From f9949bd0900931f18530b39bfa27aaf43bf8596f Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Tue, 20 Jul 2021 16:03:48 +0200 Subject: [PATCH] elb_target - add preserve_client_ip_enabled ond proxy_protocol_v2_enabled ptions Signed-off-by: Alina Buzachis --- .../670-elb_target_group-new_attriibutes.yml | 3 + plugins/modules/elb_target_group.py | 33 +++- .../playbooks/roles/elb_target/tasks/main.yml | 160 +++++++++++++++++- 3 files changed, 193 insertions(+), 3 deletions(-) create mode 100644 changelogs/fragments/670-elb_target_group-new_attriibutes.yml diff --git a/changelogs/fragments/670-elb_target_group-new_attriibutes.yml b/changelogs/fragments/670-elb_target_group-new_attriibutes.yml new file mode 100644 index 00000000000..bff32308d56 --- /dev/null +++ b/changelogs/fragments/670-elb_target_group-new_attriibutes.yml @@ -0,0 +1,3 @@ +minor_changes: + - elb_target_group - add ``preserve_client_ip_enabled`` option (https://github.com/ansible-collections/community.aws/pull/670). + - elb_target_group - add ``proxy_protocol_v2_enabled`` option (https://github.com/ansible-collections/community.aws/pull/670). \ No newline at end of file diff --git a/plugins/modules/elb_target_group.py b/plugins/modules/elb_target_group.py index 7bb105b6d55..6c1866dccb4 100644 --- a/plugins/modules/elb_target_group.py +++ b/plugins/modules/elb_target_group.py @@ -161,6 +161,24 @@ - The identifier of the virtual private cloud (VPC). Required when I(state) is C(present). required: false type: str + preserve_client_ip_enabled: + description: + - Indicates whether client IP preservation is enabled. + - The default is disabled if the target group type is C(ip) address and the target group protocol is C(tcp) or C(tls). + Otherwise, the default is enabled. Client IP preservation cannot be disabled for C(udp) and C(tcp_udp) target groups. + - I(preserve_client_ip_enabled) is supported only by Network Load Balancers. + type: bool + required: false + version_added: 2.0.0 + proxy_protocol_v2_enabled: + description: + - Indicates whether Proxy Protocol version 2 is enabled. + - The value is C(true) or C(false). + - I(proxy_protocol_v2_enabled) is supported only by Network Load Balancers. + type: bool + required: false + default: false + version_added: 2.0.0 wait: description: - Whether or not to wait for the target group. @@ -459,7 +477,7 @@ def fail_if_ip_target_type_not_supported(module): module.fail_json(msg="target_type ip requires botocore version 1.7.2 or later. Version %s is installed" % botocore.__version__) - +@q def create_or_update_target_group(connection, module): changed = False @@ -480,6 +498,8 @@ def create_or_update_target_group(connection, module): stickiness_type = module.params.get("stickiness_type") stickiness_app_cookie_duration = module.params.get("stickiness_app_cookie_duration") stickiness_app_cookie_name = module.params.get("stickiness_app_cookie_name") + preserve_client_ip_enabled = module.params.get("preserve_client_ip_enabled") + proxy_protocol_v2_enabled = module.params.get("proxy_protocol_v2_enabled") health_option_keys = [ "health_check_path", "health_check_protocol", "health_check_interval", "health_check_timeout", @@ -773,7 +793,14 @@ def create_or_update_target_group(connection, module): if stickiness_app_cookie_duration is not None: if str(stickiness_app_cookie_duration) != current_tg_attributes['stickiness_app_cookie_duration_seconds']: update_attributes.append({'Key': 'stickiness.app_cookie.duration_seconds', 'Value': str(stickiness_app_cookie_duration)}) - + if preserve_client_ip_enabled is not None: + if target_type not in ('udp', 'tcp_udp'): + if str(preserve_client_ip_enabled).lower() != current_tg_attributes.get('preserve_client_ip_enabled'): + update_attributes.append({'Key': 'preserve_client_ip.enabled', 'Value': str(preserve_client_ip_enabled).lower()}) + if proxy_protocol_v2_enabled is not None: + if str(proxy_protocol_v2_enabled).lower() != current_tg_attributes.get('proxy_protocol_v2_enabled'): + update_attributes.append({'Key': 'proxy_protocol_v2.enabled', 'Value': str(proxy_protocol_v2_enabled).lower()}) + if update_attributes: try: connection.modify_target_group_attributes(TargetGroupArn=tg['TargetGroupArn'], Attributes=update_attributes, aws_retry=True) @@ -862,6 +889,8 @@ def main(): targets=dict(type='list', elements='dict'), unhealthy_threshold_count=dict(type='int'), vpc_id=dict(), + preserve_client_ip_enabled=dict(type='bool'), + proxy_protocol_v2_enabled=dict(type='bool'), wait_timeout=dict(type='int', default=200), wait=dict(type='bool', default=False) ) diff --git a/tests/integration/targets/elb_target/playbooks/roles/elb_target/tasks/main.yml b/tests/integration/targets/elb_target/playbooks/roles/elb_target/tasks/main.yml index 30a67cef93c..f9fdef9492e 100644 --- a/tests/integration/targets/elb_target/playbooks/roles/elb_target/tasks/main.yml +++ b/tests/integration/targets/elb_target/playbooks/roles/elb_target/tasks/main.yml @@ -26,7 +26,6 @@ - set_fact: ec2_ami_image: '{{ ec2_amis.images[0].image_id }}' - - name: set up testing VPC ec2_vpc_net: name: "{{ resource_prefix }}-vpc" @@ -127,6 +126,33 @@ target_type: instance tags: Description: "Created by {{ resource_prefix }}" + + - name: set up testing target group for NLB (type=instance) + elb_target_group: + name: "{{ tg_name }}-nlb" + health_check_port: 80 + protocol: tcp + port: 80 + vpc_id: '{{ vpc.vpc.id }}' + state: present + target_type: instance + tags: + Description: "Created by {{ resource_prefix }}" + register: result + + - name: set up testing target group for NLB (type=instance) + assert: + that: + - result.changed + - '"health_check_port" in result' + - result.port == 80 + - '"health_check_protocol" in result' + - result.health_check_protocol == 'TCP' + - '"tags" in result' + - '"target_group_arn" in result' + - result.target_group_name == "{{ tg_name }}-nlb" + - result.target_type == 'instance' + - result.vpc_id == '{{ vpc.vpc.id }}' - name: set up ec2 instance to use as a target ec2_instance: @@ -169,7 +195,99 @@ - Type: forward TargetGroupName: "{{ tg_name }}-used" state: present + + - name: create a netwok load balancer + elb_network_lb: + name: "{{ lb_name }}-nlb" + subnets: + - "{{ subnet_1.subnet.id }}" + - "{{ subnet_2.subnet.id }}" + listeners: + - Protocol: TCP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}-nlb" + state: present + register: result + + - name: create a netwok load balancer + assert: + that: + - result.changed + - '"created_time" in result' + - '"load_balancer_arn" in result' + - '"tags" in result' + - result.type == 'network' + - result.vpc_id == '{{ vpc.vpc.id }}' + + - name: modify up testing target group for NLB (preserve_client_ip_enabled=false) + elb_target_group: + name: "{{ tg_name }}-nlb" + health_check_port: 80 + protocol: tcp + port: 80 + vpc_id: '{{ vpc.vpc.id }}' + state: present + target_type: instance + modify_targets: true + preserve_client_ip_enabled: false + tags: + Description: "Created by {{ resource_prefix }}" + register: result + + - name: modify up testing target group for NLB (preserve_client_ip_enabled=false) + assert: + that: + - result.changed + - result.preserve_client_ip_enabled == 'false' + - result.proxy_protocol_v2_enabled == 'false' + + - name: modify up testing target group for NLB (proxy_protocol_v2_enabled=true) + elb_target_group: + name: "{{ tg_name }}-nlb" + health_check_port: 80 + protocol: tcp + port: 80 + vpc_id: '{{ vpc.vpc.id }}' + state: present + target_type: instance + modify_targets: true + proxy_protocol_v2_enabled: true + tags: + Description: "Created by {{ resource_prefix }}" + register: result + + - name: modify up testing target group for NLB (proxy_protocol_v2_enabled=true) + assert: + that: + - result.changed + - result.proxy_protocol_v2_enabled == 'true' + - result.preserve_client_ip_enabled == 'false' + - name: (idempotence) modify up testing target group for NLB (preserve_client_ip_enabled=false and proxy_protocol_v2_enabled=true) + elb_target_group: + name: "{{ tg_name }}-nlb" + health_check_port: 80 + protocol: tcp + port: 80 + vpc_id: '{{ vpc.vpc.id }}' + state: present + target_type: instance + modify_targets: true + preserve_client_ip_enabled: false + proxy_protocol_v2_enabled: true + tags: + Description: "Created by {{ resource_prefix }}" + register: result + + - name: (idempotence) modify up testing target group for NLB (preserve_client_ip_enabled=false and proxy_protocol_v2_enabled=true) + assert: + that: + - not result.changed + - result.proxy_protocol_v2_enabled == 'true' + - result.preserve_client_ip_enabled == 'false' + # ============================================================ - name: @@ -371,6 +489,26 @@ with_items: - "{{ tg_tcpudp_name }}" ignore_errors: true + + - name: remove tcp testing target groups + elb_target_group: + name: "{{ item }}" + protocol: tcp + port: 80 + vpc_id: '{{ vpc.vpc.id }}' + state: absent + target_type: instance + tags: + Description: "Created by {{ resource_prefix }}" + Protocol: "UDP" + wait: true + wait_timeout: 400 + register: removed + retries: 10 + until: removed is not failed + with_items: + - "{{ tg_name }}-nlb" + ignore_errors: true - name: remove application load balancer elb_application_lb: @@ -393,6 +531,26 @@ retries: 10 until: removed is not failed ignore_errors: true + + - name: remove network load balancer + elb_network_lb: + name: "{{ lb_name }}-nlb" + subnets: + - "{{ subnet_1.subnet.id }}" + - "{{ subnet_2.subnet.id }}" + listeners: + - Protocol: TCP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}-nlb" + state: absent + wait: true + wait_timeout: 400 + register: removed + retries: 10 + until: removed is not failed + ignore_errors: true - name: remove testing security group ec2_group: