diff --git a/changelogs/fragments/1778-elb_application_lb_info-fetch-subsets.yml b/changelogs/fragments/1778-elb_application_lb_info-fetch-subsets.yml new file mode 100644 index 00000000000..50be8a3d1d1 --- /dev/null +++ b/changelogs/fragments/1778-elb_application_lb_info-fetch-subsets.yml @@ -0,0 +1,2 @@ +minor_changes: + - "elb_application_lb_info - add new parameters ``include_attributes``, ``include_listeners`` and ``include_listener_rules`` to optionally speed up module by fetching less information (https://github.com/ansible-collections/amazon.aws/pull/1778)." diff --git a/plugins/modules/elb_application_lb_info.py b/plugins/modules/elb_application_lb_info.py index 7964495d665..a14b95864f8 100644 --- a/plugins/modules/elb_application_lb_info.py +++ b/plugins/modules/elb_application_lb_info.py @@ -27,6 +27,28 @@ required: false type: list elements: str + include_attributes: + description: + - Whether or not to include load balancer attributes in the response. + required: false + type: bool + default: true + version_added: 7.0.0 + include_listeners: + description: + - Whether or not to include load balancer listeners in the response. + required: false + type: bool + default: true + version_added: 7.0.0 + include_listener_rules: + description: + - Whether or not to include load balancer listener rules in the response. + - Implies I(include_listeners=true) + required: false + type: bool + default: true + version_added: 7.0.0 extends_documentation_fragment: - amazon.aws.common.modules @@ -40,6 +62,13 @@ - name: Gather information about all ALBs amazon.aws.elb_application_lb_info: +# Equivalent to aws elbv2 describe-load-balancers +- name: Gather minimal information about all ALBs + amazon.aws.elb_application_lb_info: + include_attributes: false + include_listeners: false + include_listener_rules: false + - name: Gather information about a particular ALB given its ARN amazon.aws.elb_application_lb_info: load_balancer_arns: @@ -68,14 +97,17 @@ contains: access_logs_s3_bucket: description: The name of the S3 bucket for the access logs. + returned: when include_attributes is true type: str sample: "mys3bucket" access_logs_s3_enabled: description: Indicates whether access logs stored in Amazon S3 are enabled. + returned: when include_attributes is true type: bool sample: true access_logs_s3_prefix: description: The prefix for the location in the S3 bucket. + returned: when include_attributes is true type: str sample: "my/logs" availability_zones: @@ -92,6 +124,7 @@ sample: "2015-02-12T02:14:02+00:00" deletion_protection_enabled: description: Indicates whether deletion protection is enabled. + returned: when include_attributes is true type: bool sample: true dns_name: @@ -100,6 +133,7 @@ sample: "internal-my-alb-123456789.ap-southeast-2.elb.amazonaws.com" idle_timeout_timeout_seconds: description: The idle timeout value, in seconds. + returned: when include_attributes is true type: int sample: 60 ip_address_type: @@ -108,6 +142,7 @@ sample: "ipv4" listeners: description: Information about the listeners. + returned: when include_listeners or include_listener_rules is true type: complex contains: listener_arn: @@ -126,6 +161,11 @@ description: The protocol for connections from clients to the load balancer. type: str sample: "HTTPS" + rules: + description: List of listener rules. + returned: when include_listener_rules is true + type: list + sample: "" certificates: description: The SSL server certificate. type: complex @@ -158,24 +198,34 @@ description: The name of the load balancer. type: str sample: "my-alb" + load_balancing_cross_zone_enabled: + description: Indicates whether or not cross-zone load balancing is enabled. + returned: when include_attributes is true + type: bool + sample: true routing_http2_enabled: description: Indicates whether HTTP/2 is enabled. + returned: when include_attributes is true type: bool sample: true routing_http_desync_mitigation_mode: description: Determines how the load balancer handles requests that might pose a security risk to an application. + returned: when include_attributes is true type: str sample: "defensive" routing_http_drop_invalid_header_fields_enabled: description: Indicates whether HTTP headers with invalid header fields are removed by the load balancer (true) or routed to targets (false). + returned: when include_attributes is true type: bool sample: false routing_http_x_amzn_tls_version_and_cipher_suite_enabled: description: Indicates whether the two headers are added to the client request before sending it to the target. + returned: when include_attributes is true type: bool sample: false routing_http_xff_client_port_enabled: description: Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer. + returned: when include_attributes is true type: bool sample: false scheme: @@ -207,6 +257,7 @@ waf_fail_open_enabled: description: Indicates whether to allow a AWS WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. + returned: when include_attributes is true type: bool sample: false """ @@ -282,6 +333,9 @@ def get_load_balancer_tags(connection, module, load_balancer_arn): def list_load_balancers(connection, module): load_balancer_arns = module.params.get("load_balancer_arns") names = module.params.get("names") + include_attributes = module.params.get("include_attributes") + include_listeners = module.params.get("include_listeners") + include_listener_rules = module.params.get("include_listener_rules") try: if not load_balancer_arns and not names: @@ -300,14 +354,17 @@ def list_load_balancers(connection, module): for load_balancer in load_balancers["LoadBalancers"]: # Get the attributes for each alb - load_balancer.update(get_load_balancer_attributes(connection, module, load_balancer["LoadBalancerArn"])) + if include_attributes: + load_balancer.update(get_load_balancer_attributes(connection, module, load_balancer["LoadBalancerArn"])) # Get the listeners for each alb - load_balancer["listeners"] = get_alb_listeners(connection, module, load_balancer["LoadBalancerArn"]) + if include_listeners or include_listener_rules: + load_balancer["listeners"] = get_alb_listeners(connection, module, load_balancer["LoadBalancerArn"]) # For each listener, get listener rules - for listener in load_balancer["listeners"]: - listener["rules"] = get_listener_rules(connection, module, listener["ListenerArn"]) + if include_listener_rules: + for listener in load_balancer["listeners"]: + listener["rules"] = get_listener_rules(connection, module, listener["ListenerArn"]) # Turn the boto3 result in to ansible_friendly_snaked_names snaked_load_balancers = [ @@ -324,7 +381,13 @@ def list_load_balancers(connection, module): def main(): - argument_spec = dict(load_balancer_arns=dict(type="list", elements="str"), names=dict(type="list", elements="str")) + argument_spec = dict( + load_balancer_arns=dict(type="list", elements="str"), + names=dict(type="list", elements="str"), + include_attributes=dict(default=True, type="bool"), + include_listeners=dict(default=True, type="bool"), + include_listener_rules=dict(default=True, type="bool"), + ) module = AnsibleAWSModule( argument_spec=argument_spec, diff --git a/tests/integration/targets/elb_application_lb/tasks/main.yml b/tests/integration/targets/elb_application_lb/tasks/main.yml index f9ca9ce1490..10a8da283da 100644 --- a/tests/integration/targets/elb_application_lb/tasks/main.yml +++ b/tests/integration/targets/elb_application_lb/tasks/main.yml @@ -1395,6 +1395,94 @@ that: - alb_info.load_balancers[0].security_groups[0] == sec_group2.group_id + - name: Get ALB application info without skipping anything + elb_application_lb_info: + register: alb_info + - assert: + that: + - alb_info.load_balancers | selectattr('access_logs_s3_bucket', 'defined') | length > 0 + - alb_info.load_balancers | selectattr('access_logs_s3_enabled', 'defined') | length > 0 + - alb_info.load_balancers | selectattr('access_logs_s3_prefix', 'defined') | length > 0 + - alb_info.load_balancers | selectattr('deletion_protection_enabled', 'defined') | length > 0 + - alb_info.load_balancers | selectattr('idle_timeout_timeout_seconds', 'defined') | length > 0 + - alb_info.load_balancers | selectattr('load_balancing_cross_zone_enabled', 'defined') | length > 0 + - alb_info.load_balancers | selectattr('routing_http2_enabled', 'defined') | length > 0 + - alb_info.load_balancers | selectattr('routing_http_desync_mitigation_mode', 'defined') | length > 0 + - alb_info.load_balancers | selectattr('routing_http_drop_invalid_header_fields_enabled', 'defined') | length > 0 + - alb_info.load_balancers | selectattr('routing_http_x_amzn_tls_version_and_cipher_suite_enabled', 'defined') | length > 0 + - alb_info.load_balancers | selectattr('routing_http_xff_client_port_enabled', 'defined') | length > 0 + - alb_info.load_balancers | selectattr('waf_fail_open_enabled', 'defined') | length > 0 + - alb_info.load_balancers | selectattr('listeners', 'defined') | length > 0 + - alb_info.load_balancers | map(attribute='listeners') | flatten | selectattr('rules', 'defined') | length > 0 + + - name: Get ALB application info excluding attributes + elb_application_lb_info: + include_attributes: false + register: alb_info + - assert: + that: + - alb_info.load_balancers | selectattr('access_logs_s3_bucket', 'defined') | length == 0 + - alb_info.load_balancers | selectattr('access_logs_s3_enabled', 'defined') | length == 0 + - alb_info.load_balancers | selectattr('access_logs_s3_prefix', 'defined') | length == 0 + - alb_info.load_balancers | selectattr('deletion_protection_enabled', 'defined') | length == 0 + - alb_info.load_balancers | selectattr('idle_timeout_timeout_seconds', 'defined') | length == 0 + - alb_info.load_balancers | selectattr('load_balancing_cross_zone_enabled', 'defined') | length == 0 + - alb_info.load_balancers | selectattr('routing_http2_enabled', 'defined') | length == 0 + - alb_info.load_balancers | selectattr('routing_http_desync_mitigation_mode', 'defined') | length == 0 + - alb_info.load_balancers | selectattr('routing_http_drop_invalid_header_fields_enabled', 'defined') | length == 0 + - alb_info.load_balancers | selectattr('routing_http_x_amzn_tls_version_and_cipher_suite_enabled', 'defined') | length == 0 + - alb_info.load_balancers | selectattr('routing_http_xff_client_port_enabled', 'defined') | length == 0 + - alb_info.load_balancers | selectattr('waf_fail_open_enabled', 'defined') | length == 0 + + - name: Get ALB application info without listeners, but with rules + elb_application_lb_info: + include_listeners: false + register: alb_info + - assert: + that: + - alb_info.load_balancers | selectattr('listeners', 'defined') | length > 0 + - alb_info.load_balancers[0].listeners | length > 0 + + - name: Get ALB application info without listeners or rules + elb_application_lb_info: + include_listeners: false + include_listener_rules: false + register: alb_info + - assert: + that: + - alb_info.load_balancers | selectattr('listeners', 'defined') | length == 0 + + - name: Get ALB application info without listener rules + elb_application_lb_info: + include_listener_rules: false + register: alb_info + - assert: + that: + - alb_info.load_balancers | selectattr('listeners', 'defined') | length > 0 + - alb_info.load_balancers | map(attribute='listeners') | flatten | selectattr('rules', 'defined') | length == 0 + + - name: Get ALB application minimal info + elb_application_lb_info: + include_attributes: false + include_listeners: false + include_listener_rules: false + register: alb_info + - assert: + that: + - alb_info.load_balancers | selectattr('access_logs_s3_bucket', 'defined') | length == 0 + - alb_info.load_balancers | selectattr('access_logs_s3_enabled', 'defined') | length == 0 + - alb_info.load_balancers | selectattr('access_logs_s3_prefix', 'defined') | length == 0 + - alb_info.load_balancers | selectattr('deletion_protection_enabled', 'defined') | length == 0 + - alb_info.load_balancers | selectattr('idle_timeout_timeout_seconds', 'defined') | length == 0 + - alb_info.load_balancers | selectattr('load_balancing_cross_zone_enabled', 'defined') | length == 0 + - alb_info.load_balancers | selectattr('routing_http2_enabled', 'defined') | length == 0 + - alb_info.load_balancers | selectattr('routing_http_desync_mitigation_mode', 'defined') | length == 0 + - alb_info.load_balancers | selectattr('routing_http_drop_invalid_header_fields_enabled', 'defined') | length == 0 + - alb_info.load_balancers | selectattr('routing_http_x_amzn_tls_version_and_cipher_suite_enabled', 'defined') | length == 0 + - alb_info.load_balancers | selectattr('routing_http_xff_client_port_enabled', 'defined') | length == 0 + - alb_info.load_balancers | selectattr('waf_fail_open_enabled', 'defined') | length == 0 + - alb_info.load_balancers | selectattr('listeners', 'defined') | length == 0 + # ------------------------------------------------------------------------------------------ - name: Delete an ALB - check_mode