elb_target - add preserve_client_ip_enabled ond proxy_protocol_v2_ena…

…bled ptions

Signed-off-by: Alina Buzachis <[email protected]>

changelogs/fragments/670-elb_target_group-new_attriibutes.yml

@@ -0,0 +1,3 @@
+minor_changes:
+ - elb_target_group - add ``preserve_client_ip_enabled`` option (https://github.com/ansible-collections/community.aws/pull/670).
+ - elb_target_group - add ``proxy_protocol_v2_enabled`` option (https://github.com/ansible-collections/community.aws/pull/670).

plugins/modules/elb_target_group.py

@@ -161,6 +161,23 @@
       - The identifier of the virtual private cloud (VPC). Required when I(state) is C(present).
     required: false
     type: str
+  preserve_client_ip_enabled:
+    description:
+      - Indicates whether client IP preservation is enabled.
+      - The default is disabled if the target group type is C(ip) address and the target group protocol is C(tcp) or C(tls).
+        Otherwise, the default is enabled. Client IP preservation cannot be disabled for C(udp) and C(tcp_udp) target groups.
+      - I(preserve_client_ip_enabled) is supported only by Network Load Balancers.
+    type: bool
+    required: false
+    version_added: 2.0.0
+  proxy_protocol_v2_enabled:
+    description:
+      - Indicates whether Proxy Protocol version 2 is enabled. 
+      - The value is C(true) or C(false).
+      - I(proxy_protocol_v2_enabled) is supported only by Network Load Balancers.
+    type: bool
+    required: false
+    version_added: 2.0.0
   wait:
     description:
       - Whether or not to wait for the target group.
@@ -480,6 +497,8 @@ def create_or_update_target_group(connection, module):
     stickiness_type = module.params.get("stickiness_type")
     stickiness_app_cookie_duration = module.params.get("stickiness_app_cookie_duration")
     stickiness_app_cookie_name = module.params.get("stickiness_app_cookie_name")
+    preserve_client_ip_enabled = module.params.get("preserve_client_ip_enabled")
+    proxy_protocol_v2_enabled = module.params.get("proxy_protocol_v2_enabled")
 
     health_option_keys = [
         "health_check_path", "health_check_protocol", "health_check_interval", "health_check_timeout",
@@ -773,7 +792,14 @@ def create_or_update_target_group(connection, module):
     if stickiness_app_cookie_duration is not None:
         if str(stickiness_app_cookie_duration) != current_tg_attributes['stickiness_app_cookie_duration_seconds']:
             update_attributes.append({'Key': 'stickiness.app_cookie.duration_seconds', 'Value': str(stickiness_app_cookie_duration)})
-
+    if preserve_client_ip_enabled is not None:
+        if target_type not in ('udp', 'tcp_udp'):
+            if str(preserve_client_ip_enabled).lower() != current_tg_attributes.get('preserve_client_ip_enabled'):
+                update_attributes.append({'Key': 'preserve_client_ip.enabled', 'Value': str(preserve_client_ip_enabled).lower()})
+    if proxy_protocol_v2_enabled is not None:
+        if str(proxy_protocol_v2_enabled).lower() != current_tg_attributes.get('proxy_protocol_v2_enabled'):
+            update_attributes.append({'Key': 'proxy_protocol_v2.enabled', 'Value': str(proxy_protocol_v2_enabled).lower()})
+
     if update_attributes:
         try:
             connection.modify_target_group_attributes(TargetGroupArn=tg['TargetGroupArn'], Attributes=update_attributes, aws_retry=True)
@@ -862,6 +888,8 @@ def main():
         targets=dict(type='list', elements='dict'),
         unhealthy_threshold_count=dict(type='int'),
         vpc_id=dict(),
+        preserve_client_ip_enabled=dict(type='bool'),
+        proxy_protocol_v2_enabled=dict(type='bool'),
         wait_timeout=dict(type='int', default=200),
         wait=dict(type='bool', default=False)
     )

tests/integration/targets/elb_target/playbooks/roles/elb_target/tasks/main.yml

@@ -26,7 +26,6 @@
     - set_fact:
         ec2_ami_image: '{{ ec2_amis.images[0].image_id }}'
 
-
     - name: set up testing VPC
       ec2_vpc_net:
         name: "{{ resource_prefix }}-vpc"
@@ -127,6 +126,33 @@
         target_type: instance
         tags:
           Description: "Created by {{ resource_prefix }}"
+
+    - name: set up testing target group for NLB (type=instance)
+      elb_target_group:
+        name: "{{ tg_name }}-nlb"
+        health_check_port: 80
+        protocol: tcp
+        port: 80
+        vpc_id: '{{ vpc.vpc.id }}'
+        state: present
+        target_type: instance
+        tags:
+          Description: "Created by {{ resource_prefix }}"
+      register: result
+
+    - name: set up testing target group for NLB (type=instance)
+      assert:
+        that:
+          - result.changed
+          - '"health_check_port" in result'
+          - result.port == 80
+          - '"health_check_protocol" in result'
+          - result.health_check_protocol == 'TCP'
+          - '"tags" in result'
+          - '"target_group_arn" in result'
+          - result.target_group_name == "{{ tg_name }}-nlb"
+          - result.target_type == 'instance'
+          - result.vpc_id == '{{ vpc.vpc.id }}'
 
     - name: set up ec2 instance to use as a target
       ec2_instance:
@@ -169,7 +195,99 @@
               - Type: forward
                 TargetGroupName: "{{ tg_name }}-used"
         state: present
+
+    - name: create a network load balancer
+      elb_network_lb:
+        name: "{{ lb_name }}-nlb"
+        subnets:
+          - "{{ subnet_1.subnet.id }}"
+          - "{{ subnet_2.subnet.id }}"
+        listeners:
+           - Protocol: TCP
+             Port: 80
+             DefaultActions:
+              - Type: forward
+                TargetGroupName: "{{ tg_name }}-nlb"
+        state: present
+      register: result
+
+    - name: create a netwok load balancer
+      assert:
+        that:
+          - result.changed
+          - '"created_time" in result'
+          - '"load_balancer_arn" in result'
+          - '"tags" in result'
+          - result.type == 'network'
+          - result.vpc_id == '{{ vpc.vpc.id }}'
+
+    - name: modify up testing target group for NLB (preserve_client_ip_enabled=false)
+      elb_target_group:
+        name: "{{ tg_name }}-nlb"
+        health_check_port: 80
+        protocol: tcp
+        port: 80
+        vpc_id: '{{ vpc.vpc.id }}'
+        state: present
+        target_type: instance
+        modify_targets: true
+        preserve_client_ip_enabled: false
+        tags:
+          Description: "Created by {{ resource_prefix }}"
+      register: result
+
+    - name: modify up testing target group for NLB (preserve_client_ip_enabled=false)
+      assert:
+        that:
+          - result.changed
+          - result.preserve_client_ip_enabled == 'false'
+          - result.proxy_protocol_v2_enabled == 'false'
+
+    - name: modify up testing target group for NLB (proxy_protocol_v2_enabled=true)
+      elb_target_group:
+        name: "{{ tg_name }}-nlb"
+        health_check_port: 80
+        protocol: tcp
+        port: 80
+        vpc_id: '{{ vpc.vpc.id }}'
+        state: present
+        target_type: instance
+        modify_targets: true
+        proxy_protocol_v2_enabled: true
+        tags:
+          Description: "Created by {{ resource_prefix }}"
+      register: result
+
+    - name: modify up testing target group for NLB (proxy_protocol_v2_enabled=true)
+      assert:
+        that:
+          - result.changed
+          - result.proxy_protocol_v2_enabled == 'true'
+          - result.preserve_client_ip_enabled == 'false'
 
+    - name: (idempotence) modify up testing target group for NLB (preserve_client_ip_enabled=false and proxy_protocol_v2_enabled=true)
+      elb_target_group:
+        name: "{{ tg_name }}-nlb"
+        health_check_port: 80
+        protocol: tcp
+        port: 80
+        vpc_id: '{{ vpc.vpc.id }}'
+        state: present
+        target_type: instance
+        modify_targets: true
+        preserve_client_ip_enabled: false
+        proxy_protocol_v2_enabled: true
+        tags:
+          Description: "Created by {{ resource_prefix }}"
+      register: result
+
+    - name: (idempotence) modify up testing target group for NLB (preserve_client_ip_enabled=false and proxy_protocol_v2_enabled=true)
+      assert:
+        that:
+          - not result.changed
+          - result.proxy_protocol_v2_enabled == 'true'
+          - result.preserve_client_ip_enabled == 'false'
+
     # ============================================================
 
     - name:
@@ -371,6 +489,26 @@
       with_items:
         - "{{ tg_tcpudp_name }}"
       ignore_errors: true
+
+    - name: remove tcp testing target groups
+      elb_target_group:
+        name: "{{ item }}"
+        protocol: tcp
+        port: 80
+        vpc_id: '{{ vpc.vpc.id }}'
+        state: absent
+        target_type: instance
+        tags:
+          Description: "Created by {{ resource_prefix }}"
+          Protocol: "UDP"
+        wait: true
+        wait_timeout: 400
+      register: removed
+      retries: 10
+      until: removed is not failed
+      with_items:
+        - "{{ tg_name }}-nlb"
+      ignore_errors: true
 
     - name: remove application load balancer
       elb_application_lb:
@@ -393,6 +531,26 @@
       retries: 10
       until: removed is not failed
       ignore_errors: true
+
+    - name: remove network load balancer
+      elb_network_lb:
+        name: "{{ lb_name }}-nlb"
+        subnets:
+          - "{{ subnet_1.subnet.id }}"
+          - "{{ subnet_2.subnet.id }}"
+        listeners:
+          - Protocol: TCP
+            Port: 80
+            DefaultActions:
+              - Type: forward
+                TargetGroupName: "{{ tg_name }}-nlb"
+        state: absent
+        wait: true
+        wait_timeout: 400
+      register: removed
+      retries: 10
+      until: removed is not failed
+      ignore_errors: true
 
     - name: remove testing security group
       ec2_group: