summaryrefslogtreecommitdiffstats
path: root/ansible_collections/community/aws/plugins/modules/opensearch.py
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-18 05:52:22 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-18 05:52:22 +0000
commit38b7c80217c4e72b1d8988eb1e60bb6e77334114 (patch)
tree356e9fd3762877d07cde52d21e77070aeff7e789 /ansible_collections/community/aws/plugins/modules/opensearch.py
parentAdding upstream version 7.7.0+dfsg. (diff)
downloadansible-38b7c80217c4e72b1d8988eb1e60bb6e77334114.tar.xz
ansible-38b7c80217c4e72b1d8988eb1e60bb6e77334114.zip
Adding upstream version 9.4.0+dfsg.upstream/9.4.0+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ansible_collections/community/aws/plugins/modules/opensearch.py')
-rw-r--r--ansible_collections/community/aws/plugins/modules/opensearch.py473
1 files changed, 149 insertions, 324 deletions
diff --git a/ansible_collections/community/aws/plugins/modules/opensearch.py b/ansible_collections/community/aws/plugins/modules/opensearch.py
index 7ed8c0722..d89e173bb 100644
--- a/ansible_collections/community/aws/plugins/modules/opensearch.py
+++ b/ansible_collections/community/aws/plugins/modules/opensearch.py
@@ -1,20 +1,18 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
+
# Copyright: Ansible Project
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
-from __future__ import absolute_import, division, print_function
-__metaclass__ = type
-
-
-DOCUMENTATION = """
+DOCUMENTATION = r"""
---
module: opensearch
short_description: Creates OpenSearch or ElasticSearch domain
description:
- Creates or modify a Amazon OpenSearch Service domain.
version_added: 4.0.0
-author: "Sebastien Rosset (@sebastien-rosset)"
+author:
+ - "Sebastien Rosset (@sebastien-rosset)"
options:
state:
description:
@@ -387,16 +385,16 @@ options:
- how long before wait gives up, in seconds.
default: 300
type: int
-requirements:
- - botocore >= 1.21.38
extends_documentation_fragment:
- - amazon.aws.aws
- - amazon.aws.ec2
- - amazon.aws.boto3
+ - amazon.aws.common.modules
+ - amazon.aws.region.modules
- amazon.aws.tags
+ - amazon.aws.boto3
"""
-EXAMPLES = """
+RETURN = r""" # """
+
+EXAMPLES = r"""
- name: Create OpenSearch domain for dev environment, no zone awareness, no dedicated masters
community.aws.opensearch:
@@ -452,16 +450,16 @@ EXAMPLES = """
auto_tune_options:
enabled: true
maintenance_schedules:
- - start_at: "2025-01-12"
- duration:
- value: 1
- unit: "HOURS"
- cron_expression_for_recurrence: "cron(0 12 * * ? *)"
- - start_at: "2032-01-12"
- duration:
- value: 2
- unit: "HOURS"
- cron_expression_for_recurrence: "cron(0 12 * * ? *)"
+ - start_at: "2025-01-12"
+ duration:
+ value: 1
+ unit: "HOURS"
+ cron_expression_for_recurrence: "cron(0 12 * * ? *)"
+ - start_at: "2032-01-12"
+ duration:
+ value: 2
+ unit: "HOURS"
+ cron_expression_for_recurrence: "cron(0 12 * * ? *)"
tags:
Environment: Development
Application: Search
@@ -480,12 +478,11 @@ EXAMPLES = """
cluster_config:
instance_count: 40
wait: true
-
"""
-from copy import deepcopy
import datetime
import json
+from copy import deepcopy
try:
import botocore
@@ -494,26 +491,20 @@ except ImportError:
from ansible.module_utils.six import string_types
-# import module snippets
-from ansible_collections.amazon.aws.plugins.module_utils.core import (
- AnsibleAWSModule,
- is_boto3_error_code,
-)
-from ansible_collections.amazon.aws.plugins.module_utils.ec2 import (
- AWSRetry,
- boto3_tag_list_to_ansible_dict,
- compare_policies,
-)
-from ansible_collections.community.aws.plugins.module_utils.opensearch import (
- compare_domain_versions,
- ensure_tags,
- get_domain_status,
- get_domain_config,
- get_target_increment_version,
- normalize_opensearch,
- parse_version,
- wait_for_domain_status,
-)
+from ansible_collections.amazon.aws.plugins.module_utils.botocore import is_boto3_error_code
+from ansible_collections.amazon.aws.plugins.module_utils.policy import compare_policies
+from ansible_collections.amazon.aws.plugins.module_utils.retries import AWSRetry
+from ansible_collections.amazon.aws.plugins.module_utils.tagging import boto3_tag_list_to_ansible_dict
+
+from ansible_collections.community.aws.plugins.module_utils.modules import AnsibleCommunityAWSModule as AnsibleAWSModule
+from ansible_collections.community.aws.plugins.module_utils.opensearch import compare_domain_versions
+from ansible_collections.community.aws.plugins.module_utils.opensearch import ensure_tags
+from ansible_collections.community.aws.plugins.module_utils.opensearch import get_domain_config
+from ansible_collections.community.aws.plugins.module_utils.opensearch import get_domain_status
+from ansible_collections.community.aws.plugins.module_utils.opensearch import get_target_increment_version
+from ansible_collections.community.aws.plugins.module_utils.opensearch import normalize_opensearch
+from ansible_collections.community.aws.plugins.module_utils.opensearch import parse_version
+from ansible_collections.community.aws.plugins.module_utils.opensearch import wait_for_domain_status
def ensure_domain_absent(client, module):
@@ -522,16 +513,17 @@ def ensure_domain_absent(client, module):
domain = get_domain_status(client, module, domain_name)
if module.check_mode:
- module.exit_json(
- changed=True, msg="Would have deleted domain if not in check mode"
- )
+ module.exit_json(changed=True, msg="Would have deleted domain if not in check mode")
try:
client.delete_domain(DomainName=domain_name)
changed = True
except is_boto3_error_code("ResourceNotFoundException"):
# The resource does not exist, or it has already been deleted
return dict(changed=False)
- except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: # pylint: disable=duplicate-except
+ except (
+ botocore.exceptions.ClientError,
+ botocore.exceptions.BotoCoreError,
+ ) as e: # pylint: disable=duplicate-except
module.fail_json_aws(e, msg="trying to delete domain")
# If we're not waiting for a delete to complete then we're all done
@@ -543,7 +535,10 @@ def ensure_domain_absent(client, module):
return dict(changed=changed)
except is_boto3_error_code("ResourceNotFoundException"):
return dict(changed=changed)
- except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: # pylint: disable=duplicate-except
+ except (
+ botocore.exceptions.ClientError,
+ botocore.exceptions.BotoCoreError,
+ ) as e: # pylint: disable=duplicate-except
module.fail_json_aws(e, "awaiting domain deletion")
@@ -568,8 +563,9 @@ def upgrade_domain(client, module, source_version, target_engine_version):
# It's not possible to upgrade directly to the target version.
# Check the module parameters to determine if this is allowed or not.
if not module.params.get("allow_intermediate_upgrades"):
- module.fail_json(msg="Cannot upgrade from {0} to version {1}. The highest compatible version is {2}".format(
- source_version, target_engine_version, next_version))
+ module.fail_json(
+ msg=f"Cannot upgrade from {source_version} to version {target_engine_version}. The highest compatible version is {next_version}"
+ )
parameters = {
"DomainName": domain_name,
@@ -592,17 +588,13 @@ def upgrade_domain(client, module, source_version, target_engine_version):
# raised if it's not possible to upgrade to the target version.
module.fail_json_aws(
e,
- msg="Couldn't upgrade domain {0} from {1} to {2}".format(
- domain_name, current_version, next_version
- ),
+ msg=f"Couldn't upgrade domain {domain_name} from {current_version} to {next_version}",
)
if module.check_mode:
module.exit_json(
changed=True,
- msg="Would have upgraded domain from {0} to {1} if not in check mode".format(
- current_version, next_version
- ),
+ msg=f"Would have upgraded domain from {current_version} to {next_version} if not in check mode",
)
current_version = next_version
@@ -610,9 +602,7 @@ def upgrade_domain(client, module, source_version, target_engine_version):
wait_for_domain_status(client, module, domain_name, "domain_available")
-def set_cluster_config(
- module, current_domain_config, desired_domain_config, change_set
-):
+def set_cluster_config(module, current_domain_config, desired_domain_config, change_set):
changed = False
cluster_config = desired_domain_config["ClusterConfig"]
@@ -627,24 +617,16 @@ def set_cluster_config(
if cluster_config["ZoneAwarenessEnabled"]:
if cluster_opts.get("availability_zone_count") is not None:
cluster_config["ZoneAwarenessConfig"] = {
- "AvailabilityZoneCount": cluster_opts.get(
- "availability_zone_count"
- ),
+ "AvailabilityZoneCount": cluster_opts.get("availability_zone_count"),
}
if cluster_opts.get("dedicated_master") is not None:
- cluster_config["DedicatedMasterEnabled"] = cluster_opts.get(
- "dedicated_master"
- )
+ cluster_config["DedicatedMasterEnabled"] = cluster_opts.get("dedicated_master")
if cluster_config["DedicatedMasterEnabled"]:
if cluster_opts.get("dedicated_master_instance_type") is not None:
- cluster_config["DedicatedMasterType"] = cluster_opts.get(
- "dedicated_master_instance_type"
- )
+ cluster_config["DedicatedMasterType"] = cluster_opts.get("dedicated_master_instance_type")
if cluster_opts.get("dedicated_master_instance_count") is not None:
- cluster_config["DedicatedMasterCount"] = cluster_opts.get(
- "dedicated_master_instance_count"
- )
+ cluster_config["DedicatedMasterCount"] = cluster_opts.get("dedicated_master_instance_count")
if cluster_opts.get("warm_enabled") is not None:
cluster_config["WarmEnabled"] = cluster_opts.get("warm_enabled")
@@ -665,32 +647,19 @@ def set_cluster_config(
if cold_storage_opts is not None and cold_storage_opts.get("enabled"):
module.fail_json(msg="Cold Storage is not supported")
cluster_config.pop("ColdStorageOptions", None)
- if (
- current_domain_config is not None
- and "ClusterConfig" in current_domain_config
- ):
+ if current_domain_config is not None and "ClusterConfig" in current_domain_config:
# Remove 'ColdStorageOptions' from the current domain config, otherwise the actual vs desired diff
# will indicate a change must be done.
current_domain_config["ClusterConfig"].pop("ColdStorageOptions", None)
else:
# Elasticsearch 7.9 and above support ColdStorageOptions.
- if (
- cold_storage_opts is not None
- and cold_storage_opts.get("enabled") is not None
- ):
+ if cold_storage_opts is not None and cold_storage_opts.get("enabled") is not None:
cluster_config["ColdStorageOptions"] = {
"Enabled": cold_storage_opts.get("enabled"),
}
- if (
- current_domain_config is not None
- and current_domain_config["ClusterConfig"] != cluster_config
- ):
- change_set.append(
- "ClusterConfig changed from {0} to {1}".format(
- current_domain_config["ClusterConfig"], cluster_config
- )
- )
+ if current_domain_config is not None and current_domain_config["ClusterConfig"] != cluster_config:
+ change_set.append(f"ClusterConfig changed from {current_domain_config['ClusterConfig']} to {cluster_config}")
changed = True
return changed
@@ -716,22 +685,13 @@ def set_ebs_options(module, current_domain_config, desired_domain_config, change
if ebs_opts.get("iops") is not None:
ebs_config["Iops"] = ebs_opts.get("iops")
- if (
- current_domain_config is not None
- and current_domain_config["EBSOptions"] != ebs_config
- ):
- change_set.append(
- "EBSOptions changed from {0} to {1}".format(
- current_domain_config["EBSOptions"], ebs_config
- )
- )
+ if current_domain_config is not None and current_domain_config["EBSOptions"] != ebs_config:
+ change_set.append(f"EBSOptions changed from {current_domain_config['EBSOptions']} to {ebs_config}")
changed = True
return changed
-def set_encryption_at_rest_options(
- module, current_domain_config, desired_domain_config, change_set
-):
+def set_encryption_at_rest_options(module, current_domain_config, desired_domain_config, change_set):
changed = False
encryption_at_rest_config = desired_domain_config["EncryptionAtRestOptions"]
encryption_at_rest_opts = module.params.get("encryption_at_rest_options")
@@ -745,50 +705,36 @@ def set_encryption_at_rest_options(
}
else:
if encryption_at_rest_opts.get("kms_key_id") is not None:
- encryption_at_rest_config["KmsKeyId"] = encryption_at_rest_opts.get(
- "kms_key_id"
- )
+ encryption_at_rest_config["KmsKeyId"] = encryption_at_rest_opts.get("kms_key_id")
if (
current_domain_config is not None
- and current_domain_config["EncryptionAtRestOptions"]
- != encryption_at_rest_config
+ and current_domain_config["EncryptionAtRestOptions"] != encryption_at_rest_config
):
change_set.append(
- "EncryptionAtRestOptions changed from {0} to {1}".format(
- current_domain_config["EncryptionAtRestOptions"],
- encryption_at_rest_config,
- )
+ f"EncryptionAtRestOptions changed from {current_domain_config['EncryptionAtRestOptions']} to"
+ f" {encryption_at_rest_config}"
)
changed = True
return changed
-def set_node_to_node_encryption_options(
- module, current_domain_config, desired_domain_config, change_set
-):
+def set_node_to_node_encryption_options(module, current_domain_config, desired_domain_config, change_set):
changed = False
- node_to_node_encryption_config = desired_domain_config[
- "NodeToNodeEncryptionOptions"
- ]
+ node_to_node_encryption_config = desired_domain_config["NodeToNodeEncryptionOptions"]
node_to_node_encryption_opts = module.params.get("node_to_node_encryption_options")
if node_to_node_encryption_opts is None:
return changed
if node_to_node_encryption_opts.get("enabled") is not None:
- node_to_node_encryption_config["Enabled"] = node_to_node_encryption_opts.get(
- "enabled"
- )
+ node_to_node_encryption_config["Enabled"] = node_to_node_encryption_opts.get("enabled")
if (
current_domain_config is not None
- and current_domain_config["NodeToNodeEncryptionOptions"]
- != node_to_node_encryption_config
+ and current_domain_config["NodeToNodeEncryptionOptions"] != node_to_node_encryption_config
):
change_set.append(
- "NodeToNodeEncryptionOptions changed from {0} to {1}".format(
- current_domain_config["NodeToNodeEncryptionOptions"],
- node_to_node_encryption_config,
- )
+ f"NodeToNodeEncryptionOptions changed from {current_domain_config['NodeToNodeEncryptionOptions']} to"
+ f" {node_to_node_encryption_config}"
)
changed = True
return changed
@@ -846,53 +792,36 @@ def set_vpc_options(module, current_domain_config, desired_domain_config, change
pass
else:
# Note the subnets may be the same but be listed in a different order.
- if set(current_domain_config["VPCOptions"]["SubnetIds"]) != set(
- vpc_config["SubnetIds"]
- ):
+ if set(current_domain_config["VPCOptions"]["SubnetIds"]) != set(vpc_config["SubnetIds"]):
change_set.append(
- "SubnetIds changed from {0} to {1}".format(
- current_domain_config["VPCOptions"]["SubnetIds"],
- vpc_config["SubnetIds"],
- )
+ f"SubnetIds changed from {current_domain_config['VPCOptions']['SubnetIds']} to"
+ f" {vpc_config['SubnetIds']}"
)
changed = True
- if set(current_domain_config["VPCOptions"]["SecurityGroupIds"]) != set(
- vpc_config["SecurityGroupIds"]
- ):
+ if set(current_domain_config["VPCOptions"]["SecurityGroupIds"]) != set(vpc_config["SecurityGroupIds"]):
change_set.append(
- "SecurityGroup changed from {0} to {1}".format(
- current_domain_config["VPCOptions"]["SecurityGroupIds"],
- vpc_config["SecurityGroupIds"],
- )
+ f"SecurityGroup changed from {current_domain_config['VPCOptions']['SecurityGroupIds']} to"
+ f" {vpc_config['SecurityGroupIds']}"
)
changed = True
return changed
-def set_snapshot_options(
- module, current_domain_config, desired_domain_config, change_set
-):
+def set_snapshot_options(module, current_domain_config, desired_domain_config, change_set):
changed = False
snapshot_config = desired_domain_config["SnapshotOptions"]
snapshot_opts = module.params.get("snapshot_options")
if snapshot_opts is None:
return changed
if snapshot_opts.get("automated_snapshot_start_hour") is not None:
- snapshot_config["AutomatedSnapshotStartHour"] = snapshot_opts.get(
- "automated_snapshot_start_hour"
- )
- if (
- current_domain_config is not None
- and current_domain_config["SnapshotOptions"] != snapshot_config
- ):
+ snapshot_config["AutomatedSnapshotStartHour"] = snapshot_opts.get("automated_snapshot_start_hour")
+ if current_domain_config is not None and current_domain_config["SnapshotOptions"] != snapshot_config:
change_set.append("SnapshotOptions changed")
changed = True
return changed
-def set_cognito_options(
- module, current_domain_config, desired_domain_config, change_set
-):
+def set_cognito_options(module, current_domain_config, desired_domain_config, change_set):
changed = False
cognito_config = desired_domain_config["CognitoOptions"]
cognito_opts = module.params.get("cognito_options")
@@ -908,28 +837,17 @@ def set_cognito_options(
if cognito_opts.get("cognito_user_pool_id") is not None:
cognito_config["UserPoolId"] = cognito_opts.get("cognito_user_pool_id")
if cognito_opts.get("cognito_identity_pool_id") is not None:
- cognito_config["IdentityPoolId"] = cognito_opts.get(
- "cognito_identity_pool_id"
- )
+ cognito_config["IdentityPoolId"] = cognito_opts.get("cognito_identity_pool_id")
if cognito_opts.get("cognito_role_arn") is not None:
cognito_config["RoleArn"] = cognito_opts.get("cognito_role_arn")
- if (
- current_domain_config is not None
- and current_domain_config["CognitoOptions"] != cognito_config
- ):
- change_set.append(
- "CognitoOptions changed from {0} to {1}".format(
- current_domain_config["CognitoOptions"], cognito_config
- )
- )
+ if current_domain_config is not None and current_domain_config["CognitoOptions"] != cognito_config:
+ change_set.append(f"CognitoOptions changed from {current_domain_config['CognitoOptions']} to {cognito_config}")
changed = True
return changed
-def set_advanced_security_options(
- module, current_domain_config, desired_domain_config, change_set
-):
+def set_advanced_security_options(module, current_domain_config, desired_domain_config, change_set):
changed = False
advanced_security_config = desired_domain_config["AdvancedSecurityOptions"]
advanced_security_opts = module.params.get("advanced_security_options")
@@ -943,121 +861,87 @@ def set_advanced_security_options(
}
else:
if advanced_security_opts.get("internal_user_database_enabled") is not None:
- advanced_security_config[
- "InternalUserDatabaseEnabled"
- ] = advanced_security_opts.get("internal_user_database_enabled")
+ advanced_security_config["InternalUserDatabaseEnabled"] = advanced_security_opts.get(
+ "internal_user_database_enabled"
+ )
master_user_opts = advanced_security_opts.get("master_user_options")
if master_user_opts is not None:
advanced_security_config.setdefault("MasterUserOptions", {})
if master_user_opts.get("master_user_arn") is not None:
- advanced_security_config["MasterUserOptions"][
- "MasterUserARN"
- ] = master_user_opts.get("master_user_arn")
+ advanced_security_config["MasterUserOptions"]["MasterUserARN"] = master_user_opts.get("master_user_arn")
if master_user_opts.get("master_user_name") is not None:
- advanced_security_config["MasterUserOptions"][
- "MasterUserName"
- ] = master_user_opts.get("master_user_name")
+ advanced_security_config["MasterUserOptions"]["MasterUserName"] = master_user_opts.get(
+ "master_user_name"
+ )
if master_user_opts.get("master_user_password") is not None:
- advanced_security_config["MasterUserOptions"][
- "MasterUserPassword"
- ] = master_user_opts.get("master_user_password")
+ advanced_security_config["MasterUserOptions"]["MasterUserPassword"] = master_user_opts.get(
+ "master_user_password"
+ )
saml_opts = advanced_security_opts.get("saml_options")
if saml_opts is not None:
if saml_opts.get("enabled") is not None:
- advanced_security_config["SamlOptions"]["Enabled"] = saml_opts.get(
- "enabled"
- )
+ advanced_security_config["SamlOptions"]["Enabled"] = saml_opts.get("enabled")
idp_opts = saml_opts.get("idp")
if idp_opts is not None:
if idp_opts.get("metadata_content") is not None:
- advanced_security_config["SamlOptions"]["Idp"][
- "MetadataContent"
- ] = idp_opts.get("metadata_content")
+ advanced_security_config["SamlOptions"]["Idp"]["MetadataContent"] = idp_opts.get("metadata_content")
if idp_opts.get("entity_id") is not None:
- advanced_security_config["SamlOptions"]["Idp"][
- "EntityId"
- ] = idp_opts.get("entity_id")
+ advanced_security_config["SamlOptions"]["Idp"]["EntityId"] = idp_opts.get("entity_id")
if saml_opts.get("master_user_name") is not None:
- advanced_security_config["SamlOptions"][
- "MasterUserName"
- ] = saml_opts.get("master_user_name")
+ advanced_security_config["SamlOptions"]["MasterUserName"] = saml_opts.get("master_user_name")
if saml_opts.get("master_backend_role") is not None:
- advanced_security_config["SamlOptions"][
- "MasterBackendRole"
- ] = saml_opts.get("master_backend_role")
+ advanced_security_config["SamlOptions"]["MasterBackendRole"] = saml_opts.get("master_backend_role")
if saml_opts.get("subject_key") is not None:
- advanced_security_config["SamlOptions"]["SubjectKey"] = saml_opts.get(
- "subject_key"
- )
+ advanced_security_config["SamlOptions"]["SubjectKey"] = saml_opts.get("subject_key")
if saml_opts.get("roles_key") is not None:
- advanced_security_config["SamlOptions"]["RolesKey"] = saml_opts.get(
- "roles_key"
- )
+ advanced_security_config["SamlOptions"]["RolesKey"] = saml_opts.get("roles_key")
if saml_opts.get("session_timeout_minutes") is not None:
- advanced_security_config["SamlOptions"][
- "SessionTimeoutMinutes"
- ] = saml_opts.get("session_timeout_minutes")
+ advanced_security_config["SamlOptions"]["SessionTimeoutMinutes"] = saml_opts.get(
+ "session_timeout_minutes"
+ )
if (
current_domain_config is not None
and current_domain_config["AdvancedSecurityOptions"] != advanced_security_config
):
change_set.append(
- "AdvancedSecurityOptions changed from {0} to {1}".format(
- current_domain_config["AdvancedSecurityOptions"],
- advanced_security_config,
- )
+ f"AdvancedSecurityOptions changed from {current_domain_config['AdvancedSecurityOptions']} to"
+ f" {advanced_security_config}"
)
changed = True
return changed
-def set_domain_endpoint_options(
- module, current_domain_config, desired_domain_config, change_set
-):
+def set_domain_endpoint_options(module, current_domain_config, desired_domain_config, change_set):
changed = False
domain_endpoint_config = desired_domain_config["DomainEndpointOptions"]
domain_endpoint_opts = module.params.get("domain_endpoint_options")
if domain_endpoint_opts is None:
return changed
if domain_endpoint_opts.get("enforce_https") is not None:
- domain_endpoint_config["EnforceHTTPS"] = domain_endpoint_opts.get(
- "enforce_https"
- )
+ domain_endpoint_config["EnforceHTTPS"] = domain_endpoint_opts.get("enforce_https")
if domain_endpoint_opts.get("tls_security_policy") is not None:
- domain_endpoint_config["TLSSecurityPolicy"] = domain_endpoint_opts.get(
- "tls_security_policy"
- )
+ domain_endpoint_config["TLSSecurityPolicy"] = domain_endpoint_opts.get("tls_security_policy")
if domain_endpoint_opts.get("custom_endpoint_enabled") is not None:
- domain_endpoint_config["CustomEndpointEnabled"] = domain_endpoint_opts.get(
- "custom_endpoint_enabled"
- )
+ domain_endpoint_config["CustomEndpointEnabled"] = domain_endpoint_opts.get("custom_endpoint_enabled")
if domain_endpoint_config["CustomEndpointEnabled"]:
if domain_endpoint_opts.get("custom_endpoint") is not None:
- domain_endpoint_config["CustomEndpoint"] = domain_endpoint_opts.get(
- "custom_endpoint"
- )
+ domain_endpoint_config["CustomEndpoint"] = domain_endpoint_opts.get("custom_endpoint")
if domain_endpoint_opts.get("custom_endpoint_certificate_arn") is not None:
- domain_endpoint_config[
- "CustomEndpointCertificateArn"
- ] = domain_endpoint_opts.get("custom_endpoint_certificate_arn")
+ domain_endpoint_config["CustomEndpointCertificateArn"] = domain_endpoint_opts.get(
+ "custom_endpoint_certificate_arn"
+ )
- if (
- current_domain_config is not None
- and current_domain_config["DomainEndpointOptions"] != domain_endpoint_config
- ):
+ if current_domain_config is not None and current_domain_config["DomainEndpointOptions"] != domain_endpoint_config:
change_set.append(
- "DomainEndpointOptions changed from {0} to {1}".format(
- current_domain_config["DomainEndpointOptions"], domain_endpoint_config
- )
+ f"DomainEndpointOptions changed from {current_domain_config['DomainEndpointOptions']} to"
+ f" {domain_endpoint_config}"
)
changed = True
return changed
-def set_auto_tune_options(
- module, current_domain_config, desired_domain_config, change_set
-):
+def set_auto_tune_options(module, current_domain_config, desired_domain_config, change_set):
changed = False
auto_tune_config = desired_domain_config["AutoTuneOptions"]
auto_tune_opts = module.params.get("auto_tune_options")
@@ -1088,31 +972,20 @@ def set_auto_tune_options(
if duration_opt.get("unit") is not None:
schedule_entry["Duration"]["Unit"] = duration_opt.get("unit")
if s.get("cron_expression_for_recurrence") is not None:
- schedule_entry["CronExpressionForRecurrence"] = s.get(
- "cron_expression_for_recurrence"
- )
+ schedule_entry["CronExpressionForRecurrence"] = s.get("cron_expression_for_recurrence")
auto_tune_config["MaintenanceSchedules"].append(schedule_entry)
if current_domain_config is not None:
- if (
- current_domain_config["AutoTuneOptions"]["DesiredState"]
- != auto_tune_config["DesiredState"]
- ):
+ if current_domain_config["AutoTuneOptions"]["DesiredState"] != auto_tune_config["DesiredState"]:
change_set.append(
- "AutoTuneOptions.DesiredState changed from {0} to {1}".format(
- current_domain_config["AutoTuneOptions"]["DesiredState"],
- auto_tune_config["DesiredState"],
- )
+ "AutoTuneOptions.DesiredState changed from"
+ f" {current_domain_config['AutoTuneOptions']['DesiredState']} to {auto_tune_config['DesiredState']}"
)
changed = True
- if (
- auto_tune_config["MaintenanceSchedules"]
- != current_domain_config["AutoTuneOptions"]["MaintenanceSchedules"]
- ):
+ if auto_tune_config["MaintenanceSchedules"] != current_domain_config["AutoTuneOptions"]["MaintenanceSchedules"]:
change_set.append(
- "AutoTuneOptions.MaintenanceSchedules changed from {0} to {1}".format(
- current_domain_config["AutoTuneOptions"]["MaintenanceSchedules"],
- auto_tune_config["MaintenanceSchedules"],
- )
+ "AutoTuneOptions.MaintenanceSchedules changed from"
+ f" {current_domain_config['AutoTuneOptions']['MaintenanceSchedules']} to"
+ f" {auto_tune_config['MaintenanceSchedules']}"
)
changed = True
return changed
@@ -1127,18 +1000,12 @@ def set_access_policy(module, current_domain_config, desired_domain_config, chan
try:
access_policy_config = json.dumps(access_policy_opt)
except Exception as e:
- module.fail_json(
- msg="Failed to convert the policy into valid JSON: %s" % str(e)
- )
+ module.fail_json(msg=f"Failed to convert the policy into valid JSON: {str(e)}")
if current_domain_config is not None:
# Updating existing domain
current_access_policy = json.loads(current_domain_config["AccessPolicies"])
if not compare_policies(current_access_policy, access_policy_opt):
- change_set.append(
- "AccessPolicy changed from {0} to {1}".format(
- current_access_policy, access_policy_opt
- )
- )
+ change_set.append(f"AccessPolicy changed from {current_access_policy} to {access_policy_opt}")
changed = True
desired_domain_config["AccessPolicies"] = access_policy_config
else:
@@ -1201,53 +1068,26 @@ def ensure_domain_present(client, module):
# Validate the engine_version
v = parse_version(module.params.get("engine_version"))
if v is None:
- module.fail_json(
- "Invalid engine_version. Must be Elasticsearch_X.Y or OpenSearch_X.Y"
- )
+ module.fail_json("Invalid engine_version. Must be Elasticsearch_X.Y or OpenSearch_X.Y")
desired_domain_config["EngineVersion"] = module.params.get("engine_version")
changed = False
change_set = [] # For check mode purpose
- changed |= set_cluster_config(
- module, current_domain_config, desired_domain_config, change_set
- )
- changed |= set_ebs_options(
- module, current_domain_config, desired_domain_config, change_set
- )
- changed |= set_encryption_at_rest_options(
- module, current_domain_config, desired_domain_config, change_set
- )
- changed |= set_node_to_node_encryption_options(
- module, current_domain_config, desired_domain_config, change_set
- )
- changed |= set_vpc_options(
- module, current_domain_config, desired_domain_config, change_set
- )
- changed |= set_snapshot_options(
- module, current_domain_config, desired_domain_config, change_set
- )
- changed |= set_cognito_options(
- module, current_domain_config, desired_domain_config, change_set
- )
- changed |= set_advanced_security_options(
- module, current_domain_config, desired_domain_config, change_set
- )
- changed |= set_domain_endpoint_options(
- module, current_domain_config, desired_domain_config, change_set
- )
- changed |= set_auto_tune_options(
- module, current_domain_config, desired_domain_config, change_set
- )
- changed |= set_access_policy(
- module, current_domain_config, desired_domain_config, change_set
- )
+ changed |= set_cluster_config(module, current_domain_config, desired_domain_config, change_set)
+ changed |= set_ebs_options(module, current_domain_config, desired_domain_config, change_set)
+ changed |= set_encryption_at_rest_options(module, current_domain_config, desired_domain_config, change_set)
+ changed |= set_node_to_node_encryption_options(module, current_domain_config, desired_domain_config, change_set)
+ changed |= set_vpc_options(module, current_domain_config, desired_domain_config, change_set)
+ changed |= set_snapshot_options(module, current_domain_config, desired_domain_config, change_set)
+ changed |= set_cognito_options(module, current_domain_config, desired_domain_config, change_set)
+ changed |= set_advanced_security_options(module, current_domain_config, desired_domain_config, change_set)
+ changed |= set_domain_endpoint_options(module, current_domain_config, desired_domain_config, change_set)
+ changed |= set_auto_tune_options(module, current_domain_config, desired_domain_config, change_set)
+ changed |= set_access_policy(module, current_domain_config, desired_domain_config, change_set)
if current_domain_config is not None:
- if (
- desired_domain_config["EngineVersion"]
- != current_domain_config["EngineVersion"]
- ):
+ if desired_domain_config["EngineVersion"] != current_domain_config["EngineVersion"]:
changed = True
change_set.append("EngineVersion changed")
upgrade_domain(
@@ -1271,22 +1111,16 @@ def ensure_domain_present(client, module):
botocore.exceptions.BotoCoreError,
botocore.exceptions.ClientError,
) as e:
- module.fail_json_aws(
- e, msg="Couldn't update domain {0}".format(domain_name)
- )
+ module.fail_json_aws(e, msg=f"Couldn't update domain {domain_name}")
else:
# Create new OpenSearch cluster
if module.params.get("access_policies") is None:
- module.fail_json(
- "state is present but the following is missing: access_policies"
- )
+ module.fail_json("state is present but the following is missing: access_policies")
changed = True
if module.check_mode:
- module.exit_json(
- changed=True, msg="Would have created a domain if not in check mode"
- )
+ module.exit_json(changed=True, msg="Would have created a domain if not in check mode")
try:
response = client.create_domain(**desired_domain_config)
domain = response["DomainStatus"]
@@ -1295,22 +1129,16 @@ def ensure_domain_present(client, module):
botocore.exceptions.BotoCoreError,
botocore.exceptions.ClientError,
) as e:
- module.fail_json_aws(
- e, msg="Couldn't update domain {0}".format(domain_name)
- )
+ module.fail_json_aws(e, msg=f"Couldn't update domain {domain_name}")
try:
- existing_tags = boto3_tag_list_to_ansible_dict(
- client.list_tags(ARN=domain_arn, aws_retry=True)["TagList"]
- )
+ existing_tags = boto3_tag_list_to_ansible_dict(client.list_tags(ARN=domain_arn, aws_retry=True)["TagList"])
except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e:
- module.fail_json_aws(e, "Couldn't get tags for domain %s" % domain_name)
+ module.fail_json_aws(e, f"Couldn't get tags for domain {domain_name}")
desired_tags = module.params["tags"]
purge_tags = module.params["purge_tags"]
- changed |= ensure_tags(
- client, module, domain_arn, existing_tags, desired_tags, purge_tags
- )
+ changed |= ensure_tags(client, module, domain_arn, existing_tags, desired_tags, purge_tags)
if module.params.get("wait") and not module.check_mode:
wait_for_domain_status(client, module, domain_name, "domain_available")
@@ -1321,7 +1149,6 @@ def ensure_domain_present(client, module):
def main():
-
module = AnsibleAWSModule(
argument_spec=dict(
state=dict(choices=["present", "absent"], default="present"),
@@ -1482,8 +1309,6 @@ def main():
supports_check_mode=True,
)
- module.require_botocore_at_least("1.21.38")
-
try:
client = module.client("opensearch", retry_decorator=AWSRetry.jittered_backoff())
except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: