From 7fec0b69a082aaeec72fee0612766aa42f6b1b4d Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Thu, 18 Apr 2024 07:52:35 +0200 Subject: Merging upstream version 9.4.0+dfsg. Signed-off-by: Daniel Baumann --- .../community/aws/plugins/modules/opensearch.py | 473 +++++++-------------- 1 file changed, 149 insertions(+), 324 deletions(-) (limited to 'ansible_collections/community/aws/plugins/modules/opensearch.py') diff --git a/ansible_collections/community/aws/plugins/modules/opensearch.py b/ansible_collections/community/aws/plugins/modules/opensearch.py index 7ed8c0722..d89e173bb 100644 --- a/ansible_collections/community/aws/plugins/modules/opensearch.py +++ b/ansible_collections/community/aws/plugins/modules/opensearch.py @@ -1,20 +1,18 @@ #!/usr/bin/python # -*- coding: utf-8 -*- + # Copyright: Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -from __future__ import absolute_import, division, print_function -__metaclass__ = type - - -DOCUMENTATION = """ +DOCUMENTATION = r""" --- module: opensearch short_description: Creates OpenSearch or ElasticSearch domain description: - Creates or modify a Amazon OpenSearch Service domain. version_added: 4.0.0 -author: "Sebastien Rosset (@sebastien-rosset)" +author: + - "Sebastien Rosset (@sebastien-rosset)" options: state: description: @@ -387,16 +385,16 @@ options: - how long before wait gives up, in seconds. default: 300 type: int -requirements: - - botocore >= 1.21.38 extends_documentation_fragment: - - amazon.aws.aws - - amazon.aws.ec2 - - amazon.aws.boto3 + - amazon.aws.common.modules + - amazon.aws.region.modules - amazon.aws.tags + - amazon.aws.boto3 """ -EXAMPLES = """ +RETURN = r""" # """ + +EXAMPLES = r""" - name: Create OpenSearch domain for dev environment, no zone awareness, no dedicated masters community.aws.opensearch: @@ -452,16 +450,16 @@ EXAMPLES = """ auto_tune_options: enabled: true maintenance_schedules: - - start_at: "2025-01-12" - duration: - value: 1 - unit: "HOURS" - cron_expression_for_recurrence: "cron(0 12 * * ? *)" - - start_at: "2032-01-12" - duration: - value: 2 - unit: "HOURS" - cron_expression_for_recurrence: "cron(0 12 * * ? *)" + - start_at: "2025-01-12" + duration: + value: 1 + unit: "HOURS" + cron_expression_for_recurrence: "cron(0 12 * * ? *)" + - start_at: "2032-01-12" + duration: + value: 2 + unit: "HOURS" + cron_expression_for_recurrence: "cron(0 12 * * ? *)" tags: Environment: Development Application: Search @@ -480,12 +478,11 @@ EXAMPLES = """ cluster_config: instance_count: 40 wait: true - """ -from copy import deepcopy import datetime import json +from copy import deepcopy try: import botocore @@ -494,26 +491,20 @@ except ImportError: from ansible.module_utils.six import string_types -# import module snippets -from ansible_collections.amazon.aws.plugins.module_utils.core import ( - AnsibleAWSModule, - is_boto3_error_code, -) -from ansible_collections.amazon.aws.plugins.module_utils.ec2 import ( - AWSRetry, - boto3_tag_list_to_ansible_dict, - compare_policies, -) -from ansible_collections.community.aws.plugins.module_utils.opensearch import ( - compare_domain_versions, - ensure_tags, - get_domain_status, - get_domain_config, - get_target_increment_version, - normalize_opensearch, - parse_version, - wait_for_domain_status, -) +from ansible_collections.amazon.aws.plugins.module_utils.botocore import is_boto3_error_code +from ansible_collections.amazon.aws.plugins.module_utils.policy import compare_policies +from ansible_collections.amazon.aws.plugins.module_utils.retries import AWSRetry +from ansible_collections.amazon.aws.plugins.module_utils.tagging import boto3_tag_list_to_ansible_dict + +from ansible_collections.community.aws.plugins.module_utils.modules import AnsibleCommunityAWSModule as AnsibleAWSModule +from ansible_collections.community.aws.plugins.module_utils.opensearch import compare_domain_versions +from ansible_collections.community.aws.plugins.module_utils.opensearch import ensure_tags +from ansible_collections.community.aws.plugins.module_utils.opensearch import get_domain_config +from ansible_collections.community.aws.plugins.module_utils.opensearch import get_domain_status +from ansible_collections.community.aws.plugins.module_utils.opensearch import get_target_increment_version +from ansible_collections.community.aws.plugins.module_utils.opensearch import normalize_opensearch +from ansible_collections.community.aws.plugins.module_utils.opensearch import parse_version +from ansible_collections.community.aws.plugins.module_utils.opensearch import wait_for_domain_status def ensure_domain_absent(client, module): @@ -522,16 +513,17 @@ def ensure_domain_absent(client, module): domain = get_domain_status(client, module, domain_name) if module.check_mode: - module.exit_json( - changed=True, msg="Would have deleted domain if not in check mode" - ) + module.exit_json(changed=True, msg="Would have deleted domain if not in check mode") try: client.delete_domain(DomainName=domain_name) changed = True except is_boto3_error_code("ResourceNotFoundException"): # The resource does not exist, or it has already been deleted return dict(changed=False) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: # pylint: disable=duplicate-except + except ( + botocore.exceptions.ClientError, + botocore.exceptions.BotoCoreError, + ) as e: # pylint: disable=duplicate-except module.fail_json_aws(e, msg="trying to delete domain") # If we're not waiting for a delete to complete then we're all done @@ -543,7 +535,10 @@ def ensure_domain_absent(client, module): return dict(changed=changed) except is_boto3_error_code("ResourceNotFoundException"): return dict(changed=changed) - except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: # pylint: disable=duplicate-except + except ( + botocore.exceptions.ClientError, + botocore.exceptions.BotoCoreError, + ) as e: # pylint: disable=duplicate-except module.fail_json_aws(e, "awaiting domain deletion") @@ -568,8 +563,9 @@ def upgrade_domain(client, module, source_version, target_engine_version): # It's not possible to upgrade directly to the target version. # Check the module parameters to determine if this is allowed or not. if not module.params.get("allow_intermediate_upgrades"): - module.fail_json(msg="Cannot upgrade from {0} to version {1}. The highest compatible version is {2}".format( - source_version, target_engine_version, next_version)) + module.fail_json( + msg=f"Cannot upgrade from {source_version} to version {target_engine_version}. The highest compatible version is {next_version}" + ) parameters = { "DomainName": domain_name, @@ -592,17 +588,13 @@ def upgrade_domain(client, module, source_version, target_engine_version): # raised if it's not possible to upgrade to the target version. module.fail_json_aws( e, - msg="Couldn't upgrade domain {0} from {1} to {2}".format( - domain_name, current_version, next_version - ), + msg=f"Couldn't upgrade domain {domain_name} from {current_version} to {next_version}", ) if module.check_mode: module.exit_json( changed=True, - msg="Would have upgraded domain from {0} to {1} if not in check mode".format( - current_version, next_version - ), + msg=f"Would have upgraded domain from {current_version} to {next_version} if not in check mode", ) current_version = next_version @@ -610,9 +602,7 @@ def upgrade_domain(client, module, source_version, target_engine_version): wait_for_domain_status(client, module, domain_name, "domain_available") -def set_cluster_config( - module, current_domain_config, desired_domain_config, change_set -): +def set_cluster_config(module, current_domain_config, desired_domain_config, change_set): changed = False cluster_config = desired_domain_config["ClusterConfig"] @@ -627,24 +617,16 @@ def set_cluster_config( if cluster_config["ZoneAwarenessEnabled"]: if cluster_opts.get("availability_zone_count") is not None: cluster_config["ZoneAwarenessConfig"] = { - "AvailabilityZoneCount": cluster_opts.get( - "availability_zone_count" - ), + "AvailabilityZoneCount": cluster_opts.get("availability_zone_count"), } if cluster_opts.get("dedicated_master") is not None: - cluster_config["DedicatedMasterEnabled"] = cluster_opts.get( - "dedicated_master" - ) + cluster_config["DedicatedMasterEnabled"] = cluster_opts.get("dedicated_master") if cluster_config["DedicatedMasterEnabled"]: if cluster_opts.get("dedicated_master_instance_type") is not None: - cluster_config["DedicatedMasterType"] = cluster_opts.get( - "dedicated_master_instance_type" - ) + cluster_config["DedicatedMasterType"] = cluster_opts.get("dedicated_master_instance_type") if cluster_opts.get("dedicated_master_instance_count") is not None: - cluster_config["DedicatedMasterCount"] = cluster_opts.get( - "dedicated_master_instance_count" - ) + cluster_config["DedicatedMasterCount"] = cluster_opts.get("dedicated_master_instance_count") if cluster_opts.get("warm_enabled") is not None: cluster_config["WarmEnabled"] = cluster_opts.get("warm_enabled") @@ -665,32 +647,19 @@ def set_cluster_config( if cold_storage_opts is not None and cold_storage_opts.get("enabled"): module.fail_json(msg="Cold Storage is not supported") cluster_config.pop("ColdStorageOptions", None) - if ( - current_domain_config is not None - and "ClusterConfig" in current_domain_config - ): + if current_domain_config is not None and "ClusterConfig" in current_domain_config: # Remove 'ColdStorageOptions' from the current domain config, otherwise the actual vs desired diff # will indicate a change must be done. current_domain_config["ClusterConfig"].pop("ColdStorageOptions", None) else: # Elasticsearch 7.9 and above support ColdStorageOptions. - if ( - cold_storage_opts is not None - and cold_storage_opts.get("enabled") is not None - ): + if cold_storage_opts is not None and cold_storage_opts.get("enabled") is not None: cluster_config["ColdStorageOptions"] = { "Enabled": cold_storage_opts.get("enabled"), } - if ( - current_domain_config is not None - and current_domain_config["ClusterConfig"] != cluster_config - ): - change_set.append( - "ClusterConfig changed from {0} to {1}".format( - current_domain_config["ClusterConfig"], cluster_config - ) - ) + if current_domain_config is not None and current_domain_config["ClusterConfig"] != cluster_config: + change_set.append(f"ClusterConfig changed from {current_domain_config['ClusterConfig']} to {cluster_config}") changed = True return changed @@ -716,22 +685,13 @@ def set_ebs_options(module, current_domain_config, desired_domain_config, change if ebs_opts.get("iops") is not None: ebs_config["Iops"] = ebs_opts.get("iops") - if ( - current_domain_config is not None - and current_domain_config["EBSOptions"] != ebs_config - ): - change_set.append( - "EBSOptions changed from {0} to {1}".format( - current_domain_config["EBSOptions"], ebs_config - ) - ) + if current_domain_config is not None and current_domain_config["EBSOptions"] != ebs_config: + change_set.append(f"EBSOptions changed from {current_domain_config['EBSOptions']} to {ebs_config}") changed = True return changed -def set_encryption_at_rest_options( - module, current_domain_config, desired_domain_config, change_set -): +def set_encryption_at_rest_options(module, current_domain_config, desired_domain_config, change_set): changed = False encryption_at_rest_config = desired_domain_config["EncryptionAtRestOptions"] encryption_at_rest_opts = module.params.get("encryption_at_rest_options") @@ -745,50 +705,36 @@ def set_encryption_at_rest_options( } else: if encryption_at_rest_opts.get("kms_key_id") is not None: - encryption_at_rest_config["KmsKeyId"] = encryption_at_rest_opts.get( - "kms_key_id" - ) + encryption_at_rest_config["KmsKeyId"] = encryption_at_rest_opts.get("kms_key_id") if ( current_domain_config is not None - and current_domain_config["EncryptionAtRestOptions"] - != encryption_at_rest_config + and current_domain_config["EncryptionAtRestOptions"] != encryption_at_rest_config ): change_set.append( - "EncryptionAtRestOptions changed from {0} to {1}".format( - current_domain_config["EncryptionAtRestOptions"], - encryption_at_rest_config, - ) + f"EncryptionAtRestOptions changed from {current_domain_config['EncryptionAtRestOptions']} to" + f" {encryption_at_rest_config}" ) changed = True return changed -def set_node_to_node_encryption_options( - module, current_domain_config, desired_domain_config, change_set -): +def set_node_to_node_encryption_options(module, current_domain_config, desired_domain_config, change_set): changed = False - node_to_node_encryption_config = desired_domain_config[ - "NodeToNodeEncryptionOptions" - ] + node_to_node_encryption_config = desired_domain_config["NodeToNodeEncryptionOptions"] node_to_node_encryption_opts = module.params.get("node_to_node_encryption_options") if node_to_node_encryption_opts is None: return changed if node_to_node_encryption_opts.get("enabled") is not None: - node_to_node_encryption_config["Enabled"] = node_to_node_encryption_opts.get( - "enabled" - ) + node_to_node_encryption_config["Enabled"] = node_to_node_encryption_opts.get("enabled") if ( current_domain_config is not None - and current_domain_config["NodeToNodeEncryptionOptions"] - != node_to_node_encryption_config + and current_domain_config["NodeToNodeEncryptionOptions"] != node_to_node_encryption_config ): change_set.append( - "NodeToNodeEncryptionOptions changed from {0} to {1}".format( - current_domain_config["NodeToNodeEncryptionOptions"], - node_to_node_encryption_config, - ) + f"NodeToNodeEncryptionOptions changed from {current_domain_config['NodeToNodeEncryptionOptions']} to" + f" {node_to_node_encryption_config}" ) changed = True return changed @@ -846,53 +792,36 @@ def set_vpc_options(module, current_domain_config, desired_domain_config, change pass else: # Note the subnets may be the same but be listed in a different order. - if set(current_domain_config["VPCOptions"]["SubnetIds"]) != set( - vpc_config["SubnetIds"] - ): + if set(current_domain_config["VPCOptions"]["SubnetIds"]) != set(vpc_config["SubnetIds"]): change_set.append( - "SubnetIds changed from {0} to {1}".format( - current_domain_config["VPCOptions"]["SubnetIds"], - vpc_config["SubnetIds"], - ) + f"SubnetIds changed from {current_domain_config['VPCOptions']['SubnetIds']} to" + f" {vpc_config['SubnetIds']}" ) changed = True - if set(current_domain_config["VPCOptions"]["SecurityGroupIds"]) != set( - vpc_config["SecurityGroupIds"] - ): + if set(current_domain_config["VPCOptions"]["SecurityGroupIds"]) != set(vpc_config["SecurityGroupIds"]): change_set.append( - "SecurityGroup changed from {0} to {1}".format( - current_domain_config["VPCOptions"]["SecurityGroupIds"], - vpc_config["SecurityGroupIds"], - ) + f"SecurityGroup changed from {current_domain_config['VPCOptions']['SecurityGroupIds']} to" + f" {vpc_config['SecurityGroupIds']}" ) changed = True return changed -def set_snapshot_options( - module, current_domain_config, desired_domain_config, change_set -): +def set_snapshot_options(module, current_domain_config, desired_domain_config, change_set): changed = False snapshot_config = desired_domain_config["SnapshotOptions"] snapshot_opts = module.params.get("snapshot_options") if snapshot_opts is None: return changed if snapshot_opts.get("automated_snapshot_start_hour") is not None: - snapshot_config["AutomatedSnapshotStartHour"] = snapshot_opts.get( - "automated_snapshot_start_hour" - ) - if ( - current_domain_config is not None - and current_domain_config["SnapshotOptions"] != snapshot_config - ): + snapshot_config["AutomatedSnapshotStartHour"] = snapshot_opts.get("automated_snapshot_start_hour") + if current_domain_config is not None and current_domain_config["SnapshotOptions"] != snapshot_config: change_set.append("SnapshotOptions changed") changed = True return changed -def set_cognito_options( - module, current_domain_config, desired_domain_config, change_set -): +def set_cognito_options(module, current_domain_config, desired_domain_config, change_set): changed = False cognito_config = desired_domain_config["CognitoOptions"] cognito_opts = module.params.get("cognito_options") @@ -908,28 +837,17 @@ def set_cognito_options( if cognito_opts.get("cognito_user_pool_id") is not None: cognito_config["UserPoolId"] = cognito_opts.get("cognito_user_pool_id") if cognito_opts.get("cognito_identity_pool_id") is not None: - cognito_config["IdentityPoolId"] = cognito_opts.get( - "cognito_identity_pool_id" - ) + cognito_config["IdentityPoolId"] = cognito_opts.get("cognito_identity_pool_id") if cognito_opts.get("cognito_role_arn") is not None: cognito_config["RoleArn"] = cognito_opts.get("cognito_role_arn") - if ( - current_domain_config is not None - and current_domain_config["CognitoOptions"] != cognito_config - ): - change_set.append( - "CognitoOptions changed from {0} to {1}".format( - current_domain_config["CognitoOptions"], cognito_config - ) - ) + if current_domain_config is not None and current_domain_config["CognitoOptions"] != cognito_config: + change_set.append(f"CognitoOptions changed from {current_domain_config['CognitoOptions']} to {cognito_config}") changed = True return changed -def set_advanced_security_options( - module, current_domain_config, desired_domain_config, change_set -): +def set_advanced_security_options(module, current_domain_config, desired_domain_config, change_set): changed = False advanced_security_config = desired_domain_config["AdvancedSecurityOptions"] advanced_security_opts = module.params.get("advanced_security_options") @@ -943,121 +861,87 @@ def set_advanced_security_options( } else: if advanced_security_opts.get("internal_user_database_enabled") is not None: - advanced_security_config[ - "InternalUserDatabaseEnabled" - ] = advanced_security_opts.get("internal_user_database_enabled") + advanced_security_config["InternalUserDatabaseEnabled"] = advanced_security_opts.get( + "internal_user_database_enabled" + ) master_user_opts = advanced_security_opts.get("master_user_options") if master_user_opts is not None: advanced_security_config.setdefault("MasterUserOptions", {}) if master_user_opts.get("master_user_arn") is not None: - advanced_security_config["MasterUserOptions"][ - "MasterUserARN" - ] = master_user_opts.get("master_user_arn") + advanced_security_config["MasterUserOptions"]["MasterUserARN"] = master_user_opts.get("master_user_arn") if master_user_opts.get("master_user_name") is not None: - advanced_security_config["MasterUserOptions"][ - "MasterUserName" - ] = master_user_opts.get("master_user_name") + advanced_security_config["MasterUserOptions"]["MasterUserName"] = master_user_opts.get( + "master_user_name" + ) if master_user_opts.get("master_user_password") is not None: - advanced_security_config["MasterUserOptions"][ - "MasterUserPassword" - ] = master_user_opts.get("master_user_password") + advanced_security_config["MasterUserOptions"]["MasterUserPassword"] = master_user_opts.get( + "master_user_password" + ) saml_opts = advanced_security_opts.get("saml_options") if saml_opts is not None: if saml_opts.get("enabled") is not None: - advanced_security_config["SamlOptions"]["Enabled"] = saml_opts.get( - "enabled" - ) + advanced_security_config["SamlOptions"]["Enabled"] = saml_opts.get("enabled") idp_opts = saml_opts.get("idp") if idp_opts is not None: if idp_opts.get("metadata_content") is not None: - advanced_security_config["SamlOptions"]["Idp"][ - "MetadataContent" - ] = idp_opts.get("metadata_content") + advanced_security_config["SamlOptions"]["Idp"]["MetadataContent"] = idp_opts.get("metadata_content") if idp_opts.get("entity_id") is not None: - advanced_security_config["SamlOptions"]["Idp"][ - "EntityId" - ] = idp_opts.get("entity_id") + advanced_security_config["SamlOptions"]["Idp"]["EntityId"] = idp_opts.get("entity_id") if saml_opts.get("master_user_name") is not None: - advanced_security_config["SamlOptions"][ - "MasterUserName" - ] = saml_opts.get("master_user_name") + advanced_security_config["SamlOptions"]["MasterUserName"] = saml_opts.get("master_user_name") if saml_opts.get("master_backend_role") is not None: - advanced_security_config["SamlOptions"][ - "MasterBackendRole" - ] = saml_opts.get("master_backend_role") + advanced_security_config["SamlOptions"]["MasterBackendRole"] = saml_opts.get("master_backend_role") if saml_opts.get("subject_key") is not None: - advanced_security_config["SamlOptions"]["SubjectKey"] = saml_opts.get( - "subject_key" - ) + advanced_security_config["SamlOptions"]["SubjectKey"] = saml_opts.get("subject_key") if saml_opts.get("roles_key") is not None: - advanced_security_config["SamlOptions"]["RolesKey"] = saml_opts.get( - "roles_key" - ) + advanced_security_config["SamlOptions"]["RolesKey"] = saml_opts.get("roles_key") if saml_opts.get("session_timeout_minutes") is not None: - advanced_security_config["SamlOptions"][ - "SessionTimeoutMinutes" - ] = saml_opts.get("session_timeout_minutes") + advanced_security_config["SamlOptions"]["SessionTimeoutMinutes"] = saml_opts.get( + "session_timeout_minutes" + ) if ( current_domain_config is not None and current_domain_config["AdvancedSecurityOptions"] != advanced_security_config ): change_set.append( - "AdvancedSecurityOptions changed from {0} to {1}".format( - current_domain_config["AdvancedSecurityOptions"], - advanced_security_config, - ) + f"AdvancedSecurityOptions changed from {current_domain_config['AdvancedSecurityOptions']} to" + f" {advanced_security_config}" ) changed = True return changed -def set_domain_endpoint_options( - module, current_domain_config, desired_domain_config, change_set -): +def set_domain_endpoint_options(module, current_domain_config, desired_domain_config, change_set): changed = False domain_endpoint_config = desired_domain_config["DomainEndpointOptions"] domain_endpoint_opts = module.params.get("domain_endpoint_options") if domain_endpoint_opts is None: return changed if domain_endpoint_opts.get("enforce_https") is not None: - domain_endpoint_config["EnforceHTTPS"] = domain_endpoint_opts.get( - "enforce_https" - ) + domain_endpoint_config["EnforceHTTPS"] = domain_endpoint_opts.get("enforce_https") if domain_endpoint_opts.get("tls_security_policy") is not None: - domain_endpoint_config["TLSSecurityPolicy"] = domain_endpoint_opts.get( - "tls_security_policy" - ) + domain_endpoint_config["TLSSecurityPolicy"] = domain_endpoint_opts.get("tls_security_policy") if domain_endpoint_opts.get("custom_endpoint_enabled") is not None: - domain_endpoint_config["CustomEndpointEnabled"] = domain_endpoint_opts.get( - "custom_endpoint_enabled" - ) + domain_endpoint_config["CustomEndpointEnabled"] = domain_endpoint_opts.get("custom_endpoint_enabled") if domain_endpoint_config["CustomEndpointEnabled"]: if domain_endpoint_opts.get("custom_endpoint") is not None: - domain_endpoint_config["CustomEndpoint"] = domain_endpoint_opts.get( - "custom_endpoint" - ) + domain_endpoint_config["CustomEndpoint"] = domain_endpoint_opts.get("custom_endpoint") if domain_endpoint_opts.get("custom_endpoint_certificate_arn") is not None: - domain_endpoint_config[ - "CustomEndpointCertificateArn" - ] = domain_endpoint_opts.get("custom_endpoint_certificate_arn") + domain_endpoint_config["CustomEndpointCertificateArn"] = domain_endpoint_opts.get( + "custom_endpoint_certificate_arn" + ) - if ( - current_domain_config is not None - and current_domain_config["DomainEndpointOptions"] != domain_endpoint_config - ): + if current_domain_config is not None and current_domain_config["DomainEndpointOptions"] != domain_endpoint_config: change_set.append( - "DomainEndpointOptions changed from {0} to {1}".format( - current_domain_config["DomainEndpointOptions"], domain_endpoint_config - ) + f"DomainEndpointOptions changed from {current_domain_config['DomainEndpointOptions']} to" + f" {domain_endpoint_config}" ) changed = True return changed -def set_auto_tune_options( - module, current_domain_config, desired_domain_config, change_set -): +def set_auto_tune_options(module, current_domain_config, desired_domain_config, change_set): changed = False auto_tune_config = desired_domain_config["AutoTuneOptions"] auto_tune_opts = module.params.get("auto_tune_options") @@ -1088,31 +972,20 @@ def set_auto_tune_options( if duration_opt.get("unit") is not None: schedule_entry["Duration"]["Unit"] = duration_opt.get("unit") if s.get("cron_expression_for_recurrence") is not None: - schedule_entry["CronExpressionForRecurrence"] = s.get( - "cron_expression_for_recurrence" - ) + schedule_entry["CronExpressionForRecurrence"] = s.get("cron_expression_for_recurrence") auto_tune_config["MaintenanceSchedules"].append(schedule_entry) if current_domain_config is not None: - if ( - current_domain_config["AutoTuneOptions"]["DesiredState"] - != auto_tune_config["DesiredState"] - ): + if current_domain_config["AutoTuneOptions"]["DesiredState"] != auto_tune_config["DesiredState"]: change_set.append( - "AutoTuneOptions.DesiredState changed from {0} to {1}".format( - current_domain_config["AutoTuneOptions"]["DesiredState"], - auto_tune_config["DesiredState"], - ) + "AutoTuneOptions.DesiredState changed from" + f" {current_domain_config['AutoTuneOptions']['DesiredState']} to {auto_tune_config['DesiredState']}" ) changed = True - if ( - auto_tune_config["MaintenanceSchedules"] - != current_domain_config["AutoTuneOptions"]["MaintenanceSchedules"] - ): + if auto_tune_config["MaintenanceSchedules"] != current_domain_config["AutoTuneOptions"]["MaintenanceSchedules"]: change_set.append( - "AutoTuneOptions.MaintenanceSchedules changed from {0} to {1}".format( - current_domain_config["AutoTuneOptions"]["MaintenanceSchedules"], - auto_tune_config["MaintenanceSchedules"], - ) + "AutoTuneOptions.MaintenanceSchedules changed from" + f" {current_domain_config['AutoTuneOptions']['MaintenanceSchedules']} to" + f" {auto_tune_config['MaintenanceSchedules']}" ) changed = True return changed @@ -1127,18 +1000,12 @@ def set_access_policy(module, current_domain_config, desired_domain_config, chan try: access_policy_config = json.dumps(access_policy_opt) except Exception as e: - module.fail_json( - msg="Failed to convert the policy into valid JSON: %s" % str(e) - ) + module.fail_json(msg=f"Failed to convert the policy into valid JSON: {str(e)}") if current_domain_config is not None: # Updating existing domain current_access_policy = json.loads(current_domain_config["AccessPolicies"]) if not compare_policies(current_access_policy, access_policy_opt): - change_set.append( - "AccessPolicy changed from {0} to {1}".format( - current_access_policy, access_policy_opt - ) - ) + change_set.append(f"AccessPolicy changed from {current_access_policy} to {access_policy_opt}") changed = True desired_domain_config["AccessPolicies"] = access_policy_config else: @@ -1201,53 +1068,26 @@ def ensure_domain_present(client, module): # Validate the engine_version v = parse_version(module.params.get("engine_version")) if v is None: - module.fail_json( - "Invalid engine_version. Must be Elasticsearch_X.Y or OpenSearch_X.Y" - ) + module.fail_json("Invalid engine_version. Must be Elasticsearch_X.Y or OpenSearch_X.Y") desired_domain_config["EngineVersion"] = module.params.get("engine_version") changed = False change_set = [] # For check mode purpose - changed |= set_cluster_config( - module, current_domain_config, desired_domain_config, change_set - ) - changed |= set_ebs_options( - module, current_domain_config, desired_domain_config, change_set - ) - changed |= set_encryption_at_rest_options( - module, current_domain_config, desired_domain_config, change_set - ) - changed |= set_node_to_node_encryption_options( - module, current_domain_config, desired_domain_config, change_set - ) - changed |= set_vpc_options( - module, current_domain_config, desired_domain_config, change_set - ) - changed |= set_snapshot_options( - module, current_domain_config, desired_domain_config, change_set - ) - changed |= set_cognito_options( - module, current_domain_config, desired_domain_config, change_set - ) - changed |= set_advanced_security_options( - module, current_domain_config, desired_domain_config, change_set - ) - changed |= set_domain_endpoint_options( - module, current_domain_config, desired_domain_config, change_set - ) - changed |= set_auto_tune_options( - module, current_domain_config, desired_domain_config, change_set - ) - changed |= set_access_policy( - module, current_domain_config, desired_domain_config, change_set - ) + changed |= set_cluster_config(module, current_domain_config, desired_domain_config, change_set) + changed |= set_ebs_options(module, current_domain_config, desired_domain_config, change_set) + changed |= set_encryption_at_rest_options(module, current_domain_config, desired_domain_config, change_set) + changed |= set_node_to_node_encryption_options(module, current_domain_config, desired_domain_config, change_set) + changed |= set_vpc_options(module, current_domain_config, desired_domain_config, change_set) + changed |= set_snapshot_options(module, current_domain_config, desired_domain_config, change_set) + changed |= set_cognito_options(module, current_domain_config, desired_domain_config, change_set) + changed |= set_advanced_security_options(module, current_domain_config, desired_domain_config, change_set) + changed |= set_domain_endpoint_options(module, current_domain_config, desired_domain_config, change_set) + changed |= set_auto_tune_options(module, current_domain_config, desired_domain_config, change_set) + changed |= set_access_policy(module, current_domain_config, desired_domain_config, change_set) if current_domain_config is not None: - if ( - desired_domain_config["EngineVersion"] - != current_domain_config["EngineVersion"] - ): + if desired_domain_config["EngineVersion"] != current_domain_config["EngineVersion"]: changed = True change_set.append("EngineVersion changed") upgrade_domain( @@ -1271,22 +1111,16 @@ def ensure_domain_present(client, module): botocore.exceptions.BotoCoreError, botocore.exceptions.ClientError, ) as e: - module.fail_json_aws( - e, msg="Couldn't update domain {0}".format(domain_name) - ) + module.fail_json_aws(e, msg=f"Couldn't update domain {domain_name}") else: # Create new OpenSearch cluster if module.params.get("access_policies") is None: - module.fail_json( - "state is present but the following is missing: access_policies" - ) + module.fail_json("state is present but the following is missing: access_policies") changed = True if module.check_mode: - module.exit_json( - changed=True, msg="Would have created a domain if not in check mode" - ) + module.exit_json(changed=True, msg="Would have created a domain if not in check mode") try: response = client.create_domain(**desired_domain_config) domain = response["DomainStatus"] @@ -1295,22 +1129,16 @@ def ensure_domain_present(client, module): botocore.exceptions.BotoCoreError, botocore.exceptions.ClientError, ) as e: - module.fail_json_aws( - e, msg="Couldn't update domain {0}".format(domain_name) - ) + module.fail_json_aws(e, msg=f"Couldn't update domain {domain_name}") try: - existing_tags = boto3_tag_list_to_ansible_dict( - client.list_tags(ARN=domain_arn, aws_retry=True)["TagList"] - ) + existing_tags = boto3_tag_list_to_ansible_dict(client.list_tags(ARN=domain_arn, aws_retry=True)["TagList"]) except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: - module.fail_json_aws(e, "Couldn't get tags for domain %s" % domain_name) + module.fail_json_aws(e, f"Couldn't get tags for domain {domain_name}") desired_tags = module.params["tags"] purge_tags = module.params["purge_tags"] - changed |= ensure_tags( - client, module, domain_arn, existing_tags, desired_tags, purge_tags - ) + changed |= ensure_tags(client, module, domain_arn, existing_tags, desired_tags, purge_tags) if module.params.get("wait") and not module.check_mode: wait_for_domain_status(client, module, domain_name, "domain_available") @@ -1321,7 +1149,6 @@ def ensure_domain_present(client, module): def main(): - module = AnsibleAWSModule( argument_spec=dict( state=dict(choices=["present", "absent"], default="present"), @@ -1482,8 +1309,6 @@ def main(): supports_check_mode=True, ) - module.require_botocore_at_least("1.21.38") - try: client = module.client("opensearch", retry_decorator=AWSRetry.jittered_backoff()) except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: -- cgit v1.2.3