' in peer_details.status" + - peer_details.status.code == "active" + - "'message' in peer_details.status" + - "'tags' in peer_details" + - "'Name' in peer_details.tags" + - peer_details.tags.Name == connection_name + - "'testPrefix' in peer_details.tags" + - peer_details.tags.testPrefix == resource_prefix + - "'vpc_peering_connection_id' in peer_details" + - peer_details.vpc_peering_connection_id == peer_id_1 + # Information about the 'accepting' VPC should be available now + - "'cidr_block' in acceptor_details" + - acceptor_details.cidr_block == vpc_2_cidr + - "'cidr_block_set' in acceptor_details" + - acceptor_details.cidr_block_set | length == 1 + - "'cidr_block' in acceptor_details.cidr_block_set[0]" + - acceptor_details.cidr_block_set[0].cidr_block == vpc_2_cidr + - "'peering_options' in acceptor_details" + - "'owner_id' in acceptor_details" + - acceptor_details.owner_id == account_id + - "'region' in acceptor_details" + - acceptor_details.region == aws_region + - "'vpc_id' in acceptor_details" + - acceptor_details.vpc_id == vpc_2 + # Information about the 'requesting' VPC + - "'cidr_block' in requester_details" + - requester_details.cidr_block == vpc_1_cidr + - "'cidr_block_set' in requester_details" + - requester_details.cidr_block_set | length == 1 + - "'cidr_block' in requester_details.cidr_block_set[0]" + - requester_details.cidr_block_set[0].cidr_block == vpc_1_cidr + - "'peering_options' in requester_details" + - "'owner_id' in requester_details" + - requester_details.owner_id == account_id + - "'region' in requester_details" + - requester_details.region == aws_region + - "'vpc_id' in requester_details" + - requester_details.vpc_id == vpc_1 + vars: + peer_details: '{{ peer_info.vpc_peering_connections[0] }}' + acceptor_details: '{{ peer_details["accepter_vpc_info"] }}' + requester_details: '{{ peer_details["requester_vpc_info"] }}' + + - name: (re-) Accept local VPC peering request (idempotency) + ec2_vpc_peer: + peering_id: "{{ vpc_peer.peering_id }}" + state: accept + register: action_peer + - name: Assert success + assert: + that: + - action_peer is not changed + - action_peer is successful + - action_peer.peering_id == peer_id_1 + + - name: delete a local VPC peering Connection + ec2_vpc_peer: + peering_id: "{{ vpc_peer.peering_id }}" + state: absent + register: delete_peer + - name: Assert success + assert: + that: + - delete_peer is changed + - delete_peer is successful + + - name: Get details on specific VPC peer + ec2_vpc_peering_info: + peer_connection_ids: + - '{{ peer_id_1}}' + register: peer_info + - name: Assert expected values + assert: + that: + - peer_info is successful + - "'vpc_peering_connections' in peer_info" + - "'result' in peer_info" + - "'accepter_vpc_info' in peer_details" + - "'requester_vpc_info' in peer_details" + - "'status' in peer_details" + - "'code' in peer_details.status" + - peer_details.status.code == "deleted" + - "'message' in peer_details.status" + - "'tags' in peer_details" + - "'Name' in peer_details.tags" + - peer_details.tags.Name == connection_name + - "'testPrefix' in peer_details.tags" + - peer_details.tags.testPrefix == resource_prefix + - "'vpc_peering_connection_id' in peer_details" + - peer_details.vpc_peering_connection_id == peer_id_1 + # Information about the 'accepting' VPC is reduced again + - "'cidr_block' not in acceptor_details" + - "'cidr_block_set' not in acceptor_details" + - "'peering_options' not in acceptor_details" + - "'owner_id' in acceptor_details" + - acceptor_details.owner_id == account_id + - "'region' in acceptor_details" + - acceptor_details.region == aws_region + - "'vpc_id' in acceptor_details" + - acceptor_details.vpc_id == vpc_2 + # Information about the 'requesting' VPC is reduced once the VPC's deleted + - "'cidr_block' not in requester_details" + - "'cidr_block_set' not in requester_details" + - "'peering_options' not in requester_details" + - "'owner_id' in requester_details" + - requester_details.owner_id == account_id + - "'region' in requester_details" + - requester_details.region == aws_region + - "'vpc_id' in requester_details" + - requester_details.vpc_id == vpc_1 + vars: + peer_details: '{{ peer_info.vpc_peering_connections[0] }}' + acceptor_details: '{{ peer_details["accepter_vpc_info"] }}' + requester_details: '{{ peer_details["requester_vpc_info"] }}' + + - name: (re-) delete a local VPC peering Connection (idempotency) + ec2_vpc_peer: + peering_id: "{{ vpc_peer.peering_id }}" + state: absent + register: delete_peer + - name: Assert success + assert: + that: + - delete_peer is not changed + - delete_peer is successful + + - name: Create local account VPC peering Connection + ec2_vpc_peer: + vpc_id: '{{ vpc_1 }}' + peer_vpc_id: '{{ vpc_2 }}' + state: present + tags: + Name: 'Peering connection for VPC {{ vpc_1 }} to VPC {{ vpc_2 }}' + register: vpc_peer2 + - name: Assert success + assert: + that: + - vpc_peer2 is changed + - vpc_peer2 is successful + - "'peering_id' in vpc_peer2" + - vpc_peer2.peering_id.startswith('pcx-') + + - name: Store Connection ID + set_fact: + peer_id_2: '{{ vpc_peer2.peering_id }}' + + - name: reject a local VPC peering Connection + ec2_vpc_peer: + peering_id: "{{ vpc_peer2.peering_id }}" + state: reject + wait: True + register: reject_peer + - name: Assert success + assert: + that: + - reject_peer is changed + - reject_peer is successful + - reject_peer.peering_id == peer_id_2 + + - name: (re-) reject a local VPC peering Connection + ec2_vpc_peer: + peering_id: "{{ vpc_peer2.peering_id }}" + state: reject + register: reject_peer + - name: Assert success + assert: + that: + - reject_peer is not changed + - reject_peer is successful + - reject_peer.peering_id == peer_id_2 + + - name: delete a local VPC peering Connection + ec2_vpc_peer: + peering_id: "{{ vpc_peer2.peering_id }}" + state: absent + register: delete_peer + - name: Assert success + assert: + that: + - delete_peer is not changed + - delete_peer is successful + + always: + # ============================================================ + + - name: delete a local VPC peering Connection + ec2_vpc_peer: + peering_id: "{{ vpc_peer.peering_id }}" + state: absent + register: delete_peer + ignore_errors: True + + - name: delete a local VPC peering Connection + ec2_vpc_peer: + peering_id: "{{ vpc_peer2.peering_id }}" + state: absent + register: delete_peer + ignore_errors: True + + - name: tidy up VPC 2 + ec2_vpc_net: + name: "{{ vpc_2_name }}" + state: absent + cidr_block: "{{ vpc_2_cidr }}" + ignore_errors: true + + - name: tidy up VPC 1 + ec2_vpc_net: + name: "{{ vpc_1_name }}" + state: absent + cidr_block: "{{ vpc_1_cidr }}" + ignore_errors: true