Add execution_role_arn parameter (#41849)

* Add execution_role_arn parameter * Change ecs_taskdefinition to use AnsibleAWSmodule Botocore version checking is becomming more common. Changing the ecs_taskdefinition to use AnsibleAWSmodule allows more easily for this. * Change launch type check to use botocore_at_least function * Remove execution_role_arn param from params dict * Change check to use parameter * Fix typo * Add test for old botocore version * Add test for execution role parameter * Remove iam_role_facts task Task was unecessary. The same information could be gathered by registering the iam_role task.
2025-05-31 21:39:10 -07:00 · 2018-07-03 21:34:11 -07:00 · 2018-07-03 21:34:11 -07:00 · b60fc33eef
commit b60fc33eef
parent f92b95b8cb
3 changed files with 54 additions and 14 deletions
--- a/test/integration/targets/ecs_cluster/playbooks/network_fail.yml
+++ b/test/integration/targets/ecs_cluster/playbooks/network_fail.yml
@ -44,6 +44,26 @@
            <<: *aws_connection_info
          register: ecs_taskdefinition_creation_vpc

+        - name: create ecs_taskdefinition and execution_role_arn (expected to fail)
+          ecs_taskdefinition:
+            containers:
+              - name: my_container
+                image: ubuntu
+                memory: 128
+            family: "{{ resource_prefix }}-vpc"
+            execution_role_arn: not_a_real_arn
+            state: present
+            network_mode: awsvpc
+            <<: *aws_connection_info
+          ignore_errors: yes
+          register: ecs_taskdefinition_arn
+
+        - name: check that graceful failure message is returned from ecs_taskdefinition_arn
+          assert:
+            that:
+              - ecs_taskdefinition_arn.failed
+              - 'ecs_taskdefinition_arn.msg == "botocore needs to be version 1.10.44 or higher to use execution_role_arn"'
+
        - name: ecs_taskdefinition works fine even when older botocore is used
          assert:
            that:
--- a/test/integration/targets/ecs_cluster/playbooks/roles/ecs_cluster/tasks/main.yml
+++ b/test/integration/targets/ecs_cluster/playbooks/roles/ecs_cluster/tasks/main.yml
@ -541,6 +541,18 @@
    # ============================================================
    # Begin tests for Fargate

+    - name: ensure AmazonECSTaskExecutionRolePolicy exists
+      iam_role:
+        name: ecsTaskExecutionRole
+        assume_role_policy_document: "{{ lookup('file','ecs-trust-policy.json') }}"
+        description: "Allows ECS containers to make calls to ECR"
+        state: present
+        create_instance_profile: no
+        managed_policy:
+        - AmazonEC2ContainerServiceRole
+        <<: *aws_connection_info
+      register: iam_execution_role
+
    - name: create Fargate VPC-networked task definition with host port set to 8080 and unsupported network mode (expected to fail)
      ecs_taskdefinition:
        containers: "{{ ecs_fargate_task_containers }}"
@ -579,7 +591,7 @@
          - ecs_fargate_task_definition_vpc_no_mem is failed
          - 'ecs_fargate_task_definition_vpc_no_mem.msg == "launch_type is FARGATE but all of the following are missing: cpu, memory"' 

-    - name: create Fargate VPC-networked task definition with CPU or Memory 
+    - name: create Fargate VPC-networked task definition with CPU or Memory and execution role
      ecs_taskdefinition:
        containers: "{{ ecs_fargate_task_containers }}"
        family: "{{ ecs_task_name }}-vpc"
@ -587,6 +599,7 @@
        launch_type: FARGATE
        cpu: 512
        memory: 1024
+        execution_role_arn: "{{ iam_execution_role.arn }}"
        state: present
        <<: *aws_connection_info
      vars: