2016-09-16 21:34:37 +02:00
|
|
|
#!/usr/bin/python
|
|
|
|
# This file is part of Ansible
|
|
|
|
#
|
|
|
|
# Ansible is free software: you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
|
|
# (at your option) any later version.
|
|
|
|
#
|
|
|
|
# Ansible is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
2017-03-14 17:07:22 +01:00
|
|
|
ANSIBLE_METADATA = {'metadata_version': '1.0',
|
|
|
|
'status': ['preview'],
|
|
|
|
'supported_by': 'community'}
|
|
|
|
|
2016-12-06 11:35:25 +01:00
|
|
|
|
2016-09-16 21:34:37 +02:00
|
|
|
DOCUMENTATION = '''
|
|
|
|
---
|
|
|
|
module: cloudwatchevent_rule
|
|
|
|
short_description: Manage CloudWatch Event rules and targets
|
|
|
|
description:
|
|
|
|
- This module creates and manages CloudWatch event rules and targets.
|
|
|
|
version_added: "2.2"
|
|
|
|
extends_documentation_fragment:
|
|
|
|
- aws
|
|
|
|
author: "Jim Dalton (@jsdalton) <jim.dalton@gmail.com>"
|
|
|
|
requirements:
|
|
|
|
- python >= 2.6
|
|
|
|
- boto3
|
|
|
|
notes:
|
|
|
|
- A rule must contain at least an I(event_pattern) or I(schedule_expression). A
|
|
|
|
rule can have both an I(event_pattern) and a I(schedule_expression), in which
|
|
|
|
case the rule will trigger on matching events as well as on a schedule.
|
|
|
|
- When specifying targets, I(input) and I(input_path) are mutually-exclusive
|
|
|
|
and optional parameters.
|
|
|
|
options:
|
|
|
|
name:
|
|
|
|
description:
|
|
|
|
- The name of the rule you are creating, updating or deleting. No spaces
|
|
|
|
or special characters allowed (i.e. must match C([\.\-_A-Za-z0-9]+))
|
|
|
|
required: true
|
|
|
|
schedule_expression:
|
|
|
|
description:
|
|
|
|
- A cron or rate expression that defines the schedule the rule will
|
|
|
|
trigger on. For example, C(cron(0 20 * * ? *)), C(rate(5 minutes))
|
|
|
|
required: false
|
|
|
|
event_pattern:
|
|
|
|
description:
|
|
|
|
- A string pattern (in valid JSON format) that is used to match against
|
|
|
|
incoming events to determine if the rule should be triggered
|
|
|
|
required: false
|
|
|
|
state:
|
|
|
|
description:
|
|
|
|
- Whether the rule is present (and enabled), disabled, or absent
|
|
|
|
choices: ["present", "disabled", "absent"]
|
|
|
|
default: present
|
|
|
|
required: false
|
|
|
|
description:
|
|
|
|
description:
|
|
|
|
- A description of the rule
|
|
|
|
required: false
|
|
|
|
role_arn:
|
|
|
|
description:
|
|
|
|
- The Amazon Resource Name (ARN) of the IAM role associated with the rule
|
|
|
|
required: false
|
|
|
|
targets:
|
|
|
|
description:
|
|
|
|
- "A dictionary array of targets to add to or update for the rule, in the
|
|
|
|
form C({ id: [string], arn: [string], input: [valid JSON string], input_path: [valid JSONPath string] }).
|
|
|
|
I(id) [required] is the unique target assignment ID. I(arn) (required)
|
|
|
|
is the Amazon Resource Name associated with the target. I(input)
|
|
|
|
(optional) is a JSON object that will override the event data when
|
|
|
|
passed to the target. I(input_path) (optional) is a JSONPath string
|
|
|
|
(e.g. C($.detail)) that specifies the part of the event data to be
|
|
|
|
passed to the target. If neither I(input) nor I(input_path) is
|
|
|
|
specified, then the entire event is passed to the target in JSON form."
|
|
|
|
required: false
|
|
|
|
'''
|
|
|
|
|
|
|
|
EXAMPLES = '''
|
|
|
|
- cloudwatchevent_rule:
|
|
|
|
name: MyCronTask
|
|
|
|
schedule_expression: "cron(0 20 * * ? *)"
|
|
|
|
description: Run my scheduled task
|
|
|
|
targets:
|
|
|
|
- id: MyTargetId
|
|
|
|
arn: arn:aws:lambda:us-east-1:123456789012:function:MyFunction
|
|
|
|
|
|
|
|
- cloudwatchevent_rule:
|
|
|
|
name: MyDisabledCronTask
|
|
|
|
schedule_expression: "cron(5 minutes)"
|
|
|
|
description: Run my disabled scheduled task
|
|
|
|
state: disabled
|
|
|
|
targets:
|
|
|
|
- id: MyOtherTargetId
|
|
|
|
arn: arn:aws:lambda:us-east-1:123456789012:function:MyFunction
|
|
|
|
input: '{"foo": "bar"}'
|
|
|
|
|
2016-11-11 23:36:55 +01:00
|
|
|
- cloudwatchevent_rule:
|
|
|
|
name: MyCronTask
|
|
|
|
state: absent
|
2016-09-16 21:34:37 +02:00
|
|
|
'''
|
|
|
|
|
|
|
|
RETURN = '''
|
|
|
|
rule:
|
|
|
|
description: CloudWatch Event rule data
|
|
|
|
returned: success
|
|
|
|
type: dict
|
|
|
|
sample: "{ 'arn': 'arn:aws:events:us-east-1:123456789012:rule/MyCronTask', 'description': 'Run my scheduled task', 'name': 'MyCronTask', 'schedule_expression': 'cron(0 20 * * ? *)', 'state': 'ENABLED' }"
|
|
|
|
targets:
|
|
|
|
description: CloudWatch Event target(s) assigned to the rule
|
|
|
|
returned: success
|
|
|
|
type: list
|
|
|
|
sample: "[{ 'arn': 'arn:aws:lambda:us-east-1:123456789012:function:MyFunction', 'id': 'MyTargetId' }]"
|
2017-03-23 02:50:28 +01:00
|
|
|
''' # NOQA
|
2016-09-16 21:34:37 +02:00
|
|
|
|
|
|
|
|
|
|
|
class CloudWatchEventRule(object):
|
|
|
|
def __init__(self, module, name, client, schedule_expression=None,
|
|
|
|
event_pattern=None, description=None, role_arn=None):
|
|
|
|
self.name = name
|
|
|
|
self.client = client
|
|
|
|
self.changed = False
|
|
|
|
self.schedule_expression = schedule_expression
|
|
|
|
self.event_pattern = event_pattern
|
|
|
|
self.description = description
|
|
|
|
self.role_arn = role_arn
|
|
|
|
|
|
|
|
def describe(self):
|
|
|
|
"""Returns the existing details of the rule in AWS"""
|
|
|
|
try:
|
|
|
|
rule_info = self.client.describe_rule(Name=self.name)
|
2016-09-16 21:46:41 +02:00
|
|
|
except botocore.exceptions.ClientError as e:
|
2016-09-16 21:34:37 +02:00
|
|
|
error_code = e.response.get('Error', {}).get('Code')
|
|
|
|
if error_code == 'ResourceNotFoundException':
|
|
|
|
return {}
|
|
|
|
raise
|
|
|
|
return self._snakify(rule_info)
|
|
|
|
|
|
|
|
def put(self, enabled=True):
|
|
|
|
"""Creates or updates the rule in AWS"""
|
|
|
|
request = {
|
|
|
|
'Name': self.name,
|
|
|
|
'State': "ENABLED" if enabled else "DISABLED",
|
|
|
|
}
|
|
|
|
if self.schedule_expression:
|
|
|
|
request['ScheduleExpression'] = self.schedule_expression
|
|
|
|
if self.event_pattern:
|
|
|
|
request['EventPattern'] = self.event_pattern
|
|
|
|
if self.description:
|
|
|
|
request['Description'] = self.description
|
|
|
|
if self.role_arn:
|
|
|
|
request['RoleArn'] = self.role_arn
|
|
|
|
response = self.client.put_rule(**request)
|
|
|
|
self.changed = True
|
|
|
|
return response
|
|
|
|
|
|
|
|
def delete(self):
|
|
|
|
"""Deletes the rule in AWS"""
|
|
|
|
self.remove_all_targets()
|
|
|
|
response = self.client.delete_rule(Name=self.name)
|
|
|
|
self.changed = True
|
|
|
|
return response
|
|
|
|
|
|
|
|
def enable(self):
|
|
|
|
"""Enables the rule in AWS"""
|
|
|
|
response = self.client.enable_rule(Name=self.name)
|
|
|
|
self.changed = True
|
|
|
|
return response
|
|
|
|
|
|
|
|
def disable(self):
|
|
|
|
"""Disables the rule in AWS"""
|
|
|
|
response = self.client.disable_rule(Name=self.name)
|
|
|
|
self.changed = True
|
|
|
|
return response
|
|
|
|
|
|
|
|
def list_targets(self):
|
|
|
|
"""Lists the existing targets for the rule in AWS"""
|
|
|
|
try:
|
|
|
|
targets = self.client.list_targets_by_rule(Rule=self.name)
|
2016-09-16 21:46:41 +02:00
|
|
|
except botocore.exceptions.ClientError as e:
|
2016-09-16 21:34:37 +02:00
|
|
|
error_code = e.response.get('Error', {}).get('Code')
|
|
|
|
if error_code == 'ResourceNotFoundException':
|
|
|
|
return []
|
|
|
|
raise
|
|
|
|
return self._snakify(targets)['targets']
|
|
|
|
|
|
|
|
def put_targets(self, targets):
|
|
|
|
"""Creates or updates the provided targets on the rule in AWS"""
|
|
|
|
if not targets:
|
|
|
|
return
|
|
|
|
request = {
|
|
|
|
'Rule': self.name,
|
|
|
|
'Targets': self._targets_request(targets),
|
|
|
|
}
|
|
|
|
response = self.client.put_targets(**request)
|
|
|
|
self.changed = True
|
|
|
|
return response
|
|
|
|
|
|
|
|
def remove_targets(self, target_ids):
|
|
|
|
"""Removes the provided targets from the rule in AWS"""
|
|
|
|
if not target_ids:
|
|
|
|
return
|
|
|
|
request = {
|
|
|
|
'Rule': self.name,
|
|
|
|
'Ids': target_ids
|
|
|
|
}
|
|
|
|
response = self.client.remove_targets(**request)
|
|
|
|
self.changed = True
|
|
|
|
return response
|
|
|
|
|
|
|
|
def remove_all_targets(self):
|
|
|
|
"""Removes all targets on rule"""
|
|
|
|
targets = self.list_targets()
|
|
|
|
return self.remove_targets([t['id'] for t in targets])
|
|
|
|
|
|
|
|
def _targets_request(self, targets):
|
|
|
|
"""Formats each target for the request"""
|
|
|
|
targets_request = []
|
|
|
|
for target in targets:
|
|
|
|
target_request = {
|
|
|
|
'Id': target['id'],
|
|
|
|
'Arn': target['arn']
|
|
|
|
}
|
|
|
|
if 'input' in target:
|
|
|
|
target_request['Input'] = target['input']
|
|
|
|
if 'input_path' in target:
|
|
|
|
target_request['InputPath'] = target['input_path']
|
|
|
|
targets_request.append(target_request)
|
|
|
|
return targets_request
|
|
|
|
|
|
|
|
def _snakify(self, dict):
|
|
|
|
"""Converts cammel case to snake case"""
|
|
|
|
return camel_dict_to_snake_dict(dict)
|
|
|
|
|
|
|
|
|
|
|
|
class CloudWatchEventRuleManager(object):
|
|
|
|
RULE_FIELDS = ['name', 'event_pattern', 'schedule_expression', 'description', 'role_arn']
|
|
|
|
|
|
|
|
def __init__(self, rule, targets):
|
|
|
|
self.rule = rule
|
|
|
|
self.targets = targets
|
|
|
|
|
|
|
|
def ensure_present(self, enabled=True):
|
|
|
|
"""Ensures the rule and targets are present and synced"""
|
|
|
|
rule_description = self.rule.describe()
|
|
|
|
if rule_description:
|
|
|
|
# Rule exists so update rule, targets and state
|
|
|
|
self._sync_rule(enabled)
|
|
|
|
self._sync_targets()
|
|
|
|
self._sync_state(enabled)
|
|
|
|
else:
|
|
|
|
# Rule does not exist, so create new rule and targets
|
|
|
|
self._create(enabled)
|
|
|
|
|
|
|
|
def ensure_disabled(self):
|
|
|
|
"""Ensures the rule and targets are present, but disabled, and synced"""
|
|
|
|
self.ensure_present(enabled=False)
|
|
|
|
|
|
|
|
def ensure_absent(self):
|
|
|
|
"""Ensures the rule and targets are absent"""
|
|
|
|
rule_description = self.rule.describe()
|
|
|
|
if not rule_description:
|
|
|
|
# Rule doesn't exist so don't need to delete
|
|
|
|
return
|
|
|
|
self.rule.delete()
|
|
|
|
|
|
|
|
def fetch_aws_state(self):
|
|
|
|
"""Retrieves rule and target state from AWS"""
|
|
|
|
aws_state = {
|
|
|
|
'rule': {},
|
|
|
|
'targets': [],
|
|
|
|
'changed': self.rule.changed
|
|
|
|
}
|
|
|
|
rule_description = self.rule.describe()
|
|
|
|
if not rule_description:
|
|
|
|
return aws_state
|
|
|
|
|
|
|
|
# Don't need to include response metadata noise in response
|
|
|
|
del rule_description['response_metadata']
|
|
|
|
|
|
|
|
aws_state['rule'] = rule_description
|
|
|
|
aws_state['targets'].extend(self.rule.list_targets())
|
|
|
|
return aws_state
|
|
|
|
|
|
|
|
def _sync_rule(self, enabled=True):
|
|
|
|
"""Syncs local rule state with AWS"""
|
|
|
|
if not self._rule_matches_aws():
|
|
|
|
self.rule.put(enabled)
|
|
|
|
|
|
|
|
def _sync_targets(self):
|
|
|
|
"""Syncs local targets with AWS"""
|
|
|
|
# Identify and remove extraneous targets on AWS
|
|
|
|
target_ids_to_remove = self._remote_target_ids_to_remove()
|
|
|
|
if target_ids_to_remove:
|
|
|
|
self.rule.remove_targets(target_ids_to_remove)
|
|
|
|
|
|
|
|
# Identify targets that need to be added or updated on AWS
|
|
|
|
targets_to_put = self._targets_to_put()
|
|
|
|
if targets_to_put:
|
|
|
|
self.rule.put_targets(targets_to_put)
|
|
|
|
|
|
|
|
def _sync_state(self, enabled=True):
|
|
|
|
"""Syncs local rule state with AWS"""
|
|
|
|
remote_state = self._remote_state()
|
|
|
|
if enabled and remote_state != 'ENABLED':
|
|
|
|
self.rule.enable()
|
|
|
|
elif not enabled and remote_state != 'DISABLED':
|
|
|
|
self.rule.disable()
|
|
|
|
|
|
|
|
def _create(self, enabled=True):
|
|
|
|
"""Creates rule and targets on AWS"""
|
|
|
|
self.rule.put(enabled)
|
|
|
|
self.rule.put_targets(self.targets)
|
|
|
|
|
|
|
|
def _rule_matches_aws(self):
|
|
|
|
"""Checks if the local rule data matches AWS"""
|
|
|
|
aws_rule_data = self.rule.describe()
|
|
|
|
|
|
|
|
# The rule matches AWS only if all rule data fields are equal
|
|
|
|
# to their corresponding local value defined in the task
|
|
|
|
return all([
|
|
|
|
getattr(self.rule, field) == aws_rule_data.get(field, None)
|
|
|
|
for field in self.RULE_FIELDS
|
|
|
|
])
|
|
|
|
|
|
|
|
def _targets_to_put(self):
|
|
|
|
"""Returns a list of targets that need to be updated or added remotely"""
|
|
|
|
remote_targets = self.rule.list_targets()
|
|
|
|
return [t for t in self.targets if t not in remote_targets]
|
|
|
|
|
|
|
|
def _remote_target_ids_to_remove(self):
|
|
|
|
"""Returns a list of targets that need to be removed remotely"""
|
|
|
|
target_ids = [t['id'] for t in self.targets]
|
|
|
|
remote_targets = self.rule.list_targets()
|
|
|
|
return [
|
|
|
|
rt['id'] for rt in remote_targets if rt['id'] not in target_ids
|
|
|
|
]
|
|
|
|
|
|
|
|
def _remote_state(self):
|
|
|
|
"""Returns the remote state from AWS"""
|
|
|
|
description = self.rule.describe()
|
|
|
|
if not description:
|
|
|
|
return
|
|
|
|
return description['state']
|
|
|
|
|
|
|
|
|
|
|
|
def get_cloudwatchevents_client(module):
|
|
|
|
"""Returns a boto3 client for accessing CloudWatch Events"""
|
|
|
|
try:
|
|
|
|
region, ec2_url, aws_conn_kwargs = get_aws_connection_info(module,
|
|
|
|
boto3=True)
|
|
|
|
if not region:
|
|
|
|
module.fail_json(msg="Region must be specified as a parameter, in \
|
|
|
|
EC2_REGION or AWS_REGION environment variables \
|
|
|
|
or in boto configuration file")
|
|
|
|
return boto3_conn(module, conn_type='client',
|
|
|
|
resource='events',
|
|
|
|
region=region, endpoint=ec2_url,
|
|
|
|
**aws_conn_kwargs)
|
2016-09-16 21:46:41 +02:00
|
|
|
except boto3.exception.NoAuthHandlerFound as e:
|
2016-09-16 21:34:37 +02:00
|
|
|
module.fail_json(msg=str(e))
|
|
|
|
|
|
|
|
|
|
|
|
def main():
|
|
|
|
argument_spec = ec2_argument_spec()
|
|
|
|
argument_spec.update(dict(
|
|
|
|
name = dict(required=True),
|
|
|
|
schedule_expression = dict(),
|
|
|
|
event_pattern = dict(),
|
|
|
|
state = dict(choices=['present', 'disabled', 'absent'],
|
|
|
|
default='present'),
|
|
|
|
description = dict(),
|
|
|
|
role_arn = dict(),
|
|
|
|
targets = dict(type='list', default=[]),
|
|
|
|
))
|
|
|
|
module = AnsibleModule(argument_spec=argument_spec)
|
|
|
|
|
|
|
|
if not HAS_BOTO3:
|
|
|
|
module.fail_json(msg='boto3 required for this module')
|
|
|
|
|
|
|
|
rule_data = dict(
|
|
|
|
[(rf, module.params.get(rf)) for rf in CloudWatchEventRuleManager.RULE_FIELDS]
|
|
|
|
)
|
|
|
|
targets = module.params.get('targets')
|
|
|
|
state = module.params.get('state')
|
|
|
|
|
|
|
|
cwe_rule = CloudWatchEventRule(module,
|
|
|
|
client=get_cloudwatchevents_client(module),
|
|
|
|
**rule_data)
|
|
|
|
cwe_rule_manager = CloudWatchEventRuleManager(cwe_rule, targets)
|
|
|
|
|
|
|
|
if state == 'present':
|
|
|
|
cwe_rule_manager.ensure_present()
|
|
|
|
elif state == 'disabled':
|
|
|
|
cwe_rule_manager.ensure_disabled()
|
|
|
|
elif state == 'absent':
|
|
|
|
cwe_rule_manager.ensure_absent()
|
|
|
|
else:
|
|
|
|
module.fail_json(msg="Invalid state '{0}' provided".format(state))
|
|
|
|
|
|
|
|
module.exit_json(**cwe_rule_manager.fetch_aws_state())
|
|
|
|
|
|
|
|
|
|
|
|
# import module snippets
|
|
|
|
from ansible.module_utils.basic import *
|
|
|
|
from ansible.module_utils.ec2 import *
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
main()
|