ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-27 23:21:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

New module: AWS EC2 Launch Template (#46972)

Browse source 
* Add launch template integration tests
This commit is contained in:
Ryan Brown 2018-11-29 13:59:10 -05:00 committed by Sloane Hertel
commit a51eca364f
13 changed files with 1133 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
test/integration/targets/ec2_launch_template/aliases Normal file
View file

@ -0,0 +1,2 @@
cloud/aws
unsupported

4
test/integration/targets/ec2_launch_template/playbooks/full_test.yml Normal file
View file

@ -0,0 +1,4 @@
- hosts: localhost
connection: local
roles:
- ec2_launch_template

18
test/integration/targets/ec2_launch_template/playbooks/roles/ec2_launch_template/defaults/main.yml Normal file
View file

@ -0,0 +1,18 @@
---
resource_prefix: ansible-test-default-group
ec2_ami_image:
# https://wiki.centos.org/Cloud/AWS collected 2018-01-10
ap-northeast-1: ami-571e3c30
ap-northeast-2: ami-97cb19f9
ap-south-1: ami-11f0837e
ap-southeast-1: ami-30318f53
ap-southeast-2: ami-24959b47
ca-central-1: ami-daeb57be
eu-central-1: ami-7cbc6e13
eu-west-1: ami-0d063c6b
eu-west-2: ami-c22236a6
sa-east-1: ami-864f2dea
us-east-1: ami-ae7bfdb8
us-east-2: ami-9cbf9bf9
us-west-1: ami-7c280d1c
us-west-2: ami-0c2aba6c

13
test/integration/targets/ec2_launch_template/playbooks/roles/ec2_launch_template/files/assume-role-policy.json Normal file
View file

@ -0,0 +1,13 @@
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}

3
test/integration/targets/ec2_launch_template/playbooks/roles/ec2_launch_template/meta/main.yml Normal file
View file

@ -0,0 +1,3 @@
dependencies:
- prepare_tests
- setup_ec2

38
test/integration/targets/ec2_launch_template/playbooks/roles/ec2_launch_template/tasks/cpu_options.yml Normal file
View file

@ -0,0 +1,38 @@
- block:
- name: delete a non-existent template
ec2_launch_template:
name: "{{ resource_prefix }}-not-a-real-template"
state: absent
register: del_fake_lt
ignore_errors: true
- assert:
that:
- del_fake_lt is not failed
- name: create c4.large instance with cpu_options
ec2_launch_template:
name: "{{ resource_prefix }}-c4large-1-threads-per-core"
image_id: "{{ ec2_ami_image[aws_region] }}"
tags:
TestId: "{{ resource_prefix }}"
instance_type: c4.large
cpu_options:
core_count: 1
threads_per_core: 1
register: lt
- name: instance with cpu_options created with the right options
assert:
that:
- lt is success
- lt is changed
- "lt.latest_template.launch_template_data.cpu_options.core_count == 1"
- "lt.latest_template.launch_template_data.cpu_options.threads_per_core == 1"
always:
- name: delete the template
ec2_launch_template:
name: "{{ resource_prefix }}-c4large-1-threads-per-core"
state: absent
register: del_lt
retries: 10
until: del_lt is not failed
ignore_errors: true

104
test/integration/targets/ec2_launch_template/playbooks/roles/ec2_launch_template/tasks/iam_instance_role.yml Normal file
View file

@ -0,0 +1,104 @@
- block:
- name: Create IAM role for test
iam_role:
name: "{{ resource_prefix }}-test-policy"
assume_role_policy_document: "{{ lookup('file','assume-role-policy.json') }}"
state: present
create_instance_profile: yes
managed_policy:
- AmazonS3ReadOnlyAccess
register: iam_role
- name: Create second IAM role for test
iam_role:
name: "{{ resource_prefix }}-test-policy-2"
assume_role_policy_document: "{{ lookup('file','assume-role-policy.json') }}"
state: present
create_instance_profile: yes
managed_policy:
- AmazonS3ReadOnlyAccess
register: iam_role_2
- name: Make instance with an instance_role
ec2_launch_template:
name: "{{ resource_prefix }}-test-instance-role"
image_id: "{{ ec2_ami_image[aws_region] }}"
instance_type: t2.micro
iam_instance_profile: "{{ resource_prefix }}-test-policy"
register: template_with_role
- assert:
that:
- 'template_with_role.default_template.launch_template_data.iam_instance_profile.arn == iam_role.arn.replace(":role/", ":instance-profile/")'
- name: Create template again, with no change to instance_role
ec2_launch_template:
name: "{{ resource_prefix }}-test-instance-role"
image_id: "{{ ec2_ami_image[aws_region] }}"
instance_type: t2.micro
iam_instance_profile: "{{ resource_prefix }}-test-policy"
register: template_with_role
- assert:
that:
- 'template_with_role.default_template.launch_template_data.iam_instance_profile.arn == iam_role.arn.replace(":role/", ":instance-profile/")'
- 'template_with_role is not changed'
- name: Update instance with new instance_role
ec2_launch_template:
name: "{{ resource_prefix }}-test-instance-role"
image_id: "{{ ec2_ami_image[aws_region] }}"
instance_type: t2.micro
iam_instance_profile: "{{ resource_prefix }}-test-policy-2"
register: template_with_updated_role
- assert:
that:
- 'template_with_updated_role.default_template.launch_template_data.iam_instance_profile.arn == iam_role_2.arn.replace(":role/", ":instance-profile/")'
- 'template_with_updated_role.default_template.launch_template_data.iam_instance_profile.arn == iam_role_2.arn.replace(":role/", ":instance-profile/")'
- 'template_with_role.default_template.version_number < template_with_updated_role.default_template.version_number'
- 'template_with_updated_role is changed'
- 'template_with_updated_role is not failed'
- name: Re-set with same new instance_role
ec2_launch_template:
name: "{{ resource_prefix }}-test-instance-role"
image_id: "{{ ec2_ami_image[aws_region] }}"
instance_type: t2.micro
iam_instance_profile: "{{ resource_prefix }}-test-policy-2"
register: template_with_updated_role
- assert:
that:
- 'template_with_updated_role is not changed'
- 'template_with_updated_role.default_template.launch_template_data.iam_instance_profile.arn == iam_role_2.arn.replace(":role/", ":instance-profile/")'
always:
- name: delete launch template
ec2_launch_template:
name: "{{ resource_prefix }}-test-instance-role"
state: absent
register: lt_removed
until: lt_removed is not failed
ignore_errors: yes
retries: 10
- name: Delete IAM role for test
iam_role:
name: "{{ resource_prefix }}-test-policy"
assume_role_policy_document: "{{ lookup('file','assume-role-policy.json') }}"
state: absent
create_instance_profile: yes
register: iam_removed
until: iam_removed is not failed
ignore_errors: yes
retries: 10
- name: Delete IAM role for test
iam_role:
name: "{{ resource_prefix }}-test-policy-2"
assume_role_policy_document: "{{ lookup('file','assume-role-policy.json') }}"
state: absent
create_instance_profile: yes
register: iam_2_removed
until: iam_2_removed is not failed
ignore_errors: yes
retries: 10

23
test/integration/targets/ec2_launch_template/playbooks/roles/ec2_launch_template/tasks/main.yml Normal file
View file

@ -0,0 +1,23 @@
---
# A Note about ec2 environment variable name preference:
# - EC2_URL -> AWS_URL
# - EC2_ACCESS_KEY -> AWS_ACCESS_KEY_ID -> AWS_ACCESS_KEY
# - EC2_SECRET_KEY -> AWS_SECRET_ACCESS_KEY -> AWX_SECRET_KEY
# - EC2_REGION -> AWS_REGION
#
# - include: ../../../../../setup_ec2/tasks/common.yml module_name: ec2_instance
- module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token }}"
region: "{{ aws_region }}"
block:
- include_tasks: cpu_options.yml
- include_tasks: iam_instance_role.yml
always:
- debug:
msg: teardown goes here

216
test/integration/targets/ec2_launch_template/playbooks/roles/ec2_launch_template/tasks/tags_and_vpc_settings.yml Normal file
View file

@ -0,0 +1,216 @@
- block:
# ============================================================
# set up VPC
- name: Create VPC for use in testing
ec2_vpc_net:
name: "{{ resource_prefix }}-vpc"
cidr_block: 10.99.0.0/16
tags:
Name: Ansible ec2_instance Testing VPC
tenancy: default
register: testing_vpc
- name: Create default subnet in zone A
ec2_vpc_subnet:
state: present
vpc_id: "{{ testing_vpc.vpc.id }}"
cidr: 10.99.0.0/24
az: "{{ aws_region }}a"
resource_tags:
Name: "{{ resource_prefix }}-subnet-a"
register: testing_subnet_a
- name: Create secondary subnet in zone B
ec2_vpc_subnet:
state: present
vpc_id: "{{ testing_vpc.vpc.id }}"
cidr: 10.99.1.0/24
az: "{{ aws_region }}b"
resource_tags:
Name: "{{ resource_prefix }}-subnet-b"
register: testing_subnet_b
- name: create a security group with the vpc
ec2_group:
name: "{{ resource_prefix }}-sg"
description: a security group for ansible tests
vpc_id: "{{ testing_vpc.vpc.id }}"
rules:
- proto: tcp
ports: [22, 80]
cidr_ip: 0.0.0.0/0
register: sg
# TODO: switch these tests from instances
- assert:
that:
- 1 == 0
# ============================================================
# start subnet/sg testing
- name: Make instance in the testing subnet created in the test VPC
ec2_instance:
name: "{{ resource_prefix }}-test-basic-vpc-create"
image_id: "{{ ec2_ami_image[aws_region] }}"
user_data: |
#cloud-config
package_upgrade: true
package_update: true
tags:
TestId: "{{ resource_prefix }}"
Something: else
security_groups: "{{ sg.group_id }}"
network:
source_dest_check: false
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
instance_type: t2.micro
volumes:
- device_name: /dev/sda1
ebs:
delete_on_termination: true
<<: *aws_connection_info
register: in_test_vpc
- name: Try to re-make the instance, hopefully this shows changed=False
ec2_instance:
name: "{{ resource_prefix }}-test-basic-vpc-create"
image_id: "{{ ec2_ami_image[aws_region] }}"
user_data: |
#cloud-config
package_upgrade: true
package_update: true
tags:
TestId: "{{ resource_prefix }}"
Something: else
security_groups: "{{ sg.group_id }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
instance_type: t2.micro
<<: *aws_connection_info
register: remake_in_test_vpc
- name: "Remaking the same instance resulted in no changes"
assert:
that: not remake_in_test_vpc.changed
- name: check that instance IDs match anyway
assert:
that: 'remake_in_test_vpc.instance_ids[0] == in_test_vpc.instance_ids[0]'
- name: check that source_dest_check was set to false
assert:
that: 'not remake_in_test_vpc.instances[0].source_dest_check'
- name: Alter it by adding tags
ec2_instance:
name: "{{ resource_prefix }}-test-basic-vpc-create"
image_id: "{{ ec2_ami_image[aws_region] }}"
tags:
TestId: "{{ resource_prefix }}"
Another: thing
security_groups: "{{ sg.group_id }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
instance_type: t2.micro
<<: *aws_connection_info
register: add_another_tag
- ec2_instance_facts:
instance_ids: "{{ add_another_tag.instance_ids }}"
<<: *aws_connection_info
register: check_tags
- name: "Remaking the same instance resulted in no changes"
assert:
that:
- check_tags.instances[0].tags.Another == 'thing'
- check_tags.instances[0].tags.Something == 'else'
- name: Purge a tag
ec2_instance:
name: "{{ resource_prefix }}-test-basic-vpc-create"
image_id: "{{ ec2_ami_image[aws_region] }}"
purge_tags: true
tags:
TestId: "{{ resource_prefix }}"
Another: thing
security_groups: "{{ sg.group_id }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
instance_type: t2.micro
<<: *aws_connection_info
- ec2_instance_facts:
instance_ids: "{{ add_another_tag.instance_ids }}"
<<: *aws_connection_info
register: check_tags
- name: "Remaking the same instance resulted in no changes"
assert:
that:
- "'Something' not in check_tags.instances[0].tags"
- name: Terminate instance
ec2_instance:
filters:
tag:TestId: "{{ resource_prefix }}"
state: absent
<<: *aws_connection_info
register: result
- assert:
that: result.changed
- name: Terminate instance
ec2_instance:
instance_ids: "{{ in_test_vpc.instance_ids }}"
state: absent
<<: *aws_connection_info
register: result
- assert:
that: not result.changed
- name: check that subnet-default public IP rule was followed
assert:
that:
- in_test_vpc.instances[0].public_dns_name == ""
- in_test_vpc.instances[0].private_ip_address.startswith("10.22.33")
- in_test_vpc.instances[0].subnet_id == testing_subnet_b.subnet.id
- name: check that tags were applied
assert:
that:
- in_test_vpc.instances[0].tags.Name.startswith(resource_prefix)
- in_test_vpc.instances[0].state.name == 'running'
always:
- name: remove the security group
ec2_group:
name: "{{ resource_prefix }}-sg"
description: a security group for ansible tests
vpc_id: "{{ testing_vpc.vpc.id }}"
state: absent
register: removed
until: removed is not failed
ignore_errors: yes
retries: 10
- name: remove subnet A
ec2_vpc_subnet:
state: absent
vpc_id: "{{ testing_vpc.vpc.id }}"
cidr: 10.99.0.0/24
register: removed
until: removed is not failed
ignore_errors: yes
retries: 10
- name: remove subnet B
ec2_vpc_subnet:
state: absent
vpc_id: "{{ testing_vpc.vpc.id }}"
cidr: 10.99.1.0/24
register: removed
until: removed is not failed
ignore_errors: yes
retries: 10
- name: remove the VPC
ec2_vpc_net:
name: "{{ resource_prefix }}-vpc"
cidr_block: 10.99.0.0/16
state: absent
tags:
Name: Ansible Testing VPC
tenancy: default
register: removed
until: removed is not failed
ignore_errors: yes
retries: 10

35
test/integration/targets/ec2_launch_template/playbooks/version_fail.yml Normal file
View file

@ -0,0 +1,35 @@
- hosts: localhost
connection: local
vars:
resource_prefix: 'ansible-testing'
module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token }}"
region: "{{ aws_region }}"
tasks:
- block:
- name: Include vars file in roles/ec2_instance/defaults/main.yml
include_vars:
file: 'roles/ec2_launch_template/defaults/main.yml'
- name: create c4.large template (failure expected)
ec2_launch_template:
state: present
name: "ansible-test-{{ resource_prefix | regex_search('([0-9]+)$') }}-tpl"
instance_type: c4.large
register: ec2_lt
ignore_errors: yes
- name: check that graceful error message is returned when creation with cpu_options and old botocore
assert:
that:
- ec2_lt is failed
- 'ec2_lt.msg == "ec2_launch_template requires boto3 >= 1.6.0"'
always:
- name: delete the c4.large template just in case it was created
ec2_launch_template:
state: absent
name: "ansible-test-{{ resource_prefix | regex_search('([0-9]+)$') }}-tpl"
ignore_errors: yes

26
test/integration/targets/ec2_launch_template/runme.sh Executable file
View file

@ -0,0 +1,26 @@
#!/usr/bin/env bash
# We don't set -u here, due to pypa/virtualenv#150
set -ex
MYTMPDIR=$(mktemp -d 2>/dev/null || mktemp -d -t 'mytmpdir')
trap 'rm -rf "${MYTMPDIR}"' EXIT
# This is needed for the ubuntu1604py3 tests
# Ubuntu patches virtualenv to make the default python2
# but for the python3 tests we need virtualenv to use python3
PYTHON=${ANSIBLE_TEST_PYTHON_INTERPRETER:-python}
# Test graceful failure for older versions of botocore
export ANSIBLE_ROLES_PATH=../
virtualenv --system-site-packages --python "${PYTHON}" "${MYTMPDIR}/boto3-less-than-1.6.0"
source "${MYTMPDIR}/boto3-less-than-1.6.0/bin/activate"
"${PYTHON}" -m pip install 'boto3<1.6.0'
ansible-playbook -i ../../inventory -e @../../integration_config.yml -e @../../cloud-config-aws.yml -v playbooks/version_fail.yml "$@"
# Run full test suite
virtualenv --system-site-packages --python "${PYTHON}" "${MYTMPDIR}/boto3-recent"
source "${MYTMPDIR}/boto3-recent/bin/activate"
$PYTHON -m pip install 'boto3>1.6.0'
ansible-playbook -i ../../inventory -e @../../integration_config.yml -e @../../cloud-config-aws.yml -v playbooks/full_test.yml "$@"