diff options
author | Markus Bergholz <markuman@gmail.com> | 2019-07-31 00:35:36 +0200 |
---|---|---|
committer | Jill R <4121322+jillr@users.noreply.github.com> | 2019-07-30 15:35:36 -0700 |
commit | 196347ff326e0fdd1d0c72adbc4aff42362b15aa (patch) | |
tree | f569f3a3565ac1ab14c6aba49778d3b09cdd845d /test | |
parent | e07c4f41d71d0c78c6622d115059a7264e0de847 (diff) | |
download | ansible-196347ff326e0fdd1d0c72adbc4aff42362b15aa.tar.gz |
ability to use lambda target in elb_target_group (#57394)
* enable elb_lambda_target test
Diffstat (limited to 'test')
4 files changed, 152 insertions, 0 deletions
diff --git a/test/integration/targets/elb_target/playbooks/full_test.yml b/test/integration/targets/elb_target/playbooks/full_test.yml index 03b1c4de02..18657f8f27 100644 --- a/test/integration/targets/elb_target/playbooks/full_test.yml +++ b/test/integration/targets/elb_target/playbooks/full_test.yml @@ -3,4 +3,5 @@ environment: "{{ ansible_test.environment }}" roles: + - elb_lambda_target - elb_target diff --git a/test/integration/targets/elb_target/playbooks/roles/elb_lambda_target/files/ansible_lambda_target.py b/test/integration/targets/elb_target/playbooks/roles/elb_lambda_target/files/ansible_lambda_target.py new file mode 100644 index 0000000000..0ba9e0d300 --- /dev/null +++ b/test/integration/targets/elb_target/playbooks/roles/elb_lambda_target/files/ansible_lambda_target.py @@ -0,0 +1,8 @@ +import json + + +def lambda_handler(event, context): + return { + 'statusCode': 200, + 'body': json.dumps('Hello from Lambda!') + } diff --git a/test/integration/targets/elb_target/playbooks/roles/elb_lambda_target/files/assume-role.json b/test/integration/targets/elb_target/playbooks/roles/elb_lambda_target/files/assume-role.json new file mode 100644 index 0000000000..06456f7996 --- /dev/null +++ b/test/integration/targets/elb_target/playbooks/roles/elb_lambda_target/files/assume-role.json @@ -0,0 +1,8 @@ +{ + "Version": "2012-10-17", + "Statement": { + "Effect": "Allow", + "Principal": { "Service": "lambda.amazonaws.com" }, + "Action": "sts:AssumeRole" + } +} diff --git a/test/integration/targets/elb_target/playbooks/roles/elb_lambda_target/tasks/main.yml b/test/integration/targets/elb_target/playbooks/roles/elb_lambda_target/tasks/main.yml new file mode 100644 index 0000000000..54ab112e87 --- /dev/null +++ b/test/integration/targets/elb_target/playbooks/roles/elb_lambda_target/tasks/main.yml @@ -0,0 +1,135 @@ +--- +- name: set up aws connection info + set_fact: + aws_connection_info: &aws_connection_info + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + security_token: "{{ security_token }}" + region: "{{ aws_region }}" + no_log: yes + +- name: set up lambda as elb_target + + block: + - name: create zip to deploy lambda code + archive: + path: "{{ role_path }}/files/ansible_lambda_target.py" + dest: /tmp/lambda.zip + format: zip + + - name: "create or update service-role for lambda" + iam_role: + <<: *aws_connection_info + name: ansible_lambda_execution + assume_role_policy_document: "{{ lookup('file', role_path + '/files/assume-role.json') }}" + managed_policy: + - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole + register: ROLE_ARN + + - name: when it is to fast, the role is not usable. + pause: + minutes: 1 + + - name: deploy lambda.zip to ansible_lambda_target function + lambda: + <<: *aws_connection_info + name: "ansible_lambda_target" + state: present + zip_file: "/tmp/lambda.zip" + runtime: "python3.7" + role: "{{ ROLE_ARN.arn }}" + handler: "ansible_lambda_target.lambda_handler" + timeout: 30 + register: lambda_function + retries: 3 + delay: 15 + until: lambda_function.changed + + - name: create empty target group + elb_target_group: + <<: *aws_connection_info + name: ansible-lambda-targetgroup + target_type: lambda + state: present + modify_targets: False + register: elb_target_group + + - name: tg is created, state must be changed + assert: + that: + - elb_target_group.changed + + - name: allow elb to invoke the lambda function + lambda_policy: + <<: *aws_connection_info + state: present + function_name: ansible_lambda_target + version: "{{ lambda_function.configuration.version }}" + statement_id: elb1 + action: lambda:InvokeFunction + principal: elasticloadbalancing.amazonaws.com + source_arn: "{{ elb_target_group.target_group_arn }}" + + - name: add lambda to elb target + elb_target_group: + <<: *aws_connection_info + name: ansible-lambda-targetgroup + target_type: lambda + state: present + targets: + - Id: "{{ lambda_function.configuration.function_arn }}" + register: elb_target_group + + - name: target is updated, state must be changed + assert: + that: + - elb_target_group.changed + + - name: re-add lambda to elb target (idempotency) + elb_target_group: + <<: *aws_connection_info + name: ansible-lambda-targetgroup + target_type: lambda + state: present + targets: + - Id: "{{ lambda_function.configuration.function_arn }}" + register: elb_target_group + + - name: target is still the same, state must not be changed (idempotency) + assert: + that: + - not elb_target_group.changed + + - name: remove lambda target from target group + elb_target_group: + <<: *aws_connection_info + name: ansible-lambda-targetgroup + target_type: lambda + state: absent + targets: [] + register: elb_target_group + + - name: target is still the same, state must not be changed (idempotency) + assert: + that: + - elb_target_group.changed + + always: + - name: remove elb target group + elb_target_group: + <<: *aws_connection_info + name: ansible-lambda-targetgroup + target_type: lambda + state: absent + + - name: remove lambda function + lambda: + <<: *aws_connection_info + name: "ansible_lambda_target" + state: absent + + - name: remove iam role for lambda + iam_role: + <<: *aws_connection_info + name: ansible_lambda_execution + state: absent |