ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-06-27 18:50:21 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add encryption capability to AMI copy (#1409)

Browse source
This commit is contained in:
Ryan Sydnor 2016-05-23 10:39:02 -04:00 committed by Matt Clay
parent 13cf09f949
commit e6d5c41f73
1 changed files with 65 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

78
lib/ansible/modules/extras/cloud/amazon/ec2_ami_copy.py
View file

@ -1,4 +1,5 @@
#!/usr/bin/python #!/usr/bin/python
# -*- coding: utf-8 -*-
# This file is part of Ansible # This file is part of Ansible
# #
# Ansible is free software: you can redistribute it and/or modify # Ansible is free software: you can redistribute it and/or modify
@ -45,6 +46,18 @@ options:
- An optional human-readable string describing the contents and purpose of the new AMI. - An optional human-readable string describing the contents and purpose of the new AMI.
required: false required: false
default: null default: null
encrypted:
description:
- Whether or not to encrypt the target image
required: false
default: null
version_added: "2.2"
kms_key_id:
description:
- KMS key id used to encrypt image. If not specified, uses default EBS Customer Master Key (CMK) for your account.
required: false
default: null
version_added: "2.2"
wait: wait:
description: description:
- wait for the copied AMI to be in state 'available' before returning. - wait for the copied AMI to be in state 'available' before returning.
@ -68,30 +81,60 @@ extends_documentation_fragment: aws
EXAMPLES = ''' EXAMPLES = '''
# Basic AMI Copy # Basic AMI Copy
- local_action: - ec2_ami_copy:
module: ec2_ami_copy source_region: us-east-1
source_region: eu-west-1 region: eu-west-1
dest_region: us-east-1 source_image_id: ami-xxxxxxx
# AMI copy wait until available
- ec2_ami_copy:
source_region: us-east-1
region: eu-west-1
source_image_id: ami-xxxxxxx source_image_id: ami-xxxxxxx
name: SuperService-new-AMI
description: latest patch
tags: '{"Name":"SuperService-new-AMI", "type":"SuperService"}'
wait: yes wait: yes
register: image_id register: image_id
# Named AMI copy
- ec2_ami_copy:
source_region: us-east-1
region: eu-west-1
source_image_id: ami-xxxxxxx
name: My-Awesome-AMI
description: latest patch
# Tagged AMI copy
- ec2_ami_copy:
source_region: us-east-1
region: eu-west-1
source_image_id: ami-xxxxxxx
tags:
Name: My-Super-AMI
Patch: 1.2.3
# Encrypted AMI copy
- ec2_ami_copy:
source_region: us-east-1
region: eu-west-1
source_image_id: ami-xxxxxxx
encrypted: yes
# Encrypted AMI copy with specified key
- ec2_ami_copy:
source_region: us-east-1
region: eu-west-1
source_image_id: ami-xxxxxxx
encrypted: yes
kms_key_id: arn:aws:kms:us-east-1:XXXXXXXXXXXX:key/746de6ea-50a4-4bcb-8fbc-e3b29f2d367b
''' '''
import sys
import time
try: try:
import boto import boto
import boto.ec2 import boto.ec2
from boto.vpc import VPCConnection
HAS_BOTO = True HAS_BOTO = True
except ImportError: except ImportError:
HAS_BOTO = False HAS_BOTO = False
def copy_image(module, ec2): def copy_image(module, ec2):
""" """
Copies an AMI Copies an AMI
@ -104,6 +147,8 @@ def copy_image(module, ec2):
source_image_id = module.params.get('source_image_id') source_image_id = module.params.get('source_image_id')
name = module.params.get('name') name = module.params.get('name')
description = module.params.get('description') description = module.params.get('description')
encrypted = module.params.get('encrypted')
kms_key_id = module.params.get('kms_key_id')
tags = module.params.get('tags') tags = module.params.get('tags')
wait_timeout = int(module.params.get('wait_timeout')) wait_timeout = int(module.params.get('wait_timeout'))
wait = module.params.get('wait') wait = module.params.get('wait')
@ -112,7 +157,9 @@ def copy_image(module, ec2):
params = {'source_region': source_region, params = {'source_region': source_region,
'source_image_id': source_image_id, 'source_image_id': source_image_id,
'name': name, 'name': name,
'description': description 'description': description,
'encrypted': encrypted,
'kms_key_id': kms_key_id
} }
image_id = ec2.copy_image(**params).image_id image_id = ec2.copy_image(**params).image_id
@ -128,7 +175,7 @@ def copy_image(module, ec2):
module.exit_json(msg="AMI copy operation complete", image_id=image_id, state=img.state, changed=True) module.exit_json(msg="AMI copy operation complete", image_id=image_id, state=img.state, changed=True)
# register tags to the copied AMI in dest_region # register tags to the copied AMI
def register_tags_if_any(module, ec2, tags, image_id): def register_tags_if_any(module, ec2, tags, image_id):
if tags: if tags:
try: try:
@ -174,6 +221,8 @@ def main():
source_image_id=dict(required=True), source_image_id=dict(required=True),
name=dict(), name=dict(),
description=dict(default=""), description=dict(default=""),
encrypted=dict(type='bool', required=False),
kms_key_id=dict(type='str', required=False),
wait=dict(type='bool', default=False), wait=dict(type='bool', default=False),
wait_timeout=dict(default=1200), wait_timeout=dict(default=1200),
tags=dict(type='dict'))) tags=dict(type='dict')))
@ -190,7 +239,6 @@ def main():
try: try:
region, ec2_url, boto_params = get_aws_connection_info(module) region, ec2_url, boto_params = get_aws_connection_info(module)
vpc = connect_to_aws(boto.vpc, region, **boto_params)
except boto.exception.NoAuthHandlerFound, e: except boto.exception.NoAuthHandlerFound, e:
module.fail_json(msg=str(e)) module.fail_json(msg=str(e))