Fix ec2_instance eventual consistency when wait: false (#51885)

* Do not return 'instances' when wait is false * Added integration tests for wait: false * Added changelog fragment * Fix test suite to work with ec2_instance * Additional permissions * Enforce boto3 version * Fix broken tests * Improve error messages * fix linter issues
2025-07-22 12:50:22 -07:00 · 2019-03-06 12:46:37 +00:00 · 2019-03-06 12:46:37 +00:00 · 5c6b16edc3
commit 5c6b16edc3
parent d0db99e023
10 changed files with 145 additions and 21 deletions
--- a/hacking/aws_config/testing_policies/compute-policy.json
+++ b/hacking/aws_config/testing_policies/compute-policy.json
@ -42,6 +42,7 @@
                "ec2:AssociateVpcCidrBlock",
                "ec2:AssociateSubnetCidrBlock",
                "ec2:AttachInternetGateway",
+                "ec2:AttachNetworkInterface",
                "ec2:AttachVpnGateway",
                "ec2:CreateCustomerGateway",
                "ec2:CreateDhcpOptions",
@ -80,6 +81,7 @@
                "ec2:DisassociateSubnetCidrBlock",
                "ec2:ImportKeyPair",
                "ec2:ModifyImageAttribute",
+                "ec2:ModifyInstanceAttribute",
                "ec2:ModifySubnetAttribute",
                "ec2:ModifyVpcAttribute",
                "ec2:RegisterImage",
@ -102,6 +104,8 @@
                "ec2:RevokeSecurityGroupEgress",
                "ec2:RevokeSecurityGroupIngress",
                "ec2:RunInstances",
+                "ec2:StartInstances",
+                "ec2:StopInstances",
                "ec2:TerminateInstances",
                "ec2:UpdateSecurityGroupRuleDescriptionsIngress",
                "ec2:UpdateSecurityGroupRuleDescriptionsEgress"
--- a/hacking/aws_config/testing_policies/container-policy.json
+++ b/hacking/aws_config/testing_policies/container-policy.json
@ -45,8 +45,6 @@
            "ecs:StopTask",
            "ecs:UpdateService",
            "elasticloadbalancing:Describe*",
-            "iam:AttachRolePolicy",
-            "iam:CreateRole",
            "iam:GetPolicy",
            "iam:GetPolicyVersion",
            "iam:GetRole",
--- a/hacking/aws_config/testing_policies/security-policy.json
+++ b/hacking/aws_config/testing_policies/security-policy.json
@ -26,6 +26,43 @@
            "Effect": "Allow",
            "Sid": "AllowReadOnlyIAMUse"
        },
+        {
+            "Action": [
+                "iam:AttachRolePolicy",
+                "iam:CreateRole",
+                "iam:DeleteRole",
+                "iam:DetachRolePolicy",
+                "iam:PassRole"
+             ],
+            "Resource": "arn:aws:iam::{{ aws_account }}:role/ansible-test-*",
+            "Effect": "Allow",
+            "Sid": "AllowUpdateOfSpecificRoles"
+        },
+        {
+            "Action": [
+                "iam:CreateInstanceProfile",
+                "iam:DeleteInstanceProfile",
+                "iam:AddRoleToInstanceProfile",
+                "iam:RemoveRoleFromInstanceProfile"
+             ],
+            "Resource": "arn:aws:iam::{{ aws_account }}:instance-profile/ansible-test-*",
+            "Effect": "Allow",
+            "Sid": "AllowUpdateOfSpecificInstanceProfiles"
+        },
+        {
+            "Action": [
+                "ec2:ReplaceIamInstanceProfileAssociation"
+             ],
+            "Resource": "*",
+            "Condition": {
+              "ArnEquals": {
+                "ec2:InstanceProfile": "arn:aws:iam::{{ aws_account }}:instance-profile/ansible-test-*"
+              }
+            },
+            "Effect": "Allow",
+            "Sid": "AllowReplacementOfSpecificInstanceProfiles"
+        },
+
        {
            "Sid": "AllowWAFusage",
            "Action": "waf:*",