diff --git a/changelogs/fragments/966-elb_target_group-support-alb-target.yml b/changelogs/fragments/966-elb_target_group-support-alb-target.yml new file mode 100644 index 00000000000..c63c6a70cab --- /dev/null +++ b/changelogs/fragments/966-elb_target_group-support-alb-target.yml @@ -0,0 +1,2 @@ +minor_changes: + - elb_target_group - add support for alb target_type and update documentation (https://github.com/ansible-collections/community.aws/pull/966). diff --git a/plugins/modules/elb_target_group.py b/plugins/modules/elb_target_group.py index 20e9c2b19da..229e2129bfe 100644 --- a/plugins/modules/elb_target_group.py +++ b/plugins/modules/elb_target_group.py @@ -76,13 +76,14 @@ type: str port: description: - - The port on which the targets receive traffic. This port is used unless you specify a port override when registering the target. Required if - I(state) is C(present). + - The port on which the targets receive traffic. This port is used unless you specify a port override when registering the target. + - Required when I(state) is C(present) and I(target_type) is C(instance), C(ip), or C(alb). required: false type: int protocol: description: - - The protocol to use for routing traffic to the targets. Required when I(state) is C(present). + - The protocol to use for routing traffic to the targets. + - Required when I(state) is C(present) and I(target_type) is C(instance), C(ip), or C(alb). required: false choices: [ 'http', 'https', 'tcp', 'tls', 'udp', 'tcp_udp', 'HTTP', 'HTTPS', 'TCP', 'TLS', 'UDP', 'TCP_UDP'] type: str @@ -141,15 +142,16 @@ target_type: description: - The type of target that you must specify when registering targets with this target group. The possible values are - C(instance) (targets are specified by instance ID), C(ip) (targets are specified by IP address) or C(lambda) (target is specified by ARN). - Note that you can't specify targets for a target group using more than one type. Target type lambda only accept one target. When more than + C(instance) (targets are specified by instance ID), C(ip) (targets are specified by IP address), C(lambda) (target is specified by ARN), + or C(alb) (target is specified by ARN). + Note that you can't specify targets for a target group using more than one type. Target types lambda and alb only accept one target. When more than one target is specified, only the first one is used. All additional targets are ignored. If the target type is ip, specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses. - The default behavior is C(instance). required: false - choices: ['instance', 'ip', 'lambda'] + choices: ['instance', 'ip', 'lambda', 'alb'] type: str targets: description: @@ -165,7 +167,8 @@ type: int vpc_id: description: - - The identifier of the virtual private cloud (VPC). Required when I(state) is C(present). + - The identifier of the virtual private cloud (VPC). + - Required when I(state) is C(present) and I(target_type) is C(instance), C(ip), or C(alb). required: false type: str preserve_client_ip_enabled: @@ -891,7 +894,7 @@ def main(): state=dict(required=True, choices=['present', 'absent']), successful_response_codes=dict(), tags=dict(default={}, type='dict'), - target_type=dict(choices=['instance', 'ip', 'lambda']), + target_type=dict(choices=['instance', 'ip', 'lambda', 'alb']), targets=dict(type='list', elements='dict'), unhealthy_threshold_count=dict(type='int'), vpc_id=dict(), @@ -905,6 +908,7 @@ def main(): required_if=[ ['target_type', 'instance', ['protocol', 'port', 'vpc_id']], ['target_type', 'ip', ['protocol', 'port', 'vpc_id']], + ['target_type', 'alb', ['protocol', 'port', 'vpc_id']], ] ) diff --git a/tests/integration/targets/elb_target/tasks/alb_target.yml b/tests/integration/targets/elb_target/tasks/alb_target.yml new file mode 100644 index 00000000000..d3638a63c8a --- /dev/null +++ b/tests/integration/targets/elb_target/tasks/alb_target.yml @@ -0,0 +1,205 @@ +--- +- name: test elb_target_group with target_type = alb + block: + - name: set up testing VPC + ec2_vpc_net: + name: "{{ resource_prefix }}-vpc" + state: present + cidr_block: 20.0.0.0/16 + tags: + Name: "{{ resource_prefix }}-vpc" + Description: "Created by ansible-test" + register: vpc + + - name: set up testing internet gateway + ec2_vpc_igw: + vpc_id: "{{ vpc.vpc.id }}" + state: present + register: igw + + - name: set up testing subnet + ec2_vpc_subnet: + state: present + vpc_id: "{{ vpc.vpc.id }}" + cidr: 20.0.0.0/18 + az: "{{ aws_region }}a" + resource_tags: + Name: "{{ resource_prefix }}-subnet" + register: subnet_1 + + - name: set up testing subnet + ec2_vpc_subnet: + state: present + vpc_id: "{{ vpc.vpc.id }}" + cidr: 20.0.64.0/18 + az: "{{ aws_region }}b" + resource_tags: + Name: "{{ resource_prefix }}-subnet" + register: subnet_2 + + - name: create routing rules + ec2_vpc_route_table: + vpc_id: "{{ vpc.vpc.id }}" + tags: + created: "{{ resource_prefix }}-route" + routes: + - dest: 0.0.0.0/0 + gateway_id: "{{ igw.gateway_id }}" + subnets: + - "{{ subnet_1.subnet.id }}" + - "{{ subnet_2.subnet.id }}" + register: route_table + + - name: create testing security group + ec2_group: + name: "{{ resource_prefix }}-sg" + description: a security group for ansible tests + vpc_id: "{{ vpc.vpc.id }}" + rules: + - proto: tcp + from_port: 80 + to_port: 80 + cidr_ip: 0.0.0.0/0 + - proto: tcp + from_port: 22 + to_port: 22 + cidr_ip: 0.0.0.0/0 + register: sg + + - name: set up testing target group for NLB (type=alb) + elb_target_group: + name: "{{ elb_target_group_name }}" + target_type: alb + state: present + protocol: TCP + port: 80 + vpc_id: "{{ vpc.vpc.id }}" + register: elb_target_group + + - name: assert target group was created successfully + assert: + that: + - elb_target_group.changed + - elb_target_group.target_group_name == elb_target_group_name + - elb_target_group.target_type == 'alb' + - elb_target_group.vpc_id == vpc.vpc.id + - elb_target_group.port == 80 + - elb_target_group.protocol == 'TCP' + - elb_target_group.load_balancer_arns | length == 0 + + - name: create a network load balancer and attach to target group + elb_network_lb: + name: "{{ lb_name }}-nlb" + subnets: + - "{{ subnet_1.subnet.id }}" + - "{{ subnet_2.subnet.id }}" + listeners: + - Protocol: TCP + Port: 80 + DefaultActions: + - Type: forward + TargetGroupName: "{{ elb_target_group_name }}" + state: present + register: nlb + + - name: assert NLB was created successfully and attached to target group + assert: + that: + - nlb is changed + - nlb.listeners | length == 1 + - nlb.listeners[0].default_actions[0].forward_config.target_groups[0].target_group_arn == elb_target_group.target_group_arn + + - name: get target group info + elb_target_group_info: + load_balancer_arn: "{{ nlb.load_balancer_arn }}" + register: tg_info + + - name: assert target group's target is nlb + assert: + that: + - tg_info.target_groups[0].target_group_name == elb_target_group_name + - tg_info.target_groups[0].target_type == 'alb' + - tg_info.target_groups[0].load_balancer_arns | length == 1 + - tg_info.target_groups[0].load_balancer_arns[0] == nlb.load_balancer_arn + + always: + - name: remove network load balancer + elb_network_lb: + name: "{{ lb_name }}-nlb" + state: absent + wait: true + wait_timeout: 600 + register: removed + retries: 10 + until: removed is not failed + ignore_errors: true + + - name: remove elb target group + elb_target_group: + name: "{{ elb_target_group_name }}" + target_type: alb + state: absent + protocol: HTTP + port: 80 + vpc_id: "{{ vpc.vpc.id }}" + ignore_errors: true + + - name: remove routing rules + ec2_vpc_route_table: + state: absent + lookup: id + route_table_id: "{{ route_table.route_table.id }}" + register: removed + retries: 5 + until: removed is not failed + ignore_errors: true + + - name: remove testing subnet + ec2_vpc_subnet: + state: absent + vpc_id: "{{ vpc.vpc.id }}" + cidr: 20.0.0.0/18 + az: "{{ aws_region }}a" + register: removed + retries: 10 + until: removed is not failed + ignore_errors: true + + - name: remove testing subnet + ec2_vpc_subnet: + state: absent + vpc_id: "{{ vpc.vpc.id }}" + cidr: 20.0.64.0/18 + az: "{{ aws_region }}b" + register: removed + retries: 10 + until: removed is not failed + ignore_errors: true + + - name: remove testing security group + ec2_group: + state: absent + name: "{{ resource_prefix }}-sg" + register: removed + retries: 10 + until: removed is not failed + ignore_errors: true + + - name: remove testing internet gateway + ec2_vpc_igw: + vpc_id: "{{ vpc.vpc.id }}" + state: absent + register: removed + retries: 2 + until: removed is not failed + ignore_errors: true + + - name: remove testing VPC + ec2_vpc_net: + name: "{{ resource_prefix }}-vpc" + cidr_block: 20.0.0.0/16 + state: absent + register: removed + retries: 2 + until: removed is not failed + ignore_errors: true \ No newline at end of file diff --git a/tests/integration/targets/elb_target/tasks/lambda_target.yml b/tests/integration/targets/elb_target/tasks/lambda_target.yml index f43c490bf5b..abc4cc5d084 100644 --- a/tests/integration/targets/elb_target/tasks/lambda_target.yml +++ b/tests/integration/targets/elb_target/tasks/lambda_target.yml @@ -91,7 +91,7 @@ targets: [] register: elb_target_group - - name: target is still the same, state must not be changed (idempotency) + - name: remove lambda target from target group assert: that: - elb_target_group.changed diff --git a/tests/integration/targets/elb_target/tasks/main.yml b/tests/integration/targets/elb_target/tasks/main.yml index 7627fc83219..10f7a9e5014 100644 --- a/tests/integration/targets/elb_target/tasks/main.yml +++ b/tests/integration/targets/elb_target/tasks/main.yml @@ -12,3 +12,4 @@ block: - include_tasks: ec2_target.yml - include_tasks: lambda_target.yml + - include_tasks: alb_target.yml