|
47 | 47 | plat__aws_xaccount_external_id: "{{ plat__cdp_xaccount_external_id }}" |
48 | 48 | plat__aws_xaccount_account_id: "{{ plat__cdp_xaccount_account_id }}" |
49 | 49 |
|
50 | | -# TODO - Confirm the two following tasks are the design pattern we want: checking for a set_fact from another role before establishing its own role fact |
51 | | -- name: Discover AWS VPC |
52 | | - when: infra__aws_vpc_id is undefined |
| 50 | +# Runlevel first, upstream second, and discover third |
| 51 | +- name: Discover AWS VPC if not defined or established by Infrastructure |
| 52 | + when: plat__aws_vpc_id == "" and infra__aws_vpc_id is undefined |
53 | 53 | block: |
54 | | - - name: Query AWS VPC |
| 54 | + - name: Query AWS VPC by name |
55 | 55 | amazon.aws.ec2_vpc_net_info: |
56 | 56 | region: "{{ plat__region }}" |
57 | 57 | filters: |
|
63 | 63 | ansible.builtin.set_fact: |
64 | 64 | plat__aws_vpc_id: "{{ __aws_vpc_info.vpcs[0].id }}" |
65 | 65 |
|
66 | | -- name: Set fact for AWS VPC ID by assignment |
67 | | - when: infra__aws_vpc_id is defined |
| 66 | +- name: Set fact for AWS VPC ID if established by Infrastructure |
| 67 | + when: plat__aws_vpc_id == "" and infra__aws_vpc_id is defined |
68 | 68 | ansible.builtin.set_fact: |
69 | 69 | plat__aws_vpc_id: "{{ infra__aws_vpc_id }}" |
70 | 70 |
|
71 | | -- name: Discover AWS VPC Subnets |
72 | | - when: infra__aws_subnet_ids is undefined |
| 71 | +- name: Handle AWS Subnet IDs if not defined |
| 72 | + when: not plat__aws_public_subnet_ids or not plat__aws_private_subnet_ids # Defaults are empty lists |
73 | 73 | block: |
74 | 74 | - name: Query AWS Subnets |
75 | 75 | amazon.aws.ec2_vpc_subnet_info: |
76 | 76 | region: "{{ plat__region }}" |
77 | 77 | filters: |
78 | | - "tag:Name": "{{ plat__namespace }}" |
| 78 | + vpc-id: "{{ plat__aws_vpc_id }}" |
79 | 79 | register: __aws_subnets_info |
80 | 80 |
|
81 | 81 | - name: Assert discovered AWS Subnets |
|
131 | 131 | plat__aws_public_subnet_ids: "{{ infra__aws_public_subnet_ids }}" |
132 | 132 | plat__endpoint_access_scheme: "PUBLIC" |
133 | 133 |
|
| 134 | +# TODO Collapse the two SG queries together |
134 | 135 | - name: Discover AWS Security Group for Knox |
135 | 136 | when: infra__aws_security_group_knox_id is undefined |
136 | 137 | block: |
137 | 138 | - name: Query AWS Security Group for Knox |
138 | 139 | amazon.aws.ec2_group_info: |
139 | 140 | region: "{{ plat__region }}" |
140 | 141 | filters: |
| 142 | + vpc-id: "{{ plat__aws_vpc_id }}" |
141 | 143 | group-name: "{{ plat__security_group_knox_name }}" |
142 | 144 | register: __aws_security_group_knox_info |
143 | 145 |
|
|
158 | 160 | amazon.aws.ec2_group_info: |
159 | 161 | region: "{{ plat__region }}" |
160 | 162 | filters: |
| 163 | + vpc-id: "{{ plat__aws_vpc_id }}" |
161 | 164 | group-name: "{{ plat__security_group_default_name }}" |
162 | 165 | register: __aws_security_group_default_info |
163 | 166 |
|
|
0 commit comments