ansible-collections · softwarefactory-project-zuul · Jul 4, 2023 · Jul 4, 2023
diff --git a/changelogs/fragments/1604-c2_vpc_nat_gateway-fails-silently.yml b/changelogs/fragments/1604-c2_vpc_nat_gateway-fails-silently.yml
@@ -0,0 +1,3 @@
+---
+bugfixes:
+- ec2_vpc_nat_gateway - adding a boolean parameter called ``default_create`` to allow users to have the option to choose whether they want to display an error message or create a NAT gateway when an EIP address is not found. The module (ec2_vpc_nat_gateway) had incorrectly failed silently if EIP didn't exist (https://github.com/ansible-collections/amazon.aws/issues/1295).
diff --git a/plugins/modules/ec2_vpc_nat_gateway.py b/plugins/modules/ec2_vpc_nat_gateway.py
@@ -75,6 +75,16 @@
         When specifying this option, ensure you specify the eip_address parameter
         as well otherwise any subsequent runs will fail.
     type: str
+  default_create:
+    description:
+      - When I(default_create=True) and I(eip_address) has been set, but not yet
+        allocated, the NAT gateway is created and a new EIP is automatically allocated.
+      - When I(default_create=False) and I(eip_address) has been set, but not yet
+        allocated, the module will fail.
+      - If I(eip_address) has not been set, this parameter has no effect.
+    default: false
+    type: bool
+    version_added: 6.2.0
 author:
   - Allen Sanabria (@linuxdynasty)
   - Jon Hadfield (@jonhadfield)
@@ -660,6 +670,7 @@ def pre_create(
     wait=False,
     client_token=None,
     connectivity_type="public",
+    default_create=False,
 ):
     """Create an Amazon NAT Gateway.
     Args:
@@ -681,6 +692,8 @@ def pre_create(
             default = False
         client_token (str):
             default = None
+        default_create (bool): create a NAT gateway even if EIP address is not found.
+            default = False
 
     Basic Usage:
         >>> client = boto3.client('ec2')
@@ -745,9 +758,25 @@ def pre_create(
     elif eip_address or allocation_id:
         if eip_address and not allocation_id:
             allocation_id, msg = get_eip_allocation_id_by_address(client, module, eip_address)
-            if not allocation_id:
+            if not allocation_id and not default_create:
                 changed = False
-                return changed, msg, dict()
+                module.fail_json(msg=msg)
+            elif not allocation_id and default_create:
+                eip_address = None
+                return pre_create(
+                    client,
+                    module,
+                    subnet_id,
+                    tags,
+                    purge_tags,
+                    allocation_id,
+                    eip_address,
+                    if_exist_do_not_create,
+                    wait,
+                    client_token,
+                    connectivity_type,
+                    default_create,
+                )
 
         existing_gateways, allocation_id_exists = gateway_in_subnet_exists(client, module, subnet_id, allocation_id)
 
@@ -870,6 +899,7 @@ def main():
         client_token=dict(type="str", no_log=False),
         tags=dict(required=False, type="dict", aliases=["resource_tags"]),
         purge_tags=dict(default=True, type="bool"),
+        default_create=dict(type="bool", default=False),
     )
 
     module = AnsibleAWSModule(
@@ -891,6 +921,7 @@ def main():
     if_exist_do_not_create = module.params.get("if_exist_do_not_create")
     tags = module.params.get("tags")
     purge_tags = module.params.get("purge_tags")
+    default_create = module.params.get("default_create")
 
     try:
         client = module.client("ec2", retry_decorator=AWSRetry.jittered_backoff())
@@ -913,6 +944,7 @@ def main():
             wait,
             client_token,
             connectivity_type,
+            default_create,
         )
     else:
         changed, msg, results = remove(client, module, nat_gateway_id, wait, release_eip, connectivity_type)

diff --git a/tests/integration/targets/ec2_vpc_nat_gateway/tasks/main.yml b/tests/integration/targets/ec2_vpc_nat_gateway/tasks/main.yml
@@ -411,6 +411,47 @@
       - create_ngw.vpc_id == vpc_id
 
 
+  # ============================================================
+  - name: Create new NAT gateway when eip_address is invalid and create_default is true
+    ec2_vpc_nat_gateway:
+      subnet_id: '{{ subnet_id }}'
+      eip_address:  "192.0.2.1"
+      state: present
+      wait: yes
+      default_create: true
+    register: _nat_gateway
+
+  - name: 
+    assert:
+      that:
+        - _nat_gateway.changed
+        - '"create_time" in _nat_gateway'
+        - '"nat_gateway_addresses" in _nat_gateway'
+        - '"nat_gateway_id" in _nat_gateway'
+        - _nat_gateway.nat_gateway_id.startswith("nat-")
+        - '"state" in _nat_gateway'
+        - _nat_gateway.state == 'available'
+        - '"subnet_id" in _nat_gateway'
+        - _nat_gateway.subnet_id == subnet_id
+        - '"tags" in _nat_gateway'
+        - '"vpc_id" in _nat_gateway'
+        - _nat_gateway.vpc_id == vpc_id
+
+  - name: Fail when eip_address is invalid and create_default is false
+    ec2_vpc_nat_gateway:
+      subnet_id: '{{ subnet_id }}'
+      eip_address:  "192.0.2.1"
+      state: present
+      wait: yes
+    register: _fail_nat_gateway
+    ignore_errors: true
+
+  - name: Assert fail because eip_address is invalid
+    assert:
+      that:
+        _fail_nat_gateway.msg == "EIP 192.0.2.1 does not exist"
+
+
   # ============================================================
   - name: Fetch NAT gateway by ID (list)
     ec2_vpc_nat_gateway_info: