1 files changed, 131 insertions, 0 deletions
diff --git a/test/lib/ansible_test/_internal/commands/integration/cloud/aws.py b/test/lib/ansible_test/_internal/commands/integration/cloud/aws.py
new file mode 100644
index 0000000..234f311
--- /dev/null
+++ b/test/lib/ansible_test/_internal/commands/integration/cloud/aws.py
@@ -0,0 +1,131 @@
+"""AWS plugin for integration tests."""
+from __future__ import annotations
+
+import os
+import uuid
+import configparser
+import typing as t
+
+from ....util import (
+    ApplicationError,
+    display,
+)
+
+from ....config import (
+    IntegrationConfig,
+)
+
+from ....target import (
+    IntegrationTarget,
+)
+
+from ....core_ci import (
+    AnsibleCoreCI,
+    CloudResource,
+)
+
+from ....host_configs import (
+    OriginConfig,
+)
+
+from . import (
+    CloudEnvironment,
+    CloudEnvironmentConfig,
+    CloudProvider,
+)
+
+
+class AwsCloudProvider(CloudProvider):
+    """AWS cloud provider plugin. Sets up cloud resources before delegation."""
+    def __init__(self, args: IntegrationConfig) -> None:
+        super().__init__(args)
+
+        self.uses_config = True
+
+    def filter(self, targets: tuple[IntegrationTarget, ...], exclude: list[str]) -> None:
+        """Filter out the cloud tests when the necessary config and resources are not available."""
+        aci = self._create_ansible_core_ci()
+
+        if aci.available:
+            return
+
+        super().filter(targets, exclude)
+
+    def setup(self) -> None:
+        """Setup the cloud resource before delegation and register a cleanup callback."""
+        super().setup()
+
+        aws_config_path = os.path.expanduser('~/.aws')
+
+        if os.path.exists(aws_config_path) and isinstance(self.args.controller, OriginConfig):
+            raise ApplicationError('Rename "%s" or use the --docker or --remote option to isolate tests.' % aws_config_path)
+
+        if not self._use_static_config():
+            self._setup_dynamic()
+
+    def _setup_dynamic(self) -> None:
+        """Request AWS credentials through the Ansible Core CI service."""
+        display.info('Provisioning %s cloud environment.' % self.platform, verbosity=1)
+
+        config = self._read_config_template()
+
+        aci = self._create_ansible_core_ci()
+
+        response = aci.start()
+
+        if not self.args.explain:
+            credentials = response['aws']['credentials']
+
+            values = dict(
+                ACCESS_KEY=credentials['access_key'],
+                SECRET_KEY=credentials['secret_key'],
+                SECURITY_TOKEN=credentials['session_token'],
+                REGION='us-east-1',
+            )
+
+            display.sensitive.add(values['SECRET_KEY'])
+            display.sensitive.add(values['SECURITY_TOKEN'])
+
+            config = self._populate_config_template(config, values)
+
+        self._write_config(config)
+
+    def _create_ansible_core_ci(self) -> AnsibleCoreCI:
+        """Return an AWS instance of AnsibleCoreCI."""
+        return AnsibleCoreCI(self.args, CloudResource(platform='aws'))
+
+
+class AwsCloudEnvironment(CloudEnvironment):
+    """AWS cloud environment plugin. Updates integration test environment after delegation."""
+    def get_environment_config(self) -> CloudEnvironmentConfig:
+        """Return environment configuration for use in the test environment after delegation."""
+        parser = configparser.ConfigParser()
+        parser.read(self.config_path)
+
+        ansible_vars: dict[str, t.Any] = dict(
+            resource_prefix=self.resource_prefix,
+            tiny_prefix=uuid.uuid4().hex[0:12]
+        )
+
+        ansible_vars.update(dict(parser.items('default')))
+
+        display.sensitive.add(ansible_vars.get('aws_secret_key'))
+        display.sensitive.add(ansible_vars.get('security_token'))
+
+        if 'aws_cleanup' not in ansible_vars:
+            ansible_vars['aws_cleanup'] = not self.managed
+
+        env_vars = {'ANSIBLE_DEBUG_BOTOCORE_LOGS': 'True'}
+
+        return CloudEnvironmentConfig(
+            env_vars=env_vars,
+            ansible_vars=ansible_vars,
+            callback_plugins=['aws_resource_actions'],
+        )
+
+    def on_failure(self, target: IntegrationTarget, tries: int) -> None:
+        """Callback to run when an integration target fails."""
+        if not tries and self.managed:
+            display.notice('If %s failed due to permissions, the IAM test policy may need to be updated. '
+                           'https://docs.ansible.com/ansible/devel/collections/amazon/aws/docsite/dev_guidelines.html#aws-permissions-for-integration-tests'
+                           % target.name)