From d2ae4db0bae402248ab4e50bb03b4d3c20528877 Mon Sep 17 00:00:00 2001 From: mandar242 Date: Wed, 21 Jul 2021 16:56:52 -0400 Subject: [PATCH 01/10] Add metadata options support --- plugins/modules/ec2_instance.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/plugins/modules/ec2_instance.py b/plugins/modules/ec2_instance.py index f4138bc8ff6..e6dced12e06 100644 --- a/plugins/modules/ec2_instance.py +++ b/plugins/modules/ec2_instance.py @@ -1195,6 +1195,12 @@ def build_top_level_options(params): spec['CpuOptions'] = {} spec['CpuOptions']['ThreadsPerCore'] = params.get('cpu_options').get('threads_per_core') spec['CpuOptions']['CoreCount'] = params.get('cpu_options').get('core_count') + if params.get('metadata_options'): + spec['MetadataOptions'] = {} + spec['MetadataOptions']['HttpEndpoint'] = params.get( + 'metadata_options').get('metadata_accessible') + spec['MetadataOptions']['HttpTokens'] = 'optional' if params.get( + 'metadata_options').get('metadata_version') == 'v1 and v2' else 'required' return spec @@ -1737,6 +1743,7 @@ def main(): instance_ids=dict(default=[], type='list', elements='str'), network=dict(default=None, type='dict'), volumes=dict(default=None, type='list', elements='dict'), + metadata_options=dict(type='dict', options=dict(metadata_accessible=dict(type='str', choices=['enabled', 'disabled'], default='enabled'), metadata_version=dict(type='str', choices=['v1 and v2', 'v2'], default='v1 and v2'))), ) # running/present are synonyms # as are terminated/absent From d6a01a1db55292954c0d52d661f1cdd5a3485d84 Mon Sep 17 00:00:00 2001 From: mandar242 Date: Fri, 23 Jul 2021 13:48:25 -0400 Subject: [PATCH 02/10] Adding documentation, example --- ...e-support-controlling-metadata-options.yml | 2 ++ plugins/modules/ec2_instance.py | 31 +++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 changelogs/fragments/414-ec2_instance-support-controlling-metadata-options.yml diff --git a/changelogs/fragments/414-ec2_instance-support-controlling-metadata-options.yml b/changelogs/fragments/414-ec2_instance-support-controlling-metadata-options.yml new file mode 100644 index 00000000000..4be3d0f2eb7 --- /dev/null +++ b/changelogs/fragments/414-ec2_instance-support-controlling-metadata-options.yml @@ -0,0 +1,2 @@ +minor_changes: +- ec2_instance - Add support for controlling metadata options (https://github.com/ansible-collections/amazon.aws/pull/414) diff --git a/plugins/modules/ec2_instance.py b/plugins/modules/ec2_instance.py index e6dced12e06..3eac909828f 100644 --- a/plugins/modules/ec2_instance.py +++ b/plugins/modules/ec2_instance.py @@ -276,6 +276,26 @@ description: - The placement group that needs to be assigned to the instance type: str + metadata_options: + description: + - Modify the metadata options for the instance. + - See U(https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) for more information. + - The two suboptions metadata_accessible and metadata_version are supported. + type: dict + suboptions: + metadata_accessible: + description: + - Enables or disables the HTTP metadata endpoint on instances, default state is enabled. + - If specified a value of disabled, metadata of the instance will not be accessible. + choices: [enabled, disabled] + type: str + metadata_version: + description: + - Set the state of token usage for instance metadata requests, default state is v1 and v2 (optional). + - If the state is v1 and v2 (optional), instance metadata can be retrieved with or without a signed token header on request. + - If the state is v2 (required), a signed token header must be sent with any instance metadata retrieval requests. + choices: [v1 and v2, v2] + type: str extends_documentation_fragment: - amazon.aws.aws @@ -385,6 +405,17 @@ tags: Env: "eni_on" instance_type: t2.micro +- name: start an instance with a metadata options + amazon.aws.ec2_instance: + name: "public-metadataoption-instance" + vpc_subnet_id: subnet-5calable + instance_type: t3.small + image_id: ami-123456 + tags: + Environment: Testing + metadata_options: + metadata_accessible: enabled + metadata_version: v1 and v2 ''' RETURN = ''' From fa6dd6f791263f73c166d7172fc925faabbd6204 Mon Sep 17 00:00:00 2001 From: mandar242 Date: Fri, 23 Jul 2021 17:36:50 -0700 Subject: [PATCH 03/10] Adding integration test --- .../ec2_instance/tasks/metadata_options.yml | 62 +++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 tests/integration/targets/ec2_instance/roles/ec2_instance/tasks/metadata_options.yml diff --git a/tests/integration/targets/ec2_instance/roles/ec2_instance/tasks/metadata_options.yml b/tests/integration/targets/ec2_instance/roles/ec2_instance/tasks/metadata_options.yml new file mode 100644 index 00000000000..ae15094edd0 --- /dev/null +++ b/tests/integration/targets/ec2_instance/roles/ec2_instance/tasks/metadata_options.yml @@ -0,0 +1,62 @@ +- block: + - name: "create t3.nano instance with metadata_options" + ec2_instance: + state: present + name: "{{ resource_prefix }}-test-t3nano-enabled-required" + image_id: "{{ ec2_ami_image }}" + tags: + TestId: "{{ ec2_instance_tag_TestId }}" + vpc_subnet_id: "{{ testing_subnet_a.subnet.id }}" + instance_type: t3.nano + metadata_options: + metadata_accessible: enabled + metadata_version: v2 + wait: false + register: instance_creation + + - name: "instance with metadata_options created with the right options" + assert: + that: + - instance_creation is success + - instance_creation is changed + + - name: "modify metadata_options on existing instance" + ec2_instance: + state: present + name: "{{ resource_prefix }}-test-t3nano-enabled-required" + image_id: "{{ ec2_ami_image }}" + tags: + TestId: "{{ ec2_instance_tag_TestId }}" + vpc_subnet_id: "{{ testing_subnet_a.subnet.id }}" + instance_type: t3.nano + metadata_options: + metadata_accessible: enabled + metadata_version: v1 and v2 + wait: false + register: metadata_options_update + ignore_errors: yes + + - name: "fact presented ec2 instance" + ec2_instance_info: + filters: + "tag:Name": "{{ resource_prefix }}-test-t3nano-enabled-required" + register: presented_instance_fact + + - name: "modify metadata_options has no effect on existing instance" + assert: + that: + - metadata_options_update is success + - metadata_options_update is not changed + - "{{ presented_instance_fact.instances | length }} > 0" + - "'{{ presented_instance_fact.instances.0.state.name }}' in ['running','pending']" + - "{{ presented_instance_fact.instances.0.metadata_options.http_endpoint }} == 'enabled'" + - "{{ presented_instance_fact.instances.0.metadata_options.http_tokens }} == 'required'" + + always: + - name: "Terminate metadata_options instances" + ec2_instance: + state: absent + filters: + "tag:TestId": "{{ ec2_instance_tag_TestId }}" + wait: yes + ignore_errors: yes From 42ee1503fedf6508e023c986a8ff467ac84689f8 Mon Sep 17 00:00:00 2001 From: mandar242 Date: Fri, 23 Jul 2021 18:25:07 -0700 Subject: [PATCH 04/10] Adding integration test --- tests/integration/targets/ec2_instance/inventory | 1 + .../roles/ec2_instance/tasks/metadata_options.yml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/integration/targets/ec2_instance/inventory b/tests/integration/targets/ec2_instance/inventory index 1513f3f40e4..bca50fcbb00 100644 --- a/tests/integration/targets/ec2_instance/inventory +++ b/tests/integration/targets/ec2_instance/inventory @@ -4,6 +4,7 @@ version_fail_wrapper ebs_optimized block_devices cpu_options +metadata_options default_vpc_tests external_resource_attach instance_no_wait diff --git a/tests/integration/targets/ec2_instance/roles/ec2_instance/tasks/metadata_options.yml b/tests/integration/targets/ec2_instance/roles/ec2_instance/tasks/metadata_options.yml index ae15094edd0..e759f9dff8c 100644 --- a/tests/integration/targets/ec2_instance/roles/ec2_instance/tasks/metadata_options.yml +++ b/tests/integration/targets/ec2_instance/roles/ec2_instance/tasks/metadata_options.yml @@ -49,8 +49,8 @@ - metadata_options_update is not changed - "{{ presented_instance_fact.instances | length }} > 0" - "'{{ presented_instance_fact.instances.0.state.name }}' in ['running','pending']" - - "{{ presented_instance_fact.instances.0.metadata_options.http_endpoint }} == 'enabled'" - - "{{ presented_instance_fact.instances.0.metadata_options.http_tokens }} == 'required'" + - "'{{ presented_instance_fact.instances.0.metadata_options.http_endpoint }}' == 'enabled'" + - "'{{ presented_instance_fact.instances.0.metadata_options.http_tokens }}' == 'required'" always: - name: "Terminate metadata_options instances" From 900aab708871f9517b57a777400715b76d755879 Mon Sep 17 00:00:00 2001 From: mandar242 Date: Mon, 26 Jul 2021 14:40:00 -0700 Subject: [PATCH 05/10] Fix: resolve CI fails --- plugins/modules/ec2_instance.py | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/plugins/modules/ec2_instance.py b/plugins/modules/ec2_instance.py index 3eac909828f..e7335cdceae 100644 --- a/plugins/modules/ec2_instance.py +++ b/plugins/modules/ec2_instance.py @@ -288,6 +288,7 @@ - Enables or disables the HTTP metadata endpoint on instances, default state is enabled. - If specified a value of disabled, metadata of the instance will not be accessible. choices: [enabled, disabled] + default: enabled type: str metadata_version: description: @@ -295,6 +296,7 @@ - If the state is v1 and v2 (optional), instance metadata can be retrieved with or without a signed token header on request. - If the state is v2 (required), a signed token header must be sent with any instance metadata retrieval requests. choices: [v1 and v2, v2] + default: v1 and v2 type: str extends_documentation_fragment: @@ -405,17 +407,17 @@ tags: Env: "eni_on" instance_type: t2.micro -- name: start an instance with a metadata options - amazon.aws.ec2_instance: - name: "public-metadataoption-instance" - vpc_subnet_id: subnet-5calable - instance_type: t3.small - image_id: ami-123456 - tags: - Environment: Testing - metadata_options: - metadata_accessible: enabled - metadata_version: v1 and v2 +- name: start an instance with metadata options + amazon.aws.ec2_instance: + name: "public-metadataoptions-instance" + vpc_subnet_id: subnet-5calable + instance_type: t3.small + image_id: ami-123456 + tags: + Environment: Testing + metadata_options: + metadata_accessible: enabled + metadata_version: v1 and v2 ''' RETURN = ''' @@ -1774,7 +1776,9 @@ def main(): instance_ids=dict(default=[], type='list', elements='str'), network=dict(default=None, type='dict'), volumes=dict(default=None, type='list', elements='dict'), - metadata_options=dict(type='dict', options=dict(metadata_accessible=dict(type='str', choices=['enabled', 'disabled'], default='enabled'), metadata_version=dict(type='str', choices=['v1 and v2', 'v2'], default='v1 and v2'))), + metadata_options=dict(type='dict', options=dict( + metadata_accessible=dict(type='str', choices=['enabled', 'disabled'], default='enabled'), + metadata_version=dict(type='str', choices=['v1 and v2', 'v2'], default='v1 and v2'))), ) # running/present are synonyms # as are terminated/absent From e4942260dac4ccd21d3e0cea27c37ebcd9ba6375 Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Mon, 26 Jul 2021 18:36:15 -0700 Subject: [PATCH 06/10] Modifying metadata options --- plugins/modules/ec2_instance.py | 31 ++++++++++--------- .../ec2_instance/tasks/metadata_options.yml | 8 ++--- 2 files changed, 20 insertions(+), 19 deletions(-) diff --git a/plugins/modules/ec2_instance.py b/plugins/modules/ec2_instance.py index e7335cdceae..aa8ad0574e0 100644 --- a/plugins/modules/ec2_instance.py +++ b/plugins/modules/ec2_instance.py @@ -280,23 +280,24 @@ description: - Modify the metadata options for the instance. - See U(https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) for more information. - - The two suboptions metadata_accessible and metadata_version are supported. + - The two suboptions http_endpoint and http_tokens are supported. type: dict + version_added: 2.0.0 suboptions: - metadata_accessible: + http_endpoint: description: - Enables or disables the HTTP metadata endpoint on instances, default state is enabled. - If specified a value of disabled, metadata of the instance will not be accessible. choices: [enabled, disabled] default: enabled type: str - metadata_version: + http_tokens: description: - - Set the state of token usage for instance metadata requests, default state is v1 and v2 (optional). - - If the state is v1 and v2 (optional), instance metadata can be retrieved with or without a signed token header on request. - - If the state is v2 (required), a signed token header must be sent with any instance metadata retrieval requests. - choices: [v1 and v2, v2] - default: v1 and v2 + - Set the state of token usage for instance metadata requests, default state is optional (optional). + - If the state is optional (v1 and v2), instance metadata can be retrieved with or without a signed token header on request. + - If the state is required (v2), a signed token header must be sent with any instance metadata retrieval requests. + choices: [optional, required] + default: optional type: str extends_documentation_fragment: @@ -416,8 +417,8 @@ tags: Environment: Testing metadata_options: - metadata_accessible: enabled - metadata_version: v1 and v2 + http_endpoint: enabled + http_tokens: optional ''' RETURN = ''' @@ -1231,9 +1232,9 @@ def build_top_level_options(params): if params.get('metadata_options'): spec['MetadataOptions'] = {} spec['MetadataOptions']['HttpEndpoint'] = params.get( - 'metadata_options').get('metadata_accessible') - spec['MetadataOptions']['HttpTokens'] = 'optional' if params.get( - 'metadata_options').get('metadata_version') == 'v1 and v2' else 'required' + 'metadata_options').get('http_endpoint') + spec['MetadataOptions']['HttpTokens'] = params.get( + 'metadata_options').get('http_tokens') return spec @@ -1777,8 +1778,8 @@ def main(): network=dict(default=None, type='dict'), volumes=dict(default=None, type='list', elements='dict'), metadata_options=dict(type='dict', options=dict( - metadata_accessible=dict(type='str', choices=['enabled', 'disabled'], default='enabled'), - metadata_version=dict(type='str', choices=['v1 and v2', 'v2'], default='v1 and v2'))), + http_endpoint=dict(type='str', choices=['enabled', 'disabled'], default='enabled'), + http_tokens=dict(type='str', choices=['optional', 'required'], default='optional'))), ) # running/present are synonyms # as are terminated/absent diff --git a/tests/integration/targets/ec2_instance/roles/ec2_instance/tasks/metadata_options.yml b/tests/integration/targets/ec2_instance/roles/ec2_instance/tasks/metadata_options.yml index e759f9dff8c..77d0b72a9fb 100644 --- a/tests/integration/targets/ec2_instance/roles/ec2_instance/tasks/metadata_options.yml +++ b/tests/integration/targets/ec2_instance/roles/ec2_instance/tasks/metadata_options.yml @@ -9,8 +9,8 @@ vpc_subnet_id: "{{ testing_subnet_a.subnet.id }}" instance_type: t3.nano metadata_options: - metadata_accessible: enabled - metadata_version: v2 + http_endpoint: enabled + http_tokens: required wait: false register: instance_creation @@ -30,8 +30,8 @@ vpc_subnet_id: "{{ testing_subnet_a.subnet.id }}" instance_type: t3.nano metadata_options: - metadata_accessible: enabled - metadata_version: v1 and v2 + http_endpoint: enabled + http_tokens: optional wait: false register: metadata_options_update ignore_errors: yes From 870c76561d3a91a74b84b7e079206d86ce981577 Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Mon, 26 Jul 2021 18:37:21 -0700 Subject: [PATCH 07/10] Modifying metadata options --- plugins/modules/ec2_instance.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/ec2_instance.py b/plugins/modules/ec2_instance.py index aa8ad0574e0..05bc4015b9b 100644 --- a/plugins/modules/ec2_instance.py +++ b/plugins/modules/ec2_instance.py @@ -293,7 +293,7 @@ type: str http_tokens: description: - - Set the state of token usage for instance metadata requests, default state is optional (optional). + - Set the state of token usage for instance metadata requests, default state is optional. - If the state is optional (v1 and v2), instance metadata can be retrieved with or without a signed token header on request. - If the state is required (v2), a signed token header must be sent with any instance metadata retrieval requests. choices: [optional, required] From 530b0d71f3d873061bfb4752057f7814e144a262 Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Tue, 27 Jul 2021 11:45:38 -0700 Subject: [PATCH 08/10] Minor fixes --- .../414-ec2_instance-support-controlling-metadata-options.yml | 2 +- plugins/modules/ec2_instance.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/changelogs/fragments/414-ec2_instance-support-controlling-metadata-options.yml b/changelogs/fragments/414-ec2_instance-support-controlling-metadata-options.yml index 4be3d0f2eb7..a70b68d02e4 100644 --- a/changelogs/fragments/414-ec2_instance-support-controlling-metadata-options.yml +++ b/changelogs/fragments/414-ec2_instance-support-controlling-metadata-options.yml @@ -1,2 +1,2 @@ minor_changes: -- ec2_instance - Add support for controlling metadata options (https://github.com/ansible-collections/amazon.aws/pull/414) +- ec2_instance - add support for controlling metadata options (https://github.com/ansible-collections/amazon.aws/pull/414). diff --git a/plugins/modules/ec2_instance.py b/plugins/modules/ec2_instance.py index 05bc4015b9b..b6ad70085ee 100644 --- a/plugins/modules/ec2_instance.py +++ b/plugins/modules/ec2_instance.py @@ -280,7 +280,7 @@ description: - Modify the metadata options for the instance. - See U(https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) for more information. - - The two suboptions http_endpoint and http_tokens are supported. + - The two suboptions I(http_endpoint) and I(http_tokens) are supported. type: dict version_added: 2.0.0 suboptions: @@ -1233,7 +1233,7 @@ def build_top_level_options(params): spec['MetadataOptions'] = {} spec['MetadataOptions']['HttpEndpoint'] = params.get( 'metadata_options').get('http_endpoint') - spec['MetadataOptions']['HttpTokens'] = params.get( + spec['MetadataOptions']['HttpTokens'] = params.get( 'metadata_options').get('http_tokens') return spec From e9886a8b7cf8fa5dcb35def4ec5c04ecb15c140e Mon Sep 17 00:00:00 2001 From: Mandar Kulkarni Date: Mon, 16 Aug 2021 17:18:43 -0700 Subject: [PATCH 09/10] Modifying integration test --- .../ec2_instance/roles/ec2_instance/tasks/metadata_options.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/integration/targets/ec2_instance/roles/ec2_instance/tasks/metadata_options.yml b/tests/integration/targets/ec2_instance/roles/ec2_instance/tasks/metadata_options.yml index 77d0b72a9fb..0b9ac484a1a 100644 --- a/tests/integration/targets/ec2_instance/roles/ec2_instance/tasks/metadata_options.yml +++ b/tests/integration/targets/ec2_instance/roles/ec2_instance/tasks/metadata_options.yml @@ -19,6 +19,8 @@ that: - instance_creation is success - instance_creation is changed + - "'{{ instance_creation.spec.MetadataOptions.HttpEndpoint }}' == 'enabled'" + - "'{{ instance_creation.spec.MetadataOptions.HttpTokens }}' == 'required'" - name: "modify metadata_options on existing instance" ec2_instance: From 612e6993bd5ab9401ea242dcf1002426c783cf11 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Tue, 17 Aug 2021 08:34:40 +0200 Subject: [PATCH 10/10] Remove duplicated 'default state' information --- plugins/modules/ec2_instance.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/modules/ec2_instance.py b/plugins/modules/ec2_instance.py index b6ad70085ee..fccdf794b1f 100644 --- a/plugins/modules/ec2_instance.py +++ b/plugins/modules/ec2_instance.py @@ -286,14 +286,14 @@ suboptions: http_endpoint: description: - - Enables or disables the HTTP metadata endpoint on instances, default state is enabled. + - Enables or disables the HTTP metadata endpoint on instances. - If specified a value of disabled, metadata of the instance will not be accessible. choices: [enabled, disabled] default: enabled type: str http_tokens: description: - - Set the state of token usage for instance metadata requests, default state is optional. + - Set the state of token usage for instance metadata requests. - If the state is optional (v1 and v2), instance metadata can be retrieved with or without a signed token header on request. - If the state is required (v2), a signed token header must be sent with any instance metadata retrieval requests. choices: [optional, required]