mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-23 05:10:22 -07:00
New module: AWS EC2 Launch Template (#46972)
* Add launch template integration tests
This commit is contained in:
parent
5a7f2b6b08
commit
a51eca364f
13 changed files with 1133 additions and 0 deletions
2
test/integration/targets/ec2_launch_template/aliases
Normal file
2
test/integration/targets/ec2_launch_template/aliases
Normal file
|
@ -0,0 +1,2 @@
|
|||
cloud/aws
|
||||
unsupported
|
|
@ -0,0 +1,4 @@
|
|||
- hosts: localhost
|
||||
connection: local
|
||||
roles:
|
||||
- ec2_launch_template
|
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
resource_prefix: ansible-test-default-group
|
||||
ec2_ami_image:
|
||||
# https://wiki.centos.org/Cloud/AWS collected 2018-01-10
|
||||
ap-northeast-1: ami-571e3c30
|
||||
ap-northeast-2: ami-97cb19f9
|
||||
ap-south-1: ami-11f0837e
|
||||
ap-southeast-1: ami-30318f53
|
||||
ap-southeast-2: ami-24959b47
|
||||
ca-central-1: ami-daeb57be
|
||||
eu-central-1: ami-7cbc6e13
|
||||
eu-west-1: ami-0d063c6b
|
||||
eu-west-2: ami-c22236a6
|
||||
sa-east-1: ami-864f2dea
|
||||
us-east-1: ami-ae7bfdb8
|
||||
us-east-2: ami-9cbf9bf9
|
||||
us-west-1: ami-7c280d1c
|
||||
us-west-2: ami-0c2aba6c
|
|
@ -0,0 +1,13 @@
|
|||
{
|
||||
"Version": "2008-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Sid": "",
|
||||
"Effect": "Allow",
|
||||
"Principal": {
|
||||
"Service": "ec2.amazonaws.com"
|
||||
},
|
||||
"Action": "sts:AssumeRole"
|
||||
}
|
||||
]
|
||||
}
|
|
@ -0,0 +1,3 @@
|
|||
dependencies:
|
||||
- prepare_tests
|
||||
- setup_ec2
|
|
@ -0,0 +1,38 @@
|
|||
- block:
|
||||
- name: delete a non-existent template
|
||||
ec2_launch_template:
|
||||
name: "{{ resource_prefix }}-not-a-real-template"
|
||||
state: absent
|
||||
register: del_fake_lt
|
||||
ignore_errors: true
|
||||
- assert:
|
||||
that:
|
||||
- del_fake_lt is not failed
|
||||
- name: create c4.large instance with cpu_options
|
||||
ec2_launch_template:
|
||||
name: "{{ resource_prefix }}-c4large-1-threads-per-core"
|
||||
image_id: "{{ ec2_ami_image[aws_region] }}"
|
||||
tags:
|
||||
TestId: "{{ resource_prefix }}"
|
||||
instance_type: c4.large
|
||||
cpu_options:
|
||||
core_count: 1
|
||||
threads_per_core: 1
|
||||
register: lt
|
||||
|
||||
- name: instance with cpu_options created with the right options
|
||||
assert:
|
||||
that:
|
||||
- lt is success
|
||||
- lt is changed
|
||||
- "lt.latest_template.launch_template_data.cpu_options.core_count == 1"
|
||||
- "lt.latest_template.launch_template_data.cpu_options.threads_per_core == 1"
|
||||
always:
|
||||
- name: delete the template
|
||||
ec2_launch_template:
|
||||
name: "{{ resource_prefix }}-c4large-1-threads-per-core"
|
||||
state: absent
|
||||
register: del_lt
|
||||
retries: 10
|
||||
until: del_lt is not failed
|
||||
ignore_errors: true
|
|
@ -0,0 +1,104 @@
|
|||
- block:
|
||||
- name: Create IAM role for test
|
||||
iam_role:
|
||||
name: "{{ resource_prefix }}-test-policy"
|
||||
assume_role_policy_document: "{{ lookup('file','assume-role-policy.json') }}"
|
||||
state: present
|
||||
create_instance_profile: yes
|
||||
managed_policy:
|
||||
- AmazonS3ReadOnlyAccess
|
||||
register: iam_role
|
||||
|
||||
- name: Create second IAM role for test
|
||||
iam_role:
|
||||
name: "{{ resource_prefix }}-test-policy-2"
|
||||
assume_role_policy_document: "{{ lookup('file','assume-role-policy.json') }}"
|
||||
state: present
|
||||
create_instance_profile: yes
|
||||
managed_policy:
|
||||
- AmazonS3ReadOnlyAccess
|
||||
register: iam_role_2
|
||||
|
||||
- name: Make instance with an instance_role
|
||||
ec2_launch_template:
|
||||
name: "{{ resource_prefix }}-test-instance-role"
|
||||
image_id: "{{ ec2_ami_image[aws_region] }}"
|
||||
instance_type: t2.micro
|
||||
iam_instance_profile: "{{ resource_prefix }}-test-policy"
|
||||
register: template_with_role
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- 'template_with_role.default_template.launch_template_data.iam_instance_profile.arn == iam_role.arn.replace(":role/", ":instance-profile/")'
|
||||
|
||||
- name: Create template again, with no change to instance_role
|
||||
ec2_launch_template:
|
||||
name: "{{ resource_prefix }}-test-instance-role"
|
||||
image_id: "{{ ec2_ami_image[aws_region] }}"
|
||||
instance_type: t2.micro
|
||||
iam_instance_profile: "{{ resource_prefix }}-test-policy"
|
||||
register: template_with_role
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- 'template_with_role.default_template.launch_template_data.iam_instance_profile.arn == iam_role.arn.replace(":role/", ":instance-profile/")'
|
||||
- 'template_with_role is not changed'
|
||||
|
||||
- name: Update instance with new instance_role
|
||||
ec2_launch_template:
|
||||
name: "{{ resource_prefix }}-test-instance-role"
|
||||
image_id: "{{ ec2_ami_image[aws_region] }}"
|
||||
instance_type: t2.micro
|
||||
iam_instance_profile: "{{ resource_prefix }}-test-policy-2"
|
||||
register: template_with_updated_role
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- 'template_with_updated_role.default_template.launch_template_data.iam_instance_profile.arn == iam_role_2.arn.replace(":role/", ":instance-profile/")'
|
||||
- 'template_with_updated_role.default_template.launch_template_data.iam_instance_profile.arn == iam_role_2.arn.replace(":role/", ":instance-profile/")'
|
||||
- 'template_with_role.default_template.version_number < template_with_updated_role.default_template.version_number'
|
||||
- 'template_with_updated_role is changed'
|
||||
- 'template_with_updated_role is not failed'
|
||||
|
||||
- name: Re-set with same new instance_role
|
||||
ec2_launch_template:
|
||||
name: "{{ resource_prefix }}-test-instance-role"
|
||||
image_id: "{{ ec2_ami_image[aws_region] }}"
|
||||
instance_type: t2.micro
|
||||
iam_instance_profile: "{{ resource_prefix }}-test-policy-2"
|
||||
register: template_with_updated_role
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- 'template_with_updated_role is not changed'
|
||||
- 'template_with_updated_role.default_template.launch_template_data.iam_instance_profile.arn == iam_role_2.arn.replace(":role/", ":instance-profile/")'
|
||||
|
||||
always:
|
||||
- name: delete launch template
|
||||
ec2_launch_template:
|
||||
name: "{{ resource_prefix }}-test-instance-role"
|
||||
state: absent
|
||||
register: lt_removed
|
||||
until: lt_removed is not failed
|
||||
ignore_errors: yes
|
||||
retries: 10
|
||||
- name: Delete IAM role for test
|
||||
iam_role:
|
||||
name: "{{ resource_prefix }}-test-policy"
|
||||
assume_role_policy_document: "{{ lookup('file','assume-role-policy.json') }}"
|
||||
state: absent
|
||||
create_instance_profile: yes
|
||||
register: iam_removed
|
||||
until: iam_removed is not failed
|
||||
ignore_errors: yes
|
||||
retries: 10
|
||||
- name: Delete IAM role for test
|
||||
iam_role:
|
||||
name: "{{ resource_prefix }}-test-policy-2"
|
||||
assume_role_policy_document: "{{ lookup('file','assume-role-policy.json') }}"
|
||||
state: absent
|
||||
create_instance_profile: yes
|
||||
register: iam_2_removed
|
||||
until: iam_2_removed is not failed
|
||||
ignore_errors: yes
|
||||
retries: 10
|
|
@ -0,0 +1,23 @@
|
|||
---
|
||||
# A Note about ec2 environment variable name preference:
|
||||
# - EC2_URL -> AWS_URL
|
||||
# - EC2_ACCESS_KEY -> AWS_ACCESS_KEY_ID -> AWS_ACCESS_KEY
|
||||
# - EC2_SECRET_KEY -> AWS_SECRET_ACCESS_KEY -> AWX_SECRET_KEY
|
||||
# - EC2_REGION -> AWS_REGION
|
||||
#
|
||||
|
||||
# - include: ../../../../../setup_ec2/tasks/common.yml module_name: ec2_instance
|
||||
|
||||
- module_defaults:
|
||||
group/aws:
|
||||
aws_access_key: "{{ aws_access_key }}"
|
||||
aws_secret_key: "{{ aws_secret_key }}"
|
||||
security_token: "{{ security_token }}"
|
||||
region: "{{ aws_region }}"
|
||||
block:
|
||||
- include_tasks: cpu_options.yml
|
||||
- include_tasks: iam_instance_role.yml
|
||||
|
||||
always:
|
||||
- debug:
|
||||
msg: teardown goes here
|
|
@ -0,0 +1,216 @@
|
|||
- block:
|
||||
# ============================================================
|
||||
# set up VPC
|
||||
- name: Create VPC for use in testing
|
||||
ec2_vpc_net:
|
||||
name: "{{ resource_prefix }}-vpc"
|
||||
cidr_block: 10.99.0.0/16
|
||||
tags:
|
||||
Name: Ansible ec2_instance Testing VPC
|
||||
tenancy: default
|
||||
register: testing_vpc
|
||||
|
||||
- name: Create default subnet in zone A
|
||||
ec2_vpc_subnet:
|
||||
state: present
|
||||
vpc_id: "{{ testing_vpc.vpc.id }}"
|
||||
cidr: 10.99.0.0/24
|
||||
az: "{{ aws_region }}a"
|
||||
resource_tags:
|
||||
Name: "{{ resource_prefix }}-subnet-a"
|
||||
register: testing_subnet_a
|
||||
|
||||
- name: Create secondary subnet in zone B
|
||||
ec2_vpc_subnet:
|
||||
state: present
|
||||
vpc_id: "{{ testing_vpc.vpc.id }}"
|
||||
cidr: 10.99.1.0/24
|
||||
az: "{{ aws_region }}b"
|
||||
resource_tags:
|
||||
Name: "{{ resource_prefix }}-subnet-b"
|
||||
register: testing_subnet_b
|
||||
|
||||
- name: create a security group with the vpc
|
||||
ec2_group:
|
||||
name: "{{ resource_prefix }}-sg"
|
||||
description: a security group for ansible tests
|
||||
vpc_id: "{{ testing_vpc.vpc.id }}"
|
||||
rules:
|
||||
- proto: tcp
|
||||
ports: [22, 80]
|
||||
cidr_ip: 0.0.0.0/0
|
||||
register: sg
|
||||
# TODO: switch these tests from instances
|
||||
- assert:
|
||||
that:
|
||||
- 1 == 0
|
||||
# ============================================================
|
||||
# start subnet/sg testing
|
||||
- name: Make instance in the testing subnet created in the test VPC
|
||||
ec2_instance:
|
||||
name: "{{ resource_prefix }}-test-basic-vpc-create"
|
||||
image_id: "{{ ec2_ami_image[aws_region] }}"
|
||||
user_data: |
|
||||
#cloud-config
|
||||
package_upgrade: true
|
||||
package_update: true
|
||||
tags:
|
||||
TestId: "{{ resource_prefix }}"
|
||||
Something: else
|
||||
security_groups: "{{ sg.group_id }}"
|
||||
network:
|
||||
source_dest_check: false
|
||||
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
|
||||
instance_type: t2.micro
|
||||
volumes:
|
||||
- device_name: /dev/sda1
|
||||
ebs:
|
||||
delete_on_termination: true
|
||||
<<: *aws_connection_info
|
||||
register: in_test_vpc
|
||||
|
||||
- name: Try to re-make the instance, hopefully this shows changed=False
|
||||
ec2_instance:
|
||||
name: "{{ resource_prefix }}-test-basic-vpc-create"
|
||||
image_id: "{{ ec2_ami_image[aws_region] }}"
|
||||
user_data: |
|
||||
#cloud-config
|
||||
package_upgrade: true
|
||||
package_update: true
|
||||
tags:
|
||||
TestId: "{{ resource_prefix }}"
|
||||
Something: else
|
||||
security_groups: "{{ sg.group_id }}"
|
||||
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
|
||||
instance_type: t2.micro
|
||||
<<: *aws_connection_info
|
||||
register: remake_in_test_vpc
|
||||
- name: "Remaking the same instance resulted in no changes"
|
||||
assert:
|
||||
that: not remake_in_test_vpc.changed
|
||||
- name: check that instance IDs match anyway
|
||||
assert:
|
||||
that: 'remake_in_test_vpc.instance_ids[0] == in_test_vpc.instance_ids[0]'
|
||||
- name: check that source_dest_check was set to false
|
||||
assert:
|
||||
that: 'not remake_in_test_vpc.instances[0].source_dest_check'
|
||||
|
||||
- name: Alter it by adding tags
|
||||
ec2_instance:
|
||||
name: "{{ resource_prefix }}-test-basic-vpc-create"
|
||||
image_id: "{{ ec2_ami_image[aws_region] }}"
|
||||
tags:
|
||||
TestId: "{{ resource_prefix }}"
|
||||
Another: thing
|
||||
security_groups: "{{ sg.group_id }}"
|
||||
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
|
||||
instance_type: t2.micro
|
||||
<<: *aws_connection_info
|
||||
register: add_another_tag
|
||||
|
||||
- ec2_instance_facts:
|
||||
instance_ids: "{{ add_another_tag.instance_ids }}"
|
||||
<<: *aws_connection_info
|
||||
register: check_tags
|
||||
- name: "Remaking the same instance resulted in no changes"
|
||||
assert:
|
||||
that:
|
||||
- check_tags.instances[0].tags.Another == 'thing'
|
||||
- check_tags.instances[0].tags.Something == 'else'
|
||||
|
||||
- name: Purge a tag
|
||||
ec2_instance:
|
||||
name: "{{ resource_prefix }}-test-basic-vpc-create"
|
||||
image_id: "{{ ec2_ami_image[aws_region] }}"
|
||||
purge_tags: true
|
||||
tags:
|
||||
TestId: "{{ resource_prefix }}"
|
||||
Another: thing
|
||||
security_groups: "{{ sg.group_id }}"
|
||||
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
|
||||
instance_type: t2.micro
|
||||
<<: *aws_connection_info
|
||||
- ec2_instance_facts:
|
||||
instance_ids: "{{ add_another_tag.instance_ids }}"
|
||||
<<: *aws_connection_info
|
||||
register: check_tags
|
||||
- name: "Remaking the same instance resulted in no changes"
|
||||
assert:
|
||||
that:
|
||||
- "'Something' not in check_tags.instances[0].tags"
|
||||
|
||||
- name: Terminate instance
|
||||
ec2_instance:
|
||||
filters:
|
||||
tag:TestId: "{{ resource_prefix }}"
|
||||
state: absent
|
||||
<<: *aws_connection_info
|
||||
register: result
|
||||
- assert:
|
||||
that: result.changed
|
||||
|
||||
- name: Terminate instance
|
||||
ec2_instance:
|
||||
instance_ids: "{{ in_test_vpc.instance_ids }}"
|
||||
state: absent
|
||||
<<: *aws_connection_info
|
||||
register: result
|
||||
- assert:
|
||||
that: not result.changed
|
||||
|
||||
- name: check that subnet-default public IP rule was followed
|
||||
assert:
|
||||
that:
|
||||
- in_test_vpc.instances[0].public_dns_name == ""
|
||||
- in_test_vpc.instances[0].private_ip_address.startswith("10.22.33")
|
||||
- in_test_vpc.instances[0].subnet_id == testing_subnet_b.subnet.id
|
||||
- name: check that tags were applied
|
||||
assert:
|
||||
that:
|
||||
- in_test_vpc.instances[0].tags.Name.startswith(resource_prefix)
|
||||
- in_test_vpc.instances[0].state.name == 'running'
|
||||
|
||||
always:
|
||||
- name: remove the security group
|
||||
ec2_group:
|
||||
name: "{{ resource_prefix }}-sg"
|
||||
description: a security group for ansible tests
|
||||
vpc_id: "{{ testing_vpc.vpc.id }}"
|
||||
state: absent
|
||||
register: removed
|
||||
until: removed is not failed
|
||||
ignore_errors: yes
|
||||
retries: 10
|
||||
|
||||
- name: remove subnet A
|
||||
ec2_vpc_subnet:
|
||||
state: absent
|
||||
vpc_id: "{{ testing_vpc.vpc.id }}"
|
||||
cidr: 10.99.0.0/24
|
||||
register: removed
|
||||
until: removed is not failed
|
||||
ignore_errors: yes
|
||||
retries: 10
|
||||
|
||||
- name: remove subnet B
|
||||
ec2_vpc_subnet:
|
||||
state: absent
|
||||
vpc_id: "{{ testing_vpc.vpc.id }}"
|
||||
cidr: 10.99.1.0/24
|
||||
register: removed
|
||||
until: removed is not failed
|
||||
ignore_errors: yes
|
||||
retries: 10
|
||||
|
||||
- name: remove the VPC
|
||||
ec2_vpc_net:
|
||||
name: "{{ resource_prefix }}-vpc"
|
||||
cidr_block: 10.99.0.0/16
|
||||
state: absent
|
||||
tags:
|
||||
Name: Ansible Testing VPC
|
||||
tenancy: default
|
||||
register: removed
|
||||
until: removed is not failed
|
||||
ignore_errors: yes
|
||||
retries: 10
|
|
@ -0,0 +1,35 @@
|
|||
- hosts: localhost
|
||||
connection: local
|
||||
vars:
|
||||
resource_prefix: 'ansible-testing'
|
||||
module_defaults:
|
||||
group/aws:
|
||||
aws_access_key: "{{ aws_access_key }}"
|
||||
aws_secret_key: "{{ aws_secret_key }}"
|
||||
security_token: "{{ security_token }}"
|
||||
region: "{{ aws_region }}"
|
||||
tasks:
|
||||
- block:
|
||||
- name: Include vars file in roles/ec2_instance/defaults/main.yml
|
||||
include_vars:
|
||||
file: 'roles/ec2_launch_template/defaults/main.yml'
|
||||
|
||||
- name: create c4.large template (failure expected)
|
||||
ec2_launch_template:
|
||||
state: present
|
||||
name: "ansible-test-{{ resource_prefix | regex_search('([0-9]+)$') }}-tpl"
|
||||
instance_type: c4.large
|
||||
register: ec2_lt
|
||||
ignore_errors: yes
|
||||
|
||||
- name: check that graceful error message is returned when creation with cpu_options and old botocore
|
||||
assert:
|
||||
that:
|
||||
- ec2_lt is failed
|
||||
- 'ec2_lt.msg == "ec2_launch_template requires boto3 >= 1.6.0"'
|
||||
always:
|
||||
- name: delete the c4.large template just in case it was created
|
||||
ec2_launch_template:
|
||||
state: absent
|
||||
name: "ansible-test-{{ resource_prefix | regex_search('([0-9]+)$') }}-tpl"
|
||||
ignore_errors: yes
|
26
test/integration/targets/ec2_launch_template/runme.sh
Executable file
26
test/integration/targets/ec2_launch_template/runme.sh
Executable file
|
@ -0,0 +1,26 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
# We don't set -u here, due to pypa/virtualenv#150
|
||||
set -ex
|
||||
|
||||
MYTMPDIR=$(mktemp -d 2>/dev/null || mktemp -d -t 'mytmpdir')
|
||||
|
||||
trap 'rm -rf "${MYTMPDIR}"' EXIT
|
||||
|
||||
# This is needed for the ubuntu1604py3 tests
|
||||
# Ubuntu patches virtualenv to make the default python2
|
||||
# but for the python3 tests we need virtualenv to use python3
|
||||
PYTHON=${ANSIBLE_TEST_PYTHON_INTERPRETER:-python}
|
||||
|
||||
# Test graceful failure for older versions of botocore
|
||||
export ANSIBLE_ROLES_PATH=../
|
||||
virtualenv --system-site-packages --python "${PYTHON}" "${MYTMPDIR}/boto3-less-than-1.6.0"
|
||||
source "${MYTMPDIR}/boto3-less-than-1.6.0/bin/activate"
|
||||
"${PYTHON}" -m pip install 'boto3<1.6.0'
|
||||
ansible-playbook -i ../../inventory -e @../../integration_config.yml -e @../../cloud-config-aws.yml -v playbooks/version_fail.yml "$@"
|
||||
|
||||
# Run full test suite
|
||||
virtualenv --system-site-packages --python "${PYTHON}" "${MYTMPDIR}/boto3-recent"
|
||||
source "${MYTMPDIR}/boto3-recent/bin/activate"
|
||||
$PYTHON -m pip install 'boto3>1.6.0'
|
||||
ansible-playbook -i ../../inventory -e @../../integration_config.yml -e @../../cloud-config-aws.yml -v playbooks/full_test.yml "$@"
|
Loading…
Add table
Add a link
Reference in a new issue