ec2_group: description property is immutable (#19790)

* update integration tests for updated boto exception message * integration tests fail on both "test credential" test cases exception bubbles out of module. instead catch and wrap * ec2_group does not support updating a security group's description AWS security group descriptions are immutable. if ec2_group finds a group that matches by name, but the descriptions do not match, the module does not support this case previously it would check if the group was used, but would not do anything if it was old behavior was erroneous because it could make a user expect that the description change of a group was fine when in fact it did not occur also, it made an expensive check against all ec2 instances for no good reason * comments not doc strings * else must have pass w/o doc-string statement * Catch specific BotoServerException, give context around error when fetching SGs * python3 compatible exception blocks * add traceback to fail_json * two blank lines before first function
2025-07-09 14:50:02 -07:00 · 2017-03-26 09:33:29 -04:00 · 2017-03-26 09:33:29 -04:00 · ac74520b6f
commit ac74520b6f
parent 3169cbd493
2 changed files with 39 additions and 19 deletions
--- a/test/integration/roles/test_ec2_group/tasks/main.yml
+++ b/test/integration/roles/test_ec2_group/tasks/main.yml
@ -74,7 +74,7 @@
  assert:
    that:
       - 'result.failed'
-       - 'result.msg.startswith("value of region must be one of:")'
+       - 'result.msg.startswith("Region asdf querty 1234 does not seem to be available for aws module boto.ec2. If the region definitely exists, you may need to upgrade boto or extend with endpoints_path")'

 # ============================================================
 - name: test valid region parameter
@ -155,7 +155,7 @@
  assert:
    that:
       - 'result.failed'
-       - '"EC2ResponseError: 401 Unauthorized" in result.msg'
+       - '"Error in get_all_security_groups: AWS was not able to validate the provided access credentials" in result.msg'

 # ============================================================
 - name: test credential parameters
@ -172,7 +172,7 @@
  assert:
    that:
       - 'result.failed'
-       - '"EC2ResponseError: 401 Unauthorized" in result.msg'
+       - '"Error in get_all_security_groups: AWS was not able to validate the provided access credentials" in result.msg'

 # ============================================================
 - name: test state=absent
@ -207,6 +207,24 @@
       - 'result.changed'
       - 'result.group_id.startswith("sg-")'

+# ============================================================
+- name: test state=present different description raises error
+  ec2_group:
+    name='{{ec2_group_name}}'
+    description='{{ec2_group_description}}CHANGED'
+    ec2_region='{{ec2_region}}'
+    ec2_access_key='{{ec2_access_key}}'
+    ec2_secret_key='{{ec2_secret_key}}'
+    state=present
+  ignore_errors: true
+  register: result
+
+- name: assert matching group with non-matching description raises error
+  assert:
+    that:
+       - 'result.failed'
+       - '"Group description does not match existing group. ec2_group does not support this case." in result.msg'
+
 # ============================================================
 - name: test state=present (expected changed=false)
  ec2_group: