diff options
author | Ansible Core Team <info@ansible.com> | 2020-03-09 09:40:31 +0000 |
---|---|---|
committer | Ansible Core Team <info@ansible.com> | 2020-03-09 09:40:31 +0000 |
commit | 42b02d1be2d0ede8e1d05c54bb415b03b162ce41 (patch) | |
tree | 99aac704166cb859c6e366a9521b644fb5b6247c /test | |
parent | ab5942a760c399a1b3a47e6afaf38cac44522be9 (diff) | |
download | ansible-42b02d1be2d0ede8e1d05c54bb415b03b162ce41.tar.gz |
Migrated to ansible.amazon
Diffstat (limited to 'test')
124 files changed, 0 insertions, 11100 deletions
diff --git a/test/integration/targets/aws_caller_info/aliases b/test/integration/targets/aws_caller_info/aliases deleted file mode 100644 index 6e3860bee2..0000000000 --- a/test/integration/targets/aws_caller_info/aliases +++ /dev/null @@ -1,2 +0,0 @@ -cloud/aws -shippable/aws/group2 diff --git a/test/integration/targets/aws_caller_info/tasks/main.yaml b/test/integration/targets/aws_caller_info/tasks/main.yaml deleted file mode 100644 index 5645de6bc4..0000000000 --- a/test/integration/targets/aws_caller_info/tasks/main.yaml +++ /dev/null @@ -1,15 +0,0 @@ -- name: retrieve caller facts - aws_caller_info: - region: "{{ aws_region }}" - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" - register: result - -- name: assert correct keys are returned - assert: - that: - - result.account is not none - - result.arn is not none - - result.user_id is not none - - result.account_alias is not none diff --git a/test/integration/targets/aws_s3/aliases b/test/integration/targets/aws_s3/aliases deleted file mode 100644 index 72a9fb4f57..0000000000 --- a/test/integration/targets/aws_s3/aliases +++ /dev/null @@ -1,2 +0,0 @@ -cloud/aws -shippable/aws/group4 diff --git a/test/integration/targets/aws_s3/defaults/main.yml b/test/integration/targets/aws_s3/defaults/main.yml deleted file mode 100644 index eb7dd2d371..0000000000 --- a/test/integration/targets/aws_s3/defaults/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -# defaults file for s3 -bucket_name: '{{resource_prefix}}' diff --git a/test/integration/targets/aws_s3/files/hello.txt b/test/integration/targets/aws_s3/files/hello.txt deleted file mode 100644 index 8ab686eafe..0000000000 --- a/test/integration/targets/aws_s3/files/hello.txt +++ /dev/null @@ -1 +0,0 @@ -Hello, World! diff --git a/test/integration/targets/aws_s3/meta/main.yml b/test/integration/targets/aws_s3/meta/main.yml deleted file mode 100644 index e69de29bb2..0000000000 --- a/test/integration/targets/aws_s3/meta/main.yml +++ /dev/null diff --git a/test/integration/targets/aws_s3/tasks/main.yml b/test/integration/targets/aws_s3/tasks/main.yml deleted file mode 100644 index a0a7aa7950..0000000000 --- a/test/integration/targets/aws_s3/tasks/main.yml +++ /dev/null @@ -1,590 +0,0 @@ ---- -# tasks file for test_s3 - -- name: set up aws connection info - set_fact: - aws_connection_info: &aws_connection_info - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" - region: "{{ aws_region }}" - no_log: yes - -- block: - - name: Create temporary directory - tempfile: - state: directory - register: tmpdir - - - name: Create content - set_fact: - content: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,hexdigits,punctuation') }}" - - - name: test create bucket without permissions - aws_s3: - bucket: "{{ bucket_name }}" - mode: create - register: result - ignore_errors: yes - - - assert: - that: - - result is failed - - "result.msg != 'MODULE FAILURE'" - - - name: test create bucket - aws_s3: - bucket: "{{ bucket_name }}" - mode: create - <<: *aws_connection_info - register: result - - - assert: - that: - - result is changed - - - name: trying to create a bucket name that already exists - aws_s3: - bucket: "{{ bucket_name }}" - mode: create - <<: *aws_connection_info - register: result - - - assert: - that: - - result is not changed - - - name: Create local upload.txt - copy: - content: "{{ content }}" - dest: "{{ tmpdir.path }}/upload.txt" - - - name: stat the file - stat: - path: "{{ tmpdir.path }}/upload.txt" - get_checksum: yes - register: upload_file - - - name: test putting an object in the bucket - aws_s3: - bucket: "{{ bucket_name }}" - mode: put - src: "{{ tmpdir.path }}/upload.txt" - object: delete.txt - <<: *aws_connection_info - retries: 3 - delay: 3 - register: result - - - assert: - that: - - result is changed - - result.msg == "PUT operation complete" - - - name: test using aws_s3 with async - aws_s3: - bucket: "{{ bucket_name }}" - mode: put - src: "{{ tmpdir.path }}/upload.txt" - object: delete.txt - <<: *aws_connection_info - register: test_async - async: 30 - poll: 0 - - - name: ensure it completed - async_status: - jid: "{{ test_async.ansible_job_id }}" - register: status - until: status is finished - retries: 10 - - - name: test put with overwrite=different and unmodified object - aws_s3: - bucket: "{{ bucket_name }}" - mode: put - src: "{{ tmpdir.path }}/upload.txt" - object: delete.txt - overwrite: different - <<: *aws_connection_info - retries: 3 - delay: 3 - register: result - - - assert: - that: - - result is not changed - - - name: check that roles file lookups work as expected - aws_s3: - bucket: "{{ bucket_name }}" - mode: put - src: hello.txt - object: delete.txt - <<: *aws_connection_info - retries: 3 - delay: 3 - register: result - - - assert: - that: - - result is changed - - result.msg == "PUT operation complete" - - - name: test put with overwrite=never - aws_s3: - bucket: "{{ bucket_name }}" - mode: put - src: "{{ tmpdir.path }}/upload.txt" - object: delete.txt - overwrite: never - <<: *aws_connection_info - retries: 3 - delay: 3 - register: result - - - assert: - that: - - result is not changed - - - name: test put with overwrite=different and modified object - aws_s3: - bucket: "{{ bucket_name }}" - mode: put - src: "{{ tmpdir.path }}/upload.txt" - object: delete.txt - overwrite: different - <<: *aws_connection_info - retries: 3 - delay: 3 - register: result - - - assert: - that: - - result is changed - - - name: test put with overwrite=always - aws_s3: - bucket: "{{ bucket_name }}" - mode: put - src: "{{ tmpdir.path }}/upload.txt" - object: delete.txt - overwrite: always - <<: *aws_connection_info - retries: 3 - delay: 3 - register: result - - - assert: - that: - - result is changed - - - name: test get object - aws_s3: - bucket: "{{ bucket_name }}" - mode: get - dest: "{{ tmpdir.path }}/download.txt" - object: delete.txt - <<: *aws_connection_info - retries: 3 - delay: 3 - register: result - until: "result.msg == 'GET operation complete'" - - - name: stat the file so we can compare the checksums - stat: - path: "{{ tmpdir.path }}/download.txt" - get_checksum: yes - register: download_file - - - assert: - that: - - upload_file.stat.checksum == download_file.stat.checksum - - - name: test get with overwrite=different and identical files - aws_s3: - bucket: "{{ bucket_name }}" - mode: get - dest: "{{ tmpdir.path }}/download.txt" - object: delete.txt - overwrite: different - <<: *aws_connection_info - retries: 3 - delay: 3 - register: result - - - assert: - that: - - result is not changed - - - name: modify destination - copy: - dest: "{{ tmpdir.path }}/download.txt" - src: hello.txt - - - name: test get with overwrite=never - aws_s3: - bucket: "{{ bucket_name }}" - mode: get - dest: "{{ tmpdir.path }}/download.txt" - object: delete.txt - overwrite: never - <<: *aws_connection_info - retries: 3 - delay: 3 - register: result - - - assert: - that: - - result is not changed - - - name: test get with overwrite=different and modified file - aws_s3: - bucket: "{{ bucket_name }}" - mode: get - dest: "{{ tmpdir.path }}/download.txt" - object: delete.txt - overwrite: different - <<: *aws_connection_info - retries: 3 - delay: 3 - register: result - - - assert: - that: - - result is changed - - - name: test get with overwrite=always - aws_s3: - bucket: "{{ bucket_name }}" - mode: get - dest: "{{ tmpdir.path }}/download.txt" - object: delete.txt - overwrite: always - <<: *aws_connection_info - retries: 3 - delay: 3 - register: result - - - assert: - that: - - result is changed - - - name: test geturl of the object - aws_s3: - bucket: "{{ bucket_name }}" - mode: geturl - object: delete.txt - <<: *aws_connection_info - retries: 3 - delay: 3 - register: result - until: result is changed - - - assert: - that: - - "'Download url:' in result.msg" - - result is changed - - - name: test getstr of the object - aws_s3: - bucket: "{{ bucket_name }}" - mode: getstr - object: delete.txt - <<: *aws_connection_info - retries: 3 - delay: 3 - register: result - - - assert: - that: - - result.msg == "GET operation complete" - - result.contents == content - - - name: test list to get all objects in the bucket - aws_s3: - bucket: "{{ bucket_name }}" - mode: list - <<: *aws_connection_info - retries: 3 - delay: 3 - register: result - - - assert: - that: - - "'delete.txt' in result.s3_keys" - - result.msg == "LIST operation complete" - - - name: test delobj to just delete an object in the bucket - aws_s3: - bucket: "{{ bucket_name }}" - mode: delobj - object: delete.txt - <<: *aws_connection_info - retries: 3 - delay: 3 - register: result - - - assert: - that: - - "'Object deleted from bucket' in result.msg" - - result is changed - - - name: test putting an encrypted object in the bucket - aws_s3: - bucket: "{{ bucket_name }}" - mode: put - src: "{{ tmpdir.path }}/upload.txt" - encrypt: yes - object: delete_encrypt.txt - <<: *aws_connection_info - retries: 3 - delay: 3 - register: result - - - assert: - that: - - result is changed - - result.msg == "PUT operation complete" - - - name: test get encrypted object - aws_s3: - bucket: "{{ bucket_name }}" - mode: get - dest: "{{ tmpdir.path }}/download_encrypted.txt" - object: delete_encrypt.txt - <<: *aws_connection_info - retries: 3 - delay: 3 - register: result - until: "result.msg == 'GET operation complete'" - - - name: stat the file so we can compare the checksums - stat: - path: "{{ tmpdir.path }}/download_encrypted.txt" - get_checksum: yes - register: download_file - - - assert: - that: - - upload_file.stat.checksum == download_file.stat.checksum - - - name: delete encrypted file - aws_s3: - bucket: "{{ bucket_name }}" - mode: delobj - object: delete_encrypt.txt - <<: *aws_connection_info - retries: 3 - delay: 3 - - - name: test putting an aws:kms encrypted object in the bucket - aws_s3: - bucket: "{{ bucket_name }}" - mode: put - src: "{{ tmpdir.path }}/upload.txt" - encrypt: yes - encryption_mode: aws:kms - object: delete_encrypt_kms.txt - <<: *aws_connection_info - retries: 3 - delay: 3 - register: result - - - assert: - that: - - result is changed - - result.msg == "PUT operation complete" - - - name: test get KMS encrypted object - aws_s3: - bucket: "{{ bucket_name }}" - mode: get - dest: "{{ tmpdir.path }}/download_kms.txt" - object: delete_encrypt_kms.txt - <<: *aws_connection_info - retries: 3 - delay: 3 - register: result - until: "result.msg == 'GET operation complete'" - - - name: get the stat of the file so we can compare the checksums - stat: - path: "{{ tmpdir.path }}/download_kms.txt" - get_checksum: yes - register: download_file - - - assert: - that: - - upload_file.stat.checksum == download_file.stat.checksum - - # FIXME - could use a test that checks uploaded file is *actually* aws:kms encrypted - - - name: delete KMS encrypted file - aws_s3: - bucket: "{{ bucket_name }}" - mode: delobj - object: delete_encrypt_kms.txt - <<: *aws_connection_info - retries: 3 - delay: 3 - - # FIXME: could use a test that checks non standard KMS key - # but that would require ability to create and remove such keys. - # PRs exist for that, but propose deferring until after merge. - - - name: test creation of empty path - aws_s3: - bucket: "{{ bucket_name }}" - mode: create - object: foo/bar/baz/ - <<: *aws_connection_info - retries: 3 - delay: 3 - register: result - - - assert: - that: - - "'Virtual directory foo/bar/baz/ created' in result.msg" - - result is changed - - - name: test deletion of empty path - aws_s3: - bucket: "{{ bucket_name }}" - mode: delobj - object: foo/bar/baz/ - <<: *aws_connection_info - retries: 3 - delay: 3 - - - name: test delete bucket - aws_s3: - bucket: "{{ bucket_name }}" - mode: delete - <<: *aws_connection_info - register: result - retries: 3 - delay: 3 - until: result is changed - - - assert: - that: - - result is changed - - - name: test create a bucket with a dot in the name - aws_s3: - bucket: "{{ bucket_name + '.bucket' }}" - mode: create - <<: *aws_connection_info - register: result - - - assert: - that: - - result is changed - - - name: test delete a bucket with a dot in the name - aws_s3: - bucket: "{{ bucket_name + '.bucket' }}" - mode: delete - <<: *aws_connection_info - register: result - - - assert: - that: - - result is changed - - - name: test delete a nonexistent bucket - aws_s3: - bucket: "{{ bucket_name + '.bucket' }}" - mode: delete - <<: *aws_connection_info - register: result - - - assert: - that: - - result is not changed - - - name: make tempfile 4 GB for OSX - command: - _raw_params: "dd if=/dev/zero of={{ tmpdir.path }}/largefile bs=1m count=4096" - when: ansible_distribution == 'MacOSX' - - - name: make tempfile 4 GB for linux - command: - _raw_params: "dd if=/dev/zero of={{ tmpdir.path }}/largefile bs=1M count=4096" - when: ansible_system == 'Linux' - - - name: test multipart download - platform specific - block: - - name: make a bucket to upload the file - aws_s3: - bucket: "{{ bucket_name }}" - mode: create - <<: *aws_connection_info - - - name: upload the file to the bucket - aws_s3: - bucket: "{{ bucket_name }}" - mode: put - src: "{{ tmpdir.path }}/largefile" - object: multipart.txt - <<: *aws_connection_info - - - name: download file once - aws_s3: - bucket: "{{ bucket_name }}" - mode: get - dest: "{{ tmpdir.path }}/download.txt" - object: multipart.txt - overwrite: different - <<: *aws_connection_info - retries: 3 - delay: 3 - until: "result.msg == 'GET operation complete'" - register: result - - - assert: - that: - - result is changed - - - name: download file again - aws_s3: - bucket: "{{ bucket_name }}" - mode: get - dest: "{{ tmpdir.path }}/download.txt" - object: multipart.txt - overwrite: different - <<: *aws_connection_info - register: result - - - assert: - that: - - result is not changed - when: ansible_system == 'Linux' or ansible_distribution == 'MacOSX' - - always: - - name: remove uploaded files - aws_s3: - bucket: "{{ bucket_name }}" - mode: delobj - object: "{{ item }}" - <<: *aws_connection_info - loop: - - hello.txt - - delete.txt - - delete_encrypt.txt - - delete_encrypt_kms.txt - ignore_errors: yes - - - name: delete temporary files - file: - state: absent - path: "{{ tmpdir.path }}" - ignore_errors: yes - - - name: delete the bucket - aws_s3: - bucket: "{{ bucket_name }}" - mode: delete - <<: *aws_connection_info - ignore_errors: yes diff --git a/test/integration/targets/cloudformation/aliases b/test/integration/targets/cloudformation/aliases deleted file mode 100644 index 55555be789..0000000000 --- a/test/integration/targets/cloudformation/aliases +++ /dev/null @@ -1,3 +0,0 @@ -cloud/aws -shippable/aws/group2 -cloudformation_info diff --git a/test/integration/targets/cloudformation/defaults/main.yml b/test/integration/targets/cloudformation/defaults/main.yml deleted file mode 100644 index aaf0ca7e61..0000000000 --- a/test/integration/targets/cloudformation/defaults/main.yml +++ /dev/null @@ -1,8 +0,0 @@ -stack_name: "{{ resource_prefix }}" - -vpc_name: '{{ resource_prefix }}-vpc' -vpc_seed: '{{ resource_prefix }}' -vpc_cidr: '10.{{ 256 | random(seed=vpc_seed) }}.0.0/16' -subnet_cidr: '10.{{ 256 | random(seed=vpc_seed) }}.32.0/24' - -ec2_ami_name: 'amzn2-ami-hvm-2.*-x86_64-gp2' diff --git a/test/integration/targets/cloudformation/files/cf_template.json b/test/integration/targets/cloudformation/files/cf_template.json deleted file mode 100644 index ff4c5693b0..0000000000 --- a/test/integration/targets/cloudformation/files/cf_template.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "AWSTemplateFormatVersion" : "2010-09-09", - - "Description" : "Create an Amazon EC2 instance.", - - "Parameters" : { - "InstanceType" : { - "Description" : "EC2 instance type", - "Type" : "String", - "Default" : "t3.nano", - "AllowedValues" : [ "t3.micro", "t3.nano"] - }, - "ImageId" : { - "Type" : "String" - }, - "SubnetId" : { - "Type" : "String" - } - }, - - "Resources" : { - "EC2Instance" : { - "Type" : "AWS::EC2::Instance", - "Properties" : { - "InstanceType" : { "Ref" : "InstanceType" }, - "ImageId" : { "Ref" : "ImageId" }, - "SubnetId": { "Ref" : "SubnetId" } - } - } - }, - - "Outputs" : { - "InstanceId" : { - "Value" : { "Ref" : "EC2Instance" } - } - } -} diff --git a/test/integration/targets/cloudformation/tasks/main.yml b/test/integration/targets/cloudformation/tasks/main.yml deleted file mode 100644 index 9b89722b20..0000000000 --- a/test/integration/targets/cloudformation/tasks/main.yml +++ /dev/null @@ -1,463 +0,0 @@ ---- - -- module_defaults: - group/aws: - aws_access_key: '{{ aws_access_key | default(omit) }}' - aws_secret_key: '{{ aws_secret_key | default(omit) }}' - security_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region | default(omit) }}' - - block: - - # ==== Env setup ========================================================== - - name: list available AZs - aws_az_info: - register: region_azs - - - name: pick an AZ for testing - set_fact: - availability_zone: "{{ region_azs.availability_zones[0].zone_name }}" - - - name: Create a test VPC - ec2_vpc_net: - name: "{{ vpc_name }}" - cidr_block: "{{ vpc_cidr }}" - tags: - Name: Cloudformation testing - register: testing_vpc - - - name: Create a test subnet - ec2_vpc_subnet: - vpc_id: "{{ testing_vpc.vpc.id }}" - cidr: "{{ subnet_cidr }}" - az: "{{ availability_zone }}" - register: testing_subnet - - - name: Find AMI to use - ec2_ami_info: - owners: 'amazon' - filters: - name: '{{ ec2_ami_name }}' - register: ec2_amis - - - name: Set fact with latest AMI - vars: - latest_ami: '{{ ec2_amis.images | sort(attribute="creation_date") | last }}' - set_fact: - ec2_ami_image: '{{ latest_ami.image_id }}' - - # ==== Cloudformation tests =============================================== - - # 1. Basic stack creation (check mode, actual run and idempotency) - # 2. Tags - # 3. cloudformation_info tests (basic + all_facts) - # 4. termination_protection - # 5. create_changeset + changeset_name - - # There is still scope to add tests for - - # 1. capabilities - # 2. stack_policy - # 3. on_create_failure (covered in unit tests) - # 4. Passing in a role - # 5. nested stacks? - - - - name: create a cloudformation stack (check mode) - cloudformation: - stack_name: "{{ stack_name }}" - template_body: "{{ lookup('file','cf_template.json') }}" - template_parameters: - InstanceType: "t3.nano" - ImageId: "{{ ec2_ami_image }}" - SubnetId: "{{ testing_subnet.subnet.id }}" - tags: - Stack: "{{ stack_name }}" - test: "{{ resource_prefix }}" - register: cf_stack - check_mode: yes - - - name: check task return attributes - assert: - that: - - cf_stack.changed - - "'msg' in cf_stack and 'New stack would be created' in cf_stack.msg" - - - name: create a cloudformation stack - cloudformation: - stack_name: "{{ stack_name }}" - template_body: "{{ lookup('file','cf_template.json') }}" - template_parameters: - InstanceType: "t3.nano" - ImageId: "{{ ec2_ami_image }}" - SubnetId: "{{ testing_subnet.subnet.id }}" - tags: - Stack: "{{ stack_name }}" - test: "{{ resource_prefix }}" - register: cf_stack - - - name: check task return attributes - assert: - that: - - cf_stack.changed - - "'events' in cf_stack" - - "'output' in cf_stack and 'Stack CREATE complete' in cf_stack.output" - - "'stack_outputs' in cf_stack and 'InstanceId' in cf_stack.stack_outputs" - - "'stack_resources' in cf_stack" - - - name: create a cloudformation stack (check mode) (idempotent) - cloudformation: - stack_name: "{{ stack_name }}" - template_body: "{{ lookup('file','cf_template.json') }}" - template_parameters: - InstanceType: "t3.nano" - ImageId: "{{ ec2_ami_image }}" - SubnetId: "{{ testing_subnet.subnet.id }}" - tags: - Stack: "{{ stack_name }}" - test: "{{ resource_prefix }}" - register: cf_stack - check_mode: yes - - - name: check task return attributes - assert: - that: - - not cf_stack.changed - - - name: create a cloudformation stack (idempotent) - cloudformation: - stack_name: "{{ stack_name }}" - template_body: "{{ lookup('file','cf_template.json') }}" - template_parameters: - InstanceType: "t3.nano" - ImageId: "{{ ec2_ami_image }}" - SubnetId: "{{ testing_subnet.subnet.id }}" - tags: - Stack: "{{ stack_name }}" - test: "{{ resource_prefix }}" - register: cf_stack - - - name: check task return attributes - assert: - that: - - not cf_stack.changed - - "'output' in cf_stack and 'Stack is already up-to-date.' in cf_stack.output" - - "'stack_outputs' in cf_stack and 'InstanceId' in cf_stack.stack_outputs" - - "'stack_resources' in cf_stack" - - - name: get stack details - cloudformation_info: - stack_name: "{{ stack_name }}" - register: stack_info - - - name: assert stack info - assert: - that: - - "'cloudformation' in stack_info" - - "stack_info.cloudformation | length == 1" - - "stack_name in stack_info.cloudformation" - - "'stack_description' in stack_info.cloudformation[stack_name]" - - "'stack_outputs' in stack_info.cloudformation[stack_name]" - - "'stack_parameters' in stack_info.cloudformation[stack_name]" - - "'stack_tags' in stack_info.cloudformation[stack_name]" - - "stack_info.cloudformation[stack_name].stack_tags.Stack == stack_name" - - - name: get stack details (checkmode) - cloudformation_info: - stack_name: "{{ stack_name }}" - register: stack_info - check_mode: yes - - - name: assert stack info - assert: - that: - - "'cloudformation' in stack_info" - - "stack_info.cloudformation | length == 1" - - "stack_name in stack_info.cloudformation" - - "'stack_description' in stack_info.cloudformation[stack_name]" - - "'stack_outputs' in stack_info.cloudformation[stack_name]" - - "'stack_parameters' in stack_info.cloudformation[stack_name]" - - "'stack_tags' in stack_info.cloudformation[stack_name]" - - "stack_info.cloudformation[stack_name].stack_tags.Stack == stack_name" - - - name: get stack details (all_facts) - cloudformation_info: - stack_name: "{{ stack_name }}" - all_facts: yes - register: stack_info - - - name: assert stack info - assert: - that: - - "'stack_events' in stack_info.cloudformation[stack_name]" - - "'stack_policy' in stack_info.cloudformation[stack_name]" - - "'stack_resource_list' in stack_info.cloudformation[stack_name]" - - "'stack_resources' in stack_info.cloudformation[stack_name]" - - "'stack_template' in stack_info.cloudformation[stack_name]" - - - name: get stack details (all_facts) (checkmode) - cloudformation_info: - stack_name: "{{ stack_name }}" - all_facts: yes - register: stack_info - check_mode: yes - - - name: assert stack info - assert: - that: - - "'stack_events' in stack_info.cloudformation[stack_name]" - - "'stack_policy' in stack_info.cloudformation[stack_name]" - - "'stack_resource_list' in stack_info.cloudformation[stack_name]" - - "'stack_resources' in stack_info.cloudformation[stack_name]" - - "'stack_template' in stack_info.cloudformation[stack_name]" - - # ==== Cloudformation tests (create changeset) ============================ - - # try to create a changeset by changing instance type - - name: create a changeset - cloudformation: - stack_name: "{{ stack_name }}" - create_changeset: yes - changeset_name: "test-changeset" - template_body: "{{ lookup('file','cf_template.json') }}" - template_parameters: - InstanceType: "t3.micro" - ImageId: "{{ ec2_ami_image }}" - SubnetId: "{{ testing_subnet.subnet.id }}" - tags: - Stack: "{{ stack_name }}" - test: "{{ resource_prefix }}" - register: create_changeset_result - - - name: assert changeset created - assert: - that: - - "create_changeset_result.changed" - - "'change_set_id' in create_changeset_result" - - "'Stack CREATE_CHANGESET complete' in create_changeset_result.output" - - - name: get stack details with changesets - cloudformation_info: - stack_name: "{{ stack_name }}" - stack_change_sets: True - register: stack_info - - - name: assert changesets in info - assert: - that: - - "'stack_change_sets' in stack_info.cloudformation[stack_name]" - - - name: get stack details with changesets (checkmode) - cloudformation_info: - stack_name: "{{ stack_name }}" - stack_change_sets: True - register: stack_info - check_mode: yes - - - name: assert changesets in info - assert: - that: - - "'stack_change_sets' in stack_info.cloudformation[stack_name]" - - # try to create an empty changeset by passing in unchanged template - - name: create a changeset - cloudformation: - stack_name: "{{ stack_name }}" - create_changeset: yes - template_body: "{{ lookup('file','cf_template.json') }}" - template_parameters: - InstanceType: "t3.nano" - ImageId: "{{ ec2_ami_image }}" - SubnetId: "{{ testing_subnet.subnet.id }}" - tags: - Stack: "{{ stack_name }}" - test: "{{ resource_prefix }}" - register: create_changeset_result - - - name: assert changeset created - assert: - that: - - "not create_changeset_result.changed" - - "'The created Change Set did not contain any changes to this stack and was deleted.' in create_changeset_result.output" - - # ==== Cloudformation tests (termination_protection) ====================== - - - name: set termination protection to true - cloudformation: - stack_name: "{{ stack_name }}" - termination_protection: yes - template_body: "{{ lookup('file','cf_template.json') }}" - template_parameters: - InstanceType: "t3.nano" - ImageId: "{{ ec2_ami_image }}" - SubnetId: "{{ testing_subnet.subnet.id }}" - tags: - Stack: "{{ stack_name }}" - test: "{{ resource_prefix }}" - register: cf_stack - -# This fails - #65592 -# - name: check task return attributes -# assert: -# that: -# - cf_stack.changed - - - name: get stack details - cloudformation_info: - stack_name: "{{ stack_name }}" - register: stack_info - - - name: assert stack info - assert: - that: - - "stack_info.cloudformation[stack_name].stack_description.enable_termination_protection" - - - name: get stack details (checkmode) - cloudformation_info: - stack_name: "{{ stack_name }}" - register: stack_info - check_mode: yes - - - name: assert stack info - assert: - that: - - "stack_info.cloudformation[stack_name].stack_description.enable_termination_protection" - - - name: set termination protection to false - cloudformation: - stack_name: "{{ stack_name }}" - termination_protection: no - template_body: "{{ lookup('file','cf_template.json') }}" - template_parameters: - InstanceType: "t3.nano" - ImageId: "{{ ec2_ami_image }}" - SubnetId: "{{ testing_subnet.subnet.id }}" - tags: - Stack: "{{ stack_name }}" - test: "{{ resource_prefix }}" - register: cf_stack - -# This fails - #65592 -# - name: check task return attributes -# assert: -# that: -# - cf_stack.changed - - - name: get stack details - cloudformation_info: - stack_name: "{{ stack_name }}" - register: stack_info - - - name: assert stack info - assert: - that: - - "not stack_info.cloudformation[stack_name].stack_description.enable_termination_protection" - - - name: get stack details (checkmode) - cloudformation_info: - stack_name: "{{ stack_name }}" - register: stack_info - check_mode: yes - - - name: assert stack info - assert: - that: - - "not stack_info.cloudformation[stack_name].stack_description.enable_termination_protection" - - # ==== Cloudformation tests (delete stack tests) ========================== - - - name: delete cloudformation stack (check mode) - cloudformation: - stack_name: "{{ stack_name }}" - state: absent - check_mode: yes - register: cf_stack - - - name: check task return attributes - assert: - that: - - cf_stack.changed - - "'msg' in cf_stack and 'Stack would be deleted' in cf_stack.msg" - - - name: delete cloudformation stack - cloudformation: - stack_name: "{{ stack_name }}" - state: absent - register: cf_stack - - - name: check task return attributes - assert: - that: - - cf_stack.changed - - "'output' in cf_stack and 'Stack Deleted' in cf_stack.output" - - - name: delete cloudformation stack (check mode) (idempotent) - cloudformation: - stack_name: "{{ stack_name }}" - state: absent - check_mode: yes - register: cf_stack - - - name: check task return attributes - assert: - that: - - not cf_stack.changed - - "'msg' in cf_stack" - - >- - "Stack doesn't exist" in cf_stack.msg - - - name: delete cloudformation stack (idempotent) - cloudformation: - stack_name: "{{ stack_name }}" - state: absent - register: cf_stack - - - name: check task return attributes - assert: - that: - - not cf_stack.changed - - "'output' in cf_stack and 'Stack not found.' in cf_stack.output" - - - name: get stack details - cloudformation_info: - stack_name: "{{ stack_name }}" - register: stack_info - - - name: assert stack info - assert: - that: - - "not stack_info.cloudformation" - - - name: get stack details (checkmode) - cloudformation_info: - stack_name: "{{ stack_name }}" - register: stack_info - check_mode: yes - - - name: assert stack info - assert: - that: - - "not stack_info.cloudformation" - - # ==== Cleanup ============================================================ - - always: - - - name: delete stack - cloudformation: - stack_name: "{{ stack_name }}" - state: absent - ignore_errors: yes - - - name: Delete test subnet - ec2_vpc_subnet: - vpc_id: "{{ testing_vpc.vpc.id }}" - cidr: "{{ subnet_cidr }}" - state: absent - ignore_errors: yes - - - name: Delete test VPC - ec2_vpc_net: - name: "{{ vpc_name }}" - cidr_block: "{{ vpc_cidr }}" - state: absent - ignore_errors: yes diff --git a/test/integration/targets/ec2_ami/aliases b/test/integration/targets/ec2_ami/aliases deleted file mode 100644 index 0e61c5bb7b..0000000000 --- a/test/integration/targets/ec2_ami/aliases +++ /dev/null @@ -1,4 +0,0 @@ -cloud/aws -shippable/aws/group2 -unstable -ec2_ami_info diff --git a/test/integration/targets/ec2_ami/defaults/main.yml b/test/integration/targets/ec2_ami/defaults/main.yml deleted file mode 100644 index 86665321a2..0000000000 --- a/test/integration/targets/ec2_ami/defaults/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# defaults file for test_ec2_ami -ec2_ami_name: '{{resource_prefix}}' -ec2_ami_description: 'Created by ansible integration tests' -# image for Amazon Linux AMI 2017.03.1 (HVM), SSD Volume Type -ec2_ami_image: - us-east-1: ami-4fffc834 - us-east-2: ami-ea87a78f diff --git a/test/integration/targets/ec2_ami/meta/main.yml b/test/integration/targets/ec2_ami/meta/main.yml deleted file mode 100644 index 1f64f1169a..0000000000 --- a/test/integration/targets/ec2_ami/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - prepare_tests - - setup_ec2 diff --git a/test/integration/targets/ec2_ami/tasks/main.yml b/test/integration/targets/ec2_ami/tasks/main.yml deleted file mode 100644 index 2cb15b5da1..0000000000 --- a/test/integration/targets/ec2_ami/tasks/main.yml +++ /dev/null @@ -1,462 +0,0 @@ ---- -# tasks file for test_ec2_ami - -- block: - - # ============================================================ - - # SETUP: vpc, ec2 key pair, subnet, security group, ec2 instance, snapshot - - name: set aws_connection_info fact - set_fact: - aws_connection_info: &aws_connection_info - aws_region: '{{aws_region}}' - aws_access_key: '{{aws_access_key}}' - aws_secret_key: '{{aws_secret_key}}' - security_token: '{{security_token}}' - no_log: yes - - - name: create a VPC to work in - ec2_vpc_net: - cidr_block: 10.0.0.0/24 - state: present - name: '{{ ec2_ami_name }}_setup' - resource_tags: - Name: '{{ ec2_ami_name }}_setup' - <<: *aws_connection_info - register: setup_vpc - - - name: create a key pair to use for creating an ec2 instance - ec2_key: - name: '{{ ec2_ami_name }}_setup' - state: present - <<: *aws_connection_info - register: setup_key - - - name: create a subnet to use for creating an ec2 instance - ec2_vpc_subnet: - az: '{{ ec2_region }}a' - tags: '{{ ec2_ami_name }}_setup' - vpc_id: '{{ setup_vpc.vpc.id }}' - cidr: 10.0.0.0/24 - state: present - resource_tags: - Name: '{{ ec2_ami_name }}_setup' - <<: *aws_connection_info - register: setup_subnet - - - name: create a security group to use for creating an ec2 instance - ec2_group: - name: '{{ ec2_ami_name }}_setup' - description: 'created by Ansible integration tests' - state: present - vpc_id: '{{ setup_vpc.vpc.id }}' - <<: *aws_connection_info - register: setup_sg - - - name: provision ec2 instance to create an image - ec2: - key_name: '{{ setup_key.key.name }}' - instance_type: t2.micro - state: present - image: '{{ ec2_region_images[ec2_region] }}' - wait: yes - instance_tags: - '{{ec2_ami_name}}_instance_setup': 'integration_tests' - group_id: '{{ setup_sg.group_id }}' - vpc_subnet_id: '{{ setup_subnet.subnet.id }}' - <<: *aws_connection_info - register: setup_instance - - - name: take a snapshot of the instance to create an image - ec2_snapshot: - instance_id: '{{ setup_instance.instance_ids[0] }}' - device_name: /dev/xvda - state: present - <<: *aws_connection_info - register: setup_snapshot - - # ============================================================ - - - name: test clean failure if not providing image_id or name with state=present - ec2_ami: - instance_id: '{{ setup_instance.instance_ids[0] }}' - state: present - description: '{{ ec2_ami_description }}' - tags: - Name: '{{ ec2_ami_name }}_ami' - wait: yes - root_device_name: /dev/xvda - <<: *aws_connection_info - register: result - ignore_errors: yes - - - name: assert error message is helpful - assert: - that: - - result.failed - - "result.msg == 'one of the following is required: name, image_id'" - - # ============================================================ - - - name: create an image from the instance - ec2_ami: - instance_id: '{{ setup_instance.instance_ids[0] }}' - state: present - name: '{{ ec2_ami_name }}_ami' - description: '{{ ec2_ami_description }}' - tags: - Name: '{{ ec2_ami_name }}_ami' - wait: yes - root_device_name: /dev/xvda - <<: *aws_connection_info - register: result - - - name: set image id fact for deletion later - set_fact: - ec2_ami_image_id: "{{ result.image_id }}" - - - name: assert that image has been created - assert: - that: - - "result.changed" - - "result.image_id.startswith('ami-')" - - "'Name' in result.tags and result.tags.Name == ec2_ami_name + '_ami'" - - # ============================================================ - - - name: gather facts about the image created - ec2_ami_info: - image_ids: '{{ ec2_ami_image_id }}' - <<: *aws_connection_info - register: ami_facts_result - ignore_errors: true - - - name: assert that the right image was found - assert: - that: - - "ami_facts_result.images[0].image_id == ec2_ami_image_id" - - # ============================================================ - - - name: delete the image - ec2_ami: - instance_id: '{{ setup_instance.instance_ids[0] }}' - state: absent - delete_snapshot: yes - name: '{{ ec2_ami_name }}_ami' - description: '{{ ec2_ami_description }}' - image_id: '{{ result.image_id }}' - tags: - Name: '{{ ec2_ami_name }}_ami' - wait: yes - <<: *aws_connection_info - ignore_errors: true - register: result - - - name: assert that the image has been deleted - assert: - that: - - "result.changed" - - "'image_id' not in result" - - "result.snapshots_deleted" - - # ============================================================ - - - name: test removing an ami if no image ID is provided (expected failed=true) - ec2_ami: - state: absent - <<: *aws_connection_info - register: result - ignore_errors: yes - - - name: assert that an image ID is required - assert: - that: - - "result.failed" - - "result.msg == 'state is absent but all of the following are missing: image_id'" - - # ============================================================ - - - name: create an image from the snapshot - ec2_ami: - name: '{{ ec2_ami_name }}_ami' - description: '{{ ec2_ami_description }}' - state: present - launch_permissions: - user_ids: [] - tags: - Name: '{{ ec2_ami_name }}_ami' - root_device_name: /dev/xvda - device_mapping: - - device_name: /dev/xvda - volume_type: gp2 - size: 8 - delete_on_termination: true - snapshot_id: '{{ setup_snapshot.snapshot_id }}' - <<: *aws_connection_info - register: result - ignore_errors: true - - - name: set image id fact for deletion later - set_fact: - ec2_ami_image_id: "{{ result.image_id }}" - ec2_ami_snapshot: "{{ result.block_device_mapping['/dev/xvda'].snapshot_id }}" - - - name: assert a new ami has been created - assert: - that: - - "result.changed" - - "result.image_id.startswith('ami-')" - - # ============================================================ - - - name: test default launch permissions idempotence - ec2_ami: - description: '{{ ec2_ami_description }}' - state: present - name: '{{ ec2_ami_name }}_ami' - tags: - Name: '{{ ec2_ami_name }}_ami' - root_device_name: /dev/xvda - image_id: '{{ result.image_id }}' - launch_permissions: - user_ids: [] - device_mapping: - - device_name: /dev/xvda - volume_type: gp2 - size: 8 - delete_on_termination: true - snapshot_id: '{{ setup_snapshot.snapshot_id }}' - <<: *aws_connection_info - register: result - - - name: assert a new ami has not been created - assert: - that: - - "not result.changed" - - "result.image_id.startswith('ami-')" - - # ============================================================ - - - name: add a tag to the AMI - ec2_ami: - state: present - description: '{{ ec2_ami_description }}' - image_id: '{{ result.image_id }}' - name: '{{ ec2_ami_name }}_ami' - tags: - New: Tag - <<: *aws_connection_info - register: result - - - name: assert a tag was added - assert: - that: - - "'Name' in result.tags and result.tags.Name == ec2_ami_name + '_ami'" - - "'New' in result.tags and result.tags.New == 'Tag'" - - - name: use purge_tags to remove a tag from the AMI - ec2_ami: - state: present - description: '{{ ec2_ami_description }}' - image_id: '{{ result.image_id }}' - name: '{{ ec2_ami_name }}_ami' - tags: - New: Tag - purge_tags: yes - <<: *aws_connection_info - register: result - - - name: assert a tag was removed - assert: - that: - - "'Name' not in result.tags" - - "'New' in result.tags and result.tags.New == 'Tag'" - - # ============================================================ - - - name: update AMI launch permissions - ec2_ami: - state: present - image_id: '{{ result.image_id }}' - description: '{{ ec2_ami_description }}' - tags: - Name: '{{ ec2_ami_name }}_ami' - launch_permissions: - group_names: ['all'] - <<: *aws_connection_info - register: result - - - name: assert launch permissions were updated - assert: - that: - - "result.changed" - - # ============================================================ - - - name: modify the AMI description - ec2_ami: - state: present - image_id: '{{ result.image_id }}' - name: '{{ ec2_ami_name }}_ami' - description: '{{ ec2_ami_description }}CHANGED' - tags: - Name: '{{ ec2_ami_name }}_ami' - launch_permissions: - group_names: ['all'] - <<: *aws_connection_info - register: result - - - name: assert the description changed - assert: - that: - - "result.changed" - - # ============================================================ - - - name: remove public launch permissions - ec2_ami: - state: present - image_id: '{{ result.image_id }}' - name: '{{ ec2_ami_name }}_ami' - tags: - Name: '{{ ec2_ami_name }}_ami' - launch_permissions: - group_names: [] - <<: *aws_connection_info - register: result - - - name: assert launch permissions were updated - assert: - that: - - "result.changed" - - # ============================================================ - - - name: delete ami without deleting the snapshot (default is not to delete) - ec2_ami: - instance_id: '{{ setup_instance.instance_ids[0] }}' - state: absent - name: '{{ ec2_ami_name }}_ami' - image_id: '{{ ec2_ami_image_id }}' - tags: - Name: '{{ ec2_ami_name }}_ami' - wait: yes - <<: *aws_connection_info - ignore_errors: true - register: result - - - name: assert that the image has been deleted - assert: - that: - - "result.changed" - - "'image_id' not in result" - - - name: ensure the snapshot still exists - ec2_snapshot_info: - snapshot_ids: - - '{{ ec2_ami_snapshot }}' - <<: *aws_connection_info - register: snapshot_result - - - name: assert the snapshot wasn't deleted - assert: - that: - - "snapshot_result.snapshots[0].snapshot_id == ec2_ami_snapshot" - - - name: delete ami for a second time - ec2_ami: - instance_id: '{{ setup_instance.instance_ids[0] }}' - state: absent - name: '{{ ec2_ami_name }}_ami' - image_id: '{{ ec2_ami_image_id }}' - tags: - Name: '{{ ec2_ami_name }}_ami' - wait: yes - <<: *aws_connection_info - register: result - - - name: assert that image does not exist - assert: - that: - - not result.changed - - not result.failed - - - # ============================================================ - - always: - - # ============================================================ - - # TEAR DOWN: snapshot, ec2 instance, ec2 key pair, security group, vpc - - name: Announce teardown start - debug: - msg: "***** TESTING COMPLETE. COMMENCE TEARDOWN *****" - - - name: delete ami - ec2_ami: - state: absent - image_id: "{{ ec2_ami_image_id }}" - name: '{{ ec2_ami_name }}_ami' - wait: yes - <<: *aws_connection_info - ignore_errors: yes - - - name: remove setup snapshot of ec2 instance - ec2_snapshot: - state: absent - snapshot_id: '{{ setup_snapshot.snapshot_id }}' - <<: *aws_connection_info - ignore_errors: yes - - - name: remove setup ec2 instance - ec2: - instance_type: t2.micro - instance_ids: '{{ setup_instance.instance_ids }}' - state: absent - wait: yes - instance_tags: - '{{ec2_ami_name}}_instance_setup': 'integration_tests' - group_id: '{{ setup_sg.group_id }}' - vpc_subnet_id: '{{ setup_subnet.subnet.id }}' - <<: *aws_connection_info - ignore_errors: yes - - - name: remove setup keypair - ec2_key: - name: '{{ec2_ami_name}}_setup' - state: absent - <<: *aws_connection_info - ignore_errors: yes - - - name: remove setup security group - ec2_group: - name: '{{ ec2_ami_name }}_setup' - description: 'created by Ansible integration tests' - state: absent - vpc_id: '{{ setup_vpc.vpc.id }}' - <<: *aws_connection_info - ignore_errors: yes - - - name: remove setup subnet - ec2_vpc_subnet: - az: '{{ ec2_region }}a' - tags: '{{ec2_ami_name}}_setup' - vpc_id: '{{ setup_vpc.vpc.id }}' - cidr: 10.0.0.0/24 - state: absent - resource_tags: - Name: '{{ ec2_ami_name }}_setup' - <<: *aws_connection_info - ignore_errors: yes - - - name: remove setup VPC - ec2_vpc_net: - cidr_block: 10.0.0.0/24 - state: absent - name: '{{ ec2_ami_name }}_setup' - resource_tags: - Name: '{{ ec2_ami_name }}_setup' - <<: *aws_connection_info - ignore_errors: yes diff --git a/test/integration/targets/ec2_ami/vars/main.yml b/test/integration/targets/ec2_ami/vars/main.yml deleted file mode 100644 index dac1fda2e9..0000000000 --- a/test/integration/targets/ec2_ami/vars/main.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# vars file for test_ec2_ami - -# based on Amazon Linux AMI 2017.09.0 (HVM), SSD Volume Type -ec2_region_images: - us-east-1: ami-8c1be5f6 - us-east-2: ami-c5062ba0 - us-west-1: ami-02eada62 - us-west-2: ami-e689729e - ca-central-1: ami-fd55ec99 - eu-west-1: ami-acd005d5 - eu-central-1: ami-c7ee5ca8 - eu-west-2: ami-1a7f6d7e - ap-southeast-1: ami-0797ea64 - ap-southeast-2: ami-8536d6e7 - ap-northeast-2: ami-9bec36f5 - ap-northeast-1: ami-2a69be4c - ap-south-1: ami-4fc58420 - sa-east-1: ami-f1344b9d - cn-north-1: ami-fba67596 diff --git a/test/integration/targets/ec2_elb_lb/aliases b/test/integration/targets/ec2_elb_lb/aliases deleted file mode 100644 index 6e3860bee2..0000000000 --- a/test/integration/targets/ec2_elb_lb/aliases +++ /dev/null @@ -1,2 +0,0 @@ -cloud/aws -shippable/aws/group2 diff --git a/test/integration/targets/ec2_elb_lb/defaults/main.yml b/test/integration/targets/ec2_elb_lb/defaults/main.yml deleted file mode 100644 index 76164523d4..0000000000 --- a/test/integration/targets/ec2_elb_lb/defaults/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -# defaults file for test_ec2_eip -tag_prefix: '{{resource_prefix}}' diff --git a/test/integration/targets/ec2_elb_lb/meta/main.yml b/test/integration/targets/ec2_elb_lb/meta/main.yml deleted file mode 100644 index 1f64f1169a..0000000000 --- a/test/integration/targets/ec2_elb_lb/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - prepare_tests - - setup_ec2 diff --git a/test/integration/targets/ec2_elb_lb/tasks/main.yml b/test/integration/targets/ec2_elb_lb/tasks/main.yml deleted file mode 100644 index 4f25493023..0000000000 --- a/test/integration/targets/ec2_elb_lb/tasks/main.yml +++ /dev/null @@ -1,425 +0,0 @@ ---- -# __Test Info__ -# Create a self signed cert and upload it to AWS -# http://www.akadia.com/services/ssh_test_certificate.html -# http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/ssl-server-cert.html - -# __Test Outline__ -# -# __ec2_elb_lb__ -# create test elb with listeners and certificate -# change AZ's -# change listeners -# remove listeners -# remove elb - -# __ec2-common__ -# test environment variable EC2_REGION -# test with no parameters -# test with only instance_id -# test invalid region parameter -# test valid region parameter -# test invalid ec2_url parameter -# test valid ec2_url parameter -# test credentials from environment -# test credential parameters - -- block: - - # ============================================================ - # create test elb with listeners, certificate, and health check - - - name: Create ELB - ec2_elb_lb: - name: "{{ tag_prefix }}" - region: "{{ ec2_region }}" - ec2_access_key: "{{ ec2_access_key }}" - ec2_secret_key: "{{ ec2_secret_key }}" - security_token: "{{ security_token }}" - state: present - zones: - - "{{ ec2_region }}a" - - "{{ ec2_region }}b" - listeners: - - protocol: http - load_balancer_port: 80 - instance_port: 80 - - protocol: http - load_balancer_port: 8080 - instance_port: 8080 - health_check: - ping_protocol: http - ping_port: 80 - ping_path: "/index.html" - response_timeout: 5 - interval: 30 - unhealthy_threshold: 2 - healthy_threshold: 10 - register: info - - - assert: - that: - - 'info.changed' - - 'info.elb.status == "created"' - - '"{{ ec2_region }}a" in info.elb.zones' - - '"{{ ec2_region }}b" in info.elb.zones' - - 'info.elb.health_check.healthy_threshold == 10' - - 'info.elb.health_check.interval == 30' - - 'info.elb.health_check.target == "HTTP:80/index.html"' - - 'info.elb.health_check.timeout == 5' - - 'info.elb.health_check.unhealthy_threshold == 2' - - '[80, 80, "HTTP", "HTTP"] in info.elb.listeners' - - '[8080, 8080, "HTTP", "HTTP"] in info.elb.listeners' - - # ============================================================ - - # check ports, would be cool, but we are at the mercy of AWS - # to start things in a timely manner - - #- name: check to make sure 80 is listening - # wait_for: host={{ info.elb.dns_name }} port=80 timeout=600 - # register: result - - #- name: assert can connect to port# - # assert: 'result.state == "started"' - - #- name: check to make sure 443 is listening - # wait_for: host={{ info.elb.dns_name }} port=443 timeout=600 - # register: result - - #- name: assert can connect to port# - # assert: 'result.state == "started"' - - # ============================================================ - - # Change AZ's - - - name: Change AZ's - ec2_elb_lb: - name: "{{ tag_prefix }}" - region: "{{ ec2_region }}" - ec2_access_key: "{{ ec2_access_key }}" - ec2_secret_key: "{{ ec2_secret_key }}" - security_token: "{{ security_token }}" - state: present - zones: - - "{{ ec2_region }}c" - listeners: - - protocol: http - load_balancer_port: 80 - instance_port: 80 - purge_zones: yes - health_check: - ping_protocol: http - ping_port: 80 - ping_path: "/index.html" - response_timeout: 5 - interval: 30 - unhealthy_threshold: 2 - healthy_threshold: 10 - register: info - - - - - assert: - that: - - 'info.elb.status == "ok"' - - 'info.changed' - - 'info.elb.zones[0] == "{{ ec2_region }}c"' - - # ============================================================ - - # Update AZ's - - - name: Update AZ's - ec2_elb_lb: - name: "{{ tag_prefix }}" - region: "{{ ec2_region }}" - ec2_access_key: "{{ ec2_access_key }}" - ec2_secret_key: "{{ ec2_secret_key }}" - security_token: "{{ security_token }}" - state: present - zones: - - "{{ ec2_region }}a" - - "{{ ec2_region }}b" - - "{{ ec2_region }}c" - listeners: - - protocol: http - load_balancer_port: 80 - instance_port: 80 - purge_zones: yes - register: info - - - assert: - that: - - 'info.changed' - - 'info.elb.status == "ok"' - - '"{{ ec2_region }}a" in info.elb.zones' - - '"{{ ec2_region }}b" in info.elb.zones' - - '"{{ ec2_region }}c" in info.elb.zones' - - - # ============================================================ - - # Purge Listeners - - - name: Purge Listeners - ec2_elb_lb: - name: "{{ tag_prefix }}" - region: "{{ ec2_region }}" - ec2_access_key: "{{ ec2_access_key }}" - ec2_secret_key: "{{ ec2_secret_key }}" - security_token: "{{ security_token }}" - state: present - zones: - - "{{ ec2_region }}a" - - "{{ ec2_region }}b" - - "{{ ec2_region }}c" - listeners: - - protocol: http - load_balancer_port: 80 - instance_port: 81 - purge_listeners: yes - register: info - - - assert: - that: - - 'info.elb.status == "ok"' - - 'info.changed' - - '[80, 81, "HTTP", "HTTP"] in info.elb.listeners' - - 'info.elb.listeners|length == 1' - - - - # ============================================================ - - # add Listeners - - - name: Add Listeners - ec2_elb_lb: - name: "{{ tag_prefix }}" - region: "{{ ec2_region }}" - ec2_access_key: "{{ ec2_access_key }}" - ec2_secret_key: "{{ ec2_secret_key }}" - security_token: "{{ security_token }}" - state: present - zones: - - "{{ ec2_region }}a" - - "{{ ec2_region }}b" - - "{{ ec2_region }}c" - listeners: - - protocol: http - load_balancer_port: 8081 - instance_port: 8081 - purge_listeners: no - register: info - - - assert: - that: - - 'info.elb.status == "ok"' - - 'info.changed' - - '[80, 81, "HTTP", "HTTP"] in info.elb.listeners' - - '[8081, 8081, "HTTP", "HTTP"] in info.elb.listeners' - - 'info.elb.listeners|length == 2' - - - # ============================================================ - - - name: test with no parameters - ec2_elb_lb: - register: result - ignore_errors: true - - - name: assert failure when called with no parameters - assert: - that: - - 'result.failed' - - 'result.msg.startswith("missing required arguments: ")' - - - - # ============================================================ - - name: test with only name - ec2_elb_lb: - name="{{ tag_prefix }}" - register: result - ignore_errors: true - - - name: assert failure when called with only name - assert: - that: - - 'result.failed' - - 'result.msg == "missing required arguments: state"' - - - # ============================================================ - - name: test invalid region parameter - ec2_elb_lb: - name: "{{ tag_prefix }}" - region: 'asdf querty 1234' - state: present - listeners: - - protocol: http - load_balancer_port: 80 - instance_port: 80 - zones: - - "{{ ec2_region }}a" - - "{{ ec2_region }}b" - - "{{ ec2_region }}c" - register: result - ignore_errors: true - - - name: assert invalid region parameter - assert: - that: - - 'result.failed' - - 'result.msg.startswith("Region asdf querty 1234 does not seem to be available ")' - - - # ============================================================ - - name: test valid region parameter - ec2_elb_lb: - name: "{{ tag_prefix }}" - region: "{{ ec2_region }}" - state: present - zones: - - "{{ ec2_region }}a" - - "{{ ec2_region }}b" - - "{{ ec2_region }}c" - listeners: - - protocol: http - load_balancer_port: 80 - instance_port: 80 - - register: result - ignore_errors: true - - - name: assert valid region parameter - assert: - that: - - 'result.failed' - - 'result.msg.startswith("No handler was ready to authenticate.")' - - - # ============================================================ - - - name: test invalid ec2_url parameter - ec2_elb_lb: - name: "{{ tag_prefix }}" - region: "{{ ec2_region }}" - state: present - zones: - - "{{ ec2_region }}a" - - "{{ ec2_region }}b" - - "{{ ec2_region }}c" - listeners: - - protocol: http - load_balancer_port: 80 - instance_port: 80 - environment: - EC2_URL: bogus.example.com - register: result - ignore_errors: true - - - name: assert invalid ec2_url parameter - assert: - that: - - 'result.failed' - - 'result.msg.startswith("No handler was ready to authenticate.")' - - - # ============================================================ - - name: test valid ec2_url parameter - ec2_elb_lb: - name: "{{ tag_prefix }}" - region: "{{ ec2_region }}" - state: present - zones: - - "{{ ec2_region }}a" - - "{{ ec2_region }}b" - - "{{ ec2_region }}c" - listeners: - - protocol: http - load_balancer_port: 80 - instance_port: 80 - environment: - EC2_URL: '{{ec2_url}}' - register: result - ignore_errors: true - - - name: assert valid ec2_url parameter - assert: - that: - - 'result.failed' - - 'result.msg.startswith("No handler was ready to authenticate.")' - - - # ============================================================ - - name: test credentials from environment - ec2_elb_lb: - name: "{{ tag_prefix }}" - region: "{{ ec2_region }}" - state: present - zones: - - "{{ ec2_region }}a" - - "{{ ec2_region }}b" - - "{{ ec2_region }}c" - listeners: - - protocol: http - load_balancer_port: 80 - instance_port: 80 - environment: - EC2_ACCESS_KEY: bogus_access_key - EC2_SECRET_KEY: bogus_secret_key - register: result - ignore_errors: true - - - name: assert credentials from environment - assert: - that: - - 'result.failed' - - '"InvalidClientTokenId" in result.exception' - - - # ============================================================ - - name: test credential parameters - ec2_elb_lb: - name: "{{ tag_prefix }}" - region: "{{ ec2_region }}" - state: present - zones: - - "{{ ec2_region }}a" - - "{{ ec2_region }}b" - - "{{ ec2_region }}c" - listeners: - - protocol: http - load_balancer_port: 80 - instance_port: 80 - register: result - ignore_errors: true - - - name: assert credential parameters - assert: - that: - - 'result.failed' - - '"No handler was ready to authenticate. 1 handlers were checked." in result.msg' - - always: - - # ============================================================ - - name: remove the test load balancer completely - ec2_elb_lb: - name: "{{ tag_prefix }}" - region: "{{ ec2_region }}" - state: absent - ec2_access_key: "{{ ec2_access_key }}" - ec2_secret_key: "{{ ec2_secret_key }}" - security_token: "{{ security_token }}" - register: result - - - name: assert the load balancer was removed - assert: - that: - - 'result.changed' - - 'result.elb.name == "{{tag_prefix}}"' - - 'result.elb.status == "deleted"' diff --git a/test/integration/targets/ec2_elb_lb/vars/main.yml b/test/integration/targets/ec2_elb_lb/vars/main.yml deleted file mode 100644 index 79194af1ef..0000000000 --- a/test/integration/targets/ec2_elb_lb/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for test_ec2_elb_lb diff --git a/test/integration/targets/ec2_group/aliases b/test/integration/targets/ec2_group/aliases deleted file mode 100644 index 5e7a8d3877..0000000000 --- a/test/integration/targets/ec2_group/aliases +++ /dev/null @@ -1,3 +0,0 @@ -cloud/aws -shippable/aws/group2 -unstable diff --git a/test/integration/targets/ec2_group/defaults/main.yml b/test/integration/targets/ec2_group/defaults/main.yml deleted file mode 100644 index a48051eac7..0000000000 --- a/test/integration/targets/ec2_group/defaults/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -# defaults file for test_ec2_group -ec2_group_name: '{{resource_prefix}}' -ec2_group_description: 'Created by ansible integration tests' diff --git a/test/integration/targets/ec2_group/meta/main.yml b/test/integration/targets/ec2_group/meta/main.yml deleted file mode 100644 index 1f64f1169a..0000000000 --- a/test/integration/targets/ec2_group/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - prepare_tests - - setup_ec2 diff --git a/test/integration/targets/ec2_group/tasks/credential_tests.yml b/test/integration/targets/ec2_group/tasks/credential_tests.yml deleted file mode 100644 index 1957eaae18..0000000000 --- a/test/integration/targets/ec2_group/tasks/credential_tests.yml +++ /dev/null @@ -1,161 +0,0 @@ ---- -# A Note about ec2 environment variable name preference: -# - EC2_URL -> AWS_URL -# - EC2_ACCESS_KEY -> AWS_ACCESS_KEY_ID -> AWS_ACCESS_KEY -# - EC2_SECRET_KEY -> AWS_SECRET_ACCESS_KEY -> AWX_SECRET_KEY -# - EC2_REGION -> AWS_REGION -# - -# - include: ../../setup_ec2/tasks/common.yml module_name: ec2_group - -- block: - # ============================================================ - - name: test failure with no parameters - ec2_group: - register: result - ignore_errors: true - - - name: assert failure with no parameters - assert: - that: - - 'result.failed' - - 'result.msg == "one of the following is required: name, group_id"' - - # ============================================================ - - name: test failure with only name - ec2_group: - name: '{{ec2_group_name}}' - register: result - ignore_errors: true - - - name: assert failure with only name - assert: - that: - - 'result.failed' - - 'result.msg == "Must provide description when state is present."' - - # ============================================================ - - name: test failure with only description - ec2_group: - description: '{{ec2_group_description}}' - register: result - ignore_errors: true - - - name: assert failure with only description - assert: - that: - - 'result.failed' - - 'result.msg == "one of the following is required: name, group_id"' - - # ============================================================ - - name: test failure with empty description (AWS API requires non-empty string desc) - ec2_group: - name: '{{ec2_group_name}}' - description: '' - region: '{{ec2_region}}' - register: result - ignore_errors: true - - - name: assert failure with empty description - assert: - that: - - 'result.failed' - - 'result.msg == "Must provide description when state is present."' - - # ============================================================ - - name: test valid region parameter - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - region: '{{ec2_region}}' - register: result - ignore_errors: true - - - name: assert valid region parameter - assert: - that: - - 'result.failed' - - '"Unable to locate credentials" in result.msg' - - # ============================================================ - - name: test environment variable EC2_REGION - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - environment: - EC2_REGION: '{{ec2_region}}' - register: result - ignore_errors: true - - - name: assert environment variable EC2_REGION - assert: - that: - - 'result.failed' - - '"Unable to locate credentials" in result.msg' - - # ============================================================ - - name: test invalid ec2_url parameter - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - environment: - EC2_URL: bogus.example.com - register: result - ignore_errors: true - - - name: assert invalid ec2_url parameter - assert: - that: - - 'result.failed' - - 'result.msg.startswith("The ec2_group module requires a region")' - - # ============================================================ - - name: test valid ec2_url parameter - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - environment: - EC2_URL: '{{ec2_url}}' - register: result - ignore_errors: true - - - name: assert valid ec2_url parameter - assert: - that: - - 'result.failed' - - 'result.msg.startswith("The ec2_group module requires a region")' - - # ============================================================ - - name: test credentials from environment - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - environment: - EC2_REGION: '{{ec2_region}}' - EC2_ACCESS_KEY: bogus_access_key - EC2_SECRET_KEY: bogus_secret_key - register: result - ignore_errors: true - - - name: assert ec2_group with valid ec2_url - assert: - that: - - 'result.failed' - - '"validate the provided access credentials" in result.msg' - - # ============================================================ - - name: test credential parameters - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - ec2_region: '{{ec2_region}}' - ec2_access_key: 'bogus_access_key' - ec2_secret_key: 'bogus_secret_key' - register: result - ignore_errors: true - - - name: assert credential parameters - assert: - that: - - 'result.failed' - - '"validate the provided access credentials" in result.msg' diff --git a/test/integration/targets/ec2_group/tasks/data_validation.yml b/test/integration/targets/ec2_group/tasks/data_validation.yml deleted file mode 100644 index 9c37e64713..0000000000 --- a/test/integration/targets/ec2_group/tasks/data_validation.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -- block: - - name: set up aws connection info - set_fact: - aws_connection_info: &aws_connection_info - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" - region: "{{ aws_region }}" - no_log: yes - - name: Create a group with only the default rule - ec2_group: - name: '{{ec2_group_name}}-input-tests' - vpc_id: '{{ vpc_result.vpc.id }}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - - - name: Run through some common weird port specs - ec2_group: - name: '{{ec2_group_name}}-input-tests' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - rules: - - "{{ item }}" - with_items: - - proto: tcp - from_port: "8182" - to_port: 8182 - cidr_ipv6: "64:ff9b::/96" - rule_desc: Mixed string and non-string ports - - proto: tcp - ports: - - "9000" - - 9001 - - 9002-9005 - cidr_ip: "1.2.3.0/24" - always: - - name: tidy up input testing group - ec2_group: - name: '{{ec2_group_name}}-input-tests' - vpc_id: '{{ vpc_result.vpc.id }}' - state: absent - <<: *aws_connection_info - ignore_errors: yes diff --git a/test/integration/targets/ec2_group/tasks/diff_mode.yml b/test/integration/targets/ec2_group/tasks/diff_mode.yml deleted file mode 100644 index c4bf13bc14..0000000000 --- a/test/integration/targets/ec2_group/tasks/diff_mode.yml +++ /dev/null @@ -1,184 +0,0 @@ ---- - - name: set up aws connection info - set_fact: - aws_connection_info: &aws_connection_info - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" - region: "{{ aws_region }}" - no_log: yes - - # ============================================================ - - - name: create a group with a rule (CHECK MODE + DIFF) - ec2_group: - name: '{{ ec2_group_name }}' - description: '{{ ec2_group_description }}' - state: present - rules: - - proto: tcp - from_port: 80 - to_port: 80 - cidr_ip: 0.0.0.0/0 - rules_egress: - - proto: all - cidr_ip: 0.0.0.0/0 - <<: *aws_connection_info - register: check_mode_result - check_mode: true - diff: true - - - assert: - that: - - check_mode_result.changed - - - name: create a group with a rule (DIFF) - ec2_group: - name: '{{ ec2_group_name }}' - description: '{{ ec2_group_description }}' - state: present - rules: - - proto: tcp - from_port: 80 - to_port: 80 - cidr_ip: 0.0.0.0/0 - rules_egress: - - proto: all - cidr_ip: 0.0.0.0/0 - <<: *aws_connection_info - register: result - diff: true - - - assert: - that: - - result.changed - - result.diff.0.after.ip_permissions == check_mode_result.diff.0.after.ip_permissions - - result.diff.0.after.ip_permissions_egress == check_mode_result.diff.0.after.ip_permissions_egress - - - name: add rules to make sorting occur (CHECK MODE + DIFF) - ec2_group: - name: '{{ ec2_group_name }}' - description: '{{ ec2_group_description }}' - state: present - rules: - - proto: tcp - from_port: 80 - to_port: 80 - cidr_ip: 0.0.0.0/0 - - proto: tcp - from_port: 22 - to_port: 22 - cidr_ip: 20.0.0.0/8 - - proto: tcp - from_port: 22 - to_port: 22 - cidr_ip: 10.0.0.0/8 - rules_egress: - - proto: all - cidr_ip: 0.0.0.0/0 - <<: *aws_connection_info - register: check_mode_result - check_mode: true - diff: true - - - assert: - that: - - check_mode_result.changed - - - name: add rules in a different order to test sorting consistency (DIFF) - ec2_group: - name: '{{ ec2_group_name }}' - description: '{{ ec2_group_description }}' - state: present - rules: - - proto: tcp - from_port: 22 - to_port: 22 - cidr_ip: 20.0.0.0/8 - - proto: tcp - from_port: 80 - to_port: 80 - cidr_ip: 0.0.0.0/0 - - proto: tcp - from_port: 22 - to_port: 22 - cidr_ip: 10.0.0.0/8 - rules_egress: - - proto: all - cidr_ip: 0.0.0.0/0 - <<: *aws_connection_info - register: result - diff: true - - - assert: - that: - - result.changed - - result.diff.0.after.ip_permissions == check_mode_result.diff.0.after.ip_permissions - - result.diff.0.after.ip_permissions_egress == check_mode_result.diff.0.after.ip_permissions_egress - - - name: purge rules (CHECK MODE + DIFF) - ec2_group: - name: '{{ ec2_group_name }}' - description: '{{ ec2_group_description }}' - state: present - rules: - - proto: tcp - from_port: 80 - to_port: 80 - cidr_ip: 0.0.0.0/0 - rules_egress: [] - <<: *aws_connection_info - register: check_mode_result - check_mode: true - diff: true - - - assert: - that: - - check_mode_result.changed - - - name: purge rules (DIFF) - ec2_group: - name: '{{ ec2_group_name }}' - description: '{{ ec2_group_description }}' - state: present - rules: - - proto: tcp - from_port: 80 - to_port: 80 - cidr_ip: 0.0.0.0/0 - rules_egress: [] - <<: *aws_connection_info - register: result - diff: true - - - assert: - that: - - result.changed - - result.diff.0.after.ip_permissions == check_mode_result.diff.0.after.ip_permissions - - result.diff.0.after.ip_permissions_egress == check_mode_result.diff.0.after.ip_permissions_egress - - - name: delete the security group (CHECK MODE + DIFF) - ec2_group: - name: '{{ ec2_group_name }}' - state: absent - <<: *aws_connection_info - register: check_mode_result - diff: true - check_mode: true - - - assert: - that: - - check_mode_result.changed - - - name: delete the security group (DIFF) - ec2_group: - name: '{{ ec2_group_name }}' - state: absent - <<: *aws_connection_info - register: result - diff: true - - - assert: - that: - - result.changed - - not result.diff.0.after and not check_mode_result.diff.0.after diff --git a/test/integration/targets/ec2_group/tasks/ec2_classic.yml b/test/integration/targets/ec2_group/tasks/ec2_classic.yml deleted file mode 100644 index 9019af95d4..0000000000 --- a/test/integration/targets/ec2_group/tasks/ec2_classic.yml +++ /dev/null @@ -1,88 +0,0 @@ -- module_defaults: - group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" - region: "{{ aws_region }}" - block: - - name: Get available AZs - aws_az_facts: - aws_access_key: "{{ aws_connection_info['aws_access_key'] }}" - aws_secret_key: "{{ aws_connection_info['aws_secret_key'] }}" - filters: - region-name: "{{ aws_connection_info['region'] }}" - register: az_facts - - - name: Create a classic ELB with classic networking - ec2_elb_lb: - name: "{{ resource_prefix }}-elb" - state: present - zones: - - "{{ az_facts['availability_zones'][0]['zone_name'] }}" - - "{{ az_facts['availability_zones'][1]['zone_name'] }}" - listeners: - - protocol: http # options are http, https, ssl, tcp - load_balancer_port: 80 - instance_port: 80 - proxy_protocol: True - register: classic_elb - - - name: Assert the elb was created - assert: - that: - - classic_elb.changed - - - name: Create a security group with a classic elb-sg rule - ec2_group: - name: "{{ resource_prefix }}-sg-a" - description: "EC2 classic test security group" - rules: - - proto: tcp - ports: 80 - group_id: amazon-elb/amazon-elb-sg - state: present - register: classic_sg - - - name: Assert the SG was created - assert: - that: - - classic_sg.changed - - "{{ classic_sg.ip_permissions | length }} == 1" - - - set_fact: - elb_sg_id: "{{ classic_sg.ip_permissions[0].user_id_group_pairs[0].user_id }}/{{ classic_sg.ip_permissions[0].user_id_group_pairs[0].group_id }}/{{ classic_sg.ip_permissions[0].user_id_group_pairs[0].group_name }}" - - - name: Update the security group - ec2_group: - name: "{{ resource_prefix }}-sg-a" - description: "EC2 classic test security group" - rules: - - proto: tcp - ports: 8080 - group_id: "{{ elb_sg_id }}" - - proto: tcp - ports: - - 80 - cidr_ip: 0.0.0.0/0 - state: present - register: updated_classic_sg - - - - name: Assert the SG was updated - assert: - that: - - updated_classic_sg.changed - - "{{ updated_classic_sg.ip_permissions | length }} == 2" - - "{{ classic_sg.ip_permissions[0]}} not in {{ updated_classic_sg.ip_permissions }}" - - # =========================================== - always: - - name: Terminate classic ELB - ec2_elb_lb: - name: "{{ resource_prefix }}-classic-elb" - state: absent - - - name: Delete security group - ec2_group: - name: "{{ resource_prefix }}-sg-a" - state: absent diff --git a/test/integration/targets/ec2_group/tasks/egress_tests.yml b/test/integration/targets/ec2_group/tasks/egress_tests.yml deleted file mode 100644 index aafb16ec80..0000000000 --- a/test/integration/targets/ec2_group/tasks/egress_tests.yml +++ /dev/null @@ -1,198 +0,0 @@ ---- -- block: - - name: set up aws connection info - set_fact: - aws_connection_info: &aws_connection_info - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" - region: "{{ aws_region }}" - no_log: yes - - - - name: Create a group with only the default rule - ec2_group: - name: '{{ec2_group_name}}-egress-tests' - vpc_id: '{{ vpc_result.vpc.id }}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - register: result - - - name: assert default rule is in place (expected changed=true) - assert: - that: - - result is changed - - result.ip_permissions|length == 0 - - result.ip_permissions_egress|length == 1 - - result.ip_permissions_egress[0].ip_ranges[0].cidr_ip == '0.0.0.0/0' - - - name: Create a group with only the default rule - ec2_group: - name: '{{ec2_group_name}}-egress-tests' - vpc_id: '{{ vpc_result.vpc.id }}' - description: '{{ec2_group_description}}' - purge_rules_egress: false - <<: *aws_connection_info - state: present - register: result - - - name: assert default rule is not purged (expected changed=false) - assert: - that: - - result is not changed - - result.ip_permissions|length == 0 - - result.ip_permissions_egress|length == 1 - - result.ip_permissions_egress[0].ip_ranges[0].cidr_ip == '0.0.0.0/0' - - - name: Pass empty egress rules without purging, should leave default rule in place - ec2_group: - name: '{{ec2_group_name}}-egress-tests' - description: '{{ec2_group_description}}' - vpc_id: '{{ vpc_result.vpc.id }}' - purge_rules_egress: false - rules_egress: [] - <<: *aws_connection_info - state: present - register: result - - - name: assert default rule is not purged (expected changed=false) - assert: - that: - - result is not changed - - result.ip_permissions|length == 0 - - result.ip_permissions_egress|length == 1 - - result.ip_permissions_egress[0].ip_ranges[0].cidr_ip == '0.0.0.0/0' - - - name: Purge rules, including the default - ec2_group: - name: '{{ec2_group_name}}-egress-tests' - description: '{{ec2_group_description}}' - vpc_id: '{{ vpc_result.vpc.id }}' - purge_rules_egress: true - rules_egress: [] - <<: *aws_connection_info - state: present - register: result - - - name: assert default rule is not purged (expected changed=false) - assert: - that: - - result is changed - - result.ip_permissions|length == 0 - - result.ip_permissions_egress|length == 0 - - - name: Add a custom egress rule - ec2_group: - name: '{{ec2_group_name}}-egress-tests' - description: '{{ec2_group_description}}' - vpc_id: '{{ vpc_result.vpc.id }}' - rules_egress: - - proto: tcp - ports: - - 1212 - cidr_ip: 1.2.1.2/32 - <<: *aws_connection_info - state: present - register: result - - - name: assert first rule is here - assert: - that: - - result.ip_permissions_egress|length == 1 - - - name: Add a second custom egress rule - ec2_group: - name: '{{ec2_group_name}}-egress-tests' - description: '{{ec2_group_description}}' - purge_rules_egress: false - vpc_id: '{{ vpc_result.vpc.id }}' - rules_egress: - - proto: tcp - ports: - - 2323 - cidr_ip: 2.3.2.3/32 - <<: *aws_connection_info - state: present - register: result - - - name: assert the first rule is not purged - assert: - that: - - result.ip_permissions_egress|length == 2 - - - name: Purge the second rule (CHECK MODE) (DIFF MODE) - ec2_group: - name: '{{ec2_group_name}}-egress-tests' - description: '{{ec2_group_description}}' - vpc_id: '{{ vpc_result.vpc.id }}' - rules_egress: - - proto: tcp - ports: - - 1212 - cidr_ip: 1.2.1.2/32 - <<: *aws_connection_info - state: present - register: result - check_mode: True - diff: True - - - name: assert first rule will be left - assert: - that: - - result.changed - - result.diff.0.after.ip_permissions_egress|length == 1 - - result.diff.0.after.ip_permissions_egress[0].ip_ranges[0].cidr_ip == '1.2.1.2/32' - - - name: Purge the second rule - ec2_group: - name: '{{ec2_group_name}}-egress-tests' - description: '{{ec2_group_description}}' - vpc_id: '{{ vpc_result.vpc.id }}' - rules_egress: - - proto: tcp - ports: - - 1212 - cidr_ip: 1.2.1.2/32 - <<: *aws_connection_info - state: present - register: result - - - name: assert first rule is here - assert: - that: - - result.ip_permissions_egress|length == 1 - - result.ip_permissions_egress[0].ip_ranges[0].cidr_ip == '1.2.1.2/32' - - - name: add a rule for all TCP ports - ec2_group: - name: '{{ec2_group_name}}-egress-tests' - description: '{{ec2_group_description}}' - rules_egress: - - proto: tcp - ports: 0-65535 - cidr_ip: 0.0.0.0/0 - <<: *aws_connection_info - state: present - vpc_id: '{{ vpc_result.vpc.id }}' - register: result - - - name: Re-add the default rule - ec2_group: - name: '{{ec2_group_name}}-egress-tests' - description: '{{ec2_group_description}}' - rules_egress: - - proto: -1 - cidr_ip: 0.0.0.0/0 - <<: *aws_connection_info - state: present - vpc_id: '{{ vpc_result.vpc.id }}' - register: result - always: - - name: tidy up egress rule test security group - ec2_group: - name: '{{ec2_group_name}}-egress-tests' - state: absent - vpc_id: '{{ vpc_result.vpc.id }}' - <<: *aws_connection_info - ignore_errors: yes diff --git a/test/integration/targets/ec2_group/tasks/ipv6_default_tests.yml b/test/integration/targets/ec2_group/tasks/ipv6_default_tests.yml deleted file mode 100644 index eadaf30f6b..0000000000 --- a/test/integration/targets/ec2_group/tasks/ipv6_default_tests.yml +++ /dev/null @@ -1,103 +0,0 @@ ---- -- name: set up aws connection info - set_fact: - aws_connection_info: &aws_connection_info - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" - region: "{{ aws_region }}" - no_log: yes -# ============================================================ -- name: test state=present for ipv6 (expected changed=true) (CHECK MODE) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ipv6: "64:ff9b::/96" - check_mode: true - register: result - -- name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - -# ============================================================ -- name: test state=present for ipv6 (expected changed=true) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ipv6: "64:ff9b::/96" - register: result - -- name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - 'result.group_id.startswith("sg-")' - -# ============================================================ -- name: test rules_egress state=present for ipv6 (expected changed=true) (CHECK MODE) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ipv6: "64:ff9b::/96" - rules_egress: - - proto: "tcp" - from_port: 8181 - to_port: 8181 - cidr_ipv6: "64:ff9b::/96" - check_mode: true - register: result - -- name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - -# ============================================================ -- name: test rules_egress state=present for ipv6 (expected changed=true) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ipv6: "64:ff9b::/96" - rules_egress: - - proto: "tcp" - from_port: 8181 - to_port: 8181 - cidr_ipv6: "64:ff9b::/96" - register: result - -- name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - 'result.group_id.startswith("sg-")' -- name: delete it - ec2_group: - name: '{{ec2_group_name}}' - <<: *aws_connection_info - state: absent diff --git a/test/integration/targets/ec2_group/tasks/main.yml b/test/integration/targets/ec2_group/tasks/main.yml deleted file mode 100644 index 9b558656cd..0000000000 --- a/test/integration/targets/ec2_group/tasks/main.yml +++ /dev/null @@ -1,1536 +0,0 @@ ---- -# A Note about ec2 environment variable name preference: -# - EC2_URL -> AWS_URL -# - EC2_ACCESS_KEY -> AWS_ACCESS_KEY_ID -> AWS_ACCESS_KEY -# - EC2_SECRET_KEY -> AWS_SECRET_ACCESS_KEY -> AWX_SECRET_KEY -# - EC2_REGION -> AWS_REGION -# - -# - include: ../../setup_ec2/tasks/common.yml module_name: ec2_group - -- include: ./credential_tests.yml -# ============================================================ -# EC2 Classic tests can only be run on a pre-2013 AWS account with supported-platforms=EC2 -# Ansible CI does NOT have classic EC2 support; these tests are provided as-is for the -# community and can be run if you have access to a classic account. To check if your account -# has support for EC2 Classic you can use the `aws_account_attribute` plugin. - -- name: determine if this is an EC2 Classic account - set_fact: - has_ec2_classic: "{{ lookup('aws_account_attribute', - attribute='has-ec2-classic', - region=aws_region, - aws_access_key=aws_access_key, - aws_secret_key=aws_secret_key, - aws_security_token=security_token, - wantlist=True) }}" -# ============================================================ -- -- name: set up aws connection info - set_fact: - aws_connection_info: &aws_connection_info - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" - region: "{{ aws_region }}" - no_log: yes - -# ============================================================ -- name: Run EC2 Classic accounts if account type is EC2 - include: ./ec2_classic.yml - when: has_ec2_classic - -# ============================================================ -# Other tests depend on attribute='default-vpc', ie no vpc_id is set. This is -# incompatible with EC2 classic accounts, so these tests can only be run in a -# VPC-type account. See "Q. I really want a default VPC for my existing EC2 -# account. Is that possible?" in https://aws.amazon.com/vpc/faqs/#Default_VPCs -- name: Run all other tests if account type is VPC - module_defaults: - group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" - region: "{{ aws_region }}" - block: - - name: determine if there is a default VPC - set_fact: - defaultvpc: "{{ lookup('aws_account_attribute', - attribute='default-vpc', - region=aws_region, - aws_access_key=aws_access_key, - aws_secret_key=aws_secret_key, - aws_security_token=security_token) }}" - register: default_vpc - - - name: create a VPC - ec2_vpc_net: - name: "{{ resource_prefix }}-vpc" - state: present - cidr_block: "10.232.232.128/26" - <<: *aws_connection_info - tags: - Name: "{{ resource_prefix }}-vpc" - Description: "Created by ansible-test" - register: vpc_result - #TODO(ryansb): Update CI for VPC peering permissions - #- include: ./multi_account.yml - - include: ./diff_mode.yml - - include: ./numeric_protos.yml - - include: ./rule_group_create.yml - - include: ./egress_tests.yml - - include: ./data_validation.yml - - include: ./multi_nested_target.yml - - # ============================================================ - - name: test state=absent (CHECK MODE) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: absent - check_mode: true - register: result - - - name: assert no changes would be made - assert: - that: - - not result.changed - - # =========================================================== - - name: test state=absent - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: absent - register: result - - # ============================================================ - - name: test state=present (expected changed=true) (CHECK MODE) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - check_mode: true - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - # ============================================================ - - name: test state=present (expected changed=true) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - 'result.group_id.startswith("sg-")' - - # ============================================================ - - name: test state=present different description (expected changed=false) (CHECK MODE) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}CHANGED' - <<: *aws_connection_info - state: present - check_mode: true - register: result - - - name: assert state=present (expected changed=false) - assert: - that: - - 'not result.changed' - - # ============================================================ - - name: test state=present different description (expected changed=false) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}CHANGED' - <<: *aws_connection_info - state: present - ignore_errors: true - register: result - - - name: assert state=present (expected changed=false) - assert: - that: - - 'not result.changed' - - 'result.group_id.startswith("sg-")' - - # ============================================================ - - name: test state=present (expected changed=false) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - register: result - - - name: assert state=present (expected changed=false) - assert: - that: - - 'not result.changed' - - 'result.group_id.startswith("sg-")' - - # ============================================================ - - name: tests IPv6 with the default VPC - include: ./ipv6_default_tests.yml - when: default_vpc - - - name: test IPv6 with a specified VPC - block: - - # ============================================================ - - name: test state=present (expected changed=true) (CHECK MODE) - ec2_group: - name: '{{ ec2_group_name }}-2' - description: '{{ ec2_group_description }}-2' - state: present - vpc_id: '{{ vpc_result.vpc.id }}' - <<: *aws_connection_info - check_mode: true - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - # ============================================================ - - name: test state=present (expected changed=true) - ec2_group: - name: '{{ ec2_group_name }}-2' - description: '{{ ec2_group_description }}-2' - state: present - vpc_id: '{{ vpc_result.vpc.id }}' - <<: *aws_connection_info - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - 'result.group_id.startswith("sg-")' - - # ============================================================ - - name: test state=present for ipv6 (expected changed=true) (CHECK MODE) - ec2_group: - name: '{{ ec2_group_name }}-2' - description: '{{ ec2_group_description }}-2' - state: present - vpc_id: '{{ vpc_result.vpc.id }}' - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ipv6: "64:ff9b::/96" - <<: *aws_connection_info - check_mode: true - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - # ============================================================ - - name: test state=present for ipv6 (expected changed=true) - ec2_group: - name: '{{ ec2_group_name }}-2' - description: '{{ ec2_group_description }}-2' - state: present - vpc_id: '{{ vpc_result.vpc.id }}' - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ipv6: "64:ff9b::/96" - <<: *aws_connection_info - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - 'result.group_id.startswith("sg-")' - - # ============================================================ - - name: test state=present for ipv6 (expected changed=false) (CHECK MODE) - ec2_group: - name: '{{ ec2_group_name }}-2' - description: '{{ ec2_group_description }}-2' - state: present - vpc_id: '{{ vpc_result.vpc.id }}' - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ipv6: "64:ff9b::/96" - <<: *aws_connection_info - check_mode: true - register: result - - - name: assert nothing changed - assert: - that: - - 'not result.changed' - - # ============================================================ - - name: test state=present for ipv6 (expected changed=false) - ec2_group: - name: '{{ ec2_group_name }}-2' - description: '{{ ec2_group_description }}-2' - state: present - vpc_id: '{{ vpc_result.vpc.id }}' - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ipv6: "64:ff9b::/96" - <<: *aws_connection_info - register: result - - - name: assert nothing changed - assert: - that: - - 'not result.changed' - - # ============================================================ - - name: test rules_egress state=present for ipv6 (expected changed=true) (CHECK MODE) - ec2_group: - name: '{{ ec2_group_name }}-2' - description: '{{ ec2_group_description }}-2' - state: present - vpc_id: '{{ vpc_result.vpc.id }}' - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ipv6: "64:ff9b::/96" - rules_egress: - - proto: "tcp" - from_port: 8181 - to_port: 8181 - cidr_ipv6: "64:ff9b::/96" - <<: *aws_connection_info - check_mode: true - diff: true - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - 'result.diff.0.before.ip_permissions == result.diff.0.after.ip_permissions' - - 'result.diff.0.before.ip_permissions_egress != result.diff.0.after.ip_permissions_egress' - - # ============================================================ - - name: test rules_egress state=present for ipv6 (expected changed=true) - ec2_group: - name: '{{ ec2_group_name }}-2' - description: '{{ ec2_group_description }}-2' - state: present - vpc_id: '{{ vpc_result.vpc.id }}' - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ipv6: "64:ff9b::/96" - rules_egress: - - proto: "tcp" - from_port: 8181 - to_port: 8181 - cidr_ipv6: "64:ff9b::/96" - <<: *aws_connection_info - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - 'result.group_id.startswith("sg-")' - - # ============================================================ - - name: test state=absent (expected changed=true) (CHECK MODE) - ec2_group: - name: '{{ ec2_group_name }}-2' - description: '{{ ec2_group_description }}-2' - state: absent - vpc_id: '{{ vpc_result.vpc.id }}' - <<: *aws_connection_info - check_mode: true - diff: true - register: result - - - name: assert group was removed - assert: - that: - - 'result.changed' - - 'not result.diff.0.after' - - # ============================================================ - - name: test state=absent (expected changed=true) - ec2_group: - name: '{{ ec2_group_name }}-2' - description: '{{ ec2_group_description }}-2' - state: absent - vpc_id: '{{ vpc_result.vpc.id }}' - <<: *aws_connection_info - register: result - - - name: assert group was removed - assert: - that: - - 'result.changed' - - # ============================================================ - - name: test state=present for ipv4 (expected changed=true) (CHECK MODE) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ip: "1.1.1.1/32" - check_mode: true - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - # ============================================================ - - name: test state=present for ipv4 (expected changed=true) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ip: "1.1.1.1/32" - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - 'result.group_id.startswith("sg-")' - - 'result.ip_permissions|length == 1' - - 'result.ip_permissions_egress|length == 1' - - # ============================================================ - - name: add same rule to the existing group (expected changed=false) (CHECK MODE) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ip: "1.1.1.1/32" - check_mode: true - diff: true - register: check_result - - - assert: - that: - - not check_result.changed - - check_result.diff.0.before.ip_permissions.0 == check_result.diff.0.after.ip_permissions.0 - - # ============================================================ - - name: add same rule to the existing group (expected changed=false) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ip: "1.1.1.1/32" - register: result - - - name: assert state=present (expected changed=false) - assert: - that: - - 'not result.changed' - - 'result.group_id.startswith("sg-")' - - - name: assert state=present (expected changed=false) - assert: - that: - - 'not check_result.changed' - - # ============================================================ - - name: add a rule that auto creates another security group (CHECK MODE) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - purge_rules: no - rules: - - proto: "tcp" - group_name: "{{ resource_prefix }} - Another security group" - group_desc: Another security group - ports: 7171 - check_mode: true - register: result - - - name: check that there are now two rules - assert: - that: - - result.changed - - # ============================================================ - - name: add a rule that auto creates another security group - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - purge_rules: no - rules: - - proto: "tcp" - group_name: "{{ resource_prefix }} - Another security group" - group_desc: Another security group - ports: 7171 - register: result - - - name: check that there are now two rules - assert: - that: - - result.changed - - result.ip_permissions|length == 2 - - result.ip_permissions[0].user_id_group_pairs or - result.ip_permissions[1].user_id_group_pairs - - 'result.ip_permissions_egress[0].ip_protocol == "-1"' - - # ============================================================ - - name: test ip rules convert port numbers from string to int (expected changed=true) (CHECK MODE) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - rules: - - proto: "tcp" - from_port: "8183" - to_port: "8183" - cidr_ip: "1.1.1.1/32" - rules_egress: - - proto: "tcp" - from_port: "8184" - to_port: "8184" - cidr_ip: "1.1.1.1/32" - check_mode: true - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - # ============================================================ - - name: test ip rules convert port numbers from string to int (expected changed=true) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - rules: - - proto: "tcp" - from_port: "8183" - to_port: "8183" - cidr_ip: "1.1.1.1/32" - rules_egress: - - proto: "tcp" - from_port: "8184" - to_port: "8184" - cidr_ip: "1.1.1.1/32" - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - 'result.group_id.startswith("sg-")' - - 'result.ip_permissions|length == 1' - - 'result.ip_permissions_egress[0].ip_protocol == "tcp"' - - - # ============================================================ - - name: test group rules convert port numbers from string to int (expected changed=true) (CHECK MODE) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - rules: - - proto: "tcp" - from_port: "8185" - to_port: "8185" - group_id: "{{result.group_id}}" - rules_egress: - - proto: "tcp" - from_port: "8186" - to_port: "8186" - group_id: "{{result.group_id}}" - check_mode: true - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - # ============================================================ - - name: test group rules convert port numbers from string to int (expected changed=true) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - rules: - - proto: "tcp" - from_port: "8185" - to_port: "8185" - group_id: "{{result.group_id}}" - rules_egress: - - proto: "tcp" - from_port: "8186" - to_port: "8186" - group_id: "{{result.group_id}}" - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - 'result.group_id.startswith("sg-")' - - # ============================================================ - - name: test adding a range of ports and ports given as strings (expected changed=true) (CHECK MODE) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - # set purge_rules to false so we don't get a false positive from previously added rules - purge_rules: false - rules: - - proto: "tcp" - ports: - - 8183-8190 - - '8192' - cidr_ip: 1.1.1.1/32 - check_mode: true - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - # ============================================================ - - name: test adding a range of ports and ports given as strings (expected changed=true) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - # set purge_rules to false so we don't get a false positive from previously added rules - purge_rules: false - rules: - - proto: "tcp" - ports: - - 8183-8190 - - '8192' - cidr_ip: 1.1.1.1/32 - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - 'result.group_id.startswith("sg-")' - - # ============================================================ - - name: test adding a rule with a IPv4 CIDR with host bits set (expected changed=true) (CHECK MODE) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - # set purge_rules to false so we don't get a false positive from previously added rules - purge_rules: false - rules: - - proto: "tcp" - ports: - - 8195 - cidr_ip: 10.0.0.1/8 - check_mode: true - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - # ============================================================ - - name: test adding a rule with a IPv4 CIDR with host bits set (expected changed=true) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - # set purge_rules to false so we don't get a false positive from previously added rules - purge_rules: false - rules: - - proto: "tcp" - ports: - - 8195 - cidr_ip: 10.0.0.1/8 - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - 'result.group_id.startswith("sg-")' - - # ============================================================ - - name: test adding the same rule with a IPv4 CIDR with host bits set (expected changed=false) (CHECK MODE) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - # set purge_rules to false so we don't get a false positive from previously added rules - purge_rules: false - rules: - - proto: "tcp" - ports: - - 8195 - cidr_ip: 10.0.0.1/8 - check_mode: true - register: check_result - - # ============================================================ - - name: test adding the same rule with a IPv4 CIDR with host bits set (expected changed=false and a warning) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - # set purge_rules to false so we don't get a false positive from previously added rules - purge_rules: false - rules: - - proto: "tcp" - ports: - - 8195 - cidr_ip: 10.0.0.1/8 - register: result - - - name: assert state=present (expected changed=false and a warning) - assert: - that: - - 'not check_result.changed' - - - name: assert state=present (expected changed=false and a warning) - assert: - that: - # No way to assert for warnings? - - 'not result.changed' - - 'result.group_id.startswith("sg-")' - - # ============================================================ - - name: test using the default VPC - block: - - - name: test adding a rule with a IPv6 CIDR with host bits set (expected changed=true) (CHECK MODE) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - # set purge_rules to false so we don't get a false positive from previously added rules - purge_rules: false - rules: - - proto: "tcp" - ports: - - 8196 - cidr_ipv6: '2001:db00::1/24' - check_mode: true - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - # ============================================================ - - name: test adding a rule with a IPv6 CIDR with host bits set (expected changed=true) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - # set purge_rules to false so we don't get a false positive from previously added rules - purge_rules: false - rules: - - proto: "tcp" - ports: - - 8196 - cidr_ipv6: '2001:db00::1/24' - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - 'result.group_id.startswith("sg-")' - - # ============================================================ - - - name: test adding a rule again with a IPv6 CIDR with host bits set (expected changed=false and a warning) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - # set purge_rules to false so we don't get a false positive from previously added rules - purge_rules: false - rules: - - proto: "tcp" - ports: - - 8196 - cidr_ipv6: '2001:db00::1/24' - register: result - - - name: assert state=present (expected changed=false and a warning) - assert: - that: - # No way to assert for warnings? - - 'not result.changed' - - 'result.group_id.startswith("sg-")' - - when: default_vpc - - # ============================================================ - - name: test state=absent (expected changed=true) (CHECK MODE) - ec2_group: - name: '{{ec2_group_name}}' - state: absent - <<: *aws_connection_info - check_mode: true - register: result - - - name: assert state=absent (expected changed=true) - assert: - that: - - 'result.changed' - - # ============================================================ - - name: test state=absent (expected changed=true) - ec2_group: - name: '{{ec2_group_name}}' - state: absent - <<: *aws_connection_info - register: result - - - name: assert state=absent (expected changed=true) - assert: - that: - - 'result.changed' - - 'not result.group_id' - - # ============================================================ - - name: create security group in the VPC (CHECK MODE) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - vpc_id: '{{ vpc_result.vpc.id }}' - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ip: "1.1.1.1/32" - check_mode: true - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - # ============================================================ - - name: create security group in the VPC - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - vpc_id: '{{ vpc_result.vpc.id }}' - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ip: "1.1.1.1/32" - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - 'result.vpc_id == vpc_result.vpc.id' - - 'result.group_id.startswith("sg-")' - - # ============================================================ - - name: test adding tags (expected changed=true) (CHECK MODE) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - vpc_id: '{{ vpc_result.vpc.id }}' - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ip: "1.1.1.1/32" - tags: - tag1: test1 - tag2: test2 - check_mode: true - diff: true - register: result - - - name: assert that tags were added (expected changed=true) - assert: - that: - - 'result.changed' - - 'not result.diff.0.before.tags' - - 'result.diff.0.after.tags.tag1 == "test1"' - - 'result.diff.0.after.tags.tag2 == "test2"' - - # ============================================================ - - name: test adding tags (expected changed=true) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - vpc_id: '{{ vpc_result.vpc.id }}' - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ip: "1.1.1.1/32" - tags: - tag1: test1 - tag2: test2 - register: result - - - name: assert that tags were added (expected changed=true) - assert: - that: - - 'result.changed' - - 'result.tags == {"tag1": "test1", "tag2": "test2"}' - - # ============================================================ - - name: test that tags are present (expected changed=False) (CHECK MODE) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - vpc_id: '{{ vpc_result.vpc.id }}' - state: present - purge_rules_egress: false - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ip: "1.1.1.1/32" - tags: - tag1: test1 - tag2: test2 - check_mode: true - register: result - - - name: assert that tags were not changed (expected changed=False) - assert: - that: - - 'not result.changed' - - # ============================================================ - - name: test that tags are present (expected changed=False) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - vpc_id: '{{ vpc_result.vpc.id }}' - state: present - purge_rules_egress: false - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ip: "1.1.1.1/32" - tags: - tag1: test1 - tag2: test2 - register: result - - - name: assert that tags were not changed (expected changed=False) - assert: - that: - - 'not result.changed' - - 'result.tags == {"tag1": "test1", "tag2": "test2"}' - - # ============================================================ - - name: test purging tags (expected changed=True) (CHECK MODE) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - vpc_id: '{{ vpc_result.vpc.id }}' - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ip: "1.1.1.1/32" - tags: - tag1: test1 - check_mode: true - register: result - - - name: assert that tag2 was removed (expected changed=true) - assert: - that: - - 'result.changed' - - # ============================================================ - - name: test purging tags (expected changed=True) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - vpc_id: '{{ vpc_result.vpc.id }}' - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ip: "1.1.1.1/32" - tags: - tag1: test1 - register: result - - - name: assert that tag2 was removed (expected changed=true) - assert: - that: - - 'result.changed' - - 'result.tags == {"tag1": "test1"}' - - # ============================================================ - - - name: assert that tags are left as-is if not specified (expected changed=False) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - vpc_id: '{{ vpc_result.vpc.id }}' - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ip: "1.1.1.1/32" - register: result - - - name: assert that the tags stayed the same (expected changed=false) - assert: - that: - - 'not result.changed' - - 'result.tags == {"tag1": "test1"}' - - # ============================================================ - - - name: test purging all tags (expected changed=True) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - vpc_id: '{{ vpc_result.vpc.id }}' - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ip: "1.1.1.1/32" - tags: {} - register: result - - - name: assert that tag1 was removed (expected changed=true) - assert: - that: - - 'result.changed' - - 'not result.tags' - - # ============================================================ - - name: test adding a rule and egress rule descriptions (expected changed=true) (CHECK MODE) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - vpc_id: '{{ vpc_result.vpc.id }}' - # purge the other rules so assertions work for the subsequent tests for rule descriptions - purge_rules_egress: true - purge_rules: true - state: present - rules: - - proto: "tcp" - ports: - - 8281 - cidr_ipv6: 1001:d00::/24 - rule_desc: ipv6 rule desc 1 - rules_egress: - - proto: "tcp" - ports: - - 8282 - cidr_ip: 2.2.2.2/32 - rule_desc: egress rule desc 1 - check_mode: true - register: result - - - name: assert that rule descriptions are created (expected changed=true) - # Only assert this if rule description is defined as the botocore version may < 1.7.2. - # It's still helpful to have these tests run on older versions since it verifies backwards - # compatibility with this feature. - assert: - that: - - 'result.changed' - when: result.ip_permissions_egress[0].ip_ranges[0].description is defined - - - name: if an older version of botocore is installed changes should still have changed due to purged rules (expected changed=true) - assert: - that: - - 'result.changed' - when: result.ip_permissions_egress[0].ip_ranges[0].description is undefined - - # ========================================================================================= - - name: add rules without descriptions ready for adding descriptions to existing rules - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - vpc_id: '{{ vpc_result.vpc.id }}' - # purge the other rules so assertions work for the subsequent tests for rule descriptions - purge_rules_egress: true - purge_rules: true - state: present - rules: - - proto: "tcp" - ports: - - 8281 - cidr_ipv6: 1001:d00::/24 - rules_egress: - - proto: "tcp" - ports: - - 8282 - cidr_ip: 2.2.2.2/32 - register: result - - # ============================================================ - - name: test adding a rule and egress rule descriptions (expected changed=true) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - vpc_id: '{{ vpc_result.vpc.id }}' - # purge the other rules so assertions work for the subsequent tests for rule descriptions - purge_rules_egress: true - purge_rules: true - state: present - rules: - - proto: "tcp" - ports: - - 8281 - cidr_ipv6: 1001:d00::/24 - rule_desc: ipv6 rule desc 1 - rules_egress: - - proto: "tcp" - ports: - - 8282 - cidr_ip: 2.2.2.2/32 - rule_desc: egress rule desc 1 - register: result - - - name: assert that rule descriptions are created (expected changed=true) - # Only assert this if rule description is defined as the botocore version may < 1.7.2. - # It's still helpful to have these tests run on older versions since it verifies backwards - # compatibility with this feature. - assert: - that: - - 'result.changed' - - 'result.ip_permissions[0].ipv6_ranges[0].description == "ipv6 rule desc 1"' - - 'result.ip_permissions_egress[0].ip_ranges[0].description == "egress rule desc 1"' - when: result.ip_permissions_egress[0].ip_ranges[0].description is defined - - - name: if an older version of botocore is installed changes should still have changed due to purged rules (expected changed=true) - assert: - that: - - 'result.changed' - when: result.ip_permissions_egress[0].ip_ranges[0].description is undefined - - # ============================================================ - - name: test modifying rule and egress rule descriptions (expected changed=true) (CHECK MODE) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - vpc_id: '{{ vpc_result.vpc.id }}' - purge_rules_egress: false - purge_rules: false - state: present - rules: - - proto: "tcp" - ports: - - 8281 - cidr_ipv6: 1001:d00::/24 - rule_desc: ipv6 rule desc 2 - rules_egress: - - proto: "tcp" - ports: - - 8282 - cidr_ip: 2.2.2.2/32 - rule_desc: egress rule desc 2 - check_mode: true - register: result - - - name: assert that rule descriptions were modified (expected changed=true) - # Only assert this if rule description is defined as the botocore version may < 1.7.2. - # It's still helpful to have these tests run on older versions since it verifies backwards - # compatibility with this feature. - assert: - that: - - 'result.ip_permissions | length > 0' - - 'result.changed' - when: result.ip_permissions_egress[0].ip_ranges[0].description is defined - - - name: if an older version of botocore is installed everything should stay the same (expected changed=false) - assert: - that: - - 'not result.changed' - when: result.ip_permissions_egress[0].ip_ranges[0].description is undefined and result.ip_permissions_egress[1].ip_ranges[0].description is undefined - - # ============================================================ - - name: test modifying rule and egress rule descriptions (expected changed=true) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - vpc_id: '{{ vpc_result.vpc.id }}' - purge_rules_egress: false - purge_rules: false - state: present - rules: - - proto: "tcp" - ports: - - 8281 - cidr_ipv6: 1001:d00::/24 - rule_desc: ipv6 rule desc 2 - rules_egress: - - proto: "tcp" - ports: - - 8282 - cidr_ip: 2.2.2.2/32 - rule_desc: egress rule desc 2 - register: result - - - name: assert that rule descriptions were modified (expected changed=true) - # Only assert this if rule description is defined as the botocore version may < 1.7.2. - # It's still helpful to have these tests run on older versions since it verifies backwards - # compatibility with this feature. - assert: - that: - - 'result.changed' - - 'result.ip_permissions[0].ipv6_ranges[0].description == "ipv6 rule desc 2"' - - 'result.ip_permissions_egress[0].ip_ranges[0].description == "egress rule desc 2"' - when: result.ip_permissions_egress[0].ip_ranges[0].description is defined - - - name: if an older version of botocore is installed everything should stay the same (expected changed=false) - assert: - that: - - 'not result.changed' - when: result.ip_permissions_egress[0].ip_ranges[0].description is undefined - - # ============================================================ - - - name: test creating rule in default vpc with egress rule (expected changed=true) - ec2_group: - name: '{{ec2_group_name}}-default-vpc' - description: '{{ec2_group_description}} default VPC' - <<: *aws_connection_info - purge_rules_egress: true - state: present - rules: - - proto: "tcp" - ports: - - 8281 - cidr_ip: 1.1.1.1/24 - rule_desc: ipv4 rule desc - rules_egress: - - proto: "tcp" - ports: - - 8282 - cidr_ip: 2.2.2.2/32 - rule_desc: egress rule desc 2 - register: result - - - name: assert that rule descriptions were modified (expected changed=true) - # Only assert this if rule description is defined as the botocore version may < 1.7.2. - # It's still helpful to have these tests run on older versions since it verifies backwards - # compatibility with this feature. - assert: - that: - - 'result.changed' - - 'result.ip_permissions_egress|length == 1' - - # ============================================================ - - name: test that keeping the same rule descriptions (expected changed=false) (CHECK MODE) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - vpc_id: '{{ vpc_result.vpc.id }}' - purge_rules_egress: false - purge_rules: false - state: present - rules: - - proto: "tcp" - ports: - - 8281 - cidr_ipv6: 1001:d00::/24 - rule_desc: ipv6 rule desc 2 - rules_egress: - - proto: "tcp" - ports: - - 8282 - cidr_ip: 2.2.2.2/32 - rule_desc: egress rule desc 2 - check_mode: true - register: result - - - name: assert that rule descriptions stayed the same (expected changed=false) - # Only assert this if rule description is defined as the botocore version may < 1.7.2. - # It's still helpful to have these tests run on older versions since it verifies backwards - # compatibility with this feature. - assert: - that: - - 'not result.changed' - when: result.ip_permissions_egress[0].ip_ranges[0].description is defined - - - name: if an older version of botocore is installed everything should stay the same (expected changed=false) - assert: - that: - - 'not result.changed' - when: result.ip_permissions_egress[0].ip_ranges[0].description is undefined - - # ============================================================ - - name: test that keeping the same rule descriptions (expected changed=false) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - vpc_id: '{{ vpc_result.vpc.id }}' - purge_rules_egress: false - purge_rules: false - state: present - rules: - - proto: "tcp" - ports: - - 8281 - cidr_ipv6: 1001:d00::/24 - rule_desc: ipv6 rule desc 2 - rules_egress: - - proto: "tcp" - ports: - - 8282 - cidr_ip: 2.2.2.2/32 - rule_desc: egress rule desc 2 - register: result - - - name: assert that rule descriptions stayed the same (expected changed=false) - # Only assert this if rule description is defined as the botocore version may < 1.7.2. - # It's still helpful to have these tests run on older versions since it verifies backwards - # compatibility with this feature. - assert: - that: - - 'not result.changed' - - 'result.ip_permissions[0].ipv6_ranges[0].description == "ipv6 rule desc 2"' - - 'result.ip_permissions_egress[0].ip_ranges[0].description == "egress rule desc 2"' - when: result.ip_permissions_egress[0].ip_ranges[0].description is defined - - - name: if an older version of botocore is installed everything should stay the same (expected changed=false) - assert: - that: - - 'not result.changed' - when: result.ip_permissions_egress[0].ip_ranges[0].description is undefined - - # ============================================================ - - name: test removing rule descriptions (expected changed=true) (CHECK MODE) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - vpc_id: '{{ vpc_result.vpc.id }}' - purge_rules_egress: false - purge_rules: false - state: present - rules: - - proto: "tcp" - ports: - - 8281 - cidr_ipv6: 1001:d00::/24 - rule_desc: - rules_egress: - - proto: "tcp" - ports: - - 8282 - cidr_ip: 2.2.2.2/32 - rule_desc: - check_mode: true - register: result - - - name: assert that rule descriptions were removed (expected changed=true) - # Only assert this if rule description is defined as the botocore version may < 1.7.2. - # It's still helpful to have these tests run on older versions since it verifies backwards - # compatibility with this feature. - assert: - that: - - 'result.changed' - when: result.ip_permissions_egress[0].ip_ranges[0].description is defined - - - name: if an older version of botocore is installed everything should stay the same (expected changed=false) - assert: - that: - - 'not result.changed' - when: result.ip_permissions_egress[0].ip_ranges[0].description is undefined - - # ============================================================ - - name: test removing rule descriptions (expected changed=true) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - vpc_id: '{{ vpc_result.vpc.id }}' - purge_rules_egress: false - purge_rules: false - state: present - rules: - - proto: "tcp" - ports: - - 8281 - cidr_ipv6: 1001:d00::/24 - rule_desc: - rules_egress: - - proto: "tcp" - ports: - - 8282 - cidr_ip: 2.2.2.2/32 - rule_desc: - register: result - ignore_errors: true - - - name: assert that rule descriptions were removed (expected changed=true with newer botocore) - # Only assert this if rule description is defined as the botocore version may < 1.7.2. - # It's still helpful to have these tests run on older versions since it verifies backwards - # compatibility with this feature. - assert: - that: - - 'result.ip_permissions[0].ipv6_ranges[0].description is undefined' - - 'result.ip_permissions_egress[0].ip_ranges[0].description is undefined' - when: result is changed - - - name: if an older version of botocore is installed everything should stay the same (expected changed=false) - assert: - that: - - 'not result.changed' - when: result.failed - - # ============================================================ - - - name: test state=absent (expected changed=true) - ec2_group: - name: '{{ec2_group_name}}' - state: absent - <<: *aws_connection_info - register: result - - - name: assert state=absent (expected changed=true) - assert: - that: - - 'result.changed' - - 'not result.group_id' - when: not has_ec2_classic - - always: - # ============================================================ - - name: tidy up security group - ec2_group: - name: '{{ec2_group_name}}' - state: absent - <<: *aws_connection_info - ignore_errors: yes - - - name: tidy up security group for IPv6 EC2-Classic tests - ec2_group: - name: '{{ ec2_group_name }}-2' - state: absent - <<: *aws_connection_info - ignore_errors: yes - - - name: tidy up default VPC security group - ec2_group: - name: '{{ec2_group_name}}-default-vpc' - state: absent - <<: *aws_connection_info - ignore_errors: yes - - - name: tidy up automatically created SG - ec2_group: - name: "{{ resource_prefix }} - Another security group" - state: absent - <<: *aws_connection_info - ignore_errors: yes - - - name: tidy up VPC - ec2_vpc_net: - name: "{{ resource_prefix }}-vpc" - state: absent - cidr_block: "10.232.232.128/26" - <<: *aws_connection_info - ignore_errors: yes diff --git a/test/integration/targets/ec2_group/tasks/multi_account.yml b/test/integration/targets/ec2_group/tasks/multi_account.yml deleted file mode 100644 index d557938350..0000000000 --- a/test/integration/targets/ec2_group/tasks/multi_account.yml +++ /dev/null @@ -1,124 +0,0 @@ -- block: - - aws_caller_info: - register: caller_facts - - name: create a VPC - ec2_vpc_net: - name: "{{ resource_prefix }}-vpc-2" - state: present - cidr_block: "10.232.233.128/26" - tags: - Description: "Created by ansible-test" - register: vpc_result_2 - - name: Peer the secondary-VPC to the main VPC - ec2_vpc_peer: - vpc_id: '{{ vpc_result_2.vpc.id }}' - peer_vpc_id: '{{ vpc_result.vpc.id }}' - peer_owner_id: '{{ caller_facts.account }}' - peer_region: '{{ aws_region }}' - register: peer_origin - - name: Accept the secondary-VPC peering connection in the main VPC - ec2_vpc_peer: - peer_vpc_id: '{{ vpc_result_2.vpc.id }}' - vpc_id: '{{ vpc_result.vpc.id }}' - state: accept - peering_id: '{{ peer_origin.peering_id }}' - peer_owner_id: '{{ caller_facts.account }}' - peer_region: '{{ aws_region }}' - - name: Create group in second VPC - ec2_group: - name: '{{ ec2_group_name }}-external' - description: '{{ ec2_group_description }}' - vpc_id: '{{ vpc_result_2.vpc.id }}' - state: present - rules: - - proto: "tcp" - cidr_ip: 0.0.0.0/0 - ports: - - 80 - rule_desc: 'http whoo' - register: external - - name: Create group in internal VPC - ec2_group: - name: '{{ ec2_group_name }}-internal' - description: '{{ ec2_group_description }}' - vpc_id: '{{ vpc_result.vpc.id }}' - state: present - rules: - - proto: "tcp" - group_id: '{{ caller_facts.account }}/{{ external.group_id }}/{{ ec2_group_name }}-external' - ports: - - 80 - - name: Re-make same rule, expecting changed=false in internal VPC - ec2_group: - name: '{{ ec2_group_name }}-internal' - description: '{{ ec2_group_description }}' - vpc_id: '{{ vpc_result.vpc.id }}' - state: present - rules: - - proto: "tcp" - group_id: '{{ caller_facts.account }}/{{ external.group_id }}/{{ ec2_group_name }}-external' - ports: - - 80 - register: out - - assert: - that: - - out is not changed - - name: Try again with a bad group_id group in internal VPC - ec2_group: - name: '{{ ec2_group_name }}-internal' - description: '{{ ec2_group_description }}' - vpc_id: '{{ vpc_result.vpc.id }}' - state: present - rules: - - proto: "tcp" - group_id: '{{ external.group_id }}/{{ caller_facts.account }}/{{ ec2_group_name }}-external' - ports: - - 80 - register: out - ignore_errors: true - - assert: - that: - - out is failed - always: - - pause: seconds=5 - - name: Delete secondary-VPC side of peer - ec2_vpc_peer: - vpc_id: '{{ vpc_result_2.vpc.id }}' - peer_vpc_id: '{{ vpc_result.vpc.id }}' - peering_id: '{{ peer_origin.peering_id }}' - state: absent - peer_owner_id: '{{ caller_facts.account }}' - peer_region: '{{ aws_region }}' - ignore_errors: yes - - name: Delete main-VPC side of peer - ec2_vpc_peer: - peer_vpc_id: '{{ vpc_result_2.vpc.id }}' - vpc_id: '{{ vpc_result.vpc.id }}' - state: absent - peering_id: '{{ peer_origin.peering_id }}' - peer_owner_id: '{{ caller_facts.account }}' - peer_region: '{{ aws_region }}' - ignore_errors: yes - - name: Clean up group in second VPC - ec2_group: - name: '{{ ec2_group_name }}-external' - description: '{{ ec2_group_description }}' - state: absent - vpc_id: '{{ vpc_result_2.vpc.id }}' - ignore_errors: yes - - name: Clean up group in second VPC - ec2_group: - name: '{{ ec2_group_name }}-internal' - description: '{{ ec2_group_description }}' - state: absent - vpc_id: '{{ vpc_result.vpc.id }}' - ignore_errors: yes - - name: tidy up VPC - ec2_vpc_net: - name: "{{ resource_prefix }}-vpc-2" - state: absent - cidr_block: "10.232.233.128/26" - ignore_errors: yes - register: removed - retries: 10 - until: removed is not failed diff --git a/test/integration/targets/ec2_group/tasks/multi_nested_target.yml b/test/integration/targets/ec2_group/tasks/multi_nested_target.yml deleted file mode 100644 index 876f2a30a3..0000000000 --- a/test/integration/targets/ec2_group/tasks/multi_nested_target.yml +++ /dev/null @@ -1,230 +0,0 @@ ---- - - name: set up aws connection info - set_fact: - aws_connection_info: &aws_connection_info - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" - region: "{{ aws_region }}" - no_log: yes - - # ============================================================ - - - name: test state=present for multiple ipv6 and ipv4 targets (expected changed=true) (CHECK MODE) - ec2_group: - name: '{{ ec2_group_name }}' - description: '{{ ec2_group_description }}' - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ipv6: - - "64:ff9b::/96" - - ["2620::/32"] - - proto: "tcp" - ports: 5665 - cidr_ip: - - 172.16.1.0/24 - - 172.16.17.0/24 - - ["10.0.0.0/24", "20.0.0.0/24"] - <<: *aws_connection_info - check_mode: true - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - - name: test state=present for multiple ipv6 and ipv4 targets (expected changed=true) - ec2_group: - name: '{{ ec2_group_name }}' - description: '{{ ec2_group_description }}' - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ipv6: - - "64:ff9b::/96" - - ["2620::/32"] - - proto: "tcp" - ports: 5665 - cidr_ip: - - 172.16.1.0/24 - - 172.16.17.0/24 - - ["10.0.0.0/24", "20.0.0.0/24"] - <<: *aws_connection_info - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - 'result.ip_permissions | length == 2' - - 'result.ip_permissions[0].ip_ranges | length == 4 or result.ip_permissions[1].ip_ranges | length == 4' - - 'result.ip_permissions[0].ipv6_ranges | length == 2 or result.ip_permissions[1].ipv6_ranges | length == 2' - - - name: test state=present for multiple ipv6 and ipv4 targets (expected changed=false) (CHECK MODE) - ec2_group: - name: '{{ ec2_group_name }}' - description: '{{ ec2_group_description }}' - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ipv6: - - "64:ff9b::/96" - - ["2620::/32"] - - proto: "tcp" - ports: 5665 - cidr_ip: - - 172.16.1.0/24 - - 172.16.17.0/24 - - ["10.0.0.0/24", "20.0.0.0/24"] - <<: *aws_connection_info - check_mode: true - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'not result.changed' - - - name: test state=present for multiple ipv6 and ipv4 targets (expected changed=false) - ec2_group: - name: '{{ ec2_group_name }}' - description: '{{ ec2_group_description }}' - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ipv6: - - "64:ff9b::/96" - - ["2620::/32"] - - proto: "tcp" - ports: 5665 - cidr_ip: - - 172.16.1.0/24 - - 172.16.17.0/24 - - ["10.0.0.0/24", "20.0.0.0/24"] - <<: *aws_connection_info - register: result - - - name: assert state=present (expected changed=true) - assert: - that: - - 'not result.changed' - - - name: test state=present purging a nested ipv4 target (expected changed=true) (CHECK MODE) - ec2_group: - name: '{{ ec2_group_name }}' - description: '{{ ec2_group_description }}' - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ipv6: - - "64:ff9b::/96" - - ["2620::/32"] - - proto: "tcp" - ports: 5665 - cidr_ip: - - 172.16.1.0/24 - - 172.16.17.0/24 - - ["10.0.0.0/24"] - <<: *aws_connection_info - check_mode: true - register: result - - - assert: - that: - - result.changed - - - name: test state=present purging a nested ipv4 target (expected changed=true) - ec2_group: - name: '{{ ec2_group_name }}' - description: '{{ ec2_group_description }}' - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ipv6: - - "64:ff9b::/96" - - ["2620::/32"] - - proto: "tcp" - ports: 5665 - cidr_ip: - - 172.16.1.0/24 - - 172.16.17.0/24 - - ["10.0.0.0/24"] - <<: *aws_connection_info - register: result - - - assert: - that: - - result.changed - - 'result.ip_permissions[0].ip_ranges | length == 3 or result.ip_permissions[1].ip_ranges | length == 3' - - 'result.ip_permissions[0].ipv6_ranges | length == 2 or result.ip_permissions[1].ipv6_ranges | length == 2' - - - name: test state=present with both associated ipv6 targets nested (expected changed=false) - ec2_group: - name: '{{ ec2_group_name }}' - description: '{{ ec2_group_description }}' - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ipv6: - - ["2620::/32", "64:ff9b::/96"] - - proto: "tcp" - ports: 5665 - cidr_ip: - - 172.16.1.0/24 - - 172.16.17.0/24 - - ["10.0.0.0/24"] - <<: *aws_connection_info - register: result - - - assert: - that: - - not result.changed - - - name: test state=present add another nested ipv6 target (expected changed=true) - ec2_group: - name: '{{ ec2_group_name }}' - description: '{{ ec2_group_description }}' - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ipv6: - - ["2620::/32", "64:ff9b::/96"] - - ["2001:DB8:A0B:12F0::1/64"] - - proto: "tcp" - ports: 5665 - cidr_ip: - - 172.16.1.0/24 - - 172.16.17.0/24 - - ["10.0.0.0/24"] - <<: *aws_connection_info - register: result - - - assert: - that: - - result.changed - - 'result.ip_permissions[0].ip_ranges | length == 3 or result.ip_permissions[1].ip_ranges | length == 3' - - 'result.ip_permissions[0].ipv6_ranges | length == 3 or result.ip_permissions[1].ipv6_ranges | length == 3' - - - name: delete it - ec2_group: - name: '{{ ec2_group_name }}' - state: absent - <<: *aws_connection_info diff --git a/test/integration/targets/ec2_group/tasks/numeric_protos.yml b/test/integration/targets/ec2_group/tasks/numeric_protos.yml deleted file mode 100644 index ba4f7e90dc..0000000000 --- a/test/integration/targets/ec2_group/tasks/numeric_protos.yml +++ /dev/null @@ -1,71 +0,0 @@ ---- -- block: - - name: set up aws connection info - set_fact: - group_tmp_name: '{{ec2_group_name}}-numbered-protos' - aws_connection_info: &aws_connection_info - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" - region: "{{ aws_region }}" - no_log: yes - - - name: Create a group with numbered protocol (GRE) - ec2_group: - name: '{{ group_tmp_name }}' - vpc_id: '{{ vpc_result.vpc.id }}' - description: '{{ ec2_group_description }}' - rules: - - proto: 47 - to_port: -1 - from_port: -1 - cidr_ip: 0.0.0.0/0 - <<: *aws_connection_info - state: present - register: result - - - name: Create a group with a quoted proto - ec2_group: - name: '{{ group_tmp_name }}' - vpc_id: '{{ vpc_result.vpc.id }}' - description: '{{ ec2_group_description }}' - rules: - - proto: '47' - to_port: -1 - from_port: -1 - cidr_ip: 0.0.0.0/0 - <<: *aws_connection_info - state: present - register: result - - assert: - that: - - result is not changed - - name: Add a tag with a numeric value - ec2_group: - name: '{{ group_tmp_name }}' - vpc_id: '{{ vpc_result.vpc.id }}' - description: '{{ ec2_group_description }}' - tags: - foo: 1 - <<: *aws_connection_info - - name: Read a tag with a numeric value - ec2_group: - name: '{{ group_tmp_name }}' - vpc_id: '{{ vpc_result.vpc.id }}' - description: '{{ ec2_group_description }}' - tags: - foo: 1 - <<: *aws_connection_info - register: result - - assert: - that: - - result is not changed - - always: - - name: tidy up egress rule test security group - ec2_group: - name: '{{group_tmp_name}}' - state: absent - vpc_id: '{{ vpc_result.vpc.id }}' - <<: *aws_connection_info - ignore_errors: yes diff --git a/test/integration/targets/ec2_group/tasks/rule_group_create.yml b/test/integration/targets/ec2_group/tasks/rule_group_create.yml deleted file mode 100644 index 465bdc569f..0000000000 --- a/test/integration/targets/ec2_group/tasks/rule_group_create.yml +++ /dev/null @@ -1,132 +0,0 @@ ---- -- block: - - name: set up aws connection info - set_fact: - aws_connection_info: &aws_connection_info - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" - region: "{{ aws_region }}" - no_log: yes - - - name: Create a group with self-referring rule - ec2_group: - name: '{{ec2_group_name}}-auto-create-1' - vpc_id: '{{ vpc_result.vpc.id }}' - description: '{{ec2_group_description}}' - rules: - - proto: "tcp" - from_port: 8000 - to_port: 8100 - group_name: '{{ec2_group_name}}-auto-create-1' - <<: *aws_connection_info - state: present - register: result - - - name: Create a second group rule - ec2_group: - name: '{{ec2_group_name}}-auto-create-2' - vpc_id: '{{ vpc_result.vpc.id }}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - - - name: Create a series of rules with a recently created group as target - ec2_group: - name: '{{ec2_group_name}}-auto-create-1' - vpc_id: '{{ vpc_result.vpc.id }}' - description: '{{ec2_group_description}}' - purge_rules: false - rules: - - proto: "tcp" - from_port: "{{ item }}" - to_port: "{{ item }}" - group_name: '{{ec2_group_name}}-auto-create-2' - <<: *aws_connection_info - state: present - register: result - with_items: - - 20 - - 40 - - 60 - - 80 - - - name: Create a group with only the default rule - ec2_group: - name: '{{ec2_group_name}}-auto-create-1' - vpc_id: '{{ vpc_result.vpc.id }}' - description: '{{ec2_group_description}}' - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - group_name: '{{ec2_group_name}}-auto-create-3' - <<: *aws_connection_info - state: present - register: result - ignore_errors: true - - - name: assert you can't create a new group from a rule target with no description - assert: - that: - - result is failed - - - name: Create a group with a target of a separate group - ec2_group: - name: '{{ec2_group_name}}-auto-create-1' - vpc_id: '{{ vpc_result.vpc.id }}' - description: '{{ec2_group_description}}' - rules: - - proto: tcp - ports: - - 22 - - 80 - group_name: '{{ec2_group_name}}-auto-create-3' - group_desc: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - register: result - - - name: Create a 4th group - ec2_group: - name: '{{ec2_group_name}}-auto-create-4' - vpc_id: '{{ vpc_result.vpc.id }}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - rules: - - proto: tcp - ports: - - 22 - cidr_ip: 0.0.0.0/0 - - - name: use recently created group in a rule - ec2_group: - name: '{{ec2_group_name}}-auto-create-5' - vpc_id: '{{ vpc_result.vpc.id }}' - description: '{{ec2_group_description}}' - rules: - - proto: tcp - ports: - - 443 - group_name: '{{ec2_group_name}}-auto-create-4' - <<: *aws_connection_info - state: present - - always: - - name: tidy up egress rule test security group - ec2_group: - name: '{{ec2_group_name}}-auto-create-{{ item }}' - state: absent - vpc_id: '{{ vpc_result.vpc.id }}' - <<: *aws_connection_info - ignore_errors: yes - with_items: [5, 4, 3, 2, 1] - - name: tidy up egress rule test security group - ec2_group: - name: '{{ec2_group_name}}-auto-create-{{ item }}' - state: absent - vpc_id: '{{ vpc_result.vpc.id }}' - <<: *aws_connection_info - ignore_errors: yes - with_items: [1, 2, 3, 4, 5] diff --git a/test/integration/targets/ec2_key/aliases b/test/integration/targets/ec2_key/aliases deleted file mode 100644 index 6e3860bee2..0000000000 --- a/test/integration/targets/ec2_key/aliases +++ /dev/null @@ -1,2 +0,0 @@ -cloud/aws -shippable/aws/group2 diff --git a/test/integration/targets/ec2_key/defaults/main.yml b/test/integration/targets/ec2_key/defaults/main.yml deleted file mode 100644 index df0082d999..0000000000 --- a/test/integration/targets/ec2_key/defaults/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -# defaults file for test_ec2_key -ec2_key_name: '{{resource_prefix}}' diff --git a/test/integration/targets/ec2_key/meta/main.yml b/test/integration/targets/ec2_key/meta/main.yml deleted file mode 100644 index 45f0cedf8e..0000000000 --- a/test/integration/targets/ec2_key/meta/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -dependencies: - - prepare_tests - - setup_sshkey - - setup_ec2 diff --git a/test/integration/targets/ec2_key/tasks/main.yml b/test/integration/targets/ec2_key/tasks/main.yml deleted file mode 100644 index c39bc5385d..0000000000 --- a/test/integration/targets/ec2_key/tasks/main.yml +++ /dev/null @@ -1,164 +0,0 @@ ---- -# A Note about ec2 environment variable name preference: -# - EC2_URL -> AWS_URL -# - EC2_ACCESS_KEY -> AWS_ACCESS_KEY_ID -> AWS_ACCESS_KEY -# - EC2_SECRET_KEY -> AWS_SECRET_ACCESS_KEY -> AWX_SECRET_KEY -# - EC2_REGION -> AWS_REGION -# -# TODO - name: test 'validate_certs' parameter -# TODO - name: test creating key pair with another_key_material with force=yes -# ============================================================ -# - include: ../../setup_ec2/tasks/common.yml module_name=ec2_key - -- block: - - # ============================================================ - - name: test with no parameters - ec2_key: - register: result - ignore_errors: true - - - name: assert failure when called with no parameters - assert: - that: - - 'result.failed' - - 'result.msg == "missing required arguments: name"' - - # ============================================================ - - name: test removing a non-existent key pair - ec2_key: - name='{{ec2_key_name}}' - ec2_region={{ec2_region}} - ec2_access_key={{ec2_access_key}} - ec2_secret_key={{ec2_secret_key}} - security_token={{security_token}} - state=absent - register: result - - - name: assert removing a non-existent key pair - assert: - that: - - 'not result.changed' - - # ============================================================ - - name: test creating a new key pair - ec2_key: - name='{{ec2_key_name}}' - ec2_region={{ec2_region}} - ec2_access_key={{ec2_access_key}} - ec2_secret_key={{ec2_secret_key}} - security_token={{security_token}} - state=present - register: result - - - name: assert creating a new key pair - assert: - that: - - 'result.changed' - - '"key" in result' - - '"name" in result.key' - - '"fingerprint" in result.key' - - '"private_key" in result.key' - - 'result.key.name == "{{ec2_key_name}}"' - - # ============================================================ - - name: test removing an existent key - ec2_key: - name='{{ec2_key_name}}' - state=absent - environment: - EC2_REGION: '{{ec2_region}}' - EC2_ACCESS_KEY: '{{ec2_access_key}}' - EC2_SECRET_KEY: '{{ec2_secret_key}}' - EC2_SECURITY_TOKEN: '{{security_token|default("")}}' - register: result - - - name: assert removing an existent key - assert: - that: - - 'result.changed' - - '"key" in result' - - 'result.key == None' - - # ============================================================ - - name: test state=present with key_material - ec2_key: - name='{{ec2_key_name}}' - key_material='{{key_material}}' - state=present - environment: - EC2_REGION: '{{ec2_region}}' - EC2_ACCESS_KEY: '{{ec2_access_key}}' - EC2_SECRET_KEY: '{{ec2_secret_key}}' - EC2_SECURITY_TOKEN: '{{security_token|default("")}}' - register: result - - - name: assert state=present with key_material - assert: - that: - - 'result.changed == True' - - '"key" in result' - - '"name" in result.key' - - '"fingerprint" in result.key' - - '"private_key" not in result.key' - - 'result.key.name == "{{ec2_key_name}}"' - - 'result.key.fingerprint == "{{fingerprint}}"' - - # ============================================================ - - - name: test force=no with another_key_material (expect changed=false) - ec2_key: - name: '{{ ec2_key_name }}' - ec2_region: '{{ ec2_region }}' - ec2_access_key: '{{ ec2_access_key }}' - ec2_secret_key: '{{ ec2_secret_key }}' - security_token: '{{ security_token }}' - key_material: '{{ another_key_material }}' - force: no - register: result - - - name: assert force=no with another_key_material (expect changed=false) - assert: - that: - - 'not result.changed' - - 'result.key.fingerprint == "{{ fingerprint }}"' - - # ============================================================ - - - name: test updating a key pair using another_key_material (expect changed=True) - ec2_key: - name: '{{ ec2_key_name }}' - ec2_region: '{{ ec2_region }}' - ec2_access_key: '{{ ec2_access_key }}' - ec2_secret_key: '{{ ec2_secret_key }}' - security_token: '{{ security_token }}' - key_material: '{{ another_key_material }}' - register: result - - - name: assert updating a key pair using another_key_material (expect changed=True) - assert: - that: - - 'result.changed' - - 'result.key.fingerprint != "{{ fingerprint }}"' - - # ============================================================ - - always: - - # ============================================================ - - name: test state=absent (expect changed=true) - ec2_key: - name='{{ec2_key_name}}' - ec2_region='{{ec2_region}}' - ec2_access_key='{{ec2_access_key}}' - ec2_secret_key='{{ec2_secret_key}}' - security_token='{{security_token}}' - state=absent - register: result - - - name: assert state=absent with key_material (expect changed=true) - assert: - that: - - 'result.changed' - - '"key" in result' - - 'result.key == None' diff --git a/test/integration/targets/ec2_metadata_facts/aliases b/test/integration/targets/ec2_metadata_facts/aliases deleted file mode 100644 index f9961d9a2f..0000000000 --- a/test/integration/targets/ec2_metadata_facts/aliases +++ /dev/null @@ -1,3 +0,0 @@ -cloud/aws -shippable/aws/group2 -shippable/aws/smoketest diff --git a/test/integration/targets/ec2_metadata_facts/defaults/main.yml b/test/integration/targets/ec2_metadata_facts/defaults/main.yml deleted file mode 100644 index c25743914a..0000000000 --- a/test/integration/targets/ec2_metadata_facts/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# defaults file for test_ec2_facts diff --git a/test/integration/targets/ec2_metadata_facts/meta/main.yml b/test/integration/targets/ec2_metadata_facts/meta/main.yml deleted file mode 100644 index 1f64f1169a..0000000000 --- a/test/integration/targets/ec2_metadata_facts/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - prepare_tests - - setup_ec2 diff --git a/test/integration/targets/ec2_metadata_facts/tasks/main.yml b/test/integration/targets/ec2_metadata_facts/tasks/main.yml deleted file mode 100644 index 8ea9fcf1f8..0000000000 --- a/test/integration/targets/ec2_metadata_facts/tasks/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# tasks file for test_ec2_facts diff --git a/test/integration/targets/ec2_metadata_facts/vars/main.yml b/test/integration/targets/ec2_metadata_facts/vars/main.yml deleted file mode 100644 index bb8f6c1875..0000000000 --- a/test/integration/targets/ec2_metadata_facts/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for test_ec2_facts diff --git a/test/integration/targets/ec2_snapshot/aliases b/test/integration/targets/ec2_snapshot/aliases deleted file mode 100644 index 1dcb36b283..0000000000 --- a/test/integration/targets/ec2_snapshot/aliases +++ /dev/null @@ -1,3 +0,0 @@ -cloud/aws -shippable/aws/group4 -ec2_snapshot_info diff --git a/test/integration/targets/ec2_snapshot/defaults/main.yml b/test/integration/targets/ec2_snapshot/defaults/main.yml deleted file mode 100644 index dc1f0f703d..0000000000 --- a/test/integration/targets/ec2_snapshot/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# defaults file for ec2_snapshot diff --git a/test/integration/targets/ec2_snapshot/tasks/main.yml b/test/integration/targets/ec2_snapshot/tasks/main.yml deleted file mode 100644 index b8cdec3045..0000000000 --- a/test/integration/targets/ec2_snapshot/tasks/main.yml +++ /dev/null @@ -1,256 +0,0 @@ ---- -# Tests for EC2 Snapshot -# -# Tests ec2_snapshot: -# - Snapshot creation -# - Create with last_snapshot_min_age -# - Snapshot deletion -# -# Tests ec2_snapshot_info: -# - Listing snapshots for filter: tag -# -# Possible Bugs: -# - check_mode not supported -# -- name: Integration testing for ec2_snapshot - module_defaults: - group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" - region: "{{ aws_region }}" - - block: - - ec2_ami_info: - owners: amazon - filters: - architecture: x86_64 - virtualization-type: hvm - root-device-type: ebs - name: "amzn-ami-hvm*" - register: amis - - - name: Setup an instance for testing - ec2_instance: - name: '{{ resource_prefix }}' - instance_type: t2.nano - image_id: "{{ (amis.images | sort(attribute='creation_date') | last).image_id }}" - wait: yes - volumes: - - device_name: /dev/xvda - ebs: - volume_size: 8 - delete_on_termination: true - register: instance - - - set_fact: - volume_id: '{{ instance.instances[0].block_device_mappings[0].ebs.volume_id }}' - instance_id: '{{ instance.instances[0].instance_id }}' - device_name: '{{ instance.instances[0].block_device_mappings[0].device_name }}' - -# JR: Check mode not supported -# - name: Take snapshot (check mode) -# ec2_snapshot: -# instance_id: '{{ instance_id }}' -# check_mode: true -# snapshot_tags: -# Test: '{{ resource_prefix }}' -# register: result -# - assert: -# that: -# - result is changed - - - name: Take snapshot of volume - ec2_snapshot: - volume_id: '{{ volume_id }}' - register: result - - # The Name tag is created automatically as the instance_name; ie the resource_prefix - - name: Get info about snapshots - ec2_snapshot_info: - filters: - "tag:Name": '{{ resource_prefix }}' - register: info_result - - - assert: - that: - - result is changed - - info_result.snapshots| length == 1 - - info_result.snapshots[0].snapshot_id == result.snapshot_id - - info_result.snapshots[0].volume_id == result.volume_id - - info_result.snapshots[0].volume_size == result.volume_size - - info_result.snapshots[0].tags == result.tags - -# JR: Check mode not supported -# - name: Take snapshot if most recent >1hr (False) (check mode) -# ec2_snapshot: -# volume_id: '{{ volume_id }}' -# snapshot_tags: -# Name: '{{ resource_prefix }}' -# last_snapshot_min_age: 60 -# check_mode: true -# register: result -# - assert: -# that: -# - result is not changed - - - name: Take snapshot if most recent >1hr (False) - ec2_snapshot: - volume_id: '{{ volume_id }}' - last_snapshot_min_age: 60 - register: result - - - name: Get info about snapshots - ec2_snapshot_info: - filters: - "tag:Name": '{{ resource_prefix }}' - register: info_result - - - assert: - that: - - result is not changed - - info_result.snapshots| length == 1 - - - name: Pause so we can do a last_snapshot_min_age test - pause: - minutes: 1 - -# JR: Check mode not supported -# - name: Take snapshot if most recent >1min (True) (check mode) -# ec2_snapshot: -# volume_id: '{{ volume_id }}' -# snapshot_tags: -# Name: '{{ resource_prefix }}' -# last_snapshot_min_age: 1 -# check_mode: true -# register: result -# - assert: -# that: -# - result is changed - - - name: Take snapshot if most recent >1min (True) - ec2_snapshot: - volume_id: '{{ volume_id }}' - last_snapshot_min_age: 1 - register: result - - - name: Get info about snapshots - ec2_snapshot_info: - filters: - "tag:Name": '{{ resource_prefix }}' - register: info_result - - - assert: - that: - - result is changed - - info_result.snapshots| length == 2 - - '"{{ result.snapshot_id }}" in "{{ info_result| json_query("snapshots[].snapshot_id") }}"' - -# JR: Check mode not supported -# - name: Take snapshot with a tag (check mode) -# ec2_snapshot: -# volume_id: '{{ volume_id }}' -# snapshot_tags: -# MyTag: '{{ resource_prefix }}' -# register: result -# - assert: -# that: -# - result is changed - - # Wait at least 15 seconds between concurrent volume snapshots. - - name: Prevent SnapshotCreationPerVolumeRateExceeded errors - pause: - seconds: 15 - - - name: Take snapshot and tag it - ec2_snapshot: - volume_id: '{{ volume_id }}' - snapshot_tags: - MyTag: '{{ resource_prefix }}' - register: tagged_result - - - name: Get info about snapshots by tag - ec2_snapshot_info: - filters: - "tag:MyTag": '{{ resource_prefix }}' - register: tag_info_result - - - set_fact: - tagged_snapshot_id: '{{ tag_info_result.snapshots[0].snapshot_id }}' - - - assert: - that: - - tagged_result is changed - - tagged_result.tags| length == 2 - - tag_info_result.snapshots| length == 1 - - tagged_result.tags.MyTag == "{{ resource_prefix }}" - - '"{{ tagged_result.snapshot_id }}" == "{{ tagged_snapshot_id }}"' - - - name: Get info about all snapshots for this test - ec2_snapshot_info: - filters: - "tag:Name": '{{ resource_prefix }}' - register: info_result - - - assert: - that: - - info_result.snapshots| length == 3 - - - name: Delete the tagged snapshot - ec2_snapshot: - state: absent - snapshot_id: '{{ tagged_snapshot_id }}' - - - name: Get info about all snapshots for this test - ec2_snapshot_info: - filters: - "tag:Name": '{{ resource_prefix }}' - register: info_result - - - assert: - that: - - info_result.snapshots| length == 2 - - '"{{ tagged_snapshot_id }}" not in "{{ info_result| json_query("snapshots[].snapshot_id") }}"' - - - name: Delete snapshots - ec2_snapshot: - state: absent - snapshot_id: '{{ item.snapshot_id }}' - with_items: '{{ info_result.snapshots }}' - - - name: Get info about all snapshots for this test - ec2_snapshot_info: - filters: - "tag:Name": '{{ resource_prefix }}' - register: info_result - - - assert: - that: - - info_result.snapshots| length == 0 - - always: - - - name: Snapshots to delete - ec2_snapshot_info: - filters: - "tag:Name": '{{ resource_prefix }}' - register: tagged_snapshots - - - name: Delete tagged snapshots - ec2_snapshot: - state: absent - snapshot_id: '{{ item.snapshot_id }}' - with_items: '{{ tagged_snapshots.snapshots }}' - ignore_errors: true - - - name: Delete instance - ec2_instance: - instance_ids: '{{ instance_id }}' - state: absent - ignore_errors: true - - - name: Delete volume - ec2_vol: - id: '{{ volume_id }}' - state: absent - ignore_errors: true
\ No newline at end of file diff --git a/test/integration/targets/ec2_tag/aliases b/test/integration/targets/ec2_tag/aliases deleted file mode 100644 index be56eee894..0000000000 --- a/test/integration/targets/ec2_tag/aliases +++ /dev/null @@ -1,3 +0,0 @@ -cloud/aws -shippable/aws/group2 -ec2_tag_info diff --git a/test/integration/targets/ec2_tag/defaults/main.yml b/test/integration/targets/ec2_tag/defaults/main.yml deleted file mode 100644 index 6aa39c7360..0000000000 --- a/test/integration/targets/ec2_tag/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# defaults file for test_ec2_tag diff --git a/test/integration/targets/ec2_tag/meta/main.yml b/test/integration/targets/ec2_tag/meta/main.yml deleted file mode 100644 index 1f64f1169a..0000000000 --- a/test/integration/targets/ec2_tag/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - prepare_tests - - setup_ec2 diff --git a/test/integration/targets/ec2_tag/tasks/main.yml b/test/integration/targets/ec2_tag/tasks/main.yml deleted file mode 100644 index 7e8cd8d128..0000000000 --- a/test/integration/targets/ec2_tag/tasks/main.yml +++ /dev/null @@ -1,144 +0,0 @@ ---- -# tasks file for test_ec2_tag -- name: Set up AWS connection info - module_defaults: - group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" - region: "{{ aws_region }}" - block: - - name: Create an EC2 volume so we have something to tag - ec2_vol: - name: "{{ resource_prefix }} ec2_tag volume" - volume_size: 1 - state: present - zone: "{{ aws_region }}a" - register: volume - - - name: List the tags on the volume (ec2_tag) - ec2_tag: - resource: "{{ volume.volume_id }}" - state: list - register: result - - name: List the tags on the volume (ec2_tag_info) - ec2_tag_info: - resource: "{{ volume.volume_id }}" - register: result_info - - - assert: - that: - - result.tags | length == 1 - - result.tags.Name == '{{ resource_prefix }} ec2_tag volume' - - result_info.tags | length == 1 - - result_info.tags.Name == '{{ resource_prefix }} ec2_tag volume' - - - name: Set some new tags on the volume - ec2_tag: - resource: "{{ volume.volume_id }}" - state: present - tags: - foo: foo - bar: baz - baz: also baz - register: result - - name: List the new tags on the volume - ec2_tag_info: - resource: "{{ volume.volume_id }}" - register: result_info - - - assert: - that: - - result is changed - - result.tags | length == 4 - - result.added_tags | length == 3 - - result.tags.Name == '{{ resource_prefix }} ec2_tag volume' - - result.tags.foo == 'foo' - - result.tags.bar == 'baz' - - result.tags.baz == 'also baz' - - result_info.tags | length == 4 - - result_info.tags.Name == '{{ resource_prefix }} ec2_tag volume' - - result_info.tags.foo == 'foo' - - result_info.tags.bar == 'baz' - - result_info.tags.baz == 'also baz' - - - name: Remove a tag by name - ec2_tag: - resource: "{{ volume.volume_id }}" - state: absent - tags: - baz: - register: result - - - assert: - that: - - result is changed - - result.removed_tags | length == 1 - - "'baz' in result.removed_tags" - - - name: Don't remove a tag - ec2_tag: - resource: "{{ volume.volume_id }}" - state: absent - tags: - foo: baz - register: result - - - assert: - that: - - result is not changed - - - name: Remove a tag - ec2_tag: - resource: "{{ volume.volume_id }}" - state: absent - tags: - foo: foo - register: result - - - assert: - that: - - result is changed - - result.tags | length == 2 - - "'added_tags' not in result" - - result.removed_tags | length == 1 - - result.tags.Name == '{{ resource_prefix }} ec2_tag volume' - - result.tags.bar == 'baz' - - - name: Set an exclusive tag - ec2_tag: - resource: "{{ volume.volume_id }}" - purge_tags: true - tags: - baz: quux - register: result - - - assert: - that: - - result is changed - - result.tags | length == 1 - - result.added_tags | length == 1 - - result.removed_tags | length == 2 - - result.tags.baz == 'quux' - - - name: Remove all tags - ec2_tag: - resource: "{{ volume.volume_id }}" - purge_tags: true - tags: {} - register: result - - - assert: - that: - - result is changed - - result.tags | length == 0 - - always: - - name: Remove the volume - ec2_vol: - id: "{{ volume.volume_id }}" - state: absent - register: result - until: result is not failed - ignore_errors: yes - retries: 10 diff --git a/test/integration/targets/ec2_tag/vars/main.yml b/test/integration/targets/ec2_tag/vars/main.yml deleted file mode 100644 index c2d0654aef..0000000000 --- a/test/integration/targets/ec2_tag/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for test_ec2_tag diff --git a/test/integration/targets/ec2_vol/aliases b/test/integration/targets/ec2_vol/aliases deleted file mode 100644 index 157ce0c9d4..0000000000 --- a/test/integration/targets/ec2_vol/aliases +++ /dev/null @@ -1,2 +0,0 @@ -cloud/aws -shippable/aws/group3 diff --git a/test/integration/targets/ec2_vol/defaults/main.yml b/test/integration/targets/ec2_vol/defaults/main.yml deleted file mode 100644 index eb2594bc99..0000000000 --- a/test/integration/targets/ec2_vol/defaults/main.yml +++ /dev/null @@ -1,5 +0,0 @@ -vpc_name: '{{ resource_prefix }}-vpc' -vpc_seed: '{{ resource_prefix }}' -vpc_cidr: '10.{{ 256 | random(seed=vpc_seed) }}.0.0/16' -subnet_cidr: '10.{{ 256 | random(seed=vpc_seed) }}.32.0/24' -ec2_ami_name: 'amzn2-ami-hvm-2.*-x86_64-gp2'
\ No newline at end of file diff --git a/test/integration/targets/ec2_vol/tasks/main.yml b/test/integration/targets/ec2_vol/tasks/main.yml deleted file mode 100644 index aa81248e30..0000000000 --- a/test/integration/targets/ec2_vol/tasks/main.yml +++ /dev/null @@ -1,373 +0,0 @@ ---- - -- module_defaults: - group/aws: - aws_access_key: '{{ aws_access_key | default(omit) }}' - aws_secret_key: '{{ aws_secret_key | default(omit) }}' - security_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region | default(omit) }}' - - block: - - # ==== Env setup ========================================================== - - name: list available AZs - aws_az_info: - register: region_azs - - - name: pick an AZ for testing - set_fact: - availability_zone: "{{ region_azs.availability_zones[0].zone_name }}" - - - name: Create a test VPC - ec2_vpc_net: - name: "{{ vpc_name }}" - cidr_block: "{{ vpc_cidr }}" - tags: - Name: ec2_vol testing - ResourcePrefix: "{{ resource_prefix }}" - register: testing_vpc - - - name: Create a test subnet - ec2_vpc_subnet: - vpc_id: "{{ testing_vpc.vpc.id }}" - cidr: "{{ subnet_cidr }}" - tags: - Name: ec2_vol testing - ResourcePrefix: "{{ resource_prefix }}" - az: '{{ availability_zone }}' - register: testing_subnet - - - name: Find AMI to use - ec2_ami_info: - owners: 'amazon' - filters: - name: '{{ ec2_ami_name }}' - register: ec2_amis - - - name: Set fact with latest AMI - vars: - latest_ami: '{{ ec2_amis.images | sort(attribute="creation_date") | last }}' - set_fact: - ec2_ami_image: '{{ latest_ami.image_id }}' - - # ==== ec2_vol tests =============================================== - - - name: create a volume (validate module defaults) - ec2_vol: - volume_size: 1 - zone: "{{ availability_zone }}" - tags: - ResourcePrefix: "{{ resource_prefix }}" - register: volume1 - - - name: check task return attributes - assert: - that: - - volume1.changed - - "'volume' in volume1" - - "'volume_id' in volume1" - - "'volume_type' in volume1" - - "'device' in volume1" - - "volume1.volume.status == 'available'" - - "volume1.volume_type == 'standard'" - - "'attachment_set' in volume1.volume and 'instance_id' in volume1.volume.attachment_set and not volume1.volume.attachment_set.instance_id" - - "not volume1.volume.encrypted" - - # no idempotency check needed here - - - name: create another volume (override module defaults) - ec2_vol: - encrypted: yes - volume_size: 4 - volume_type: io1 - iops: 101 - name: "{{ resource_prefix }}" - tags: - ResourcePrefix: "{{ resource_prefix }}" - zone: "{{ availability_zone }}" - register: volume2 - - - name: check task return attributes - assert: - that: - - volume2.changed - - "'volume' in volume2" - - "'volume_id' in volume2" - - "'volume_type' in volume2" - - "'device' in volume2" - - "volume2.volume.status == 'available'" - - "volume2.volume_type == 'io1'" - - "volume2.volume.iops == 101" - - "volume2.volume.size == 4" - - "volume2.volume.encrypted" - - - name: create another volume (override module defaults) (idempotent) - ec2_vol: - encrypted: yes - volume_size: 4 - volume_type: io1 - iops: 101 - name: "{{ resource_prefix }}" - tags: - ResourcePrefix: "{{ resource_prefix }}" - zone: "{{ availability_zone }}" - register: volume2_idem - - - name: check task return attributes - assert: - that: - - not volume2_idem.changed - - - name: create snapshot from volume - ec2_snapshot: - volume_id: "{{ volume1.volume_id }}" - description: "Resource Prefix - {{ resource_prefix }}" - snapshot_tags: - ResourcePrefix: "{{ resource_prefix }}" - register: vol1_snapshot - - - name: check task return attributes - assert: - that: - - vol1_snapshot.changed - - - name: create a volume from a snapshot - ec2_vol: - snapshot: "{{ vol1_snapshot.snapshot_id }}" - encrypted: yes - volume_type: gp2 - volume_size: 1 - zone: "{{ availability_zone }}" - tags: - ResourcePrefix: "{{ resource_prefix }}" - register: volume3 - - - name: check task return attributes - assert: - that: - - volume3.changed - - "volume3.volume.snapshot_id == vol1_snapshot.snapshot_id" - - - name: create an ec2 instance - ec2_instance: - name: "{{ resource_prefix }}" - vpc_subnet_id: "{{ testing_subnet.subnet.id }}" - instance_type: t3.nano - image_id: "{{ ec2_ami_image }}" - tags: - ResourcePrefix: "{{ resource_prefix }}" - register: test_instance - - - name: check task return attributes - assert: - that: - - test_instance.changed - - - name: attach existing volume to an instance - ec2_vol: - id: "{{ volume1.volume_id }}" - instance: "{{ test_instance.instance_ids[0] }}" - device_name: /dev/sdg - delete_on_termination: no - register: vol_attach_result - - - name: check task return attributes - assert: - that: - - "vol_attach_result.changed" - - "'device' in vol_attach_result and vol_attach_result.device == '/dev/sdg'" - - "'volume' in vol_attach_result" - - "vol_attach_result.volume.attachment_set.status == 'attached'" - - "vol_attach_result.volume.attachment_set.instance_id == test_instance.instance_ids[0]" - - "vol_attach_result.volume.attachment_set.device == '/dev/sdg'" - -# Failing -# - "vol_attach_result.volume.attachment_set.deleteOnTermination" - - - name: attach existing volume to an instance (idempotent) - ec2_vol: - id: "{{ volume1.volume_id }}" - instance: "{{ test_instance.instance_ids[0] }}" - device_name: /dev/sdg - delete_on_termination: no - register: vol_attach_result - - - name: check task return attributes - assert: - that: - - "not vol_attach_result.changed" - - - name: attach a new volume to an instance - ec2_vol: - instance: "{{ test_instance.instance_ids[0] }}" - device_name: /dev/sdh - volume_size: 1 - volume_type: gp2 - tags: - ResourcePrefix: "{{ resource_prefix }}" - register: new_vol_attach_result - - - name: check task return attributes - assert: - that: - - "new_vol_attach_result.changed" - - "'device' in new_vol_attach_result and new_vol_attach_result.device == '/dev/sdh'" - - "'volume' in new_vol_attach_result" - - "new_vol_attach_result.volume.attachment_set.status == 'attached'" - - "new_vol_attach_result.volume.attachment_set.instance_id == test_instance.instance_ids[0]" - - "new_vol_attach_result.volume.attachment_set.device == '/dev/sdh'" - - - name: attach a new volume to an instance (idempotent) - ec2_vol: - instance: "{{ test_instance.instance_ids[0] }}" - device_name: /dev/sdh - volume_size: 1 - volume_type: gp2 - tags: - ResourcePrefix: "{{ resource_prefix }}" - register: new_vol_attach_result_idem - - - name: check task return attributes - assert: - that: - - "not new_vol_attach_result_idem.changed" - - "'Volume mapping for /dev/sdh already exists' in new_vol_attach_result_idem.msg" - - - name: create a volume from a snapshot and attach to the instance - ec2_vol: - instance: "{{ test_instance.instance_ids[0] }}" - device_name: /dev/sdi - snapshot: "{{ vol1_snapshot.snapshot_id }}" - tags: - ResourcePrefix: "{{ resource_prefix }}" - register: attach_new_vol_from_snapshot_result - - - name: check task return attributes - assert: - that: - - "attach_new_vol_from_snapshot_result.changed" - - "'device' in attach_new_vol_from_snapshot_result and attach_new_vol_from_snapshot_result.device == '/dev/sdi'" - - "'volume' in attach_new_vol_from_snapshot_result" - - "attach_new_vol_from_snapshot_result.volume.attachment_set.status == 'attached'" - - "attach_new_vol_from_snapshot_result.volume.attachment_set.instance_id == test_instance.instance_ids[0]" - - - name: list volumes attached to instance - ec2_vol: - instance: "{{ test_instance.instance_ids[0] }}" - state: list - register: inst_vols - - - name: check task return attributes - assert: - that: - - "not inst_vols.changed" - - "'volumes' in inst_vols" - - "inst_vols.volumes | length == 4" - - - name: get info on ebs volumes - ec2_vol_info: - register: ec2_vol_info - - - name: check task return attributes - assert: - that: - - "not ec2_vol_info.failed" - - - name: get info on ebs volumes - ec2_vol_info: - filters: - attachment.instance-id: "{{ test_instance.instance_ids[0] }}" - register: ec2_vol_info - - - name: check task return attributes - assert: - that: - - "{{ ec2_vol_info.volumes | length == 4 }}" - - - name: detach volume from the instance - ec2_vol: - id: "{{ new_vol_attach_result.volume_id }}" - instance: "" - register: new_vol_attach_result - - - name: check task return attributes - assert: - that: - - "new_vol_attach_result.changed" - - "new_vol_attach_result.volume.status == 'available'" - - - name: detach volume from the instance (idempotent) - ec2_vol: - id: "{{ new_vol_attach_result.volume_id }}" - instance: "" - register: new_vol_attach_result_idem - - - name: check task return attributes - assert: - that: - - "not new_vol_attach_result_idem.changed" - - - name: delete volume - ec2_vol: - id: "{{ volume2.volume_id }}" - state: absent - register: delete_volume_result - - - name: check task return attributes - assert: - that: - - "delete_volume_result.changed" - - - name: delete volume (idempotent) - ec2_vol: - id: "{{ volume2.volume_id }}" - state: absent - register: delete_volume_result_idem - - - name: check task return attributes - assert: - that: - - "not delete_volume_result_idem.changed" - - # ==== Cleanup ============================================================ - - always: - - - name: delete test instance - ec2_instance: - instance_ids: - - "{{ test_instance.instance_ids[0] }}" - state: terminated - ignore_errors: yes - - - name: delete volumes - ec2_vol: - id: "{{ item.volume_id }}" - state: absent - ignore_errors: yes - with_items: - - "{{ volume1 }}" - - "{{ volume2 }}" - - "{{ volume3 }}" - - "{{ new_vol_attach_result }}" - - "{{ attach_new_vol_from_snapshot_result }}" - - - name: delete snapshot - ec2_snapshot: - snapshot_id: "{{ vol1_snapshot.snapshot_id }}" - state: absent - ignore_errors: yes - - - name: delete test subnet - ec2_vpc_subnet: - vpc_id: "{{ testing_vpc.vpc.id }}" - cidr: "{{ subnet_cidr }}" - state: absent - ignore_errors: yes - - - name: delete test VPC - ec2_vpc_net: - name: "{{ vpc_name }}" - cidr_block: "{{ vpc_cidr }}" - state: absent - ignore_errors: yes diff --git a/test/integration/targets/ec2_vol_info/aliases b/test/integration/targets/ec2_vol_info/aliases deleted file mode 100644 index 157ce0c9d4..0000000000 --- a/test/integration/targets/ec2_vol_info/aliases +++ /dev/null @@ -1,2 +0,0 @@ -cloud/aws -shippable/aws/group3 diff --git a/test/integration/targets/ec2_vol_info/meta/main.yml b/test/integration/targets/ec2_vol_info/meta/main.yml deleted file mode 100644 index 1f64f1169a..0000000000 --- a/test/integration/targets/ec2_vol_info/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - prepare_tests - - setup_ec2 diff --git a/test/integration/targets/ec2_vol_info/tasks/main.yml b/test/integration/targets/ec2_vol_info/tasks/main.yml deleted file mode 100644 index 9bde030761..0000000000 --- a/test/integration/targets/ec2_vol_info/tasks/main.yml +++ /dev/null @@ -1,123 +0,0 @@ ---- -# tasks file for test_ec2_vol_info -- name: Set up AWS connection info - set_fact: - aws_connection_info: &aws_connection_info - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" - region: "{{ aws_region }}" - no_log: true - -- block: - - ec2_ami_info: - owners: amazon - <<: *aws_connection_info - filters: - architecture: x86_64 - virtualization-type: hvm - root-device-type: ebs - name: "amzn-ami-hvm*" - register: amis - - - name: Create test instance - ec2_instance: - name: "{{ resource_prefix }}_ansible_ec2_vol_info_test" - instance_type: t2.nano - image_id: "{{ (amis.images | sort(attribute='creation_date') | last).image_id }}" - wait: yes - tags: - Environment: test - <<: *aws_connection_info - register: instance - - - name: Ensure there's only one matching instance - assert: - that: - - "instance.instance_ids|length == 1" - - "instance.instances|length == 1" - - - name: Create test volume - ec2_vol: - instance: "{{ instance.instance_ids[0] }}" - volume_size: 4 - name: "{{ resource_prefix }}_ansible_ec2_vol_info_test.db" - device_name: /dev/xvdf - iops: 100 - tags: - Tag Name with Space-and-dash: Tag Value with Space-and-dash - <<: *aws_connection_info - delete_on_termination: yes - register: volume - - - name: Gather volume info without any filters - ec2_vol_info: - <<: *aws_connection_info - register: volume_facts_wo_filters - check_mode: no - - - name: Check if facts are returned without filters - assert: - that: - - "volume_facts_wo_filters.volumes is defined" - - - name: Gather volume info - ec2_vol_info: - <<: *aws_connection_info - filters: - "tag:Name": "{{ resource_prefix }}_ansible_ec2_vol_info_test.db" - register: volume_facts - check_mode: no - - - name: Format check - assert: - that: - - "volume_facts.volumes|length == 1" - - "v.attachment_set.attach_time is defined" - - "v.attachment_set.device is defined and v.attachment_set.device == volume.device" - - "v.attachment_set.instance_id is defined and v.attachment_set.instance_id == instance.instance_ids[0]" - - "v.attachment_set.status is defined and v.attachment_set.status == 'attached'" - - "v.create_time is defined" - - "v.encrypted is defined and v.encrypted == false" - - "v.id is defined and v.id == volume.volume_id" - - "v.iops is defined and v.iops == 100" - - "v.region is defined and v.region == aws_region" - - "v.size is defined and v.size == 4" - - "v.snapshot_id is defined and v.snapshot_id == ''" - - "v.status is defined and v.status == 'in-use'" - - "v.tags.Name is defined and v.tags.Name == resource_prefix + '_ansible_ec2_vol_info_test.db'" - - "v.tags['Tag Name with Space-and-dash'] == 'Tag Value with Space-and-dash'" - - "v.type is defined and v.type == 'io1'" - - "v.zone is defined and v.zone == instance.instances[0].placement.availability_zone" - vars: - v: "{{ volume_facts.volumes[0] }}" - - - name: New format check - assert: - that: - - "v.attachment_set.delete_on_termination is defined" - vars: - v: "{{ volume_facts.volumes[0] }}" - when: ansible_version.full is version('2.7', '>=') - - always: - - name: Remove the instance - ec2_instance: - state: absent - filters: - "tag:Name": "{{ resource_prefix }}_ansible_ec2_vol_info_test" - <<: *aws_connection_info - register: result - until: result is not failed - ignore_errors: yes - retries: 10 - - - name: Remove the volume - ec2_vol: - id: "{{ volume.volume_id }}" - state: absent - <<: *aws_connection_info - register: result - until: result is not failed - ignore_errors: yes - retries: 10 diff --git a/test/integration/targets/ec2_vpc_net/aliases b/test/integration/targets/ec2_vpc_net/aliases deleted file mode 100644 index fb765ef767..0000000000 --- a/test/integration/targets/ec2_vpc_net/aliases +++ /dev/null @@ -1,3 +0,0 @@ -ec2_vpc_net_info -cloud/aws -shippable/aws/group1 diff --git a/test/integration/targets/ec2_vpc_net/defaults/main.yml b/test/integration/targets/ec2_vpc_net/defaults/main.yml deleted file mode 100644 index 3289b27835..0000000000 --- a/test/integration/targets/ec2_vpc_net/defaults/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -# defaults file for ec2_vpc_net -vpc_cidr: '10.{{ 256 | random(seed=resource_prefix) }}.0.0/24' -vpc_cidr_a: '10.{{ 256 | random(seed=resource_prefix) }}.1.0/24' -vpc_cidr_b: '10.{{ 256 | random(seed=resource_prefix) }}.2.0/24' diff --git a/test/integration/targets/ec2_vpc_net/meta/main.yml b/test/integration/targets/ec2_vpc_net/meta/main.yml deleted file mode 100644 index 1f64f1169a..0000000000 --- a/test/integration/targets/ec2_vpc_net/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - prepare_tests - - setup_ec2 diff --git a/test/integration/targets/ec2_vpc_net/tasks/main.yml b/test/integration/targets/ec2_vpc_net/tasks/main.yml deleted file mode 100644 index c0e5e1b45f..0000000000 --- a/test/integration/targets/ec2_vpc_net/tasks/main.yml +++ /dev/null @@ -1,1306 +0,0 @@ ---- -- name: Setup AWS Environment - module_defaults: - group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" - region: "{{ aws_region }}" - - block: - - # ============================================================ - - - name: Get the current caller identity facts - aws_caller_info: - register: caller_facts - - - name: run the module without parameters - ec2_vpc_net: - ignore_errors: yes - register: result - - - name: assert failure - assert: - that: - - result is failed - - result.msg.startswith("missing required arguments") - - # ============================================================ - - - name: attempt to create a VPC without providing connnection information - module_defaults: { group/aws: {} } - ec2_vpc_net: - state: present - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}" - region: us-east-1 - ignore_errors: yes - register: result - - - name: assert connection failure - assert: - that: - - result is failed - - '"Unable to locate credentials" in result.msg' - - # ============================================================ - - - name: Fetch existing VPC info - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - name: Check no-one is using the Prefix before we start - assert: - that: - - vpc_info.vpcs | length == 0 - - - name: test check mode creating a VPC - ec2_vpc_net: - state: present - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}" - check_mode: true - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: check for a change - assert: - that: - - result is changed - - vpc_info.vpcs | length == 0 - - # ============================================================ - - - name: create a VPC - ec2_vpc_net: - state: present - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}" - ipv6_cidr: True - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert the VPC was created successfully - assert: - that: - - result is successful - - result is changed - - vpc_info.vpcs | length == 1 - - - name: assert the output - assert: - that: - - '"cidr_block" in result.vpc' - - result.vpc.cidr_block == vpc_cidr - - result.vpc.cidr_block_association_set | length == 1 - - result.vpc.cidr_block_association_set[0].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[0].cidr_block == vpc_cidr - - result.vpc.cidr_block_association_set[0].cidr_block_state.state in ["associated", "associating"] - - '"classic_link_enabled" in result.vpc' - - result.vpc.dhcp_options_id.startswith("dopt-") - - result.vpc.id.startswith("vpc-") - - '"instance_tenancy" in result.vpc' - - result.vpc.ipv6_cidr_block_association_set | length == 1 - - result.vpc.ipv6_cidr_block_association_set[0].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | ipv6 - - result.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block_state.state in ["associated", "associating"] - - '"is_default" in result.vpc' - - '"state" in result.vpc' - - result.vpc.tags.keys() | length == 1 - - result.vpc.tags.Name == resource_prefix - - - name: set the first VPC's details as facts for comparison and cleanup - set_fact: - vpc_1_result: "{{ result }}" - vpc_1: "{{ result.vpc.id }}" - vpc_1_ipv6_cidr: "{{ result.vpc.ipv6_cidr_block_association_set.0.ipv6_cidr_block }}" - default_dhcp_options_id: "{{ result.vpc.dhcp_options_id }}" - - - name: create a VPC (retry) - ec2_vpc_net: - state: present - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}" - ipv6_cidr: True - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert nothing changed - assert: - that: - - result is successful - - result is not changed - - vpc_info.vpcs | length == 1 - - '"cidr_block" in result.vpc' - - result.vpc.cidr_block == vpc_cidr - - result.vpc.cidr_block_association_set | length == 1 - - result.vpc.cidr_block_association_set[0].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[0].cidr_block == vpc_cidr - - result.vpc.cidr_block_association_set[0].cidr_block_state.state in ["associated", "associating"] - - '"classic_link_enabled" in result.vpc' - - result.vpc.dhcp_options_id.startswith("dopt-") - - result.vpc.id.startswith("vpc-") - - '"instance_tenancy" in result.vpc' - - result.vpc.ipv6_cidr_block_association_set | length == 1 - - result.vpc.ipv6_cidr_block_association_set[0].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block | ipv6 - - result.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block_state.state in ["associated", "associating"] - - '"is_default" in result.vpc' - - '"state" in result.vpc' - - result.vpc.tags.keys() | length == 1 - - result.vpc.tags.Name == resource_prefix - - result.vpc.id == vpc_1 - - # ============================================================ - - - name: VPC info (no filters) - ec2_vpc_net_info: - register: vpc_info - - - name: Test that our new VPC shows up in the results - assert: - that: - - vpc_1 in ( vpc_info | json_query("vpcs[].vpc_id") | list ) - - - name: VPC info (Simple tag filter) - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: Test vpc_info results - assert: - that: - - vpc_info.vpcs[0].cidr_block == vpc_cidr - - vpc_info.vpcs[0].cidr_block_association_set | length == 1 - - vpc_info.vpcs[0].cidr_block_association_set[0].association_id == result.vpc.cidr_block_association_set[0].association_id - - vpc_info.vpcs[0].cidr_block_association_set[0].cidr_block == result.vpc.cidr_block_association_set[0].cidr_block - - vpc_info.vpcs[0].cidr_block_association_set[0].cidr_block_state.state in ["associated", "associating"] - - '"classic_link_dns_supported" in vpc_info.vpcs[0]' - - '"classic_link_enabled" in vpc_info.vpcs[0]' - - vpc_info.vpcs[0].dhcp_options_id == result.vpc.dhcp_options_id - - ( vpc_info.vpcs[0].enable_dns_hostnames | bool ) == True - - ( vpc_info.vpcs[0].enable_dns_support | bool ) == True - - vpc_info.vpcs[0].id == result.vpc.id - - '"instance_tenancy" in vpc_info.vpcs[0]' - - vpc_info.vpcs[0].ipv6_cidr_block_association_set | length == 1 - - vpc_info.vpcs[0].ipv6_cidr_block_association_set[0].association_id == result.vpc.ipv6_cidr_block_association_set[0].association_id - - vpc_info.vpcs[0].ipv6_cidr_block_association_set[0].ipv6_cidr_block == result.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block - - vpc_info.vpcs[0].ipv6_cidr_block_association_set[0].ipv6_cidr_block_state.state in ["associated", "associating"] - - '"is_default" in vpc_info.vpcs[0]' - - vpc_info.vpcs[0].owner_id == caller_facts.account - - '"state" in vpc_info.vpcs[0]' - - vpc_info.vpcs[0].vpc_id == result.vpc.id - - # ============================================================ - - - name: Try to add IPv6 CIDR when one already exists - ec2_vpc_net: - state: present - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}" - ipv6_cidr: True - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: Assert no changes made - assert: - that: - - '"Only one IPv6 CIDR is permitted per VPC, {{ result.vpc.id }} already has CIDR {{ vpc_1_ipv6_cidr }}" in result.warnings' - - result is not changed - - vpc_info.vpcs | length == 1 - - # ============================================================ - - - name: test check mode creating an identical VPC (multi_ok) - ec2_vpc_net: - state: present - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}" - ipv6_cidr: True - multi_ok: yes - check_mode: true - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert a change would be made - assert: - that: - - result is changed - - name: assert a change was not actually made - assert: - that: - - vpc_info.vpcs | length == 1 - - # ============================================================ - - - name: create a VPC with a dedicated tenancy using the same CIDR and name - ec2_vpc_net: - state: present - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}" - ipv6_cidr: True - tenancy: dedicated - multi_ok: yes - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert a new VPC was created - assert: - that: - - result is successful - - result is changed - - result.vpc.instance_tenancy == "dedicated" - - result.vpc.id != vpc_1 - - vpc_info.vpcs | length == 2 - - - name: set the second VPC's details as facts for comparison and cleanup - set_fact: - vpc_2_result: "{{ result }}" - vpc_2: "{{ result.vpc.id }}" - - # ============================================================ - - - name: VPC info (Simple VPC-ID filter) - ec2_vpc_net_info: - filters: - "vpc-id": "{{ vpc_2 }}" - register: vpc_info - - - name: Test vpc_info results - assert: - that: - - vpc_info.vpcs[0].cidr_block == vpc_cidr - - vpc_info.vpcs[0].cidr_block_association_set | length == 1 - - vpc_info.vpcs[0].cidr_block_association_set[0].association_id == result.vpc.cidr_block_association_set[0].association_id - - vpc_info.vpcs[0].cidr_block_association_set[0].cidr_block == result.vpc.cidr_block_association_set[0].cidr_block - - vpc_info.vpcs[0].cidr_block_association_set[0].cidr_block_state.state in ["associated", "associating"] - - '"classic_link_dns_supported" in vpc_info.vpcs[0]' - - '"classic_link_enabled" in vpc_info.vpcs[0]' - - vpc_info.vpcs[0].dhcp_options_id == result.vpc.dhcp_options_id - - ( vpc_info.vpcs[0].enable_dns_hostnames | bool ) == True - - ( vpc_info.vpcs[0].enable_dns_support | bool ) == True - - vpc_info.vpcs[0].id == vpc_2 - - '"instance_tenancy" in vpc_info.vpcs[0]' - - vpc_info.vpcs[0].ipv6_cidr_block_association_set | length == 1 - - vpc_info.vpcs[0].ipv6_cidr_block_association_set[0].association_id == result.vpc.ipv6_cidr_block_association_set[0].association_id - - vpc_info.vpcs[0].ipv6_cidr_block_association_set[0].ipv6_cidr_block == result.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block - - vpc_info.vpcs[0].ipv6_cidr_block_association_set[0].ipv6_cidr_block_state.state in ["associated", "associating"] - - '"is_default" in vpc_info.vpcs[0]' - - vpc_info.vpcs[0].owner_id == caller_facts.account - - '"state" in vpc_info.vpcs[0]' - - vpc_info.vpcs[0].vpc_id == vpc_2 - - # ============================================================ - - # This will only fail if there are already *2* vpcs otherwise ec2_vpc_net - # assumes you want to update your existing VPC... - - name: attempt to create another VPC with the same CIDR and name without multi_ok - ec2_vpc_net: - state: present - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}" - ipv6_cidr: True - tenancy: dedicated - multi_ok: no - register: new_result - ignore_errors: yes - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert failure - assert: - that: - - new_result is failed - - '"If you would like to create the VPC anyway please pass True to the multi_ok param" in new_result.msg' - - vpc_info.vpcs | length == 2 - - # ============================================================ - - # FIXME: right now if there are multiple matching VPCs they cannot be removed, - # as there is no vpc_id option for idempotence. A workaround is to retag the VPC. - - name: remove Name tag on new VPC - ec2_tag: - state: absent - resource: "{{ vpc_2 }}" - tags: - Name: "{{ resource_prefix }}" - - - name: add a unique name tag - ec2_tag: - state: present - resource: "{{ vpc_2 }}" - tags: - Name: "{{ resource_prefix }}-changed" - - - name: delete one of the VPCs - ec2_vpc_net: - state: absent - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}-changed" - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert success - assert: - that: - - result is changed - - not result.vpc - - vpc_info.vpcs | length == 1 - - # ============================================================ - - - name: attempt to delete a VPC that doesn't exist - ec2_vpc_net: - state: absent - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}-changed" - register: result - - - name: assert no changes were made - assert: - that: - - result is not changed - - not result.vpc - - # ============================================================ - - - name: create a DHCP option set to use in next test - ec2_vpc_dhcp_option: - dns_servers: - - 4.4.4.4 - - 8.8.8.8 - tags: - Name: "{{ resource_prefix }}" - register: new_dhcp - - name: assert the DHCP option set was successfully created - assert: - that: - - new_dhcp is changed - - - name: modify the DHCP options set for a VPC (check_mode) - ec2_vpc_net: - state: present - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}" - dhcp_opts_id: "{{ new_dhcp.dhcp_options_id }}" - register: result - check_mode: True - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert the DHCP option set changed but didn't update - assert: - that: - - result is changed - - result.vpc.id == vpc_1 - - vpc_info.vpcs | length == 1 - - vpc_info.vpcs[0].dhcp_options_id == default_dhcp_options_id - - - name: modify the DHCP options set for a VPC - ec2_vpc_net: - state: present - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}" - dhcp_opts_id: "{{ new_dhcp.dhcp_options_id }}" - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert the DHCP option set changed - assert: - that: - - result is changed - - result.vpc.id == vpc_1 - - default_dhcp_options_id != result.vpc.dhcp_options_id - - result.vpc.dhcp_options_id == new_dhcp.dhcp_options_id - - vpc_info.vpcs | length == 1 - - vpc_info.vpcs[0].dhcp_options_id == new_dhcp.dhcp_options_id - - - name: modify the DHCP options set for a VPC (retry) - ec2_vpc_net: - state: present - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}" - dhcp_opts_id: "{{ new_dhcp.dhcp_options_id }}" - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert the DHCP option set changed - assert: - that: - - result is not changed - - result.vpc.id == vpc_1 - - result.vpc.dhcp_options_id == new_dhcp.dhcp_options_id - - vpc_info.vpcs | length == 1 - - vpc_info.vpcs[0].dhcp_options_id == new_dhcp.dhcp_options_id - - # ============================================================ - - # XXX #62677 - #- name: disable dns_hostnames (check mode) - # ec2_vpc_net: - # state: present - # cidr_block: "{{ vpc_cidr }}" - # name: "{{ resource_prefix }}" - # dns_hostnames: False - # register: result - # check_mode: True - #- ec2_vpc_net_info: - # filters: - # "tag:Name": "{{ resource_prefix }}" - # register: vpc_info - - #- name: assert changed was set but not made - # assert: - # that: - # - result is successful - # - result is changed - # - vpc_info.vpcs | length == 1 - # - vpc_info.vpcs[0].enable_dns_hostnames | bool == True - # - vpc_info.vpcs[0].enable_dns_support | bool == True - - - name: disable dns_hostnames - ec2_vpc_net: - state: present - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}" - dns_hostnames: False - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert a change was made - assert: - that: - - result is successful - - result is changed - - result.vpc.id == vpc_1 - - vpc_info.vpcs | length == 1 - - vpc_info.vpcs[0].enable_dns_hostnames | bool == False - - vpc_info.vpcs[0].enable_dns_support | bool == True - - - name: disable dns_hostnames (retry) - ec2_vpc_net: - state: present - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}" - dns_hostnames: False - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert a change was made - assert: - that: - - result is successful - - result is not changed - - result.vpc.id == vpc_1 - - vpc_info.vpcs | length == 1 - - vpc_info.vpcs[0].enable_dns_hostnames | bool == False - - vpc_info.vpcs[0].enable_dns_support | bool == True - - # XXX #62677 - #- name: disable dns_support (check mode) - # ec2_vpc_net: - # state: present - # cidr_block: "{{ vpc_cidr }}" - # name: "{{ resource_prefix }}" - # dns_hostnames: False - # dns_support: False - # check_mode: True - # register: result - #- ec2_vpc_net_info: - # filters: - # "tag:Name": "{{ resource_prefix }}" - # register: vpc_info - - #- name: assert changed was set but not made - # assert: - # that: - # - result is successful - # - result is changed - # - result.vpc.id == vpc_1 - # - vpc_info.vpcs | length == 1 - # - vpc_info.vpcs[0].enable_dns_hostnames | bool == False - # - vpc_info.vpcs[0].enable_dns_support | bool == True - - - name: disable dns_support - ec2_vpc_net: - state: present - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}" - dns_hostnames: False - dns_support: False - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert a change was made - assert: - that: - - result is successful - - result is changed - - result.vpc.id == vpc_1 - - vpc_info.vpcs | length == 1 - - vpc_info.vpcs[0].enable_dns_hostnames | bool == False - - vpc_info.vpcs[0].enable_dns_support | bool == False - - - name: disable dns_support (retry) - ec2_vpc_net: - state: present - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}" - dns_hostnames: False - dns_support: False - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert a change was not made - assert: - that: - - result is successful - - result is not changed - - result.vpc.id == vpc_1 - - vpc_info.vpcs | length == 1 - - vpc_info.vpcs[0].enable_dns_hostnames | bool == False - - vpc_info.vpcs[0].enable_dns_support | bool == False - - # XXX #62677 - #- name: re-enable dns_support (check mode) - # ec2_vpc_net: - # state: present - # cidr_block: "{{ vpc_cidr }}" - # name: "{{ resource_prefix }}" - # register: result - # check_mode: True - #- ec2_vpc_net_info: - # filters: - # "tag:Name": "{{ resource_prefix }}" - # register: vpc_info - - #- name: assert a change was made - # assert: - # that: - # - result is successful - # - result is changed - # - result.vpc.id == vpc_1 - # - vpc_info.vpcs | length == 1 - # - vpc_info.vpcs[0].enable_dns_hostnames | bool == True - # - vpc_info.vpcs[0].enable_dns_support | bool == True - - - name: re-enable dns_support - ec2_vpc_net: - state: present - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}" - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert a change was made - assert: - that: - - result is successful - - result is changed - - result.vpc.id == vpc_1 - - vpc_info.vpcs | length == 1 - - vpc_info.vpcs[0].enable_dns_hostnames | bool == True - - vpc_info.vpcs[0].enable_dns_support | bool == True - - - name: re-enable dns_support (retry) - ec2_vpc_net: - state: present - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}" - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert a change was not made - assert: - that: - - result is successful - - result is not changed - - result.vpc.id == vpc_1 - - vpc_info.vpcs | length == 1 - - vpc_info.vpcs[0].enable_dns_hostnames | bool == True - - vpc_info.vpcs[0].enable_dns_support | bool == True - - # ============================================================ - - - name: modify tags (check mode) - ec2_vpc_net: - state: present - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}" - tags: - Ansible: Test - check_mode: true - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert the VPC has Name but not Ansible tag - assert: - that: - - result is successful - - result is changed - - result.vpc.id == vpc_1 - - result.vpc.tags | length == 1 - - result.vpc.tags.Name == resource_prefix - - vpc_info.vpcs | length == 1 - - vpc_info.vpcs[0].tags | length == 1 - - vpc_info.vpcs[0].tags.Name == resource_prefix - - - name: modify tags - ec2_vpc_net: - state: present - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}" - tags: - Ansible: Test - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert the VPC has Name and Ansible tags - assert: - that: - - result is successful - - result is changed - - result.vpc.id == vpc_1 - - result.vpc.tags | length == 2 - - result.vpc.tags.Ansible == "Test" - - result.vpc.tags.Name == resource_prefix - - vpc_info.vpcs | length == 1 - - vpc_info.vpcs[0].tags | length == 2 - - vpc_info.vpcs[0].tags.Ansible == "Test" - - vpc_info.vpcs[0].tags.Name == resource_prefix - - - name: modify tags (no change) - ec2_vpc_net: - state: present - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}" - dns_support: True - dns_hostnames: True - tags: - Ansible: Test - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert the VPC has Name and Ansible tags - assert: - that: - - result is successful - - result is not changed - - result.vpc.id == vpc_1 - - result.vpc.tags|length == 2 - - result.vpc.tags.Ansible == "Test" - - result.vpc.tags.Name == resource_prefix - - vpc_info.vpcs | length == 1 - - vpc_info.vpcs[0].tags|length == 2 - - vpc_info.vpcs[0].tags.Ansible == "Test" - - vpc_info.vpcs[0].tags.Name == resource_prefix - - # ============================================================ - - # #62678 - #- name: modify CIDR (check mode) - # ec2_vpc_net: - # state: present - # cidr_block: - # - "{{ vpc_cidr }}" - # - "{{ vpc_cidr_a }}" - # name: "{{ resource_prefix }}" - # check_mode: true - # register: result - #- ec2_vpc_net_info: - # filters: - # "tag:Name": "{{ resource_prefix }}" - # register: vpc_info - - #- name: Check the CIDRs weren't changed - # assert: - # that: - # - result is successful - # - result is changed - # - result.vpc.id == vpc_1 - # - vpc_info.vpcs | length == 1 - # - vpc_info.vpcs[0].cidr_block == vpc_cidr - # - vpc_cidr in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - # - vpc_cidr_a not in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - # - vpc_cidr_b not in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - # - vpc_info.vpcs[0].cidr_block_association_set | length == 1 - # - vpc_info.vpcs[0].cidr_block_association_set[0].association_id.startswith("vpc-cidr-assoc-") - # - vpc_info.vpcs[0].cidr_block_association_set[1].association_id.startswith("vpc-cidr-assoc-") - # - vpc_info.vpcs[0].cidr_block_association_set[0].cidr_block_state.state in ["associated", "associating"] - # - vpc_info.vpcs[0].cidr_block_association_set[1].cidr_block_state.state in ["associated", "associating"] - # - vpc_cidr in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - # - vpc_cidr_a not in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - # - vpc_cidr_b not in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - - name: modify CIDR - ec2_vpc_net: - state: present - cidr_block: - - "{{ vpc_cidr }}" - - "{{ vpc_cidr_a }}" - name: "{{ resource_prefix }}" - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert the CIDRs changed - assert: - that: - - result is successful - - result is changed - - result.vpc.id == vpc_1 - - vpc_info.vpcs | length == 1 - - result.vpc.cidr_block == vpc_cidr - - vpc_info.vpcs[0].cidr_block == vpc_cidr - - result.vpc.cidr_block_association_set | length == 2 - - result.vpc.cidr_block_association_set[0].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[1].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[0].cidr_block_state.state in ["associated", "associating"] - - result.vpc.cidr_block_association_set[1].cidr_block_state.state in ["associated", "associating"] - - vpc_cidr in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_a in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_b not in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_info.vpcs[0].cidr_block_association_set | length == 2 - - vpc_info.vpcs[0].cidr_block_association_set[0].association_id.startswith("vpc-cidr-assoc-") - - vpc_info.vpcs[0].cidr_block_association_set[1].association_id.startswith("vpc-cidr-assoc-") - - vpc_info.vpcs[0].cidr_block_association_set[0].cidr_block_state.state in ["associated", "associating"] - - vpc_info.vpcs[0].cidr_block_association_set[1].cidr_block_state.state in ["associated", "associating"] - - vpc_cidr in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_a in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_b not in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - - name: modify CIDR (no change) - ec2_vpc_net: - state: present - cidr_block: - - "{{ vpc_cidr }}" - - "{{ vpc_cidr_a }}" - name: "{{ resource_prefix }}" - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert the CIDRs didn't change - assert: - that: - - result is successful - - result is not changed - - result.vpc.id == vpc_1 - - vpc_info.vpcs | length == 1 - - result.vpc.cidr_block == vpc_cidr - - vpc_info.vpcs[0].cidr_block == vpc_cidr - - result.vpc.cidr_block_association_set | length == 2 - - result.vpc.cidr_block_association_set[0].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[1].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[0].cidr_block_state.state in ["associated", "associating"] - - result.vpc.cidr_block_association_set[1].cidr_block_state.state in ["associated", "associating"] - - vpc_cidr in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_a in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_b not in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_info.vpcs[0].cidr_block_association_set | length == 2 - - vpc_info.vpcs[0].cidr_block_association_set[0].association_id.startswith("vpc-cidr-assoc-") - - vpc_info.vpcs[0].cidr_block_association_set[1].association_id.startswith("vpc-cidr-assoc-") - - vpc_info.vpcs[0].cidr_block_association_set[0].cidr_block_state.state in ["associated", "associating"] - - vpc_info.vpcs[0].cidr_block_association_set[1].cidr_block_state.state in ["associated", "associating"] - - vpc_cidr in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_a in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_b not in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - # #62678 - #- name: modify CIDR - no purge (check mode) - # ec2_vpc_net: - # state: present - # cidr_block: - # - "{{ vpc_cidr }}" - # - "{{ vpc_cidr_b }}" - # name: "{{ resource_prefix }}" - # check_mode: true - # register: result - #- ec2_vpc_net_info: - # filters: - # "tag:Name": "{{ resource_prefix }}" - # register: vpc_info - - #- name: Check the CIDRs weren't changed - # assert: - # that: - # - result is successful - # - result is changed - # - vpc_info.vpcs | length == 1 - # - vpc_info.vpcs[0].cidr_block == vpc_cidr - # - vpc_cidr in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - # - vpc_cidr_a in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - # - vpc_cidr_b not in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - # - vpc_info.vpcs[0].cidr_block_association_set | length == 2 - # - vpc_info.vpcs[0].cidr_block_association_set[0].association_id.startswith("vpc-cidr-assoc-") - # - vpc_info.vpcs[0].cidr_block_association_set[1].association_id.startswith("vpc-cidr-assoc-") - # - vpc_info.vpcs[0].cidr_block_association_set[0].cidr_block_state.state in ["associated", "associating"] - # - vpc_info.vpcs[0].cidr_block_association_set[1].cidr_block_state.state in ["associated", "associating"] - # - vpc_cidr in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - # - vpc_cidr_a in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - # - vpc_cidr_b not in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - - name: modify CIDR - no purge - ec2_vpc_net: - state: present - cidr_block: - - "{{ vpc_cidr }}" - - "{{ vpc_cidr_b }}" - name: "{{ resource_prefix }}" - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert the CIDRs changed - assert: - that: - - result is successful - - result is changed - - result.vpc.id == vpc_1 - - vpc_info.vpcs | length == 1 - - result.vpc.cidr_block == vpc_cidr - - vpc_info.vpcs[0].cidr_block == vpc_cidr - - result.vpc.cidr_block_association_set | length == 3 - - result.vpc.cidr_block_association_set[0].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[1].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[2].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[0].cidr_block_state.state in ["associated", "associating"] - - result.vpc.cidr_block_association_set[1].cidr_block_state.state in ["associated", "associating"] - - result.vpc.cidr_block_association_set[2].cidr_block_state.state in ["associated", "associating"] - - vpc_cidr in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_a in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_b in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_info.vpcs[0].cidr_block_association_set | length == 3 - - vpc_info.vpcs[0].cidr_block_association_set[0].association_id.startswith("vpc-cidr-assoc-") - - vpc_info.vpcs[0].cidr_block_association_set[1].association_id.startswith("vpc-cidr-assoc-") - - vpc_info.vpcs[0].cidr_block_association_set[2].association_id.startswith("vpc-cidr-assoc-") - - vpc_info.vpcs[0].cidr_block_association_set[0].cidr_block_state.state in ["associated", "associating"] - - vpc_info.vpcs[0].cidr_block_association_set[1].cidr_block_state.state in ["associated", "associating"] - - vpc_info.vpcs[0].cidr_block_association_set[2].cidr_block_state.state in ["associated", "associating"] - - vpc_cidr in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_a in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_b in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - - name: modify CIDR - no purge (no change) - ec2_vpc_net: - state: present - cidr_block: - - "{{ vpc_cidr }}" - - "{{ vpc_cidr_b }}" - name: "{{ resource_prefix }}" - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert the CIDRs didn't change - assert: - that: - - result is successful - - result is not changed - - vpc_info.vpcs | length == 1 - - result.vpc.cidr_block == vpc_cidr - - vpc_info.vpcs[0].cidr_block == vpc_cidr - - result.vpc.cidr_block_association_set | length == 3 - - result.vpc.cidr_block_association_set[0].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[1].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[2].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[0].cidr_block_state.state in ["associated", "associating"] - - result.vpc.cidr_block_association_set[1].cidr_block_state.state in ["associated", "associating"] - - result.vpc.cidr_block_association_set[2].cidr_block_state.state in ["associated", "associating"] - - vpc_cidr in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_a in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_b in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_info.vpcs[0].cidr_block_association_set | length == 3 - - vpc_info.vpcs[0].cidr_block_association_set[0].association_id.startswith("vpc-cidr-assoc-") - - vpc_info.vpcs[0].cidr_block_association_set[1].association_id.startswith("vpc-cidr-assoc-") - - vpc_info.vpcs[0].cidr_block_association_set[2].association_id.startswith("vpc-cidr-assoc-") - - vpc_info.vpcs[0].cidr_block_association_set[0].cidr_block_state.state in ["associated", "associating"] - - vpc_info.vpcs[0].cidr_block_association_set[1].cidr_block_state.state in ["associated", "associating"] - - vpc_info.vpcs[0].cidr_block_association_set[2].cidr_block_state.state in ["associated", "associating"] - - vpc_cidr in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_a in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_b in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - - name: modify CIDR - no purge (no change - list all - check mode) - ec2_vpc_net: - state: present - cidr_block: - - "{{ vpc_cidr }}" - - "{{ vpc_cidr_a }}" - - "{{ vpc_cidr_b }}" - name: "{{ resource_prefix }}" - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert the CIDRs didn't change - assert: - that: - - result is successful - - result is not changed - - vpc_info.vpcs | length == 1 - - result.vpc.cidr_block == vpc_cidr - - vpc_info.vpcs[0].cidr_block == vpc_cidr - - result.vpc.cidr_block_association_set | length == 3 - - result.vpc.cidr_block_association_set[0].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[1].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[2].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[0].cidr_block_state.state in ["associated", "associating"] - - result.vpc.cidr_block_association_set[1].cidr_block_state.state in ["associated", "associating"] - - result.vpc.cidr_block_association_set[2].cidr_block_state.state in ["associated", "associating"] - - vpc_cidr in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_a in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_b in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_info.vpcs[0].cidr_block_association_set | length == 3 - - vpc_info.vpcs[0].cidr_block_association_set[0].association_id.startswith("vpc-cidr-assoc-") - - vpc_info.vpcs[0].cidr_block_association_set[1].association_id.startswith("vpc-cidr-assoc-") - - vpc_info.vpcs[0].cidr_block_association_set[2].association_id.startswith("vpc-cidr-assoc-") - - vpc_info.vpcs[0].cidr_block_association_set[0].cidr_block_state.state in ["associated", "associating"] - - vpc_info.vpcs[0].cidr_block_association_set[1].cidr_block_state.state in ["associated", "associating"] - - vpc_info.vpcs[0].cidr_block_association_set[2].cidr_block_state.state in ["associated", "associating"] - - vpc_cidr in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_a in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_b in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - - name: modify CIDR - no purge (no change - list all) - ec2_vpc_net: - state: present - cidr_block: - - "{{ vpc_cidr }}" - - "{{ vpc_cidr_a }}" - - "{{ vpc_cidr_b }}" - name: "{{ resource_prefix }}" - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert the CIDRs didn't change - assert: - that: - - result is successful - - result is not changed - - vpc_info.vpcs | length == 1 - - result.vpc.cidr_block == vpc_cidr - - vpc_info.vpcs[0].cidr_block == vpc_cidr - - result.vpc.cidr_block_association_set | length == 3 - - result.vpc.cidr_block_association_set[0].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[1].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[2].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[0].cidr_block_state.state in ["associated", "associating"] - - result.vpc.cidr_block_association_set[1].cidr_block_state.state in ["associated", "associating"] - - result.vpc.cidr_block_association_set[2].cidr_block_state.state in ["associated", "associating"] - - vpc_cidr in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_a in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_b in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_info.vpcs[0].cidr_block_association_set | length == 3 - - vpc_info.vpcs[0].cidr_block_association_set[0].association_id.startswith("vpc-cidr-assoc-") - - vpc_info.vpcs[0].cidr_block_association_set[1].association_id.startswith("vpc-cidr-assoc-") - - vpc_info.vpcs[0].cidr_block_association_set[2].association_id.startswith("vpc-cidr-assoc-") - - vpc_info.vpcs[0].cidr_block_association_set[0].cidr_block_state.state in ["associated", "associating"] - - vpc_info.vpcs[0].cidr_block_association_set[1].cidr_block_state.state in ["associated", "associating"] - - vpc_info.vpcs[0].cidr_block_association_set[2].cidr_block_state.state in ["associated", "associating"] - - vpc_cidr in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_a in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_b in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - - name: modify CIDR - no purge (no change - different order - check mode) - ec2_vpc_net: - state: present - cidr_block: - - "{{ vpc_cidr }}" - - "{{ vpc_cidr_b }}" - - "{{ vpc_cidr_a }}" - name: "{{ resource_prefix }}" - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert the CIDRs didn't change - assert: - that: - - result is successful - - result is not changed - - vpc_info.vpcs | length == 1 - - result.vpc.cidr_block == vpc_cidr - - vpc_info.vpcs[0].cidr_block == vpc_cidr - - result.vpc.cidr_block_association_set | length == 3 - - result.vpc.cidr_block_association_set[0].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[1].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[2].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[0].cidr_block_state.state in ["associated", "associating"] - - result.vpc.cidr_block_association_set[1].cidr_block_state.state in ["associated", "associating"] - - result.vpc.cidr_block_association_set[2].cidr_block_state.state in ["associated", "associating"] - - vpc_cidr in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_a in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_b in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_info.vpcs[0].cidr_block_association_set | length == 3 - - vpc_info.vpcs[0].cidr_block_association_set[0].association_id.startswith("vpc-cidr-assoc-") - - vpc_info.vpcs[0].cidr_block_association_set[1].association_id.startswith("vpc-cidr-assoc-") - - vpc_info.vpcs[0].cidr_block_association_set[2].association_id.startswith("vpc-cidr-assoc-") - - vpc_info.vpcs[0].cidr_block_association_set[0].cidr_block_state.state in ["associated", "associating"] - - vpc_info.vpcs[0].cidr_block_association_set[1].cidr_block_state.state in ["associated", "associating"] - - vpc_info.vpcs[0].cidr_block_association_set[2].cidr_block_state.state in ["associated", "associating"] - - vpc_cidr in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_a in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_b in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - - name: modify CIDR - no purge (no change - different order) - ec2_vpc_net: - state: present - cidr_block: - - "{{ vpc_cidr }}" - - "{{ vpc_cidr_b }}" - - "{{ vpc_cidr_a }}" - name: "{{ resource_prefix }}" - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert the CIDRs didn't change - assert: - that: - - result is successful - - result is not changed - - vpc_info.vpcs | length == 1 - - result.vpc.cidr_block == vpc_cidr - - vpc_info.vpcs[0].cidr_block == vpc_cidr - - result.vpc.cidr_block_association_set | length == 3 - - result.vpc.cidr_block_association_set[0].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[1].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[2].association_id.startswith("vpc-cidr-assoc-") - - result.vpc.cidr_block_association_set[0].cidr_block_state.state in ["associated", "associating"] - - result.vpc.cidr_block_association_set[1].cidr_block_state.state in ["associated", "associating"] - - result.vpc.cidr_block_association_set[2].cidr_block_state.state in ["associated", "associating"] - - vpc_cidr in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_a in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_b in (result.vpc | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_info.vpcs[0].cidr_block_association_set | length == 3 - - vpc_info.vpcs[0].cidr_block_association_set[0].association_id.startswith("vpc-cidr-assoc-") - - vpc_info.vpcs[0].cidr_block_association_set[1].association_id.startswith("vpc-cidr-assoc-") - - vpc_info.vpcs[0].cidr_block_association_set[2].association_id.startswith("vpc-cidr-assoc-") - - vpc_info.vpcs[0].cidr_block_association_set[0].cidr_block_state.state in ["associated", "associating"] - - vpc_info.vpcs[0].cidr_block_association_set[1].cidr_block_state.state in ["associated", "associating"] - - vpc_info.vpcs[0].cidr_block_association_set[2].cidr_block_state.state in ["associated", "associating"] - - vpc_cidr in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_a in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - vpc_cidr_b in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - # #62678 - #- name: modify CIDR - purge (check mode) - # ec2_vpc_net: - # state: present - # cidr_block: - # - "{{ vpc_cidr }}" - # - "{{ vpc_cidr_b }}" - # name: "{{ resource_prefix }}" - # purge_cidrs: yes - # check_mode: true - # register: result - #- ec2_vpc_net_info: - # filters: - # "tag:Name": "{{ resource_prefix }}" - # register: vpc_info - - #- name: Check the CIDRs weren't changed - # assert: - # that: - # - result is successful - # - result is changed - # - vpc_info.vpcs | length == 1 - # - vpc_info.vpcs[0].cidr_block == vpc_cidr - # - vpc_info.vpcs[0].cidr_block_association_set | length == 3 - # - vpc_info.vpcs[0].cidr_block_association_set[0].association_id.startswith("vpc-cidr-assoc-") - # - vpc_info.vpcs[0].cidr_block_association_set[1].association_id.startswith("vpc-cidr-assoc-") - # - vpc_info.vpcs[0].cidr_block_association_set[2].association_id.startswith("vpc-cidr-assoc-") - # - vpc_info.vpcs[0].cidr_block_association_set[0].cidr_block_state.state in ["associated", "associating"] - # - vpc_info.vpcs[0].cidr_block_association_set[1].cidr_block_state.state in ["associated", "associating"] - # - vpc_info.vpcs[0].cidr_block_association_set[2].cidr_block_state.state in ["associated", "associating"] - # - vpc_cidr in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - # - vpc_cidr_a in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - # - vpc_cidr_b in (vpc_info.vpcs[0] | json_query("cidr_block_association_set[*].cidr_block") | list) - - - name: modify CIDR - purge - ec2_vpc_net: - state: present - cidr_block: - - "{{ vpc_cidr }}" - - "{{ vpc_cidr_b }}" - name: "{{ resource_prefix }}" - purge_cidrs: yes - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert the CIDRs changed - vars: - cidr_query: 'cidr_block_association_set[?cidr_block_state.state == `associated`].cidr_block' - assert: - that: - - result is successful - - result is changed - - result.vpc.id == vpc_1 - - vpc_info.vpcs | length == 1 - - result.vpc.cidr_block == vpc_cidr - - vpc_info.vpcs[0].cidr_block == vpc_cidr - - result.vpc | json_query(cidr_query) | list | length == 2 - - vpc_cidr in (result.vpc | json_query(cidr_query) | list) - - vpc_cidr_a not in (result.vpc | json_query(cidr_query) | list) - - vpc_cidr_b in (result.vpc | json_query(cidr_query) | list) - - vpc_info.vpcs[0] | json_query(cidr_query) | list | length == 2 - - vpc_cidr in (vpc_info.vpcs[0] | json_query(cidr_query) | list) - - vpc_cidr_a not in (vpc_info.vpcs[0] | json_query(cidr_query) | list) - - vpc_cidr_b in (vpc_info.vpcs[0] | json_query(cidr_query) | list) - - - name: modify CIDR - purge (no change) - ec2_vpc_net: - state: present - cidr_block: - - "{{ vpc_cidr }}" - - "{{ vpc_cidr_b }}" - name: "{{ resource_prefix }}" - purge_cidrs: yes - register: result - - ec2_vpc_net_info: - filters: - "tag:Name": "{{ resource_prefix }}" - register: vpc_info - - - name: assert the CIDRs didn't change - vars: - cidr_query: 'cidr_block_association_set[?cidr_block_state.state == `associated`].cidr_block' - assert: - that: - - result is successful - - result is not changed - - result.vpc.id == vpc_1 - - vpc_info.vpcs | length == 1 - - result.vpc.cidr_block == vpc_cidr - - vpc_info.vpcs[0].cidr_block == vpc_cidr - - result.vpc | json_query(cidr_query) | list | length == 2 - - vpc_cidr in (result.vpc | json_query(cidr_query) | list) - - vpc_cidr_a not in (result.vpc | json_query(cidr_query) | list) - - vpc_cidr_b in (result.vpc | json_query(cidr_query) | list) - - vpc_info.vpcs[0] | json_query(cidr_query) | list | length == 2 - - vpc_cidr in (vpc_info.vpcs[0] | json_query(cidr_query) | list) - - vpc_cidr_a not in (vpc_info.vpcs[0] | json_query(cidr_query) | list) - - vpc_cidr_b in (vpc_info.vpcs[0] | json_query(cidr_query) | list) - - # ============================================================ - - - name: test check mode to delete a VPC - ec2_vpc_net: - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}" - state: absent - check_mode: true - register: result - - - name: assert that a change would have been made - assert: - that: - - result is changed - - # ============================================================ - - always: - - - name: replace the DHCP options set so the new one can be deleted - ec2_vpc_net: - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}" - state: present - multi_ok: no - dhcp_opts_id: "{{ default_dhcp_options_id }}" - ignore_errors: true - - - name: remove the DHCP option set - ec2_vpc_dhcp_option: - dhcp_options_id: "{{ new_dhcp.dhcp_options_id }}" - state: absent - ignore_errors: true - - - name: remove the VPC - ec2_vpc_net: - cidr_block: "{{ vpc_cidr }}" - name: "{{ resource_prefix }}" - state: absent - ignore_errors: true diff --git a/test/integration/targets/ec2_vpc_subnet/aliases b/test/integration/targets/ec2_vpc_subnet/aliases deleted file mode 100644 index 5e7a8d3877..0000000000 --- a/test/integration/targets/ec2_vpc_subnet/aliases +++ /dev/null @@ -1,3 +0,0 @@ -cloud/aws -shippable/aws/group2 -unstable diff --git a/test/integration/targets/ec2_vpc_subnet/defaults/main.yml b/test/integration/targets/ec2_vpc_subnet/defaults/main.yml deleted file mode 100644 index 9c529aff02..0000000000 --- a/test/integration/targets/ec2_vpc_subnet/defaults/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -# defaults file for ec2_vpc_subnet -ec2_vpc_subnet_name: '{{resource_prefix}}' -ec2_vpc_subnet_description: 'Created by ansible integration tests' diff --git a/test/integration/targets/ec2_vpc_subnet/meta/main.yml b/test/integration/targets/ec2_vpc_subnet/meta/main.yml deleted file mode 100644 index 1f64f1169a..0000000000 --- a/test/integration/targets/ec2_vpc_subnet/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - prepare_tests - - setup_ec2 diff --git a/test/integration/targets/ec2_vpc_subnet/tasks/main.yml b/test/integration/targets/ec2_vpc_subnet/tasks/main.yml deleted file mode 100644 index fa79901db0..0000000000 --- a/test/integration/targets/ec2_vpc_subnet/tasks/main.yml +++ /dev/null @@ -1,618 +0,0 @@ ---- -- module_defaults: - group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" - region: "{{ aws_region }}" - block: - - - name: list available AZs - aws_az_info: - register: region_azs - - - name: pick an AZ for testing - set_fact: - subnet_az: "{{ region_azs.availability_zones[0].zone_name }}" - - # ============================================================ - - name: create a VPC - ec2_vpc_net: - name: "{{ resource_prefix }}-vpc" - state: present - cidr_block: "10.232.232.128/26" - ipv6_cidr: True - tags: - Name: "{{ resource_prefix }}-vpc" - Description: "Created by ansible-test" - register: vpc_result - - - set_fact: - vpc_ipv6_cidr: "{{ vpc_result.vpc.ipv6_cidr_block_association_set[0].ipv6_cidr_block }}" - - # ============================================================ - - name: create subnet (expected changed=true) (CHECK MODE) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - az: "{{ subnet_az }}" - vpc_id: "{{ vpc_result.vpc.id }}" - tags: - Name: '{{ec2_vpc_subnet_name}}' - Description: '{{ec2_vpc_subnet_description}}' - state: present - check_mode: true - register: vpc_subnet_create - - - name: assert creation would happen - assert: - that: - - vpc_subnet_create is changed - - - name: create subnet (expected changed=true) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - az: "{{ subnet_az }}" - vpc_id: "{{ vpc_result.vpc.id }}" - tags: - Name: '{{ec2_vpc_subnet_name}}' - Description: '{{ec2_vpc_subnet_description}}' - state: present - register: vpc_subnet_create - - - name: assert creation happened (expected changed=true) - assert: - that: - - 'vpc_subnet_create' - - 'vpc_subnet_create.subnet.id.startswith("subnet-")' - - '"Name" in vpc_subnet_create.subnet.tags and vpc_subnet_create.subnet.tags["Name"] == ec2_vpc_subnet_name' - - '"Description" in vpc_subnet_create.subnet.tags and vpc_subnet_create.subnet.tags["Description"] == ec2_vpc_subnet_description' - # ============================================================ - - name: recreate subnet (expected changed=false) (CHECK MODE) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - az: "{{ subnet_az }}" - vpc_id: "{{ vpc_result.vpc.id }}" - tags: - Name: '{{ec2_vpc_subnet_name}}' - Description: '{{ec2_vpc_subnet_description}}' - state: present - check_mode: true - register: vpc_subnet_recreate - - - name: assert recreation changed nothing (expected changed=false) - assert: - that: - - vpc_subnet_recreate is not changed - - - name: recreate subnet (expected changed=false) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - az: "{{ subnet_az }}" - vpc_id: "{{ vpc_result.vpc.id }}" - tags: - Name: '{{ec2_vpc_subnet_name}}' - Description: '{{ec2_vpc_subnet_description}}' - state: present - register: vpc_subnet_recreate - - - name: assert recreation changed nothing (expected changed=false) - assert: - that: - - vpc_subnet_recreate is not changed - - 'vpc_subnet_recreate.subnet == vpc_subnet_create.subnet' - - # ============================================================ - - name: update subnet so instances launched in it are assigned an IP (CHECK MODE) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - az: "{{ subnet_az }}" - vpc_id: "{{ vpc_result.vpc.id }}" - tags: - Name: '{{ec2_vpc_subnet_name}}' - Description: '{{ec2_vpc_subnet_description}}' - state: present - map_public: true - check_mode: true - register: vpc_subnet_modify - - - name: assert subnet changed - assert: - that: - - vpc_subnet_modify is changed - - - name: update subnet so instances launched in it are assigned an IP - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - az: "{{ subnet_az }}" - vpc_id: "{{ vpc_result.vpc.id }}" - tags: - Name: '{{ec2_vpc_subnet_name}}' - Description: '{{ec2_vpc_subnet_description}}' - state: present - map_public: true - register: vpc_subnet_modify - - - name: assert subnet changed - assert: - that: - - vpc_subnet_modify is changed - - vpc_subnet_modify.subnet.map_public_ip_on_launch - - # ============================================================ - - name: add invalid ipv6 block to subnet (expected failed) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - az: "{{ subnet_az }}" - vpc_id: "{{ vpc_result.vpc.id }}" - ipv6_cidr: 2001:db8::/64 - tags: - Name: '{{ec2_vpc_subnet_name}}' - Description: '{{ec2_vpc_subnet_description}}' - state: present - register: vpc_subnet_ipv6_failed - ignore_errors: yes - - - name: assert failure happened (expected failed) - assert: - that: - - vpc_subnet_ipv6_failed is failed - - "'Couldn\\'t associate ipv6 cidr' in vpc_subnet_ipv6_failed.msg" - - # ============================================================ - - name: add a tag (expected changed=true) (CHECK MODE) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - az: "{{ subnet_az }}" - vpc_id: "{{ vpc_result.vpc.id }}" - tags: - Name: '{{ec2_vpc_subnet_name}}' - Description: '{{ec2_vpc_subnet_description}}' - AnotherTag: SomeValue - state: present - check_mode: true - register: vpc_subnet_add_a_tag - - - name: assert tag addition happened (expected changed=true) - assert: - that: - - vpc_subnet_add_a_tag is changed - - - name: add a tag (expected changed=true) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - az: "{{ subnet_az }}" - vpc_id: "{{ vpc_result.vpc.id }}" - tags: - Name: '{{ec2_vpc_subnet_name}}' - Description: '{{ec2_vpc_subnet_description}}' - AnotherTag: SomeValue - state: present - register: vpc_subnet_add_a_tag - - - name: assert tag addition happened (expected changed=true) - assert: - that: - - vpc_subnet_add_a_tag is changed - - '"Name" in vpc_subnet_add_a_tag.subnet.tags and vpc_subnet_add_a_tag.subnet.tags["Name"] == ec2_vpc_subnet_name' - - '"Description" in vpc_subnet_add_a_tag.subnet.tags and vpc_subnet_add_a_tag.subnet.tags["Description"] == ec2_vpc_subnet_description' - - '"AnotherTag" in vpc_subnet_add_a_tag.subnet.tags and vpc_subnet_add_a_tag.subnet.tags["AnotherTag"] == "SomeValue"' - - # ============================================================ - - name: remove tags with default purge_tags=true (expected changed=true) (CHECK MODE) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - az: "{{ subnet_az }}" - vpc_id: "{{ vpc_result.vpc.id }}" - tags: - AnotherTag: SomeValue - state: present - check_mode: true - register: vpc_subnet_remove_tags - - - name: assert tag removal happened (expected changed=true) - assert: - that: - - vpc_subnet_remove_tags is changed - - - name: remove tags with default purge_tags=true (expected changed=true) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - az: "{{ subnet_az }}" - vpc_id: "{{ vpc_result.vpc.id }}" - tags: - AnotherTag: SomeValue - state: present - register: vpc_subnet_remove_tags - - - name: assert tag removal happened (expected changed=true) - assert: - that: - - vpc_subnet_remove_tags is changed - - '"Name" not in vpc_subnet_remove_tags.subnet.tags' - - '"Description" not in vpc_subnet_remove_tags.subnet.tags' - - '"AnotherTag" in vpc_subnet_remove_tags.subnet.tags and vpc_subnet_remove_tags.subnet.tags["AnotherTag"] == "SomeValue"' - - # ============================================================ - - name: change tags with purge_tags=false (expected changed=true) (CHECK MODE) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - az: "{{ subnet_az }}" - vpc_id: "{{ vpc_result.vpc.id }}" - tags: - Name: '{{ec2_vpc_subnet_name}}' - Description: '{{ec2_vpc_subnet_description}}' - state: present - purge_tags: false - check_mode: true - register: vpc_subnet_change_tags - - - name: assert tag addition happened (expected changed=true) - assert: - that: - - vpc_subnet_change_tags is changed - - - name: change tags with purge_tags=false (expected changed=true) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - az: "{{ subnet_az }}" - vpc_id: "{{ vpc_result.vpc.id }}" - tags: - Name: '{{ec2_vpc_subnet_name}}' - Description: '{{ec2_vpc_subnet_description}}' - state: present - purge_tags: false - register: vpc_subnet_change_tags - - - name: assert tag addition happened (expected changed=true) - assert: - that: - - vpc_subnet_change_tags is changed - - '"Name" in vpc_subnet_change_tags.subnet.tags and vpc_subnet_change_tags.subnet.tags["Name"] == ec2_vpc_subnet_name' - - '"Description" in vpc_subnet_change_tags.subnet.tags and vpc_subnet_change_tags.subnet.tags["Description"] == ec2_vpc_subnet_description' - - '"AnotherTag" in vpc_subnet_change_tags.subnet.tags and vpc_subnet_change_tags.subnet.tags["AnotherTag"] == "SomeValue"' - - # ============================================================ - - name: test state=absent (expected changed=true) (CHECK MODE) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - vpc_id: "{{ vpc_result.vpc.id }}" - state: absent - check_mode: true - register: result - - - name: assert state=absent (expected changed=true) - assert: - that: - - result is changed - - - name: test state=absent (expected changed=true) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - vpc_id: "{{ vpc_result.vpc.id }}" - state: absent - register: result - - - name: assert state=absent (expected changed=true) - assert: - that: - - result is changed - - # ============================================================ - - name: test state=absent (expected changed=false) (CHECK MODE) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - vpc_id: "{{ vpc_result.vpc.id }}" - state: absent - check_mode: true - register: result - - - name: assert state=absent (expected changed=false) - assert: - that: - - result is not changed - - - name: test state=absent (expected changed=false) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - vpc_id: "{{ vpc_result.vpc.id }}" - state: absent - register: result - - - name: assert state=absent (expected changed=false) - assert: - that: - - result is not changed - - # ============================================================ - - name: create subnet without AZ (CHECK MODE) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - vpc_id: "{{ vpc_result.vpc.id }}" - state: present - check_mode: true - register: subnet_without_az - - - name: check that subnet without AZ works fine - assert: - that: - - subnet_without_az is changed - - - name: create subnet without AZ - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - vpc_id: "{{ vpc_result.vpc.id }}" - state: present - register: subnet_without_az - - - name: check that subnet without AZ works fine - assert: - that: - - subnet_without_az is changed - - # ============================================================ - - name: remove subnet without AZ (CHECK MODE) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - vpc_id: "{{ vpc_result.vpc.id }}" - state: absent - check_mode: true - register: result - - - name: assert state=absent (expected changed=true) - assert: - that: - - result is changed - - - name: remove subnet without AZ - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - vpc_id: "{{ vpc_result.vpc.id }}" - state: absent - register: result - - - name: assert state=absent (expected changed=true) - assert: - that: - - result is changed - - - # ============================================================ - - name: create subnet with IPv6 (expected changed=true) (CHECK MODE) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - vpc_id: "{{ vpc_result.vpc.id }}" - ipv6_cidr: "{{ vpc_ipv6_cidr | regex_replace('::/56', '::/64') }}" - assign_instances_ipv6: true - state: present - tags: - Name: '{{ec2_vpc_subnet_name}}' - Description: '{{ec2_vpc_subnet_description}}' - check_mode: true - register: vpc_subnet_ipv6_create - - - name: assert creation with IPv6 happened (expected changed=true) - assert: - that: - - vpc_subnet_ipv6_create is changed - - - name: create subnet with IPv6 (expected changed=true) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - vpc_id: "{{ vpc_result.vpc.id }}" - ipv6_cidr: "{{ vpc_ipv6_cidr | regex_replace('::/56', '::/64') }}" - assign_instances_ipv6: true - state: present - tags: - Name: '{{ec2_vpc_subnet_name}}' - Description: '{{ec2_vpc_subnet_description}}' - register: vpc_subnet_ipv6_create - - - name: assert creation with IPv6 happened (expected changed=true) - assert: - that: - - vpc_subnet_ipv6_create is changed - - 'vpc_subnet_ipv6_create.subnet.id.startswith("subnet-")' - - "vpc_subnet_ipv6_create.subnet.ipv6_cidr_block == '{{ vpc_ipv6_cidr | regex_replace('::/56', '::/64') }}'" - - '"Name" in vpc_subnet_ipv6_create.subnet.tags and vpc_subnet_ipv6_create.subnet.tags["Name"] == ec2_vpc_subnet_name' - - '"Description" in vpc_subnet_ipv6_create.subnet.tags and vpc_subnet_ipv6_create.subnet.tags["Description"] == ec2_vpc_subnet_description' - - 'vpc_subnet_ipv6_create.subnet.assign_ipv6_address_on_creation' - - # ============================================================ - - name: recreate subnet (expected changed=false) (CHECK MODE) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - vpc_id: "{{ vpc_result.vpc.id }}" - ipv6_cidr: "{{ vpc_ipv6_cidr | regex_replace('::/56', '::/64') }}" - assign_instances_ipv6: true - state: present - tags: - Name: '{{ec2_vpc_subnet_name}}' - Description: '{{ec2_vpc_subnet_description}}' - check_mode: true - register: vpc_subnet_ipv6_recreate - - - name: assert recreation changed nothing (expected changed=false) - assert: - that: - - vpc_subnet_ipv6_recreate is not changed - - - name: recreate subnet (expected changed=false) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - vpc_id: "{{ vpc_result.vpc.id }}" - ipv6_cidr: "{{ vpc_ipv6_cidr | regex_replace('::/56', '::/64') }}" - assign_instances_ipv6: true - state: present - tags: - Name: '{{ec2_vpc_subnet_name}}' - Description: '{{ec2_vpc_subnet_description}}' - register: vpc_subnet_ipv6_recreate - - - name: assert recreation changed nothing (expected changed=false) - assert: - that: - - vpc_subnet_ipv6_recreate is not changed - - 'vpc_subnet_ipv6_recreate.subnet == vpc_subnet_ipv6_create.subnet' - - # ============================================================ - - name: change subnet ipv6 attribute (expected changed=true) (CHECK MODE) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - vpc_id: "{{ vpc_result.vpc.id }}" - ipv6_cidr: "{{ vpc_ipv6_cidr | regex_replace('::/56', '::/64') }}" - assign_instances_ipv6: false - state: present - purge_tags: false - check_mode: true - register: vpc_change_attribute - - - name: assert assign_instances_ipv6 attribute changed (expected changed=true) - assert: - that: - - vpc_change_attribute is changed - - - name: change subnet ipv6 attribute (expected changed=true) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - vpc_id: "{{ vpc_result.vpc.id }}" - ipv6_cidr: "{{ vpc_ipv6_cidr | regex_replace('::/56', '::/64') }}" - assign_instances_ipv6: false - state: present - purge_tags: false - register: vpc_change_attribute - - - name: assert assign_instances_ipv6 attribute changed (expected changed=true) - assert: - that: - - vpc_change_attribute is changed - - 'not vpc_change_attribute.subnet.assign_ipv6_address_on_creation' - - # ============================================================ - - name: add second subnet with duplicate ipv6 cidr (expected failure) - ec2_vpc_subnet: - cidr: "10.232.232.144/28" - vpc_id: "{{ vpc_result.vpc.id }}" - ipv6_cidr: "{{ vpc_ipv6_cidr | regex_replace('::/56', '::/64') }}" - state: present - purge_tags: false - register: vpc_add_duplicate_ipv6 - ignore_errors: true - - - name: assert graceful failure (expected failed) - assert: - that: - - vpc_add_duplicate_ipv6 is failed - - "'The IPv6 CIDR \\'{{ vpc_ipv6_cidr | regex_replace('::/56', '::/64') }}\\' conflicts with another subnet' in vpc_add_duplicate_ipv6.msg" - - # ============================================================ - - name: remove subnet ipv6 cidr (expected changed=true) (CHECK MODE) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - vpc_id: "{{ vpc_result.vpc.id }}" - state: present - purge_tags: false - check_mode: true - register: vpc_remove_ipv6_cidr - - - name: assert subnet ipv6 cidr removed (expected changed=true) - assert: - that: - - vpc_remove_ipv6_cidr is changed - - - name: remove subnet ipv6 cidr (expected changed=true) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - vpc_id: "{{ vpc_result.vpc.id }}" - state: present - purge_tags: false - register: vpc_remove_ipv6_cidr - - - name: assert subnet ipv6 cidr removed (expected changed=true) - assert: - that: - - vpc_remove_ipv6_cidr is changed - - "vpc_remove_ipv6_cidr.subnet.ipv6_cidr_block == ''" - - 'not vpc_remove_ipv6_cidr.subnet.assign_ipv6_address_on_creation' - - # ============================================================ - - name: test adding a tag that looks like a boolean to the subnet (CHECK MODE) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - vpc_id: "{{ vpc_result.vpc.id }}" - state: present - purge_tags: false - tags: - looks_like_boolean: true - check_mode: true - register: vpc_subnet_info - - - name: assert a tag was added - assert: - that: - - vpc_subnet_info is changed - - - name: test adding a tag that looks like a boolean to the subnet - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - vpc_id: "{{ vpc_result.vpc.id }}" - state: present - purge_tags: false - tags: - looks_like_boolean: true - register: vpc_subnet_info - - - name: assert a tag was added - assert: - that: - - vpc_subnet_info is changed - - 'vpc_subnet_info.subnet.tags.looks_like_boolean == "True"' - - # ============================================================ - - name: test idempotence adding a tag that looks like a boolean (CHECK MODE) - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - vpc_id: "{{ vpc_result.vpc.id }}" - state: present - purge_tags: false - tags: - looks_like_boolean: true - check_mode: true - register: vpc_subnet_info - - - name: assert tags haven't changed - assert: - that: - - vpc_subnet_info is not changed - - - name: test idempotence adding a tag that looks like a boolean - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - vpc_id: "{{ vpc_result.vpc.id }}" - state: present - purge_tags: false - tags: - looks_like_boolean: true - register: vpc_subnet_info - - - name: assert tags haven't changed - assert: - that: - - vpc_subnet_info is not changed - - always: - - ################################################ - # TEARDOWN STARTS HERE - ################################################ - - - name: tidy up subnet - ec2_vpc_subnet: - cidr: "10.232.232.128/28" - vpc_id: "{{ vpc_result.vpc.id }}" - state: absent - - - name: tidy up VPC - ec2_vpc_net: - name: "{{ resource_prefix }}-vpc" - state: absent - cidr_block: "10.232.232.128/26" diff --git a/test/integration/targets/inventory_aws_ec2/aliases b/test/integration/targets/inventory_aws_ec2/aliases deleted file mode 100644 index a112c3d1bb..0000000000 --- a/test/integration/targets/inventory_aws_ec2/aliases +++ /dev/null @@ -1,2 +0,0 @@ -cloud/aws -shippable/aws/group1 diff --git a/test/integration/targets/inventory_aws_ec2/playbooks/create_inventory_config.yml b/test/integration/targets/inventory_aws_ec2/playbooks/create_inventory_config.yml deleted file mode 100644 index 8680c38d01..0000000000 --- a/test/integration/targets/inventory_aws_ec2/playbooks/create_inventory_config.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- hosts: 127.0.0.1 - connection: local - gather_facts: no - vars: - template_name: "../templates/{{ template | default('inventory.yml') }}" - tasks: - - name: write inventory config file - copy: - dest: ../test.aws_ec2.yml - content: "{{ lookup('template', template_name) }}" diff --git a/test/integration/targets/inventory_aws_ec2/playbooks/empty_inventory_config.yml b/test/integration/targets/inventory_aws_ec2/playbooks/empty_inventory_config.yml deleted file mode 100644 index f67fff1a93..0000000000 --- a/test/integration/targets/inventory_aws_ec2/playbooks/empty_inventory_config.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- hosts: 127.0.0.1 - connection: local - gather_facts: no - tasks: - - name: write inventory config file - copy: - dest: ../test.aws_ec2.yml - content: "" diff --git a/test/integration/targets/inventory_aws_ec2/playbooks/populate_cache.yml b/test/integration/targets/inventory_aws_ec2/playbooks/populate_cache.yml deleted file mode 100644 index 07b0eec4c5..0000000000 --- a/test/integration/targets/inventory_aws_ec2/playbooks/populate_cache.yml +++ /dev/null @@ -1,64 +0,0 @@ ---- -- hosts: 127.0.0.1 - connection: local - gather_facts: no - environment: "{{ ansible_test.environment }}" - tasks: - - - block: - - # Create VPC, subnet, security group, and find image_id to create instance - - - include_tasks: setup.yml - - - name: assert group was populated with inventory but is empty - assert: - that: - - "'aws_ec2' in groups" - - "not groups.aws_ec2" - - # Create new host, add it to inventory and then terminate it without updating the cache - - - name: set connection information for all tasks - set_fact: - aws_connection_info: &aws_connection_info - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' - no_log: yes - - - name: create a new host - ec2: - image: '{{ image_id }}' - exact_count: 1 - count_tag: - Name: '{{ resource_prefix }}' - instance_tags: - Name: '{{ resource_prefix }}' - instance_type: t2.micro - wait: yes - group_id: '{{ sg_id }}' - vpc_subnet_id: '{{ subnet_id }}' - <<: *aws_connection_info - register: setup_instance - - - meta: refresh_inventory - - always: - - - name: remove setup ec2 instance - ec2: - instance_type: t2.micro - instance_ids: '{{ setup_instance.instance_ids }}' - state: absent - wait: yes - instance_tags: - Name: '{{ resource_prefix }}' - group_id: '{{ sg_id }}' - vpc_subnet_id: '{{ subnet_id }}' - <<: *aws_connection_info - ignore_errors: yes - when: setup_instance is defined - - - include_tasks: tear_down.yml diff --git a/test/integration/targets/inventory_aws_ec2/playbooks/setup.yml b/test/integration/targets/inventory_aws_ec2/playbooks/setup.yml deleted file mode 100644 index 8a9b88937f..0000000000 --- a/test/integration/targets/inventory_aws_ec2/playbooks/setup.yml +++ /dev/null @@ -1,62 +0,0 @@ -- name: set connection information for all tasks - set_fact: - aws_connection_info: &aws_connection_info - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' - no_log: yes - -- name: get image ID to create an instance - ec2_ami_info: - filters: - architecture: x86_64 - owner-id: '125523088429' - virtualization-type: hvm - root-device-type: ebs - name: 'Fedora-Atomic-27*' - <<: *aws_connection_info - register: fedora_images - -- set_fact: - image_id: '{{ fedora_images.images.0.image_id }}' - -- name: create a VPC to work in - ec2_vpc_net: - cidr_block: 10.10.0.0/24 - state: present - name: '{{ resource_prefix }}_setup' - resource_tags: - Name: '{{ resource_prefix }}_setup' - <<: *aws_connection_info - register: setup_vpc - -- set_fact: - vpc_id: '{{ setup_vpc.vpc.id }}' - -- name: create a subnet to use for creating an ec2 instance - ec2_vpc_subnet: - az: '{{ aws_region }}a' - tags: '{{ resource_prefix }}_setup' - vpc_id: '{{ setup_vpc.vpc.id }}' - cidr: 10.10.0.0/24 - state: present - resource_tags: - Name: '{{ resource_prefix }}_setup' - <<: *aws_connection_info - register: setup_subnet - -- set_fact: - subnet_id: '{{ setup_subnet.subnet.id }}' - -- name: create a security group to use for creating an ec2 instance - ec2_group: - name: '{{ resource_prefix }}_setup' - description: 'created by Ansible integration tests' - state: present - vpc_id: '{{ setup_vpc.vpc.id }}' - <<: *aws_connection_info - register: setup_sg - -- set_fact: - sg_id: '{{ setup_sg.group_id }}' diff --git a/test/integration/targets/inventory_aws_ec2/playbooks/tear_down.yml b/test/integration/targets/inventory_aws_ec2/playbooks/tear_down.yml deleted file mode 100644 index 4c8240e46d..0000000000 --- a/test/integration/targets/inventory_aws_ec2/playbooks/tear_down.yml +++ /dev/null @@ -1,39 +0,0 @@ -- name: set connection information for all tasks - set_fact: - aws_connection_info: &aws_connection_info - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' - no_log: yes - -- name: remove setup security group - ec2_group: - name: '{{ resource_prefix }}_setup' - description: 'created by Ansible integration tests' - state: absent - vpc_id: '{{ vpc_id }}' - <<: *aws_connection_info - ignore_errors: yes - -- name: remove setup subnet - ec2_vpc_subnet: - az: '{{ aws_region }}a' - tags: '{{ resource_prefix }}_setup' - vpc_id: '{{ vpc_id }}' - cidr: 10.10.0.0/24 - state: absent - resource_tags: - Name: '{{ resource_prefix }}_setup' - <<: *aws_connection_info - ignore_errors: yes - -- name: remove setup VPC - ec2_vpc_net: - cidr_block: 10.10.0.0/24 - state: absent - name: '{{ resource_prefix }}_setup' - resource_tags: - Name: '{{ resource_prefix }}_setup' - <<: *aws_connection_info - ignore_errors: yes diff --git a/test/integration/targets/inventory_aws_ec2/playbooks/test_invalid_aws_ec2_inventory_config.yml b/test/integration/targets/inventory_aws_ec2/playbooks/test_invalid_aws_ec2_inventory_config.yml deleted file mode 100644 index cc1b9a5a5e..0000000000 --- a/test/integration/targets/inventory_aws_ec2/playbooks/test_invalid_aws_ec2_inventory_config.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- hosts: 127.0.0.1 - connection: local - gather_facts: no - tasks: - - name: assert inventory was not populated by aws_ec2 inventory plugin - assert: - that: - - "'aws_ec2' not in groups" diff --git a/test/integration/targets/inventory_aws_ec2/playbooks/test_inventory_cache.yml b/test/integration/targets/inventory_aws_ec2/playbooks/test_inventory_cache.yml deleted file mode 100644 index d83cb0bfe6..0000000000 --- a/test/integration/targets/inventory_aws_ec2/playbooks/test_inventory_cache.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- hosts: 127.0.0.1 - connection: local - gather_facts: no - tasks: - - name: assert cache was used to populate inventory - assert: - that: - - "'aws_ec2' in groups" - - "groups.aws_ec2 | length == 1" - - - meta: refresh_inventory - - - name: assert refresh_inventory updated the cache - assert: - that: - - "'aws_ec2' in groups" - - "not groups.aws_ec2" diff --git a/test/integration/targets/inventory_aws_ec2/playbooks/test_populating_inventory.yml b/test/integration/targets/inventory_aws_ec2/playbooks/test_populating_inventory.yml deleted file mode 100644 index 73a67db065..0000000000 --- a/test/integration/targets/inventory_aws_ec2/playbooks/test_populating_inventory.yml +++ /dev/null @@ -1,91 +0,0 @@ ---- -- hosts: 127.0.0.1 - connection: local - gather_facts: no - environment: "{{ ansible_test.environment }}" - tasks: - - - block: - - # Create VPC, subnet, security group, and find image_id to create instance - - - include_tasks: setup.yml - - - name: assert group was populated with inventory but is empty - assert: - that: - - "'aws_ec2' in groups" - - "not groups.aws_ec2" - - # Create new host, refresh inventory, remove host, refresh inventory - - - name: set connection information for all tasks - set_fact: - aws_connection_info: &aws_connection_info - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' - no_log: yes - - - name: create a new host - ec2: - image: '{{ image_id }}' - exact_count: 1 - count_tag: - Name: '{{ resource_prefix }}' - instance_tags: - Name: '{{ resource_prefix }}' - instance_type: t2.micro - wait: yes - group_id: '{{ sg_id }}' - vpc_subnet_id: '{{ subnet_id }}' - <<: *aws_connection_info - register: setup_instance - - - meta: refresh_inventory - - - name: assert group was populated with inventory and is no longer empty - assert: - that: - - "'aws_ec2' in groups" - - "groups.aws_ec2 | length == 1" - - "groups.aws_ec2.0 == '{{ resource_prefix }}'" - - - name: remove setup ec2 instance - ec2: - instance_type: t2.micro - instance_ids: '{{ setup_instance.instance_ids }}' - state: absent - wait: yes - instance_tags: - Name: '{{ resource_prefix }}' - group_id: '{{ sg_id }}' - vpc_subnet_id: '{{ subnet_id }}' - <<: *aws_connection_info - - - meta: refresh_inventory - - - name: assert group was populated with inventory but is empty - assert: - that: - - "'aws_ec2' in groups" - - "not groups.aws_ec2" - - always: - - - name: remove setup ec2 instance - ec2: - instance_type: t2.micro - instance_ids: '{{ setup_instance.instance_ids }}' - state: absent - wait: yes - instance_tags: - Name: '{{ resource_prefix }}' - group_id: '{{ sg_id }}' - vpc_subnet_id: '{{ subnet_id }}' - <<: *aws_connection_info - ignore_errors: yes - when: setup_instance is defined - - - include_tasks: tear_down.yml diff --git a/test/integration/targets/inventory_aws_ec2/playbooks/test_populating_inventory_with_constructed.yml b/test/integration/targets/inventory_aws_ec2/playbooks/test_populating_inventory_with_constructed.yml deleted file mode 100644 index fdeeeeff42..0000000000 --- a/test/integration/targets/inventory_aws_ec2/playbooks/test_populating_inventory_with_constructed.yml +++ /dev/null @@ -1,79 +0,0 @@ ---- -- hosts: 127.0.0.1 - connection: local - gather_facts: no - environment: "{{ ansible_test.environment }}" - tasks: - - - block: - - # Create VPC, subnet, security group, and find image_id to create instance - - - include_tasks: setup.yml - - # Create new host, refresh inventory - - - name: set connection information for all tasks - set_fact: - aws_connection_info: &aws_connection_info - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' - no_log: yes - - - name: create a new host - ec2: - image: '{{ image_id }}' - exact_count: 1 - count_tag: - Name: '{{ resource_prefix }}' - instance_tags: - Name: '{{ resource_prefix }}' - tag1: value1 - tag2: value2 - instance_type: t2.micro - wait: yes - group_id: '{{ sg_id }}' - vpc_subnet_id: '{{ subnet_id }}' - <<: *aws_connection_info - register: setup_instance - - - meta: refresh_inventory - - - name: register the keyed sg group name - set_fact: - sg_group_name: "security_groups_{{ sg_id | replace('-', '_') }}" - - - name: register one of the keyed tag groups name - set_fact: - tag_group_name: "tag_Name_{{ resource_prefix | replace('-', '_') }}" - - - name: assert the keyed groups and groups from constructed config were added to inventory and composite var added to hostvars - assert: - that: - # There are 9 groups: all, ungrouped, aws_ec2, sg keyed group, 3 tag keyed group (one per tag), arch keyed group, constructed group - - "groups | length == 9" - - "groups[tag_group_name] | length == 1" - - "groups[sg_group_name] | length == 1" - - "groups.arch_x86_64 | length == 1" - - "groups.tag_with_name_key | length == 1" - - vars.hostvars[groups.aws_ec2.0]['test_compose_var_sum'] == 'value1value2' - - always: - - - name: remove setup ec2 instance - ec2: - instance_type: t2.micro - instance_ids: '{{ setup_instance.instance_ids }}' - state: absent - wait: yes - instance_tags: - Name: '{{ resource_prefix }}' - group_id: "{{ sg_id }}" - vpc_subnet_id: "{{ subnet_id }}" - <<: *aws_connection_info - ignore_errors: yes - when: setup_instance is defined - - - include_tasks: tear_down.yml diff --git a/test/integration/targets/inventory_aws_ec2/playbooks/test_refresh_inventory.yml b/test/integration/targets/inventory_aws_ec2/playbooks/test_refresh_inventory.yml deleted file mode 100644 index 6b46599b5b..0000000000 --- a/test/integration/targets/inventory_aws_ec2/playbooks/test_refresh_inventory.yml +++ /dev/null @@ -1,74 +0,0 @@ -- name: test updating inventory - block: - - name: assert group was populated with inventory but is empty - assert: - that: - - "'aws_ec2' in groups" - - "not groups.aws_ec2" - - - name: set connection information for all tasks - set_fact: - aws_connection_info: &aws_connection_info - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" - region: "{{ aws_region }}" - no_log: yes - - - name: create a new host - ec2: - image: "{{ images[aws_region] }}" - exact_count: 1 - count_tag: - Name: '{{ resource_prefix }}' - instance_tags: - Name: '{{ resource_prefix }}' - instance_type: t2.micro - wait: yes - group_id: '{{ setup_sg.group_id }}' - vpc_subnet_id: '{{ setup_subnet.subnet.id }}' - <<: *aws_connection_info - register: setup_instance - - - meta: refresh_inventory - - - name: assert group was populated with inventory and is no longer empty - assert: - that: - - "'aws_ec2' in groups" - - "groups.aws_ec2 | length == 1" - - "groups.aws_ec2.0 == '{{ resource_prefix }}'" - - - name: remove setup ec2 instance - ec2: - instance_type: t2.micro - instance_ids: '{{ setup_instance.instance_ids }}' - state: absent - wait: yes - instance_tags: - Name: '{{ resource_prefix }}' - group_id: '{{ setup_sg.group_id }}' - vpc_subnet_id: '{{ setup_subnet.subnet.id }}' - <<: *aws_connection_info - - - meta: refresh_inventory - - - name: assert group was populated with inventory but is empty - assert: - that: - - "'aws_ec2' in groups" - - "not groups.aws_ec2" - - always: - - name: remove setup ec2 instance - ec2: - instance_type: t2.micro - instance_ids: '{{ setup_instance.instance_ids }}' - state: absent - wait: yes - instance_tags: - Name: '{{ resource_prefix }}' - group_id: '{{ setup_sg.group_id }}' - vpc_subnet_id: '{{ setup_subnet.subnet.id }}' - <<: *aws_connection_info - ignore_errors: yes diff --git a/test/integration/targets/inventory_aws_ec2/runme.sh b/test/integration/targets/inventory_aws_ec2/runme.sh deleted file mode 100755 index 916f7e8f7a..0000000000 --- a/test/integration/targets/inventory_aws_ec2/runme.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/usr/bin/env bash - -set -eux - -# ensure test config is empty -ansible-playbook playbooks/empty_inventory_config.yml "$@" - -export ANSIBLE_INVENTORY_ENABLED=aws_ec2 - -# test with default inventory file -ansible-playbook playbooks/test_invalid_aws_ec2_inventory_config.yml "$@" - -export ANSIBLE_INVENTORY=test.aws_ec2.yml - -# test empty inventory config -ansible-playbook playbooks/test_invalid_aws_ec2_inventory_config.yml "$@" - -# generate inventory config and test using it -ansible-playbook playbooks/create_inventory_config.yml "$@" -ansible-playbook playbooks/test_populating_inventory.yml "$@" - -# generate inventory config with caching and test using it -ansible-playbook playbooks/create_inventory_config.yml -e "template='inventory_with_cache.yml'" "$@" -ansible-playbook playbooks/populate_cache.yml "$@" -ansible-playbook playbooks/test_inventory_cache.yml "$@" - -# remove inventory cache -rm -r aws_ec2_cache_dir/ - -# generate inventory config with constructed features and test using it -ansible-playbook playbooks/create_inventory_config.yml -e "template='inventory_with_constructed.yml'" "$@" -ansible-playbook playbooks/test_populating_inventory_with_constructed.yml "$@" - -# cleanup inventory config -ansible-playbook playbooks/empty_inventory_config.yml "$@" diff --git a/test/integration/targets/inventory_aws_ec2/templates/inventory.yml b/test/integration/targets/inventory_aws_ec2/templates/inventory.yml deleted file mode 100644 index 942edb309b..0000000000 --- a/test/integration/targets/inventory_aws_ec2/templates/inventory.yml +++ /dev/null @@ -1,12 +0,0 @@ -plugin: aws_ec2 -aws_access_key_id: '{{ aws_access_key }}' -aws_secret_access_key: '{{ aws_secret_key }}' -aws_security_token: '{{ security_token }}' -regions: - - '{{ aws_region }}' -filters: - tag:Name: - - '{{ resource_prefix }}' -hostnames: - - tag:Name - - dns-name diff --git a/test/integration/targets/inventory_aws_ec2/templates/inventory_with_cache.yml b/test/integration/targets/inventory_aws_ec2/templates/inventory_with_cache.yml deleted file mode 100644 index e35bf9010b..0000000000 --- a/test/integration/targets/inventory_aws_ec2/templates/inventory_with_cache.yml +++ /dev/null @@ -1,12 +0,0 @@ -plugin: aws_ec2 -cache: True -cache_plugin: jsonfile -cache_connection: aws_ec2_cache_dir -aws_access_key_id: '{{ aws_access_key }}' -aws_secret_access_key: '{{ aws_secret_key }}' -aws_security_token: '{{ security_token }}' -regions: - - '{{ aws_region }}' -filters: - tag:Name: - - '{{ resource_prefix }}' diff --git a/test/integration/targets/inventory_aws_ec2/templates/inventory_with_constructed.yml b/test/integration/targets/inventory_aws_ec2/templates/inventory_with_constructed.yml deleted file mode 100644 index 6befb4e339..0000000000 --- a/test/integration/targets/inventory_aws_ec2/templates/inventory_with_constructed.yml +++ /dev/null @@ -1,20 +0,0 @@ -plugin: aws_ec2 -aws_access_key_id: '{{ aws_access_key }}' -aws_secret_access_key: '{{ aws_secret_key }}' -aws_security_token: '{{ security_token }}' -regions: - - '{{ aws_region }}' -filters: - tag:Name: - - '{{ resource_prefix }}' -keyed_groups: - - key: 'security_groups|json_query("[].group_id")' - prefix: 'security_groups' - - key: 'tags' - prefix: 'tag' - - prefix: 'arch' - key: "architecture" -compose: - test_compose_var_sum: tags.tag1 + tags.tag2 -groups: - tag_with_name_key: "'Name' in (tags | list)" diff --git a/test/integration/targets/inventory_aws_ec2/test.aws_ec2.yml b/test/integration/targets/inventory_aws_ec2/test.aws_ec2.yml deleted file mode 100644 index e69de29bb2..0000000000 --- a/test/integration/targets/inventory_aws_ec2/test.aws_ec2.yml +++ /dev/null diff --git a/test/integration/targets/inventory_aws_rds/aliases b/test/integration/targets/inventory_aws_rds/aliases deleted file mode 100644 index 5692719518..0000000000 --- a/test/integration/targets/inventory_aws_rds/aliases +++ /dev/null @@ -1,2 +0,0 @@ -cloud/aws -unsupported diff --git a/test/integration/targets/inventory_aws_rds/playbooks/create_inventory_config.yml b/test/integration/targets/inventory_aws_rds/playbooks/create_inventory_config.yml deleted file mode 100644 index f0a9030a0f..0000000000 --- a/test/integration/targets/inventory_aws_rds/playbooks/create_inventory_config.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- hosts: 127.0.0.1 - connection: local - gather_facts: no - vars: - template_name: "../templates/{{ template | default('inventory.j2') }}" - tasks: - - name: write inventory config file - copy: - dest: ../test.aws_rds.yml - content: "{{ lookup('template', template_name) }}" diff --git a/test/integration/targets/inventory_aws_rds/playbooks/empty_inventory_config.yml b/test/integration/targets/inventory_aws_rds/playbooks/empty_inventory_config.yml deleted file mode 100644 index d7e2cda3a7..0000000000 --- a/test/integration/targets/inventory_aws_rds/playbooks/empty_inventory_config.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- hosts: 127.0.0.1 - connection: local - gather_facts: no - tasks: - - name: write inventory config file - copy: - dest: ../test.aws_rds.yml - content: "" diff --git a/test/integration/targets/inventory_aws_rds/playbooks/populate_cache.yml b/test/integration/targets/inventory_aws_rds/playbooks/populate_cache.yml deleted file mode 100644 index bd7dc6b494..0000000000 --- a/test/integration/targets/inventory_aws_rds/playbooks/populate_cache.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -- hosts: 127.0.0.1 - connection: local - gather_facts: no - environment: "{{ ansible_test.environment }}" - tasks: - - - module_defaults: - group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region }}' - block: - - set_fact: - instance_id: '{{ resource_prefix }}-mariadb' - - - name: assert group was populated with inventory but is empty - assert: - that: - - "'aws_rds' in groups" - - "not groups.aws_rds" - - # Create new host, add it to inventory and then terminate it without updating the cache - - - name: create minimal mariadb instance in default VPC and default subnet group - rds_instance: - state: present - engine: mariadb - db_instance_class: db.t2.micro - allocated_storage: 20 - instance_id: '{{ instance_id }}' - master_username: 'ansibletestuser' - master_user_password: 'password-{{ resource_prefix | regex_findall(".{8}$") | first }}' - tags: - workload_type: other - register: setup_instance - - - meta: refresh_inventory - - - assert: - that: - - groups.aws_rds - - always: - - - name: remove mariadb instance - rds_instance: - state: absent - engine: mariadb - skip_final_snapshot: yes - instance_id: '{{ instance_id }}' - ignore_errors: yes - when: setup_instance is defined diff --git a/test/integration/targets/inventory_aws_rds/playbooks/test_invalid_aws_rds_inventory_config.yml b/test/integration/targets/inventory_aws_rds/playbooks/test_invalid_aws_rds_inventory_config.yml deleted file mode 100644 index 499513570b..0000000000 --- a/test/integration/targets/inventory_aws_rds/playbooks/test_invalid_aws_rds_inventory_config.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- hosts: 127.0.0.1 - connection: local - gather_facts: no - tasks: - - name: assert inventory was not populated by aws_rds inventory plugin - assert: - that: - - "'aws_rds' not in groups" diff --git a/test/integration/targets/inventory_aws_rds/playbooks/test_inventory_cache.yml b/test/integration/targets/inventory_aws_rds/playbooks/test_inventory_cache.yml deleted file mode 100644 index 7eadbad853..0000000000 --- a/test/integration/targets/inventory_aws_rds/playbooks/test_inventory_cache.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- hosts: 127.0.0.1 - connection: local - gather_facts: no - tasks: - - name: assert cache was used to populate inventory - assert: - that: - - "'aws_rds' in groups" - - "groups.aws_rds | length == 1" - - - meta: refresh_inventory - - - name: assert refresh_inventory updated the cache - assert: - that: - - "'aws_rds' in groups" - - "not groups.aws_rds" diff --git a/test/integration/targets/inventory_aws_rds/playbooks/test_populating_inventory.yml b/test/integration/targets/inventory_aws_rds/playbooks/test_populating_inventory.yml deleted file mode 100644 index d79f2a01a9..0000000000 --- a/test/integration/targets/inventory_aws_rds/playbooks/test_populating_inventory.yml +++ /dev/null @@ -1,74 +0,0 @@ ---- -- hosts: 127.0.0.1 - connection: local - gather_facts: no - environment: "{{ ansible_test.environment }}" - tasks: - - - module_defaults: - group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region }}' - block: - - - set_fact: - instance_id: "{{ resource_prefix }}-mariadb" - - - debug: var=groups - - name: assert group was populated with inventory but is empty - assert: - that: - - "'aws_rds' in groups" - - "not groups.aws_rds" - - # Create new host, refresh inventory, remove host, refresh inventory - - - name: create minimal mariadb instance in default VPC and default subnet group - rds_instance: - state: present - engine: mariadb - db_instance_class: db.t2.micro - allocated_storage: 20 - instance_id: '{{ instance_id }}' - master_username: 'ansibletestuser' - master_user_password: 'password-{{ resource_prefix | regex_findall(".{8}$") | first }}' - tags: - workload_type: other - register: setup_instance - - - meta: refresh_inventory - - - name: assert group was populated with inventory and is no longer empty - assert: - that: - - "'aws_rds' in groups" - - "groups.aws_rds | length == 1" - - "groups.aws_rds.0 == '{{ instance_id }}'" - - - name: remove mariadb instance - rds_instance: - state: absent - engine: mariadb - skip_final_snapshot: yes - instance_id: '{{ instance_id }}' - - - meta: refresh_inventory - - - name: assert group was populated with inventory but is empty - assert: - that: - - "'aws_rds' in groups" - - "not groups.aws_rds" - - always: - - - name: remove mariadb instance - rds_instance: - state: absent - engine: mariadb - skip_final_snapshot: yes - instance_id: '{{ instance_id }}' - ignore_errors: yes - when: setup_instance is defined diff --git a/test/integration/targets/inventory_aws_rds/playbooks/test_populating_inventory_with_constructed.yml b/test/integration/targets/inventory_aws_rds/playbooks/test_populating_inventory_with_constructed.yml deleted file mode 100644 index c6ddb57340..0000000000 --- a/test/integration/targets/inventory_aws_rds/playbooks/test_populating_inventory_with_constructed.yml +++ /dev/null @@ -1,62 +0,0 @@ ---- -- hosts: 127.0.0.1 - connection: local - gather_facts: no - environment: "{{ ansible_test.environment }}" - tasks: - - - module_defaults: - group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region }}' - block: - - - set_fact: - instance_id: "{{ resource_prefix }}-mariadb" - - - name: create minimal mariadb instance in default VPC and default subnet group - rds_instance: - state: present - engine: mariadb - db_instance_class: db.t2.micro - allocated_storage: 20 - instance_id: '{{ resource_prefix }}-mariadb' - master_username: 'ansibletestuser' - master_user_password: 'password-{{ resource_prefix | regex_findall(".{8}$") | first }}' - tags: - workload_type: other - register: setup_instance - - - meta: refresh_inventory - - debug: var=groups - - - name: 'generate expected group name based off the db parameter groups' - vars: - parameter_group_name: '{{ setup_instance.db_parameter_groups[0].db_parameter_group_name }}' - set_fact: - parameter_group_key: 'rds_parameter_group_{{ parameter_group_name | replace(".", "_") }}' - - - name: assert the keyed groups from constructed config were added to inventory - assert: - that: - # There are 6 groups: all, ungrouped, aws_rds, tag keyed group, engine keyed group, parameter group keyed group - - "groups | length == 6" - - '"all" in groups' - - '"ungrouped" in groups' - - '"aws_rds" in groups' - - '"tag_workload_type_other" in groups' - - '"rds_mariadb" in groups' - - 'parameter_group_key in groups' - - always: - - - name: remove mariadb instance - rds_instance: - state: absent - engine: mariadb - skip_final_snapshot: yes - instance_id: '{{ instance_id }}' - ignore_errors: yes - when: setup_instance is defined diff --git a/test/integration/targets/inventory_aws_rds/playbooks/test_refresh_inventory.yml b/test/integration/targets/inventory_aws_rds/playbooks/test_refresh_inventory.yml deleted file mode 100644 index 565803800c..0000000000 --- a/test/integration/targets/inventory_aws_rds/playbooks/test_refresh_inventory.yml +++ /dev/null @@ -1,64 +0,0 @@ -- name: test updating inventory - module_defaults: - group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region }}' - block: - - set_fact: - instance_id: "{{ resource_prefix }}update" - - - name: assert group was populated with inventory but is empty - assert: - that: - - "'aws_rds' in groups" - - "not groups.aws_rds" - - - name: create minimal mariadb instance in default VPC and default subnet group - rds_instance: - state: present - engine: mariadb - db_instance_class: db.t2.micro - allocated_storage: 20 - instance_id: 'rds-mariadb-{{ resource_prefix }}' - master_username: 'ansibletestuser' - master_user_password: 'password-{{ resource_prefix | regex_findall(".{8}$") | first }}' - tags: - workload_type: other - register: setup_instance - - - meta: refresh_inventory - - - name: assert group was populated with inventory and is no longer empty - assert: - that: - - "'aws_rds' in groups" - - "groups.aws_rds | length == 1" - - "groups.aws_rds.0 == '{{ resource_prefix }}'" - - - name: remove mariadb instance - rds_instance: - state: absent - engine: mariadb - skip_final_snapshot: yes - instance_id: ansible-rds-mariadb-example - - - meta: refresh_inventory - - - name: assert group was populated with inventory but is empty - assert: - that: - - "'aws_rds' in groups" - - "not groups.aws_rds" - - always: - - - name: remove mariadb instance - rds_instance: - state: absent - engine: mariadb - skip_final_snapshot: yes - instance_id: ansible-rds-mariadb-example - ignore_errors: yes - when: setup_instance is defined diff --git a/test/integration/targets/inventory_aws_rds/runme.sh b/test/integration/targets/inventory_aws_rds/runme.sh deleted file mode 100755 index d759349e76..0000000000 --- a/test/integration/targets/inventory_aws_rds/runme.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/usr/bin/env bash - -set -eux - -# ensure test config is empty -ansible-playbook playbooks/empty_inventory_config.yml "$@" - -export ANSIBLE_INVENTORY_ENABLED=aws_rds - -# test with default inventory file -ansible-playbook playbooks/test_invalid_aws_rds_inventory_config.yml "$@" - -export ANSIBLE_INVENTORY=test.aws_rds.yml - -# test empty inventory config -ansible-playbook playbooks/test_invalid_aws_rds_inventory_config.yml "$@" - -# generate inventory config and test using it -ansible-playbook playbooks/create_inventory_config.yml "$@" -ansible-playbook playbooks/test_populating_inventory.yml "$@" - -# generate inventory config with caching and test using it -ansible-playbook playbooks/create_inventory_config.yml -e "template='inventory_with_cache.j2'" "$@" -ansible-playbook playbooks/populate_cache.yml "$@" -ansible-playbook playbooks/test_inventory_cache.yml "$@" - -# remove inventory cache -rm -r aws_rds_cache_dir/ - -# generate inventory config with constructed features and test using it -ansible-playbook playbooks/create_inventory_config.yml -e "template='inventory_with_constructed.j2'" "$@" -ansible-playbook playbooks/test_populating_inventory_with_constructed.yml "$@" - -# cleanup inventory config -ansible-playbook playbooks/empty_inventory_config.yml "$@" diff --git a/test/integration/targets/inventory_aws_rds/templates/inventory.j2 b/test/integration/targets/inventory_aws_rds/templates/inventory.j2 deleted file mode 100644 index 3d9df9affc..0000000000 --- a/test/integration/targets/inventory_aws_rds/templates/inventory.j2 +++ /dev/null @@ -1,10 +0,0 @@ -plugin: aws_rds -aws_access_key_id: '{{ aws_access_key }}' -aws_secret_access_key: '{{ aws_secret_key }}' -{% if security_token | default(false) %} -aws_security_token: '{{ security_token }}' -{% endif %} -regions: - - '{{ aws_region }}' -filters: - db-instance-id: "{{ resource_prefix }}-mariadb" diff --git a/test/integration/targets/inventory_aws_rds/templates/inventory_with_cache.j2 b/test/integration/targets/inventory_aws_rds/templates/inventory_with_cache.j2 deleted file mode 100644 index ba227e3082..0000000000 --- a/test/integration/targets/inventory_aws_rds/templates/inventory_with_cache.j2 +++ /dev/null @@ -1,13 +0,0 @@ -plugin: aws_rds -cache: True -cache_plugin: jsonfile -cache_connection: aws_rds_cache_dir -aws_access_key_id: '{{ aws_access_key }}' -aws_secret_access_key: '{{ aws_secret_key }}' -{% if security_token | default(false) %} -aws_security_token: '{{ security_token }}' -{% endif %} -regions: - - '{{ aws_region }}' -filters: - db-instance-id: "{{ resource_prefix }}-mariadb" diff --git a/test/integration/targets/inventory_aws_rds/templates/inventory_with_constructed.j2 b/test/integration/targets/inventory_aws_rds/templates/inventory_with_constructed.j2 deleted file mode 100644 index 7239497478..0000000000 --- a/test/integration/targets/inventory_aws_rds/templates/inventory_with_constructed.j2 +++ /dev/null @@ -1,17 +0,0 @@ -plugin: aws_rds -aws_access_key_id: '{{ aws_access_key }}' -aws_secret_access_key: '{{ aws_secret_key }}' -{% if security_token | default(false) %} -aws_security_token: '{{ security_token }}' -{% endif %} -regions: - - '{{ aws_region }}' -keyed_groups: - - key: 'db_parameter_groups|json_query("[].db_parameter_group_name")' - prefix: rds_parameter_group - - key: tags - prefix: tag - - key: engine - prefix: rds -filters: - db-instance-id: "{{ resource_prefix }}-mariadb" diff --git a/test/integration/targets/inventory_aws_rds/test.aws_rds.yml b/test/integration/targets/inventory_aws_rds/test.aws_rds.yml deleted file mode 100644 index e69de29bb2..0000000000 --- a/test/integration/targets/inventory_aws_rds/test.aws_rds.yml +++ /dev/null diff --git a/test/integration/targets/s3_bucket/aliases b/test/integration/targets/s3_bucket/aliases deleted file mode 100644 index a112c3d1bb..0000000000 --- a/test/integration/targets/s3_bucket/aliases +++ /dev/null @@ -1,2 +0,0 @@ -cloud/aws -shippable/aws/group1 diff --git a/test/integration/targets/s3_bucket/inventory b/test/integration/targets/s3_bucket/inventory deleted file mode 100644 index 2968f764cf..0000000000 --- a/test/integration/targets/s3_bucket/inventory +++ /dev/null @@ -1,12 +0,0 @@ -[tests] -missing -simple -complex -dotted -tags -encryption_kms -encryption_sse - -[all:vars] -ansible_connection=local -ansible_python_interpreter="{{ ansible_playbook_python }}" diff --git a/test/integration/targets/s3_bucket/main.yml b/test/integration/targets/s3_bucket/main.yml deleted file mode 100644 index 22fc0d64f7..0000000000 --- a/test/integration/targets/s3_bucket/main.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Beware: most of our tests here are run in parallel. -# To add new tests you'll need to add a new host to the inventory and a matching -# '{{ inventory_hostname }}'.yml file in roles/s3_bucket/tasks/ - -# VPC should get cleaned up once all hosts have run -- hosts: all - gather_facts: no - strategy: free - #serial: 10 - roles: - - s3_bucket diff --git a/test/integration/targets/s3_bucket/meta/main.yml b/test/integration/targets/s3_bucket/meta/main.yml deleted file mode 100644 index 38b31be072..0000000000 --- a/test/integration/targets/s3_bucket/meta/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -dependencies: - - prepare_tests - - setup_ec2 - - setup_remote_tmp_dir diff --git a/test/integration/targets/s3_bucket/roles/s3_bucket/defaults/main.yml b/test/integration/targets/s3_bucket/roles/s3_bucket/defaults/main.yml deleted file mode 100644 index b4fd58adfc..0000000000 --- a/test/integration/targets/s3_bucket/roles/s3_bucket/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -bucket_name: '{{ resource_prefix }}-{{ inventory_hostname | regex_replace("_","-") }}' diff --git a/test/integration/targets/s3_bucket/roles/s3_bucket/meta/main.yml b/test/integration/targets/s3_bucket/roles/s3_bucket/meta/main.yml deleted file mode 100644 index 38b31be072..0000000000 --- a/test/integration/targets/s3_bucket/roles/s3_bucket/meta/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -dependencies: - - prepare_tests - - setup_ec2 - - setup_remote_tmp_dir diff --git a/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/complex.yml b/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/complex.yml deleted file mode 100644 index 41a03a4a55..0000000000 --- a/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/complex.yml +++ /dev/null @@ -1,146 +0,0 @@ ---- -- block: - - name: 'Create more complex s3_bucket' - s3_bucket: - name: '{{ bucket_name }}' - state: present - policy: "{{ lookup('template','policy.json') }}" - requester_pays: yes - versioning: yes - tags: - example: tag1 - another: tag2 - register: output - - - assert: - that: - - output is changed - - output.name == '{{ bucket_name }}' - - output.requester_pays - - output.versioning.MfaDelete == 'Disabled' - - output.versioning.Versioning == 'Enabled' - - output.tags.example == 'tag1' - - output.tags.another == 'tag2' - - output.policy.Statement[0].Action == 's3:GetObject' - - output.policy.Statement[0].Effect == 'Allow' - - output.policy.Statement[0].Principal == '*' - - output.policy.Statement[0].Resource == 'arn:aws:s3:::{{ bucket_name }}/*' - - output.policy.Statement[0].Sid == 'AddPerm' - - # ============================================================ - - - name: 'Pause to help with s3 bucket eventual consistency' - wait_for: - timeout: 10 - delegate_to: localhost - - - name: 'Try to update the same complex s3_bucket' - s3_bucket: - name: '{{ bucket_name }}' - state: present - policy: "{{ lookup('template','policy.json') }}" - requester_pays: yes - versioning: yes - tags: - example: tag1 - another: tag2 - register: output - - - assert: - that: - - output is not changed - - output.name == '{{ bucket_name }}' - - output.requester_pays - - output.versioning.MfaDelete == 'Disabled' - - output.versioning.Versioning == 'Enabled' - - output.tags.example == 'tag1' - - output.tags.another == 'tag2' - - output.policy.Statement[0].Action == 's3:GetObject' - - output.policy.Statement[0].Effect == 'Allow' - - output.policy.Statement[0].Principal == '*' - - output.policy.Statement[0].Resource == 'arn:aws:s3:::{{ bucket_name }}/*' - - output.policy.Statement[0].Sid == 'AddPerm' - - # ============================================================ - - name: 'Update bucket policy on complex bucket' - s3_bucket: - name: '{{ bucket_name }}' - state: present - policy: "{{ lookup('template','policy-updated.json') }}" - requester_pays: yes - versioning: yes - tags: - example: tag1 - another: tag2 - register: output - - - assert: - that: - - output is changed - - output.policy.Statement[0].Action == 's3:GetObject' - - output.policy.Statement[0].Effect == 'Deny' - - output.policy.Statement[0].Principal == '*' - - output.policy.Statement[0].Resource == 'arn:aws:s3:::{{ bucket_name }}/*' - - output.policy.Statement[0].Sid == 'AddPerm' - - # ============================================================ - - - name: 'Pause to help with s3 bucket eventual consistency' - wait_for: - timeout: 10 - delegate_to: localhost - - - name: Update attributes for s3_bucket - s3_bucket: - name: '{{ bucket_name }}' - state: present - policy: "{{ lookup('template','policy.json') }}" - requester_pays: no - versioning: no - tags: - example: tag1-udpated - another: tag2 - register: output - - - assert: - that: - - output is changed - - output.name == '{{ bucket_name }}' - - not output.requester_pays - - output.versioning.MfaDelete == 'Disabled' - - output.versioning.Versioning in ['Suspended', 'Disabled'] - - output.tags.example == 'tag1-udpated' - - output.tags.another == 'tag2' - - output.policy.Statement[0].Action == 's3:GetObject' - - output.policy.Statement[0].Effect == 'Allow' - - output.policy.Statement[0].Principal == '*' - - output.policy.Statement[0].Resource == 'arn:aws:s3:::{{ bucket_name }}/*' - - output.policy.Statement[0].Sid == 'AddPerm' - - - name: 'Delete complex test bucket' - s3_bucket: - name: '{{ bucket_name }}' - state: absent - register: output - - - assert: - that: - - output is changed - - - name: 'Re-delete complex test bucket' - s3_bucket: - name: '{{ bucket_name }}' - state: absent - register: output - - - assert: - that: - - output is not changed - - # ============================================================ - always: - - name: 'Ensure all buckets are deleted' - s3_bucket: - name: '{{ bucket_name }}' - state: absent - ignore_errors: yes diff --git a/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/dotted.yml b/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/dotted.yml deleted file mode 100644 index 7d4e0ae9ea..0000000000 --- a/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/dotted.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -- block: - - name: 'Ensure bucket_name contains a .' - set_fact: - bucket_name: '{{ bucket_name }}.something' - - # ============================================================ - # - - name: 'Create bucket with dot in name' - s3_bucket: - name: '{{ bucket_name }}' - state: present - register: output - - - assert: - that: - - output is changed - - output.name == '{{ bucket_name }}' - - - # ============================================================ - - - name: 'Pause to help with s3 bucket eventual consistency' - wait_for: - timeout: 10 - delegate_to: localhost - - - name: 'Delete s3_bucket with dot in name' - s3_bucket: - name: '{{ bucket_name }}' - state: absent - register: output - - - assert: - that: - - output is changed - - - name: 'Re-delete s3_bucket with dot in name' - s3_bucket: - name: '{{ bucket_name }}' - state: absent - register: output - - - assert: - that: - - output is not changed - - # ============================================================ - always: - - name: 'Ensure all buckets are deleted' - s3_bucket: - name: '{{ bucket_name }}' - state: absent - ignore_errors: yes diff --git a/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/encryption_kms.yml b/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/encryption_kms.yml deleted file mode 100644 index 869dd40236..0000000000 --- a/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/encryption_kms.yml +++ /dev/null @@ -1,88 +0,0 @@ ---- -- module_defaults: - group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" - region: "{{ aws_region }}" - block: - - # ============================================================ - - - name: 'Create a simple bucket' - s3_bucket: - name: '{{ bucket_name }}' - state: present - register: output - - - name: 'Enable aws:kms encryption with KMS master key' - s3_bucket: - name: '{{ bucket_name }}' - state: present - encryption: "aws:kms" - register: output - - - assert: - that: - - output.changed - - output.encryption - - output.encryption.SSEAlgorithm == 'aws:kms' - - - name: 'Re-enable aws:kms encryption with KMS master key (idempotent)' - s3_bucket: - name: '{{ bucket_name }}' - state: present - encryption: "aws:kms" - register: output - - - assert: - that: - - not output.changed - - output.encryption - - output.encryption.SSEAlgorithm == 'aws:kms' - - # ============================================================ - - - name: Disable encryption from bucket - s3_bucket: - name: '{{ bucket_name }}' - state: present - encryption: "none" - register: output - - - assert: - that: - - output.changed - - not output.encryption - - - name: Disable encryption from bucket - s3_bucket: - name: '{{ bucket_name }}' - state: present - encryption: "none" - register: output - - - assert: - that: - - output is not changed - - not output.encryption - - # ============================================================ - - - name: Delete encryption test s3 bucket - s3_bucket: - name: '{{ bucket_name }}' - state: absent - register: output - - - assert: - that: - - output.changed - - # ============================================================ - always: - - name: Ensure all buckets are deleted - s3_bucket: - name: '{{ bucket_name }}' - state: absent - ignore_errors: yes diff --git a/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/encryption_sse.yml b/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/encryption_sse.yml deleted file mode 100644 index 699e8ae410..0000000000 --- a/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/encryption_sse.yml +++ /dev/null @@ -1,88 +0,0 @@ ---- -- module_defaults: - group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" - region: "{{ aws_region }}" - block: - - # ============================================================ - - - name: 'Create a simple bucket' - s3_bucket: - name: '{{ bucket_name }}' - state: present - register: output - - - name: 'Enable AES256 encryption' - s3_bucket: - name: '{{ bucket_name }}' - state: present - encryption: 'AES256' - register: output - - - assert: - that: - - output.changed - - output.encryption - - output.encryption.SSEAlgorithm == 'AES256' - - - name: 'Re-enable AES256 encryption (idempotency)' - s3_bucket: - name: '{{ bucket_name }}' - state: present - encryption: 'AES256' - register: output - - - assert: - that: - - not output.changed - - output.encryption - - output.encryption.SSEAlgorithm == 'AES256' - - # ============================================================ - - - name: Disable encryption from bucket - s3_bucket: - name: '{{ bucket_name }}' - state: present - encryption: "none" - register: output - - - assert: - that: - - output.changed - - not output.encryption - - - name: Disable encryption from bucket - s3_bucket: - name: '{{ bucket_name }}' - state: present - encryption: "none" - register: output - - - assert: - that: - - output is not changed - - not output.encryption - - # ============================================================ - - - name: Delete encryption test s3 bucket - s3_bucket: - name: '{{ bucket_name }}' - state: absent - register: output - - - assert: - that: - - output.changed - - # ============================================================ - always: - - name: Ensure all buckets are deleted - s3_bucket: - name: '{{ bucket_name }}' - state: absent - ignore_errors: yes diff --git a/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/main.yml b/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/main.yml deleted file mode 100644 index 8eba03ba1a..0000000000 --- a/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/main.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Beware: most of our tests here are run in parallel. -# To add new tests you'll need to add a new host to the inventory and a matching -# '{{ inventory_hostname }}'.yml file in roles/ec2_roles/tasks/ -# -# ############################################################################### - -- name: "Wrap up all tests and setup AWS credentials" - module_defaults: - group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" - region: "{{ aws_region }}" - block: - - debug: - msg: "{{ inventory_hostname }} start: {{ lookup('pipe','date') }}" - - include_tasks: '{{ inventory_hostname }}.yml' - - debug: - msg: "{{ inventory_hostname }} finish: {{ lookup('pipe','date') }}" diff --git a/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/missing.yml b/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/missing.yml deleted file mode 100644 index 4d827680ee..0000000000 --- a/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/missing.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: 'Attempt to delete non-existent buckets' - block: - # ============================================================ - # - # While in theory the 'simple' test case covers this there are - # ways in which eventual-consistency could catch us out. - # - - name: 'Delete non-existstent s3_bucket (never created)' - s3_bucket: - name: '{{ bucket_name }}' - state: absent - register: output - - - assert: - that: - - output is success - - output is not changed - - # ============================================================ - always: - - name: 'Ensure all buckets are deleted' - s3_bucket: - name: '{{ bucket_name }}' - state: absent - ignore_errors: yes diff --git a/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/simple.yml b/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/simple.yml deleted file mode 100644 index 3c39c5b4cb..0000000000 --- a/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/simple.yml +++ /dev/null @@ -1,64 +0,0 @@ ---- -- name: 'Run simple tests' - block: - # Note: s3_bucket doesn't support check_mode - - # ============================================================ - - name: 'Create a simple s3_bucket' - s3_bucket: - name: '{{ bucket_name }}' - state: present - register: output - - - assert: - that: - - output is success - - output is changed - - output.name == '{{ bucket_name }}' - - not output.requester_pays - - # ============================================================ - - name: 'Try to update the simple bucket with the same values' - s3_bucket: - name: '{{ bucket_name }}' - state: present - register: output - - - assert: - that: - - output is success - - output is not changed - - output.name == '{{ bucket_name }}' - - not output.requester_pays - - # ============================================================ - - name: 'Delete the simple s3_bucket' - s3_bucket: - name: '{{ bucket_name }}' - state: absent - register: output - - - assert: - that: - - output is success - - output is changed - - # ============================================================ - - name: 'Re-delete the simple s3_bucket (idemoptency)' - s3_bucket: - name: '{{ bucket_name }}' - state: absent - register: output - - - assert: - that: - - output is success - - output is not changed - - # ============================================================ - always: - - name: 'Ensure all buckets are deleted' - s3_bucket: - name: '{{ bucket_name }}' - state: absent - ignore_errors: yes diff --git a/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/tags.yml b/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/tags.yml deleted file mode 100644 index 437dd2ca5f..0000000000 --- a/test/integration/targets/s3_bucket/roles/s3_bucket/tasks/tags.yml +++ /dev/null @@ -1,256 +0,0 @@ ---- -- name: 'Run tagging tests' - block: - - # ============================================================ - - name: 'Create simple s3_bucket for testing tagging' - s3_bucket: - name: '{{ bucket_name }}' - state: present - register: output - - - assert: - that: - - output.changed - - output.name == '{{ bucket_name }}' - - # ============================================================ - - - name: 'Add tags to s3 bucket' - s3_bucket: - name: '{{ bucket_name }}' - state: present - tags: - example: tag1 - another: tag2 - register: output - - - assert: - that: - - output.changed - - output.name == '{{ bucket_name }}' - - output.tags.example == 'tag1' - - output.tags.another == 'tag2' - - - name: 'Re-Add tags to s3 bucket' - s3_bucket: - name: '{{ bucket_name }}' - state: present - tags: - example: tag1 - another: tag2 - register: output - - - assert: - that: - - output is not changed - - output.name == '{{ bucket_name }}' - - output.tags.example == 'tag1' - - output.tags.another == 'tag2' - - # ============================================================ - - - name: Remove a tag from an s3_bucket - s3_bucket: - name: '{{ bucket_name }}' - state: present - tags: - example: tag1 - register: output - - - assert: - that: - - output.changed - - output.name == '{{ bucket_name }}' - - output.tags.example == 'tag1' - - "'another' not in output.tags" - - - name: Re-remove the tag from an s3_bucket - s3_bucket: - name: '{{ bucket_name }}' - state: present - tags: - example: tag1 - register: output - - - assert: - that: - - output is not changed - - output.name == '{{ bucket_name }}' - - output.tags.example == 'tag1' - - "'another' not in output.tags" - - ## ============================================================ - - #- name: 'Pause to help with s3 bucket eventual consistency' - # wait_for: - # timeout: 10 - # delegate_to: localhost - - ## ============================================================ - - - name: 'Add a tag for s3_bucket with purge_tags False' - s3_bucket: - name: '{{ bucket_name }}' - state: present - purge_tags: no - tags: - anewtag: here - register: output - - - assert: - that: - - output.changed - - output.name == '{{ bucket_name }}' - - output.tags.example == 'tag1' - - output.tags.anewtag == 'here' - - - name: 'Re-add a tag for s3_bucket with purge_tags False' - s3_bucket: - name: '{{ bucket_name }}' - state: present - purge_tags: no - tags: - anewtag: here - register: output - - - assert: - that: - - output is not changed - - output.name == '{{ bucket_name }}' - - output.tags.example == 'tag1' - - output.tags.anewtag == 'here' - - ## ============================================================ - - #- name: 'Pause to help with s3 bucket eventual consistency' - # wait_for: - # timeout: 10 - # delegate_to: localhost - - ## ============================================================ - - - name: Update a tag for s3_bucket with purge_tags False - s3_bucket: - name: '{{ bucket_name }}' - state: present - purge_tags: no - tags: - anewtag: next - register: output - - - assert: - that: - - output.changed - - output.name == '{{ bucket_name }}' - - output.tags.example == 'tag1' - - output.tags.anewtag == 'next' - - - name: Re-update a tag for s3_bucket with purge_tags False - s3_bucket: - name: '{{ bucket_name }}' - state: present - purge_tags: no - tags: - anewtag: next - register: output - - - assert: - that: - - output is not changed - - output.name == '{{ bucket_name }}' - - output.tags.example == 'tag1' - - output.tags.anewtag == 'next' - - ## ============================================================ - - #- name: 'Pause to help with s3 bucket eventual consistency' - # wait_for: - # timeout: 10 - # delegate_to: localhost - - ## ============================================================ - - - name: Pass empty tags dict for s3_bucket with purge_tags False - s3_bucket: - name: '{{ bucket_name }}' - state: present - purge_tags: no - tags: {} - register: output - - - assert: - that: - - output is not changed - - output.name == '{{ bucket_name }}' - - output.tags.example == 'tag1' - - output.tags.anewtag == 'next' - - ## ============================================================ - - #- name: 'Pause to help with s3 bucket eventual consistency' - # wait_for: - # timeout: 10 - # delegate_to: localhost - - ## ============================================================ - - - name: Do not specify any tag to ensure previous tags are not removed - s3_bucket: - name: '{{ bucket_name }}' - state: present - register: output - - - assert: - that: - - not output.changed - - output.name == '{{ bucket_name }}' - - output.tags.example == 'tag1' - - # ============================================================ - - - name: Remove all tags - s3_bucket: - name: '{{ bucket_name }}' - state: present - tags: {} - register: output - - - assert: - that: - - output.changed - - output.name == '{{ bucket_name }}' - - output.tags == {} - - - name: Re-remove all tags - s3_bucket: - name: '{{ bucket_name }}' - state: present - tags: {} - register: output - - - assert: - that: - - output is not changed - - output.name == '{{ bucket_name }}' - - output.tags == {} - - # ============================================================ - - - name: Delete bucket - s3_bucket: - name: '{{ bucket_name }}' - state: absent - register: output - - - assert: - that: - - output.changed - - # ============================================================ - always: - - name: Ensure all buckets are deleted - s3_bucket: - name: '{{ bucket_name }}' - state: absent - ignore_errors: yes diff --git a/test/integration/targets/s3_bucket/roles/s3_bucket/templates/policy-updated.json b/test/integration/targets/s3_bucket/roles/s3_bucket/templates/policy-updated.json deleted file mode 100644 index 5775c5eb2c..0000000000 --- a/test/integration/targets/s3_bucket/roles/s3_bucket/templates/policy-updated.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "Version":"2012-10-17", - "Statement":[ - { - "Sid":"AddPerm", - "Effect":"Deny", - "Principal": "*", - "Action":["s3:GetObject"], - "Resource":["arn:aws:s3:::{{bucket_name}}/*"] - } - ] -} diff --git a/test/integration/targets/s3_bucket/roles/s3_bucket/templates/policy.json b/test/integration/targets/s3_bucket/roles/s3_bucket/templates/policy.json deleted file mode 100644 index a2720aed60..0000000000 --- a/test/integration/targets/s3_bucket/roles/s3_bucket/templates/policy.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "Version":"2012-10-17", - "Statement":[ - { - "Sid":"AddPerm", - "Effect":"Allow", - "Principal": "*", - "Action":["s3:GetObject"], - "Resource":["arn:aws:s3:::{{bucket_name}}/*"] - } - ] -} diff --git a/test/integration/targets/s3_bucket/runme.sh b/test/integration/targets/s3_bucket/runme.sh deleted file mode 100755 index aa324772bb..0000000000 --- a/test/integration/targets/s3_bucket/runme.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash -# -# Beware: most of our tests here are run in parallel. -# To add new tests you'll need to add a new host to the inventory and a matching -# '{{ inventory_hostname }}'.yml file in roles/ec2_instance/tasks/ - - -set -eux - -export ANSIBLE_ROLES_PATH=../ - -ansible-playbook main.yml -i inventory "$@" diff --git a/test/sanity/ignore.txt b/test/sanity/ignore.txt index e6bf7868ed..3448786ddd 100644 --- a/test/sanity/ignore.txt +++ b/test/sanity/ignore.txt @@ -234,35 +234,6 @@ lib/ansible/module_utils/urls.py replace-urlopen lib/ansible/module_utils/yumdnf.py future-import-boilerplate lib/ansible/module_utils/yumdnf.py metaclass-boilerplate lib/ansible/modules/cloud/amazon/aws_netapp_cvs_FileSystems.py validate-modules:parameter-list-no-elements -lib/ansible/modules/cloud/amazon/aws_s3.py validate-modules:doc-elements-mismatch -lib/ansible/modules/cloud/amazon/aws_s3.py validate-modules:parameter-list-no-elements -lib/ansible/modules/cloud/amazon/cloudformation.py validate-modules:doc-elements-mismatch -lib/ansible/modules/cloud/amazon/cloudformation.py validate-modules:parameter-list-no-elements -lib/ansible/modules/cloud/amazon/ec2.py validate-modules:doc-elements-mismatch -lib/ansible/modules/cloud/amazon/ec2.py validate-modules:parameter-list-no-elements -lib/ansible/modules/cloud/amazon/ec2_ami.py validate-modules:doc-elements-mismatch -lib/ansible/modules/cloud/amazon/ec2_ami.py validate-modules:parameter-list-no-elements -lib/ansible/modules/cloud/amazon/ec2_ami_info.py validate-modules:doc-elements-mismatch -lib/ansible/modules/cloud/amazon/ec2_ami_info.py validate-modules:parameter-list-no-elements -lib/ansible/modules/cloud/amazon/ec2_elb_lb.py validate-modules:parameter-list-no-elements -lib/ansible/modules/cloud/amazon/ec2_eni.py validate-modules:doc-elements-mismatch -lib/ansible/modules/cloud/amazon/ec2_eni.py validate-modules:parameter-list-no-elements -lib/ansible/modules/cloud/amazon/ec2_group.py validate-modules:doc-elements-mismatch -lib/ansible/modules/cloud/amazon/ec2_group.py validate-modules:parameter-list-no-elements -lib/ansible/modules/cloud/amazon/ec2_snapshot_info.py validate-modules:doc-elements-mismatch -lib/ansible/modules/cloud/amazon/ec2_snapshot_info.py validate-modules:parameter-list-no-elements -lib/ansible/modules/cloud/amazon/ec2_tag.py validate-modules:parameter-state-invalid-choice -lib/ansible/modules/cloud/amazon/ec2_vol.py validate-modules:parameter-state-invalid-choice -lib/ansible/modules/cloud/amazon/ec2_vpc_dhcp_option.py validate-modules:doc-elements-mismatch -lib/ansible/modules/cloud/amazon/ec2_vpc_dhcp_option.py validate-modules:parameter-list-no-elements -lib/ansible/modules/cloud/amazon/ec2_vpc_dhcp_option_info.py validate-modules:doc-elements-mismatch -lib/ansible/modules/cloud/amazon/ec2_vpc_dhcp_option_info.py validate-modules:parameter-list-no-elements -lib/ansible/modules/cloud/amazon/ec2_vpc_net.py validate-modules:doc-elements-mismatch -lib/ansible/modules/cloud/amazon/ec2_vpc_net.py validate-modules:parameter-list-no-elements -lib/ansible/modules/cloud/amazon/ec2_vpc_net_info.py validate-modules:doc-elements-mismatch -lib/ansible/modules/cloud/amazon/ec2_vpc_net_info.py validate-modules:parameter-list-no-elements -lib/ansible/modules/cloud/amazon/ec2_vpc_subnet_info.py validate-modules:doc-elements-mismatch -lib/ansible/modules/cloud/amazon/ec2_vpc_subnet_info.py validate-modules:parameter-list-no-elements lib/ansible/modules/cloud/azure/azure_rm_acs.py validate-modules:parameter-list-no-elements lib/ansible/modules/cloud/azure/azure_rm_acs.py validate-modules:parameter-type-not-in-doc lib/ansible/modules/cloud/azure/azure_rm_acs.py validate-modules:required_if-requirements-unknown @@ -4013,12 +3984,6 @@ lib/ansible/plugins/action/vyos.py action-plugin-docs # base class for deprecate lib/ansible/plugins/cache/base.py ansible-doc!skip # not a plugin, but a stub for backwards compatibility lib/ansible/plugins/doc_fragments/asa.py future-import-boilerplate lib/ansible/plugins/doc_fragments/asa.py metaclass-boilerplate -lib/ansible/plugins/doc_fragments/aws.py future-import-boilerplate -lib/ansible/plugins/doc_fragments/aws.py metaclass-boilerplate -lib/ansible/plugins/doc_fragments/aws_credentials.py future-import-boilerplate -lib/ansible/plugins/doc_fragments/aws_credentials.py metaclass-boilerplate -lib/ansible/plugins/doc_fragments/aws_region.py future-import-boilerplate -lib/ansible/plugins/doc_fragments/aws_region.py metaclass-boilerplate lib/ansible/plugins/doc_fragments/azure.py future-import-boilerplate lib/ansible/plugins/doc_fragments/azure.py metaclass-boilerplate lib/ansible/plugins/doc_fragments/azure_tags.py future-import-boilerplate @@ -4037,8 +4002,6 @@ lib/ansible/plugins/doc_fragments/dellos6.py future-import-boilerplate lib/ansible/plugins/doc_fragments/dellos6.py metaclass-boilerplate lib/ansible/plugins/doc_fragments/dellos9.py future-import-boilerplate lib/ansible/plugins/doc_fragments/dellos9.py metaclass-boilerplate -lib/ansible/plugins/doc_fragments/ec2.py future-import-boilerplate -lib/ansible/plugins/doc_fragments/ec2.py metaclass-boilerplate lib/ansible/plugins/doc_fragments/eos.py future-import-boilerplate lib/ansible/plugins/doc_fragments/eos.py metaclass-boilerplate lib/ansible/plugins/doc_fragments/f5.py future-import-boilerplate @@ -4314,7 +4277,6 @@ test/units/mock/path.py future-import-boilerplate test/units/mock/path.py metaclass-boilerplate test/units/mock/yaml_helper.py future-import-boilerplate test/units/mock/yaml_helper.py metaclass-boilerplate -test/units/module_utils/aws/test_aws_module.py metaclass-boilerplate test/units/module_utils/basic/test__symbolic_mode_to_octal.py future-import-boilerplate test/units/module_utils/basic/test_deprecate_warn.py future-import-boilerplate test/units/module_utils/basic/test_deprecate_warn.py metaclass-boilerplate diff --git a/test/units/module_utils/aws/test_aws_module.py b/test/units/module_utils/aws/test_aws_module.py deleted file mode 100644 index 425282cc54..0000000000 --- a/test/units/module_utils/aws/test_aws_module.py +++ /dev/null @@ -1,139 +0,0 @@ -# -*- coding: utf-8 -*- -# (c) 2017, Michael De La Rue -# -# This file is part of Ansible -# -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see <http://www.gnu.org/licenses/>. - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -from pytest import importorskip -import unittest -from ansible.module_utils import basic -from ansible.module_utils.aws.core import AnsibleAWSModule -from ansible.module_utils._text import to_bytes -from units.compat.mock import Mock, patch -import json - -importorskip("boto3") -botocore = importorskip("botocore") - - -class AWSModuleTestCase(unittest.TestCase): - - basic._ANSIBLE_ARGS = to_bytes(json.dumps({'ANSIBLE_MODULE_ARGS': {'_ansible_tmpdir': '/tmp/ansible-abc'}})) - - def test_create_aws_module_should_set_up_params(self): - m = AnsibleAWSModule(argument_spec=dict( - win_string_arg=dict(type='list', default=['win']) - )) - m_noretry_no_customargs = AnsibleAWSModule( - auto_retry=False, default_args=False, - argument_spec=dict( - success_string_arg=dict(type='list', default=['success']) - ) - ) - assert m, "module wasn't true!!" - assert m_noretry_no_customargs, "module wasn't true!!" - - m_params = m.params - m_no_defs_params = m_noretry_no_customargs.params - assert 'region' in m_params - assert 'win' in m_params["win_string_arg"] - assert 'success' in m_no_defs_params["success_string_arg"] - assert 'aws_secret_key' not in m_no_defs_params - - -class ErrorReportingTestcase(unittest.TestCase): - - def test_botocore_exception_reports_nicely_via_fail_json_aws(self): - - basic._ANSIBLE_ARGS = to_bytes(json.dumps({'ANSIBLE_MODULE_ARGS': {'_ansible_tmpdir': '/tmp/ansible-abc'}})) - module = AnsibleAWSModule(argument_spec=dict( - fail_mode=dict(type='list', default=['success']) - )) - - fail_json_double = Mock() - err_msg = {'Error': {'Code': 'FakeClass.FakeError'}} - with patch.object(basic.AnsibleModule, 'fail_json', fail_json_double): - try: - raise botocore.exceptions.ClientError(err_msg, 'Could not find you') - except Exception as e: - print("exception is " + str(e)) - module.fail_json_aws(e, msg="Fake failure for testing boto exception messages") - - assert(len(fail_json_double.mock_calls) > - 0), "failed to call fail_json when should have" - assert(len(fail_json_double.mock_calls) < - 2), "called fail_json multiple times when once would do" - assert("test_botocore_exception_reports_nicely" - in fail_json_double.mock_calls[0][2]["exception"]), \ - "exception traceback doesn't include correct function, fail call was actually: " \ - + str(fail_json_double.mock_calls[0]) - - assert("Fake failure for testing boto exception messages:" - in fail_json_double.mock_calls[0][2]["msg"]), \ - "error message doesn't include the local message; was: " \ - + str(fail_json_double.mock_calls[0]) - assert("Could not find you" in fail_json_double.mock_calls[0][2]["msg"]), \ - "error message doesn't include the botocore exception message; was: " \ - + str(fail_json_double.mock_calls[0]) - try: - fail_json_double.mock_calls[0][2]["error"] - except KeyError: - raise Exception("error was missing; call was: " + str(fail_json_double.mock_calls[0])) - assert("FakeClass.FakeError" == fail_json_double.mock_calls[0][2]["error"]["code"]), \ - "Failed to find error/code; was: " + str(fail_json_double.mock_calls[0]) - - def test_botocore_exception_without_response_reports_nicely_via_fail_json_aws(self): - basic._ANSIBLE_ARGS = to_bytes(json.dumps({'ANSIBLE_MODULE_ARGS': {'_ansible_tmpdir': '/tmp/ansible-abc'}})) - module = AnsibleAWSModule(argument_spec=dict( - fail_mode=dict(type='list', default=['success']) - )) - - fail_json_double = Mock() - err_msg = None - with patch.object(basic.AnsibleModule, 'fail_json', fail_json_double): - try: - raise botocore.exceptions.ClientError(err_msg, 'Could not find you') - except Exception as e: - print("exception is " + str(e)) - module.fail_json_aws(e, msg="Fake failure for testing boto exception messages") - - assert(len(fail_json_double.mock_calls) > 0), "failed to call fail_json when should have" - assert(len(fail_json_double.mock_calls) < 2), "called fail_json multiple times" - - assert("test_botocore_exception_without_response_reports_nicely_via_fail_json_aws" - in fail_json_double.mock_calls[0][2]["exception"]), \ - "exception traceback doesn't include correct function, fail call was actually: " \ - + str(fail_json_double.mock_calls[0]) - - assert("Fake failure for testing boto exception messages" - in fail_json_double.mock_calls[0][2]["msg"]), \ - "error message doesn't include the local message; was: " \ - + str(fail_json_double.mock_calls[0]) - - # I would have thought this should work, however the botocore exception comes back with - # "argument of type 'NoneType' is not iterable" so it's probably not really designed - # to handle "None" as an error response. - # - # assert("Could not find you" in fail_json_double.mock_calls[0][2]["msg"]), \ - # "error message doesn't include the botocore exception message; was: " \ - # + str(fail_json_double.mock_calls[0]) - - -# TODO: -# - an exception without a message -# - plain boto exception -# - socket errors and other standard things. diff --git a/test/units/module_utils/ec2/test_aws.py b/test/units/module_utils/ec2/test_aws.py deleted file mode 100644 index 7c66442264..0000000000 --- a/test/units/module_utils/ec2/test_aws.py +++ /dev/null @@ -1,101 +0,0 @@ -# -*- coding: utf-8 -*- -# (c) 2015, Allen Sanabria <asanabria@linuxdynasty.org> -# -# This file is part of Ansible -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) - -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -try: - import boto3 - import botocore - HAS_BOTO3 = True -except Exception: - HAS_BOTO3 = False - -import pytest - -from units.compat import unittest -from ansible.module_utils.ec2 import AWSRetry - -if not HAS_BOTO3: - pytestmark = pytest.mark.skip("test_aws.py requires the python modules 'boto3' and 'botocore'") - - -class RetryTestCase(unittest.TestCase): - - def test_no_failures(self): - self.counter = 0 - - @AWSRetry.backoff(tries=2, delay=0.1) - def no_failures(): - self.counter += 1 - - r = no_failures() - self.assertEqual(self.counter, 1) - - def test_extend_boto3_failures(self): - self.counter = 0 - err_msg = {'Error': {'Code': 'MalformedPolicyDocument'}} - - @AWSRetry.backoff(tries=2, delay=0.1, catch_extra_error_codes=['MalformedPolicyDocument']) - def extend_failures(): - self.counter += 1 - if self.counter < 2: - raise botocore.exceptions.ClientError(err_msg, 'You did something wrong.') - else: - return 'success' - - r = extend_failures() - self.assertEqual(r, 'success') - self.assertEqual(self.counter, 2) - - def test_retry_once(self): - self.counter = 0 - err_msg = {'Error': {'Code': 'InternalFailure'}} - - @AWSRetry.backoff(tries=2, delay=0.1) - def retry_once(): - self.counter += 1 - if self.counter < 2: - raise botocore.exceptions.ClientError(err_msg, 'Something went wrong!') - else: - return 'success' - - r = retry_once() - self.assertEqual(r, 'success') - self.assertEqual(self.counter, 2) - - def test_reached_limit(self): - self.counter = 0 - err_msg = {'Error': {'Code': 'RequestLimitExceeded'}} - - @AWSRetry.backoff(tries=4, delay=0.1) - def fail(): - self.counter += 1 - raise botocore.exceptions.ClientError(err_msg, 'toooo fast!!') - - # with self.assertRaises(botocore.exceptions.ClientError): - try: - fail() - except Exception as e: - self.assertEqual(e.response['Error']['Code'], 'RequestLimitExceeded') - self.assertEqual(self.counter, 4) - - def test_unexpected_exception_does_not_retry(self): - self.counter = 0 - err_msg = {'Error': {'Code': 'AuthFailure'}} - - @AWSRetry.backoff(tries=4, delay=0.1) - def raise_unexpected_error(): - self.counter += 1 - raise botocore.exceptions.ClientError(err_msg, 'unexpected error') - - # with self.assertRaises(botocore.exceptions.ClientError): - try: - raise_unexpected_error() - except Exception as e: - self.assertEqual(e.response['Error']['Code'], 'AuthFailure') - - self.assertEqual(self.counter, 1) diff --git a/test/units/module_utils/test_ec2.py b/test/units/module_utils/test_ec2.py deleted file mode 100644 index dc748276e2..0000000000 --- a/test/units/module_utils/test_ec2.py +++ /dev/null @@ -1,234 +0,0 @@ -# (c) 2017 Red Hat Inc. -# -# This file is part of Ansible -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) - -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import unittest - -from ansible.module_utils.ec2 import map_complex_type, compare_policies - - -class Ec2Utils(unittest.TestCase): - - def setUp(self): - # A pair of simple IAM Trust relationships using bools, the first a - # native bool the second a quoted string - self.bool_policy_bool = { - 'Version': '2012-10-17', - 'Statement': [ - { - "Action": "sts:AssumeRole", - "Condition": { - "Bool": {"aws:MultiFactorAuthPresent": True} - }, - "Effect": "Allow", - "Principal": {"AWS": "arn:aws:iam::XXXXXXXXXXXX:root"}, - "Sid": "AssumeRoleWithBoolean" - } - ] - } - - self.bool_policy_string = { - 'Version': '2012-10-17', - 'Statement': [ - { - "Action": "sts:AssumeRole", - "Condition": { - "Bool": {"aws:MultiFactorAuthPresent": "true"} - }, - "Effect": "Allow", - "Principal": {"AWS": "arn:aws:iam::XXXXXXXXXXXX:root"}, - "Sid": "AssumeRoleWithBoolean" - } - ] - } - - # A pair of simple bucket policies using numbers, the first a - # native int the second a quoted string - self.numeric_policy_number = { - 'Version': '2012-10-17', - 'Statement': [ - { - "Action": "s3:ListBucket", - "Condition": { - "NumericLessThanEquals": {"s3:max-keys": 15} - }, - "Effect": "Allow", - "Resource": "arn:aws:s3:::examplebucket", - "Sid": "s3ListBucketWithNumericLimit" - } - ] - } - - self.numeric_policy_string = { - 'Version': '2012-10-17', - 'Statement': [ - { - "Action": "s3:ListBucket", - "Condition": { - "NumericLessThanEquals": {"s3:max-keys": "15"} - }, - "Effect": "Allow", - "Resource": "arn:aws:s3:::examplebucket", - "Sid": "s3ListBucketWithNumericLimit" - } - ] - } - - self.small_policy_one = { - 'Version': '2012-10-17', - 'Statement': [ - { - 'Action': 's3:PutObjectAcl', - 'Sid': 'AddCannedAcl2', - 'Resource': 'arn:aws:s3:::test_policy/*', - 'Effect': 'Allow', - 'Principal': {'AWS': ['arn:aws:iam::XXXXXXXXXXXX:user/username1', 'arn:aws:iam::XXXXXXXXXXXX:user/username2']} - } - ] - } - - # The same as small_policy_one, except the single resource is in a list and the contents of Statement are jumbled - self.small_policy_two = { - 'Version': '2012-10-17', - 'Statement': [ - { - 'Effect': 'Allow', - 'Action': 's3:PutObjectAcl', - 'Principal': {'AWS': ['arn:aws:iam::XXXXXXXXXXXX:user/username1', 'arn:aws:iam::XXXXXXXXXXXX:user/username2']}, - 'Resource': ['arn:aws:s3:::test_policy/*'], - 'Sid': 'AddCannedAcl2' - } - ] - } - - self.larger_policy_one = { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Test", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::XXXXXXXXXXXX:user/testuser1", - "arn:aws:iam::XXXXXXXXXXXX:user/testuser2" - ] - }, - "Action": "s3:PutObjectAcl", - "Resource": "arn:aws:s3:::test_policy/*" - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::XXXXXXXXXXXX:user/testuser2" - }, - "Action": [ - "s3:PutObject", - "s3:PutObjectAcl" - ], - "Resource": "arn:aws:s3:::test_policy/*" - } - ] - } - - # The same as larger_policy_one, except having a list of length 1 and jumbled contents - self.larger_policy_two = { - "Version": "2012-10-17", - "Statement": [ - { - "Principal": { - "AWS": ["arn:aws:iam::XXXXXXXXXXXX:user/testuser2"] - }, - "Effect": "Allow", - "Resource": "arn:aws:s3:::test_policy/*", - "Action": [ - "s3:PutObject", - "s3:PutObjectAcl" - ] - }, - { - "Action": "s3:PutObjectAcl", - "Principal": { - "AWS": [ - "arn:aws:iam::XXXXXXXXXXXX:user/testuser1", - "arn:aws:iam::XXXXXXXXXXXX:user/testuser2" - ] - }, - "Sid": "Test", - "Resource": "arn:aws:s3:::test_policy/*", - "Effect": "Allow" - } - ] - } - - # Different than larger_policy_two: a different principal is given - self.larger_policy_three = { - "Version": "2012-10-17", - "Statement": [ - { - "Principal": { - "AWS": ["arn:aws:iam::XXXXXXXXXXXX:user/testuser2"] - }, - "Effect": "Allow", - "Resource": "arn:aws:s3:::test_policy/*", - "Action": [ - "s3:PutObject", - "s3:PutObjectAcl"] - }, - { - "Action": "s3:PutObjectAcl", - "Principal": { - "AWS": [ - "arn:aws:iam::XXXXXXXXXXXX:user/testuser1", - "arn:aws:iam::XXXXXXXXXXXX:user/testuser3" - ] - }, - "Sid": "Test", - "Resource": "arn:aws:s3:::test_policy/*", - "Effect": "Allow" - } - ] - } - - def test_map_complex_type_over_dict(self): - complex_type = {'minimum_healthy_percent': "75", 'maximum_percent': "150"} - type_map = {'minimum_healthy_percent': 'int', 'maximum_percent': 'int'} - complex_type_mapped = map_complex_type(complex_type, type_map) - complex_type_expected = {'minimum_healthy_percent': 75, 'maximum_percent': 150} - self.assertEqual(complex_type_mapped, complex_type_expected) - - def test_compare_small_policies_without_differences(self): - """ Testing two small policies which are identical except for: - * The contents of the statement are in different orders - * The second policy contains a list of length one whereas in the first it is a string - """ - self.assertFalse(compare_policies(self.small_policy_one, self.small_policy_two)) - - def test_compare_large_policies_without_differences(self): - """ Testing two larger policies which are identical except for: - * The statements are in different orders - * The contents of the statements are also in different orders - * The second contains a list of length one for the Principal whereas in the first it is a string - """ - self.assertFalse(compare_policies(self.larger_policy_one, self.larger_policy_two)) - - def test_compare_larger_policies_with_difference(self): - """ Testing two larger policies which are identical except for: - * one different principal - """ - self.assertTrue(compare_policies(self.larger_policy_two, self.larger_policy_three)) - - def test_compare_smaller_policy_with_larger(self): - """ Testing two policies of different sizes """ - self.assertTrue(compare_policies(self.larger_policy_one, self.small_policy_one)) - - def test_compare_boolean_policy_bool_and_string_are_equal(self): - """ Testing two policies one using a quoted boolean, the other a bool """ - self.assertFalse(compare_policies(self.bool_policy_string, self.bool_policy_bool)) - - def test_compare_numeric_policy_number_and_string_are_equal(self): - """ Testing two policies one using a quoted number, the other an int """ - self.assertFalse(compare_policies(self.numeric_policy_string, self.numeric_policy_number)) diff --git a/test/units/modules/cloud/amazon/test_aws_s3.py b/test/units/modules/cloud/amazon/test_aws_s3.py deleted file mode 100644 index a752c67fcb..0000000000 --- a/test/units/modules/cloud/amazon/test_aws_s3.py +++ /dev/null @@ -1,38 +0,0 @@ -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import pytest - -import unittest - -try: - import ansible.modules.cloud.amazon.aws_s3 as s3 -except ImportError: - pytestmark = pytest.mark.skip("This test requires the s3 Python libraries") - -from ansible.module_utils.six.moves.urllib.parse import urlparse - -boto3 = pytest.importorskip("boto3") - - -class TestUrlparse(unittest.TestCase): - - def test_urlparse(self): - actual = urlparse("http://test.com/here") - self.assertEqual("http", actual.scheme) - self.assertEqual("test.com", actual.netloc) - self.assertEqual("/here", actual.path) - - def test_is_fakes3(self): - actual = s3.is_fakes3("fakes3://bla.blubb") - self.assertEqual(True, actual) - - def test_get_s3_connection(self): - aws_connect_kwargs = dict(aws_access_key_id="access_key", - aws_secret_access_key="secret_key") - location = None - rgw = True - s3_url = "http://bla.blubb" - actual = s3.get_s3_connection(None, aws_connect_kwargs, location, rgw, s3_url) - self.assertEqual(bool("bla.blubb" in str(actual._endpoint)), True) diff --git a/test/units/modules/cloud/amazon/test_cloudformation.py b/test/units/modules/cloud/amazon/test_cloudformation.py deleted file mode 100644 index fe99a8510a..0000000000 --- a/test/units/modules/cloud/amazon/test_cloudformation.py +++ /dev/null @@ -1,205 +0,0 @@ -# (c) 2017 Red Hat Inc. -# -# This file is part of Ansible -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import pytest - -from units.utils.amazon_placebo_fixtures import placeboify, maybe_sleep -from ansible.modules.cloud.amazon import cloudformation as cfn_module - -basic_yaml_tpl = """ ---- -AWSTemplateFormatVersion: '2010-09-09' -Description: 'Basic template that creates an S3 bucket' -Resources: - MyBucket: - Type: "AWS::S3::Bucket" -Outputs: - TheName: - Value: - !Ref MyBucket -""" - -bad_json_tpl = """{ - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Broken template, no comma here ->" - "Resources": { - "MyBucket": { - "Type": "AWS::S3::Bucket" - } - } -}""" - -failing_yaml_tpl = """ ---- -AWSTemplateFormatVersion: 2010-09-09 -Resources: - ECRRepo: - Type: AWS::ECR::Repository - Properties: - RepositoryPolicyText: - Version: 3000-10-17 # <--- invalid version - Statement: - - Effect: Allow - Action: - - 'ecr:*' - Principal: - AWS: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:root -""" - -default_events_limit = 10 - - -class FakeModule(object): - def __init__(self, **kwargs): - self.params = kwargs - - def fail_json(self, *args, **kwargs): - self.exit_args = args - self.exit_kwargs = kwargs - raise Exception('FAIL') - - def exit_json(self, *args, **kwargs): - self.exit_args = args - self.exit_kwargs = kwargs - raise Exception('EXIT') - - -def test_invalid_template_json(placeboify): - connection = placeboify.client('cloudformation') - params = { - 'StackName': 'ansible-test-wrong-json', - 'TemplateBody': bad_json_tpl, - } - m = FakeModule(disable_rollback=False) - with pytest.raises(Exception) as exc_info: - cfn_module.create_stack(m, params, connection, default_events_limit) - pytest.fail('Expected malformed JSON to have caused the call to fail') - - assert exc_info.match('FAIL') - assert "ValidationError" in m.exit_kwargs['msg'] - - -def test_client_request_token_s3_stack(maybe_sleep, placeboify): - connection = placeboify.client('cloudformation') - params = { - 'StackName': 'ansible-test-client-request-token-yaml', - 'TemplateBody': basic_yaml_tpl, - 'ClientRequestToken': '3faf3fb5-b289-41fc-b940-44151828f6cf', - } - m = FakeModule(disable_rollback=False) - result = cfn_module.create_stack(m, params, connection, default_events_limit) - assert result['changed'] - assert len(result['events']) > 1 - # require that the final recorded stack state was CREATE_COMPLETE - # events are retrieved newest-first, so 0 is the latest - assert 'CREATE_COMPLETE' in result['events'][0] - connection.delete_stack(StackName='ansible-test-client-request-token-yaml') - - -def test_basic_s3_stack(maybe_sleep, placeboify): - connection = placeboify.client('cloudformation') - params = { - 'StackName': 'ansible-test-basic-yaml', - 'TemplateBody': basic_yaml_tpl - } - m = FakeModule(disable_rollback=False) - result = cfn_module.create_stack(m, params, connection, default_events_limit) - assert result['changed'] - assert len(result['events']) > 1 - # require that the final recorded stack state was CREATE_COMPLETE - # events are retrieved newest-first, so 0 is the latest - assert 'CREATE_COMPLETE' in result['events'][0] - connection.delete_stack(StackName='ansible-test-basic-yaml') - - -def test_delete_nonexistent_stack(maybe_sleep, placeboify): - connection = placeboify.client('cloudformation') - result = cfn_module.stack_operation(connection, 'ansible-test-nonexist', 'DELETE', default_events_limit) - assert result['changed'] - assert 'Stack does not exist.' in result['log'] - - -def test_get_nonexistent_stack(placeboify): - connection = placeboify.client('cloudformation') - assert cfn_module.get_stack_facts(connection, 'ansible-test-nonexist') is None - - -def test_missing_template_body(): - m = FakeModule() - with pytest.raises(Exception) as exc_info: - cfn_module.create_stack( - module=m, - stack_params={}, - cfn=None, - events_limit=default_events_limit - ) - pytest.fail('Expected module to have failed with no template') - - assert exc_info.match('FAIL') - assert not m.exit_args - assert "Either 'template', 'template_body' or 'template_url' is required when the stack does not exist." == m.exit_kwargs['msg'] - - -def test_on_create_failure_delete(maybe_sleep, placeboify): - m = FakeModule( - on_create_failure='DELETE', - disable_rollback=False, - ) - connection = placeboify.client('cloudformation') - params = { - 'StackName': 'ansible-test-on-create-failure-delete', - 'TemplateBody': failing_yaml_tpl - } - result = cfn_module.create_stack(m, params, connection, default_events_limit) - assert result['changed'] - assert result['failed'] - assert len(result['events']) > 1 - # require that the final recorded stack state was DELETE_COMPLETE - # events are retrieved newest-first, so 0 is the latest - assert 'DELETE_COMPLETE' in result['events'][0] - - -def test_on_create_failure_rollback(maybe_sleep, placeboify): - m = FakeModule( - on_create_failure='ROLLBACK', - disable_rollback=False, - ) - connection = placeboify.client('cloudformation') - params = { - 'StackName': 'ansible-test-on-create-failure-rollback', - 'TemplateBody': failing_yaml_tpl - } - result = cfn_module.create_stack(m, params, connection, default_events_limit) - assert result['changed'] - assert result['failed'] - assert len(result['events']) > 1 - # require that the final recorded stack state was ROLLBACK_COMPLETE - # events are retrieved newest-first, so 0 is the latest - assert 'ROLLBACK_COMPLETE' in result['events'][0] - connection.delete_stack(StackName=params['StackName']) - - -def test_on_create_failure_do_nothing(maybe_sleep, placeboify): - m = FakeModule( - on_create_failure='DO_NOTHING', - disable_rollback=False, - ) - connection = placeboify.client('cloudformation') - params = { - 'StackName': 'ansible-test-on-create-failure-do-nothing', - 'TemplateBody': failing_yaml_tpl - } - result = cfn_module.create_stack(m, params, connection, default_events_limit) - assert result['changed'] - assert result['failed'] - assert len(result['events']) > 1 - # require that the final recorded stack state was CREATE_FAILED - # events are retrieved newest-first, so 0 is the latest - assert 'CREATE_FAILED' in result['events'][0] - connection.delete_stack(StackName=params['StackName']) diff --git a/test/units/modules/cloud/amazon/test_ec2_group.py b/test/units/modules/cloud/amazon/test_ec2_group.py deleted file mode 100644 index 14f597f69d..0000000000 --- a/test/units/modules/cloud/amazon/test_ec2_group.py +++ /dev/null @@ -1,83 +0,0 @@ -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -from ansible.modules.cloud.amazon import ec2_group as group_module - - -def test_from_permission(): - internal_http = { - u'FromPort': 80, - u'IpProtocol': 'tcp', - u'IpRanges': [ - { - u'CidrIp': '10.0.0.0/8', - u'Description': 'Foo Bar Baz' - }, - ], - u'Ipv6Ranges': [ - {u'CidrIpv6': 'fe80::94cc:8aff:fef6:9cc/64'}, - ], - u'PrefixListIds': [], - u'ToPort': 80, - u'UserIdGroupPairs': [], - } - perms = list(group_module.rule_from_group_permission(internal_http)) - assert len(perms) == 2 - assert perms[0].target == '10.0.0.0/8' - assert perms[0].target_type == 'ipv4' - assert perms[0].description == 'Foo Bar Baz' - assert perms[1].target == 'fe80::94cc:8aff:fef6:9cc/64' - - global_egress = { - 'IpProtocol': '-1', - 'IpRanges': [{'CidrIp': '0.0.0.0/0'}], - 'Ipv6Ranges': [], - 'PrefixListIds': [], - 'UserIdGroupPairs': [] - } - perms = list(group_module.rule_from_group_permission(global_egress)) - assert len(perms) == 1 - assert perms[0].target == '0.0.0.0/0' - assert perms[0].port_range == (None, None) - - internal_prefix_http = { - u'FromPort': 80, - u'IpProtocol': 'tcp', - u'PrefixListIds': [ - {'PrefixListId': 'p-1234'} - ], - u'ToPort': 80, - u'UserIdGroupPairs': [], - } - perms = list(group_module.rule_from_group_permission(internal_prefix_http)) - assert len(perms) == 1 - assert perms[0].target == 'p-1234' - - -def test_rule_to_permission(): - tests = [ - group_module.Rule((22, 22), 'udp', 'sg-1234567890', 'group', None), - group_module.Rule((1, 65535), 'tcp', '0.0.0.0/0', 'ipv4', "All TCP from everywhere"), - group_module.Rule((443, 443), 'tcp', 'ip-123456', 'ip_prefix', "Traffic to privatelink IPs"), - group_module.Rule((443, 443), 'tcp', 'feed:dead:::beef/64', 'ipv6', None), - ] - for test in tests: - perm = group_module.to_permission(test) - assert perm['FromPort'], perm['ToPort'] == test.port_range - assert perm['IpProtocol'] == test.protocol - - -def test_validate_ip(): - class Warner(object): - def warn(self, msg): - return - ips = [ - ('1.1.1.1/24', '1.1.1.0/24'), - ('192.168.56.101/16', '192.168.0.0/16'), - # Don't modify IPv6 CIDRs, AWS supports /128 and device ranges - ('1203:8fe0:fe80:b897:8990:8a7c:99bf:323d/128', '1203:8fe0:fe80:b897:8990:8a7c:99bf:323d/128'), - ] - - for ip, net in ips: - assert group_module.validate_ip(Warner(), ip) == net diff --git a/test/units/plugins/inventory/test_aws_ec2.py b/test/units/plugins/inventory/test_aws_ec2.py deleted file mode 100644 index 06137a3ec2..0000000000 --- a/test/units/plugins/inventory/test_aws_ec2.py +++ /dev/null @@ -1,183 +0,0 @@ -# -*- coding: utf-8 -*- - -# Copyright 2017 Sloane Hertel <shertel@redhat.com> -# -# This file is part of Ansible -# -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see <http://www.gnu.org/licenses/>. - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import pytest -import datetime - -# Just to test that we have the prerequisite for InventoryModule and instance_data_filter_to_boto_attr -boto3 = pytest.importorskip('boto3') -botocore = pytest.importorskip('botocore') - -from ansible.errors import AnsibleError -from ansible.plugins.inventory.aws_ec2 import InventoryModule, instance_data_filter_to_boto_attr - -instances = { - u'Instances': [ - {u'Monitoring': {u'State': 'disabled'}, - u'PublicDnsName': 'ec2-12-345-67-890.compute-1.amazonaws.com', - u'State': {u'Code': 16, u'Name': 'running'}, - u'EbsOptimized': False, - u'LaunchTime': datetime.datetime(2017, 10, 31, 12, 59, 25), - u'PublicIpAddress': '12.345.67.890', - u'PrivateIpAddress': '098.76.54.321', - u'ProductCodes': [], - u'VpcId': 'vpc-12345678', - u'StateTransitionReason': '', - u'InstanceId': 'i-00000000000000000', - u'EnaSupport': True, - u'ImageId': 'ami-12345678', - u'PrivateDnsName': 'ip-098-76-54-321.ec2.internal', - u'KeyName': 'testkey', - u'SecurityGroups': [{u'GroupName': 'default', u'GroupId': 'sg-12345678'}], - u'ClientToken': '', - u'SubnetId': 'subnet-12345678', - u'InstanceType': 't2.micro', - u'NetworkInterfaces': [ - {u'Status': 'in-use', - u'MacAddress': '12:a0:50:42:3d:a4', - u'SourceDestCheck': True, - u'VpcId': 'vpc-12345678', - u'Description': '', - u'NetworkInterfaceId': 'eni-12345678', - u'PrivateIpAddresses': [ - {u'PrivateDnsName': 'ip-098-76-54-321.ec2.internal', - u'PrivateIpAddress': '098.76.54.321', - u'Primary': True, - u'Association': - {u'PublicIp': '12.345.67.890', - u'PublicDnsName': 'ec2-12-345-67-890.compute-1.amazonaws.com', - u'IpOwnerId': 'amazon'}}], - u'PrivateDnsName': 'ip-098-76-54-321.ec2.internal', - u'Attachment': - {u'Status': 'attached', - u'DeviceIndex': 0, - u'DeleteOnTermination': True, - u'AttachmentId': 'eni-attach-12345678', - u'AttachTime': datetime.datetime(2017, 10, 31, 12, 59, 25)}, - u'Groups': [ - {u'GroupName': 'default', - u'GroupId': 'sg-12345678'}], - u'Ipv6Addresses': [], - u'OwnerId': '123456789000', - u'PrivateIpAddress': '098.76.54.321', - u'SubnetId': 'subnet-12345678', - u'Association': - {u'PublicIp': '12.345.67.890', - u'PublicDnsName': 'ec2-12-345-67-890.compute-1.amazonaws.com', - u'IpOwnerId': 'amazon'}}], - u'SourceDestCheck': True, - u'Placement': - {u'Tenancy': 'default', - u'GroupName': '', - u'AvailabilityZone': 'us-east-1c'}, - u'Hypervisor': 'xen', - u'BlockDeviceMappings': [ - {u'DeviceName': '/dev/xvda', - u'Ebs': - {u'Status': 'attached', - u'DeleteOnTermination': True, - u'VolumeId': 'vol-01234567890000000', - u'AttachTime': datetime.datetime(2017, 10, 31, 12, 59, 26)}}], - u'Architecture': 'x86_64', - u'RootDeviceType': 'ebs', - u'RootDeviceName': '/dev/xvda', - u'VirtualizationType': 'hvm', - u'Tags': [{u'Value': 'test', u'Key': 'ansible'}, {u'Value': 'aws_ec2', u'Key': 'name'}], - u'AmiLaunchIndex': 0}], - u'ReservationId': 'r-01234567890000000', - u'Groups': [], - u'OwnerId': '123456789000' -} - - -@pytest.fixture(scope="module") -def inventory(): - return InventoryModule() - - -def test_compile_values(inventory): - found_value = instances['Instances'][0] - chain_of_keys = instance_data_filter_to_boto_attr['instance.group-id'] - for attr in chain_of_keys: - found_value = inventory._compile_values(found_value, attr) - assert found_value == "sg-12345678" - - -def test_get_boto_attr_chain(inventory): - instance = instances['Instances'][0] - assert inventory._get_boto_attr_chain('network-interface.addresses.private-ip-address', instance) == "098.76.54.321" - - -def test_boto3_conn(inventory): - inventory._options = {"aws_profile": "first_precedence", - "aws_access_key": "test_access_key", - "aws_secret_key": "test_secret_key", - "aws_security_token": "test_security_token", - "iam_role_arn": None} - inventory._set_credentials() - with pytest.raises(AnsibleError) as error_message: - for connection, region in inventory._boto3_conn(regions=['us-east-1']): - assert "Insufficient credentials found" in error_message - - -def test_get_hostname_default(inventory): - instance = instances['Instances'][0] - assert inventory._get_hostname(instance, hostnames=None) == "ec2-12-345-67-890.compute-1.amazonaws.com" - - -def test_get_hostname(inventory): - hostnames = ['ip-address', 'dns-name'] - instance = instances['Instances'][0] - assert inventory._get_hostname(instance, hostnames) == "12.345.67.890" - - -def test_set_credentials(inventory): - inventory._options = {'aws_access_key': 'test_access_key', - 'aws_secret_key': 'test_secret_key', - 'aws_security_token': 'test_security_token', - 'aws_profile': 'test_profile', - 'iam_role_arn': 'arn:aws:iam::112233445566:role/test-role'} - inventory._set_credentials() - - assert inventory.boto_profile == "test_profile" - assert inventory.aws_access_key_id == "test_access_key" - assert inventory.aws_secret_access_key == "test_secret_key" - assert inventory.aws_security_token == "test_security_token" - assert inventory.iam_role_arn == "arn:aws:iam::112233445566:role/test-role" - - -def test_insufficient_credentials(inventory): - inventory._options = { - 'aws_access_key': None, - 'aws_secret_key': None, - 'aws_security_token': None, - 'aws_profile': None, - 'iam_role_arn': None - } - with pytest.raises(AnsibleError) as error_message: - inventory._set_credentials() - assert "Insufficient credentials found" in error_message - - -def test_verify_file_bad_config(inventory): - assert inventory.verify_file('not_aws_config.yml') is False diff --git a/test/units/plugins/lookup/fixtures/avi.json b/test/units/plugins/lookup/fixtures/avi.json deleted file mode 100644 index ae89ca689c..0000000000 --- a/test/units/plugins/lookup/fixtures/avi.json +++ /dev/null @@ -1,104 +0,0 @@ -{ - "mock_single_obj": { - "_last_modified": "", - "cloud_ref": "https://192.0.2.132/api/cloud/cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "dhcp_enabled": true, - "exclude_discovered_subnets": false, - "name": "PG-123", - "synced_from_se": true, - "tenant_ref": "https://192.0.2.132/api/tenant/admin", - "url": "https://192.0.2.132/api/network/dvportgroup-2084-cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "uuid": "dvportgroup-2084-cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "vcenter_dvs": true, - "vimgrnw_ref": "https://192.0.2.132/api/vimgrnwruntime/dvportgroup-2084-cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "vrf_context_ref": "https://192.0.2.132/api/vrfcontext/vrfcontext-31f1b55f-319c-44eb-862f-69d79ffdf295" - }, - "mock_multiple_obj": { - "results": [ - { - "_last_modified": "", - "cloud_ref": "https://192.0.2.132/api/cloud/cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "dhcp_enabled": true, - "exclude_discovered_subnets": false, - "name": "J-PG-0682", - "synced_from_se": true, - "tenant_ref": "https://192.0.2.132/api/tenant/admin", - "url": "https://192.0.2.132/api/network/dvportgroup-2084-cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "uuid": "dvportgroup-2084-cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "vcenter_dvs": true, - "vimgrnw_ref": "https://192.0.2.132/api/vimgrnwruntime/dvportgroup-2084-cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "vrf_context_ref": "https://192.0.2.132/api/vrfcontext/vrfcontext-31f1b55f-319c-44eb-862f-69d79ffdf295" - }, - { - "_last_modified": "", - "cloud_ref": "https://192.0.2.132/api/cloud/cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "dhcp_enabled": true, - "exclude_discovered_subnets": false, - "name": "J-PG-0231", - "synced_from_se": true, - "tenant_ref": "https://192.0.2.132/api/tenant/admin", - "url": "https://192.0.2.132/api/network/dvportgroup-1627-cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "uuid": "dvportgroup-1627-cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "vcenter_dvs": true, - "vimgrnw_ref": "https://192.0.2.132/api/vimgrnwruntime/dvportgroup-1627-cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "vrf_context_ref": "https://192.0.2.132/api/vrfcontext/vrfcontext-31f1b55f-319c-44eb-862f-69d79ffdf295" - }, - { - "_last_modified": "", - "cloud_ref": "https://192.0.2.132/api/cloud/cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "dhcp_enabled": true, - "exclude_discovered_subnets": false, - "name": "J-PG-0535", - "synced_from_se": true, - "tenant_ref": "https://192.0.2.132/api/tenant/admin", - "url": "https://192.0.2.132/api/network/dvportgroup-1934-cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "uuid": "dvportgroup-1934-cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "vcenter_dvs": true, - "vimgrnw_ref": "https://192.0.2.132/api/vimgrnwruntime/dvportgroup-1934-cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "vrf_context_ref": "https://192.0.2.132/api/vrfcontext/vrfcontext-31f1b55f-319c-44eb-862f-69d79ffdf295" - }, - { - "_last_modified": "", - "cloud_ref": "https://192.0.2.132/api/cloud/cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "dhcp_enabled": true, - "exclude_discovered_subnets": false, - "name": "J-PG-0094", - "synced_from_se": true, - "tenant_ref": "https://192.0.2.132/api/tenant/admin", - "url": "https://192.0.2.132/api/network/dvportgroup-1458-cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "uuid": "dvportgroup-1458-cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "vcenter_dvs": true, - "vimgrnw_ref": "https://192.0.2.132/api/vimgrnwruntime/dvportgroup-1458-cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "vrf_context_ref": "https://192.0.2.132/api/vrfcontext/vrfcontext-31f1b55f-319c-44eb-862f-69d79ffdf295" - }, - { - "_last_modified": "", - "cloud_ref": "https://192.0.2.132/api/cloud/cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "dhcp_enabled": true, - "exclude_discovered_subnets": false, - "name": "J-PG-0437", - "synced_from_se": true, - "tenant_ref": "https://192.0.2.132/api/tenant/admin", - "url": "https://192.0.2.132/api/network/dvportgroup-1836-cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "uuid": "dvportgroup-1836-cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "vcenter_dvs": true, - "vimgrnw_ref": "https://192.0.2.132/api/vimgrnwruntime/dvportgroup-1836-cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "vrf_context_ref": "https://192.0.2.132/api/vrfcontext/vrfcontext-31f1b55f-319c-44eb-862f-69d79ffdf295" - }, - { - "_last_modified": "", - "cloud_ref": "https://192.0.2.132/api/cloud/cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "dhcp_enabled": true, - "exclude_discovered_subnets": false, - "name": "J-PG-0673", - "synced_from_se": true, - "tenant_ref": "https://192.0.2.132/api/tenant/admin", - "url": "https://192.0.2.132/api/network/dvportgroup-2075-cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "uuid": "dvportgroup-2075-cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "vcenter_dvs": true, - "vimgrnw_ref": "https://192.0.2.132/api/vimgrnwruntime/dvportgroup-2075-cloud-4d063be1-99c2-44cf-8b28-977bd970524c", - "vrf_context_ref": "https://192.0.2.132/api/vrfcontext/vrfcontext-31f1b55f-319c-44eb-862f-69d79ffdf295" - } - ] - } -} diff --git a/test/units/plugins/lookup/test_aws_secret.py b/test/units/plugins/lookup/test_aws_secret.py deleted file mode 100644 index ae7734501c..0000000000 --- a/test/units/plugins/lookup/test_aws_secret.py +++ /dev/null @@ -1,90 +0,0 @@ -# (c) 2019 Robert Williams -# -# This file is part of Ansible -# -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see <http://www.gnu.org/licenses/>. - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import pytest -import datetime - -from ansible.errors import AnsibleError - -from ansible.plugins.loader import lookup_loader - -try: - import boto3 - from botocore.exceptions import ClientError -except ImportError: - pytestmark = pytest.mark.skip("This test requires the boto3 and botocore Python libraries") - - -@pytest.fixture -def dummy_credentials(): - dummy_credentials = {} - dummy_credentials['boto_profile'] = None - dummy_credentials['aws_secret_key'] = "notasecret" - dummy_credentials['aws_access_key'] = "notakey" - dummy_credentials['aws_security_token'] = None - dummy_credentials['region'] = 'eu-west-1' - return dummy_credentials - - -def test_lookup_variable(mocker, dummy_credentials): - dateutil_tz = pytest.importorskip("dateutil.tz") - simple_variable_success_response = { - 'Name': 'secret', - 'VersionId': 'cafe8168-e6ce-4e59-8830-5b143faf6c52', - 'SecretString': '{"secret":"simplesecret"}', - 'VersionStages': ['AWSCURRENT'], - 'CreatedDate': datetime.datetime(2019, 4, 4, 11, 41, 0, 878000, tzinfo=dateutil_tz.tzlocal()), - 'ResponseMetadata': { - 'RequestId': '21099462-597c-490a-800f-8b7a41e5151c', - 'HTTPStatusCode': 200, - 'HTTPHeaders': { - 'date': 'Thu, 04 Apr 2019 10:43:12 GMT', - 'content-type': 'application/x-amz-json-1.1', - 'content-length': '252', - 'connection': 'keep-alive', - 'x-amzn-requestid': '21099462-597c-490a-800f-8b7a41e5151c' - }, - 'RetryAttempts': 0 - } - } - lookup = lookup_loader.get('aws_secret') - boto3_double = mocker.MagicMock() - boto3_double.Session.return_value.client.return_value.get_secret_value.return_value = simple_variable_success_response - boto3_client_double = boto3_double.Session.return_value.client - - mocker.patch.object(boto3, 'session', boto3_double) - retval = lookup.run(["simple_variable"], None, **dummy_credentials) - assert(retval[0] == '{"secret":"simplesecret"}') - boto3_client_double.assert_called_with('secretsmanager', 'eu-west-1', aws_access_key_id='notakey', - aws_secret_access_key="notasecret", aws_session_token=None) - - -error_response = {'Error': {'Code': 'ResourceNotFoundException', 'Message': 'Fake Testing Error'}} -operation_name = 'FakeOperation' - - -def test_warn_denied_variable(mocker, dummy_credentials): - boto3_double = mocker.MagicMock() - boto3_double.Session.return_value.client.return_value.get_secret_value.side_effect = ClientError(error_response, operation_name) - - with pytest.raises(AnsibleError): - mocker.patch.object(boto3, 'session', boto3_double) - lookup_loader.get('aws_secret').run(["denied_variable"], None, **dummy_credentials) diff --git a/test/units/plugins/lookup/test_aws_ssm.py b/test/units/plugins/lookup/test_aws_ssm.py deleted file mode 100644 index 811ccfb489..0000000000 --- a/test/units/plugins/lookup/test_aws_ssm.py +++ /dev/null @@ -1,166 +0,0 @@ -# -# (c) 2017 Michael De La Rue -# -# This file is part of Ansible -# -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see <http://www.gnu.org/licenses/>. - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import pytest -from copy import copy - -from ansible.errors import AnsibleError - -from ansible.plugins.lookup import aws_ssm - -try: - import boto3 - from botocore.exceptions import ClientError -except ImportError: - pytestmark = pytest.mark.skip("This test requires the boto3 and botocore Python libraries") - -simple_variable_success_response = { - 'Parameters': [ - { - 'Name': 'simple_variable', - 'Type': 'String', - 'Value': 'simplevalue', - 'Version': 1 - } - ], - 'InvalidParameters': [], - 'ResponseMetadata': { - 'RequestId': '12121212-3434-5656-7878-9a9a9a9a9a9a', - 'HTTPStatusCode': 200, - 'HTTPHeaders': { - 'x-amzn-requestid': '12121212-3434-5656-7878-9a9a9a9a9a9a', - 'content-type': 'application/x-amz-json-1.1', - 'content-length': '116', - 'date': 'Tue, 23 Jan 2018 11:04:27 GMT' - }, - 'RetryAttempts': 0 - } -} - -path_success_response = copy(simple_variable_success_response) -path_success_response['Parameters'] = [ - {'Name': '/testpath/too', 'Type': 'String', 'Value': 'simple_value_too', 'Version': 1}, - {'Name': '/testpath/won', 'Type': 'String', 'Value': 'simple_value_won', 'Version': 1} -] - -missing_variable_response = copy(simple_variable_success_response) -missing_variable_response['Parameters'] = [] -missing_variable_response['InvalidParameters'] = ['missing_variable'] - -some_missing_variable_response = copy(simple_variable_success_response) -some_missing_variable_response['Parameters'] = [ - {'Name': 'simple', 'Type': 'String', 'Value': 'simple_value', 'Version': 1}, - {'Name': '/testpath/won', 'Type': 'String', 'Value': 'simple_value_won', 'Version': 1} -] -some_missing_variable_response['InvalidParameters'] = ['missing_variable'] - - -dummy_credentials = {} -dummy_credentials['boto_profile'] = None -dummy_credentials['aws_secret_key'] = "notasecret" -dummy_credentials['aws_access_key'] = "notakey" -dummy_credentials['aws_security_token'] = None -dummy_credentials['region'] = 'eu-west-1' - - -def test_lookup_variable(mocker): - lookup = aws_ssm.LookupModule() - lookup._load_name = "aws_ssm" - - boto3_double = mocker.MagicMock() - boto3_double.Session.return_value.client.return_value.get_parameters.return_value = simple_variable_success_response - boto3_client_double = boto3_double.Session.return_value.client - - mocker.patch.object(boto3, 'session', boto3_double) - retval = lookup.run(["simple_variable"], {}, **dummy_credentials) - assert(retval[0] == "simplevalue") - boto3_client_double.assert_called_with('ssm', 'eu-west-1', aws_access_key_id='notakey', - aws_secret_access_key="notasecret", aws_session_token=None) - - -def test_path_lookup_variable(mocker): - lookup = aws_ssm.LookupModule() - lookup._load_name = "aws_ssm" - - boto3_double = mocker.MagicMock() - get_path_fn = boto3_double.Session.return_value.client.return_value.get_parameters_by_path - get_path_fn.return_value = path_success_response - boto3_client_double = boto3_double.Session.return_value.client - - mocker.patch.object(boto3, 'session', boto3_double) - args = copy(dummy_credentials) - args["bypath"] = 'true' - retval = lookup.run(["/testpath"], {}, **args) - assert(retval[0]["/testpath/won"] == "simple_value_won") - assert(retval[0]["/testpath/too"] == "simple_value_too") - boto3_client_double.assert_called_with('ssm', 'eu-west-1', aws_access_key_id='notakey', - aws_secret_access_key="notasecret", aws_session_token=None) - get_path_fn.assert_called_with(Path="/testpath", Recursive=False, WithDecryption=True) - - -def test_return_none_for_missing_variable(mocker): - """ - during jinja2 templates, we can't shouldn't normally raise exceptions since this blocks the ability to use defaults. - - for this reason we return ```None``` for missing variables - """ - lookup = aws_ssm.LookupModule() - lookup._load_name = "aws_ssm" - - boto3_double = mocker.MagicMock() - boto3_double.Session.return_value.client.return_value.get_parameters.return_value = missing_variable_response - - mocker.patch.object(boto3, 'session', boto3_double) - retval = lookup.run(["missing_variable"], {}, **dummy_credentials) - assert(retval[0] is None) - - -def test_match_retvals_to_call_params_even_with_some_missing_variables(mocker): - """ - If we get a complex list of variables with some missing and some not, we still have to return a - list which matches with the original variable list. - """ - lookup = aws_ssm.LookupModule() - lookup._load_name = "aws_ssm" - - boto3_double = mocker.MagicMock() - boto3_double.Session.return_value.client.return_value.get_parameters.return_value = some_missing_variable_response - - mocker.patch.object(boto3, 'session', boto3_double) - retval = lookup.run(["simple", "missing_variable", "/testpath/won", "simple"], {}, **dummy_credentials) - assert(retval == ["simple_value", None, "simple_value_won", "simple_value"]) - - -error_response = {'Error': {'Code': 'ResourceNotFoundException', 'Message': 'Fake Testing Error'}} -operation_name = 'FakeOperation' - - -def test_warn_denied_variable(mocker): - lookup = aws_ssm.LookupModule() - lookup._load_name = "aws_ssm" - - boto3_double = mocker.MagicMock() - boto3_double.Session.return_value.client.return_value.get_parameters.side_effect = ClientError(error_response, operation_name) - - with pytest.raises(AnsibleError): - mocker.patch.object(boto3, 'session', boto3_double) - lookup.run(["denied_variable"], {}, **dummy_credentials) |