diff --git a/library/cloud/ec2_elb_lb b/library/cloud/ec2_elb_lb index cc2c145487..d6ac9918cc 100644 --- a/library/cloud/ec2_elb_lb +++ b/library/cloud/ec2_elb_lb @@ -51,6 +51,11 @@ options: - Purge existing availability zones on ELB that are not found in zones required: false default: false + security_group_ids: + description: + - A list of security groups to apply to the elb + require: false + default: None health_check: description: - An associative array of health check configuration settigs (see example) @@ -183,7 +188,7 @@ class ElbManager(object): """Handles ELB creation and destruction""" def __init__(self, module, name, listeners=None, purge_listeners=None, - zones=None, purge_zones=None, health_check=None, + zones=None, purge_zones=None, security_group_ids=None, health_check=None, aws_access_key=None, aws_secret_key=None, region=None): self.module = module self.name = name @@ -191,6 +196,7 @@ class ElbManager(object): self.purge_listeners = purge_listeners self.zones = zones self.purge_zones = purge_zones + self.security_group_ids = security_group_ids self.health_check = health_check self.aws_access_key = aws_access_key @@ -209,6 +215,7 @@ class ElbManager(object): self._create_elb() else: self._set_zones() + self._set_security_groups() self._set_elb_listeners() self._set_health_check() @@ -228,6 +235,7 @@ class ElbManager(object): 'name': self.elb.name, 'dns_name': self.elb.dns_name, 'zones': self.elb.availability_zones, + 'security_group_ids': self.elb.security_groups, 'status': self.status } @@ -281,6 +289,7 @@ class ElbManager(object): listeners = [self._listener_as_tuple(l) for l in self.listeners] self.elb = self.elb_conn.create_load_balancer(name=self.name, zones=self.zones, + security_groups=self.security_group_ids, complex_listeners=listeners) if self.elb: self.changed = True @@ -405,6 +414,11 @@ class ElbManager(object): if zones_to_disable: self._disable_zones(zones_to_disable) + def _set_security_groups(self): + if self.security_group_ids != None and set(self.elb.security_groups) != set(self.security_group_ids): + self.elb_conn.apply_security_groups_to_lb(self.name, self.security_group_ids) + self.Changed = True + def _set_health_check(self): """Set health check values on ELB as needed""" if self.health_check: @@ -457,6 +471,7 @@ def main(): zones={'default': None, 'required': False, 'type': 'list'}, purge_zones={'default': False, 'required': False, 'choices': BOOLEANS, 'type': 'bool'}, + security_group_ids={'default': None, 'required': False, 'type': 'list'}, health_check={'default': None, 'required': False, 'type': 'dict'}, ) ) @@ -475,6 +490,7 @@ def main(): purge_listeners = module.params['purge_listeners'] zones = module.params['zones'] purge_zones = module.params['purge_zones'] + security_group_ids = module.params['security_group_ids'] health_check = module.params['health_check'] if state == 'present' and not listeners: @@ -484,7 +500,7 @@ def main(): module.fail_json(msg="At least one availability zone is required for ELB creation") elb_man = ElbManager(module, name, listeners, purge_listeners, zones, - purge_zones, health_check, aws_access_key, + purge_zones, security_group_ids, health_check, aws_access_key, aws_secret_key, region=region) if state == 'present': diff --git a/library/cloud/elasticache b/library/cloud/elasticache index 7cbd72d736..a32f58b19e 100644 --- a/library/cloud/elasticache +++ b/library/cloud/elasticache @@ -58,6 +58,11 @@ options: - The port number on which each of the cache nodes will accept connections required: false default: 11211 + security_group_ids: + description: + - A list of vpc security group names to associate with this cache cluster. Only use if inside a vpc + required: false + default: ['default'] cache_security_groups: description: - A list of cache security group names to associate with this cache cluster @@ -152,7 +157,7 @@ class ElastiCacheManager(object): EXIST_STATUSES = ['available', 'creating', 'rebooting', 'modifying'] def __init__(self, module, name, engine, cache_engine_version, node_type, - num_nodes, cache_port, cache_security_groups, zone, wait, + num_nodes, cache_port, cache_security_groups, security_group_ids, zone, wait, hard_modify, aws_access_key, aws_secret_key, region): self.module = module self.name = name @@ -162,6 +167,7 @@ class ElastiCacheManager(object): self.num_nodes = num_nodes self.cache_port = cache_port self.cache_security_groups = cache_security_groups + self.security_group_ids = security_group_ids self.zone = zone self.wait = wait self.hard_modify = hard_modify @@ -217,6 +223,7 @@ class ElastiCacheManager(object): engine=self.engine, engine_version=self.cache_engine_version, cache_security_group_names=self.cache_security_groups, + security_group_ids=self.security_group_ids, preferred_availability_zone=self.zone, port=self.cache_port) except boto.exception.BotoServerError, e: @@ -291,6 +298,7 @@ class ElastiCacheManager(object): num_cache_nodes=self.num_nodes, cache_node_ids_to_remove=nodes_to_remove, cache_security_group_names=self.cache_security_groups, + security_group_ids=self.security_group_ids, apply_immediately=True, engine_version=self.cache_engine_version) except boto.exception.BotoServerError, e: @@ -377,12 +385,20 @@ class ElastiCacheManager(object): if self.data[key] != value: return True - # Check security groups + # Check cache security groups cache_security_groups = [] for sg in self.data['CacheSecurityGroups']: cache_security_groups.append(sg['CacheSecurityGroupName']) if set(cache_security_groups) - set(self.cache_security_groups): return True + + # check vpc security groups + vpc_security_groups = [] + for sg in self.data['SecurityGroups']: + vpc_security_groups.append(sg['SecurityGroupId']) + if set(vpc_security_groups) - set(self.security_group_ids): + return True + return False def _requires_destroy_and_create(self): @@ -469,6 +485,8 @@ def main(): cache_port={'required': False, 'default': 11211, 'type': 'int'}, cache_security_groups={'required': False, 'default': ['default'], 'type': 'list'}, + security_group_ids={'required': False, 'default': [], + 'type': 'list'}, zone={'required': False, 'default': None}, wait={'required': False, 'choices': BOOLEANS, 'default': True}, hard_modify={'required': False, 'choices': BOOLEANS, 'default': False} @@ -489,6 +507,7 @@ def main(): num_nodes = module.params['num_nodes'] cache_port = module.params['cache_port'] cache_security_groups = module.params['cache_security_groups'] + security_group_ids = module.params['security_group_ids'] zone = module.params['zone'] wait = module.params['wait'] hard_modify = module.params['hard_modify'] @@ -502,7 +521,8 @@ def main(): elasticache_manager = ElastiCacheManager(module, name, engine, cache_engine_version, node_type, num_nodes, cache_port, - cache_security_groups, zone, wait, + cache_security_groups, + security_group_ids, zone, wait, hard_modify, aws_access_key, aws_secret_key, region)