mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-06-22 16:20:22 -07:00
[cloud] fix VPC behavior for ec2_group module, improve integration tests (#27038)
* Add tests for group in a VPC * Improve ec2_group output and documentation Update ec2_group to provide full security group information Add RETURN documentation to match * Fix ec2_group creation within a VPC Ensure VPC ID gets passed when creating security group * Add test for auto creating SG * Fix ec2_group auto group creation * Add backoff to describe_security_groups Getting LimitExceeded from describe_security_groups is definitely possible (source: me) so add backoff to increase likelihood of success. To ensure that all `describe_security_group` calls are backed off, remove implicit ones that use `ec2.SecurityGroup`. From there, the decision to remove the `ec2` boto3 resource and rely on the client alone makes good sense. * Tidy up auto created security group Add resource_prefix to auto created security group and delete it in the `always` section. Use YAML argument form for all module parameters
This commit is contained in:
Will Thames
Ryan Brown
parent
2d734c7ea7
commit
f972994662
3 changed files with 282 additions and 116 deletions
|
|
@ -6,7 +6,7 @@
|
|||
# - EC2_REGION -> AWS_REGION
|
||||
#
|
||||
|
||||
# - include: ../../setup_ec2/tasks/common.yml module_name=ec2_group
|
||||
# - include: ../../setup_ec2/tasks/common.yml module_name: ec2_group
|
||||
|
||||
- block:
|
||||
|
||||
|
|
@ -25,7 +25,7 @@
|
|||
# ============================================================
|
||||
- name: test failure with only name
|
||||
ec2_group:
|
||||
name='{{ec2_group_name}}'
|
||||
name: '{{ec2_group_name}}'
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
|
|
@ -38,7 +38,7 @@
|
|||
# ============================================================
|
||||
- name: test failure with only description
|
||||
ec2_group:
|
||||
description='{{ec2_group_description}}'
|
||||
description: '{{ec2_group_description}}'
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
|
|
@ -51,9 +51,9 @@
|
|||
# ============================================================
|
||||
- name: test failure with empty description (AWS API requires non-empty string desc)
|
||||
ec2_group:
|
||||
name='{{ec2_group_name}}'
|
||||
description=''
|
||||
region='{{ec2_region}}'
|
||||
name: '{{ec2_group_name}}'
|
||||
description: ''
|
||||
region: '{{ec2_region}}'
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
|
|
@ -66,9 +66,9 @@
|
|||
# ============================================================
|
||||
- name: test valid region parameter
|
||||
ec2_group:
|
||||
name='{{ec2_group_name}}'
|
||||
description='{{ec2_group_description}}'
|
||||
region='{{ec2_region}}'
|
||||
name: '{{ec2_group_name}}'
|
||||
description: '{{ec2_group_description}}'
|
||||
region: '{{ec2_region}}'
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
|
|
@ -81,8 +81,8 @@
|
|||
# ============================================================
|
||||
- name: test environment variable EC2_REGION
|
||||
ec2_group:
|
||||
name='{{ec2_group_name}}'
|
||||
description='{{ec2_group_description}}'
|
||||
name: '{{ec2_group_name}}'
|
||||
description: '{{ec2_group_description}}'
|
||||
environment:
|
||||
EC2_REGION: '{{ec2_region}}'
|
||||
register: result
|
||||
|
|
@ -97,8 +97,8 @@
|
|||
# ============================================================
|
||||
- name: test invalid ec2_url parameter
|
||||
ec2_group:
|
||||
name='{{ec2_group_name}}'
|
||||
description='{{ec2_group_description}}'
|
||||
name: '{{ec2_group_name}}'
|
||||
description: '{{ec2_group_description}}'
|
||||
environment:
|
||||
EC2_URL: bogus.example.com
|
||||
register: result
|
||||
|
|
@ -113,8 +113,8 @@
|
|||
# ============================================================
|
||||
- name: test valid ec2_url parameter
|
||||
ec2_group:
|
||||
name='{{ec2_group_name}}'
|
||||
description='{{ec2_group_description}}'
|
||||
name: '{{ec2_group_name}}'
|
||||
description: '{{ec2_group_description}}'
|
||||
environment:
|
||||
EC2_URL: '{{ec2_url}}'
|
||||
register: result
|
||||
|
|
@ -129,8 +129,8 @@
|
|||
# ============================================================
|
||||
- name: test credentials from environment
|
||||
ec2_group:
|
||||
name='{{ec2_group_name}}'
|
||||
description='{{ec2_group_description}}'
|
||||
name: '{{ec2_group_name}}'
|
||||
description: '{{ec2_group_description}}'
|
||||
environment:
|
||||
EC2_REGION: '{{ec2_region}}'
|
||||
EC2_ACCESS_KEY: bogus_access_key
|
||||
|
|
@ -147,11 +147,11 @@
|
|||
# ============================================================
|
||||
- name: test credential parameters
|
||||
ec2_group:
|
||||
name='{{ec2_group_name}}'
|
||||
description='{{ec2_group_description}}'
|
||||
ec2_region='{{ec2_region}}'
|
||||
ec2_access_key='bogus_access_key'
|
||||
ec2_secret_key='bogus_secret_key'
|
||||
name: '{{ec2_group_name}}'
|
||||
description: '{{ec2_group_description}}'
|
||||
ec2_region: '{{ec2_region}}'
|
||||
ec2_access_key: 'bogus_access_key'
|
||||
ec2_secret_key: 'bogus_secret_key'
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
|
|
@ -164,25 +164,25 @@
|
|||
# ============================================================
|
||||
- name: test state=absent
|
||||
ec2_group:
|
||||
name='{{ec2_group_name}}'
|
||||
description='{{ec2_group_description}}'
|
||||
ec2_region='{{ec2_region}}'
|
||||
ec2_access_key='{{ec2_access_key}}'
|
||||
ec2_secret_key='{{ec2_secret_key}}'
|
||||
security_token='{{security_token}}'
|
||||
state=absent
|
||||
name: '{{ec2_group_name}}'
|
||||
description: '{{ec2_group_description}}'
|
||||
ec2_region: '{{ec2_region}}'
|
||||
ec2_access_key: '{{ec2_access_key}}'
|
||||
ec2_secret_key: '{{ec2_secret_key}}'
|
||||
security_token: '{{security_token}}'
|
||||
state: absent
|
||||
register: result
|
||||
|
||||
# ============================================================
|
||||
- name: test state=present (expected changed=true)
|
||||
ec2_group:
|
||||
name='{{ec2_group_name}}'
|
||||
description='{{ec2_group_description}}'
|
||||
ec2_region='{{ec2_region}}'
|
||||
ec2_access_key='{{ec2_access_key}}'
|
||||
ec2_secret_key='{{ec2_secret_key}}'
|
||||
security_token='{{security_token}}'
|
||||
state=present
|
||||
name: '{{ec2_group_name}}'
|
||||
description: '{{ec2_group_description}}'
|
||||
ec2_region: '{{ec2_region}}'
|
||||
ec2_access_key: '{{ec2_access_key}}'
|
||||
ec2_secret_key: '{{ec2_secret_key}}'
|
||||
security_token: '{{security_token}}'
|
||||
state: present
|
||||
register: result
|
||||
|
||||
- name: assert state=present (expected changed=true)
|
||||
|
|
@ -194,13 +194,13 @@
|
|||
# ============================================================
|
||||
- name: test state=present different description raises error
|
||||
ec2_group:
|
||||
name='{{ec2_group_name}}'
|
||||
description='{{ec2_group_description}}CHANGED'
|
||||
ec2_region='{{ec2_region}}'
|
||||
ec2_access_key='{{ec2_access_key}}'
|
||||
ec2_secret_key='{{ec2_secret_key}}'
|
||||
security_token='{{security_token}}'
|
||||
state=present
|
||||
name: '{{ec2_group_name}}'
|
||||
description: '{{ec2_group_description}}CHANGED'
|
||||
ec2_region: '{{ec2_region}}'
|
||||
ec2_access_key: '{{ec2_access_key}}'
|
||||
ec2_secret_key: '{{ec2_secret_key}}'
|
||||
security_token: '{{security_token}}'
|
||||
state: present
|
||||
ignore_errors: true
|
||||
register: result
|
||||
|
||||
|
|
@ -213,13 +213,13 @@
|
|||
# ============================================================
|
||||
- name: test state=present (expected changed=false)
|
||||
ec2_group:
|
||||
name='{{ec2_group_name}}'
|
||||
description='{{ec2_group_description}}'
|
||||
ec2_region='{{ec2_region}}'
|
||||
ec2_access_key='{{ec2_access_key}}'
|
||||
ec2_secret_key='{{ec2_secret_key}}'
|
||||
security_token='{{security_token}}'
|
||||
state=present
|
||||
name: '{{ec2_group_name}}'
|
||||
description: '{{ec2_group_description}}'
|
||||
ec2_region: '{{ec2_region}}'
|
||||
ec2_access_key: '{{ec2_access_key}}'
|
||||
ec2_secret_key: '{{ec2_secret_key}}'
|
||||
security_token: '{{security_token}}'
|
||||
state: present
|
||||
register: result
|
||||
|
||||
- name: assert state=present (expected changed=false)
|
||||
|
|
@ -325,11 +325,91 @@
|
|||
- 'not result.changed'
|
||||
- 'result.group_id.startswith("sg-")'
|
||||
|
||||
- name: add a rule that auto creates another security group
|
||||
ec2_group:
|
||||
name: '{{ec2_group_name}}'
|
||||
description: '{{ec2_group_description}}'
|
||||
ec2_region: '{{ec2_region}}'
|
||||
ec2_access_key: '{{ec2_access_key}}'
|
||||
ec2_secret_key: '{{ec2_secret_key}}'
|
||||
security_token: '{{security_token}}'
|
||||
state: present
|
||||
purge_rules: no
|
||||
rules:
|
||||
- proto: "tcp"
|
||||
group_name: "{{ resource_prefix }} - Another security group"
|
||||
group_desc: Another security group
|
||||
ports: 7171
|
||||
register: result
|
||||
|
||||
- name: check that there are now two rules
|
||||
assert:
|
||||
that:
|
||||
- result.changed
|
||||
- result.ip_permissions|length == 2
|
||||
- result.ip_permissions[0].user_id_group_pairs or
|
||||
result.ip_permissions[1].user_id_group_pairs
|
||||
|
||||
# ============================================================
|
||||
- name: test state=absent (expected changed=true)
|
||||
ec2_group:
|
||||
name='{{ec2_group_name}}'
|
||||
state=absent
|
||||
name: '{{ec2_group_name}}'
|
||||
state: absent
|
||||
environment:
|
||||
EC2_REGION: '{{ec2_region}}'
|
||||
EC2_ACCESS_KEY: '{{ec2_access_key}}'
|
||||
EC2_SECRET_KEY: '{{ec2_secret_key}}'
|
||||
EC2_SECURITY_TOKEN: '{{security_token|default("")}}'
|
||||
register: result
|
||||
|
||||
- name: assert state=absent (expected changed=true)
|
||||
assert:
|
||||
that:
|
||||
- 'result.changed'
|
||||
- 'not result.group_id'
|
||||
|
||||
- name: create a VPC
|
||||
ec2_vpc_net:
|
||||
name: "{{ resource_prefix }}-vpc"
|
||||
state: present
|
||||
cidr_block: "10.232.232.128/26"
|
||||
ec2_region: '{{ec2_region}}'
|
||||
ec2_access_key: '{{ec2_access_key}}'
|
||||
ec2_secret_key: '{{ec2_secret_key}}'
|
||||
security_token: '{{security_token}}'
|
||||
tags:
|
||||
Name: "{{ resource_prefix }}-vpc"
|
||||
Description: "Created by ansible-test"
|
||||
register: vpc_result
|
||||
|
||||
- name: create security group in the VPC
|
||||
ec2_group:
|
||||
name: '{{ec2_group_name}}'
|
||||
description: '{{ec2_group_description}}'
|
||||
ec2_region: '{{ec2_region}}'
|
||||
ec2_access_key: '{{ec2_access_key}}'
|
||||
ec2_secret_key: '{{ec2_secret_key}}'
|
||||
security_token: '{{security_token}}'
|
||||
vpc_id: '{{ vpc_result.vpc.id }}'
|
||||
state: present
|
||||
rules:
|
||||
- proto: "tcp"
|
||||
from_port: 8182
|
||||
to_port: 8182
|
||||
cidr_ip: "1.1.1.1/32"
|
||||
register: result
|
||||
|
||||
- name: assert state=present (expected changed=true)
|
||||
assert:
|
||||
that:
|
||||
- 'result.changed'
|
||||
- 'result.vpc_id == vpc_result.vpc.id'
|
||||
- 'result.group_id.startswith("sg-")'
|
||||
|
||||
- name: test state=absent (expected changed=true)
|
||||
ec2_group:
|
||||
name: '{{ec2_group_name}}'
|
||||
state: absent
|
||||
environment:
|
||||
EC2_REGION: '{{ec2_region}}'
|
||||
EC2_ACCESS_KEY: '{{ec2_access_key}}'
|
||||
|
|
@ -346,19 +426,31 @@
|
|||
always:
|
||||
|
||||
# ============================================================
|
||||
- name: test state=absent (expected changed=false)
|
||||
- name: tidy up security group
|
||||
ec2_group:
|
||||
name='{{ec2_group_name}}'
|
||||
state=absent
|
||||
name: '{{ec2_group_name}}'
|
||||
state: absent
|
||||
environment:
|
||||
EC2_REGION: '{{ec2_region}}'
|
||||
EC2_ACCESS_KEY: '{{ec2_access_key}}'
|
||||
EC2_SECRET_KEY: '{{ec2_secret_key}}'
|
||||
EC2_SECURITY_TOKEN: '{{security_token|default("")}}'
|
||||
register: result
|
||||
|
||||
- name: assert state=absent (expected changed=false)
|
||||
assert:
|
||||
that:
|
||||
- 'not result.changed'
|
||||
- 'not result.group_id'
|
||||
- name: tidy up automatically created SG
|
||||
ec2_group:
|
||||
name: "{{ resource_prefix }} - Another security group"
|
||||
state: absent
|
||||
ec2_region: '{{ec2_region}}'
|
||||
ec2_access_key: '{{ec2_access_key}}'
|
||||
ec2_secret_key: '{{ec2_secret_key}}'
|
||||
security_token: '{{security_token}}'
|
||||
|
||||
- name: tidy up VPC
|
||||
ec2_vpc_net:
|
||||
name: "{{ resource_prefix }}-vpc"
|
||||
state: absent
|
||||
cidr_block: "10.232.232.128/26"
|
||||
ec2_region: '{{ec2_region}}'
|
||||
ec2_access_key: '{{ec2_access_key}}'
|
||||
ec2_secret_key: '{{ec2_secret_key}}'
|
||||
security_token: '{{security_token}}'
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue