diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-18 05:52:35 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-18 05:52:35 +0000 |
commit | 7fec0b69a082aaeec72fee0612766aa42f6b1b4d (patch) | |
tree | efb569b86ca4da888717f5433e757145fa322e08 /ansible_collections/community/aws/tests/integration | |
parent | Releasing progress-linux version 7.7.0+dfsg-3~progress7.99u1. (diff) | |
download | ansible-7fec0b69a082aaeec72fee0612766aa42f6b1b4d.tar.xz ansible-7fec0b69a082aaeec72fee0612766aa42f6b1b4d.zip |
Merging upstream version 9.4.0+dfsg.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ansible_collections/community/aws/tests/integration')
292 files changed, 4829 insertions, 5533 deletions
diff --git a/ansible_collections/community/aws/tests/integration/constraints.txt b/ansible_collections/community/aws/tests/integration/constraints.txt index cd546e7c2..f388e1f90 100644 --- a/ansible_collections/community/aws/tests/integration/constraints.txt +++ b/ansible_collections/community/aws/tests/integration/constraints.txt @@ -1,7 +1,11 @@ # Specifically run tests against the oldest versions that we support -boto3==1.18.0 -botocore==1.21.0 +botocore==1.29.0 +boto3==1.26.0 # AWS CLI has `botocore==` dependencies, provide the one that matches botocore # to avoid needing to download over a years worth of awscli wheels. -awscli==1.20.0 +awscli==1.27.0 + +# AWS CLI depends on PyYAML <5.5,>=3.10; the latest PyYAML release in that range, 5.4.1, fails to install. +# Use a version in that range that is known to work (https://github.com/yaml/pyyaml/issues/736) +PyYAML==5.3.1 diff --git a/ansible_collections/community/aws/tests/integration/requirements.txt b/ansible_collections/community/aws/tests/integration/requirements.txt index 352e8b7ff..aa71c9681 100644 --- a/ansible_collections/community/aws/tests/integration/requirements.txt +++ b/ansible_collections/community/aws/tests/integration/requirements.txt @@ -8,6 +8,6 @@ virtualenv # Sometimes needed where we don't have features we need in modules awscli # Used for comparing SSH Public keys to the Amazon fingerprints -pycrypto +cryptography # Used by ec2_asg_scheduled_action python-dateutil diff --git a/ansible_collections/community/aws/tests/integration/requirements.yml b/ansible_collections/community/aws/tests/integration/requirements.yml new file mode 100644 index 000000000..d3e5b3032 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/requirements.yml @@ -0,0 +1,8 @@ +--- +collections: + - name: https://github.com/ansible-collections/amazon.aws.git + type: git + version: main + - ansible.windows + - community.crypto + - community.general diff --git a/ansible_collections/community/aws/tests/integration/targets/accessanalyzer_validate_policy_info/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/accessanalyzer_validate_policy_info/tasks/main.yml index 857a7c1b4..811ef9fb5 100644 --- a/ansible_collections/community/aws/tests/integration/targets/accessanalyzer_validate_policy_info/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/accessanalyzer_validate_policy_info/tasks/main.yml @@ -1,10 +1,10 @@ --- - module_defaults: group/aws: - aws_access_key: '{{ aws_access_key | default(omit) }}' - aws_secret_key: '{{ aws_secret_key | default(omit) }}' - security_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' + region: '{{ aws_region }}' block: - name: get ARN of calling user diff --git a/ansible_collections/community/aws/tests/integration/targets/acm_certificate/tasks/full_acm_test.yml b/ansible_collections/community/aws/tests/integration/targets/acm_certificate/tasks/full_acm_test.yml index 5cbd156dd..4c45db05e 100644 --- a/ansible_collections/community/aws/tests/integration/targets/acm_certificate/tasks/full_acm_test.yml +++ b/ansible_collections/community/aws/tests/integration/targets/acm_certificate/tasks/full_acm_test.yml @@ -2,15 +2,15 @@ module_defaults: group/aws: aws_region: '{{ aws_region }}' - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' block: - name: list certs - aws_acm_info: null + acm_certificate_info: null register: list_all - name: list certs with check mode - aws_acm_info: null + acm_certificate_info: null register: list_all_check check_mode: yes # read-only task, should work the same as with no - name: check certificate listing worked @@ -20,12 +20,12 @@ - list_all_check.certificates is defined - list_all.certificates == list_all_check.certificates - name: ensure absent cert which doesn't exist - first time - aws_acm: + acm_certificate: name_tag: '{{ item.name }}' state: absent with_items: '{{ local_certs }}' - name: ensure absent cert which doesn't exist - second time - aws_acm: + acm_certificate: name_tag: '{{ item[0].name }}' state: absent check_mode: '{{ item[1] }}' @@ -39,7 +39,7 @@ - not item.changed with_items: "{{ absent_start_two.results }}" - name: list cert which shouldn't exist - aws_acm_info: + acm_certificate_info: tags: Name: '{{ item.name }}' register: list_tag @@ -75,7 +75,7 @@ privatekey_path: '{{ item.priv_key }}' selfsigned_digest: sha256 - name: upload certificate with check mode - aws_acm: + acm_certificate: name_tag: '{{ item.name }}' certificate: '{{ lookup(''file'', item.cert ) }}' private_key: '{{ lookup(''file'', item.priv_key ) }}' @@ -84,7 +84,7 @@ register: upload_check with_items: '{{ local_certs }}' - name: check whether cert was uploaded in check mode - aws_acm_info: + acm_certificate_info: tags: Name: '{{ item.name }}' register: list_after_check_mode_upload @@ -96,7 +96,7 @@ - upload_check.changed - (item.certificates | length) == 0 - name: upload certificates first time - aws_acm: + acm_certificate: name_tag: '{{ item.name }}' certificate: '{{ lookup(''file'', item.cert ) }}' private_key: '{{ lookup(''file'', item.priv_key ) }}' @@ -119,7 +119,7 @@ original_cert: '{{ item.item }}' prev_task: '{{ item }}' - name: fetch data about cert just uploaded, by ARN - aws_acm_info: + acm_certificate_info: certificate_arn: '{{ item.certificate.arn }}' register: fetch_after_up with_items: '{{ upload.results }}' @@ -138,7 +138,7 @@ upload_result: '{{ item.item }}' original_cert: '{{ item.item.item }}' - name: fetch data about cert just uploaded, by name - aws_acm_info: + acm_certificate_info: tags: Name: '{{ original_cert.name }}' register: fetch_after_up_name @@ -161,7 +161,7 @@ upload_result: '{{ item.item }}' original_cert: '{{ item.item.item }}' - name: fetch data about cert just uploaded, by domain name - aws_acm_info: + acm_certificate_info: domain_name: '{{ original_cert.domain }}' register: fetch_after_up_domain with_items: '{{ upload.results }}' @@ -182,7 +182,7 @@ upload_result: '{{ item.item }}' original_cert: '{{ item.item.item }}' - name: upload certificates again, check not changed - aws_acm: + acm_certificate: name_tag: '{{ item.name }}' certificate: '{{ lookup(''file'', item.cert ) }}' private_key: '{{ lookup(''file'', item.priv_key ) }}' @@ -191,7 +191,7 @@ with_items: '{{ local_certs }}' failed_when: upload2.changed - name: update first cert with body of the second, first time, check mode - aws_acm: + acm_certificate: state: present name_tag: '{{ local_certs[0].name }}' certificate: '{{ lookup(''file'', local_certs[1].cert ) }}' @@ -203,7 +203,7 @@ that: - overwrite_check.changed - name: check previous tasks did not change real cert - aws_acm_info: + acm_certificate_info: tags: Name: '{{ local_certs[0].name }}' register: fetch_after_overwrite_check @@ -217,7 +217,7 @@ - '''Name'' in fetch_after_overwrite_check.certificates[0].tags' - fetch_after_overwrite_check.certificates[0].tags['Name'] == local_certs[0].name - name: update first cert with body of the second, first real time - aws_acm: + acm_certificate: state: present name_tag: '{{ local_certs[0].name }}' certificate: '{{ lookup(''file'', local_certs[1].cert ) }}' @@ -232,7 +232,7 @@ - overwrite.certificate.domain_name == local_certs[1].domain - overwrite.changed - name: check update was sucessfull - aws_acm_info: + acm_certificate_info: tags: Name: '{{ local_certs[0].name }}' register: fetch_after_overwrite @@ -246,7 +246,7 @@ - '''Name'' in fetch_after_overwrite.certificates[0].tags' - fetch_after_overwrite.certificates[0].tags['Name'] == local_certs[0].name - name: fetch other cert - aws_acm_info: + acm_certificate_info: tags: Name: '{{ local_certs[1].name }}' register: check_after_overwrite @@ -260,7 +260,7 @@ - '''Name'' in check_after_overwrite.certificates[0].tags' - check_after_overwrite.certificates[0].tags['Name'] == local_certs[1].name - name: update first cert with body of the second again - aws_acm: + acm_certificate: state: present name_tag: '{{ local_certs[0].name }}' certificate: '{{ lookup(''file'', local_certs[1].cert ) }}' @@ -275,7 +275,7 @@ - overwrite2.certificate.domain_name == local_certs[1].domain - not overwrite2.changed - name: delete certs 1 and 2 in check mode - aws_acm: + acm_certificate: state: absent domain_name: '{{ local_certs[1].domain }}' check_mode: yes @@ -285,7 +285,7 @@ that: - delete_both_check.changed - name: fetch info for certs 1 and 2 - aws_acm_info: + acm_certificate_info: tags: Name: '{{ local_certs[item].name }}' register: check_del_one_check @@ -298,7 +298,7 @@ that: - (item.certificates | length) == 1 - name: delete certs 1 and 2 real - aws_acm: + acm_certificate: state: absent domain_name: '{{ local_certs[1].domain }}' register: delete_both @@ -310,7 +310,7 @@ - upload.results[0].certificate.arn in delete_both.arns - delete_both.changed - name: fetch info for certs 1 and 2 - aws_acm_info: + acm_certificate_info: tags: Name: '{{ local_certs[item].name }}' register: check_del_one @@ -327,7 +327,7 @@ assert: that: (item.certificates | length) == 0 - name: check cert 3 - aws_acm_info: + acm_certificate_info: tags: Name: '{{ local_certs[2].name }}' register: check_del_one_remain @@ -336,7 +336,7 @@ that: - (check_del_one_remain.certificates | length) == 1 - name: delete cert 3 - aws_acm: + acm_certificate: state: absent domain_name: '{{ local_certs[2].domain }}' register: delete_third @@ -348,13 +348,13 @@ - delete_third.arns[0] == upload.results[2].certificate.arn - delete_third.changed - name: check cert 3 was deleted - aws_acm_info: + acm_certificate_info: tags: Name: '{{ local_certs[2].name }}' register: check_del_three failed_when: check_del_three.certificates | length != 0 - name: delete cert 3 again - aws_acm: + acm_certificate: state: absent domain_name: '{{ local_certs[2].domain }}' register: delete_third @@ -365,7 +365,7 @@ - delete_third.arns | length == 0 - not delete_third.changed - name: delete cert 3 again, check mode - aws_acm: + acm_certificate: state: absent domain_name: '{{ local_certs[2].domain }}' check_mode: yes @@ -415,7 +415,7 @@ root_certificates: - '{{ local_certs[item.ca].cert }}' - name: upload chained cert, first chain, first time - aws_acm: + acm_certificate: name_tag: '{{ chained_cert.name }}' certificate: '{{ lookup(''file'', chained_cert.chains[0].cert ) }}' certificate_chain: '{{ chains.results[0].complete_chain | join('' @@ -426,7 +426,7 @@ register: upload_chain failed_when: not upload_chain.changed - name: fetch chain of cert we just uploaded - aws_acm_info: + acm_certificate_info: tags: Name: '{{ chained_cert.name }}' register: check_chain @@ -440,7 +440,7 @@ - (check_chain.certificates[0].certificate_chain | replace( ' ', '' ) | replace( '\n', '')) == ( chains.results[0].complete_chain | join( '\n' ) | replace( ' ', '' ) | replace( '\n', '') ) - (check_chain.certificates[0].certificate | replace( ' ', '' ) | replace( '\n', '')) == ( lookup('file', chained_cert.chains[0].cert ) | replace( ' ', '' ) | replace( '\n', '') ) - name: upload chained cert again, check not changed - aws_acm: + acm_certificate: name_tag: '{{ chained_cert.name }}' certificate: '{{ lookup(''file'', chained_cert.chains[0].cert ) }}' certificate_chain: '{{ chains.results[0].complete_chain | join('' @@ -455,7 +455,7 @@ - upload_chain_2.certificate.arn == upload_chain.certificate.arn - not upload_chain_2.changed - name: upload chained cert, different chain - aws_acm: + acm_certificate: name_tag: '{{ chained_cert.name }}' certificate: '{{ lookup(''file'', chained_cert.chains[1].cert ) }}' certificate_chain: '{{ chains.results[1].complete_chain | join('' @@ -470,7 +470,7 @@ - upload_chain_3.changed - upload_chain_3.certificate.arn == upload_chain.certificate.arn - name: fetch info about chain of cert we just updated - aws_acm_info: + acm_certificate_info: tags: Name: '{{ chained_cert.name }}' register: check_chain_2 @@ -480,7 +480,7 @@ - (check_chain_2.certificates[0].certificate_chain | replace( ' ', '' ) | replace( '\n', '')) == ( chains.results[1].complete_chain | join( '\n' ) | replace( ' ', '' ) | replace( '\n', '') ) - (check_chain_2.certificates[0].certificate | replace( ' ', '' ) | replace( '\n', '')) == ( lookup('file', chained_cert.chains[1].cert ) | replace( ' ', '' ) | replace( '\n', '') ) - name: delete chained cert - aws_acm: + acm_certificate: name_tag: '{{ chained_cert.name }}' state: absent register: delete_chain_3 @@ -491,13 +491,13 @@ - upload_chain.certificate.arn in delete_chain_3.arns always: - name: delete first bunch of certificates - aws_acm: + acm_certificate: name_tag: '{{ item.name }}' state: absent with_items: '{{ local_certs }}' ignore_errors: true - name: delete chained cert - aws_acm: + acm_certificate: state: absent name_tag: '{{ chained_cert.name }}' ignore_errors: true diff --git a/ansible_collections/community/aws/tests/integration/targets/acm_certificate/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/acm_certificate/tasks/main.yml index bf70587e6..5cc6d31a0 100644 --- a/ansible_collections/community/aws/tests/integration/targets/acm_certificate/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/acm_certificate/tasks/main.yml @@ -2,9 +2,9 @@ module_defaults: group/aws: aws_region: '{{ aws_region }}' - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' block: # The CI runs many of these tests in parallel # Use this random ID to differentiate which resources @@ -12,7 +12,7 @@ - set_fact: aws_acm_test_uuid: "{{ (10**9) | random }}" - name: attempt to delete cert without specifying required parameter - aws_acm: + acm_certificate: state: absent register: result ignore_errors: true @@ -22,23 +22,23 @@ - 'result.failed' - '"If ''state'' is specified as ''absent'' then exactly one of ''name_tag''" in result.msg' - name: list certs - aws_acm_info: null + acm_certificate_info: null register: list_all failed_when: list_all.certificates is not defined - name: ensure absent cert which doesn't exist - first time - aws_acm: + acm_certificate: name_tag: '{{ item.name }}' state: absent with_items: '{{ local_certs }}' - name: ensure absent cert which doesn't exist - second time - aws_acm: + acm_certificate: name_tag: '{{ item.name }}' state: absent with_items: '{{ local_certs }}' register: absent_start_two failed_when: absent_start_two.changed - name: list cert which shouldn't exist - aws_acm_info: + acm_certificate_info: tags: Name: '{{ item.name }}' register: list_tag @@ -71,7 +71,7 @@ - name: try to upload certificate, but name_tag conflicts with tags.Name vars: local_cert: '{{ local_certs[0] }}' - aws_acm: + acm_certificate: name_tag: '{{ local_cert.name }}' certificate: '{{ lookup(''file'', local_cert.cert ) }}' private_key: '{{ lookup(''file'', local_cert.priv_key ) }}' @@ -88,7 +88,7 @@ - 'result.failed' - '"conflicts with value of" in result.msg' - name: upload certificates first time - aws_acm: + acm_certificate: name_tag: '{{ item.name }}' certificate: '{{ lookup(''file'', item.cert ) }}' private_key: '{{ lookup(''file'', item.priv_key ) }}' @@ -115,7 +115,7 @@ original_cert: '{{ item.item }}' prev_task: '{{ item }}' - name: fetch data about cert just uploaded, by ARN - aws_acm_info: + acm_certificate_info: certificate_arn: '{{ item.certificate.arn }}' register: fetch_after_up with_items: '{{ upload.results }}' @@ -138,7 +138,7 @@ upload_result: '{{ item.item }}' original_cert: '{{ item.item.item }}' - name: fetch data about cert just uploaded, by name - aws_acm_info: + acm_certificate_info: tags: Name: '{{ original_cert.name }}' register: fetch_after_up_name @@ -161,7 +161,7 @@ upload_result: '{{ item.item }}' original_cert: '{{ item.item.item }}' - name: fetch data about cert just uploaded, by domain name - aws_acm_info: + acm_certificate_info: domain_name: '{{ original_cert.domain }}' register: fetch_after_up_domain with_items: '{{ upload.results }}' @@ -182,7 +182,7 @@ upload_result: '{{ item.item }}' original_cert: '{{ item.item.item }}' - name: upload certificates again, check not changed - aws_acm: + acm_certificate: name_tag: '{{ item.name }}' certificate: '{{ lookup(''file'', item.cert ) }}' private_key: '{{ lookup(''file'', item.priv_key ) }}' @@ -191,7 +191,7 @@ with_items: '{{ local_certs }}' failed_when: upload2.changed - name: change tags of existing certificate, check mode - aws_acm: + acm_certificate: certificate_arn: '{{ certificate_arn }}' tags: Name: '{{ name_tag }}' @@ -208,7 +208,7 @@ that: - certificate_with_tags.changed - name: change tags of existing certificate, changes expected - aws_acm: + acm_certificate: # When applying tags to an existing certificate, it is sufficient to specify the 'certificate_arn'. # Previously, the 'aws_acm' module was requiring the 'certificate', 'name_tag' and 'domain_name' # attributes. @@ -239,7 +239,7 @@ vars: name_tag: '{{ upload2.results[0].item.name }}' - name: change tags of existing certificate, check mode again - aws_acm: + acm_certificate: certificate_arn: '{{ certificate_arn }}' tags: Name: '{{ name_tag }}' @@ -255,7 +255,7 @@ that: - not certificate_with_tags.changed - name: change tags of existing certificate, no change expected - aws_acm: + acm_certificate: certificate_arn: '{{ certificate_arn }}' tags: Name: '{{ name_tag }}' @@ -299,7 +299,7 @@ - certificate_with_tags.certificate.tags['Environment'] == 'staging' - certificate_with_tags.certificate.tags['Owner'] == 'Bob' - name: change tags of existing certificate, purge tags - aws_acm: + acm_certificate: certificate_arn: '{{ certificate_arn }}' tags: Name: '{{ name_tag }}' @@ -328,7 +328,7 @@ - certificate_with_tags.certificate.tags['Application'] == 'search' - certificate_with_tags.certificate.tags['Environment'] == 'staging' - name: update first cert with body of the second, first time - aws_acm: + acm_certificate: state: present name_tag: '{{ local_certs[0].name }}' certificate: '{{ lookup(''file'', local_certs[1].cert ) }}' @@ -343,7 +343,7 @@ - overwrite.certificate.domain_name == local_certs[1].domain - overwrite.changed - name: check update was sucessfull - aws_acm_info: + acm_certificate_info: tags: Name: '{{ local_certs[0].name }}' register: fetch_after_overwrite @@ -357,7 +357,7 @@ - '''Name'' in fetch_after_overwrite.certificates[0].tags' - fetch_after_overwrite.certificates[0].tags['Name'] == local_certs[0].name - name: fetch other cert - aws_acm_info: + acm_certificate_info: tags: Name: '{{ local_certs[1].name }}' register: check_after_overwrite @@ -371,7 +371,7 @@ - '''Name'' in check_after_overwrite.certificates[0].tags' - check_after_overwrite.certificates[0].tags['Name'] == local_certs[1].name - name: update first cert with body of the second again - aws_acm: + acm_certificate: state: present name_tag: '{{ local_certs[0].name }}' certificate: '{{ lookup(''file'', local_certs[1].cert ) }}' @@ -386,7 +386,7 @@ - overwrite2.certificate.domain_name == local_certs[1].domain - not overwrite2.changed - name: delete certs 1 and 2 - aws_acm: + acm_certificate: state: absent domain_name: '{{ local_certs[1].domain }}' register: delete_both @@ -398,7 +398,7 @@ - upload.results[0].certificate.arn in delete_both.arns - delete_both.changed - name: fetch info for certs 1 and 2 - aws_acm_info: + acm_certificate_info: tags: Name: '{{ local_certs[item].name }}' register: check_del_one @@ -415,13 +415,13 @@ assert: that: item.certificates | length == 0 - name: check cert 3 not deleted - aws_acm_info: + acm_certificate_info: tags: Name: '{{ local_certs[2].name }}' register: check_del_one_remain failed_when: check_del_one_remain.certificates | length != 1 - name: delete cert 3 - aws_acm: + acm_certificate: state: absent domain_name: '{{ local_certs[2].domain }}' register: delete_third @@ -433,13 +433,13 @@ - delete_third.arns[0] == upload.results[2].certificate.arn - delete_third.changed - name: check cert 3 was deleted - aws_acm_info: + acm_certificate_info: tags: Name: '{{ local_certs[2].name }}' register: check_del_three failed_when: check_del_three.certificates | length != 0 - name: delete cert 3 again - aws_acm: + acm_certificate: state: absent domain_name: '{{ local_certs[2].domain }}' register: delete_third @@ -490,7 +490,7 @@ root_certificates: - '{{ local_certs[item.ca].cert }}' - name: upload chained cert, first chain, first time - aws_acm: + acm_certificate: name_tag: '{{ chained_cert.name }}' certificate: '{{ lookup(''file'', chained_cert.chains[0].cert ) }}' certificate_chain: '{{ chains.results[0].complete_chain | join('' @@ -501,7 +501,7 @@ register: upload_chain failed_when: not upload_chain.changed - name: fetch chain of cert we just uploaded - aws_acm_info: + acm_certificate_info: tags: Name: '{{ chained_cert.name }}' register: check_chain @@ -513,7 +513,7 @@ - (check_chain.certificates[0].certificate_chain | replace( ' ', '' ) | replace( '\n', '')) == ( chains.results[0].complete_chain | join( '\n' ) | replace( ' ', '' ) | replace( '\n', '') ) - (check_chain.certificates[0].certificate | replace( ' ', '' ) | replace( '\n', '')) == ( lookup('file', chained_cert.chains[0].cert ) | replace( ' ', '' ) | replace( '\n', '') ) - name: upload chained cert again, check not changed - aws_acm: + acm_certificate: name_tag: '{{ chained_cert.name }}' certificate: '{{ lookup(''file'', chained_cert.chains[0].cert ) }}' certificate_chain: '{{ chains.results[0].complete_chain | join('' @@ -528,7 +528,7 @@ - upload_chain_2.certificate.arn == upload_chain.certificate.arn - not upload_chain_2.changed - name: upload chained cert, different chain - aws_acm: + acm_certificate: name_tag: '{{ chained_cert.name }}' certificate: '{{ lookup(''file'', chained_cert.chains[1].cert ) }}' certificate_chain: '{{ chains.results[1].complete_chain | join('' @@ -543,7 +543,7 @@ - upload_chain_3.changed - upload_chain_3.certificate.arn == upload_chain.certificate.arn - name: fetch info about chain of cert we just updated - aws_acm_info: + acm_certificate_info: tags: Name: '{{ chained_cert.name }}' register: check_chain_2 @@ -555,7 +555,7 @@ - (check_chain_2.certificates[0].certificate_chain | replace( ' ', '' ) | replace( '\n', '')) == ( chains.results[1].complete_chain | join( '\n' ) | replace( ' ', '' ) | replace( '\n', '') ) - (check_chain_2.certificates[0].certificate | replace( ' ', '' ) | replace( '\n', '')) == ( lookup('file', chained_cert.chains[1].cert ) | replace( ' ', '' ) | replace( '\n', '') ) - name: delete chained cert - aws_acm: + acm_certificate: name_tag: '{{ chained_cert.name }}' state: absent register: delete_chain_3 @@ -566,13 +566,13 @@ - upload_chain.certificate.arn in delete_chain_3.arns always: - name: delete first bunch of certificates - aws_acm: + acm_certificate: name_tag: '{{ item.name }}' state: absent with_items: '{{ local_certs }}' ignore_errors: true - name: delete chained cert - aws_acm: + acm_certificate: state: absent name_tag: '{{ chained_cert.name }}' ignore_errors: true diff --git a/ansible_collections/community/aws/tests/integration/targets/api_gateway/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/api_gateway/defaults/main.yml new file mode 100644 index 000000000..aca496660 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/api_gateway/defaults/main.yml @@ -0,0 +1,9 @@ +--- +api_names: + - "ansible-api-{{ resource_prefix }}-1" + - "ansible-api-{{ resource_prefix }}-2" +resource_tags: + - gateway_name: "ansible-api-{{ resource_prefix }}" + ansible_test: "{{ resource_prefix }}-1" + - gateway_name: "ansible-api-{{ resource_prefix }}" + ansible_test: "{{ resource_prefix }}-2" diff --git a/ansible_collections/community/aws/tests/integration/targets/api_gateway/tasks/lookup.yml b/ansible_collections/community/aws/tests/integration/targets/api_gateway/tasks/lookup.yml new file mode 100644 index 000000000..8e0965439 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/api_gateway/tasks/lookup.yml @@ -0,0 +1,211 @@ +--- +- name: Test API gateway creation using lookup=tag + vars: + api_name: "{{ api_names[0] }}" + block: + - name: Define API gateway configuration + set_fact: + apigateway_swagger_text: "{{ lookup('template', 'minimal-swagger-api.yml.j2') }}" + + # Test: create API gateway using check_mode = true + - name: Create API gateway (check_mode=true) + community.aws.api_gateway: + name: "{{ api_name }}" + swagger_text: "{{ apigateway_swagger_text }}" + check_mode: true + register: __create_check_mode + + - name: List existing API gateway + community.aws.api_gateway_info: + register: gateways + + - name: Ensure using check_mode=true, no API gateway was created + assert: + that: + - __create_check_mode is changed + - gateways.rest_apis | selectattr('name', 'equalto', api_name) | list | length == 0 + + # Test: create new API gateway using name and tags + - name: Create new API gateway + community.aws.api_gateway: + name: "{{ api_name }}" + swagger_text: "{{ apigateway_swagger_text }}" + lookup: tag + tags: "{{ resource_tags[0] }}" + register: __create + + - name: List existing API gateway + community.aws.api_gateway_info: + register: gateways + + - name: Ensure new API was created + assert: + that: + - __create is changed + - gateways.rest_apis | selectattr('name', 'equalto', api_name) | list | length == 1 + + # Test: create API gateway idempotency (task reported changed but no new API created) + - name: Create same API gateway once again + community.aws.api_gateway: + name: "{{ api_name }}" + swagger_text: "{{ apigateway_swagger_text }}" + lookup: tag + tags: "{{ resource_tags[0] }}" + + - name: List existing API gateway + community.aws.api_gateway_info: + register: gateways + + - name: Ensure no new API was created + assert: + that: + - gateways.rest_apis | selectattr('name', 'equalto', api_name) | list | length == 1 + + # Test: create new API using existing name but different tags (new API gateway should be created) + - name: Create another API gateway with the same name but different tags + community.aws.api_gateway: + name: "{{ api_name }}" + swagger_text: "{{ apigateway_swagger_text }}" + lookup: tag + tags: "{{ resource_tags[1] }}" + + - name: List existing API gateway + community.aws.api_gateway_info: + register: gateways + + - name: Ensure new API was created + assert: + that: + - gateways.rest_apis | selectattr('name', 'equalto', api_name) | list | length == 2 + + rescue: + - name: List existing API gateway + community.aws.api_gateway_info: + register: gateways + + - name: Delete remaining API gateway + community.aws.api_gateway: + api_id: '{{ item }}' + state: absent + ignore_errors: true + with_items: "{{ gateways.rest_apis | selectattr('name', 'equalto', api_name) | map(attribute='id') | list }}" + +- name: Test API gateway deletion + block: + - name: "Create new API gateway name={{ api_name }}" + community.aws.api_gateway: + name: "{{ api_name }}" + swagger_text: "{{ lookup('template', 'minimal-swagger-api.yml.j2') }}" + lookup: tag + tags: "{{ resource_tags[0] }}" + vars: + api_name: "{{ api_names[1] }}" + + - name: List existing API gateway + community.aws.api_gateway_info: + register: gateways + + - name: Ensure new API was created + assert: + that: + - gateways.rest_apis | selectattr('name', 'equalto', api_names[1]) | list | length == 1 + - gateways.rest_apis | selectattr('name', 'equalto', api_names[0]) | list | length == 2 + + # Test: Delete with lookup=tag (conflict), should failed + - name: Delete API gateway + community.aws.api_gateway: + lookup: tag + tags: "{{ resource_tags[0] }}" + state: absent + register: __delete_conflict + ignore_errors: true + + - name: Ensure task failed + assert: + that: + - __delete_conflict is failed + - '__delete_conflict.msg == "Tags provided do not identify a unique API gateway"' + + # Test: Delete with name only (no api_id) + - name: Create same API gateway once again + community.aws.api_gateway: + name: "{{ api_names[1] }}" + state: absent + register: __delete_missing_params + ignore_errors: true + + - name: Ensure task failed + assert: + that: + - __delete_missing_params is failed + - '__delete_missing_params.msg == "API gateway id must be supplied to delete API gateway or provided tag with lookup=tag to identify API gateway id."' + + # Test: Delete (check_mode) + - name: Delete API gateway - check mode + community.aws.api_gateway: + name: "{{ api_names[1] }}" + lookup: tag + tags: "{{ resource_tags[0] }}" + state: absent + register: __delete_check_mode + check_mode: true + + - name: List existing API gateway + community.aws.api_gateway_info: + register: gateways + + - name: Ensure running in check mode, API was not deleted. + assert: + that: + - __delete_check_mode is changed + - gateways.rest_apis | selectattr('name', 'equalto', api_names[1]) | list | length == 1 + - gateways.rest_apis | selectattr('name', 'equalto', api_names[0]) | list | length == 2 + + # Test: Delete using name and API gateway + - name: Delete API gateway using name and lookup=tag + community.aws.api_gateway: + name: "{{ api_names[1] }}" + lookup: tag + tags: "{{ resource_tags[0] }}" + state: absent + register: __delete + + - name: List existing API gateway + community.aws.api_gateway_info: + register: gateways + + - name: Ensure matching API gateway was deleted + assert: + that: + - __delete is changed + - gateways.rest_apis | selectattr('name', 'equalto', api_names[1]) | list | length == 0 + - gateways.rest_apis | selectattr('name', 'equalto', api_names[0]) | list | length == 2 + + # Test: Delete using api_id + - name: Delete API gateway using api_id + community.aws.api_gateway: + api_id: "{{ gateways.rest_apis | selectattr('name', 'equalto', api_names[0]) | map(attribute='id') | first }}" + state: absent + register: __delete + + - name: List existing API gateway + community.aws.api_gateway_info: + register: gateways + + - name: Ensure matching API gateway was deleted + assert: + that: + - __delete is changed + - gateways.rest_apis | selectattr('name', 'equalto', api_names[0]) | list | length == 1 + + always: + - name: List existing API gateway + community.aws.api_gateway_info: + register: gateways + + - name: Delete remaining API gateway + community.aws.api_gateway: + api_id: '{{ item }}' + state: absent + ignore_errors: true + with_items: "{{ gateways.rest_apis | selectattr('name', 'in', api_names) | map(attribute='id') | list }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/api_gateway/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/api_gateway/tasks/main.yml index 51db07f0d..2e00128cd 100644 --- a/ansible_collections/community/aws/tests/integration/targets/api_gateway/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/api_gateway/tasks/main.yml @@ -1,9 +1,9 @@ - name: Wrap API Gateway tests with credentials by default module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: @@ -11,7 +11,7 @@ # ====================== testing failure cases: ================================== - name: test with no parameters - aws_api_gateway: + api_gateway: register: result ignore_errors: true @@ -22,7 +22,7 @@ - '"no swagger info provided" in result.msg' - name: test for disallowing multiple swagger sources - aws_api_gateway: + api_gateway: api_id: 'fake-api-doesnt-exist' swagger_file: foo.yml swagger_text: "this is not really an API" @@ -42,9 +42,11 @@ template: src: minimal-swagger-api.yml.j2 dest: "{{output_dir}}/minimal-swagger-api.yml" + vars: + api_name: "{{ resource_prefix }}-minimal" - name: deploy new API - aws_api_gateway: + api_gateway: api_file: "{{output_dir}}/minimal-swagger-api.yml" stage: "minimal" endpoint_type: 'REGIONAL' @@ -58,11 +60,14 @@ - 'create_result.failed == False' - 'create_result.deploy_response.description == "Automatic deployment by Ansible."' - 'create_result.configure_response.id == create_result.api_id' - - '"apigateway:CreateRestApi" in create_result.resource_actions' - 'create_result.configure_response.endpoint_configuration.types.0 == "REGIONAL"' - name: check if API endpoint works - uri: url="https://{{create_result.api_id}}.execute-api.{{aws_region}}.amazonaws.com/minimal" + uri: + url: "https://{{create_result.api_id}}.execute-api.{{aws_region}}.amazonaws.com/minimal" + retries: 10 + delay: 5 + until: uri_result is successful register: uri_result - name: assert API works success @@ -71,7 +76,8 @@ - 'uri_result.status == 200' - name: check if nonexistent endpoint causes error - uri: url="https://{{create_result.api_id}}.execute-api.{{aws_region}}.amazonaws.com/nominal" + uri: + url: "https://{{create_result.api_id}}.execute-api.{{aws_region}}.amazonaws.com/nominal" register: bad_uri_result ignore_errors: true @@ -81,7 +87,7 @@ - bad_uri_result is failed - name: Update API to test params effect - aws_api_gateway: + api_gateway: api_id: '{{create_result.api_id}}' api_file: "{{output_dir}}/minimal-swagger-api.yml" cache_enabled: true @@ -93,14 +99,12 @@ - name: assert update result assert: that: - - 'update_result.changed == True' - - 'update_result.failed == False' - - '"apigateway:PutRestApi" in update_result.resource_actions' + - update_result is changed # ==== additional create/delete tests ==== - name: deploy first API - aws_api_gateway: + api_gateway: api_file: "{{output_dir}}/minimal-swagger-api.yml" stage: "minimal" cache_enabled: false @@ -108,7 +112,7 @@ register: create_result_1 - name: deploy second API rapidly after first - aws_api_gateway: + api_gateway: api_file: "{{output_dir}}/minimal-swagger-api.yml" stage: "minimal" state: present @@ -124,13 +128,13 @@ - 'create_result_1.configure_response.endpoint_configuration.types.0 == "EDGE"' - name: destroy first API - aws_api_gateway: + api_gateway: state: absent api_id: '{{create_result_1.api_id}}' register: destroy_result_1 - name: destroy second API rapidly after first - aws_api_gateway: + api_gateway: state: absent api_id: '{{create_result_2.api_id}}' register: destroy_result_2 @@ -138,29 +142,33 @@ - name: assert both APIs deployed successfully assert: that: - - 'destroy_result_1.changed == True' - - 'destroy_result_2.changed == True' - - '"apigateway:DeleteRestApi" in destroy_result_1.resource_actions' - - '"apigateway:DeleteRestApi" in destroy_result_2.resource_actions' + - destroy_result_1 is changed + - destroy_result_2 is changed + + # ==== test create/delete using lookup=tag ==== + - include_tasks: lookup.yml + + # ==== Tagging ==== + - include_tasks: tagging.yml # ================= end testing ==================================== always: - name: Ensure cleanup of API deploy - aws_api_gateway: + api_gateway: state: absent api_id: '{{create_result.api_id}}' ignore_errors: true - name: Ensure cleanup of API deploy 1 - aws_api_gateway: + api_gateway: state: absent api_id: '{{create_result_1.api_id}}' ignore_errors: true - name: Ensure cleanup of API deploy 2 - aws_api_gateway: + api_gateway: state: absent api_id: '{{create_result_2.api_id}}' ignore_errors: true diff --git a/ansible_collections/community/aws/tests/integration/targets/api_gateway/tasks/tagging.yml b/ansible_collections/community/aws/tests/integration/targets/api_gateway/tasks/tagging.yml new file mode 100644 index 000000000..b72035083 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/api_gateway/tasks/tagging.yml @@ -0,0 +1,91 @@ +--- +- name: Test API gateway tagging + vars: + api_name: "api-{{ resource_prefix }}-tagging" + apigateway_tags: + resource_prefix: "{{ resource_prefix }}" + collection: community.aws + new_tag: + resource_type: REST + block: + - name: Define API gateway configuration + set_fact: + apigateway_swagger_text: "{{ lookup('template', 'minimal-swagger-api.yml.j2') }}" + + - name: Create API gateway + community.aws.api_gateway: + swagger_text: "{{ apigateway_swagger_text }}" + tags: "{{ apigateway_tags }}" + register: __api_gateway_create + + - name: Assert resource was created with expected tags + assert: + that: + - __api_gateway_create.configure_response.tags == apigateway_tags + + - name: Define API gateway id + ansible.builtin.set_fact: + apigateway_id: "{{ __api_gateway_create.api_id }}" + + # Update tags purge_tags=false and check_mode + - name: Update tags using check_mode + community.aws.api_gateway: + api_id: "{{ apigateway_id }}" + tags: "{{ apigateway_tags | combine(new_tag) }}" + purge_tags: false + check_mode: true + + - name: Get API Gateway + community.aws.api_gateway_info: + ids: + - "{{ apigateway_id }}" + register: __api_gateway_info + + - name: Ensure tags were not changed + assert: + that: + - __api_gateway_info.rest_apis.0.tags == apigateway_tags + + # Update tags purge_tags=false + - name: Update tags + community.aws.api_gateway: + api_id: "{{ apigateway_id }}" + tags: "{{ apigateway_tags | combine(new_tag) }}" + purge_tags: false + + - name: Get API Gateway + community.aws.api_gateway_info: + ids: + - "{{ apigateway_id }}" + register: __api_gateway_info + + - name: Ensure tags were not changed + assert: + that: + - __api_gateway_info.rest_apis.0.tags == apigateway_tags | combine(new_tag) + + # Update tags purge_tags=true + - name: Update tags + community.aws.api_gateway: + api_id: "{{ apigateway_id }}" + tags: "{{ new_tag }}" + register: __update_api_gateway + + - name: Get api gateway + community.aws.api_gateway_info: + ids: + - "{{ apigateway_id }}" + register: __api_gateway_info + + - name: Ensure tags were not changed + assert: + that: + - __update_api_gateway is changed + - __api_gateway_info.rest_apis.0.tags == new_tag + + always: + - name: Delete API Gateway + community.aws.api_gateway: + api_id: "{{ apigateway_id }}" + state: absent + ignore_errors: true diff --git a/ansible_collections/community/aws/tests/integration/targets/api_gateway/templates/minimal-swagger-api.yml.j2 b/ansible_collections/community/aws/tests/integration/targets/api_gateway/templates/minimal-swagger-api.yml.j2 index 8c5c05810..d1d4c7ff6 100644 --- a/ansible_collections/community/aws/tests/integration/targets/api_gateway/templates/minimal-swagger-api.yml.j2 +++ b/ansible_collections/community/aws/tests/integration/targets/api_gateway/templates/minimal-swagger-api.yml.j2 @@ -2,7 +2,7 @@ swagger: "2.0" info: version: "2017-05-11T12:14:59Z" - title: "{{resource_prefix}}Empty_API" + title: "{{ api_name }}" host: "fakeexample.execute-api.us-east-1.amazonaws.com" basePath: "/minimal" schemes: diff --git a/ansible_collections/community/aws/tests/integration/targets/api_gateway_domain/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/api_gateway_domain/tasks/main.yml index 76de2657e..f3c740793 100644 --- a/ansible_collections/community/aws/tests/integration/targets/api_gateway_domain/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/api_gateway_domain/tasks/main.yml @@ -4,9 +4,9 @@ - name: Run aws_api_gateway_domain module integration tests module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" # NOTE: To make tests work set TLS ARN in defaults/main.yml to an existing and @@ -17,7 +17,7 @@ # ==================== preparations ======================================== - name: Preperations - Create REST API Gateway on AWS API Gateway service to reference from domain tests - aws_api_gateway: + api_gateway: swagger_file: files/api_gw_swagger.yml stage: test state: present @@ -26,7 +26,7 @@ # ================== integration tests ========================================== - name: Create Test - API gateway custom domain setup - aws_api_gateway_domain: + api_gateway_domain: domain_name: "{{ api_gateway_domain_name }}" certificate_arn: "{{ api_gateway_domain_tls_arn }}" security_policy: 'TLS_1_0' @@ -39,13 +39,13 @@ - assert: that: - create_result.changed == True - - create_result.response.domain.domain_name == "{{ api_gateway_domain_name }}" + - create_result.response.domain.domain_name == api_gateway_domain_name - create_result.response.domain.distribution_domain_name is defined - create_result.response.domain.distribution_hosted_zone_id is defined - create_result.response.path_mappings is defined - name: Idempotence Test - API gateway custom domain setup - aws_api_gateway_domain: + api_gateway_domain: domain_name: "{{ api_gateway_domain_name }}" certificate_arn: "{{ api_gateway_domain_tls_arn }}" security_policy: 'TLS_1_0' @@ -59,10 +59,10 @@ that: - repeat_result.changed == False - repeat_result.failed == False - - repeat_result.response.domain_name == "{{ api_gateway_domain_name }}" + - repeat_result.response.domain_name == api_gateway_domain_name - name: Update Test - API gateway custom domain setup, change settings - aws_api_gateway_domain: + api_gateway_domain: domain_name: "{{ api_gateway_domain_name }}" certificate_arn: "{{ api_gateway_domain_tls_arn }}" security_policy: 'TLS_1_2' @@ -75,13 +75,13 @@ - assert: that: - update_result.changed == True - - update_result.response.domain.domain_name == "{{ api_gateway_domain_name }}" + - update_result.response.domain.domain_name == api_gateway_domain_name - update_result.response.domain.security_policy == 'TLS_1_2' - update_result.response.domain.endpoint_configuration.types.0 == 'REGIONAL' - update_result.response.path_mappings.0.base_path = '/v1' - name: Delete - API gateway custom domain setup deletion - aws_api_gateway_domain: + api_gateway_domain: domain_name: "{{ api_gateway_domain_name }}" certificate_arn: "{{ api_gateway_domain_tls_arn }}" security_policy: 'TLS_1_2' @@ -101,7 +101,7 @@ always: - name: Cleanup - delete test domain setup - aws_api_gateway_domain: + api_gateway_domain: domain_name: "{{ api_gateway_domain_name }}" certificate_arn: "{{ api_gateway_domain_tls_arn }}" domain_mappings: [] @@ -109,7 +109,7 @@ ignore_errors: true - name: Cleanup - remove REST API Gateway on AWS API Gateway service - aws_api_gateway: + api_gateway: api_id: "{{ api_gateway_result.api_id }}" swagger_file: files/api_gw_swagger.yml state: absent diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/env_cleanup.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/env_cleanup.yml index 75d1ecfad..ef894ff54 100644 --- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/env_cleanup.yml +++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/env_cleanup.yml @@ -1,5 +1,5 @@ - name: kill asg - ec2_asg: + autoscaling_group: name: "{{ asg_name }}" state: absent register: removed @@ -8,7 +8,7 @@ retries: 10 - name: remove launch configs - ec2_lc: + autoscaling_launch_config: name: "{{ lc_name }}" state: absent register: removed @@ -17,7 +17,7 @@ retries: 10 - name: remove the security group - ec2_group: + ec2_security_group: name: "{{ sg_name }}" description: a security group for ansible tests vpc_id: "{{ testing_vpc.vpc.id }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/env_setup.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/env_setup.yml index ae958cd89..b4609ea97 100644 --- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/env_setup.yml +++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/env_setup.yml @@ -37,7 +37,7 @@ - "{{ testing_subnet.subnet.id }}" - name: create a security group with the vpc created in the ec2_setup - ec2_group: + ec2_security_group: name: "{{ sg_name }}" description: a security group for ansible tests vpc_id: "{{ testing_vpc.vpc.id }}" @@ -53,7 +53,7 @@ register: sg - name: create a launch configuration - ec2_lc: + autoscaling_launch_config: name: "{{ lc_name }}" image_id: "{{ ec2_ami_id }}" instance_type: t2.micro @@ -67,7 +67,7 @@ - create_lc.failed is false - name: create a AutoScalingGroup - ec2_asg: + autoscaling_group: name: "{{ asg_name }}" launch_config_name: "{{ lc_name }}" health_check_period: 60 diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/main.yml index d8380d913..d4b2a7c7a 100644 --- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/main.yml @@ -2,11 +2,12 @@ - name: "Wrap up all tests and setup AWS credentials" module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" collections: + - amazon.aws - community.aws block: - include_tasks: 'env_setup.yml' diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/tests.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/tests.yml index 7d326c6ff..804f802bb 100644 --- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/tests.yml +++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/tests.yml @@ -3,7 +3,7 @@ block: #---------------------------------------------------------------------- - name: Create lifecycle hook - ec2_asg_lifecycle_hook: + autoscaling_lifecycle_hook: autoscaling_group_name: "{{ asg_name }}" lifecycle_hook_name: "{{ resource_prefix }}-lifecycle-hook" transition: autoscaling:EC2_INSTANCE_LAUNCHING @@ -18,7 +18,7 @@ - output is not failed - name: Create lifecycle hook - ec2_asg_lifecycle_hook: + autoscaling_lifecycle_hook: autoscaling_group_name: "{{ asg_name }}" lifecycle_hook_name: "{{ resource_prefix }}-lifecycle-hook-terminate" transition: autoscaling:EC2_INSTANCE_TERMINATING @@ -33,7 +33,7 @@ - output is not failed - name: Trigger scale-up - ec2_asg: + autoscaling_group: name: "{{ asg_name }}" replace_all_instances: yes min_size: 0 @@ -47,7 +47,7 @@ - scale_asg is changed - name: Describe ASG - ec2_asg_info: + autoscaling_group_info: name: "{{ asg_name }}" register: scaled_asg retries: 24 @@ -62,7 +62,7 @@ instance_ids: '{{ scaled_asg.results[0].instances | map(attribute="instance_id") | list }}' - name: Describe ASG - ec2_asg_info: + autoscaling_group_info: name: "{{ asg_name }}" - name: Complete Lifecycle Hook @@ -80,7 +80,7 @@ instance_id: '{{ instance_ids[1] }}' - name: Describe ASG - ec2_asg_info: + autoscaling_group_info: name: "{{ asg_name }}" register: hooks_pending retries: 24 @@ -104,7 +104,7 @@ always: - name: Delete lifecycle hook - community.aws.ec2_asg_lifecycle_hook: + community.aws.autoscaling_lifecycle_hook: autoscaling_group_name: "{{ asg_name }}" lifecycle_hook_name: "{{ resource_prefix }}-lifecycle-hook" state: absent @@ -112,7 +112,7 @@ ignore_errors: True - name: Delete lifecycle hook - community.aws.ec2_asg_lifecycle_hook: + community.aws.autoscaling_lifecycle_hook: autoscaling_group_name: "{{ asg_name }}" lifecycle_hook_name: "{{ resource_prefix }}-lifecycle-hook-terminate" state: absent diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_instance_refresh/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_instance_refresh/tasks/main.yml index 32cfd5378..5b754d47d 100644 --- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_instance_refresh/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_instance_refresh/tasks/main.yml @@ -2,9 +2,9 @@ - name: setup credentials and region module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" collections: @@ -47,7 +47,7 @@ - "{{ testing_subnet.subnet.id }}" - name: create a security group with the vpc created in the ec2_setup - ec2_group: + ec2_security_group: name: "{{ sg_name }}" description: a security group for ansible tests vpc_id: "{{ testing_vpc.vpc.id }}" @@ -63,7 +63,7 @@ register: sg - name: ensure launch configs exist - ec2_lc: + autoscaling_launch_config: name: "{{ item }}" assign_public_ip: true image_id: "{{ ec2_ami_id }}" @@ -81,7 +81,7 @@ - "{{ lc_name_2 }}" - name: launch asg and do not wait for instances to be deemed healthy (no ELB) - ec2_asg: + autoscaling_group: name: "{{ asg_name }}" launch_config_name: "{{ lc_name_1 }}" desired_capacity: 1 @@ -99,7 +99,7 @@ # ============================================================ - name: test invalid cancelation - V1 - (pre-refresh) - ec2_asg_instance_refresh: + autoscaling_instance_refresh: name: "{{ asg_name }}" state: "cancelled" ignore_errors: yes @@ -107,10 +107,10 @@ - assert: that: - - "'An error occurred (ActiveInstanceRefreshNotFound) when calling the CancelInstanceRefresh operation: No in progress or pending Instance Refresh found for Auto Scaling group {{ resource_prefix }}-asg' in result.msg" + - "'An error occurred (ActiveInstanceRefreshNotFound) when calling the CancelInstanceRefresh operation: No in progress or pending Instance Refresh found for Auto Scaling group ' ~ resource_prefix ~ '-asg' in result.msg" - name: test starting a refresh with a valid ASG name - check_mode - ec2_asg_instance_refresh: + autoscaling_instance_refresh: name: "{{ asg_name }}" state: "started" check_mode: true @@ -123,7 +123,7 @@ - '"autoscaling:StartInstanceRefresh" not in output.resource_actions' - name: test starting a refresh with a valid ASG name - ec2_asg_instance_refresh: + autoscaling_instance_refresh: name: "{{ asg_name }}" state: "started" register: output @@ -133,7 +133,7 @@ - "'instance_refresh_id' in output.instance_refreshes" - name: test starting a refresh with a valid ASG name - Idempotent - ec2_asg_instance_refresh: + autoscaling_instance_refresh: name: "{{ asg_name }}" state: "started" ignore_errors: true @@ -145,7 +145,7 @@ - '"Failed to start InstanceRefresh: An error occurred (InstanceRefreshInProgress) when calling the StartInstanceRefresh operation: An Instance Refresh is already in progress and blocks the execution of this Instance Refresh." in output.msg' - name: test starting a refresh with a valid ASG name - Idempotent (check_mode) - ec2_asg_instance_refresh: + autoscaling_instance_refresh: name: "{{ asg_name }}" state: "started" ignore_errors: true @@ -159,7 +159,7 @@ - '"In check_mode - Instance Refresh is already in progress, can not start new instance refresh." in output.msg' - name: test starting a refresh with a nonexistent ASG name - ec2_asg_instance_refresh: + autoscaling_instance_refresh: name: "nonexistentname-asg" state: "started" ignore_errors: yes @@ -170,7 +170,7 @@ - "'Failed to start InstanceRefresh: An error occurred (ValidationError) when calling the StartInstanceRefresh operation: AutoScalingGroup name not found' in result.msg" - name: test canceling a refresh with an ASG name - check_mode - ec2_asg_instance_refresh: + autoscaling_instance_refresh: name: "{{ asg_name }}" state: "cancelled" check_mode: true @@ -183,7 +183,7 @@ - '"autoscaling:CancelInstanceRefresh" not in output.resource_actions' - name: test canceling a refresh with an ASG name - ec2_asg_instance_refresh: + autoscaling_instance_refresh: name: "{{ asg_name }}" state: "cancelled" register: output @@ -193,7 +193,7 @@ - "'instance_refresh_id' in output.instance_refreshes" - name: test canceling a refresh with a ASG name - Idempotent - ec2_asg_instance_refresh: + autoscaling_instance_refresh: name: "{{ asg_name }}" state: "cancelled" ignore_errors: yes @@ -204,7 +204,7 @@ - output is not changed - name: test cancelling a refresh with a valid ASG name - Idempotent (check_mode) - ec2_asg_instance_refresh: + autoscaling_instance_refresh: name: "{{ asg_name }}" state: "cancelled" ignore_errors: true @@ -217,7 +217,7 @@ - output is not failed - name: test starting a refresh with an ASG name and preferences dict - ec2_asg_instance_refresh: + autoscaling_instance_refresh: name: "{{ asg_name }}" state: "started" preferences: @@ -232,7 +232,7 @@ - "'instance_refresh_id' in output.instance_refreshes" - name: re-test canceling a refresh with an ASG name - ec2_asg_instance_refresh: + autoscaling_instance_refresh: name: "{{ asg_name }}" state: "cancelled" register: output @@ -242,7 +242,7 @@ - "'instance_refresh_id' in output.instance_refreshes" - name: test valid start - V1 - (with preferences missing instance_warmup) - ec2_asg_instance_refresh: + autoscaling_instance_refresh: name: "{{ asg_name }}" state: "started" preferences: @@ -257,7 +257,7 @@ - "'instance_refresh_id' in output.instance_refreshes" - name: re-test canceling a refresh with an ASG name - ec2_asg_instance_refresh: + autoscaling_instance_refresh: name: "{{ asg_name }}" state: "cancelled" register: output @@ -267,7 +267,7 @@ - "'instance_refresh_id' in output.instance_refreshes" - name: test valid start - V2 - (with preferences missing min_healthy_percentage) - ec2_asg_instance_refresh: + autoscaling_instance_refresh: name: "{{ asg_name }}" state: "started" preferences: @@ -282,7 +282,7 @@ - "'instance_refresh_id' in output.instance_refreshes" - name: test invalid cancelation - V2 - (with preferences) - ec2_asg_instance_refresh: + autoscaling_instance_refresh: name: "{{ asg_name }}" state: "cancelled" preferences: @@ -302,7 +302,7 @@ loop: "{{ query('sequence', 'start=1 end=3') }}" - name: test getting info for an ASG name - ec2_asg_instance_refresh_info: + autoscaling_instance_refresh_info: name: "{{ asg_name }}" region: "{{ aws_region }}" ignore_errors: yes @@ -315,7 +315,7 @@ inst_refresh_id_json_query: instance_refreshes[].instance_refresh_id - name: test using fake refresh ID - ec2_asg_instance_refresh_info: + autoscaling_instance_refresh_info: name: "{{ asg_name }}" ids: ['0e367f58-blabla-bla-bla-ca870dc5dbfe'] ignore_errors: yes @@ -323,10 +323,10 @@ - assert: that: - - "{{ output.instance_refreshes|length }} == 0" + - output.instance_refreshes | length == 0 - name: test using a real refresh ID - ec2_asg_instance_refresh_info: + autoscaling_instance_refresh_info: name: "{{ asg_name }}" ids: [ '{{ refreshout.instance_refreshes.instance_refresh_id }}' ] ignore_errors: yes @@ -334,10 +334,10 @@ - assert: that: - - "{{ output.instance_refreshes |length }} == 1" + - output.instance_refreshes | length == 1 - name: test getting info for an ASG name which doesn't exist - ec2_asg_instance_refresh_info: + autoscaling_instance_refresh_info: name: n0n3x1stentname27b ignore_errors: yes register: output @@ -347,17 +347,17 @@ - "'Failed to describe InstanceRefreshes: An error occurred (ValidationError) when calling the DescribeInstanceRefreshes operation: AutoScalingGroup name not found - AutoScalingGroup n0n3x1stentname27b not found' == output.msg" - name: assert that the correct number of records are returned - ec2_asg_instance_refresh_info: + autoscaling_instance_refresh_info: name: "{{ asg_name }}" ignore_errors: yes register: output - assert: that: - - "{{ output.instance_refreshes|length }} == 7" + - output.instance_refreshes | length == 7 - name: assert that valid message with fake-token is returned - ec2_asg_instance_refresh_info: + autoscaling_instance_refresh_info: name: "{{ asg_name }}" next_token: "fake-token-123" ignore_errors: yes @@ -368,7 +368,7 @@ - '"Failed to describe InstanceRefreshes: An error occurred (InvalidNextToken) when calling the DescribeInstanceRefreshes operation: The token ''********'' is invalid." == output.msg' - name: assert that max records=1 returns no more than one record - ec2_asg_instance_refresh_info: + autoscaling_instance_refresh_info: name: "{{ asg_name }}" max_records: 1 ignore_errors: yes @@ -376,10 +376,10 @@ - assert: that: - - "{{ output.instance_refreshes|length }} < 2" + - output.instance_refreshes | length < 2 - name: assert that valid message with real-token is returned - ec2_asg_instance_refresh_info: + autoscaling_instance_refresh_info: name: "{{ asg_name }}" next_token: "{{ output.next_token }}" ignore_errors: yes @@ -387,10 +387,10 @@ - assert: that: - - "{{ output.instance_refreshes|length }} == 7" + - output.instance_refreshes | length == 7 - name: test using both real nextToken and max_records=1 - ec2_asg_instance_refresh_info: + autoscaling_instance_refresh_info: name: "{{ asg_name }}" max_records: 1 next_token: "{{ output.next_token }}" @@ -399,12 +399,12 @@ - assert: that: - - "{{ output.instance_refreshes|length }} == 1" + - output.instance_refreshes | length == 1 always: - name: kill asg - ec2_asg: + autoscaling_group: name: "{{ asg_name }}" state: absent register: removed @@ -414,7 +414,7 @@ # Remove the testing dependencies - name: remove the load balancer - ec2_elb_lb: + elb_classic_lb: name: "{{ load_balancer_name }}" state: absent security_group_ids: @@ -440,7 +440,7 @@ retries: 10 - name: remove launch configs - ec2_lc: + autoscaling_launch_config: name: "{{ item }}" state: absent register: removed @@ -461,7 +461,7 @@ ignore_errors: true - name: remove the security group - ec2_group: + ec2_security_group: name: "{{ sg_name }}" description: a security group for ansible tests vpc_id: "{{ testing_vpc.vpc.id }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_instance_refresh/tasks/refresh_and_cancel_three_times.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_instance_refresh/tasks/refresh_and_cancel_three_times.yml index 15fa2100c..9b051a054 100644 --- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_instance_refresh/tasks/refresh_and_cancel_three_times.yml +++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_instance_refresh/tasks/refresh_and_cancel_three_times.yml @@ -1,17 +1,17 @@ --- - name: try to cancel pre-loop - ec2_asg_instance_refresh: + autoscaling_instance_refresh: name: "{{ asg_name }}" state: "cancelled" ignore_errors: yes - name: test starting a refresh with an ASG name - ec2_asg_instance_refresh: + autoscaling_instance_refresh: name: "{{ asg_name }}" state: "started" - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" region: "{{ aws_region }}" ignore_errors: no retries: 10 @@ -20,10 +20,10 @@ until: refreshout is not failed - name: test cancelling a refresh with an ASG name - ec2_asg_instance_refresh: + autoscaling_instance_refresh: name: "{{ asg_name }}" state: "cancelled" - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" region: "{{ aws_region }}" ignore_errors: yes diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/env_cleanup.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/env_cleanup.yml index 9e5ae6a93..ce626b69c 100644 --- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/env_cleanup.yml +++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/env_cleanup.yml @@ -24,7 +24,7 @@ retries: 10 - name: remove the security group - ec2_group: + ec2_security_group: name: "{{ resource_prefix }}-sg" description: a security group for ansible tests vpc_id: "{{ testing_vpc.vpc.id }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/env_setup.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/env_setup.yml index 88f5bb6fe..d48bae66c 100644 --- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/env_setup.yml +++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/env_setup.yml @@ -48,7 +48,7 @@ - "{{ testing_subnet_b.subnet.id }}" - name: create a security group with the vpc - ec2_group: + ec2_security_group: name: "{{ resource_prefix }}-sg" description: a security group for ansible tests vpc_id: "{{ testing_vpc.vpc.id }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/main.yml index 6606484b1..da1f2fb1f 100644 --- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/main.yml @@ -1,9 +1,9 @@ - name: run ec2_lc tests module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" collections: - amazon.aws @@ -14,7 +14,7 @@ include_tasks: env_setup.yml - name: Create launch configuration 1 - community.aws.ec2_lc: + community.aws.autoscaling_launch_config: name: '{{ resource_prefix }}-lc1' image_id: '{{ ec2_ami_id }}' assign_public_ip: yes @@ -28,7 +28,7 @@ register: lc_1_create - name: Gather information about launch configuration 1 - community.aws.ec2_lc_info: + community.aws.autoscaling_launch_config_info: name: '{{ resource_prefix }}-lc1' register: lc_1_info_result @@ -42,7 +42,7 @@ - lc_1_info_result.launch_configurations[0].instance_type == 't2.micro' - name: Create launch configuration 1 - Idempotency - community.aws.ec2_lc: + community.aws.autoscaling_launch_config: name: '{{ resource_prefix }}-lc1' image_id: '{{ ec2_ami_id }}' assign_public_ip: yes @@ -61,7 +61,7 @@ - '"autoscaling:CreateLaunchConfiguration" not in lc_1_create_idem.resource_actions' - name: Create launch configuration 2 - community.aws.ec2_lc: + community.aws.autoscaling_launch_config: name: '{{ resource_prefix }}-lc2' image_id: '{{ ec2_ami_id }}' assign_public_ip: yes @@ -75,7 +75,7 @@ register: lc_2_create - name: Gather information about launch configuration 2 - community.aws.ec2_lc_info: + community.aws.autoscaling_launch_config_info: name: '{{ resource_prefix }}-lc2' register: lc_2_info_result @@ -90,7 +90,7 @@ - '"autoscaling:CreateLaunchConfiguration" in lc_2_create.resource_actions' - name: Create launch configuration 2 - Idempotency - community.aws.ec2_lc: + community.aws.autoscaling_launch_config: name: '{{ resource_prefix }}-lc2' image_id: '{{ ec2_ami_id }}' assign_public_ip: yes @@ -109,7 +109,7 @@ - '"autoscaling:CreateLaunchConfiguration" not in lc_2_create_idem.resource_actions' - name: Create launch configuration 3 - test throughput parameter - community.aws.ec2_lc: + community.aws.autoscaling_launch_config: name: '{{ resource_prefix }}-lc3' image_id: '{{ ec2_ami_id }}' instance_type: '{{ ec2_instance_type }}' @@ -122,7 +122,7 @@ register: lc_3_create - name: Gather information about launch configuration 3 - community.aws.ec2_lc_info: + community.aws.autoscaling_launch_config_info: name: '{{ resource_prefix }}-lc3' register: lc_3_info_result @@ -137,7 +137,7 @@ - '"autoscaling:CreateLaunchConfiguration" in lc_3_create.resource_actions' - name: Create launch configuration 3 - Idempotency - community.aws.ec2_lc: + community.aws.autoscaling_launch_config: name: '{{ resource_prefix }}-lc3' image_id: '{{ ec2_ami_id }}' instance_type: '{{ ec2_instance_type }}' @@ -155,7 +155,7 @@ - '"autoscaling:CreateLaunchConfiguration" not in lc_3_create_idem.resource_actions' - name: Search for the Launch Configurations that start with test resource_prefix - community.aws.ec2_lc_find: + community.aws.autoscaling_launch_config_find: name_regex: '{{ resource_prefix }}*' sort_order: descending register: lc_find_result @@ -166,7 +166,7 @@ - '"autoscaling:DescribeLaunchConfigurations" in lc_find_result.resource_actions' - name: Delete launch configuration 1 - community.aws.ec2_lc: + community.aws.autoscaling_launch_config: name: '{{ resource_prefix }}-lc1' state: absent register: lc_1_delete @@ -177,7 +177,7 @@ - '"autoscaling:DeleteLaunchConfiguration" in lc_1_delete.resource_actions' - name: Delete launch configuration 1 - Idempotency - community.aws.ec2_lc: + community.aws.autoscaling_launch_config: name: '{{ resource_prefix }}-lc1' state: absent register: lc_1_delete_idem @@ -188,7 +188,7 @@ - '"autoscaling:DeleteLaunchConfiguration" not in lc_1_delete_idem.resource_actions' - name: Gather information about launch configuration 1 - community.aws.ec2_lc_info: + community.aws.autoscaling_launch_config_info: name: '{{ resource_prefix }}-lc1' register: lc_1_info_result @@ -198,7 +198,7 @@ - lc_1_info_result.launch_configurations | length == 0 - name: Delete launch configuration 2 - community.aws.ec2_lc: + community.aws.autoscaling_launch_config: name: '{{ resource_prefix }}-lc2' state: absent register: lc_2_delete @@ -209,7 +209,7 @@ - '"autoscaling:DeleteLaunchConfiguration" in lc_2_delete.resource_actions' - name: Delete launch configuration 2 - Idempotency - community.aws.ec2_lc: + community.aws.autoscaling_launch_config: name: '{{ resource_prefix }}-lc2' state: absent register: lc_2_delete_idem @@ -220,7 +220,7 @@ - '"autoscaling:DeleteLaunchConfiguration" not in lc_2_delete_idem.resource_actions' - name: Gather information about launch configuration 2 - community.aws.ec2_lc_info: + community.aws.autoscaling_launch_config_info: name: '{{ resource_prefix }}-lc2' register: lc_2_info_result @@ -230,7 +230,7 @@ - lc_2_info_result.launch_configurations | length == 0 - name: Delete launch configuration 3 - community.aws.ec2_lc: + community.aws.autoscaling_launch_config: name: '{{ resource_prefix }}-lc3' state: absent register: lc_3_delete @@ -241,7 +241,7 @@ - '"autoscaling:DeleteLaunchConfiguration" in lc_3_delete.resource_actions' - name: Delete launch configuration 3 - Idempotency - community.aws.ec2_lc: + community.aws.autoscaling_launch_config: name: '{{ resource_prefix }}-lc3' state: absent register: lc_3_delete_idem @@ -252,7 +252,7 @@ - '"autoscaling:DeleteLaunchConfiguration" not in lc_3_delete_idem.resource_actions' - name: Gather information about launch configuration 3 - community.aws.ec2_lc_info: + community.aws.autoscaling_launch_config_info: name: '{{ resource_prefix }}-lc2' register: lc_3_info_result diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/main.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/main.yml index a22182146..e8fdfd37b 100644 --- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/main.yml @@ -2,40 +2,38 @@ # Beware: most of our tests here are run in parallel. # To add new tests you'll need to add a new host to the inventory and a matching # '{{ inventory_hostname }}'.yml file in roles/ec2_asg_lifecycle_hook/tasks/ - - # Prepare the VPC and figure out which AMI to use - hosts: all - gather_facts: no + gather_facts: false tasks: - - module_defaults: - group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" - region: "{{ aws_region }}" - vars: + - module_defaults: + group/aws: + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" + region: "{{ aws_region }}" + vars: # We can't just use "run_once" because the facts don't propagate when # running an 'include' that was run_once - setup_run_once: yes - block: - - include_role: - name: 'setup_ec2_facts' - - include_role: - name: 'ec2_asg_lifecycle_hook' - tasks_from: env_setup.yml - rescue: - - include_role: - name: 'ec2_asg_lifecycle_hook' - tasks_from: env_cleanup.yml - run_once: yes - - fail: - msg: 'Environment preparation failed' - run_once: yes + setup_run_once: true + block: + - ansible.builtin.include_role: + name: setup_ec2_facts + - ansible.builtin.include_role: + name: ec2_asg_lifecycle_hook + tasks_from: env_setup.yml + rescue: + - ansible.builtin.include_role: + name: ec2_asg_lifecycle_hook + tasks_from: env_cleanup.yml + run_once: true + - ansible.builtin.fail: + msg: Environment preparation failed + run_once: true # VPC should get cleaned up once all hosts have run - hosts: all - gather_facts: no + gather_facts: false strategy: free serial: 6 roles: diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/meta/main.yml index 1471b11f6..fcadd50dc 100644 --- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/meta/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/meta/main.yml @@ -1,2 +1,3 @@ +--- dependencies: - setup_ec2_facts diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/create_update_delete.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/create_update_delete.yml index 800ee6358..f6b92213e 100644 --- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/create_update_delete.yml +++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/create_update_delete.yml @@ -2,47 +2,46 @@ - name: Test create/update/delete AutoScalingGroups Lifecycle Hooks with ec2_asg_lifecycle_hook block: - #---------------------------------------------------------------------- - - name: create a launch configuration - ec2_lc: + # ---------------------------------------------------------------------- + - name: Create a launch configuration + community.aws.autoscaling_launch_config: name: "{{ resource_prefix }}-lc" image_id: "{{ ec2_ami_id }}" region: "{{ aws_region }}" instance_type: t2.micro - assign_public_ip: yes + assign_public_ip: true register: create_lc - - name: ensure that lc is created - assert: + - name: Ensure that lc is created + ansible.builtin.assert: that: - create_lc is changed - create_lc.failed is false - #---------------------------------------------------------------------- - - name: create a AutoScalingGroup - ec2_asg: + # ---------------------------------------------------------------------- + - name: Create a AutoScalingGroup + amazon.aws.autoscaling_group: name: "{{ resource_prefix }}-asg" launch_config_name: "{{ resource_prefix }}-lc" health_check_period: 60 health_check_type: ELB - replace_all_instances: yes + replace_all_instances: true min_size: 1 max_size: 1 desired_capacity: 1 region: "{{ aws_region }}" register: create_asg - - name: ensure that AutoScalingGroup is created - assert: + - name: Ensure that AutoScalingGroup is created + ansible.builtin.assert: that: - create_asg is changed - create_asg.failed is false - '"autoscaling:CreateAutoScalingGroup" in create_asg.resource_actions' - #---------------------------------------------------------------------- - + # ---------------------------------------------------------------------- - name: Create lifecycle hook - check_mode - community.aws.ec2_asg_lifecycle_hook: + community.aws.autoscaling_lifecycle_hook: region: "{{ aws_region }}" autoscaling_group_name: "{{ resource_prefix }}-asg" lifecycle_hook_name: "{{ resource_prefix }}-test-hook" @@ -53,7 +52,7 @@ check_mode: true register: output - - assert: + - ansible.builtin.assert: that: - output is changed - output is not failed @@ -61,7 +60,7 @@ - '"Would have created AutoScalingGroup Lifecycle Hook if not in check_mode" in output.msg' - name: Create lifecycle hook - community.aws.ec2_asg_lifecycle_hook: + community.aws.autoscaling_lifecycle_hook: region: "{{ aws_region }}" autoscaling_group_name: "{{ resource_prefix }}-asg" lifecycle_hook_name: "{{ resource_prefix }}-test-hook" @@ -71,7 +70,7 @@ state: present register: output - - assert: + - ansible.builtin.assert: that: - output is changed - output is not failed @@ -79,7 +78,7 @@ - output.lifecycle_hook_info[0].heartbeat_timeout == 7000 - name: Create lifecycle hook - Idempotency - community.aws.ec2_asg_lifecycle_hook: + community.aws.autoscaling_lifecycle_hook: region: "{{ aws_region }}" autoscaling_group_name: "{{ resource_prefix }}-asg" lifecycle_hook_name: "{{ resource_prefix }}-test-hook" @@ -89,14 +88,14 @@ state: present register: output - - assert: + - ansible.builtin.assert: that: - output is not changed - output is not failed - '"lifecycle_hook_info" not in output' - name: Create lifecycle hook - check_mode (Idempotency) - community.aws.ec2_asg_lifecycle_hook: + community.aws.autoscaling_lifecycle_hook: region: "{{ aws_region }}" autoscaling_group_name: "{{ resource_prefix }}-asg" lifecycle_hook_name: "{{ resource_prefix }}-test-hook" @@ -107,14 +106,14 @@ check_mode: true register: output - - assert: + - ansible.builtin.assert: that: - output is not changed - output is not failed - '"lifecycle_hook_info" not in output' - name: Update lifecycle hook - check_mode - community.aws.ec2_asg_lifecycle_hook: + community.aws.autoscaling_lifecycle_hook: region: "{{ aws_region }}" autoscaling_group_name: "{{ resource_prefix }}-asg" lifecycle_hook_name: "{{ resource_prefix }}-test-hook" @@ -125,7 +124,7 @@ check_mode: true register: output - - assert: + - ansible.builtin.assert: that: - output is changed - output is not failed @@ -133,7 +132,7 @@ - '"Would have modified AutoScalingGroup Lifecycle Hook if not in check_mode." in output.msg' - name: Update lifecycle hook - community.aws.ec2_asg_lifecycle_hook: + community.aws.autoscaling_lifecycle_hook: region: "{{ aws_region }}" autoscaling_group_name: "{{ resource_prefix }}-asg" lifecycle_hook_name: "{{ resource_prefix }}-test-hook" @@ -143,7 +142,7 @@ state: present register: output - - assert: + - ansible.builtin.assert: that: - output is changed - output is not failed @@ -151,7 +150,7 @@ - output.lifecycle_hook_info[0].heartbeat_timeout == 6000 - name: Update lifecycle hook - Idempotency - community.aws.ec2_asg_lifecycle_hook: + community.aws.autoscaling_lifecycle_hook: region: "{{ aws_region }}" autoscaling_group_name: "{{ resource_prefix }}-asg" lifecycle_hook_name: "{{ resource_prefix }}-test-hook" @@ -161,14 +160,14 @@ state: present register: output - - assert: + - ansible.builtin.assert: that: - output is not changed - output is not failed - '"lifecycle_hook_info" not in output' - name: Update lifecycle hook - check_mode (Idempotency) - community.aws.ec2_asg_lifecycle_hook: + community.aws.autoscaling_lifecycle_hook: region: "{{ aws_region }}" autoscaling_group_name: "{{ resource_prefix }}-asg" lifecycle_hook_name: "{{ resource_prefix }}-test-hook" @@ -179,14 +178,14 @@ check_mode: true register: output - - assert: + - ansible.builtin.assert: that: - output is not changed - output is not failed - '"lifecycle_hook_info" not in output' - name: Delete lifecycle hook - check_mode - community.aws.ec2_asg_lifecycle_hook: + community.aws.autoscaling_lifecycle_hook: region: "{{ aws_region }}" autoscaling_group_name: "{{ resource_prefix }}-asg" lifecycle_hook_name: "{{ resource_prefix }}-test-hook" @@ -194,7 +193,7 @@ check_mode: true register: output - - assert: + - ansible.builtin.assert: that: - output is changed - output is not failed @@ -202,35 +201,35 @@ - '"Would have deleted AutoScalingGroup Lifecycle Hook if not in check_mode." in output.msg' - name: Delete lifecycle hook - community.aws.ec2_asg_lifecycle_hook: + community.aws.autoscaling_lifecycle_hook: region: "{{ aws_region }}" autoscaling_group_name: "{{ resource_prefix }}-asg" lifecycle_hook_name: "{{ resource_prefix }}-test-hook" state: absent register: output - - assert: + - ansible.builtin.assert: that: - output is changed - output is not failed - '"lifecycle_hook_removed" in output' - name: Delete lifecycle hook - Idempotency - community.aws.ec2_asg_lifecycle_hook: + community.aws.autoscaling_lifecycle_hook: region: "{{ aws_region }}" autoscaling_group_name: "{{ resource_prefix }}-asg" lifecycle_hook_name: "{{ resource_prefix }}-test-hook" state: absent register: output - - assert: + - ansible.builtin.assert: that: - output is not changed - output is not failed - '"lifecycle_hook_removed" not in output' - name: Delete lifecycle hook - check_mode (Idempotency) - community.aws.ec2_asg_lifecycle_hook: + community.aws.autoscaling_lifecycle_hook: region: "{{ aws_region }}" autoscaling_group_name: "{{ resource_prefix }}-asg" lifecycle_hook_name: "{{ resource_prefix }}-test-hook" @@ -238,7 +237,7 @@ check_mode: true register: output - - assert: + - ansible.builtin.assert: that: - output is not changed - output is not failed diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/env_cleanup.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/env_cleanup.yml index 3b4ee869b..1befe278a 100644 --- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/env_cleanup.yml +++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/env_cleanup.yml @@ -1,5 +1,6 @@ -- name: kill asg - ec2_asg: +--- +- name: Kill asg + amazon.aws.autoscaling_group: name: "{{ resource_prefix }}-asg" state: absent register: removed @@ -8,8 +9,8 @@ retries: 10 # Remove the testing dependencies -- name: remove target group - elb_target_group: +- name: Remove target group + community.aws.elb_target_group: name: "{{ item }}" state: absent register: removed @@ -20,8 +21,8 @@ - "{{ tg1_name }}" - "{{ tg2_name }}" -- name: remove the load balancer - ec2_elb_lb: +- name: Remove the load balancer + amazon.aws.elb_classic_lb: name: "{{ load_balancer_name }}" state: absent security_group_ids: @@ -34,20 +35,20 @@ load_balancer_port: 80 instance_port: 80 health_check: - ping_protocol: tcp - ping_port: 80 - ping_path: "/" - response_timeout: 5 - interval: 10 - unhealthy_threshold: 4 - healthy_threshold: 2 + ping_protocol: tcp + ping_port: 80 + ping_path: / + response_timeout: 5 + interval: 10 + unhealthy_threshold: 4 + healthy_threshold: 2 register: removed until: removed is not failed ignore_errors: true retries: 10 -- name: remove launch configs - ec2_lc: +- name: Remove launch configs + community.aws.autoscaling_launch_config: name: "{{ item }}" state: absent register: removed @@ -57,8 +58,8 @@ loop: - "{{ resource_prefix }}-lc" -- name: delete launch template - ec2_launch_template: +- name: Delete launch template + community.aws.ec2_launch_template: name: "{{ resource_prefix }}-lt" state: absent register: del_lt @@ -66,8 +67,8 @@ until: del_lt is not failed ignore_errors: true -- name: remove the security group - ec2_group: +- name: Remove the security group + amazon.aws.ec2_security_group: name: "{{ resource_prefix }}-sg" description: a security group for ansible tests vpc_id: "{{ testing_vpc.vpc.id }}" @@ -77,14 +78,14 @@ ignore_errors: true retries: 10 -- name: remove routing rules - ec2_vpc_route_table: +- name: Remove routing rules + amazon.aws.ec2_vpc_route_table: state: absent vpc_id: "{{ testing_vpc.vpc.id }}" tags: created: "{{ resource_prefix }}-route" routes: - - dest: 0.0.0.0/0 + - dest: "0.0.0.0/0" gateway_id: "{{ igw.gateway_id }}" subnets: - "{{ testing_subnet.subnet.id }}" @@ -93,8 +94,8 @@ ignore_errors: true retries: 10 -- name: remove internet gateway - ec2_vpc_igw: +- name: Remove internet gateway + amazon.aws.ec2_vpc_igw: vpc_id: "{{ testing_vpc.vpc.id }}" state: absent register: removed @@ -102,8 +103,8 @@ ignore_errors: true retries: 10 -- name: remove the subnet - ec2_vpc_subnet: +- name: Remove the subnet + amazon.aws.ec2_vpc_subnet: state: absent vpc_id: "{{ testing_vpc.vpc.id }}" cidr: 10.55.77.0/24 @@ -112,8 +113,8 @@ ignore_errors: true retries: 10 -- name: remove the VPC - ec2_vpc_net: +- name: Remove the VPC + amazon.aws.ec2_vpc_net: name: "{{ resource_prefix }}-vpc" cidr_block: 10.55.77.0/24 state: absent diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/env_setup.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/env_setup.yml index 8e9be1d55..d51654310 100644 --- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/env_setup.yml +++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/env_setup.yml @@ -1,25 +1,25 @@ +--- - name: Run ec2_asg_lifecycle_hook integration tests. block: - # ============================================================ # Set up the testing dependencies: VPC, subnet, security group, and two launch configurations - name: Create VPC for use in testing - ec2_vpc_net: + amazon.aws.ec2_vpc_net: name: "{{ resource_prefix }}-vpc" cidr_block: 10.55.77.0/24 tenancy: default register: testing_vpc - name: Create internet gateway for use in testing - ec2_vpc_igw: + amazon.aws.ec2_vpc_igw: vpc_id: "{{ testing_vpc.vpc.id }}" state: present register: igw - name: Create subnet for use in testing - ec2_vpc_subnet: + amazon.aws.ec2_vpc_subnet: state: present vpc_id: "{{ testing_vpc.vpc.id }}" cidr: 10.55.77.0/24 @@ -28,19 +28,19 @@ Name: "{{ resource_prefix }}-subnet" register: testing_subnet - - name: create routing rules - ec2_vpc_route_table: + - name: Create routing rules + amazon.aws.ec2_vpc_route_table: vpc_id: "{{ testing_vpc.vpc.id }}" tags: created: "{{ resource_prefix }}-route" routes: - - dest: 0.0.0.0/0 + - dest: "0.0.0.0/0" gateway_id: "{{ igw.gateway_id }}" subnets: - "{{ testing_subnet.subnet.id }}" - - name: create a security group with the vpc created in the ec2_setup - ec2_group: + - name: Create a security group with the vpc created in the ec2_setup + amazon.aws.ec2_security_group: name: "{{ resource_prefix }}-sg" description: a security group for ansible tests vpc_id: "{{ testing_vpc.vpc.id }}" @@ -48,9 +48,9 @@ - proto: tcp from_port: 22 to_port: 22 - cidr_ip: 0.0.0.0/0 + cidr_ip: "0.0.0.0/0" - proto: tcp from_port: 80 to_port: 80 - cidr_ip: 0.0.0.0/0 + cidr_ip: "0.0.0.0/0" register: sg diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/main.yml index 16442c7fa..e38324bda 100644 --- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/main.yml @@ -3,38 +3,36 @@ # To add new tests you'll need to add a new host to the inventory and a matching # '{{ inventory_hostname }}'.yml file in roles/ec2_asg_lifecycle_hook/tasks/ -- name: "Wrap up all tests and setup AWS credentials" +- name: Wrap up all tests and setup AWS credentials module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" aws_config: retries: # Unfortunately AWSRetry doesn't support paginators and boto3's paginators # don't support any configuration of the delay between retries. max_attempts: 20 - collections: - - community.aws block: - - debug: - msg: "{{ inventory_hostname }} start: {{ lookup('pipe','date') }}" - - include_tasks: '{{ inventory_hostname }}.yml' - - debug: - msg: "{{ inventory_hostname }} finish: {{ lookup('pipe','date') }}" + - ansible.builtin.debug: + msg: "{{ inventory_hostname }} start: {{ lookup('pipe', 'date') }}" + - ansible.builtin.include_tasks: "{{ inventory_hostname }}.yml" + - ansible.builtin.debug: + msg: "{{ inventory_hostname }} finish: {{ lookup('pipe', 'date') }}" always: - - set_fact: - _role_complete: True + - ansible.builtin.set_fact: + _role_complete: true - vars: completed_hosts: '{{ ansible_play_hosts_all | map("extract", hostvars, "_role_complete") | list | select("defined") | list | length }}' - hosts_in_play: '{{ ansible_play_hosts_all | length }}' - debug: + hosts_in_play: "{{ ansible_play_hosts_all | length }}" + ansible.builtin.debug: msg: "{{ completed_hosts }} of {{ hosts_in_play }} complete" - - include_tasks: env_cleanup.yml + - ansible.builtin.include_tasks: env_cleanup.yml vars: completed_hosts: '{{ ansible_play_hosts_all | map("extract", hostvars, "_role_complete") | list | select("defined") | list | length }}' - hosts_in_play: '{{ ansible_play_hosts_all | length }}' + hosts_in_play: "{{ ansible_play_hosts_all | length }}" when: - - completed_hosts == hosts_in_play + - completed_hosts == hosts_in_play diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_policy/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_policy/tasks/main.yml index 24b3eea62..684522d64 100644 --- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_policy/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_policy/tasks/main.yml @@ -12,22 +12,22 @@ - module_defaults: group/aws: region: "{{ aws_region }}" - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" collections: - amazon.aws block: - name: create trivial launch_configuration - ec2_lc: + autoscaling_launch_config: name: "{{ scaling_policy_lc_name }}" state: present instance_type: t3.nano image_id: "{{ ec2_ami_id }}" - name: create trivial ASG - ec2_asg: + autoscaling_group: name: "{{ scaling_policy_asg_name }}" state: present launch_config_name: "{{ scaling_policy_lc_name }}" @@ -36,7 +36,7 @@ desired_capacity: 0 - name: Create Simple Scaling policy using implicit defaults - ec2_scaling_policy: + autoscaling_policy: name: "{{ resource_prefix }}_simplescaling_policy" asg_name: "{{ scaling_policy_asg_name }}" state: present @@ -46,11 +46,11 @@ - assert: that: - - result.policy_name == "{{ resource_prefix }}_simplescaling_policy" + - result.policy_name == resource_prefix ~ '_simplescaling_policy' - result.changed - name: Update Simple Scaling policy using explicit defaults - ec2_scaling_policy: + autoscaling_policy: name: "{{ resource_prefix }}_simplescaling_policy" asg_name: "{{ scaling_policy_asg_name }}" state: present @@ -61,11 +61,11 @@ - assert: that: - - result.policy_name == "{{ resource_prefix }}_simplescaling_policy" + - result.policy_name == resource_prefix ~ '_simplescaling_policy' - not result.changed - name: min_adjustment_step is ignored with ChangeInCapacity - ec2_scaling_policy: + autoscaling_policy: name: "{{ resource_prefix }}_simplescaling_policy" asg_name: "{{ scaling_policy_asg_name }}" state: present @@ -77,12 +77,12 @@ - assert: that: - - result.policy_name == "{{ resource_prefix }}_simplescaling_policy" + - result.policy_name == resource_prefix ~ '_simplescaling_policy' - not result.changed - result.adjustment_type == "ChangeInCapacity" - name: Change Simple Scaling policy adjustment_type to PercentChangeInCapacity - ec2_scaling_policy: + autoscaling_policy: name: "{{ resource_prefix }}_simplescaling_policy" asg_name: "{{ scaling_policy_asg_name }}" state: present @@ -94,12 +94,12 @@ - assert: that: - - result.policy_name == "{{ resource_prefix }}_simplescaling_policy" + - result.policy_name == resource_prefix ~ '_simplescaling_policy' - result.changed - result.adjustment_type == "PercentChangeInCapacity" - name: Remove Simple Scaling policy - ec2_scaling_policy: + autoscaling_policy: name: "{{ resource_prefix }}_simplescaling_policy" asg_name: "{{ scaling_policy_asg_name }}" state: absent @@ -110,7 +110,7 @@ - result.changed - name: Create Step Scaling policy - ec2_scaling_policy: + autoscaling_policy: name: "{{ resource_prefix }}_stepscaling_policy" asg_name: "{{ scaling_policy_asg_name }}" state: present @@ -126,11 +126,11 @@ - assert: that: - - result.policy_name == "{{ resource_prefix }}_stepscaling_policy" + - result.policy_name == resource_prefix ~ '_stepscaling_policy' - result.changed - name: Add another step - ec2_scaling_policy: + autoscaling_policy: name: "{{ resource_prefix }}_stepscaling_policy" asg_name: "{{ scaling_policy_asg_name }}" state: present @@ -149,12 +149,12 @@ - assert: that: - - result.policy_name == "{{ resource_prefix }}_stepscaling_policy" + - result.policy_name == resource_prefix ~ '_stepscaling_policy' - result.changed - result.adjustment_type == "PercentChangeInCapacity" - name: Remove Step Scaling policy - ec2_scaling_policy: + autoscaling_policy: name: "{{ resource_prefix }}_stepscaling_policy" asg_name: "{{ scaling_policy_asg_name }}" state: absent @@ -165,7 +165,7 @@ - result.changed - name: Remove Step Scaling policy (idemopotency) - ec2_scaling_policy: + autoscaling_policy: name: "{{ resource_prefix }}_stepscaling_policy" asg_name: "{{ scaling_policy_asg_name }}" state: absent @@ -177,7 +177,7 @@ - result is successful - name: create TargetTracking predefined policy - ec2_scaling_policy: + autoscaling_policy: name: "{{ resource_prefix }}_targettracking_predefined_policy" policy_type: TargetTrackingScaling target_tracking_config: @@ -189,12 +189,12 @@ - assert: that: - - result.policy_name == "{{ resource_prefix }}_targettracking_predefined_policy" + - result.policy_name == resource_prefix ~ '_targettracking_predefined_policy' - result.changed - result is successful - name: create TargetTrackingScaling predefined policy (idempotency) - ec2_scaling_policy: + autoscaling_policy: name: "{{ resource_prefix }}_targettracking_predefined_policy" policy_type: TargetTrackingScaling target_tracking_config: @@ -206,12 +206,12 @@ - assert: that: - - result.policy_name == "{{ resource_prefix }}_targettracking_predefined_policy" + - result.policy_name == resource_prefix ~ '_targettracking_predefined_policy' - result is not changed # # It would be good to also test this but we would need an Target group and an ALB # - name: create TargetTracking predefined policy with resource_label -# ec2_scaling_policy: +# autoscaling_policy: # name: "{{ resource_prefix }}_targettracking_predefined_rl_policy" # policy_type: TargetTrackingScaling # target_tracking_config: @@ -229,7 +229,7 @@ # - result is successful # # - name: create TargetTracking predefined policy with resource_label (idempotency) -# ec2_scaling_policy: +# autoscaling_policy: # name: "{{ resource_prefix }}_targettracking_predefined_rl_policy" # policy_type: TargetTrackingScaling # target_tracking_config: @@ -246,7 +246,7 @@ # - result is not changed - name: create TargetTrackingScaling custom policy - ec2_scaling_policy: + autoscaling_policy: name: "{{ resource_prefix }}_targettracking_custom_policy" policy_type: TargetTrackingScaling target_tracking_config: @@ -263,12 +263,12 @@ - assert: that: - - result.policy_name == "{{ resource_prefix }}_targettracking_custom_policy" + - result.policy_name == resource_prefix ~ '_targettracking_custom_policy' - result.changed - result is successful - name: create TargetTrackingScaling custom policy (idempotency) - ec2_scaling_policy: + autoscaling_policy: name: "{{ resource_prefix }}_targettracking_custom_policy" policy_type: TargetTrackingScaling target_tracking_config: @@ -285,14 +285,14 @@ - assert: that: - - result.policy_name == "{{ resource_prefix }}_targettracking_custom_policy" + - result.policy_name == resource_prefix ~ '_targettracking_custom_policy' - result is not changed always: # ============================================================ - name: Remove the scaling policies - ec2_scaling_policy: + autoscaling_policy: name: "{{ item }}" state: absent register: result @@ -305,13 +305,13 @@ ignore_errors: yes - name: remove the ASG - ec2_asg: + autoscaling_group: name: "{{ scaling_policy_asg_name }}" state: absent ignore_errors: yes - name: remove the Launch Configuration - ec2_lc: + autoscaling_launch_config: name: "{{ scaling_policy_lc_name }}" state: absent ignore_errors: yes diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_scheduled_action/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_scheduled_action/tasks/main.yml index c78c7efae..4c0e97220 100644 --- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_scheduled_action/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_scheduled_action/tasks/main.yml @@ -5,9 +5,9 @@ - community.aws module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" block: ## Set up the testing dependencies: VPC, subnet, security group, and launch configuration @@ -29,7 +29,7 @@ register: testing_subnet - name: create a security group with the vpc created in the ec2_setup - ec2_group: + ec2_security_group: name: "{{ resource_prefix }}-sg" description: a security group for ansible tests vpc_id: "{{ testing_vpc.vpc.id }}" @@ -45,7 +45,7 @@ register: sg - name: ensure launch configs exist - ec2_lc: + autoscaling_launch_config: name: "{{ resource_prefix }}-lc" assign_public_ip: true image_id: "{{ ec2_ami_id }}" @@ -53,7 +53,7 @@ instance_type: t3.micro - name: Create ASG ready - ec2_asg: + autoscaling_group: name: "{{ resource_prefix }}-asg" launch_config_name: "{{ resource_prefix }}-lc" desired_capacity: 1 @@ -70,10 +70,10 @@ ## Create minimal basic scheduled action - name: Create basic scheduled_action - check_mode - ec2_asg_scheduled_action: + autoscaling_scheduled_action: autoscaling_group_name: "{{ resource_prefix }}-asg" scheduled_action_name: "{{ resource_prefix }}-test" - start_time: 2022 October 25 08:00 UTC + start_time: 2027 November 9 08:00 UTC recurrence: 40 22 * * 1-5 desired_capacity: 2 state: present @@ -87,10 +87,10 @@ - scheduled_action is changed - name: Create basic scheduled_action - ec2_asg_scheduled_action: + autoscaling_scheduled_action: autoscaling_group_name: "{{ resource_prefix }}-asg" scheduled_action_name: "{{ resource_prefix }}-test" - start_time: 2022 October 25 08:00 UTC + start_time: 2027 November 9 08:00 UTC recurrence: 40 22 * * 1-5 desired_capacity: 2 state: present @@ -101,14 +101,14 @@ that: - scheduled_action is successful - scheduled_action is changed - - scheduled_action.scheduled_action_name == "{{ resource_prefix }}-test" + - scheduled_action.scheduled_action_name == resource_prefix ~ '-test' - scheduled_action.desired_capacity == 2 - name: Create basic scheduled_action - idempotent - ec2_asg_scheduled_action: + autoscaling_scheduled_action: autoscaling_group_name: "{{ resource_prefix }}-asg" scheduled_action_name: "{{ resource_prefix }}-test" - start_time: 2022 October 25 08:00 UTC + start_time: 2027 November 9 08:00 UTC recurrence: 40 22 * * 1-5 desired_capacity: 2 state: present @@ -122,10 +122,10 @@ ## Update minimal basic scheduled action - name: Update basic scheduled_action - check_mode - ec2_asg_scheduled_action: + autoscaling_scheduled_action: autoscaling_group_name: "{{ resource_prefix }}-asg" scheduled_action_name: "{{ resource_prefix }}-test" - start_time: 2022 October 25 08:00 UTC + start_time: 2027 November 9 08:00 UTC recurrence: 40 22 * * 1-5 desired_capacity: 3 min_size: 3 @@ -140,10 +140,10 @@ - scheduled_action is changed - name: Update basic scheduled_action - ec2_asg_scheduled_action: + autoscaling_scheduled_action: autoscaling_group_name: "{{ resource_prefix }}-asg" scheduled_action_name: "{{ resource_prefix }}-test" - start_time: 2022 October 25 08:00 UTC + start_time: 2027 November 9 08:00 UTC recurrence: 40 22 * * 1-5 desired_capacity: 3 min_size: 3 @@ -155,15 +155,15 @@ that: - scheduled_action is successful - scheduled_action is changed - - scheduled_action.scheduled_action_name == "{{ resource_prefix }}-test" + - scheduled_action.scheduled_action_name == resource_prefix ~ '-test' - scheduled_action.desired_capacity == 3 - scheduled_action.min_size == 3 - name: Update basic scheduled_action - idempotent - ec2_asg_scheduled_action: + autoscaling_scheduled_action: autoscaling_group_name: "{{ resource_prefix }}-asg" scheduled_action_name: "{{ resource_prefix }}-test" - start_time: 2022 October 25 08:00 UTC + start_time: 2027 November 9 08:00 UTC recurrence: 40 22 * * 1-5 desired_capacity: 3 min_size: 3 @@ -178,11 +178,11 @@ ## Create advanced scheduled action - name: Create advanced scheduled_action - check_mode - ec2_asg_scheduled_action: + autoscaling_scheduled_action: autoscaling_group_name: "{{ resource_prefix }}-asg" scheduled_action_name: "{{ resource_prefix }}-test" - start_time: 2022 October 25 09:00 UTC - end_time: 2022 October 25 10:00 UTC + start_time: 2027 November 9 09:00 UTC + end_time: 2027 November 9 10:00 UTC time_zone: Europe/London recurrence: 40 22 * * 1-5 min_size: 2 @@ -199,11 +199,11 @@ - advanced_scheduled_action is changed - name: Create advanced scheduled_action - ec2_asg_scheduled_action: + autoscaling_scheduled_action: autoscaling_group_name: "{{ resource_prefix }}-asg" scheduled_action_name: "{{ resource_prefix }}-test1" - start_time: 2022 October 25 09:00 UTC - end_time: 2022 October 25 10:00 UTC + start_time: 2027 November 9 09:00 UTC + end_time: 2027 November 9 10:00 UTC time_zone: Europe/London recurrence: 40 22 * * 1-5 min_size: 2 @@ -217,18 +217,18 @@ that: - advanced_scheduled_action is successful - advanced_scheduled_action is changed - - advanced_scheduled_action.scheduled_action_name == "{{ resource_prefix }}-test1" + - advanced_scheduled_action.scheduled_action_name == resource_prefix ~ '-test1' - advanced_scheduled_action.desired_capacity == 2 - advanced_scheduled_action.min_size == 2 - advanced_scheduled_action.max_size == 5 - advanced_scheduled_action.time_zone == "Europe/London" - name: Create advanced scheduled_action - idempotent - ec2_asg_scheduled_action: + autoscaling_scheduled_action: autoscaling_group_name: "{{ resource_prefix }}-asg" scheduled_action_name: "{{ resource_prefix }}-test1" - start_time: 2022 October 25 09:00 UTC - end_time: 2022 October 25 10:00 UTC + start_time: 2027 November 9 09:00 UTC + end_time: 2027 November 9 10:00 UTC time_zone: Europe/London recurrence: 40 22 * * 1-5 min_size: 2 @@ -245,7 +245,7 @@ ## Delete scheduled action - name: Delete scheduled_action - check_mode - ec2_asg_scheduled_action: + autoscaling_scheduled_action: autoscaling_group_name: "{{ resource_prefix }}-asg" scheduled_action_name: "{{ resource_prefix }}-test1" state: absent @@ -259,7 +259,7 @@ - scheduled_action_deletion is changed - name: Delete scheduled_action - ec2_asg_scheduled_action: + autoscaling_scheduled_action: autoscaling_group_name: "{{ resource_prefix }}-asg" scheduled_action_name: "{{ resource_prefix }}-test1" state: absent @@ -272,7 +272,7 @@ - scheduled_action_deletion is changed - name: Delete scheduled_action - idempotent - ec2_asg_scheduled_action: + autoscaling_scheduled_action: autoscaling_group_name: "{{ resource_prefix }}-asg" scheduled_action_name: "{{ resource_prefix }}-test1" state: absent @@ -285,7 +285,7 @@ - scheduled_action_deletion is not changed always: - name: Remove ASG - ec2_asg: + autoscaling_group: name: "{{ resource_prefix }}-asg" state: absent register: removed @@ -295,7 +295,7 @@ # Remove the testing dependencies - name: Remove launch configs - ec2_lc: + autoscaling_launch_config: name: "{{ resource_prefix }}-lc" state: absent register: removed @@ -304,7 +304,7 @@ retries: 10 - name: Remove the security group - ec2_group: + ec2_security_group: name: "{{ resource_prefix }}-sg" description: a security group for ansible tests vpc_id: "{{ testing_vpc.vpc.id }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/aws_region_info/main.yml b/ansible_collections/community/aws/tests/integration/targets/aws_region_info/main.yml deleted file mode 100644 index abffda916..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/aws_region_info/main.yml +++ /dev/null @@ -1,5 +0,0 @@ -- hosts: localhost - connection: local - environment: "{{ ansible_test.environment }}" - tasks: - - include_tasks: 'tasks/tests.yml' diff --git a/ansible_collections/community/aws/tests/integration/targets/aws_region_info/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/aws_region_info/tasks/main.yml deleted file mode 100644 index 3edbbaded..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/aws_region_info/tasks/main.yml +++ /dev/null @@ -1,107 +0,0 @@ ---- -- module_defaults: - group/aws: - aws_access_key: '{{ aws_access_key | default(omit) }}' - aws_secret_key: '{{ aws_secret_key | default(omit) }}' - security_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region | default(omit) }}' - - block: - - name: 'List available Regions' - aws_region_info: - register: regions - - - name: check task return attributes - vars: - first_region: '{{ regions.regions[0] }}' - assert: - that: - - regions is successful - - regions is not changed - - '"regions" in regions' - - '"endpoint" in first_region' - - '"opt_in_status" in first_region' - - '"region_name" in first_region' - - - name: 'List available Regions - check_mode' - aws_region_info: - register: check_regions - - - name: check task return attributes - check_mode - vars: - first_region: '{{ check_regions.regions[0] }}' - assert: - that: - - check_regions is successful - - check_regions is not changed - - '"regions" in check_regions' - - '"endpoint" in first_region' - - '"opt_in_status" in first_region' - - '"region_name" in first_region' - - - name: 'Filter available Regions using - ("region-name")' - aws_region_info: - filters: - region-name: 'us-west-1' - register: us_west_1 - - - name: check task return attributes - filtering using - - vars: - first_region: '{{ us_west_1.regions[0] }}' - assert: - that: - - us_west_1 is successful - - us_west_1 is not changed - - '"regions" in us_west_1' - - us_west_1.regions | length == 1 - - '"endpoint" in first_region' - - first_region.endpoint == 'ec2.us-west-1.amazonaws.com' - - '"opt_in_status" in first_region' - - first_region.opt_in_status == 'opt-in-not-required' - - '"region_name" in first_region' - - first_region.region_name == 'us-west-1' - - - name: 'Filter available Regions using _ ("region_name")' - aws_region_info: - filters: - region_name: 'us-west-2' - register: us_west_2 - - - name: check task return attributes - filtering using _ - vars: - first_region: '{{ us_west_2.regions[0] }}' - assert: - that: - - us_west_2 is successful - - us_west_2 is not changed - - '"regions" in us_west_2' - - us_west_2.regions | length == 1 - - '"endpoint" in first_region' - - first_region.endpoint == 'ec2.us-west-2.amazonaws.com' - - '"opt_in_status" in first_region' - - first_region.opt_in_status == 'opt-in-not-required' - - '"region_name" in first_region' - - first_region.region_name == 'us-west-2' - - - name: 'Filter available Regions using _ and - to check precedence' - aws_region_info: - filters: - region-name: 'eu-west-1' - region_name: 'eu-central-1' - register: regions_prededence - - - name: check task return attributes - precedence - vars: - first_region: '{{ regions_prededence.regions[0] }}' - assert: - that: - - regions_prededence is successful - - regions_prededence is not changed - - '"regions" in regions_prededence' - - regions_prededence.regions | length == 1 - - '"endpoint" in first_region' - - first_region.endpoint == 'ec2.eu-central-1.amazonaws.com' - - '"opt_in_status" in first_region' - - first_region.opt_in_status == 'opt-in-not-required' - - '"region_name" in first_region' - - first_region.region_name == 'eu-central-1' diff --git a/ansible_collections/community/aws/tests/integration/targets/cloudformation_exports_info/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/cloudformation_exports_info/tasks/main.yml index eb703d49e..f1b99df1b 100644 --- a/ansible_collections/community/aws/tests/integration/targets/cloudformation_exports_info/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/cloudformation_exports_info/tasks/main.yml @@ -1,9 +1,9 @@ - name: set connection information for aws modules and run tasks module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" collections: - amazon.aws diff --git a/ansible_collections/community/aws/tests/integration/targets/cloudformation_stack_set/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/cloudformation_stack_set/tasks/main.yml index afd614a55..39f13a71f 100644 --- a/ansible_collections/community/aws/tests/integration/targets/cloudformation_stack_set/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/cloudformation_stack_set/tasks/main.yml @@ -5,14 +5,14 @@ - name: set up aws connection info set_fact: aws_connection_info: &aws_connection_info - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" aws_secondary_connection_info: &aws_secondary_connection_info - aws_access_key: "{{ secondary_aws_access_key }}" - aws_secret_key: "{{ secondary_aws_secret_key }}" - security_token: "{{ secondary_security_token }}" + access_key: "{{ secondary_aws_access_key }}" + secret_key: "{{ secondary_aws_secret_key }}" + session_token: "{{ secondary_security_token | default(omit) }}" region: "{{ aws_region }}" no_log: true diff --git a/ansible_collections/community/aws/tests/integration/targets/cloudfront_distribution/aliases b/ansible_collections/community/aws/tests/integration/targets/cloudfront_distribution/aliases index e04e1b287..4ef4b2067 100644 --- a/ansible_collections/community/aws/tests/integration/targets/cloudfront_distribution/aliases +++ b/ansible_collections/community/aws/tests/integration/targets/cloudfront_distribution/aliases @@ -1,4 +1 @@ -# reason: broken -disabled - cloud/aws diff --git a/ansible_collections/community/aws/tests/integration/targets/cloudfront_distribution/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/cloudfront_distribution/tasks/main.yml index a6ac0571a..281097db1 100644 --- a/ansible_collections/community/aws/tests/integration/targets/cloudfront_distribution/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/cloudfront_distribution/tasks/main.yml @@ -1,8 +1,8 @@ - module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" cloudfront_distribution: alias: "{{ cloudfront_alias | default(omit) }}" viewer_certificate: "{{ cloudfront_viewer_cert | default(omit) }}" @@ -19,12 +19,18 @@ default_cache_behavior: target_origin_id: "{{ cloudfront_hostname }}-origin.example.com" state: present - purge_origins: yes + purge_origins: true register: cf_distribution - set_fact: distribution_id: '{{ cf_distribution.id }}' + - name: ensure that default value of 'enabled' is 'true' + assert: + that: + - cf_distribution.changed + - cf_distribution.enabled + - name: ensure that default value of 'ipv6_enabled' is 'false' assert: that: @@ -49,7 +55,7 @@ cloudfront_distribution: state: present distribution_id: "{{ distribution_id }}" - ipv6_enabled: True + ipv6_enabled: true register: cf_update_ipv6 - name: ensure the 'ipv6_enabled' value has changed (new value is true) @@ -76,7 +82,7 @@ cloudfront_distribution: state: present distribution_id: "{{ distribution_id }}" - ipv6_enabled: True + ipv6_enabled: true register: cf_update_ipv6 - name: ensure the 'ipv6_enabled' value has changed (new value is true) @@ -86,45 +92,122 @@ # - not cf_update_ipv6.changed - cf_update_ipv6.is_ipv6_enabled - - name: re-run cloudfront distribution with same defaults + - name: Ensure that default value of 'http_version' is 'http2' + assert: + that: + - cf_update_ipv6.http_version == 'http2' + + - name: Update the distribution http_version to http2and3 + cloudfront_distribution: + state: present + distribution_id: "{{ distribution_id }}" + http_version: http2and3 + register: cf_update_http_version + + - name: Ensure that default value of 'http_version' is 'http2and3' + assert: + that: + - cf_update_http_version.changed + - cf_update_http_version.http_version == 'http2and3' + + # - name: re-run cloudfront distribution with same defaults + # cloudfront_distribution: + # distribution_id: "{{ distribution_id }}" + # origins: + # - domain_name: "{{ cloudfront_hostname }}-origin.example.com" + # state: present + # register: cf_dist_no_update + + # - name: ensure distribution was not updated + # assert: + # that: + # - not cf_dist_no_update.changed + + # - name: re-run cloudfront distribution using distribution id + # cloudfront_distribution: + # distribution_id: "{{ distribution_id }}" + # purge_origins: no + # state: present + # register: cf_dist_with_id + + # - name: ensure distribution was not updated + # assert: + # that: + # - not cf_dist_with_id.changed + + - name: update origin http port cloudfront_distribution: distribution_id: "{{ distribution_id }}" origins: - domain_name: "{{ cloudfront_hostname }}-origin.example.com" + custom_origin_config: + http_port: 8080 state: present - register: cf_dist_no_update + register: update_origin_http_port - - name: ensure distribution was not updated + - name: ensure http port was updated assert: that: - - not cf_dist_no_update.changed + - update_origin_http_port.changed - - name: re-run cloudfront distribution using distribution id + - name: enable origin Origin Shield cloudfront_distribution: distribution_id: "{{ distribution_id }}" - purge_origins: no + origins: + - domain_name: "{{ cloudfront_hostname }}-origin.example.com" + custom_origin_config: + http_port: 8080 + origin_shield: + enabled: true + origin_shield_region: '{{ aws_region }}' state: present - register: cf_dist_with_id + register: update_origin_origin_shield - - name: ensure distribution was not updated + - name: ensure origin Origin Shield was enabled assert: that: - - not cf_dist_with_id.changed - - - name: update origin http port + - update_origin_origin_shield.changed + - update_origin_origin_shield.origins['items'][0].origin_shield.enabled + - update_origin_origin_shield.origins['items'][0].origin_shield.origin_shield_region == aws_region + + # TODO: fix module idempotency issue + # - name: enable origin Origin Shield again to test idempotency + # cloudfront_distribution: + # distribution_id: "{{ distribution_id }}" + # origins: + # - domain_name: "{{ cloudfront_hostname }}-origin.example.com" + # custom_origin_config: + # http_port: 8080 + # origin_shield: + # enabled: true + # origin_shield_region: '{{ aws_region }}' + # state: present + # register: update_origin_origin_shield_idempotency + + # - name: test idempotency for Origin Shield + # assert: + # that: + # - not update_origin_origin_shield_idempotency.changed + # - update_origin_origin_shield_idempotency.origins['items'][0].origin_shield.enabled + # - update_origin_origin_shield_idempotency.origins['items'][0].origin_shield.origin_shield_region == '{{ aws_region }}' + + - name: disable origin Origin Shield cloudfront_distribution: distribution_id: "{{ distribution_id }}" origins: - domain_name: "{{ cloudfront_hostname }}-origin.example.com" custom_origin_config: http_port: 8080 + origin_shield: + enabled: false state: present - register: update_origin_http_port + register: update_origin_origin_shield_disable - - name: ensure http port was updated + - name: ensure origin Origin Shield was disabled assert: that: - - update_origin_http_port.changed + - update_origin_origin_shield_disable.changed + - not update_origin_origin_shield_disable.origins['items'][0].origin_shield.enabled - name: update restrictions cloudfront_distribution: @@ -167,7 +250,7 @@ id: "{{ resource_prefix }}2.example.com" default_root_object: index.html state: present - wait: yes + wait: true register: cf_add_origin - name: ensure origin was added @@ -186,7 +269,7 @@ http_port: 8080 - domain_name: "{{ resource_prefix }}2.example.com" default_root_object: index.html - wait: yes + wait: true state: present register: cf_rerun_second_origin @@ -194,7 +277,7 @@ assert: that: - cf_rerun_second_origin.origins.quantity == 2 - - not cf_rerun_second_origin.changed + # - not cf_rerun_second_origin.changed - name: run with origins in reverse order cloudfront_distribution: @@ -211,7 +294,7 @@ assert: that: - cf_rerun_second_origin_reversed.origins.quantity == 2 - - not cf_rerun_second_origin_reversed.changed + # - not cf_rerun_second_origin_reversed.changed - name: purge first origin @@ -221,7 +304,7 @@ - domain_name: "{{ resource_prefix }}2.example.com" default_cache_behavior: target_origin_id: "{{ resource_prefix }}2.example.com" - purge_origins: yes + purge_origins: true state: present register: cf_purge_origin @@ -278,12 +361,13 @@ - name: delete distribution cloudfront_distribution: distribution_id: "{{ distribution_id }}" - enabled: no - wait: yes + enabled: false + wait: true state: absent - - name: create distribution with tags + - name: create cloudfront distribution with tags and as disabled cloudfront_distribution: + enabled: false origins: - domain_name: "{{ resource_prefix }}2.example.com" id: "{{ resource_prefix }}2.example.com" @@ -296,6 +380,12 @@ - set_fact: distribution_id: '{{ cf_second_distribution.id }}' + - name: ensure that the value of 'enabled' is 'false' + assert: + that: + - cf_second_distribution.changed + - not cf_second_distribution.enabled + - name: ensure tags were set on creation assert: that: @@ -313,14 +403,14 @@ tags: ATag: tag1 Another: tag - purge_tags: yes + purge_tags: true state: present register: rerun_with_purge_tags - name: ensure that re-running didn't change assert: that: - - not rerun_with_purge_tags.changed + # - not rerun_with_purge_tags.changed - rerun_with_purge_tags.tags|length == 2 - name: add new tag to distribution @@ -330,7 +420,7 @@ - domain_name: "{{ resource_prefix }}2.example.com" tags: Third: thing - purge_tags: no + purge_tags: false state: present register: update_with_new_tag @@ -364,7 +454,7 @@ - name: check that reversing cache behaviors changes nothing when purge_cache_behaviors unset assert: that: - - not reverse_cache_behaviors.changed + # - not reverse_cache_behaviors.changed - reverse_cache_behaviors.cache_behaviors|length == 2 - name: reverse some cache behaviors properly @@ -373,7 +463,7 @@ origins: - domain_name: "{{ resource_prefix }}2.example.com" cache_behaviors: "{{ cloudfront_test_cache_behaviors|reverse|list }}" - purge_cache_behaviors: yes + purge_cache_behaviors: true state: present register: reverse_cache_behaviors_with_purge @@ -389,10 +479,10 @@ origins: - domain_name: "{{ resource_prefix }}3.example.com" id: "{{ resource_prefix }}3.example.com" - purge_origins: yes + purge_origins: true state: present register: remove_origin_in_use - ignore_errors: yes + ignore_errors: true - name: check that removing in use origin fails assert: @@ -412,18 +502,14 @@ # - path_pattern: /another/path # target_origin_id: "{{ resource_prefix }}3.example.com" # state: present - # aws_access_key: "{{ aws_access_key|default(omit) }}" - # aws_secret_key: "{{ aws_secret_key|default(omit) }}" - # security_token: "{{ security_token|default(omit) }}" - # profile: "{{ profile|default(omit) }}" # register: update_cache_behaviors in use - name: create an s3 bucket for next test # note that although public-read allows reads that we want to stop with origin_access_identity, # we also need to test without origin_access_identity and it's hard to change bucket perms later - aws_s3: - bucket: "{{ resource_prefix }}-bucket" - mode: create + s3_bucket: + name: "{{ resource_prefix }}-bucket" + state: present - name: update origin to point to the s3 bucket cloudfront_distribution: @@ -431,7 +517,7 @@ origins: - domain_name: "{{ resource_prefix }}-bucket.s3.amazonaws.com" id: "{{ resource_prefix }}3.example.com" - s3_origin_access_identity_enabled: yes + s3_origin_access_identity_enabled: true state: present register: update_origin_to_s3 @@ -448,7 +534,7 @@ origins: - domain_name: "{{ resource_prefix }}-bucket.s3.amazonaws.com" id: "{{ resource_prefix }}3.example.com" - s3_origin_access_identity_enabled: no + s3_origin_access_identity_enabled: false state: present register: update_origin_to_s3_without_origin_access @@ -460,9 +546,9 @@ loop: "{{ update_origin_to_s3_without_origin_access.origins['items'] }}" - name: delete the s3 bucket - aws_s3: - bucket: "{{ resource_prefix }}-bucket" - mode: delete + s3_bucket: + name: "{{ resource_prefix }}-bucket" + state: absent - name: check that custom_origin_config can't be used with origin_access_identity enabled cloudfront_distribution: @@ -470,18 +556,64 @@ origins: - domain_name: "{{ resource_prefix }}-bucket.s3.amazonaws.com" id: "{{ resource_prefix }}3.example.com" - s3_origin_access_identity_enabled: yes + s3_origin_access_identity_enabled: true custom_origin_config: origin_protocol_policy: 'http-only' state: present register: update_origin_to_s3_with_origin_access_and_with_custom_origin_config - ignore_errors: True + ignore_errors: true - name: check that custom origin with origin access identity fails + # "s3 origin domains and custom_origin_config are mutually exclusive" + assert: + that: + - update_origin_to_s3_with_origin_access_and_with_custom_origin_config.failed + + - name: check that custom_origin_config can't be used with an region-agnostic S3 domain + cloudfront_distribution: + distribution_id: "{{ distribution_id }}" + origins: + - domain_name: "{{ resource_prefix }}-bucket.s3.{{ aws_region }}.amazonaws.com" + id: "{{ resource_prefix }}3.example.com" + custom_origin_config: + http_port: 8080 + state: present + register: update_origin_to_s3_with_origin_access_and_with_custom_origin_config + ignore_errors: true + + - name: check that custom origin with region-agnostic S3 domain fails + # "s3 origin domains and custom_origin_config are mutually exclusive" + assert: + that: + - update_origin_to_s3_with_origin_access_and_with_custom_origin_config.failed + + - name: check that custom_origin_config can't be used with an region-aware S3 domain + cloudfront_distribution: + distribution_id: "{{ distribution_id }}" + origins: + - domain_name: "{{ resource_prefix }}-bucket.s3.amazonaws.com" + id: "{{ resource_prefix }}3.example.com" + custom_origin_config: + http_port: 8080 + state: present + register: update_origin_to_s3_with_origin_access_and_with_custom_origin_config + ignore_errors: true + + - name: check that custom origin with region-aware S3 domain fails + # "s3 origin domains and custom_origin_config are mutually exclusive" assert: that: - update_origin_to_s3_with_origin_access_and_with_custom_origin_config.failed + - name: create cloudfront distribution origin access identity + cloudfront_origin_access_identity: + state: present + comment: "this is a sample origin access identity" + register: _origin_access_id + + - set_fact: + origin_access_identity: 'origin-access-identity/cloudfront/{{ _origin_access_id.cloud_front_origin_access_identity.id }}' + - name: Update distribution to use specific access identity cloudfront_distribution: distribution_id: "{{ distribution_id }}" @@ -490,25 +622,61 @@ domain_name: "{{ resource_prefix }}.s3.amazonaws.com" s3_origin_access_identity_enabled: true s3_origin_config: - origin_access_identity: origin-access-identity/cloudfront/ANYTHING - register: update_distribution_with_specific_access_identity + origin_access_identity: '{{ origin_access_identity }}' + register: result - name: check that custom origin uses the provided origin_access_identity assert: that: - - update_distribution_with_specific_access_identity.changed - - update_distribution_with_specific_access_identity.origins.items[0].s3_origin_config.origin_access_identity == 'origin-access-identity/cloudfront/ANYTHING' + - result.changed + - result.origins['quantity'] > 0 + - result.origins['items'] | selectattr('s3_origin_config', 'defined') | map(attribute='s3_origin_config') | selectattr('origin_access_identity', 'eq', origin_access_identity) | list | length == 1 + + - name: update distribution to use cache_policy_id and origin_request_policy_id + cloudfront_distribution: + distribution_id: "{{ distribution_id }}" + default_cache_behavior: + cache_policy_id: "658327ea-f89d-4fab-a63d-7e88639e58f6" + origin_request_policy_id: "88a5eaf4-2fd4-4709-b370-b4c650ea3fcf" + state: present + register: update_distribution_with_cache_policies + + - name: ensure that the cache_policy_id and origin_request_policy_id was set + assert: + that: + - update_distribution_with_cache_policies.changed + - update_distribution_with_cache_policies.default_cache_behavior.cache_policy_id == '658327ea-f89d-4fab-a63d-7e88639e58f6' + - update_distribution_with_cache_policies.default_cache_behavior.origin_request_policy_id == '88a5eaf4-2fd4-4709-b370-b4c650ea3fcf' always: # TEARDOWN STARTS HERE - name: delete the s3 bucket - aws_s3: - bucket: "{{ resource_prefix }}-bucket" - mode: delete + s3_bucket: + name: "{{ resource_prefix }}-bucket" + state: absent + force: true + ignore_errors: true - name: clean up cloudfront distribution cloudfront_distribution: - distribution_id: "{{ distribution_id }}" - enabled: no - wait: yes + distribution_id: "{{ item }}" + enabled: false + wait: true state: absent + register: delete_distribution + ignore_errors: true + async: 1000 + poll: 0 + with_items: + - '{{ cf_second_distribution.id }}' + - '{{ cf_distribution.id }}' + + - name: Wait for cloudfront to be deleted + async_status: + jid: "{{ item.ansible_job_id }}" + register: _delete + until: _delete.finished + retries: 100 + delay: 5 + loop: "{{ delete_distribution.results }}" + ignore_errors: true diff --git a/ansible_collections/community/aws/tests/integration/targets/cloudfront_invalidation/aliases b/ansible_collections/community/aws/tests/integration/targets/cloudfront_invalidation/aliases new file mode 100644 index 000000000..c282df0b0 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/cloudfront_invalidation/aliases @@ -0,0 +1,3 @@ +cloudfront_distribution_info + +cloud/aws
\ No newline at end of file diff --git a/ansible_collections/community/aws/tests/integration/targets/cloudfront_invalidation/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/cloudfront_invalidation/defaults/main.yml new file mode 100644 index 000000000..9e7265251 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/cloudfront_invalidation/defaults/main.yml @@ -0,0 +1,2 @@ +--- +cloudfront_hostname: "{{ resource_prefix }}01" diff --git a/ansible_collections/community/aws/tests/integration/targets/cloudfront_invalidation/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/cloudfront_invalidation/tasks/main.yml new file mode 100644 index 000000000..b42c8915c --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/cloudfront_invalidation/tasks/main.yml @@ -0,0 +1,85 @@ +- module_defaults: + group/aws: + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" + + collections: + - amazon.aws + + block: + - name: create cloudfront distribution using defaults + cloudfront_distribution: + origins: + - domain_name: "{{ cloudfront_hostname }}-origin.example.com" + id: "{{ cloudfront_hostname }}-origin.example.com" + default_cache_behavior: + target_origin_id: "{{ cloudfront_hostname }}-origin.example.com" + state: present + register: _distribution + + - set_fact: + distribution_id: '{{ _distribution.id }}' + caller_reference: '{{ _distribution.caller_reference }}' + + - name: create cloudfront invalidation + cloudfront_invalidation: + distribution_id: '{{ distribution_id }}' + target_paths: + - '/path/invalidation' + + - name: get cloudfront invalidation + cloudfront_distribution_info: + distribution_id: '{{ distribution_id }}' + list_invalidations: true + register: distribution_info + + - name: Ensure cloudfront distribution has 1 invalidation + assert: + that: + - distribution_info.cloudfront.invalidations | length == 1 + + - name: create cloudfront invalidation with caller reference + cloudfront_invalidation: + distribution_id: '{{ distribution_id }}' + target_paths: + - '/invalidation/*' + caller_reference: '{{ caller_reference }}' + register: _invalidation + + - name: Ensure invalidation was created with expected caller reference + assert: + that: + - _invalidation.invalidation.invalidation_batch.caller_reference == caller_reference + + - name: get cloudfront invalidation + cloudfront_distribution_info: + distribution_id: '{{ distribution_id }}' + list_invalidations: true + register: distribution_info + + - name: Ensure cloudfront distribution has 2 invalidations + assert: + that: + - distribution_info.cloudfront.invalidations | length == 2 + + - name: get cloudfront invalidation + cloudfront_distribution_info: + distribution_id: '{{ distribution_id }}' + invalidation_id: '{{ _invalidation.invalidation.id }}' + invalidation: true + register: invalidation_info + + - name: Ensure invalidation info was retrieved + assert: + that: + - _invalidation.invalidation.id in invalidation_info.cloudfront + + always: + - name: clean up cloudfront distribution + cloudfront_distribution: + distribution_id: "{{ _distribution.id }}" + enabled: false + wait: false + state: absent + ignore_errors: true diff --git a/ansible_collections/community/aws/tests/integration/targets/cloudfront_origin_access_identity/aliases b/ansible_collections/community/aws/tests/integration/targets/cloudfront_origin_access_identity/aliases new file mode 100644 index 000000000..c282df0b0 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/cloudfront_origin_access_identity/aliases @@ -0,0 +1,3 @@ +cloudfront_distribution_info + +cloud/aws
\ No newline at end of file diff --git a/ansible_collections/community/aws/tests/integration/targets/cloudfront_origin_access_identity/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/cloudfront_origin_access_identity/defaults/main.yml new file mode 100644 index 000000000..9e7265251 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/cloudfront_origin_access_identity/defaults/main.yml @@ -0,0 +1,2 @@ +--- +cloudfront_hostname: "{{ resource_prefix }}01" diff --git a/ansible_collections/community/aws/tests/integration/targets/cloudfront_origin_access_identity/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/cloudfront_origin_access_identity/tasks/main.yml new file mode 100644 index 000000000..9259108bc --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/cloudfront_origin_access_identity/tasks/main.yml @@ -0,0 +1,153 @@ +- module_defaults: + group/aws: + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" + + collections: + - amazon.aws + + block: + - name: create cloudfront distribution using defaults + cloudfront_distribution: + origins: + - domain_name: "{{ cloudfront_hostname }}-origin.example.com" + id: "{{ cloudfront_hostname }}-origin.example.com" + default_cache_behavior: + target_origin_id: "{{ cloudfront_hostname }}-origin.example.com" + state: present + register: _distribution + + - set_fact: + distribution_id: '{{ _distribution.id }}' + caller_reference: '{{ _distribution.caller_reference }}' + + - name: create cloudfront distribution origin access identity + cloudfront_origin_access_identity: + state: present + comment: "this is a sample origin access identity" + register: _origin_access_id + + - name: get cloudfront distribution origin access + cloudfront_distribution_info: + distribution_id: '{{ distribution_id }}' + list_origin_access_identities: true + register: distribution_info + + - name: Ensure cloudfront distribution origin access identity exists + assert: + that: + - oid in origin_access_ids + vars: + origin_access_ids: '{{ distribution_info.cloudfront.origin_access_identities | map(attribute="Id") | list }}' + oid: '{{ _origin_access_id.cloud_front_origin_access_identity.id }}' + + - name: Update cloudfront origin access identity + cloudfront_origin_access_identity: + state: present + comment: "this origin access identity comment has been updated" + origin_access_identity_id: '{{ _origin_access_id.cloud_front_origin_access_identity.id }}' + register: _updated_origin_access_id + + - name: Ensure cloudfront origin access was updated + assert: + that: + - _updated_origin_access_id is changed + - orig_access_config.comment == "this origin access identity comment has been updated" + vars: + orig_access_config: '{{ _updated_origin_access_id.cloud_front_origin_access_identity.cloud_front_origin_access_identity_config }}' + + - name: Update cloudfront origin access identity once again + cloudfront_origin_access_identity: + state: present + comment: "this origin access identity comment has been updated" + origin_access_identity_id: '{{ _origin_access_id.cloud_front_origin_access_identity.id }}' + register: _update_idempotency + + - name: Ensure idempotency did not report change + assert: + that: + - _update_idempotency is not changed + + - name: create another cloudfront distribution origin access identity with caller reference + cloudfront_origin_access_identity: + state: present + comment: "this is another origin access identity" + caller_reference: '{{ caller_reference }}' + register: _another_origin_access_id + + - name: Ensure invalidation was created with expected caller reference + assert: + that: + - _another_origin_access_id.cloud_front_origin_access_identity.cloud_front_origin_access_identity_config.caller_reference == caller_reference + + - name: get cloudfront origin access identities + cloudfront_distribution_info: + distribution_id: '{{ distribution_id }}' + list_origin_access_identities: true + register: distribution_info + + - name: Ensure cloudfront distribution origin access identity exists + assert: + that: + - first_oid in origin_access_ids + - another_oid in origin_access_ids + vars: + origin_access_ids: '{{ distribution_info.cloudfront.origin_access_identities | map(attribute="Id") | list }}' + first_oid: '{{ _origin_access_id.cloud_front_origin_access_identity.id }}' + another_oid: '{{ _another_origin_access_id.cloud_front_origin_access_identity.id }}' + + - name: get cloudfront origin access + cloudfront_distribution_info: + distribution_id: '{{ distribution_id }}' + origin_access_identity_id: '{{ _another_origin_access_id.cloud_front_origin_access_identity.id }}' + origin_access_identity: true + register: invalidation_info + + - name: Ensure invalidation info was retrieved + assert: + that: + - _another_origin_access_id.cloud_front_origin_access_identity.id in invalidation_info.cloudfront + + - name: Delete cloudfront origin access + cloudfront_origin_access_identity: + state: absent + origin_access_identity_id: '{{ _another_origin_access_id.cloud_front_origin_access_identity.id }}' + register: _delete_origin_access + + - name: Ensure origin access identity was deleted + assert: + that: + - _delete_origin_access is changed + + - name: list cloudfront origin access identities + cloudfront_distribution_info: + list_origin_access_identities: true + register: origin_access_identities + + - name: Ensure deleted origin access identity is not part of the list + assert: + that: + - _another_origin_access_id.cloud_front_origin_access_identity.id not in origin_access_ids + vars: + origin_access_ids: '{{ origin_access_identities.cloudfront.origin_access_identities | map(attribute="Id") | list}}' + + - name: Delete cloudfront origin access once again + cloudfront_origin_access_identity: + state: absent + origin_access_identity_id: '{{ _another_origin_access_id.cloud_front_origin_access_identity.id }}' + register: _delete_origin_access + + - name: Ensure origin access identity was deleted + assert: + that: + - _delete_origin_access is not changed + + always: + - name: clean up cloudfront distribution + cloudfront_distribution: + distribution_id: "{{ _distribution.id }}" + enabled: false + wait: false + state: absent + ignore_errors: true diff --git a/ansible_collections/community/aws/tests/integration/targets/cloudfront_reponse_headers_policy/task/main.yml b/ansible_collections/community/aws/tests/integration/targets/cloudfront_reponse_headers_policy/task/main.yml index ee30f5ab5..5bab44f9f 100644 --- a/ansible_collections/community/aws/tests/integration/targets/cloudfront_reponse_headers_policy/task/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/cloudfront_reponse_headers_policy/task/main.yml @@ -3,9 +3,9 @@ - name: Integration testing for the cloudfront_response_headers_policy module module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: @@ -24,7 +24,7 @@ that: - create_result is changed - create_result is not failed - - create_result.response_headers_policy.response_headers_policy_config.name == "{{ resource_prefix }}-my-header-policy" + - create_result.response_headers_policy.response_headers_policy_config.name == resource_prefix ~ '-my-header-policy' - name: Rerun same task to ensure idempotence cloudfront_response_headers_policy: diff --git a/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/description.yml b/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/description.yml index 13c12b5b6..e52c4326f 100644 --- a/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/description.yml +++ b/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/description.yml @@ -4,14 +4,14 @@ description_two: 'Another_Description - {{ resource_prefix }}' # Mandatory settings module_defaults: - community.aws.aws_codebuild: + community.aws.codebuild_project: name: '{{ project_name }}' # community.aws.aws_codebuild_info: # name: '{{ project_name }}' block: # - name: test setting description aws_codebuild (check mode) -# aws_codebuild: +# codebuild_project: # description: '{{ description_one }}' # register: update_result # check_mode: yes @@ -21,7 +21,7 @@ # - update_result is changed - name: test setting description aws_codebuild - aws_codebuild: + codebuild_project: description: '{{ description_one }}' register: update_result - name: assert that update succeeded @@ -31,7 +31,7 @@ - update_result.project.description == description_one # - name: test setting description aws_codebuild - idempotency (check mode) -# aws_codebuild: +# codebuild_project: # description: '{{ description_one }}' # register: update_result # check_mode: yes @@ -41,7 +41,7 @@ # - update_result is not changed - name: test setting description aws_codebuild - idempotency - aws_codebuild: + codebuild_project: description: '{{ description_one }}' register: update_result - name: assert that update succeeded @@ -53,7 +53,7 @@ ### # - name: test updating description on aws_codebuild (check mode) -# aws_codebuild: +# codebuild_project: # description: '{{ description_two }}' # register: update_result # check_mode: yes @@ -63,7 +63,7 @@ # - update_result is changed - name: test updating description on aws_codebuild - aws_codebuild: + codebuild_project: description: '{{ description_two }}' register: update_result - name: assert that update succeeded @@ -73,7 +73,7 @@ - update_result.project.description == description_two # - name: test updating description on aws_codebuild - idempotency (check mode) -# aws_codebuild: +# codebuild_project: # description: '{{ description_two }}' # register: update_result # check_mode: yes @@ -83,7 +83,7 @@ # - update_result is not changed - name: test updating description on aws_codebuild - idempotency - aws_codebuild: + codebuild_project: description: '{{ description_two }}' register: update_result - name: assert that update succeeded @@ -105,7 +105,7 @@ # ### # - name: test no description param aws_codebuild (check mode) -# aws_codebuild: {} +# codebuild_project: {} # register: update_result # check_mode: yes # - name: assert no change @@ -116,7 +116,7 @@ - name: test no description param aws_codebuild - aws_codebuild: {} + codebuild_project: {} register: update_result - name: assert no change assert: diff --git a/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/main.yml index f674aba24..3f8a22fd7 100644 --- a/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/main.yml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: @@ -27,7 +27,7 @@ # ================== integration test ========================================== - name: create CodeBuild project - aws_codebuild: + codebuild_project: name: "{{ project_name }}" description: Build project for testing the Ansible aws_codebuild module service_role: "{{ codebuild_iam_role.iam_role.arn }}" @@ -48,7 +48,7 @@ environment_variables: - { name: 'FOO_ENV', value: 'other' } tags: - - { key: 'purpose', value: 'ansible-test' } + purpose: 'ansible-test' state: present register: output retries: 10 @@ -61,7 +61,7 @@ - output.project.resource_tags.purpose == "ansible-test" - name: idempotence check rerunning same Codebuild task - aws_codebuild: + codebuild_project: name: "{{ project_name }}" description: Build project for testing the Ansible aws_codebuild module service_role: "{{ codebuild_iam_role.iam_role.arn }}" @@ -83,7 +83,7 @@ environment_variables: - { name: 'FOO_ENV', value: 'other' } tags: - - { key: 'purpose', value: 'ansible-test' } + purpose: 'ansible-test' state: present register: rerun_test_output @@ -96,7 +96,7 @@ - include_tasks: 'description.yml' - name: delete CodeBuild project - aws_codebuild: + codebuild_project: name: "{{ output.project.name }}" source: type: CODEPIPELINE diff --git a/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/tagging.yml b/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/tagging.yml index a26f2a337..2e31df2d8 100644 --- a/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/tagging.yml +++ b/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/tagging.yml @@ -27,7 +27,7 @@ new_snake_case_key: snake_case_value # Mandatory settings module_defaults: - community.aws.aws_codebuild: + community.aws.codebuild_project: name: '{{ project_name }}' # community.aws.aws_codebuild_info: # name: '{{ project_name }}' @@ -36,7 +36,7 @@ ### # - name: test adding tags to aws_codebuild (check mode) -# aws_codebuild: +# codebuild_project: # resource_tags: '{{ first_tags }}' # purge_tags: True # register: update_result @@ -47,7 +47,7 @@ # - update_result is changed - name: test adding tags to aws_codebuild - aws_codebuild: + codebuild_project: resource_tags: '{{ first_tags }}' purge_tags: True register: update_result @@ -58,7 +58,7 @@ - update_result.project.resource_tags == first_tags # - name: test adding tags to aws_codebuild - idempotency (check mode) -# aws_codebuild: +# codebuild_project: # resource_tags: '{{ first_tags }}' # purge_tags: True # register: update_result @@ -69,7 +69,7 @@ # - update_result is not changed - name: test adding tags to aws_codebuild - idempotency - aws_codebuild: + codebuild_project: resource_tags: '{{ first_tags }}' purge_tags: True register: update_result @@ -82,7 +82,7 @@ ### # - name: test updating tags with purge on aws_codebuild (check mode) -# aws_codebuild: +# codebuild_project: # resource_tags: '{{ second_tags }}' # purge_tags: True # register: update_result @@ -93,7 +93,7 @@ # - update_result is changed - name: test updating tags with purge on aws_codebuild - aws_codebuild: + codebuild_project: resource_tags: '{{ second_tags }}' purge_tags: True register: update_result @@ -104,7 +104,7 @@ - update_result.project.resource_tags == second_tags # - name: test updating tags with purge on aws_codebuild - idempotency (check mode) -# aws_codebuild: +# codebuild_project: # resource_tags: '{{ second_tags }}' # purge_tags: True # register: update_result @@ -115,7 +115,7 @@ # - update_result is not changed - name: test updating tags with purge on aws_codebuild - idempotency - aws_codebuild: + codebuild_project: resource_tags: '{{ second_tags }}' purge_tags: True register: update_result @@ -128,7 +128,7 @@ ### # - name: test updating tags without purge on aws_codebuild (check mode) -# aws_codebuild: +# codebuild_project: # resource_tags: '{{ third_tags }}' # purge_tags: False # register: update_result @@ -139,7 +139,7 @@ # - update_result is changed - name: test updating tags without purge on aws_codebuild - aws_codebuild: + codebuild_project: resource_tags: '{{ third_tags }}' purge_tags: False register: update_result @@ -150,7 +150,7 @@ - update_result.project.resource_tags == final_tags # - name: test updating tags without purge on aws_codebuild - idempotency (check mode) -# aws_codebuild: +# codebuild_project: # resource_tags: '{{ third_tags }}' # purge_tags: False # register: update_result @@ -161,7 +161,7 @@ # - update_result is not changed - name: test updating tags without purge on aws_codebuild - idempotency - aws_codebuild: + codebuild_project: resource_tags: '{{ third_tags }}' purge_tags: False register: update_result @@ -184,7 +184,7 @@ # ### # - name: test no tags param aws_codebuild (check mode) -# aws_codebuild: {} +# codebuild_project: {} # register: update_result # check_mode: yes # - name: assert no change @@ -195,7 +195,7 @@ # - name: test no tags param aws_codebuild - aws_codebuild: {} + codebuild_project: {} register: update_result - name: assert no change assert: @@ -206,7 +206,7 @@ ### # - name: test removing tags from aws_codebuild (check mode) -# aws_codebuild: +# codebuild_project: # resource_tags: {} # purge_tags: True # register: update_result @@ -217,7 +217,7 @@ # - update_result is changed - name: test removing tags from aws_codebuild - aws_codebuild: + codebuild_project: resource_tags: {} purge_tags: True register: update_result @@ -228,7 +228,7 @@ - update_result.project.resource_tags == {} # - name: test removing tags from aws_codebuild - idempotency (check mode) -# aws_codebuild: +# codebuild_project: # resource_tags: {} # purge_tags: True # register: update_result @@ -239,7 +239,7 @@ # - update_result is not changed - name: test removing tags from aws_codebuild - idempotency - aws_codebuild: + codebuild_project: resource_tags: {} purge_tags: True register: update_result diff --git a/ansible_collections/community/aws/tests/integration/targets/codecommit_repository/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/codecommit_repository/tasks/main.yml index acf194e1e..62dd1653b 100644 --- a/ansible_collections/community/aws/tests/integration/targets/codecommit_repository/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/codecommit_repository/tasks/main.yml @@ -1,14 +1,14 @@ --- - module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" block: # ============================================================ - name: Create a repository (CHECK MODE) - aws_codecommit: + codecommit_repository: name: "{{ resource_prefix }}_repo" description: original comment state: present @@ -19,7 +19,7 @@ - output is changed - name: Create a repository - aws_codecommit: + codecommit_repository: name: "{{ resource_prefix }}_repo" description: original comment state: present @@ -27,11 +27,11 @@ - assert: that: - output is changed - - output.repository_metadata.repository_name == '{{ resource_prefix }}_repo' + - output.repository_metadata.repository_name == resource_prefix ~ '_repo' - output.repository_metadata.repository_description == 'original comment' - name: No-op update to repository - aws_codecommit: + codecommit_repository: name: "{{ resource_prefix }}_repo" description: original comment state: present @@ -39,11 +39,11 @@ - assert: that: - output is not changed - - output.repository_metadata.repository_name == '{{ resource_prefix }}_repo' + - output.repository_metadata.repository_name == resource_prefix ~ '_repo' - output.repository_metadata.repository_description == 'original comment' - name: Update repository description (CHECK MODE) - aws_codecommit: + codecommit_repository: name: "{{ resource_prefix }}_repo" description: new comment state: present @@ -52,11 +52,11 @@ - assert: that: - output is changed - - output.repository_metadata.repository_name == '{{ resource_prefix }}_repo' + - output.repository_metadata.repository_name == resource_prefix ~ '_repo' - output.repository_metadata.repository_description == 'original comment' - name: Update repository description - aws_codecommit: + codecommit_repository: name: "{{ resource_prefix }}_repo" description: new comment state: present @@ -64,12 +64,12 @@ - assert: that: - output is changed - - output.repository_metadata.repository_name == '{{ resource_prefix }}_repo' + - output.repository_metadata.repository_name == resource_prefix ~ '_repo' - output.repository_metadata.repository_description == 'new comment' # ============================================================ - name: Delete a repository (CHECK MODE) - aws_codecommit: + codecommit_repository: name: "{{ resource_prefix }}_repo" state: absent register: output @@ -79,7 +79,7 @@ - output is changed - name: Delete a repository - aws_codecommit: + codecommit_repository: name: "{{ resource_prefix }}_repo" state: absent register: output @@ -88,7 +88,7 @@ - output is changed - name: Delete a non-existent repository - aws_codecommit: + codecommit_repository: name: "{{ resource_prefix }}_repo" state: absent register: output @@ -97,27 +97,27 @@ - output is not changed - name: Create a repository without description - aws_codecommit: + codecommit_repository: name: "{{ resource_prefix }}_repo" state: present register: output - assert: that: - output is changed - - output.repository_metadata.repository_name == '{{ resource_prefix }}_repo' + - output.repository_metadata.repository_name == resource_prefix ~ '_repo' - name: No-op update to repository without description - aws_codecommit: + codecommit_repository: name: "{{ resource_prefix }}_repo" state: present register: output - assert: that: - output is not changed - - output.repository_metadata.repository_name == '{{ resource_prefix }}_repo' + - output.repository_metadata.repository_name == resource_prefix ~ '_repo' - name: Delete a repository without description - aws_codecommit: + codecommit_repository: name: "{{ resource_prefix }}_repo" state: absent register: output @@ -128,7 +128,7 @@ always: ###### TEARDOWN STARTS HERE ###### - name: Delete a repository - aws_codecommit: + codecommit_repository: name: "{{ resource_prefix }}_repo" state: absent ignore_errors: yes diff --git a/ansible_collections/community/aws/tests/integration/targets/codepipeline/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/codepipeline/tasks/main.yml index 2e8e7d8f3..57353ed8a 100644 --- a/ansible_collections/community/aws/tests/integration/targets/codepipeline/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/codepipeline/tasks/main.yml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: @@ -23,7 +23,7 @@ # ================== integration test ========================================== - name: create CodePipeline - aws_codepipeline: + codepipeline: name: "{{ codepipeline_name }}" role_arn: "{{ codepipeline_iam_role.iam_role.arn }}" artifact_store: @@ -66,11 +66,11 @@ - assert: that: - output.changed == True - - output.pipeline.name == "{{ codepipeline_name }}" + - output.pipeline.name == codepipeline_name - output.pipeline.stages|length > 1 - name: idempotence check rerunning same CodePipeline task - aws_codepipeline: + codepipeline: name: "{{ codepipeline_name }}" role_arn: "{{ codepipeline_iam_role.iam_role.arn }}" artifact_store: @@ -113,7 +113,7 @@ - rerun_test_output.pipeline == output.pipeline - name: Test deletion of CodePipeline - aws_codepipeline: + codepipeline: name: "{{ codepipeline_name }}" role_arn: '' artifact_store: {} @@ -131,7 +131,7 @@ always: - name: Cleanup - delete test CodePipeline - aws_codepipeline: + codepipeline: name: "{{ codepipeline_name }}" role_arn: '' artifact_store: {} diff --git a/ansible_collections/community/aws/tests/integration/targets/config/defaults/main.yaml b/ansible_collections/community/aws/tests/integration/targets/config/defaults/main.yaml index 26b39c583..3beeca841 100644 --- a/ansible_collections/community/aws/tests/integration/targets/config/defaults/main.yaml +++ b/ansible_collections/community/aws/tests/integration/targets/config/defaults/main.yaml @@ -1,4 +1,5 @@ --- config_s3_bucket: '{{ resource_prefix }}-config-records' +config_kms_key: '{{ resource_prefix }}-kms' config_sns_name: '{{ resource_prefix }}-delivery-channel-test-topic' config_role_name: 'ansible-test-{{ resource_prefix }}' diff --git a/ansible_collections/community/aws/tests/integration/targets/config/tasks/main.yaml b/ansible_collections/community/aws/tests/integration/targets/config/tasks/main.yaml index 313f9f677..244c4b29b 100644 --- a/ansible_collections/community/aws/tests/integration/targets/config/tasks/main.yaml +++ b/ansible_collections/community/aws/tests/integration/targets/config/tasks/main.yaml @@ -4,15 +4,22 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: # ============================================================ # Prerequisites # ============================================================ + - name: get ARN of calling user + aws_caller_info: + register: aws_caller_info + + - name: Store Account ID for later use + set_fact: + aws_account_id: "{{ aws_caller_info.account }}" - name: ensure IAM role exists iam_role: @@ -21,7 +28,7 @@ state: present create_instance_profile: no managed_policy: - - 'arn:aws:iam::aws:policy/service-role/AWSConfigRole' + - arn:aws:iam::aws:policy/service-role/AWS_ConfigRole register: config_iam_role - name: ensure SNS topic exists @@ -37,6 +44,12 @@ s3_bucket: name: "{{ config_s3_bucket }}" + - name: ensure KMS key exists + kms_key: + alias: "{{ config_kms_key }}" + policy: "{{ lookup('template', 'config-kms-policy.json.j2') }}" + register: kms_key + - name: ensure S3 access for IAM role iam_policy: iam_type: role @@ -49,7 +62,7 @@ # Module requirement testing # ============================================================ - name: test rule with no source parameter - aws_config_rule: + config_rule: name: random_name state: present register: output @@ -62,7 +75,7 @@ - 'output.msg.startswith("missing required arguments:")' - name: test resource_type delivery_channel with no s3_bucket parameter - aws_config_delivery_channel: + config_delivery_channel: name: random_name state: present register: output @@ -75,7 +88,7 @@ - 'output.msg.startswith("missing required arguments:")' - name: test resource_type configuration_recorder with no role_arn parameter - aws_config_recorder: + config_recorder: name: random_name state: present register: output @@ -88,7 +101,7 @@ - 'output.msg.startswith("state is present but all of the following are missing")' - name: test resource_type configuration_recorder with no recording_group parameter - aws_config_recorder: + config_recorder: name: random_name state: present role_arn: 'arn:aws:iam::123456789012:role/AwsConfigRecorder' @@ -102,7 +115,7 @@ - 'output.msg.startswith("state is present but all of the following are missing")' - name: test resource_type aggregation_authorization with no authorized_account_id parameter - aws_config_aggregation_authorization: + config_aggregation_authorization: state: present register: output ignore_errors: true @@ -114,7 +127,7 @@ - 'output.msg.startswith("missing required arguments:")' - name: test resource_type aggregation_authorization with no authorized_aws_region parameter - aws_config_aggregation_authorization: + config_aggregation_authorization: state: present authorized_account_id: '123456789012' register: output @@ -127,7 +140,7 @@ - 'output.msg.startswith("missing required arguments:")' - name: test resource_type configuration_aggregator with no account_sources parameter - aws_config_aggregator: + config_aggregator: name: random_name state: present register: output @@ -140,7 +153,7 @@ - 'output.msg.startswith("missing required arguments: account_sources")' - name: test resource_type configuration_aggregator with no organization_source parameter - aws_config_aggregator: + config_aggregator: name: random_name state: present account_sources: [] @@ -157,7 +170,7 @@ # Creation testing # ============================================================ - name: Create Configuration Recorder for AWS Config - aws_config_recorder: + config_recorder: name: '{{ resource_prefix }}-recorder' state: present role_arn: "{{ config_iam_role.arn }}" @@ -171,11 +184,26 @@ - output.changed - name: Create Delivery Channel for AWS Config - aws_config_delivery_channel: + config_delivery_channel: + name: '{{ resource_prefix }}-channel' + state: present + s3_bucket: "{{ config_s3_bucket }}" + s3_prefix: "foo/bar" + sns_topic_arn: "{{ config_sns_topic.sns_arn }}" + delivery_frequency: 'Twelve_Hours' + register: output + + - assert: + that: + - output.changed + + - name: Create Delivery Channel for AWS Config with a KMS key + config_delivery_channel: name: '{{ resource_prefix }}-channel' state: present s3_bucket: "{{ config_s3_bucket }}" s3_prefix: "foo/bar" + kms_key_arn: "{{ kms_key.key_arn }}" sns_topic_arn: "{{ config_sns_topic.sns_arn }}" delivery_frequency: 'Twelve_Hours' register: output @@ -185,7 +213,7 @@ - output.changed - name: Create Config Rule for AWS Config - aws_config_rule: + config_rule: name: '{{ resource_prefix }}-rule' state: present description: 'This AWS Config rule checks for public write access on S3 buckets' @@ -202,7 +230,7 @@ - output.changed - name: Create aws_config_aggregator - aws_config_aggregator: + config_aggregator: name: random_name state: present account_sources: [] @@ -217,7 +245,7 @@ - output is changed - name: Create aws_config_aggregator - idempotency - aws_config_aggregator: + config_aggregator: name: random_name state: present account_sources: [] @@ -235,7 +263,7 @@ # Update testing # ============================================================ - name: Update Configuration Recorder - aws_config_recorder: + config_recorder: name: '{{ resource_prefix }}-recorder' state: present role_arn: "{{ config_iam_role.arn }}" @@ -251,7 +279,7 @@ - output.changed - name: Update Delivery Channel - aws_config_delivery_channel: + config_delivery_channel: name: '{{ resource_prefix }}-channel' state: present s3_bucket: "{{ config_s3_bucket }}" @@ -263,8 +291,22 @@ that: - output.changed + - name: Update Delivery Channel with KMS key + config_delivery_channel: + name: '{{ resource_prefix }}-channel' + state: present + s3_bucket: "{{ config_s3_bucket }}" + sns_topic_arn: "{{ config_sns_topic.sns_arn }}" + kms_key_arn: "{{ kms_key.key_arn }}" + delivery_frequency: 'TwentyFour_Hours' + register: output + + - assert: + that: + - output.changed + - name: Update Config Rule - aws_config_rule: + config_rule: name: '{{ resource_prefix }}-rule' state: present description: 'This AWS Config rule checks for public write access on S3 buckets' @@ -281,7 +323,7 @@ - output.changed - name: Update Config Rule - idempotency - aws_config_rule: + config_rule: name: '{{ resource_prefix }}-rule' state: present description: 'This AWS Config rule checks for public write access on S3 buckets' @@ -298,7 +340,7 @@ - output is not changed - name: Update aws_config_aggregator - aws_config_aggregator: + config_aggregator: name: random_name state: present account_sources: [] @@ -315,7 +357,7 @@ - output is changed - name: Update aws_config_aggregator - idempotency - aws_config_aggregator: + config_aggregator: name: random_name state: present account_sources: [] @@ -335,7 +377,7 @@ # Read testing # ============================================================ - name: Don't update Configuration Recorder - aws_config_recorder: + config_recorder: name: '{{ resource_prefix }}-recorder' state: present role_arn: "{{ config_iam_role.arn }}" @@ -351,7 +393,7 @@ - not output.changed - name: Don't update Delivery Channel - aws_config_delivery_channel: + config_delivery_channel: name: '{{ resource_prefix }}-channel' state: present s3_bucket: "{{ config_s3_bucket }}" @@ -364,7 +406,7 @@ - not output.changed - name: Don't update Config Rule - aws_config_rule: + config_rule: name: '{{ resource_prefix }}-rule' state: present description: 'This AWS Config rule checks for public write access on S3 buckets' @@ -383,7 +425,7 @@ always: - name: delete aws_config_aggregator - aws_config_aggregator: + config_aggregator: name: random_name state: absent register: output @@ -393,32 +435,32 @@ # Destroy testing # ============================================================ - name: Destroy Configuration Recorder - aws_config_recorder: + config_recorder: name: '{{ resource_prefix }}-recorder' state: absent register: output - ignore_errors: yes + ignore_errors: true # - assert: # that: # - output.changed - name: Destroy Delivery Channel - aws_config_delivery_channel: + config_delivery_channel: name: '{{ resource_prefix }}-channel' state: absent s3_bucket: "{{ config_s3_bucket }}" sns_topic_arn: "{{ config_sns_topic.sns_arn }}" delivery_frequency: 'TwentyFour_Hours' register: output - ignore_errors: yes + ignore_errors: true # - assert: # that: # - output.changed - name: Destroy Config Rule - aws_config_rule: + config_rule: name: '{{ resource_prefix }}-rule' state: absent description: 'This AWS Config rule checks for public write access on S3 buckets' @@ -429,7 +471,7 @@ owner: AWS identifier: 'S3_BUCKET_PUBLIC_READ_PROHIBITED' register: output - ignore_errors: yes + ignore_errors: true # - assert: # that: @@ -445,23 +487,29 @@ policy_name: AwsConfigRecorderTestRoleS3Policy state: absent policy_json: "{{ lookup( 'template', 'config-s3-policy.json.j2') }}" - ignore_errors: yes + ignore_errors: true - name: remove IAM role iam_role: name: '{{ config_role_name }}' state: absent - ignore_errors: yes + ignore_errors: true - name: remove SNS topic sns_topic: name: '{{ config_sns_name }}' state: absent - ignore_errors: yes + ignore_errors: true - name: remove S3 bucket s3_bucket: name: "{{ config_s3_bucket }}" state: absent - force: yes - ignore_errors: yes + force: true + ignore_errors: true + + - name: remove KMS key + kms_key: + alias: "{{ config_kms_key }}" + state: absent + ignore_errors: true diff --git a/ansible_collections/community/aws/tests/integration/targets/config/templates/config-kms-policy.json.j2 b/ansible_collections/community/aws/tests/integration/targets/config/templates/config-kms-policy.json.j2 new file mode 100644 index 000000000..260adc839 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/config/templates/config-kms-policy.json.j2 @@ -0,0 +1,51 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "Enable IAM User Permissions", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::{{ aws_account_id }}:root" + }, + "Action": "kms:*", + "Resource": "*" + }, + { + "Sid": "Allow use of the key", + "Effect": "Allow", + "Principal": { + "AWS": [ + "arn:aws:iam::{{ aws_account_id }}:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig", + ] + }, + "Action": [ + "kms:Encrypt", + "kms:Decrypt", + "kms:ReEncrypt*", + "kms:GenerateDataKey*", + "kms:DescribeKey" + ], + "Resource": "*" + }, + { + "Sid": "Allow attachment of persistent resources", + "Effect": "Allow", + "Principal": { + "AWS": [ + "arn:aws:iam::{{ aws_account_id }}:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig", + ] + }, + "Action": [ + "kms:CreateGrant", + "kms:ListGrants", + "kms:RevokeGrant" + ], + "Resource": "*", + "Condition": { + "Bool": { + "kms:GrantIsForAWSResource": "true" + } + } + } + ] +}
\ No newline at end of file diff --git a/ansible_collections/community/aws/tests/integration/targets/connection/test_assume.yml b/ansible_collections/community/aws/tests/integration/targets/connection/test_assume.yml new file mode 100644 index 000000000..f979ef2d4 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/connection/test_assume.yml @@ -0,0 +1,16 @@ +- name: 'Ensure remote user exists' + ansible.builtin.user: + name: '{{ user_name }}' + shell: /bin/bash + become_user: 'root' + become: True + +- name: 'Attempt to run a shell command as the user ({{ user_name }})' + become_user: '{{ user_name }}' + become: True + command: 'id -u -n' + register: id_cmd + +- assert: + that: + - id_cmd.stdout == user_name diff --git a/ansible_collections/community/aws/tests/integration/targets/connection/test_connection.yml b/ansible_collections/community/aws/tests/integration/targets/connection/test_connection.yml index 829ac93b3..b8bdc43f4 100644 --- a/ansible_collections/community/aws/tests/integration/targets/connection/test_connection.yml +++ b/ansible_collections/community/aws/tests/integration/targets/connection/test_connection.yml @@ -10,9 +10,12 @@ tasks: ### test wait_for_connection plugin + - wait_for_connection: timeout: '{{ wait_for_timeout | default(100) }}' + ### Try to gather the default facts from the host + - name: Gather facts ansible.builtin.setup: @@ -52,6 +55,30 @@ - name: remove remote temp file action: "{{ action_prefix }}file path={{ remote_file }} state=absent" + ### Test that we're the user we expect to be and can change where appropriate + # Regression - https://github.com/ansible-collections/community.aws/issues/853 + + - name: Test user manipulaton + when: + - '"aws_ssm_linux" in group_names' + block: + - name: 'Find ID when become=False' + become: False + command: 'id -u -n' + register: id_cmd + + - assert: + that: + - id_cmd.stdout == 'ssm-user' + + - include_tasks: 'test_assume.yml' + loop: + - ssm-agent + - zuul + - root + loop_control: + loop_var: user_name + ### copy an empty file - name: copy an empty file action: "{{ action_prefix }}copy content= dest={{ remote_empty_file }}" @@ -62,4 +89,4 @@ assert: that: - stat_empty_file_cmd.stat.isreg # it is a regular file - - stat_empty_file_cmd.stat.size == 0 + - stat_empty_file_cmd.stat.size == 0
\ No newline at end of file diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_addressing/aws_ssm_integration_test_setup.yml b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_addressing/aws_ssm_integration_test_setup.yml index db519fb63..9e2f3fd01 100644 --- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_addressing/aws_ssm_integration_test_setup.yml +++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_addressing/aws_ssm_integration_test_setup.yml @@ -2,7 +2,7 @@ roles: - role: ../setup_connection_aws_ssm vars: - target_os: fedora + target_os: centos encrypted_bucket: False s3_bucket_region: 'eu-central-1' s3_addressing_style: virtual diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/aliases b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/aliases index eb8e0b891..eb8e0b891 100644 --- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/aliases +++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/aliases diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/aws_ssm_integration_test_setup.yml b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/aws_ssm_integration_test_setup.yml index 353757e33..d64cdabb6 100644 --- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/aws_ssm_integration_test_setup.yml +++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/aws_ssm_integration_test_setup.yml @@ -2,4 +2,4 @@ roles: - role: ../setup_connection_aws_ssm vars: - target_os: fedora + target_os: centos diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/aws_ssm_integration_test_teardown.yml b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/aws_ssm_integration_test_teardown.yml index 3ab6f74cf..3ab6f74cf 100644 --- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/aws_ssm_integration_test_teardown.yml +++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/aws_ssm_integration_test_teardown.yml diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/meta/main.yml index d055eb86e..d055eb86e 100644 --- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/meta/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/meta/main.yml diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/runme.sh b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/runme.sh index c99b3b066..c99b3b066 100755 --- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/runme.sh +++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/runme.sh diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_cross_region/aws_ssm_integration_test_setup.yml b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_cross_region/aws_ssm_integration_test_setup.yml index 1f223757c..eff5f5386 100644 --- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_cross_region/aws_ssm_integration_test_setup.yml +++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_cross_region/aws_ssm_integration_test_setup.yml @@ -2,7 +2,7 @@ roles: - role: ../setup_connection_aws_ssm vars: - target_os: fedora + target_os: centos s3_bucket_region: 'eu-central-1' # Post 2019 regions behave differently from other regions # they're worth testing but it's not possible in CI today. diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_encrypted_s3/aws_ssm_integration_test_setup.yml b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_encrypted_s3/aws_ssm_integration_test_setup.yml index bfea0d0dc..d6e650cd3 100644 --- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_encrypted_s3/aws_ssm_integration_test_setup.yml +++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_encrypted_s3/aws_ssm_integration_test_setup.yml @@ -2,6 +2,6 @@ roles: - role: ../setup_connection_aws_ssm vars: - target_os: fedora + target_os: centos encrypted_bucket: True test_suffix: encrypteds3 diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_endpoint/aws_ssm_integration_test_setup.yml b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_endpoint/aws_ssm_integration_test_setup.yml index 71c850e9d..e0296c7d6 100644 --- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_endpoint/aws_ssm_integration_test_setup.yml +++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_endpoint/aws_ssm_integration_test_setup.yml @@ -2,6 +2,6 @@ roles: - role: ../setup_connection_aws_ssm vars: - target_os: fedora + target_os: centos test_suffix: endpoint endpoint_url: 'https://s3.dualstack.{{ aws_region }}.amazonaws.com' diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_profile/aws_ssm_integration_test_setup.yml b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_profile/aws_ssm_integration_test_setup.yml index 3f4c2e47d..b8169d2c6 100644 --- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_profile/aws_ssm_integration_test_setup.yml +++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_profile/aws_ssm_integration_test_setup.yml @@ -2,5 +2,5 @@ roles: - role: ../setup_connection_aws_ssm vars: - target_os: fedora + target_os: centos profile_name: test_profile diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_ssm_document/aws_ssm_integration_test_setup.yml b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_ssm_document/aws_ssm_integration_test_setup.yml index 992426976..6ef4dfd47 100644 --- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_ssm_document/aws_ssm_integration_test_setup.yml +++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_ssm_document/aws_ssm_integration_test_setup.yml @@ -2,6 +2,6 @@ roles: - role: ../setup_connection_aws_ssm vars: - target_os: fedora + target_os: centos use_ssm_document: True test_suffix: document diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_vars/aws_ssm_integration_test_setup.yml b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_vars/aws_ssm_integration_test_setup.yml index ff67bc2c3..2b3755b88 100644 --- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_vars/aws_ssm_integration_test_setup.yml +++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_vars/aws_ssm_integration_test_setup.yml @@ -2,5 +2,5 @@ roles: - role: ../setup_connection_aws_ssm vars: - target_os: fedora + target_os: centos credential_vars: True diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_windows/aliases b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_windows/aliases index eb8e0b891..b321dedb6 100644 --- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_windows/aliases +++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_windows/aliases @@ -2,3 +2,5 @@ time=10m cloud/aws connection_aws_ssm + +unstable diff --git a/ansible_collections/community/aws/tests/integration/targets/dms_endpoint/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/dms_endpoint/tasks/main.yml index 328ea17a5..8d12933a4 100644 --- a/ansible_collections/community/aws/tests/integration/targets/dms_endpoint/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/dms_endpoint/tasks/main.yml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: diff --git a/ansible_collections/community/aws/tests/integration/targets/dms_replication_subnet_group/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/dms_replication_subnet_group/tasks/main.yml index 0952602f1..712bc82be 100644 --- a/ansible_collections/community/aws/tests/integration/targets/dms_replication_subnet_group/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/dms_replication_subnet_group/tasks/main.yml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: diff --git a/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/aliases b/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/aliases index dc5eacd6f..17466b153 100644 --- a/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/aliases +++ b/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/aliases @@ -1,2 +1,4 @@ cloud/aws time=50m + +unstable diff --git a/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/defaults/main.yml index 8b92884a4..de11cefba 100644 --- a/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/defaults/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/defaults/main.yml @@ -1,5 +1,7 @@ --- table_name: "{{ resource_prefix }}" +table_name_composite_pk: "{{ resource_prefix }}-composite-pk" +table_name_composite_pk_local_indexes: "{{ resource_prefix }}-composite-pk-local-indexes" table_name_on_demand: "{{ resource_prefix }}-pay-per-request" table_name_on_demand_complex: "{{ resource_prefix }}-pay-per-request-complex" @@ -31,6 +33,32 @@ indexes: read_capacity: 2 write_capacity: 2 +local_indexes: + - name: NamedIndex + type: include + hash_key_name: "id" ## == table_index + hash_key_type: "NUMBER" ## == table_index_type + range_key_name: create_time + includes: + - other_field + - other_field2 + read_capacity: 10 + write_capacity: 10 + - name: AnotherIndex + type: all + hash_key_name: id ## == table_index + hash_key_type: "NUMBER" ## == table_index_type + range_key_name: bar + read_capacity: 5 + write_capacity: 5 + - name: KeysOnlyIndex + type: keys_only + hash_key_name: id ## == table_index + hash_key_type: "NUMBER" ## == table_index_type + range_key_name: baz + read_capacity: 2 + write_capacity: 2 + indexes_pay_per_request: - name: NamedIndex type: global_include diff --git a/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/meta/main.yml index 504e72117..32cf5dda7 100644 --- a/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/meta/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/meta/main.yml @@ -1,4 +1 @@ -dependencies: - - role: setup_botocore_pip - vars: - botocore_version: "1.23.18" +dependencies: [] diff --git a/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/tasks/main.yml index b208f4ca5..268e61bae 100644 --- a/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/tasks/main.yml @@ -7,12 +7,12 @@ # - module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" block: - - include: "test_pay_per_request.yml" + - include_tasks: "test_pay_per_request.yml" # ============================================== @@ -115,6 +115,262 @@ - create_table.write_capacity == 1 # ============================================== + # Attempting to create a table without PK range key but with local indexes will result in an expected failure. + # "One or more parameter values were invalid: Table KeySchema does not have a range key, which is required when specifying a LocalSecondaryIndex" + + - name: Create table with simple PK with local indexes - test failure + dynamodb_table: + state: present + name: "{{ table_name_composite_pk }}" + hash_key_name: "{{ table_index }}" + hash_key_type: "{{ table_index_type }}" + indexes: "{{ local_indexes }}" + ignore_errors: yes + register: create_table + + - name: Check results - Create table with simple PK with local indexes + assert: + that: + - create_table is failed + + # ============================================== + # Attempting to create a table with composite PK but with local indexes using different hash key will result in an expected failure. + # "One or more parameter values were invalid: Index KeySchema does not have the same leading hash key as table KeySchema for index: NamedIndex. index hash key: id, table hash key: NOT_id" + + - name: Create table with composite PK with mismatching local indexes - test failure + dynamodb_table: + state: present + name: "{{ table_name_composite_pk }}" + hash_key_name: "NOT_{{ table_index }}" + hash_key_type: "{{ table_index_type }}" + range_key_name: "{{ range_index }}" + range_key_type: "{{ range_index_type }}" + indexes: "{{ local_indexes }}" + ignore_errors: yes + register: create_table + + - name: Check results - Create table with composite PK with mismatching local indexes + assert: + that: + - create_table is failed + + # ============================================== + + - name: Create table with composite PK - check_mode + dynamodb_table: + state: present + name: "{{ table_name_composite_pk }}" + hash_key_name: "{{ table_index }}" + hash_key_type: "{{ table_index_type }}" + range_key_name: "{{ range_index }}" + range_key_type: "{{ range_index_type }}" + register: create_table + check_mode: True + + - name: Check results - Create table with composite PK - check_mode + assert: + that: + - create_table is successful + - create_table is changed + + - name: Create table with composite PK + dynamodb_table: + state: present + name: "{{ table_name_composite_pk }}" + hash_key_name: "{{ table_index }}" + hash_key_type: "{{ table_index_type }}" + range_key_name: "{{ range_index }}" + range_key_type: "{{ range_index_type }}" + register: create_table + + - name: Check results - Create table with composite PK + assert: + that: + - create_table is successful + - create_table is changed + - '"hash_key_name" in create_table' + - '"hash_key_type" in create_table' + - '"indexes" in create_table' + - '"range_key_name" in create_table' + - '"range_key_type" in create_table' + - '"read_capacity" in create_table' + - '"region" in create_table' + - '"table_name" in create_table' + - '"table_status" in create_table' + - '"tags" in create_table' + - '"write_capacity" in create_table' + - create_table.hash_key_name == table_index + - create_table.hash_key_type == table_index_type + - create_table.range_key_name == range_index + - create_table.range_key_type == range_index_type + - create_table.indexes | length == 0 + - create_table.read_capacity == 1 + - create_table.table_name == table_name_composite_pk + - create_table.write_capacity == 1 + + - name: Create table with composite PK - idempotent - check_mode + dynamodb_table: + state: present + name: "{{ table_name_composite_pk }}" + hash_key_name: "{{ table_index }}" + hash_key_type: "{{ table_index_type }}" + range_key_name: "{{ range_index }}" + range_key_type: "{{ range_index_type }}" + register: create_table + check_mode: True + + - name: Check results - Create table with composite PK - idempotent - check_mode + assert: + that: + - create_table is successful + - create_table is not changed + + - name: Create table with composite PK - idempotent + dynamodb_table: + state: present + name: "{{ table_name_composite_pk }}" + hash_key_name: "{{ table_index }}" + hash_key_type: "{{ table_index_type }}" + range_key_name: "{{ range_index }}" + range_key_type: "{{ range_index_type }}" + register: create_table + + - name: Check results - Create table with composite PK - idempotent + assert: + that: + - create_table is successful + - create_table is not changed + - '"hash_key_name" in create_table' + - '"hash_key_type" in create_table' + - '"indexes" in create_table' + - '"range_key_name" in create_table' + - '"range_key_type" in create_table' + - '"read_capacity" in create_table' + - '"region" in create_table' + - '"table_name" in create_table' + - '"table_status" in create_table' + - '"tags" in create_table' + - '"write_capacity" in create_table' + - create_table.hash_key_name == table_index + - create_table.hash_key_type == table_index_type + - create_table.range_key_name == range_index + - create_table.range_key_type == range_index_type + - create_table.indexes | length == 0 + - create_table.read_capacity == 1 + - create_table.table_name == table_name_composite_pk + - create_table.write_capacity == 1 + + # ============================================== + + - name: Create table with composite PK and local indexes - check_mode + dynamodb_table: + state: present + name: "{{ table_name_composite_pk_local_indexes }}" + hash_key_name: "{{ table_index }}" + hash_key_type: "{{ table_index_type }}" + range_key_name: "{{ range_index }}" + range_key_type: "{{ range_index_type }}" + indexes: "{{ local_indexes }}" + register: create_table + check_mode: True + + - name: Check results - Create table with composite PK and local indexes - check_mode + assert: + that: + - create_table is successful + - create_table is changed + + - name: Create table with composite PK and local indexes + dynamodb_table: + state: present + name: "{{ table_name_composite_pk_local_indexes }}" + hash_key_name: "{{ table_index }}" + hash_key_type: "{{ table_index_type }}" + range_key_name: "{{ range_index }}" + range_key_type: "{{ range_index_type }}" + indexes: "{{ local_indexes }}" + register: create_table + + - name: Check results - Create table with composite PK and local indexes + assert: + that: + - create_table is successful + - create_table is changed + - '"hash_key_name" in create_table' + - '"hash_key_type" in create_table' + - '"indexes" in create_table' + - '"range_key_name" in create_table' + - '"range_key_type" in create_table' + - '"read_capacity" in create_table' + - '"region" in create_table' + - '"table_name" in create_table' + - '"table_status" in create_table' + - '"tags" in create_table' + - '"write_capacity" in create_table' + - create_table.hash_key_name == table_index + - create_table.hash_key_type == table_index_type + - create_table.range_key_name == range_index + - create_table.range_key_type == range_index_type + - create_table.indexes | length == 3 + - create_table.read_capacity == 1 + - create_table.table_name == table_name_composite_pk_local_indexes + - create_table.write_capacity == 1 + + - name: Create table with composite PK and local indexes - idempotent - check_mode + dynamodb_table: + state: present + name: "{{ table_name_composite_pk_local_indexes }}" + hash_key_name: "{{ table_index }}" + hash_key_type: "{{ table_index_type }}" + range_key_name: "{{ range_index }}" + range_key_type: "{{ range_index_type }}" + indexes: "{{ local_indexes }}" + register: create_table + check_mode: True + + - name: Check results - Create table with composite PK and local indexes - idempotent - check_mode + assert: + that: + - create_table is successful + - create_table is not changed + + - name: Create table with composite PK and local indexes - idempotent + dynamodb_table: + state: present + name: "{{ table_name_composite_pk_local_indexes }}" + hash_key_name: "{{ table_index }}" + hash_key_type: "{{ table_index_type }}" + range_key_name: "{{ range_index }}" + range_key_type: "{{ range_index_type }}" + indexes: "{{ local_indexes }}" + register: create_table + + - name: Check results - Create table with composite PK and local indexes - idempotent + assert: + that: + - create_table is successful + - create_table is not changed + - '"hash_key_name" in create_table' + - '"hash_key_type" in create_table' + - '"indexes" in create_table' + - '"range_key_name" in create_table' + - '"range_key_type" in create_table' + - '"read_capacity" in create_table' + - '"region" in create_table' + - '"table_name" in create_table' + - '"table_status" in create_table' + - '"tags" in create_table' + - '"write_capacity" in create_table' + - create_table.hash_key_name == table_index + - create_table.hash_key_type == table_index_type + - create_table.range_key_name == range_index + - create_table.range_key_type == range_index_type + - create_table.indexes | length == 3 + - create_table.read_capacity == 1 + - create_table.table_name == table_name_composite_pk_local_indexes + - create_table.write_capacity == 1 + + # ============================================== - name: Tag table - check_mode dynamodb_table: @@ -488,14 +744,14 @@ - update_indexes is successful - update_indexes is not changed - - name: Update table add indexes - idempotent + - name: Update table add global indexes - idempotent dynamodb_table: state: present name: "{{ table_name }}" indexes: "{{ indexes }}" register: update_indexes - - name: Check results - Update table add indexes - idempotent + - name: Check results - Update table add global indexes - idempotent assert: that: - update_indexes is successful @@ -588,8 +844,6 @@ tags: "{{ tags_default }}" indexes: "{{ indexes }}" register: create_complex_table - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" check_mode: True - name: Check results - Create complex table - check_mode @@ -612,8 +866,6 @@ tags: "{{ tags_default }}" indexes: "{{ indexes }}" register: create_complex_table - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" - name: Check results - Create complex table assert: @@ -656,8 +908,6 @@ tags: "{{ tags_default }}" indexes: "{{ indexes }}" register: create_complex_table - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" check_mode: True - name: Check results - Create complex table - idempotent - check_mode @@ -680,8 +930,6 @@ tags: "{{ tags_default }}" indexes: "{{ indexes }}" register: create_complex_table - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" - name: Check results - Create complex table - idempotent assert: @@ -719,8 +967,6 @@ name: "{{ table_name }}" table_class: "STANDARD" register: update_class - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" check_mode: True - name: Check results - Update table class - check_mode @@ -734,8 +980,6 @@ state: present name: "{{ table_name }}" table_class: "STANDARD" - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" register: update_class - name: Check results - Update table class @@ -873,6 +1117,20 @@ wait: false register: delete_table + - name: Delete provisoned table with composite key + dynamodb_table: + state: absent + name: "{{ table_name_composite_pk }}" + wait: false + register: delete_table + + - name: Delete provisoned table with composite key and local indexes + dynamodb_table: + state: absent + name: "{{ table_name_composite_pk_local_indexes }}" + wait: false + register: delete_table + - name: Delete on-demand table dynamodb_table: state: absent diff --git a/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/tasks/test_pay_per_request.yml b/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/tasks/test_pay_per_request.yml index a05021154..b469a1b51 100644 --- a/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/tasks/test_pay_per_request.yml +++ b/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/tasks/test_pay_per_request.yml @@ -22,6 +22,7 @@ hash_key_name: "{{ table_index }}" hash_key_type: "{{ table_index_type }}" billing_mode: PAY_PER_REQUEST + wait_timeout: 450 register: create_table - name: Check results - Create table diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/aliases b/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/aliases new file mode 100644 index 000000000..913237649 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/aliases @@ -0,0 +1,9 @@ +# reason: missing-policy +# To test Carrier Gateway in the VPC, the Wavelength subnet +# group should be enabled on the AWS Account. +unsupported + +cloud/aws + +ec2_carrier_gateway +ec2_carrier_gateway_info diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/defaults/main.yml new file mode 100644 index 000000000..2e8c38f88 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/defaults/main.yml @@ -0,0 +1,3 @@ +--- +vpc_name: '{{ resource_prefix }}-ec2-vpc-cagw' +cagw_name: '{{ resource_prefix }}-ec2-vpc-cagw' diff --git a/ansible_collections/community/aws/tests/integration/targets/aws_region_info/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/meta/main.yml index 32cf5dda7..32cf5dda7 100644 --- a/ansible_collections/community/aws/tests/integration/targets/aws_region_info/meta/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/meta/main.yml diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/tasks/main.yml new file mode 100644 index 000000000..4d005b90a --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/tasks/main.yml @@ -0,0 +1,167 @@ +--- +- name: 'ec2_carrier_gateway integration tests' + collections: + - community.aws + module_defaults: + group/aws: + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' + region: '{{ aws_region }}' + block: + + # ============================================================ + - debug: msg="Setting up test dependencies" + + - name: create a VPC + ec2_vpc_net: + name: "{{ vpc_name }}-{{ item }}" + state: present + cidr_block: "{{ vpc_cidr }}" + tags: + Description: "Created by ansible-test for CAGW tests" + register: vpc_result + loop: [1] + + - name: use set fact for vpc ids + set_fact: + vpc_id_1: '{{ vpc_result.results.0.vpc.id }}' + + # ============================================================ + - debug: msg="Running tests" + + - name: create carrier gateway and attach it to vpc + ec2_carrier_gateway: + state: present + vpc_id: '{{ vpc_id_1 }}' + name: "{{ cagw_name }}" + register: cagw + check_mode: true + + - name: use set fact for cagw ids + set_fact: + cagw_id: '{{ cagw.carrier_gateway_id }}' + + - assert: + that: + - cagw.changed + - cagw.vpc_id == vpc_id_1 + - cagw.tags.Name == cagw_name + + - name: test idempotence + ec2_carrier_gateway: + state: present + vpc_id: '{{ vpc_id_1 }}' + name: "{{ cagw_name }}" + register: cagw + check_mode: true + + - assert: + that: + - not cagw.changed + - cagw.carrier_gateway_id == cagw_id + + # ============================================================ + + - name: get VPC CAGW facts by ID (CHECK) + ec2_carrier_gateway_info: + carrier_gateway_id: ['{{ cagw_id }}'] + register: cagw_info + check_mode: True + + - name: verify expected facts + vars: + cagw_details: '{{ cagw_info.carrier_gateways[0] }}' + assert: + that: + - cagw_info.carrier_gateways | length == 1 + - '"carrier_gateway_id" in cagw_details' + - '"tags" in cagw_details' + - '"vpc_id" in cagw_details' + - cagw_details.carrier_gateway_id == cagw_id + - '"Name" in cagw_details.tags' + - cagw_details.tags.Name == cagw_name + + - name: get VPC CAGW facts by Tag + ec2_carrier_gateway_info: + filters: + "tag:Name": "{{ cagw_name }}" + register: cagw_info + + - name: verify expected facts + vars: + cagw_details: '{{ cagw_info.virtual_gateways[0] }}' + assert: + that: + - cagw_info.virtual_gateways | length == 1 + - '"carrier_gateway_id" in cagw_details' + - '"state" in cagw_details' + - '"tags" in cagw_details' + - cagw_details.carrier_gateway_id == cagw_id + - '"Name" in cagw_details.tags' + - cagw_details.tags.Name == cagw_name + + + # ============================================================ + + - name: get all CAGWs + ec2_carrier_gateway_info: + register: cagw_info + + - name: verify test CAGW is in the results + vars: + cagw_id_list: '{{ cagw_info.carrier_gateways | map(attribute="carrier_gateway_id") | list }}' + assert: + that: + - cagw_id in cagw_id_list + + # ============================================================ + + - include_tasks: 'tags.yml' + + # ============================================================ + + - name: delete carrier gateway + ec2_carrier_gateway: + state: absent + name: "{{ cagw_name }}" + register: cagw + check_mode: true + + - assert: + that: + - cagw.changed + + - name: test idempotence + ec2_carrier_gateway: + state: absent + name: "{{ cagw_name }}" + register: cagw + check_mode: true + + - assert: + that: + - not cagw.changed + + always: + + - debug: msg="Removing test dependencies" + + - name: delete carrier gateway + ec2_carrier_gateway: + state: absent + carrier_gateway_id: '{{ cagw.carrier_gateway_id }}' + ignore_errors: true + check_mode: true + + - name: delete vpc + ec2_vpc_net: + name: "{{ vpc_name }}-{{ item }}" + state: absent + cidr_block: "{{ vpc_cidr }}" + loop: [1, 2] + register: result + retries: 10 + delay: 5 + until: result is not failed + ignore_errors: true diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/tasks/tags.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/tasks/tags.yml new file mode 100644 index 000000000..07104daa7 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/tasks/tags.yml @@ -0,0 +1,224 @@ +- vars: + first_tags: + 'Key with Spaces': Value with spaces + CamelCaseKey: CamelCaseValue + pascalCaseKey: pascalCaseValue + snake_case_key: snake_case_value + second_tags: + 'New Key with Spaces': Value with spaces + NewCamelCaseKey: CamelCaseValue + newPascalCaseKey: pascalCaseValue + new_snake_case_key: snake_case_value + third_tags: + 'Key with Spaces': Value with spaces + CamelCaseKey: CamelCaseValue + pascalCaseKey: pascalCaseValue + snake_case_key: snake_case_value + 'New Key with Spaces': Updated Value with spaces + final_tags: + 'Key with Spaces': Value with spaces + CamelCaseKey: CamelCaseValue + pascalCaseKey: pascalCaseValue + snake_case_key: snake_case_value + 'New Key with Spaces': Updated Value with spaces + NewCamelCaseKey: CamelCaseValue + newPascalCaseKey: pascalCaseValue + new_snake_case_key: snake_case_value + name_tags: + Name: '{{ cagw_name }}' + module_defaults: + ec2_carrier_gateway: + name: '{{ cagw_name }}' + ec2_carrier_gateway_info: + vpn_gateway_ids: ['{{ cagw_id }}'] + block: + + # ============================================================ + + - name: add tags + ec2_carrier_gateway: + tags: '{{ first_tags }}' + state: 'present' + register: tag_cagw + check_mode: true + + - name: get VPC CAGW facts + ec2_carrier_gateway_info: {} + register: tag_cagw_info + + - name: verify the tags were added + assert: + that: + - tag_cagw is changed + - tag_cagw.carrier_gateway_id == cagw_id + - tag_cagw_info.carrier_gateways[0].carrier_gateway_id == cagw_id + - tag_cagw_info.carrier_gateways[0].tags == ( first_tags | combine(name_tags) ) + + - name: add tags - IDEMPOTENCY + ec2_carrier_gateway: + tags: '{{ first_tags }}' + state: 'present' + register: tag_cagw + check_mode: true + - name: get VPC CAGW facts + ec2_carrier_gateway_info: {} + register: tag_carrier_gateway_info + + - name: verify no change + assert: + that: + - tag_cagw is not changed + - tag_cagw.carrier_gateway_id == cagw_id + - tag_cagw_info.carrier_gateways[0].carrier_gateway_id == cagw_id + - tag_cagw_info.carrier_gateways[0].tags == ( first_tags | combine(name_tags) ) + + # ============================================================ + + - name: get VPC CAGW facts by filter + ec2_carrier_gateway_info: + filters: + 'tag:Name': '{{ cagw_name }}' + vpn_gateway_ids: '{{ omit }}' + register: tag_cagw_info + + - name: assert the facts are the same as before + assert: + that: + - tag_cagw_info.carrier_gateways | length == 1 + - tag_cagw.carrier_gateway_id == cagw_id + - tag_cagw_info.carrier_gateways[0].carrier_gateway_id == cagw_id + + # ============================================================ + + - name: modify tags with purge + ec2_carrier_gateway: + tags: '{{ second_tags }}' + state: 'present' + register: tag_cagw + check_mode: true + - name: get VPC CAGW facts + ec2_carrier_gateway_info: + register: tag_cagw_info + + - name: verify the tags were added + assert: + that: + - tag_cagw is changed + - tag_cagw.carrier_gateway_id == cagw_id + - tag_cagw_info.carrier_gateways[0].carrier_gateway_id == cagw_id + - tag_cagw_info.carrier_gateways[0].tags == ( second_tags | combine(name_tags) ) + + - name: modify tags with purge - IDEMPOTENCY + ec2_carrier_gateway: + tags: '{{ second_tags }}' + state: 'present' + register: tag_cagw + check_mode: true + - name: get VPC CAGW facts + ec2_carrier_gateway_info: + register: tag_cagw_info + + - name: verify no change + assert: + that: + - tag_cagw is not changed + - tag_cagw.carrier_gateway_id == cagw_id + - tag_cagw_info.carrier_gateways[0].carrier_gateway_id == cagw_id + - tag_cagw_info.carrier_gateways[0].tags == ( second_tags | combine(name_tags) ) + + # ============================================================ + + - name: modify tags without purge + ec2_carrier_gateway: + tags: '{{ third_tags }}' + state: 'present' + purge_tags: False + register: tag_cagw + check_mode: true + - name: get VPC CAGW facts + ec2_carrier_gateway_info: + register: tag_cagw_info + + - name: verify the tags were added + assert: + that: + - tag_cagw is changed + - tag_cagw.carrier_gateway_id == cagw_id + - tag_cagw_info.carrier_gateways[0].carrier_gateway_id == cagw_id + - tag_cagw_info.carrier_gateways[0].tags == ( final_tags | combine(name_tags) ) + + - name: modify tags without purge - IDEMPOTENCY + ec2_carrier_gateway: + tags: '{{ third_tags }}' + state: 'present' + purge_tags: False + register: tag_cagw + check_mode: true + - name: get VPC CAGW facts + ec2_carrier_gateway_info: + register: tag_cagw_info + + - name: verify no change + assert: + that: + - tag_cagw is not changed + - tag_cagw.carrier_gateway_id == cagw_id + - tag_cagw_info.carrier_gateways[0].carrier_gateway_id == cagw_id + - tag_cagw_info.carrier_gateways[0].tags == ( final_tags | combine(name_tags) ) + + # ============================================================ + + - name: No change to tags without setting tags + ec2_carrier_gateway: + state: 'present' + register: tag_cagw + check_mode: true + - name: get VPC CAGW facts + ec2_carrier_gateway_info: + register: tag_cagw_info + + - name: verify the tags were added + assert: + that: + - tag_cagw is not changed + - tag_cagw.carrier_gateway_id == cagw_id + - tag_cagw_info.carrier_gateways[0].carrier_gateway_id == cagw_id + - tag_cagw_info.carrier_gateways[0].tags == ( final_tags | combine(name_tags) ) + + # ============================================================ + + - name: remove non name tags + ec2_carrier_gateway: + tags: {} + state: 'present' + register: tag_cagw + check_mode: true + - name: get VPC CAGW facts + ec2_carrier_gateway_info: + register: tag_cagw_info + + - name: verify the tags were added + assert: + that: + - tag_cagw is changed + - tag_cagw.carrier_gateway_id == cagw_id + - tag_cagw_info.carrier_gateways[0].carrier_gateway_id == cagw_id + - tag_cagw_info.carrier_gateways[0].tags == name_tags + + - name: remove non name tags - IDEMPOTENCY + ec2_carrier_gateway: + tags: {} + state: 'present' + register: tag_cagw + check_mode: true + - name: get VPC CAGW facts + ec2_carrier_gateway_info: + register: tag_cagw_info + + - name: verify no change + assert: + that: + - tag_cagw is not changed + - tag_cagw.carrier_gateway_id == cagw_id + - tag_cagw_info.carrier_gateways[0].carrier_gateway_id == cagw_id + - tag_cagw_info.carrier_gateways[0].tags == name_tags diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/meta/main.yml index ca18dd30f..1471b11f6 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/meta/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/meta/main.yml @@ -1,5 +1,2 @@ dependencies: - setup_ec2_facts - - role: setup_botocore_pip - vars: - botocore_version: "1.23.30" diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/instance-metadata.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/instance-metadata.yml index afe907f4f..7648f00ef 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/instance-metadata.yml +++ b/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/instance-metadata.yml @@ -1,53 +1,5 @@ --- -- name: test with older boto3 version that does not support instance_metadata_tags - block: - - name: fail metadata_options - ec2_launch_template: - name: "{{ resource_prefix }}-test-metadata" - metadata_options: - http_put_response_hop_limit: 1 - http_tokens: required - http_protocol_ipv6: enabled - instance_metadata_tags: enabled - state: present - register: metadata_options_launch_template - ignore_errors: yes - - name: verify fail with usefull error message - assert: - that: - - metadata_options_launch_template.failed - - metadata_options_launch_template is not changed - - "'This is required to set instance_metadata_tags' in metadata_options_launch_template.msg" - - - name: success metadata_options - ec2_launch_template: - name: "{{ resource_prefix }}-test-metadata" - metadata_options: - http_put_response_hop_limit: 1 - http_tokens: required - state: present - register: metadata_options_launch_template - - name: instance with metadata_options created with the right options - assert: - that: - - metadata_options_launch_template is changed - - "metadata_options_launch_template.latest_template.launch_template_data.metadata_options.http_put_response_hop_limit == 1" - - "metadata_options_launch_template.latest_template.launch_template_data.metadata_options.http_tokens == 'required'" - - "metadata_options_launch_template.latest_template.launch_template_data.metadata_options.http_protocol_ipv6 is not defined" - - "metadata_options_launch_template.latest_template.launch_template_data.metadata_options.instance_metadata_tags is not defined" - always: - - name: delete the template - ec2_launch_template: - name: "{{ resource_prefix }}-test-metadata" - state: absent - register: del_lt - retries: 10 - until: del_lt is not failed - ignore_errors: true - -- name: test with boto3 version that supports instance_metadata_tags - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" +- name: instance_metadata_tags block: - name: metadata_options ec2_launch_template: diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/main.yml index aa87871ce..e89dfceb5 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/main.yml @@ -1,9 +1,9 @@ --- - module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" block: - include_tasks: cpu_options.yml diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/tags_and_vpc_settings.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/tags_and_vpc_settings.yml index 026c59907..41ff9082b 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/tags_and_vpc_settings.yml +++ b/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/tags_and_vpc_settings.yml @@ -31,7 +31,7 @@ register: testing_subnet_b - name: create a security group with the vpc - ec2_group: + ec2_security_group: name: "{{ resource_prefix }}-sg" description: a security group for ansible tests vpc_id: "{{ testing_vpc.vpc.id }}" @@ -164,7 +164,7 @@ always: - name: remove the security group - ec2_group: + ec2_security_group: name: "{{ resource_prefix }}-sg" description: a security group for ansible tests vpc_id: "{{ testing_vpc.vpc.id }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/env_cleanup.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/env_cleanup.yml index 9e5ae6a93..ce626b69c 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/env_cleanup.yml +++ b/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/env_cleanup.yml @@ -24,7 +24,7 @@ retries: 10 - name: remove the security group - ec2_group: + ec2_security_group: name: "{{ resource_prefix }}-sg" description: a security group for ansible tests vpc_id: "{{ testing_vpc.vpc.id }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/env_setup.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/env_setup.yml index 88f5bb6fe..d48bae66c 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/env_setup.yml +++ b/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/env_setup.yml @@ -48,7 +48,7 @@ - "{{ testing_subnet_b.subnet.id }}" - name: create a security group with the vpc - ec2_group: + ec2_security_group: name: "{{ resource_prefix }}-sg" description: a security group for ansible tests vpc_id: "{{ testing_vpc.vpc.id }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/main.yml index 91fd9497c..10695571e 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/main.yml @@ -1,9 +1,9 @@ - name: run ec2_placement_group tests module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" collections: - amazon.aws @@ -25,7 +25,7 @@ - assert: that: - pg_1_create_check_mode is changed - - pg_1_create_check_mode.placement_group.name == '{{ resource_prefix }}-pg1' + - pg_1_create_check_mode.placement_group.name == resource_prefix ~ '-pg1' - pg_1_create_check_mode.placement_group.state == "DryRun" - '"ec2:CreatePlacementGroup" in pg_1_create_check_mode.resource_actions' @@ -41,7 +41,7 @@ - assert: that: - pg_1_create is changed - - pg_1_create.placement_group.name == '{{ resource_prefix }}-pg1' + - pg_1_create.placement_group.name == resource_prefix ~ '-pg1' - pg_1_create.placement_group.state == "available" - '"ec2:CreatePlacementGroup" in pg_1_create.resource_actions' @@ -54,7 +54,7 @@ - assert: that: - pg_1_info_result is not changed - - pg_1_info_result.placement_groups[0].name == '{{ resource_prefix }}-pg1' + - pg_1_info_result.placement_groups[0].name == resource_prefix ~ '-pg1' - pg_1_info_result.placement_groups[0].state == "available" - pg_1_info_result.placement_groups[0].strategy == "cluster" - '"ec2:DescribePlacementGroups" in pg_1_info_result.resource_actions' @@ -68,7 +68,7 @@ - assert: that: - pg_1_create is not changed - - pg_1_create.placement_group.name == '{{ resource_prefix }}-pg1' + - pg_1_create.placement_group.name == resource_prefix ~ '-pg1' - pg_1_create.placement_group.state == "available" - '"ec2:CreatePlacementGroup" not in pg_1_create.resource_actions' @@ -82,7 +82,7 @@ - assert: that: - pg_1_create_check_mode_idem is not changed - - pg_1_create_check_mode_idem.placement_group.name == '{{ resource_prefix }}-pg1' + - pg_1_create_check_mode_idem.placement_group.name == resource_prefix ~ '-pg1' - pg_1_create_check_mode_idem.placement_group.state == "available" - '"ec2:CreatePlacementGroup" not in pg_1_create_check_mode_idem.resource_actions' @@ -97,7 +97,7 @@ - assert: that: - pg_2_create_check_mode is changed - - pg_2_create_check_mode.placement_group.name == '{{ resource_prefix }}-pg2' + - pg_2_create_check_mode.placement_group.name == resource_prefix ~ '-pg2' - pg_2_create_check_mode.placement_group.state == "DryRun" - '"ec2:CreatePlacementGroup" in pg_2_create_check_mode.resource_actions' @@ -111,7 +111,7 @@ - assert: that: - pg_2_create is changed - - pg_2_create.placement_group.name == '{{ resource_prefix }}-pg2' + - pg_2_create.placement_group.name == resource_prefix ~ '-pg2' - pg_2_create.placement_group.state == "available" - '"ec2:CreatePlacementGroup" in pg_2_create.resource_actions' @@ -127,7 +127,7 @@ - assert: that: - pg_2_info_result is not changed - - pg_2_info_result.placement_groups[0].name == '{{ resource_prefix }}-pg2' + - pg_2_info_result.placement_groups[0].name == resource_prefix ~ '-pg2' - pg_2_info_result.placement_groups[0].state == "available" - pg_2_info_result.placement_groups[0].strategy == "spread" - '"ec2:DescribePlacementGroups" in pg_2_info_result.resource_actions' @@ -142,7 +142,7 @@ - assert: that: - pg_2_create is not changed - - pg_2_create.placement_group.name == '{{ resource_prefix }}-pg2' + - pg_2_create.placement_group.name == resource_prefix ~ '-pg2' - pg_2_create.placement_group.state == "available" - '"ec2:CreatePlacementGroup" not in pg_2_create.resource_actions' @@ -157,7 +157,7 @@ - assert: that: - pg_2_create_check_mode_idem is not changed - - pg_2_create_check_mode_idem.placement_group.name == '{{ resource_prefix }}-pg2' + - pg_2_create_check_mode_idem.placement_group.name == resource_prefix ~ '-pg2' - pg_2_create_check_mode_idem.placement_group.state == "available" - '"ec2:CreatePlacementGroup" not in pg_2_create_check_mode_idem.resource_actions' @@ -173,7 +173,7 @@ - assert: that: - pg_3_create_check_mode is changed - - pg_3_create_check_mode.placement_group.name == '{{ resource_prefix }}-pg3' + - pg_3_create_check_mode.placement_group.name == resource_prefix ~ '-pg3' - pg_3_create_check_mode.placement_group.state == "DryRun" - '"ec2:CreatePlacementGroup" in pg_3_create_check_mode.resource_actions' @@ -188,7 +188,7 @@ - assert: that: - pg_3_create is changed - - pg_3_create.placement_group.name == '{{ resource_prefix }}-pg3' + - pg_3_create.placement_group.name == resource_prefix ~ '-pg3' - pg_3_create.placement_group.state == "available" - '"ec2:CreatePlacementGroup" in pg_3_create.resource_actions' @@ -205,7 +205,7 @@ - assert: that: - pg_3_info_result is not changed - - pg_3_info_result.placement_groups[0].name == '{{ resource_prefix }}-pg3' + - pg_3_info_result.placement_groups[0].name == resource_prefix ~ '-pg3' - pg_3_info_result.placement_groups[0].state == "available" - pg_3_info_result.placement_groups[0].strategy == "partition" - '"ec2:DescribePlacementGroups" in pg_3_info_result.resource_actions' @@ -221,7 +221,7 @@ - assert: that: - pg_3_create is not changed - - pg_3_create.placement_group.name == '{{ resource_prefix }}-pg3' + - pg_3_create.placement_group.name == resource_prefix ~ '-pg3' - pg_3_create.placement_group.state == "available" - '"ec2:CreatePlacementGroup" not in pg_3_create.resource_actions' @@ -237,7 +237,7 @@ - assert: that: - pg_3_create_check_mode_idem is not changed - - pg_3_create_check_mode_idem.placement_group.name == '{{ resource_prefix }}-pg3' + - pg_3_create_check_mode_idem.placement_group.name == resource_prefix ~ '-pg3' - pg_3_create_check_mode_idem.placement_group.state == "available" - '"ec2:CreatePlacementGroup" not in pg_3_create_check_mode_idem.resource_actions' diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_transit_gateway/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_transit_gateway/tasks/main.yml index 6cb279f77..c7353cfc0 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ec2_transit_gateway/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/ec2_transit_gateway/tasks/main.yml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_transit_gateway_vpc_attachment/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_transit_gateway_vpc_attachment/tasks/main.yml index 8694b829e..ce9659473 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ec2_transit_gateway_vpc_attachment/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/ec2_transit_gateway_vpc_attachment/tasks/main.yml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_egress_igw/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_egress_igw/tasks/main.yml index 41540b8d4..75fff0e4e 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_egress_igw/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_egress_igw/tasks/main.yml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_nacl/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_nacl/tasks/main.yml index e1538049a..36c7ab2d8 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_nacl/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_nacl/tasks/main.yml @@ -1,9 +1,9 @@ --- - module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" collections: - amazon.aws diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_peer/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_peer/tasks/main.yml index cdb7c6680..b39b69b74 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_peer/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_peer/tasks/main.yml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" block: - name: get ARN of calling user diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_vgw/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_vgw/tasks/main.yml index 37bbf5e37..f5a850a71 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_vgw/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_vgw/tasks/main.yml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_vpn/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_vpn/tasks/main.yml index a4c740887..9514d7cf3 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_vpn/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_vpn/tasks/main.yml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: @@ -35,7 +35,63 @@ name: testcgw register: cgw - - name: create vpn connection, with customer gateway + - name: create transit gateway + ec2_transit_gateway: + description: "Transit Gateway for vpn attachment" + register: tgw + + - name: create vpn connection, with customer gateway, vpn_gateway_id and transit_gateway + ec2_vpc_vpn: + customer_gateway_id: '{{ cgw.gateway.customer_gateway.customer_gateway_id }}' + vpn_gateway_id: '{{ vgw.vgw.id }}' + transit_gateway_id: '{{ tgw.transit_gateway.transit_gateway_id }}' + state: present + register: result + ignore_errors: true + + - name: assert creation of vpn failed + assert: + that: + - result is failed + - result.msg == "parameters are mutually exclusive: vpn_gateway_id|transit_gateway_id" + + + - name: create vpn connection, with customer gateway and transit_gateway + ec2_vpc_vpn: + customer_gateway_id: '{{ cgw.gateway.customer_gateway.customer_gateway_id }}' + transit_gateway_id: '{{ tgw.transit_gateway.transit_gateway_id }}' + state: present + register: tgw_vpn + + - name: Store ID of VPN + set_fact: + vpn_id: '{{ tgw_vpn.vpn_connection_id }}' + + # ============================================================ + - name: test success with no parameters + ec2_vpc_vpn_info: + register: result + + - name: assert success with no parameters + assert: + that: + - 'result.changed == false' + - 'result.vpn_connections != []' + # ============================================================ + + - name: Delete vpn created with transit gateway + ec2_vpc_vpn: + state: absent + vpn_connection_id: '{{ vpn_id }}' + register: result + retries: 10 + delay: 3 + until: result is not failed + ignore_errors: true + + # ============================================================ + + - name: create vpn connection, with customer gateway and vpn gateway ec2_vpc_vpn: customer_gateway_id: '{{ cgw.gateway.customer_gateway.customer_gateway_id }}' vpn_gateway_id: '{{ vgw.vgw.id }}' @@ -47,6 +103,7 @@ vpn_id: '{{ vpn.vpn_connection_id }}' # ============================================================ + - name: test success with no parameters ec2_vpc_vpn_info: register: result @@ -163,3 +220,9 @@ delay: 3 until: result is not failed ignore_errors: true + + - name: delete transit gateway + ec2_transit_gateway: + transit_gateway_id: '{{ tgw.transit_gateway.transit_gateway_id }}' + state: absent + ignore_errors: true diff --git a/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/meta/main.yml index 7f42526eb..32cf5dda7 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/meta/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/meta/main.yml @@ -1,4 +1 @@ -dependencies: - - role: setup_botocore_pip - vars: - botocore_version: "1.24.14" +dependencies: [] diff --git a/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/01_create_requirements.yml b/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/01_create_requirements.yml index 31ca3cf27..14c1b6337 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/01_create_requirements.yml +++ b/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/01_create_requirements.yml @@ -72,7 +72,7 @@ register: igw - name: create a security group to use for creating an ec2 instance - ec2_group: + ec2_security_group: name: '{{ resource_prefix }}_ecs_cluster-sg' description: 'created by Ansible integration tests' state: present @@ -86,9 +86,9 @@ # As a lookup plugin we don't have access to module_defaults connection_args: region: "{{ aws_region }}" - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - aws_security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" no_log: True - name: set image id fact diff --git a/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/20_ecs_service.yml b/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/20_ecs_service.yml index 4e0620555..3c4bbcb28 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/20_ecs_service.yml +++ b/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/20_ecs_service.yml @@ -86,8 +86,6 @@ - not ecs_service_again.changed - name: create same ECS service definition via force_new_deployment - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" ecs_service: state: present force_new_deployment: true @@ -113,8 +111,6 @@ - ecs_service_again.changed - name: force_new_deployment should work without providing a task_definition - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" ecs_service: state: present force_new_deployment: yes @@ -139,8 +135,6 @@ - ecs_service_notaskdef.changed - name: attempt to use ECS network configuration on task definition without awsvpc network_mode (expected to fail) - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" ecs_service: state: present name: "{{ ecs_service_name }}3" @@ -166,8 +160,6 @@ - ecs_service_network_without_awsvpc_task is failed - name: scale down ECS service - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" ecs_service: state: present name: "{{ ecs_service_name }}" @@ -191,8 +183,6 @@ - ecs_service_scale_down.service.desiredCount == 0 - name: scale down ECS service again - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" ecs_service: state: present name: "{{ ecs_service_name }}" @@ -228,8 +218,6 @@ - ecs_task_update.changed - name: Enable ExecuteCommand - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" ecs_service: state: present name: "{{ ecs_service_name }}" @@ -315,8 +303,6 @@ - "ecs_taskdefinition_info.network_mode == 'awsvpc'" - name: create ECS service definition with network configuration - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" ecs_service: state: present name: "{{ ecs_service_name }}2" @@ -344,8 +330,6 @@ - "create_ecs_service_with_vpc.service.networkConfiguration.awsvpcConfiguration.securityGroups|length == 1" - name: create ecs_service using health_check_grace_period_seconds - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" ecs_service: name: "{{ ecs_service_name }}-mft" cluster: "{{ ecs_cluster_name }}" @@ -364,11 +348,9 @@ assert: that: - ecs_service_creation_hcgp.changed - - "{{ecs_service_creation_hcgp.service.healthCheckGracePeriodSeconds}} == 30" + - ecs_service_creation_hcgp.service.healthCheckGracePeriodSeconds == 30 - name: update ecs_service using health_check_grace_period_seconds - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" ecs_service: name: "{{ ecs_service_name }}-mft" cluster: "{{ ecs_cluster_name }}" @@ -386,11 +368,9 @@ assert: that: - ecs_service_creation_hcgp2.changed - - "{{ecs_service_creation_hcgp2.service.healthCheckGracePeriodSeconds}} == 10" + - ecs_service_creation_hcgp2.service.healthCheckGracePeriodSeconds == 10 - name: update ecs_service using REPLICA scheduling_strategy - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" ecs_service: name: "{{ ecs_service_name }}-replica" cluster: "{{ ecs_cluster_name }}" @@ -473,8 +453,8 @@ assert: that: - ecs_task_definition_constraints is changed - - ecs_task_definition_constraints.taskdefinition.placementConstraints[0].type == "{{ ecs_taskdefinition_placement_constraints[0].type }}" - - ecs_task_definition_constraints.taskdefinition.placementConstraints[0].expression == "{{ ecs_taskdefinition_placement_constraints[0].expression }}" + - ecs_task_definition_constraints.taskdefinition.placementConstraints[0].type == ecs_taskdefinition_placement_constraints[0].type + - ecs_task_definition_constraints.taskdefinition.placementConstraints[0].expression == ecs_taskdefinition_placement_constraints[0].expression - name: Remove ecs task definition with placement constraints ecs_taskdefinition: @@ -517,8 +497,6 @@ - "ecs_service_create_no_load_balancer.service.loadBalancers | length == 0" - name: Update ecs_service load balancer - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" ecs_service: name: "{{ ecs_service_name }}-lb" cluster: "{{ ecs_cluster_name }}" @@ -541,8 +519,6 @@ - "ecs_service_update_load_balancer.service.loadBalancers[0].targetGroupArn == elb_target_group_instance.target_group_arn" - name: Create ecs service with placement constraints - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" ecs_service: name: "{{ ecs_service_name }}-constraint" cluster: "{{ ecs_cluster_name }}" @@ -593,8 +569,6 @@ until: "ECS.services[0].deployments[0].rolloutState == 'COMPLETED'" - name: Update ecs service's placement constraints - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" ecs_service: name: "{{ ecs_service_name }}-constraint" cluster: "{{ ecs_cluster_name }}" @@ -621,8 +595,6 @@ - "ecs_service_update_constraints.service.placementConstraints[0].expression == 'attribute:ecs.instance-type == t3.micro'" - name: Remove ecs service's placement constraints - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" ecs_service: name: "{{ ecs_service_name }}-constraint" cluster: "{{ ecs_cluster_name }}" @@ -645,8 +617,6 @@ - "ecs_service_remove_constraints.service.placementConstraints | length == 0" - name: Create ecs service with placement strategy - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" ecs_service: name: "{{ ecs_service_name }}-strategy" cluster: "{{ ecs_cluster_name }}" @@ -672,8 +642,6 @@ - "ecs_service_creation_strategy.service.placementStrategy[0].field == 'MEMORY'" - name: Update ecs service's placement strategy - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" ecs_service: name: "{{ ecs_service_name }}-strategy" cluster: "{{ ecs_cluster_name }}" @@ -700,8 +668,6 @@ - "ecs_service_update_strategy.service.placementStrategy[0].field == 'instanceId'" - name: Remove ecs service's placement strategy - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" ecs_service: name: "{{ ecs_service_name }}-strategy" cluster: "{{ ecs_cluster_name }}" @@ -942,6 +908,65 @@ started_by: ansible_user register: fargate_run_task_output_with_assign_ip +- name: create task definition for ARM + ecs_taskdefinition: + containers: "{{ ecs_fargate_task_containers }}" + family: "{{ ecs_task_name }}-arm" + network_mode: awsvpc + launch_type: FARGATE + cpu: 512 + memory: 1024 + execution_role_arn: "{{ iam_execution_role.arn }}" + state: present + runtime_platform: + cpuArchitecture: "ARM64" + operatingSystemFamily: "LINUX" + vars: + ecs_task_host_port: 8080 + register: fargate_arm_task_definition + +- name: check that initial task definition for ARM changes + assert: + that: + - fargate_arm_task_definition.changed + +- name: recreate task definition for ARM + ecs_taskdefinition: + containers: "{{ ecs_fargate_task_containers }}" + family: "{{ ecs_task_name }}-arm" + network_mode: awsvpc + launch_type: FARGATE + cpu: 512 + memory: 1024 + execution_role_arn: "{{ iam_execution_role.arn }}" + state: present + runtime_platform: + cpuArchitecture: "ARM64" + operatingSystemFamily: "LINUX" + vars: + ecs_task_host_port: 8080 + register: fargate_arm_task_definition_again + +- name: check that task definition for ARM does not change + assert: + that: + - not fargate_arm_task_definition_again.changed + +- name: delete task definition for ARM + ecs_taskdefinition: + containers: "{{ ecs_fargate_task_containers }}" + family: "{{ ecs_task_name }}-arm" + network_mode: awsvpc + launch_type: FARGATE + cpu: 512 + memory: 1024 + execution_role_arn: "{{ iam_execution_role.arn }}" + state: present + runtime_platform: + cpuArchitecture: "ARM64" + operatingSystemFamily: "LINUX" + vars: + ecs_task_host_port: 8080 # ============================================================ # End tests for Fargate diff --git a/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/99_terminate_everything.yml b/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/99_terminate_everything.yml index 7016f9e70..5d7ba5c72 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/99_terminate_everything.yml +++ b/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/99_terminate_everything.yml @@ -18,8 +18,6 @@ ignore_errors: true - name: scale down ECS service - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" ecs_service: state: present name: "{{ ecs_service_name }}" @@ -44,8 +42,6 @@ register: ecs_service_info - name: scale down second ECS service - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" ecs_service: state: present name: "{{ ecs_service_name }}2" @@ -62,8 +58,6 @@ register: ecs_service_scale_down - name: scale down multifunction-test service - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" ecs_service: name: "{{ ecs_service_name }}-mft" cluster: "{{ ecs_cluster_name }}" @@ -78,8 +72,6 @@ register: ecs_service_scale_down - name: scale down scheduling_strategy service - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" ecs_service: name: "{{ ecs_service_name }}-replica" cluster: "{{ ecs_cluster_name }}" @@ -94,8 +86,6 @@ register: ecs_service_scale_down - name: scale down Fargate ECS service - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" ecs_service: state: present name: "{{ ecs_service_name }}4" @@ -271,7 +261,7 @@ register: this_deletion - name: remove security groups - ec2_group: + ec2_security_group: name: '{{ item }}' description: 'created by Ansible integration tests' state: absent diff --git a/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/main.yml index 1d27cdc73..12d3cb52b 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/main.yml @@ -4,15 +4,15 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: - - include: 01_create_requirements.yml - - include: 10_ecs_cluster.yml - - include: 20_ecs_service.yml + - include_tasks: 01_create_requirements.yml + - include_tasks: 10_ecs_cluster.yml + - include_tasks: 20_ecs_service.yml always: - - include: 99_terminate_everything.yml + - include_tasks: 99_terminate_everything.yml diff --git a/ansible_collections/community/aws/tests/integration/targets/ecs_ecr/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ecs_ecr/tasks/main.yml index e0ce4f3f6..68750e06e 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ecs_ecr/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/ecs_ecr/tasks/main.yml @@ -2,9 +2,9 @@ - module_defaults: group/aws: region: "{{ aws_region }}" - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" block: - set_fact: @@ -15,7 +15,7 @@ register: aws_caller_info - name: create KMS key for testing - aws_kms: + kms_key: alias: "{{ resource_prefix }}-ecr" description: a key used for testing ECR state: present @@ -597,7 +597,7 @@ - name: it should use the provided KMS key assert: that: - - result.repository.encryptionConfiguration.kmsKey == '{{ kms_test_key.key_arn }}' + - result.repository.encryptionConfiguration.kmsKey == kms_test_key.key_arn always: @@ -607,6 +607,6 @@ state: absent - name: Delete KMS key - aws_kms: + kms_key: key_id: '{{ kms_test_key.key_arn }}' state: absent diff --git a/ansible_collections/community/aws/tests/integration/targets/ecs_tag/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ecs_tag/tasks/main.yml index fff9ee27d..2c5614eb8 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ecs_tag/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/ecs_tag/tasks/main.yml @@ -1,9 +1,9 @@ - module_defaults: group/aws: - aws_access_key: '{{ aws_access_key | default(omit) }}' - aws_secret_key: '{{ aws_secret_key | default(omit) }}' - security_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' + region: '{{ aws_region }}' collections: - amazon.aws block: @@ -73,7 +73,7 @@ assert: that: - taglist.changed == true - - taglist.added_tags.Name == "{{ resource_prefix }}" + - taglist.added_tags.Name == resource_prefix - taglist.added_tags.another == "foobar" - name: cluster tags - Add tags to cluster again @@ -162,8 +162,8 @@ assert: that: - taglist.changed == true - - taglist.added_tags.Name == "service-{{ resource_prefix }}" - - taglist.tags.Name == "service-{{ resource_prefix }}" + - "taglist.added_tags.Name == 'service-' ~ resource_prefix" + - "taglist.tags.Name == 'service-' ~ resource_prefix" - name: services tags - Add name tag again - see no change ecs_tag: @@ -179,7 +179,7 @@ assert: that: - taglist.changed == false - - taglist.tags.Name == "service-{{ resource_prefix }}" + - "taglist.tags.Name == 'service-' ~ resource_prefix" - name: service tags - remove service tags ecs_tag: @@ -215,8 +215,8 @@ assert: that: - taglist.changed == true - - taglist.added_tags.Name == "task_definition-{{ resource_prefix }}" - - taglist.tags.Name == "task_definition-{{ resource_prefix }}" + - "taglist.added_tags.Name == 'task_definition-' ~ resource_prefix" + - "taglist.tags.Name == 'task_definition-' ~ resource_prefix" - name: task_definition tags - Add name tag again - see no change ecs_tag: @@ -232,7 +232,7 @@ assert: that: - taglist.changed == false - - taglist.tags.Name == "task_definition-{{ resource_prefix }}" + - "taglist.tags.Name == 'task_definition-' ~ resource_prefix" - name: task_definition tags - remove task_definition tags ecs_tag: diff --git a/ansible_collections/community/aws/tests/integration/targets/efs/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/efs/tasks/main.yml index d2e9d4bee..bc23f3a11 100644 --- a/ansible_collections/community/aws/tests/integration/targets/efs/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/efs/tasks/main.yml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: @@ -41,7 +41,7 @@ register: testing_subnet_b - name: Get default security group id for vpc - ec2_group_info: + ec2_security_group_info: filters: vpc-id: "{{ testing_vpc.vpc.id }}" register: sg_facts @@ -98,7 +98,7 @@ - efs_result.efs[0].mount_targets[1].security_groups[0] == vpc_default_sg_id - assert: - that: "{{efs_result_assertions}}" + that: efs_result_assertions # ============================================================ - name: Get EFS by id @@ -107,7 +107,7 @@ register: efs_result - assert: - that: "{{efs_result_assertions}}" + that: efs_result_assertions # ============================================================ - name: Get EFS by tag @@ -117,7 +117,7 @@ register: efs_result - assert: - that: "{{efs_result_assertions}}" + that: efs_result_assertions # ============================================================ - name: Get EFS by target (subnet_id) @@ -127,7 +127,7 @@ register: efs_result - assert: - that: "{{efs_result_assertions}}" + that: efs_result_assertions # ============================================================ - name: Get EFS by target (security_group_id) @@ -137,7 +137,7 @@ register: efs_result - assert: - that: "{{efs_result_assertions}}" + that: efs_result_assertions # ============================================================ - name: Get EFS by tag and target @@ -149,7 +149,7 @@ register: efs_result - assert: - that: "{{efs_result_assertions}}" + that: efs_result_assertions # ============================================================ # Not checking efs_result.efs["throughput_mode"] here as @@ -231,7 +231,7 @@ - efs_result.efs[0].file_system_id == created_efs.efs.file_system_id - assert: - that: "{{efs_result_assertions}}" + that: efs_result_assertions # ============================================================ - name: Efs configure IA transition @@ -332,9 +332,9 @@ efs_tag: state: present resource: "{{ created_efs.efs.file_system_id }}" - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: "{{ aws_region }}" tags: check_mode_tag: 'this tag should not be applied' @@ -349,9 +349,9 @@ efs_tag: state: present resource: "{{ created_efs.efs.file_system_id }}" - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: "{{ aws_region }}" tags: "Title Case": 'Hello Cruel World' @@ -366,7 +366,7 @@ - efs_tag_result.tags.Env is defined - efs_tag_result.tags.Env is search("IntegrationTests") - efs_tag_result.tags.Name is defined - - efs_tag_result.tags.Name is search("{{ efs_name }}-test-tag") + - efs_tag_result.tags.Name is search(efs_name ~ '-test-tag') - efs_tag_result.tags["CamelCase"] == 'SimpleCamelCase' - efs_tag_result.tags["Title Case"] == 'Hello Cruel World' - efs_tag_result.tags["lowercase spaced"] == 'hello cruel world' @@ -377,9 +377,9 @@ efs_tag: state: present resource: "{{ created_efs.efs.file_system_id }}" - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: "{{ aws_region }}" tags: Env: IntegrationTests @@ -394,9 +394,9 @@ efs_tag: state: absent resource: "{{ created_efs.efs.file_system_id }}" - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: "{{ aws_region }}" tags: snake_case: 'simple_snake_case' @@ -412,9 +412,9 @@ efs_tag: state: present resource: "{{ created_efs.efs.file_system_id }}" - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: "{{ aws_region }}" tags: Env: OtherIntegrationTests @@ -430,9 +430,9 @@ efs_tag: state: present resource: "{{ created_efs.efs.file_system_id }}" - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: "{{ aws_region }}" tags: Env: OtherIntegrationTests @@ -448,9 +448,9 @@ efs_tag: state: absent resource: "{{ created_efs.efs.file_system_id }}" - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: "{{ aws_region }}" tags: "Title Case": 'Hello Cruel World' @@ -464,7 +464,7 @@ - efs_tag_result.tags.Env is defined - efs_tag_result.tags.Env is search("IntegrationTests") - efs_tag_result.tags.Name is defined - - efs_tag_result.tags.Name is search("{{ efs_name }}-test-tag") + - efs_tag_result.tags.Name is search(efs_name ~ '-test-tag') - not efs_tag_result.tags["CamelCase"] is defined - not efs_tag_result.tags["Title Case"] is defined - not efs_tag_result.tags["lowercase spaced"] is defined @@ -474,9 +474,9 @@ efs_tag: state: absent resource: "{{ created_efs.efs.file_system_id }}" - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: "{{ aws_region }}" tags: snake_case: 'simple_snake_case' @@ -491,9 +491,9 @@ state: absent resource: "{{ created_efs.efs.file_system_id }}" region: "{{ aws_region }}" - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' tags: {} purge_tags: true register: efs_tag_result diff --git a/ansible_collections/community/aws/tests/integration/targets/eks_cluster/tasks/full_test.yml b/ansible_collections/community/aws/tests/integration/targets/eks_cluster/tasks/full_test.yml index e3aca2863..71cc1fc87 100644 --- a/ansible_collections/community/aws/tests/integration/targets/eks_cluster/tasks/full_test.yml +++ b/ansible_collections/community/aws/tests/integration/targets/eks_cluster/tasks/full_test.yml @@ -4,12 +4,12 @@ # If us-west-1 does become supported, change this test to use an unsupported region # or if all regions are supported, delete this test - name: attempt to use eks in unsupported region - aws_eks_cluster: + eks_cluster: name: "{{ eks_cluster_name }}" state: absent - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: us-west-1 register: aws_eks_unsupported_region ignore_errors: yes @@ -21,7 +21,7 @@ - '"msg" in aws_eks_unsupported_region' - name: delete an as yet non-existent EKS cluster - aws_eks_cluster: + eks_cluster: name: "{{ eks_cluster_name }}" state: absent register: aws_eks_delete_non_existent @@ -64,7 +64,7 @@ - "{{ eks_subnets }}" - name: create security groups to use for EKS - ec2_group: + ec2_security_group: name: "{{ item.name }}" description: "{{ item.description }}" state: present @@ -75,7 +75,7 @@ register: setup_security_groups - name: create EKS cluster - aws_eks_cluster: + eks_cluster: name: "{{ eks_cluster_name }}" security_groups: "{{ eks_security_groups | map(attribute='name') }}" subnets: "{{ setup_subnets.results | map(attribute='subnet.id') }}" @@ -93,7 +93,7 @@ - eks_create.tags.another == "foobar" - name: create EKS cluster with same details but wait for it to become active - aws_eks_cluster: + eks_cluster: name: "{{ eks_cluster_name }}" security_groups: "{{ eks_security_groups | map(attribute='name') }}" subnets: "{{ setup_subnets.results | map(attribute='subnet.id') }}" @@ -113,7 +113,7 @@ - eks_create.endpoint != "" - name: create EKS cluster with same details but using SG ids - aws_eks_cluster: + eks_cluster: name: "{{ eks_cluster_name }}" security_groups: "{{ setup_security_groups.results | map(attribute='group_id') }}" subnets: "{{ setup_subnets.results | map(attribute='subnet.id') }}" @@ -127,7 +127,7 @@ - eks_create.name == eks_cluster_name - name: remove EKS cluster, waiting until complete - aws_eks_cluster: + eks_cluster: name: "{{ eks_cluster_name }}" state: absent wait: yes @@ -139,7 +139,7 @@ - eks_delete is changed - name: create EKS cluster with same details but wait for it to become active - aws_eks_cluster: + eks_cluster: name: "{{ eks_cluster_name }}" security_groups: "{{ eks_security_groups | map(attribute='name') }}" subnets: "{{ setup_subnets.results | map(attribute='subnet.id') }}" @@ -154,7 +154,7 @@ - eks_create.name == eks_cluster_name - name: remove EKS cluster, without waiting this time - aws_eks_cluster: + eks_cluster: name: "{{ eks_cluster_name }}" state: absent register: eks_delete @@ -165,7 +165,7 @@ - eks_delete is changed - name: create EKS cluster with short name - aws_eks_cluster: + eks_cluster: name: "{{ eks_cluster_short_name }}" security_groups: "{{ eks_security_groups | map(attribute='name') }}" subnets: "{{ setup_subnets.results | map(attribute='subnet.id') }}" @@ -180,7 +180,7 @@ - eks_create is not failed - name: remove EKS cluster with short name - aws_eks_cluster: + eks_cluster: name: "{{ eks_cluster_short_name }}" state: absent wait: yes @@ -192,7 +192,7 @@ msg: "***** TESTING COMPLETE. COMMENCE TEARDOWN *****" - name: remove EKS cluster - aws_eks_cluster: + eks_cluster: name: "{{ eks_cluster_name }}" state: absent wait: yes @@ -200,7 +200,7 @@ ignore_errors: yes - name: remove EKS cluster - aws_eks_cluster: + eks_cluster: name: "{{ eks_cluster_short_name }}" state: absent wait: yes @@ -216,7 +216,7 @@ - name: "{{ eks_cluster_name }}-workers-sg" - name: set all security group rule lists to empty to remove circular dependency - ec2_group: + ec2_security_group: name: "{{ item.name }}" description: "{{ item.description }}" state: present @@ -229,7 +229,7 @@ ignore_errors: yes - name: remove security groups - ec2_group: + ec2_security_group: name: '{{ item.name }}' state: absent vpc_id: '{{ setup_vpc.vpc.id }}' diff --git a/ansible_collections/community/aws/tests/integration/targets/eks_cluster/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/eks_cluster/tasks/main.yml index 61aa32cd1..0f414f56f 100644 --- a/ansible_collections/community/aws/tests/integration/targets/eks_cluster/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/eks_cluster/tasks/main.yml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: - include_tasks: full_test.yml diff --git a/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/cleanup_eks_cluster.yml b/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/cleanup_eks_cluster.yml index d30761fa3..21adb30a8 100644 --- a/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/cleanup_eks_cluster.yml +++ b/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/cleanup_eks_cluster.yml @@ -5,7 +5,7 @@ ignore_errors: true - name: remove EKS cluster - aws_eks_cluster: + eks_cluster: name: '{{ eks_cluster_name }}' state: absent wait: 'yes' @@ -17,7 +17,7 @@ - name: '{{ eks_cluster_name }}-workers-sg' - name: set all security group rule lists to empty to remove circular dependency - ec2_group: + ec2_security_group: name: '{{ item.name }}' description: '{{ item.description }}' state: present @@ -30,7 +30,7 @@ ignore_errors: 'yes' - name: remove security groups - ec2_group: + ec2_security_group: name: '{{ item.name }}' state: absent vpc_id: '{{ setup_vpc.vpc.id }}' diff --git a/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/create_eks_cluster.yml b/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/create_eks_cluster.yml index d5affa5b5..48fbbef80 100644 --- a/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/create_eks_cluster.yml +++ b/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/create_eks_cluster.yml @@ -72,7 +72,7 @@ register: nat_route_table - name: create security groups to use for EKS - ec2_group: + ec2_security_group: name: '{{ item.name }}' description: '{{ item.description }}' state: present @@ -83,7 +83,7 @@ register: setup_security_groups - name: create EKS cluster - aws_eks_cluster: + eks_cluster: name: '{{ eks_cluster_name }}' security_groups: '{{ eks_security_groups | map(attribute=''name'') }}' subnets: '{{ setup_subnets.results | map(attribute=''subnet.id'') }}' @@ -94,4 +94,4 @@ - name: check that EKS cluster was created assert: that: - - eks_create.name == eks_cluster_name
\ No newline at end of file + - eks_create.name == eks_cluster_name diff --git a/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/main.yaml b/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/main.yaml index 77298dc81..d6606e3db 100644 --- a/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/main.yaml +++ b/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/main.yaml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: - include_tasks: create_eks_cluster.yml diff --git a/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/aliases b/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/aliases index 0b84301d7..1809e989b 100644 --- a/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/aliases +++ b/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/aliases @@ -1 +1,2 @@ -cloud/aws
\ No newline at end of file +cloud/aws +time=30m diff --git a/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/cleanup.yml b/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/cleanup.yml index ff841f0f5..8bdb5bad4 100644 --- a/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/cleanup.yml +++ b/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/cleanup.yml @@ -5,7 +5,7 @@ ignore_errors: yes - name: remove EKS cluster - aws_eks_cluster: + eks_cluster: name: '{{ eks_cluster_name }}' state: absent wait: 'yes' @@ -17,7 +17,7 @@ - name: '{{ eks_cluster_name }}-workers-sg' - name: set all security group rule lists to empty to remove circular dependency - ec2_group: + ec2_security_group: name: '{{ item.name }}' description: '{{ item.description }}' state: present @@ -30,7 +30,7 @@ ignore_errors: 'yes' - name: remove security groups - ec2_group: + ec2_security_group: name: '{{ item.name }}' state: absent vpc_id: '{{ setup_vpc.vpc.id }}' @@ -74,10 +74,10 @@ state: absent vpc_id: '{{ setup_vpc.vpc.id}}' ignore_errors: 'yes' - + - name: remove setup VPC ec2_vpc_net: cidr_block: 10.0.0.0/16 state: absent name: '{{ resource_prefix }}_aws_eks' - ignore_errors: 'yes'
\ No newline at end of file + ignore_errors: 'yes' diff --git a/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/dependecies.yml b/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/dependecies.yml index dd6efd27a..882d45dd7 100644 --- a/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/dependecies.yml +++ b/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/dependecies.yml @@ -2,7 +2,7 @@ # This space was a copy by aws_eks_cluster integration test - name: ensure IAM instance role exists iam_role: - name: ansible-test-eks_cluster_role + name: ansible-test-{{ tiny_prefix }}-eks_nodegroup-cluster assume_role_policy_document: '{{ lookup(''file'',''eks-trust-policy.json'') }}' state: present create_instance_profile: 'no' @@ -44,7 +44,7 @@ community.aws.ec2_vpc_route_table: vpc_id: '{{ setup_vpc.vpc.id }}' tags: - Name: EKS + Name: "EKS-ng-{{ tiny_prefix }}" subnets: '{{ setup_subnets.results | map(attribute=''subnet.id'') }}' routes: - dest: 0.0.0.0/0 @@ -52,7 +52,7 @@ register: public_route_table - name: create security groups to use for EKS - ec2_group: + ec2_security_group: name: '{{ item.name }}' description: '{{ item.description }}' state: present @@ -63,7 +63,7 @@ register: setup_security_groups - name: create EKS cluster - aws_eks_cluster: + eks_cluster: name: '{{ eks_cluster_name }}' security_groups: '{{ eks_security_groups | map(attribute=''name'') }}' subnets: '{{ setup_subnets.results | map(attribute=''subnet.id'') }}' @@ -77,9 +77,9 @@ - eks_create.name == eks_cluster_name # Dependecies to eks nodegroup -- name: create IAM instance role +- name: create IAM instance role iam_role: - name: 'ansible-test-eks_nodegroup' + name: 'ansible-test-{{ tiny_prefix }}-eks_nodegroup-ng' assume_role_policy_document: '{{ lookup(''file'',''eks-nodegroup-trust-policy.json'') }}' state: present create_instance_profile: no diff --git a/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/full_test.yml b/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/full_test.yml index dcb35d2d1..9accc8e8f 100644 --- a/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/full_test.yml +++ b/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/full_test.yml @@ -445,7 +445,6 @@ state: absent cluster_name: '{{ eks_cluster_name }}' register: eks_nodegroup_result - check_mode: True - name: check that eks_nodegroup is not changed (idempotency) assert: @@ -578,9 +577,21 @@ cluster_name: '{{ eks_cluster_name }}' wait: True register: eks_nodegroup_result - check_mode: True - name: check that eks_nodegroup is not changed (idempotency) assert: that: - - eks_nodegroup_result is not changed
\ No newline at end of file + - eks_nodegroup_result is not changed + +- name: wait for deletion of name_a nodegroup (idempotency) + eks_nodegroup: + name: '{{ eks_nodegroup_name_a }}' + state: absent + cluster_name: '{{ eks_cluster_name }}' + wait: True + register: eks_nodegroup_result + +- name: check that eks_nodegroup is not changed (idempotency) + assert: + that: + - eks_nodegroup_result is not changed diff --git a/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/main.yml index 9f896bec6..5c1a76f57 100644 --- a/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/main.yml @@ -5,9 +5,9 @@ - amozon.community module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: - include_tasks: dependecies.yml diff --git a/ansible_collections/community/aws/tests/integration/targets/elasticache/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/elasticache/tasks/main.yml index 31ae3d9cf..9664a70f1 100644 --- a/ansible_collections/community/aws/tests/integration/targets/elasticache/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/elasticache/tasks/main.yml @@ -3,9 +3,9 @@ - name: Integration testing for the elasticache module module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' collections: - amazon.aws @@ -60,11 +60,11 @@ that: - elasticache_redis is changed - elasticache_redis.elasticache.data is defined - - elasticache_redis.elasticache.name == "{{ elasticache_redis_test_name }}" - - elasticache_redis.elasticache.data.CacheSubnetGroupName == "{{ elasticache_subnet_group_name }}" + - elasticache_redis.elasticache.name == elasticache_redis_test_name + - elasticache_redis.elasticache.data.CacheSubnetGroupName == elasticache_subnet_group_name - name: Add security group for Redis access in Elasticache - ec2_group: + ec2_security_group: name: "{{ elasticache_redis_sg_name }}" description: Allow access to Elasticache Redis for testing EC module vpc_id: "{{ elasticache_vpc.vpc.id }}" @@ -186,7 +186,7 @@ state: absent - name: Make sure Redis Security Group is deleted again - ec2_group: + ec2_security_group: name: "{{ elasticache_redis_sg_name }}" state: absent diff --git a/ansible_collections/community/aws/tests/integration/targets/elasticache_subnet_group/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/elasticache_subnet_group/tasks/main.yml index 5814f9dc9..921a37eb0 100644 --- a/ansible_collections/community/aws/tests/integration/targets/elasticache_subnet_group/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/elasticache_subnet_group/tasks/main.yml @@ -8,9 +8,9 @@ # - module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: diff --git a/ansible_collections/community/aws/tests/integration/targets/elasticbeanstalk_app/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/elasticbeanstalk_app/tasks/main.yml index d90a7ce8d..e1deb9df9 100644 --- a/ansible_collections/community/aws/tests/integration/targets/elasticbeanstalk_app/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/elasticbeanstalk_app/tasks/main.yml @@ -4,15 +4,15 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: # ============================================================ - name: test with no parameters - aws_elasticbeanstalk_app: + elasticbeanstalk_app: register: result ignore_errors: true @@ -23,7 +23,7 @@ # ============================================================ - name: test create app - aws_elasticbeanstalk_app: + elasticbeanstalk_app: app_name: "{{ app_name }}" description: "{{ description }}" state: present @@ -36,7 +36,7 @@ # ============================================================ - name: test create when app already exists - aws_elasticbeanstalk_app: + elasticbeanstalk_app: app_name: "{{ app_name }}" description: "{{ description }}" state: present @@ -49,7 +49,7 @@ # ============================================================ - name: make an update to an existing app - aws_elasticbeanstalk_app: + elasticbeanstalk_app: app_name: "{{ app_name }}" description: "{{ alternate_description }}" state: present @@ -62,7 +62,7 @@ # # ============================================================ # - name: fail deleting an app that has environments that exist -# aws_elasticbeanstalk_app: +# elasticbeanstalk_app: # app_name: "non_app" # state: absent # register: result @@ -75,7 +75,7 @@ # # ============================================================ # - name: deleting an app that has environments that exist with terminate_by_force True -# aws_elasticbeanstalk_app: +# elasticbeanstalk_app: # app_name: "non_app" # state: absent # terminate_by_force: True @@ -98,7 +98,7 @@ # # ============================================================ # - name: deleting an app that has environments that exist with terminate_by_force True -# aws_elasticbeanstalk_app: +# elasticbeanstalk_app: # app_name: "non_app" # state: absent # terminate_by_force: True @@ -111,7 +111,7 @@ # # ============================================================ - name: delete non existent app - aws_elasticbeanstalk_app: + elasticbeanstalk_app: app_name: "non_app" state: absent register: result @@ -125,7 +125,7 @@ # ============================================================ - name: delete existing app - aws_elasticbeanstalk_app: + elasticbeanstalk_app: app_name: "{{ app_name }}" state: absent register: result @@ -140,6 +140,6 @@ always: - name: delete existing app - aws_elasticbeanstalk_app: + elasticbeanstalk_app: app_name: "{{ app_name }}" state: absent diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_classic_lb_info/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/elb_classic_lb_info/tasks/main.yml index e4cd8144b..b09e88072 100644 --- a/ansible_collections/community/aws/tests/integration/targets/elb_classic_lb_info/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/elb_classic_lb_info/tasks/main.yml @@ -18,10 +18,10 @@ - module_defaults: group/aws: - region: "{{ ec2_region }}" - ec2_access_key: "{{ ec2_access_key }}" - ec2_secret_key: "{{ ec2_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + region: "{{ aws_region }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" block: # ============================================================ @@ -32,8 +32,8 @@ name: "{{ elb_name }}" state: present zones: - - "{{ ec2_region }}a" - - "{{ ec2_region }}b" + - "{{ aws_region }}a" + - "{{ aws_region }}b" listeners: - protocol: http load_balancer_port: 80 @@ -55,8 +55,8 @@ that: - create is changed # We rely on these for the info test, make sure they're what we expect - - '"{{ ec2_region }}a" in create.elb.zones' - - '"{{ ec2_region }}b" in create.elb.zones' + - aws_region ~ 'a' in create.elb.zones + - aws_region ~ 'b' in create.elb.zones - create.elb.health_check.healthy_threshold == 10 - create.elb.health_check.interval == 30 - create.elb.health_check.target == "HTTP:80/index.html" @@ -74,8 +74,8 @@ that: - info.elbs|length == 1 - elb.availability_zones|length == 2 - - '"{{ ec2_region }}a" in elb.availability_zones' - - '"{{ ec2_region }}b" in elb.availability_zones' + - aws_region ~ 'a' in elb.availability_zones + - aws_region ~ 'b' in elb.availability_zones - elb.health_check.healthy_threshold == 10 - elb.health_check.interval == 30 - elb.health_check.target == "HTTP:80/index.html" @@ -115,7 +115,7 @@ name: "{{ elb_name }}" state: present zones: - - "{{ ec2_region }}c" + - "{{ aws_region }}c" listeners: - protocol: http load_balancer_port: 80 @@ -134,7 +134,7 @@ - assert: that: - update_az is changed - - update_az.elb.zones[0] == "{{ ec2_region }}c" + - update_az.elb.zones[0] == aws_region ~ 'c' - name: Get ELB info after changing AZ's elb_classic_lb_info: @@ -144,7 +144,7 @@ - assert: that: - elb.availability_zones|length == 1 - - '"{{ ec2_region }}c" in elb.availability_zones[0]' + - aws_region ~ 'c' in elb.availability_zones[0] vars: elb: "{{ info.elbs[0] }}" @@ -157,9 +157,9 @@ name: "{{ elb_name }}" state: present zones: - - "{{ ec2_region }}a" - - "{{ ec2_region }}b" - - "{{ ec2_region }}c" + - "{{ aws_region }}a" + - "{{ aws_region }}b" + - "{{ aws_region }}c" listeners: - protocol: http load_balancer_port: 80 @@ -170,9 +170,9 @@ - assert: that: - update_az is changed - - '"{{ ec2_region }}a" in update_az.elb.zones' - - '"{{ ec2_region }}b" in update_az.elb.zones' - - '"{{ ec2_region }}c" in update_az.elb.zones' + - aws_region ~ 'a' in update_az.elb.zones + - aws_region ~ 'b' in update_az.elb.zones + - aws_region ~ 'c' in update_az.elb.zones - name: Get ELB info after updating AZ's elb_classic_lb_info: @@ -182,9 +182,9 @@ - assert: that: - elb.availability_zones|length == 3 - - '"{{ ec2_region }}a" in elb.availability_zones' - - '"{{ ec2_region }}b" in elb.availability_zones' - - '"{{ ec2_region }}c" in elb.availability_zones' + - aws_region ~ 'a' in elb.availability_zones + - aws_region ~ 'b' in elb.availability_zones + - aws_region ~ 'c' in elb.availability_zones vars: elb: "{{ info.elbs[0] }}" @@ -197,9 +197,9 @@ name: "{{ elb_name }}" state: present zones: - - "{{ ec2_region }}a" - - "{{ ec2_region }}b" - - "{{ ec2_region }}c" + - "{{ aws_region }}a" + - "{{ aws_region }}b" + - "{{ aws_region }}c" listeners: - protocol: http load_balancer_port: 80 @@ -235,9 +235,9 @@ name: "{{ elb_name }}" state: present zones: - - "{{ ec2_region }}a" - - "{{ ec2_region }}b" - - "{{ ec2_region }}c" + - "{{ aws_region }}a" + - "{{ aws_region }}b" + - "{{ aws_region }}c" listeners: - protocol: http load_balancer_port: 8081 diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/cleanup_instances.yml b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/cleanup_instances.yml index 7ae91ac00..262bc99b2 100644 --- a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/cleanup_instances.yml +++ b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/cleanup_instances.yml @@ -9,14 +9,14 @@ ignore_errors: true - name: Delete ASG - ec2_asg: + autoscaling_group: name: '{{ asg_name }}' state: absent ignore_errors: true register: ec2_asg_a - name: Delete Launch Template - ec2_lc: + autoscaling_launch_config: name: '{{ lc_name }}' state: absent ignore_errors: true diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/cleanup_vpc.yml b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/cleanup_vpc.yml index 9abeb74a2..754b685f6 100644 --- a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/cleanup_vpc.yml +++ b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/cleanup_vpc.yml @@ -1,6 +1,6 @@ --- - name: delete security groups - ec2_group: + ec2_security_group: name: '{{ item }}' state: absent ignore_errors: true diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/main.yml index 247b6f6b6..3ab9be64d 100644 --- a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/main.yml @@ -2,9 +2,9 @@ - module_defaults: group/aws: region: "{{ aws_region }}" - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" collections: - community.aws - amazon.aws diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/manage_asgs.yml b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/manage_asgs.yml index f0e9db601..ea726b8fe 100644 --- a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/manage_asgs.yml +++ b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/manage_asgs.yml @@ -1,6 +1,6 @@ --- - name: Get ASG info - ec2_asg_info: + autoscaling_group_info: name: "{{ asg_name }}$" register: asg_info diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/setup_instances.yml b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/setup_instances.yml index b89b38d20..455a9886b 100644 --- a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/setup_instances.yml +++ b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/setup_instances.yml @@ -25,7 +25,7 @@ instance_b: "{{ ec2_instance_b.instance_ids[0] }}" - name: Create a Launch Template - ec2_lc: + autoscaling_launch_config: name: "{{ lc_name }}" image_id: "{{ ec2_ami_id }}" security_groups: "{{ sg_a }}" @@ -34,7 +34,7 @@ register: ec2_lc_a - name: Create an ASG - ec2_asg: + autoscaling_group: name: "{{ asg_name }}" load_balancers: - "{{ elb_name_1 }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/setup_vpc.yml b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/setup_vpc.yml index 26fafa41c..60c85b8eb 100644 --- a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/setup_vpc.yml +++ b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/setup_vpc.yml @@ -32,7 +32,7 @@ register: setup_subnet_2 - name: create a security group - ec2_group: + ec2_security_group: name: '{{ sg_name_1 }}' description: 'created by Ansible integration tests' state: present @@ -45,7 +45,7 @@ register: setup_sg_1 - name: create a security group - ec2_group: + ec2_security_group: name: '{{ sg_name_2 }}' description: 'created by Ansible integration tests' state: present diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/main.yml index cf0a13ec4..e277fffd7 100644 --- a/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/main.yml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: @@ -89,7 +89,7 @@ gateway_id: "{{ igw.gateway_id }}" register: route_table - - ec2_group: + - ec2_security_group: name: "{{ resource_prefix }}" description: "security group for Ansible NLB integration tests" state: present @@ -173,7 +173,7 @@ ignore_errors: yes - name: destroy sec group - ec2_group: + ec2_security_group: name: "{{ sec_group.group_name }}" description: "security group for Ansible NLB integration tests" state: absent diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/test_nlb_tags.yml b/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/test_nlb_tags.yml index b55a0777f..f1e920de8 100644 --- a/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/test_nlb_tags.yml +++ b/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/test_nlb_tags.yml @@ -34,7 +34,7 @@ - assert: that: - nlb.changed - - 'nlb.tags.created_by == "NLB test {{ resource_prefix }}"' + - nlb.tags.created_by == 'NLB test ' ~ resource_prefix - name: test tags are not removed if unspecified elb_network_lb: @@ -46,7 +46,7 @@ - assert: that: - not nlb.changed - - 'nlb.tags.created_by == "NLB test {{ resource_prefix }}"' + - nlb.tags.created_by == 'NLB test ' ~ resource_prefix - name: remove tags from NLB elb_network_lb: diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/test_nlb_with_asg.yml b/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/test_nlb_with_asg.yml index 06fab22b5..295e5e469 100644 --- a/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/test_nlb_with_asg.yml +++ b/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/test_nlb_with_asg.yml @@ -1,17 +1,17 @@ - block: # create instances - - ec2_asg: + - autoscaling_group: state: absent name: "{{ resource_prefix }}-webservers" wait_timeout: 900 - - ec2_lc: + - autoscaling_launch_config: name: "{{ resource_prefix }}-web-lcfg" state: absent - name: Create launch config for testing - ec2_lc: + autoscaling_launch_config: name: "{{ resource_prefix }}-web-lcfg" assign_public_ip: true image_id: "{{ ec2_ami_id }}" @@ -31,7 +31,7 @@ delete_on_termination: true - name: Create autoscaling group for app server fleet - ec2_asg: + autoscaling_group: name: "{{ resource_prefix }}-webservers" vpc_zone_identifier: "{{ nlb_subnets }}" launch_config_name: "{{ resource_prefix }}-web-lcfg" @@ -50,13 +50,13 @@ always: - - ec2_asg: + - autoscaling_group: state: absent name: "{{ resource_prefix }}-webservers" wait_timeout: 900 ignore_errors: yes - - ec2_lc: + - autoscaling_launch_config: name: "{{ resource_prefix }}-web-lcfg" state: absent ignore_errors: yes diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_target/files/ansible_lambda_target.py b/ansible_collections/community/aws/tests/integration/targets/elb_target/files/ansible_lambda_target.py index 3ea22472e..d652d6097 100644 --- a/ansible_collections/community/aws/tests/integration/targets/elb_target/files/ansible_lambda_target.py +++ b/ansible_collections/community/aws/tests/integration/targets/elb_target/files/ansible_lambda_target.py @@ -1,10 +1,10 @@ -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import +from __future__ import division +from __future__ import print_function + __metaclass__ = type import json def lambda_handler(event, context): - return { - 'statusCode': 200, - 'body': json.dumps('Hello from Lambda!') - } + return {"statusCode": 200, "body": json.dumps("Hello from Lambda!")} diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/alb_target.yml b/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/alb_target.yml index d3638a63c..446b59031 100644 --- a/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/alb_target.yml +++ b/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/alb_target.yml @@ -51,7 +51,7 @@ register: route_table - name: create testing security group - ec2_group: + ec2_security_group: name: "{{ resource_prefix }}-sg" description: a security group for ansible tests vpc_id: "{{ vpc.vpc.id }}" @@ -177,7 +177,7 @@ ignore_errors: true - name: remove testing security group - ec2_group: + ec2_security_group: state: absent name: "{{ resource_prefix }}-sg" register: removed diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/ec2_target.yml b/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/ec2_target.yml index 611aca26f..20931f1d7 100644 --- a/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/ec2_target.yml +++ b/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/ec2_target.yml @@ -58,7 +58,7 @@ register: route_table - name: create testing security group - ec2_group: + ec2_security_group: name: "{{ resource_prefix }}-sg" description: a security group for ansible tests vpc_id: "{{ vpc.vpc.id }}" @@ -147,7 +147,7 @@ - result.health_check_protocol == 'TCP' - '"tags" in result' - '"target_group_arn" in result' - - result.target_group_name == "{{ tg_name }}-nlb" + - result.target_group_name == tg_name ~ '-nlb' - result.target_type == 'instance' - result.deregistration_delay_timeout_seconds == '60' - result.deregistration_delay_connection_termination_enabled @@ -214,7 +214,7 @@ - '"load_balancer_arn" in result' - '"tags" in result' - result.type == 'network' - - result.vpc_id == '{{ vpc.vpc.id }}' + - result.vpc_id == vpc.vpc.id - name: modify up testing target group for NLB (preserve_client_ip_enabled=false) elb_target_group: @@ -603,7 +603,7 @@ ignore_errors: true - name: remove testing security group - ec2_group: + ec2_security_group: state: absent name: "{{ resource_prefix }}-sg" register: removed diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/main.yml index e99118c64..8f03edfa8 100644 --- a/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/main.yml @@ -2,9 +2,9 @@ - name: set up elb_target test prerequisites module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" collections: - community.general diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_target_info/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/elb_target_info/tasks/main.yml index fc11cdbcd..fadce2135 100644 --- a/ansible_collections/community/aws/tests/integration/targets/elb_target_info/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/elb_target_info/tasks/main.yml @@ -2,9 +2,9 @@ - name: set up elb_target_info test prerequisites module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" collections: - amazon.aws @@ -66,7 +66,7 @@ register: route_table - name: create testing security group - ec2_group: + ec2_security_group: name: "{{ resource_prefix }}-sg" description: a security group for ansible tests vpc_id: "{{ vpc.vpc.id }}" @@ -207,9 +207,9 @@ - assert: that: - - "{{ alb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn')) }}" - - "{{ nlb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn')) }}" - - "{{ idle_target_group.target_group_arn not in (target_facts.instance_target_groups | map(attribute='target_group_arn')) }}" + - "alb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn'))" + - "nlb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn'))" + - "idle_target_group.target_group_arn not in (target_facts.instance_target_groups | map(attribute='target_group_arn'))" - (target_facts.instance_target_groups | length) == 2 msg: "target facts showed the target in the right target groups" @@ -228,9 +228,9 @@ - assert: that: - - "{{ alb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn')) }}" - - "{{ nlb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn')) }}" - - "{{ idle_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn')) }}" + - "alb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn'))" + - "nlb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn'))" + - "idle_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn'))" - (target_facts.instance_target_groups | length) == 3 msg: "target facts reflected the addition of the target to the idle group" @@ -242,9 +242,9 @@ - assert: that: - - "{{ alb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn')) }}" - - "{{ nlb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn')) }}" - - "{{ idle_target_group.target_group_arn not in (target_facts.instance_target_groups | map(attribute='target_group_arn')) }}" + - "alb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn'))" + - "nlb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn'))" + - "idle_target_group.target_group_arn not in (target_facts.instance_target_groups | map(attribute='target_group_arn'))" - (target_facts.instance_target_groups | length) == 2 msg: "target_facts.instance_target_groups did not gather unused target groups when variable was set" @@ -407,7 +407,7 @@ ignore_errors: true - name: remove testing security group - ec2_group: + ec2_security_group: state: absent name: "{{ resource_prefix }}-sg" description: a security group for ansible tests diff --git a/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/main.yml index 837f9bd17..c11b297af 100644 --- a/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/main.yml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" block: - include_tasks: test_connection_network.yml diff --git a/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/test_connection_jdbc.yml b/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/test_connection_jdbc.yml index 966d8156f..a3b052ba9 100644 --- a/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/test_connection_jdbc.yml +++ b/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/test_connection_jdbc.yml @@ -5,7 +5,7 @@ # TODO: description, match_criteria, security_groups, and subnet_id are unused module options - name: create glue connection - aws_glue_connection: + glue_connection: name: "{{ resource_prefix }}" connection_properties: JDBC_CONNECTION_URL: "jdbc:mysql://mydb:3306/{{ resource_prefix }}" @@ -19,7 +19,7 @@ - result.changed - name: test idempotence creating glue connection - aws_glue_connection: + glue_connection: name: "{{ resource_prefix }}" connection_properties: JDBC_CONNECTION_URL: "jdbc:mysql://mydb:3306/{{ resource_prefix }}" @@ -33,7 +33,7 @@ - not result.changed - name: test updating JDBC connection url - aws_glue_connection: + glue_connection: name: "{{ resource_prefix }}" connection_properties: JDBC_CONNECTION_URL: "jdbc:mysql://mydb:3306/{{ resource_prefix }}-updated" @@ -47,7 +47,7 @@ - result.changed - name: delete glue connection - aws_glue_connection: + glue_connection: name: "{{ resource_prefix }}" state: absent register: result @@ -57,7 +57,7 @@ - result.changed - name: test idempotence removing glue connection - aws_glue_connection: + glue_connection: name: "{{ resource_prefix }}" state: absent register: result @@ -69,6 +69,6 @@ always: - name: delete glue connection - aws_glue_connection: + glue_connection: name: "{{ resource_prefix }}" state: absent diff --git a/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/test_connection_network.yml b/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/test_connection_network.yml index 230015585..bc7d5cb4c 100644 --- a/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/test_connection_network.yml +++ b/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/test_connection_network.yml @@ -26,7 +26,7 @@ register: glue_subnet_a - name: Create security group 1 - ec2_group: + ec2_security_group: name: "{{ resource_prefix }}-sg-glue-1" description: A security group for Ansible tests vpc_id: "{{ glue_vpc.vpc.id }}" @@ -37,7 +37,7 @@ rule_desc: Connections from Glue - name: Create security group 2 - ec2_group: + ec2_security_group: name: "{{ resource_prefix }}-sg-glue-2" description: A security group for Ansible tests vpc_id: "{{ glue_vpc.vpc.id }}" @@ -48,7 +48,7 @@ rule_desc: Connections from Glue - name: Create Glue connection (check mode) - aws_glue_connection: + glue_connection: name: "{{ resource_prefix }}" availability_zone: "{{ aws_region }}a" connection_properties: @@ -69,7 +69,7 @@ - glue_connection_check.description is not defined - name: Create Glue connection - aws_glue_connection: + glue_connection: name: "{{ resource_prefix }}" availability_zone: "{{ aws_region }}a" connection_properties: @@ -109,7 +109,7 @@ - glue_connection.raw_connection_properties == connection_info["Connection"]["ConnectionProperties"] - name: Create Glue connection (idempotent) (check mode) - aws_glue_connection: + glue_connection: name: "{{ resource_prefix }}" availability_zone: "{{ aws_region }}a" connection_properties: @@ -149,7 +149,7 @@ - connection_info_idempotent_check["Connection"]["PhysicalConnectionRequirements"]["AvailabilityZone"] == connection_info["Connection"]["PhysicalConnectionRequirements"]["AvailabilityZone"] - name: Create Glue connection (idempotent) - aws_glue_connection: + glue_connection: name: "{{ resource_prefix }}" availability_zone: "{{ aws_region }}a" connection_properties: @@ -188,7 +188,7 @@ - connection_info_idempotent["Connection"]["PhysicalConnectionRequirements"]["AvailabilityZone"] == connection_info["Connection"]["PhysicalConnectionRequirements"]["AvailabilityZone"] - name: Update Glue connection (check mode) - aws_glue_connection: + glue_connection: name: "{{ resource_prefix }}" availability_zone: "{{ aws_region }}a" connection_properties: @@ -229,7 +229,7 @@ - glue_connection_update_check.raw_connection_properties == connection_info_update_check["Connection"]["ConnectionProperties"] - name: Update Glue connection - aws_glue_connection: + glue_connection: name: "{{ resource_prefix }}" availability_zone: "{{ aws_region }}a" connection_properties: @@ -269,7 +269,7 @@ - glue_connection_update.raw_connection_properties == connection_info_update["Connection"]["ConnectionProperties"] - name: Delete Glue connection (check mode) - aws_glue_connection: + glue_connection: name: "{{ resource_prefix }}" state: absent check_mode: true @@ -295,7 +295,7 @@ - connection_info["Connection"]["Name"] == connection_info_delete_check["Connection"]["Name"] - name: Delete Glue connection - aws_glue_connection: + glue_connection: name: "{{ resource_prefix }}" state: absent register: glue_connection_delete @@ -307,17 +307,17 @@ always: - name: Delete Glue connection - aws_glue_connection: + glue_connection: name: "{{ resource_prefix }}" state: absent ignore_errors: true - name: Delete security group 1 - ec2_group: + ec2_security_group: name: "{{ resource_prefix }}-sg-glue-1" state: absent ignore_errors: true - name: Delete security group 2 - ec2_group: + ec2_security_group: name: "{{ resource_prefix }}-sg-glue-2" state: absent ignore_errors: true diff --git a/ansible_collections/community/aws/tests/integration/targets/glue_crawler/aliases b/ansible_collections/community/aws/tests/integration/targets/glue_crawler/aliases index 4ef4b2067..21fa9fd98 100644 --- a/ansible_collections/community/aws/tests/integration/targets/glue_crawler/aliases +++ b/ansible_collections/community/aws/tests/integration/targets/glue_crawler/aliases @@ -1 +1,4 @@ cloud/aws + +disabled +# https://github.com/ansible-collections/community.aws/issues/1796 diff --git a/ansible_collections/community/aws/tests/integration/targets/glue_crawler/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/glue_crawler/tasks/main.yml index b96968195..82ff4addf 100644 --- a/ansible_collections/community/aws/tests/integration/targets/glue_crawler/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/glue_crawler/tasks/main.yml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" block: @@ -29,7 +29,7 @@ seconds: 10 - name: Create Glue crawler (check mode) - aws_glue_crawler: + glue_crawler: name: "{{ glue_crawler_name }}" database_name: my_database description: "{{ glue_crawler_description }}" @@ -56,7 +56,7 @@ - glue_crawler_check.description is not defined - name: Create Glue crawler - aws_glue_crawler: + glue_crawler: name: "{{ glue_crawler_name }}" database_name: my_database description: "{{ glue_crawler_description }}" @@ -102,7 +102,7 @@ - glue_crawler.targets.S3Targets == crawler_info["Crawler"]["Targets"]["S3Targets"] - name: Create Glue crawler (idempotent) (check mode) - aws_glue_crawler: + glue_crawler: name: "{{ glue_crawler_name }}" database_name: my_database description: "{{ glue_crawler_description }}" @@ -149,7 +149,7 @@ - crawler_info["Crawler"]["Targets"]["S3Targets"] == crawler_info_idempotent_check["Crawler"]["Targets"]["S3Targets"] - name: Create Glue crawler (idempotent) - aws_glue_crawler: + glue_crawler: name: "{{ glue_crawler_name }}" database_name: my_database description: "{{ glue_crawler_description }}" @@ -195,7 +195,7 @@ - crawler_info["Crawler"]["Targets"]["S3Targets"] == crawler_info_idempotent["Crawler"]["Targets"]["S3Targets"] - name: Update Glue crawler (check mode) - aws_glue_crawler: + glue_crawler: name: "{{ glue_crawler_name }}" database_name: my_database_2 description: "{{ glue_crawler_description }}" @@ -242,7 +242,7 @@ - glue_crawler_update_check.targets.S3Targets == crawler_info_update_check["Crawler"]["Targets"]["S3Targets"] - name: Update Glue crawler - aws_glue_crawler: + glue_crawler: name: "{{ glue_crawler_name }}" database_name: my_database_2 description: "{{ glue_crawler_description }}" @@ -288,7 +288,7 @@ - glue_crawler_update.targets.S3Targets == crawler_info_update["Crawler"]["Targets"]["S3Targets"] - name: Delete Glue crawler (check mode) - aws_glue_crawler: + glue_crawler: name: "{{ glue_crawler_name }}" state: absent check_mode: true @@ -315,7 +315,7 @@ - crawler_info["Crawler"]["Name"] == crawler_info_delete_check["Crawler"]["Name"] - name: Delete Glue crawler - aws_glue_crawler: + glue_crawler: name: "{{ glue_crawler_name }}" state: absent register: glue_crawler_delete @@ -327,7 +327,7 @@ always: - name: Delete Glue crawler - aws_glue_crawler: + glue_crawler: name: "{{ glue_crawler_name }}" state: absent ignore_errors: true diff --git a/ansible_collections/community/aws/tests/integration/targets/glue_job/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/glue_job/tasks/main.yml index 307a9befb..85080fd02 100644 --- a/ansible_collections/community/aws/tests/integration/targets/glue_job/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/glue_job/tasks/main.yml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" block: # AWS CLI is needed until there's a module to get info about Glue jobs @@ -30,7 +30,7 @@ - "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess" - name: Create Glue job (check mode) - aws_glue_job: + glue_job: name: "{{ glue_job_name }}" command_python_version: 3 command_script_location: "{{ glue_job_command_script_location }}" @@ -53,7 +53,7 @@ - glue_job_check.description is not defined - name: Create Glue job - aws_glue_job: + glue_job: name: "{{ glue_job_name }}" command_python_version: 3 command_script_location: "{{ glue_job_command_script_location }}" @@ -93,7 +93,7 @@ - glue_job.role == job_info["Job"]["Role"] - name: Create Glue job (idempotent) (check mode) - aws_glue_job: + glue_job: name: "{{ glue_job_name }}" command_python_version: 3 command_script_location: "{{ glue_job_command_script_location }}" @@ -135,7 +135,7 @@ - job_info["Job"]["Role"] == job_info_idempotent_check["Job"]["Role"] - name: Create Glue job (idempotent) - aws_glue_job: + glue_job: name: "{{ glue_job_name }}" command_python_version: 3 command_script_location: "{{ glue_job_command_script_location }}" @@ -176,7 +176,7 @@ - job_info["Job"]["Role"] == job_info_idempotent["Job"]["Role"] - name: Update Glue job (check mode) - aws_glue_job: + glue_job: name: "{{ glue_job_name }}" command_python_version: 2 command_script_location: "{{ glue_job_command_script_location }}" @@ -216,7 +216,7 @@ - glue_job_update_check.role == job_info_update_check["Job"]["Role"] - name: Update Glue job - aws_glue_job: + glue_job: name: "{{ glue_job_name }}" command_python_version: 2 command_script_location: "{{ glue_job_command_script_location }}" @@ -255,7 +255,7 @@ - glue_job_update.role == job_info_update["Job"]["Role"] - name: Delete Glue job (check mode) - aws_glue_job: + glue_job: name: "{{ glue_job_name }}" state: absent check_mode: true @@ -281,7 +281,7 @@ - job_info["Job"]["Name"] == job_info_delete_check["Job"]["Name"] - name: Delete Glue job - aws_glue_job: + glue_job: name: "{{ glue_job_name }}" state: absent register: glue_job_delete @@ -293,7 +293,7 @@ always: - name: Delete Glue job - aws_glue_job: + glue_job: name: "{{ glue_job_name }}" state: absent ignore_errors: true diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_access_key/aliases b/ansible_collections/community/aws/tests/integration/targets/iam_access_key/aliases deleted file mode 100644 index ffceccfcc..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_access_key/aliases +++ /dev/null @@ -1,9 +0,0 @@ -# reason: missing-policy -# It should be possible to test iam_user by limiting which policies can be -# attached to the users. -# Careful review is needed prior to adding this to the main CI. -unsupported - -cloud/aws - -iam_access_key_info diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_access_key/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_access_key/defaults/main.yml deleted file mode 100644 index eaaa3523e..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_access_key/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -test_user: '{{ resource_prefix }}' diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_access_key/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_access_key/tasks/main.yml deleted file mode 100644 index a7fcc633c..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_access_key/tasks/main.yml +++ /dev/null @@ -1,808 +0,0 @@ ---- -- name: AWS AuthN details - module_defaults: - group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" - region: "{{ aws_region }}" - collections: - - amazon.aws - - community.aws - block: - # ================================================================================== - # Preparation - # ================================================================================== - # We create an IAM user with no attached permissions. The *only* thing the - # user will be able to do is call sts.get_caller_identity - # https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html - - name: Create test user - iam_user: - name: '{{ test_user }}' - state: present - register: iam_user - - - assert: - that: - - iam_user is successful - - iam_user is changed - - # ================================================================================== - - - name: Fetch IAM key info (no keys) - iam_access_key_info: - user_name: '{{ test_user }}' - register: access_key_info - - - assert: - that: - - access_key_info is successful - - '"access_keys" in access_key_info' - - access_key_info.access_keys | length == 0 - - # ================================================================================== - - - name: Create a key (check_mode) - iam_access_key: - user_name: '{{ test_user }}' - state: present - register: create_key_1 - check_mode: true - - - assert: - that: - - create_key_1 is successful - - create_key_1 is changed - - - name: Create a key - iam_access_key: - user_name: '{{ test_user }}' - state: present - register: create_key_1 - - - assert: - that: - - create_key_1 is successful - - create_key_1 is changed - - '"access_key" in create_key_1' - - '"secret_access_key" in create_key_1' - - '"deleted_access_key_id" not in create_key_1' - - '"access_key_id" in create_key_1.access_key' - - '"create_date" in create_key_1.access_key' - - '"user_name" in create_key_1.access_key' - - '"status" in create_key_1.access_key' - - create_key_1.access_key.user_name == test_user - - create_key_1.access_key.status == 'Active' - - - name: Fetch IAM key info (1 key) - iam_access_key_info: - user_name: '{{ test_user }}' - register: access_key_info - - - assert: - that: - - access_key_info is successful - - '"access_keys" in access_key_info' - - access_key_info.access_keys | length == 1 - - '"access_key_id" in access_key_1' - - '"create_date" in access_key_1' - - '"user_name" in access_key_1' - - '"status" in access_key_1' - - access_key_1.user_name == test_user - - access_key_1.access_key_id == create_key_1.access_key.access_key_id - - access_key_1.create_date == create_key_1.access_key.create_date - - access_key_1.status == 'Active' - vars: - access_key_1: '{{ access_key_info.access_keys[0] }}' - - # ================================================================================== - - - name: Create a second key (check_mode) - iam_access_key: - user_name: '{{ test_user }}' - state: present - register: create_key_2 - check_mode: true - - - assert: - that: - - create_key_2 is successful - - create_key_2 is changed - - - name: Create a second key - iam_access_key: - user_name: '{{ test_user }}' - state: present - register: create_key_2 - - - assert: - that: - - create_key_2 is successful - - create_key_2 is changed - - '"access_key" in create_key_2' - - '"secret_access_key" in create_key_2' - - '"deleted_access_key_id" not in create_key_2' - - '"access_key_id" in create_key_2.access_key' - - '"create_date" in create_key_2.access_key' - - '"user_name" in create_key_2.access_key' - - '"status" in create_key_2.access_key' - - create_key_2.access_key.user_name == test_user - - create_key_2.access_key.status == 'Active' - - - name: Fetch IAM key info (2 keys) - iam_access_key_info: - user_name: '{{ test_user }}' - register: access_key_info - - - assert: - that: - - access_key_info is successful - - '"access_keys" in access_key_info' - - access_key_info.access_keys | length == 2 - - '"access_key_id" in access_key_1' - - '"create_date" in access_key_1' - - '"user_name" in access_key_1' - - '"status" in access_key_1' - - access_key_1.user_name == test_user - - access_key_1.access_key_id == create_key_1.access_key.access_key_id - - access_key_1.create_date == create_key_1.access_key.create_date - - access_key_1.status == 'Active' - - '"access_key_id" in access_key_2' - - '"create_date" in access_key_2' - - '"user_name" in access_key_2' - - '"status" in access_key_2' - - access_key_2.user_name == test_user - - access_key_2.access_key_id == create_key_2.access_key.access_key_id - - access_key_2.create_date == create_key_2.access_key.create_date - - access_key_2.status == 'Active' - vars: - access_key_1: '{{ access_key_info.access_keys[0] }}' - access_key_2: '{{ access_key_info.access_keys[1] }}' - - # ================================================================================== - - # We don't block the attempt to create a third access key - should AWS change - # the limits this will "JustWork". - - # - name: Create a third key (check_mode) - # iam_access_key: - # user_name: '{{ test_user }}' - # state: present - # register: create_key_3 - # ignore_errors: True - # check_mode: true - - # - assert: - # that: - # - create_key_3 is successful - # - create_key_3 is changed - - - name: Create a third key without rotation - iam_access_key: - user_name: '{{ test_user }}' - state: present - register: create_key_3 - ignore_errors: True - - - assert: - that: - # If Amazon update the limits we may need to change the expectation here. - - create_key_3 is failed - - - name: Fetch IAM key info (2 keys - not changed) - iam_access_key_info: - user_name: '{{ test_user }}' - register: access_key_info - - - assert: - that: - - access_key_info is successful - - '"access_keys" in access_key_info' - - access_key_info.access_keys | length == 2 - - '"access_key_id" in access_key_1' - - '"create_date" in access_key_1' - - '"user_name" in access_key_1' - - '"status" in access_key_1' - - access_key_1.user_name == test_user - - access_key_1.access_key_id == create_key_1.access_key.access_key_id - - access_key_1.create_date == create_key_1.access_key.create_date - - access_key_1.status == 'Active' - - '"access_key_id" in access_key_2' - - '"create_date" in access_key_2' - - '"user_name" in access_key_2' - - '"status" in access_key_2' - - access_key_2.user_name == test_user - - access_key_2.access_key_id == create_key_2.access_key.access_key_id - - access_key_2.create_date == create_key_2.access_key.create_date - - access_key_2.status == 'Active' - vars: - access_key_1: '{{ access_key_info.access_keys[0] }}' - access_key_2: '{{ access_key_info.access_keys[1] }}' - - # ================================================================================== - - - name: Create a third key - rotation enabled (check_mode) - iam_access_key: - user_name: '{{ test_user }}' - state: present - rotate_keys: true - register: create_key_3 - check_mode: true - - - assert: - that: - - create_key_3 is successful - - create_key_3 is changed - - '"deleted_access_key_id" in create_key_3' - - create_key_3.deleted_access_key_id == create_key_1.access_key.access_key_id - - - name: Create a second key - iam_access_key: - user_name: '{{ test_user }}' - state: present - rotate_keys: true - register: create_key_3 - - - assert: - that: - - create_key_3 is successful - - create_key_3 is changed - - '"access_key" in create_key_3' - - '"secret_access_key" in create_key_3' - - '"deleted_access_key_id" in create_key_3' - - create_key_3.deleted_access_key_id == create_key_1.access_key.access_key_id - - '"access_key_id" in create_key_3.access_key' - - '"create_date" in create_key_3.access_key' - - '"user_name" in create_key_3.access_key' - - '"status" in create_key_3.access_key' - - create_key_3.access_key.user_name == test_user - - create_key_3.access_key.status == 'Active' - - - name: Fetch IAM key info (2 keys - oldest rotated) - iam_access_key_info: - user_name: '{{ test_user }}' - register: access_key_info - - - assert: - that: - - access_key_info is successful - - '"access_keys" in access_key_info' - - access_key_info.access_keys | length == 2 - - '"access_key_id" in access_key_1' - - '"create_date" in access_key_1' - - '"user_name" in access_key_1' - - '"status" in access_key_1' - - access_key_1.user_name == test_user - - access_key_1.access_key_id == create_key_2.access_key.access_key_id - - access_key_1.create_date == create_key_2.access_key.create_date - - access_key_1.status == 'Active' - - '"access_key_id" in access_key_2' - - '"create_date" in access_key_2' - - '"user_name" in access_key_2' - - '"status" in access_key_2' - - access_key_2.user_name == test_user - - access_key_2.access_key_id == create_key_3.access_key.access_key_id - - access_key_2.create_date == create_key_3.access_key.create_date - - access_key_2.status == 'Active' - vars: - access_key_1: '{{ access_key_info.access_keys[0] }}' - access_key_2: '{{ access_key_info.access_keys[1] }}' - - # ================================================================================== - - - name: Disable third key (check_mode) - iam_access_key: - user_name: '{{ test_user }}' - id: '{{ create_key_3.access_key.access_key_id }}' - enabled: False - register: disable_key - check_mode: true - - - assert: - that: - - disable_key is successful - - disable_key is changed - - - name: Disable third key - iam_access_key: - user_name: '{{ test_user }}' - id: '{{ create_key_3.access_key.access_key_id }}' - enabled: False - register: disable_key - - - assert: - that: - - disable_key is successful - - disable_key is changed - - '"access_key" in disable_key' - - '"secret_access_key" not in disable_key' - - '"deleted_access_key_id" not in disable_key' - - '"access_key_id" in disable_key.access_key' - - '"create_date" in disable_key.access_key' - - '"user_name" in disable_key.access_key' - - '"status" in disable_key.access_key' - - disable_key.access_key.user_name == test_user - - disable_key.access_key.status == 'Inactive' - - - name: Disable third key - idempotency (check_mode) - iam_access_key: - user_name: '{{ test_user }}' - id: '{{ create_key_3.access_key.access_key_id }}' - enabled: False - register: disable_key - check_mode: true - - - assert: - that: - - disable_key is successful - - disable_key is not changed - - - name: Disable third key - idempotency - iam_access_key: - user_name: '{{ test_user }}' - id: '{{ create_key_3.access_key.access_key_id }}' - enabled: False - register: disable_key - - - assert: - that: - - disable_key is successful - - disable_key is not changed - - '"access_key" in disable_key' - - '"secret_access_key" not in disable_key' - - '"deleted_access_key_id" not in disable_key' - - '"access_key_id" in disable_key.access_key' - - '"create_date" in disable_key.access_key' - - '"user_name" in disable_key.access_key' - - '"status" in disable_key.access_key' - - disable_key.access_key.user_name == test_user - - disable_key.access_key.status == 'Inactive' - - - name: Fetch IAM key info (2 keys - 1 disabled) - iam_access_key_info: - user_name: '{{ test_user }}' - register: access_key_info - - - assert: - that: - - access_key_info is successful - - '"access_keys" in access_key_info' - - access_key_info.access_keys | length == 2 - - '"access_key_id" in access_key_1' - - '"create_date" in access_key_1' - - '"user_name" in access_key_1' - - '"status" in access_key_1' - - access_key_1.user_name == test_user - - access_key_1.access_key_id == create_key_2.access_key.access_key_id - - access_key_1.create_date == create_key_2.access_key.create_date - - access_key_1.status == 'Active' - - '"access_key_id" in access_key_2' - - '"create_date" in access_key_2' - - '"user_name" in access_key_2' - - '"status" in access_key_2' - - access_key_2.user_name == test_user - - access_key_2.access_key_id == create_key_3.access_key.access_key_id - - access_key_2.create_date == create_key_3.access_key.create_date - - access_key_2.status == 'Inactive' - vars: - access_key_1: '{{ access_key_info.access_keys[0] }}' - access_key_2: '{{ access_key_info.access_keys[1] }}' - - # ================================================================================== - - - name: Touch third key - no change (check_mode) - iam_access_key: - user_name: '{{ test_user }}' - id: '{{ create_key_3.access_key.access_key_id }}' - register: touch_key - check_mode: true - - - assert: - that: - - touch_key is successful - - touch_key is not changed - - - name: Touch third key - no change - iam_access_key: - user_name: '{{ test_user }}' - id: '{{ create_key_3.access_key.access_key_id }}' - register: touch_key - - - assert: - that: - - touch_key is successful - - touch_key is not changed - - '"access_key" in touch_key' - - '"secret_access_key" not in touch_key' - - '"deleted_access_key_id" not in touch_key' - - '"access_key_id" in touch_key.access_key' - - '"create_date" in touch_key.access_key' - - '"user_name" in touch_key.access_key' - - '"status" in touch_key.access_key' - - touch_key.access_key.user_name == test_user - - touch_key.access_key.status == 'Inactive' - - # ================================================================================== - - - name: Enable third key (check_mode) - iam_access_key: - user_name: '{{ test_user }}' - id: '{{ create_key_3.access_key.access_key_id }}' - enabled: True - register: enable_key - check_mode: true - - - assert: - that: - - enable_key is successful - - enable_key is changed - - - name: Enable third key - iam_access_key: - user_name: '{{ test_user }}' - id: '{{ create_key_3.access_key.access_key_id }}' - enabled: True - register: enable_key - - - assert: - that: - - enable_key is successful - - enable_key is changed - - '"access_key" in enable_key' - - '"secret_access_key" not in enable_key' - - '"deleted_access_key_id" not in enable_key' - - '"access_key_id" in enable_key.access_key' - - '"create_date" in enable_key.access_key' - - '"user_name" in enable_key.access_key' - - '"status" in enable_key.access_key' - - enable_key.access_key.user_name == test_user - - enable_key.access_key.status == 'Active' - - - name: Enable third key - idempotency (check_mode) - iam_access_key: - user_name: '{{ test_user }}' - id: '{{ create_key_3.access_key.access_key_id }}' - enabled: True - register: enable_key - check_mode: true - - - assert: - that: - - enable_key is successful - - enable_key is not changed - - - name: Enable third key - idempotency - iam_access_key: - user_name: '{{ test_user }}' - id: '{{ create_key_3.access_key.access_key_id }}' - enabled: True - register: enable_key - - - assert: - that: - - enable_key is successful - - enable_key is not changed - - '"access_key" in enable_key' - - '"secret_access_key" not in enable_key' - - '"deleted_access_key_id" not in enable_key' - - '"access_key_id" in enable_key.access_key' - - '"create_date" in enable_key.access_key' - - '"user_name" in enable_key.access_key' - - '"status" in enable_key.access_key' - - enable_key.access_key.user_name == test_user - - enable_key.access_key.status == 'Active' - - # ================================================================================== - - - name: Touch third key again - no change (check_mode) - iam_access_key: - user_name: '{{ test_user }}' - id: '{{ create_key_3.access_key.access_key_id }}' - register: touch_key - check_mode: true - - - assert: - that: - - touch_key is successful - - touch_key is not changed - - - name: Touch third key again - no change - iam_access_key: - user_name: '{{ test_user }}' - id: '{{ create_key_3.access_key.access_key_id }}' - register: touch_key - - - assert: - that: - - touch_key is successful - - touch_key is not changed - - '"access_key" in touch_key' - - '"secret_access_key" not in touch_key' - - '"deleted_access_key_id" not in touch_key' - - '"access_key_id" in touch_key.access_key' - - '"create_date" in touch_key.access_key' - - '"user_name" in touch_key.access_key' - - '"status" in touch_key.access_key' - - touch_key.access_key.user_name == test_user - - touch_key.access_key.status == 'Active' - - # ================================================================================== - - - name: Re-Disable third key - iam_access_key: - user_name: '{{ test_user }}' - id: '{{ create_key_3.access_key.access_key_id }}' - enabled: False - register: redisable_key - - - assert: - that: - - redisable_key is successful - - redisable_key is changed - - redisable_key.access_key.status == 'Inactive' - - - pause: - seconds: 10 - - # ================================================================================== - - - name: Test GetCallerIdentity - Key 2 - aws_caller_info: - aws_access_key: "{{ create_key_2.access_key.access_key_id }}" - aws_secret_key: "{{ create_key_2.secret_access_key }}" - security_token: "{{ omit }}" - register: caller_identity_2 - - - assert: - that: - - caller_identity_2 is successful - - caller_identity_2.arn == iam_user.iam_user.user.arn - - - name: Test GetCallerIdentity - Key 1 (gone) - aws_caller_info: - aws_access_key: "{{ create_key_1.access_key.access_key_id }}" - aws_secret_key: "{{ create_key_1.secret_access_key }}" - security_token: "{{ omit }}" - register: caller_identity_1 - ignore_errors: true - - - assert: - that: - - caller_identity_1 is failed - - caller_identity_1.error.code == 'InvalidClientTokenId' - - - name: Test GetCallerIdentity - Key 3 (disabled) - aws_caller_info: - aws_access_key: "{{ create_key_3.access_key.access_key_id }}" - aws_secret_key: "{{ create_key_3.secret_access_key }}" - security_token: "{{ omit }}" - register: caller_identity_3 - ignore_errors: true - - - assert: - that: - - caller_identity_3 is failed - - caller_identity_3.error.code == 'InvalidClientTokenId' - - # ================================================================================== - - - name: Delete active key (check_mode) - iam_access_key: - user_name: '{{ test_user }}' - id: '{{ create_key_2.access_key.access_key_id }}' - state: absent - register: delete_active_key - check_mode: true - - - assert: - that: - - delete_active_key is successful - - delete_active_key is changed - - - name: Delete active key - iam_access_key: - user_name: '{{ test_user }}' - id: '{{ create_key_2.access_key.access_key_id }}' - state: absent - register: delete_active_key - - - assert: - that: - - delete_active_key is successful - - delete_active_key is changed - - - name: Delete active key - idempotency (check_mode) - iam_access_key: - user_name: '{{ test_user }}' - id: '{{ create_key_2.access_key.access_key_id }}' - state: absent - register: delete_active_key - check_mode: true - - - assert: - that: - - delete_active_key is successful - - delete_active_key is not changed - - - name: Delete active key - idempotency - iam_access_key: - user_name: '{{ test_user }}' - id: '{{ create_key_2.access_key.access_key_id }}' - state: absent - register: delete_active_key - - - assert: - that: - - delete_active_key is successful - - delete_active_key is not changed - - # ================================================================================== - - - name: Delete inactive key (check_mode) - iam_access_key: - user_name: '{{ test_user }}' - id: '{{ create_key_3.access_key.access_key_id }}' - state: absent - register: delete_inactive_key - check_mode: true - - - assert: - that: - - delete_inactive_key is successful - - delete_inactive_key is changed - - - name: Delete inactive key - iam_access_key: - user_name: '{{ test_user }}' - id: '{{ create_key_3.access_key.access_key_id }}' - state: absent - register: delete_inactive_key - - - assert: - that: - - delete_inactive_key is successful - - delete_inactive_key is changed - - - name: Delete inactive key - idempotency (check_mode) - iam_access_key: - user_name: '{{ test_user }}' - id: '{{ create_key_3.access_key.access_key_id }}' - state: absent - register: delete_inactive_key - check_mode: true - - - assert: - that: - - delete_inactive_key is successful - - delete_inactive_key is not changed - - - name: Delete inactive key - idempotency - iam_access_key: - user_name: '{{ test_user }}' - id: '{{ create_key_3.access_key.access_key_id }}' - state: absent - register: delete_inactive_key - - - assert: - that: - - delete_inactive_key is successful - - delete_inactive_key is not changed - - # ================================================================================== - - - name: Fetch IAM key info (no keys) - iam_access_key_info: - user_name: '{{ test_user }}' - register: access_key_info - - - assert: - that: - - access_key_info is successful - - '"access_keys" in access_key_info' - - access_key_info.access_keys | length == 0 - - # ================================================================================== - - - name: Create an inactive key (check_mode) - iam_access_key: - user_name: '{{ test_user }}' - state: present - enabled: false - register: create_key_4 - check_mode: true - - - assert: - that: - - create_key_4 is successful - - create_key_4 is changed - - - name: Create a key - iam_access_key: - user_name: '{{ test_user }}' - state: present - enabled: false - register: create_key_4 - - - assert: - that: - - create_key_4 is successful - - create_key_4 is changed - - '"access_key" in create_key_4' - - '"secret_access_key" in create_key_4' - - '"deleted_access_key_id" not in create_key_4' - - '"access_key_id" in create_key_4.access_key' - - '"create_date" in create_key_4.access_key' - - '"user_name" in create_key_4.access_key' - - '"status" in create_key_4.access_key' - - create_key_4.access_key.user_name == test_user - - create_key_4.access_key.status == 'Inactive' - - - name: Fetch IAM key info (1 inactive key) - iam_access_key_info: - user_name: '{{ test_user }}' - register: access_key_info - - - assert: - that: - - access_key_info is successful - - '"access_keys" in access_key_info' - - access_key_info.access_keys | length == 1 - - '"access_key_id" in access_key_1' - - '"create_date" in access_key_1' - - '"user_name" in access_key_1' - - '"status" in access_key_1' - - access_key_1.user_name == test_user - - access_key_1.access_key_id == create_key_4.access_key.access_key_id - - access_key_1.create_date == create_key_4.access_key.create_date - - access_key_1.status == 'Inactive' - vars: - access_key_1: '{{ access_key_info.access_keys[0] }}' - - # We already tested the idempotency of disabling keys, use this to verify that - # the key is disabled - - name: Disable new key - iam_access_key: - user_name: '{{ test_user }}' - id: '{{ create_key_4.access_key.access_key_id }}' - enabled: False - register: disable_new_key - - - assert: - that: - - disable_new_key is successful - - disable_new_key is not changed - - '"access_key" in disable_new_key' - - # ================================================================================== - # Cleanup - - - name: Delete new key - iam_access_key: - user_name: '{{ test_user }}' - id: '{{ create_key_4.access_key.access_key_id }}' - state: absent - register: delete_new_key - - - assert: - that: - - delete_new_key is successful - - delete_new_key is changed - - - name: Remove test user - iam_user: - name: '{{ test_user }}' - state: absent - register: delete_user - - - assert: - that: - - delete_user is successful - - delete_user is changed - - always: - - - name: Remove test user - iam_user: - name: '{{ test_user }}' - state: absent - ignore_errors: yes diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_group/aliases b/ansible_collections/community/aws/tests/integration/targets/iam_group/aliases deleted file mode 100644 index 2da398045..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_group/aliases +++ /dev/null @@ -1,7 +0,0 @@ -# reason: missing-policy -# It should be possible to test iam_groups by limiting which policies can be -# attached to the groups as well as which users can be added to the groups. -# Careful review is needed prior to adding this to the main CI. -unsupported - -cloud/aws diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_group/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_group/defaults/main.yml deleted file mode 100644 index f5112b1a4..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_group/defaults/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -test_user: '{{ resource_prefix }}-user' -test_group: '{{ resource_prefix }}-group' diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_group/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_group/tasks/main.yml deleted file mode 100644 index 65b441827..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_group/tasks/main.yml +++ /dev/null @@ -1,127 +0,0 @@ ---- -- name: set up aws connection info - module_defaults: - group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" - region: "{{ aws_region }}" - collections: - - amazon.aws - block: - - name: ensure ansible user exists - iam_user: - name: '{{ test_user }}' - state: present - - - name: ensure group exists - iam_group: - name: '{{ test_group }}' - users: - - '{{ test_user }}' - state: present - register: iam_group - - - assert: - that: - - iam_group.iam_group.users - - iam_group is changed - - - name: add non existent user to group - iam_group: - name: '{{ test_group }}' - users: - - '{{ test_user }}' - - NonExistentUser - state: present - ignore_errors: yes - register: iam_group - - - name: assert that adding non existent user to group fails with helpful message - assert: - that: - - iam_group is failed - - iam_group.msg.startswith("Couldn't add user NonExistentUser to group {{ test_group }}") - - - name: remove a user - iam_group: - name: '{{ test_group }}' - purge_users: True - users: [] - state: present - register: iam_group - - - assert: - that: - - iam_group is changed - - not iam_group.iam_group.users - - - name: re-remove a user (no change) - iam_group: - name: '{{ test_group }}' - purge_users: True - users: [] - state: present - register: iam_group - - - assert: - that: - - iam_group is not changed - - not iam_group.iam_group.users - - - name: Add the user again - iam_group: - name: '{{ test_group }}' - users: - - '{{ test_user }}' - state: present - register: iam_group - - - assert: - that: - - iam_group is changed - - iam_group.iam_group.users - - - name: Re-add the user - iam_group: - name: '{{ test_group }}' - users: - - '{{ test_user }}' - state: present - register: iam_group - - - assert: - that: - - iam_group is not changed - - iam_group.iam_group.users - - - name: remove group - iam_group: - name: '{{ test_group }}' - state: absent - register: iam_group - - - assert: - that: - - iam_group is changed - - - name: re-remove group - iam_group: - name: '{{ test_group }}' - state: absent - register: iam_group - - - assert: - that: - - iam_group is not changed - - always: - - name: remove group - iam_group: - name: '{{ test_group }}' - state: absent - - - name: remove ansible user - iam_user: - name: '{{ test_user }}' - state: absent diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/aliases b/ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/aliases deleted file mode 100644 index 839bd014b..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/aliases +++ /dev/null @@ -1,6 +0,0 @@ -# reason: missing-policy -# It's not possible to control what permissions are granted to a policy. -# This makes securely testing iam_policy very difficult -unsupported - -cloud/aws diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/defaults/main.yml deleted file mode 100644 index a6edcacef..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -policy_name: "{{ resource_prefix }}-policy" diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/tasks/main.yml deleted file mode 100644 index f17b7cad0..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/tasks/main.yml +++ /dev/null @@ -1,160 +0,0 @@ ---- -- name: "Run integration tests for IAM managed policy" - module_defaults: - group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" - region: "{{ aws_region }}" - collections: - - amazon.aws - block: - ## Test policy creation - - name: Create IAM managed policy - check mode - iam_managed_policy: - policy_name: "{{ policy_name }}" - policy: - Version: "2012-10-17" - Statement: - - Effect: "Deny" - Action: "logs:CreateLogGroup" - Resource: "*" - state: present - register: result - check_mode: yes - - - name: Create IAM managed policy - check mode - assert: - that: - - result.changed - - - name: Create IAM managed policy - iam_managed_policy: - policy_name: "{{ policy_name }}" - policy: - Version: "2012-10-17" - Statement: - - Effect: "Deny" - Action: "logs:CreateLogGroup" - Resource: "*" - state: present - register: result - - - name: Create IAM managed policy - assert: - that: - - result.changed - - result.policy.policy_name == policy_name - - - name: Create IAM managed policy - idempotency check - iam_managed_policy: - policy_name: "{{ policy_name }}" - policy: - Version: "2012-10-17" - Statement: - - Effect: "Deny" - Action: "logs:CreateLogGroup" - Resource: "*" - state: present - register: result - - - name: Create IAM managed policy - idempotency check - assert: - that: - - not result.changed - - ## Test policy update - - name: Update IAM managed policy - check mode - iam_managed_policy: - policy_name: "{{ policy_name }}" - policy: - Version: "2012-10-17" - Statement: - - Effect: "Deny" - Action: "logs:Describe*" - Resource: "*" - state: present - register: result - check_mode: yes - - - name: Update IAM managed policy - check mode - assert: - that: - - result.changed - - - name: Update IAM managed policy - iam_managed_policy: - policy_name: "{{ policy_name }}" - policy: - Version: "2012-10-17" - Statement: - - Effect: "Deny" - Action: "logs:Describe*" - Resource: "*" - state: present - register: result - - - name: Update IAM managed policy - assert: - that: - - result.changed - - result.policy.policy_name == policy_name - - - name: Update IAM managed policy - idempotency check - iam_managed_policy: - policy_name: "{{ policy_name }}" - policy: - Version: "2012-10-17" - Statement: - - Effect: "Deny" - Action: "logs:Describe*" - Resource: "*" - state: present - register: result - - - name: Update IAM managed policy - idempotency check - assert: - that: - - not result.changed - - ## Test policy deletion - - name: Delete IAM managed policy - check mode - iam_managed_policy: - policy_name: "{{ policy_name }}" - state: absent - register: result - check_mode: yes - - - name: Delete IAM managed policy - check mode - assert: - that: - - result.changed - - - name: Delete IAM managed policy - iam_managed_policy: - policy_name: "{{ policy_name }}" - state: absent - register: result - - - name: Delete IAM managed policy - assert: - that: - - result.changed - - - name: Delete IAM managed policy - idempotency check - iam_managed_policy: - policy_name: "{{ policy_name }}" - state: absent - register: result - - - name: Delete IAM managed policy - idempotency check - assert: - that: - - not result.changed - - always: - - name: Delete IAM managed policy - iam_managed_policy: - policy_name: "{{ policy_name }}" - state: absent - ignore_errors: yes diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_password_policy/aliases b/ansible_collections/community/aws/tests/integration/targets/iam_password_policy/aliases deleted file mode 100644 index 140a2f2dc..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_password_policy/aliases +++ /dev/null @@ -1,8 +0,0 @@ -# reason: missing-policy -# IAM Password Policies configure account-wide settings, this makes then -# difficult to safely test -# reason: serial -# Only one password policy can be configured per account -unsupported - -cloud/aws diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_password_policy/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_password_policy/meta/main.yml deleted file mode 100644 index 32cf5dda7..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_password_policy/meta/main.yml +++ /dev/null @@ -1 +0,0 @@ -dependencies: [] diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_password_policy/tasks/main.yaml b/ansible_collections/community/aws/tests/integration/targets/iam_password_policy/tasks/main.yaml deleted file mode 100644 index 7b773eac8..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_password_policy/tasks/main.yaml +++ /dev/null @@ -1,107 +0,0 @@ -- module_defaults: - group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" - region: "{{ aws_region }}" - collections: - - amazon.aws - block: - - name: set iam password policy - iam_password_policy: - state: present - min_pw_length: 8 - require_symbols: false - require_numbers: true - require_uppercase: true - require_lowercase: true - allow_pw_change: true - pw_max_age: 60 - pw_reuse_prevent: 5 - pw_expire: false - register: result - - - name: assert that changes were made - assert: - that: - - result.changed - - - name: verify iam password policy has been created - iam_password_policy: - state: present - min_pw_length: 8 - require_symbols: false - require_numbers: true - require_uppercase: true - require_lowercase: true - allow_pw_change: true - pw_max_age: 60 - pw_reuse_prevent: 5 - pw_expire: false - register: result - - - name: assert that no changes were made - assert: - that: - - not result.changed - - - name: update iam password policy with different settings - iam_password_policy: - state: present - min_pw_length: 15 - require_symbols: true - require_numbers: true - require_uppercase: true - require_lowercase: true - allow_pw_change: true - pw_max_age: 30 - pw_reuse_prevent: 10 - pw_expire: true - register: result - - - name: assert that updates were made - assert: - that: - - result.changed - - # Test for regression of #59102 - - name: update iam password policy without expiry - iam_password_policy: - state: present - min_pw_length: 15 - require_symbols: true - require_numbers: true - require_uppercase: true - require_lowercase: true - allow_pw_change: true - register: result - - - name: assert that changes were made - assert: - that: - - result.changed - - - name: remove iam password policy - iam_password_policy: - state: absent - register: result - - - name: assert password policy has been removed - assert: - that: - - result.changed - - - name: verify password policy has been removed - iam_password_policy: - state: absent - register: result - - - name: assert no changes were made - assert: - that: - - not result.changed - always: - - name: remove iam password policy - iam_password_policy: - state: absent - register: result diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/aliases b/ansible_collections/community/aws/tests/integration/targets/iam_role/aliases deleted file mode 100644 index 483c86115..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_role/aliases +++ /dev/null @@ -1,9 +0,0 @@ -# reason: missing-policy -# It should be possible to test iam_role by limiting which policies can be -# attached to the roles. -# Careful review is needed prior to adding this to the main CI. -unsupported - -cloud/aws - -iam_role_info diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/defaults/main.yml deleted file mode 100644 index d496c4216..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_role/defaults/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -test_role: '{{ resource_prefix }}-role' -test_path: '/{{ resource_prefix }}/' -safe_managed_policy: 'AWSDenyAll' -custom_policy_name: '{{ resource_prefix }}-denyall' -boundary_policy: 'arn:aws:iam::aws:policy/AWSDenyAll' diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-all-a.json b/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-all-a.json deleted file mode 100644 index ae62fd197..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-all-a.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "*" - ], - "Effect": "Deny", - "Resource": "*", - "Sid": "DenyA" - } - ] -} diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-all-b.json b/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-all-b.json deleted file mode 100644 index 3a4704a46..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-all-b.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "*" - ], - "Effect": "Deny", - "Resource": "*", - "Sid": "DenyB" - } - ] -} diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-all.json b/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-all.json deleted file mode 100644 index 3d324b9b9..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-all.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "*" - ], - "Effect": "Deny", - "Resource": "*" - } - ] -} diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-assume.json b/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-assume.json deleted file mode 100644 index 73e877158..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-assume.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Action": "sts:AssumeRole", - "Principal": { "Service": "ec2.amazonaws.com" }, - "Effect": "Deny" - } - ] -} diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/meta/main.yml deleted file mode 100644 index 32cf5dda7..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_role/meta/main.yml +++ /dev/null @@ -1 +0,0 @@ -dependencies: [] diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/boundary_policy.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/boundary_policy.yml deleted file mode 100644 index 89a983f15..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/boundary_policy.yml +++ /dev/null @@ -1,94 +0,0 @@ ---- -- name: "Create minimal role with no boundary policy" - iam_role: - name: "{{ test_role }}" - create_instance_profile: no - register: iam_role - -- assert: - that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - -- name: "Configure Boundary Policy (CHECK MODE)" - iam_role: - name: "{{ test_role }}" - create_instance_profile: no - boundary: "{{ boundary_policy }}" - check_mode: yes - register: iam_role - -- assert: - that: - - iam_role is changed - -- name: "Configure Boundary Policy" - iam_role: - name: "{{ test_role }}" - create_instance_profile: no - boundary: "{{ boundary_policy }}" - register: iam_role - -- assert: - that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - -- name: "Configure Boundary Policy (no change) - check mode" - iam_role: - name: "{{ test_role }}" - create_instance_profile: no - boundary: "{{ boundary_policy }}" - register: iam_role - check_mode: yes - -- assert: - that: - - iam_role is not changed - -- name: "Configure Boundary Policy (no change)" - iam_role: - name: "{{ test_role }}" - create_instance_profile: no - boundary: "{{ boundary_policy }}" - register: iam_role - -- assert: - that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role - -- name: "iam_role_info after adding boundary policy" - iam_role_info: - name: "{{ test_role }}" - register: role_info - -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - '"description" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 0 - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 3600 - - role_info.iam_roles[0].path == '/' - - role_info.iam_roles[0].permissions_boundary.permissions_boundary_arn == boundary_policy - - role_info.iam_roles[0].permissions_boundary.permissions_boundary_type == 'Policy' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - -- name: "Remove IAM Role" - iam_role: - state: absent - name: "{{ test_role }}" - delete_instance_profile: yes - register: iam_role - -- assert: - that: - - iam_role is changed
\ No newline at end of file diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/complex_role_creation.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/complex_role_creation.yml deleted file mode 100644 index c23234ebf..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/complex_role_creation.yml +++ /dev/null @@ -1,131 +0,0 @@ ---- -- name: "Complex IAM Role (CHECK MODE)" - iam_role: - name: "{{ test_role }}" - assume_role_policy_document: '{{ lookup("file", "deny-assume.json") }}' - boundary: "{{ boundary_policy }}" - create_instance_profile: no - description: "Ansible Test Role {{ resource_prefix }}" - managed_policy: - - "{{ safe_managed_policy }}" - - "{{ custom_policy_name }}" - max_session_duration: 43200 - path: "{{ test_path }}" - tags: - TagA: "ValueA" - check_mode: yes - register: iam_role - -- assert: - that: - - iam_role is changed - -- name: "iam_role_info after Complex Role creation in check_mode" - iam_role_info: - name: "{{ test_role }}" - register: role_info -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 0 - -- name: "Complex IAM Role" - iam_role: - name: "{{ test_role }}" - assume_role_policy_document: '{{ lookup("file", "deny-assume.json") }}' - boundary: "{{ boundary_policy }}" - create_instance_profile: no - description: "Ansible Test Role {{ resource_prefix }}" - managed_policy: - - "{{ safe_managed_policy }}" - - "{{ custom_policy_name }}" - max_session_duration: 43200 - path: "{{ test_path }}" - tags: - TagA: "ValueA" - register: iam_role - -- assert: - that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - - 'iam_role.iam_role.arn.startswith("arn")' - - 'iam_role.iam_role.arn.endswith("role" + test_path + test_role )' - # Would be nice to test the contents... - - '"assume_role_policy_document" in iam_role.iam_role' - - iam_role.iam_role.attached_policies | length == 2 - - iam_role.iam_role.max_session_duration == 43200 - - iam_role.iam_role.path == test_path - - iam_role.iam_role.role_name == test_role - - '"create_date" in iam_role.iam_role' - - '"role_id" in iam_role.iam_role' - -- name: "Complex IAM role (no change) - check mode" - iam_role: - name: "{{ test_role }}" - assume_role_policy_document: '{{ lookup("file", "deny-assume.json") }}' - boundary: "{{ boundary_policy }}" - create_instance_profile: no - description: "Ansible Test Role {{ resource_prefix }}" - managed_policy: - - "{{ safe_managed_policy }}" - - "{{ custom_policy_name }}" - max_session_duration: 43200 - path: "{{ test_path }}" - tags: - TagA: "ValueA" - register: iam_role - check_mode: yes - -- assert: - that: - - iam_role is not changed - -- name: "Complex IAM role (no change)" - iam_role: - name: "{{ test_role }}" - assume_role_policy_document: '{{ lookup("file", "deny-assume.json") }}' - boundary: "{{ boundary_policy }}" - create_instance_profile: no - description: "Ansible Test Role {{ resource_prefix }}" - managed_policy: - - "{{ safe_managed_policy }}" - - "{{ custom_policy_name }}" - max_session_duration: 43200 - path: "{{ test_path }}" - tags: - TagA: "ValueA" - register: iam_role - -- assert: - that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role - -- name: "iam_role_info after Role creation" - iam_role_info: - name: "{{ test_role }}" - register: role_info - -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role" + test_path + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - 'role_info.iam_roles[0].description == "Ansible Test Role {{ resource_prefix }}"' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 0 - - role_info.iam_roles[0].managed_policies | length == 2 - - safe_managed_policy in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten ) - - custom_policy_name in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten ) - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == test_path - - role_info.iam_roles[0].permissions_boundary.permissions_boundary_arn == boundary_policy - - role_info.iam_roles[0].permissions_boundary.permissions_boundary_type == 'Policy' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - '"TagA" in role_info.iam_roles[0].tags' - - role_info.iam_roles[0].tags.TagA == "ValueA" diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/creation_deletion.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/creation_deletion.yml deleted file mode 100644 index 0579a6d34..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/creation_deletion.yml +++ /dev/null @@ -1,404 +0,0 @@ ---- -- name: Try running some rapid fire create/delete tests - block: - - name: "Minimal IAM Role without instance profile (rapid)" - iam_role: - name: "{{ test_role }}" - create_instance_profile: no - register: iam_role - - - name: "Minimal IAM Role without instance profile (rapid)" - iam_role: - name: "{{ test_role }}" - create_instance_profile: no - register: iam_role_again - - - assert: - that: - - iam_role is changed - - iam_role_again is not changed - - - name: "Remove IAM Role (rapid)" - iam_role: - state: absent - name: "{{ test_role }}" - register: iam_role - - - name: "Remove IAM Role (rapid)" - iam_role: - state: absent - name: "{{ test_role }}" - register: iam_role_again - - - assert: - that: - - iam_role is changed - - iam_role_again is not changed - - - name: "Minimal IAM Role without instance profile (rapid)" - iam_role: - name: "{{ test_role }}" - create_instance_profile: no - register: iam_role - - - name: "Remove IAM Role (rapid)" - iam_role: - state: absent - name: "{{ test_role }}" - - register: iam_role_again - - assert: - that: - - iam_role is changed - - iam_role_again is changed - -# =================================================================== -# Role Creation -# (without Instance profile) -- name: "iam_role_info before Role creation (no args)" - iam_role_info: - register: role_info - -- assert: - that: - - role_info is succeeded - -- name: "iam_role_info before Role creation (search for test role)" - iam_role_info: - name: "{{ test_role }}" - register: role_info - -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 0 - -- name: "Minimal IAM Role (CHECK MODE)" - iam_role: - name: "{{ test_role }}" - create_instance_profile: no - register: iam_role - check_mode: yes - -- assert: - that: - - iam_role is changed - -- name: "iam_role_info after Role creation in check_mode" - iam_role_info: - name: "{{ test_role }}" - register: role_info -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 0 - -- name: "Minimal IAM Role without instance profile" - iam_role: - name: "{{ test_role }}" - create_instance_profile: no - register: iam_role - -- assert: - that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - - 'iam_role.iam_role.arn.startswith("arn")' - - 'iam_role.iam_role.arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in iam_role.iam_role' - - '"assume_role_policy_document_raw" in iam_role.iam_role' - - iam_role.iam_role.assume_role_policy_document_raw == assume_deny_policy - - iam_role.iam_role.attached_policies | length == 0 - - iam_role.iam_role.max_session_duration == 3600 - - iam_role.iam_role.path == '/' - - iam_role.iam_role.role_name == test_role - - '"create_date" in iam_role.iam_role' - - '"role_id" in iam_role.iam_role' - -- name: "Minimal IAM Role without instance profile (no change) - check mode" - iam_role: - name: "{{ test_role }}" - create_instance_profile: no - register: iam_role - check_mode: yes - -- assert: - that: - - iam_role is not changed - -- name: "Minimal IAM Role without instance profile (no change)" - iam_role: - name: "{{ test_role }}" - create_instance_profile: no - register: iam_role - -- assert: - that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role - -- name: "iam_role_info after Role creation" - iam_role_info: - name: "{{ test_role }}" - register: role_info - -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"assume_role_policy_document_raw" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - '"description" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].assume_role_policy_document_raw == assume_deny_policy - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 0 - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 3600 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 0 - -- name: "Remove IAM Role" - iam_role: - state: absent - name: "{{ test_role }}" - delete_instance_profile: yes - register: iam_role - -- assert: - that: - - iam_role is changed - -- name: "iam_role_info after Role deletion" - iam_role_info: - name: "{{ test_role }}" - register: role_info - -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 0 - -# ------------------------------------------------------------------------------------------ - -# (with path) -- name: "Minimal IAM Role with path (CHECK MODE)" - iam_role: - name: "{{ test_role }}" - path: "{{ test_path }}" - register: iam_role - check_mode: yes - -- assert: - that: - - iam_role is changed - -- name: "Minimal IAM Role with path" - iam_role: - name: "{{ test_role }}" - path: "{{ test_path }}" - register: iam_role - -- assert: - that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - - 'iam_role.iam_role.arn.startswith("arn")' - - 'iam_role.iam_role.arn.endswith("role" + test_path + test_role )' - # Would be nice to test the contents... - - '"assume_role_policy_document" in iam_role.iam_role' - - iam_role.iam_role.attached_policies | length == 0 - - iam_role.iam_role.max_session_duration == 3600 - - iam_role.iam_role.path == '{{ test_path }}' - - iam_role.iam_role.role_name == test_role - - '"create_date" in iam_role.iam_role' - - '"role_id" in iam_role.iam_role' - -- name: "Minimal IAM Role with path (no change) - check mode" - iam_role: - name: "{{ test_role }}" - path: "{{ test_path }}" - register: iam_role - check_mode: yes - -- assert: - that: - - iam_role is not changed - -- name: "Minimal IAM Role with path (no change)" - iam_role: - name: "{{ test_role }}" - path: "{{ test_path }}" - register: iam_role - -- assert: - that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role - -- name: "iam_role_info after Role creation" - iam_role_info: - name: "{{ test_role }}" - register: role_info - -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role" + test_path + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - '"description" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile" + test_path + test_role)' - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 3600 - - role_info.iam_roles[0].path == '{{ test_path }}' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 0 - -- name: "iam_role_info after Role creation (searching a path)" - iam_role_info: - path_prefix: "{{ test_path }}" - register: role_info - -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role" + test_path + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - '"description" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile" + test_path + test_role)' - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 3600 - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].path == '{{ test_path }}' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 0 - -- name: "Remove IAM Role" - iam_role: - state: absent - name: "{{ test_role }}" - path: "{{ test_path }}" - # If we don't delete the existing profile it'll be reused (with the path) - # by the test below. - delete_instance_profile: yes - register: iam_role - -- assert: - that: - - iam_role is changed - -- name: "iam_role_info after Role deletion" - iam_role_info: - name: "{{ test_role }}" - register: role_info - -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 0 - -# ------------------------------------------------------------------------------------------ - -# (with Instance profile) -- name: "Minimal IAM Role with instance profile - check mode" - iam_role: - name: "{{ test_role }}" - create_instance_profile: yes - register: iam_role - check_mode: yes - -- assert: - that: - - iam_role is changed - -- name: "Minimal IAM Role with instance profile" - iam_role: - name: "{{ test_role }}" - create_instance_profile: yes - register: iam_role - -- assert: - that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - - 'iam_role.iam_role.arn.startswith("arn")' - - 'iam_role.iam_role.arn.endswith("role/" + test_role )' - # Would be nice to test the contents... - - '"assume_role_policy_document" in iam_role.iam_role' - - iam_role.iam_role.attached_policies | length == 0 - - iam_role.iam_role.max_session_duration == 3600 - - iam_role.iam_role.path == '/' - - iam_role.iam_role.role_name == test_role - - '"create_date" in iam_role.iam_role' - - '"role_id" in iam_role.iam_role' - -- name: "Minimal IAM Role wth instance profile (no change) - check mode" - iam_role: - name: "{{ test_role }}" - create_instance_profile: yes - register: iam_role - check_mode: yes - -- assert: - that: - - iam_role is not changed - -- name: "Minimal IAM Role wth instance profile (no change)" - iam_role: - name: "{{ test_role }}" - create_instance_profile: yes - register: iam_role - -- assert: - that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role - -- name: "iam_role_info after Role creation" - iam_role_info: - name: "{{ test_role }}" - register: role_info - -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - '"description" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 3600 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 0 diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/description_update.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/description_update.yml deleted file mode 100644 index 85f5e1f56..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/description_update.yml +++ /dev/null @@ -1,148 +0,0 @@ ---- -- name: "Add Description (CHECK MODE)" - iam_role: - name: "{{ test_role }}" - description: "Ansible Test Role {{ resource_prefix }}" - check_mode: yes - register: iam_role - -- assert: - that: - - iam_role is changed - -- name: "Add Description" - iam_role: - name: "{{ test_role }}" - description: "Ansible Test Role {{ resource_prefix }}" - register: iam_role - -- assert: - that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - - iam_role.iam_role.description == 'Ansible Test Role {{ resource_prefix }}' - -- name: "Add Description (no change) - check mode" - iam_role: - name: "{{ test_role }}" - description: "Ansible Test Role {{ resource_prefix }}" - register: iam_role - check_mode: yes - -- assert: - that: - - iam_role is not changed - -- name: "Add Description (no change)" - iam_role: - name: "{{ test_role }}" - description: "Ansible Test Role {{ resource_prefix }}" - register: iam_role - -- assert: - that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role - - iam_role.iam_role.description == 'Ansible Test Role {{ resource_prefix }}' - -- name: "iam_role_info after adding Description" - iam_role_info: - name: "{{ test_role }}" - register: role_info - -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - 'role_info.iam_roles[0].description == "Ansible Test Role {{ resource_prefix }}"' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 0 - -# ------------------------------------------------------------------------------------------ - -- name: "Update Description (CHECK MODE)" - iam_role: - name: "{{ test_role }}" - description: "Ansible Test Role (updated) {{ resource_prefix }}" - check_mode: yes - register: iam_role - -- assert: - that: - - iam_role is changed - -- name: "Update Description" - iam_role: - name: "{{ test_role }}" - description: "Ansible Test Role (updated) {{ resource_prefix }}" - register: iam_role - -- assert: - that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - - iam_role.iam_role.description == 'Ansible Test Role (updated) {{ resource_prefix }}' - -- name: "Update Description (no change) - check mode" - iam_role: - name: "{{ test_role }}" - description: "Ansible Test Role (updated) {{ resource_prefix }}" - register: iam_role - check_mode: yes - -- assert: - that: - - iam_role is not changed - -- name: "Update Description (no change)" - iam_role: - name: "{{ test_role }}" - description: "Ansible Test Role (updated) {{ resource_prefix }}" - register: iam_role - -- assert: - that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role - - iam_role.iam_role.description == 'Ansible Test Role (updated) {{ resource_prefix }}' - -- name: "iam_role_info after updating Description" - iam_role_info: - name: "{{ test_role }}" - register: role_info - -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 0 diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/inline_policy_update.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/inline_policy_update.yml deleted file mode 100644 index d364d87d7..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/inline_policy_update.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -- name: "Attach inline policy a" - iam_policy: - state: present - iam_type: "role" - iam_name: "{{ test_role }}" - policy_name: "inline-policy-a" - policy_json: '{{ lookup("file", "deny-all-a.json") }}' - -- name: "Attach inline policy b" - iam_policy: - state: present - iam_type: "role" - iam_name: "{{ test_role }}" - policy_name: "inline-policy-b" - policy_json: '{{ lookup("file", "deny-all-b.json") }}' - -- name: "iam_role_info after attaching inline policies (using iam_policy)" - iam_role_info: - name: "{{ test_role }}" - register: role_info -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"' - - role_info.iam_roles[0].inline_policies | length == 2 - - '"inline-policy-a" in role_info.iam_roles[0].inline_policies' - - '"inline-policy-b" in role_info.iam_roles[0].inline_policies' - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 1 - - safe_managed_policy not in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten ) - - custom_policy_name in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten ) - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 1 - - '"TagB" in role_info.iam_roles[0].tags' - - role_info.iam_roles[0].tags.TagB == "ValueB" diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/main.yml deleted file mode 100644 index ae47ada1a..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/main.yml +++ /dev/null @@ -1,119 +0,0 @@ ---- -# Tests for iam_role and iam_role_info -# -# Tests: -# - Minimal Role creation -# - Role deletion -# - Fetching a specific role -# - Creating roles w/ and w/o instance profiles -# - Creating roles w/ a path -# - Updating Max Session Duration -# - Updating Description -# - Managing list of managed policies -# - Managing list of inline policies (for testing _info) -# - Managing boundary policy -# -# Notes: -# - Only tests *documented* return values ( RESULT.iam_role ) -# - There are some known timing issues with boto3 returning before actions -# complete in the case of problems with "changed" status it's worth enabling -# the standard_pauses and paranoid_pauses options as a first step in debugging - - -- name: "Setup AWS connection info" - module_defaults: - group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" - region: "{{ aws_region }}" - iam_role: - assume_role_policy_document: '{{ lookup("file", "deny-assume.json") }}' - collections: - - amazon.aws - - community.general - block: - - set_fact: - assume_deny_policy: '{{ lookup("file", "deny-assume.json") | from_json }}' - # =================================================================== - # Parameter Checks - - include_tasks: parameter_checks.yml - - # =================================================================== - # Supplemental resource pre-creation - - name: "Create Safe IAM Managed Policy" - iam_managed_policy: - state: present - policy_name: "{{ custom_policy_name }}" - policy_description: "A safe (deny-all) managed policy" - policy: "{{ lookup('file', 'deny-all.json') }}" - register: create_managed_policy - - - assert: - that: - - create_managed_policy is succeeded - - # =================================================================== - # Rapid Role Creation and deletion - - include_tasks: creation_deletion.yml - - # =================================================================== - # Max Session Duration Manipulation - - include_tasks: max_session_update.yml - - # =================================================================== - # Description Manipulation - - include_tasks: description_update.yml - - # =================================================================== - # Tag Manipulation - - include_tasks: tags_update.yml - - # =================================================================== - # Policy Manipulation - - include_tasks: policy_update.yml - - # =================================================================== - # Inline Policy (test _info behavior) - - include_tasks: inline_policy_update.yml - - # =================================================================== - # Role Removal - - include_tasks: role_removal.yml - - # =================================================================== - # Boundary Policy (requires create_instance_profile: no) - - include_tasks: boundary_policy.yml - - # =================================================================== - # Complex role Creation - - include_tasks: complex_role_creation.yml - - always: - # =================================================================== - # Cleanup - - - name: "Remove IAM Role" - iam_role: - state: absent - name: "{{ test_role }}" - delete_instance_profile: yes - ignore_errors: true - - - name: "Remove IAM Role (with path)" - iam_role: - state: absent - name: "{{ test_role }}" - path: "{{ test_path }}" - delete_instance_profile: yes - ignore_errors: true - - - name: "iam_role_info after Role deletion" - iam_role_info: - name: "{{ test_role }}" - ignore_errors: true - - - name: "Remove test managed policy" - iam_managed_policy: - state: absent - policy_name: "{{ custom_policy_name }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/max_session_update.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/max_session_update.yml deleted file mode 100644 index 8ad3641be..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/max_session_update.yml +++ /dev/null @@ -1,71 +0,0 @@ ---- -- name: "Update Max Session Duration (CHECK MODE)" - iam_role: - name: "{{ test_role }}" - max_session_duration: 43200 - check_mode: yes - register: iam_role - -- assert: - that: - - iam_role is changed - -- name: "Update Max Session Duration" - iam_role: - name: "{{ test_role }}" - max_session_duration: 43200 - register: iam_role - -- assert: - that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - - iam_role.iam_role.max_session_duration == 43200 - -- name: "Update Max Session Duration (no change)" - iam_role: - name: "{{ test_role }}" - max_session_duration: 43200 - register: iam_role - -- assert: - that: - - iam_role is not changed - -- name: "Update Max Session Duration (no change) - check mode" - iam_role: - name: "{{ test_role }}" - max_session_duration: 43200 - register: iam_role - check_mode: yes - -- assert: - that: - - iam_role is not changed - -- name: "iam_role_info after updating Max Session Duration" - iam_role_info: - name: "{{ test_role }}" - register: role_info - -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - '"description" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 0 diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/parameter_checks.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/parameter_checks.yml deleted file mode 100644 index 57df5436a..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/parameter_checks.yml +++ /dev/null @@ -1,90 +0,0 @@ ---- -# Parameter Checks -- name: "Friendly message when creating an instance profile and adding a boundary profile" - iam_role: - name: "{{ test_role }}" - boundary: "{{ boundary_policy }}" - register: iam_role - ignore_errors: yes - -- assert: - that: - - iam_role is failed - - '"boundary policy" in iam_role.msg' - - '"create_instance_profile" in iam_role.msg' - - '"false" in iam_role.msg' - -- name: "Friendly message when boundary profile is not an ARN" - iam_role: - name: "{{ test_role }}" - boundary: "AWSDenyAll" - create_instance_profile: no - register: iam_role - ignore_errors: yes - -- assert: - that: - - iam_role is failed - - '"Boundary policy" in iam_role.msg' - - '"ARN" in iam_role.msg' - -- name: 'Friendly message when "present" without assume_role_policy_document' - module_defaults: { iam_role: {} } - iam_role: - name: "{{ test_role }}" - register: iam_role - ignore_errors: yes - -- assert: - that: - - iam_role is failed - - 'iam_role.msg.startswith("state is present but all of the following are missing")' - - '"assume_role_policy_document" in iam_role.msg' - -- name: "Maximum Session Duration needs to be between 1 and 12 hours" - iam_role: - name: "{{ test_role }}" - max_session_duration: 3599 - register: iam_role - ignore_errors: yes - -- assert: - that: - - iam_role is failed - - '"max_session_duration must be between" in iam_role.msg' - -- name: "Maximum Session Duration needs to be between 1 and 12 hours" - iam_role: - name: "{{ test_role }}" - max_session_duration: 43201 - register: iam_role - ignore_errors: yes - -- assert: - that: - - iam_role is failed - - '"max_session_duration must be between" in iam_role.msg' - -- name: "Role Paths must start with /" - iam_role: - name: "{{ test_role }}" - path: "test/" - register: iam_role - ignore_errors: yes - -- assert: - that: - - iam_role is failed - - '"path must begin and end with /" in iam_role.msg' - -- name: "Role Paths must end with /" - iam_role: - name: "{{ test_role }}" - path: "/test" - register: iam_role - ignore_errors: yes - -- assert: - that: - - iam_role is failed - - '"path must begin and end with /" in iam_role.msg' diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/policy_update.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/policy_update.yml deleted file mode 100644 index a822edf74..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/policy_update.yml +++ /dev/null @@ -1,250 +0,0 @@ ---- -- name: "Add Managed Policy (CHECK MODE)" - iam_role: - name: "{{ test_role }}" - purge_policies: no - managed_policy: - - "{{ safe_managed_policy }}" - check_mode: yes - register: iam_role - -- assert: - that: - - iam_role is changed - -- name: "Add Managed Policy" - iam_role: - name: "{{ test_role }}" - purge_policies: no - managed_policy: - - "{{ safe_managed_policy }}" - register: iam_role - -- assert: - that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - -- name: "Add Managed Policy (no change) - check mode" - iam_role: - name: "{{ test_role }}" - purge_policies: no - managed_policy: - - "{{ safe_managed_policy }}" - register: iam_role - check_mode: yes - -- assert: - that: - - iam_role is not changed - -- name: "Add Managed Policy (no change)" - iam_role: - name: "{{ test_role }}" - purge_policies: no - managed_policy: - - "{{ safe_managed_policy }}" - register: iam_role - -- assert: - that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role - -- name: "iam_role_info after adding Managed Policy" - iam_role_info: - name: "{{ test_role }}" - register: role_info - -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 1 - - safe_managed_policy in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten ) - - custom_policy_name not in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten ) - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 1 - - '"TagB" in role_info.iam_roles[0].tags' - - role_info.iam_roles[0].tags.TagB == "ValueB" - -# ------------------------------------------------------------------------------------------ - -- name: "Update Managed Policy without purge (CHECK MODE)" - iam_role: - name: "{{ test_role }}" - purge_policies: no - managed_policy: - - "{{ custom_policy_name }}" - check_mode: yes - register: iam_role - -- assert: - that: - - iam_role is changed - -- name: "Update Managed Policy without purge" - iam_role: - name: "{{ test_role }}" - purge_policies: no - managed_policy: - - "{{ custom_policy_name }}" - register: iam_role - -- assert: - that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - -- name: "Update Managed Policy without purge (no change) - check mode" - iam_role: - name: "{{ test_role }}" - purge_policies: no - managed_policy: - - "{{ custom_policy_name }}" - register: iam_role - check_mode: yes - -- assert: - that: - - iam_role is not changed - -- name: "Update Managed Policy without purge (no change)" - iam_role: - name: "{{ test_role }}" - purge_policies: no - managed_policy: - - "{{ custom_policy_name }}" - register: iam_role - -- assert: - that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role - -- name: "iam_role_info after updating Managed Policy without purge" - iam_role_info: - name: "{{ test_role }}" - register: role_info - -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 2 - - safe_managed_policy in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten ) - - custom_policy_name in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten ) - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 1 - - '"TagB" in role_info.iam_roles[0].tags' - - role_info.iam_roles[0].tags.TagB == "ValueB" - -# ------------------------------------------------------------------------------------------ - -# Managed Policies are purged by default -- name: "Update Managed Policy with purge (CHECK MODE)" - iam_role: - name: "{{ test_role }}" - managed_policy: - - "{{ custom_policy_name }}" - check_mode: yes - register: iam_role - -- assert: - that: - - iam_role is changed - -- name: "Update Managed Policy with purge" - iam_role: - name: "{{ test_role }}" - managed_policy: - - "{{ custom_policy_name }}" - register: iam_role - -- assert: - that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - -- name: "Update Managed Policy with purge (no change) - check mode" - iam_role: - name: "{{ test_role }}" - managed_policy: - - "{{ custom_policy_name }}" - register: iam_role - check_mode: yes - -- assert: - that: - - iam_role is not changed - -- name: "Update Managed Policy with purge (no change)" - iam_role: - name: "{{ test_role }}" - managed_policy: - - "{{ custom_policy_name }}" - register: iam_role - -- assert: - that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role - -- name: "iam_role_info after updating Managed Policy with purge" - iam_role_info: - name: "{{ test_role }}" - register: role_info - -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 1 - - safe_managed_policy not in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten ) - - custom_policy_name in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten ) - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 1 - - '"TagB" in role_info.iam_roles[0].tags' - - role_info.iam_roles[0].tags.TagB == "ValueB" diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/role_removal.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/role_removal.yml deleted file mode 100644 index ebcfd5453..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/role_removal.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -- name: "Remove IAM Role (CHECK MODE)" - iam_role: - state: absent - name: "{{ test_role }}" - delete_instance_profile: yes - check_mode: yes - register: iam_role - -- assert: - that: - - iam_role is changed - -- name: "iam_role_info after deleting role in check mode" - iam_role_info: - name: "{{ test_role }}" - register: role_info - -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - -- name: "Remove IAM Role" - iam_role: - state: absent - name: "{{ test_role }}" - delete_instance_profile: yes - register: iam_role - -- assert: - that: - - iam_role is changed - -- name: "iam_role_info after deleting role" - iam_role_info: - name: "{{ test_role }}" - register: role_info -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 0 - -- name: "Remove IAM Role (should be gone already) - check mode" - iam_role: - state: absent - name: "{{ test_role }}" - delete_instance_profile: yes - register: iam_role - check_mode: yes - -- assert: - that: - - iam_role is not changed - -- name: "Remove IAM Role (should be gone already)" - iam_role: - state: absent - name: "{{ test_role }}" - delete_instance_profile: yes - register: iam_role - -- assert: - that: - - iam_role is not changed diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/tags_update.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/tags_update.yml deleted file mode 100644 index 5eadd9fdf..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/tags_update.yml +++ /dev/null @@ -1,341 +0,0 @@ ---- -- name: "Add Tag (CHECK MODE)" - iam_role: - name: "{{ test_role }}" - tags: - TagA: ValueA - check_mode: yes - register: iam_role - -- assert: - that: - - iam_role is changed - -- name: "Add Tag" - iam_role: - name: "{{ test_role }}" - tags: - TagA: ValueA - register: iam_role - -- assert: - that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - - iam_role.iam_role.tags | length == 1 - - '"TagA" in iam_role.iam_role.tags' - - iam_role.iam_role.tags.TagA == "ValueA" - -- name: "Add Tag (no change) - check mode" - iam_role: - name: "{{ test_role }}" - tags: - TagA: ValueA - register: iam_role - check_mode: yes - -- assert: - that: - - iam_role is not changed - -- name: "Add Tag (no change)" - iam_role: - name: "{{ test_role }}" - tags: - TagA: ValueA - register: iam_role - -- assert: - that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role - - '"TagA" in iam_role.iam_role.tags' - - iam_role.iam_role.tags.TagA == "ValueA" - -- name: "iam_role_info after adding Tags" - iam_role_info: - name: "{{ test_role }}" - register: role_info - -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 1 - - '"TagA" in role_info.iam_roles[0].tags' - - role_info.iam_roles[0].tags.TagA == "ValueA" - -# ------------------------------------------------------------------------------------------ - -- name: "Update Tag (CHECK MODE)" - iam_role: - name: "{{ test_role }}" - tags: - TagA: AValue - check_mode: yes - register: iam_role - -- assert: - that: - - iam_role is changed - -- name: "Update Tag" - iam_role: - name: "{{ test_role }}" - tags: - TagA: AValue - register: iam_role - -- assert: - that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - - '"TagA" in iam_role.iam_role.tags' - - iam_role.iam_role.tags.TagA == "AValue" - -- name: "Update Tag (no change) - check mode" - iam_role: - name: "{{ test_role }}" - tags: - TagA: AValue - register: iam_role - check_mode: yes - -- assert: - that: - - iam_role is not changed - -- name: "Update Tag (no change)" - iam_role: - name: "{{ test_role }}" - tags: - TagA: AValue - register: iam_role - -- assert: - that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role - - '"TagA" in iam_role.iam_role.tags' - - iam_role.iam_role.tags.TagA == "AValue" - -- name: "iam_role_info after updating Tag" - iam_role_info: - name: "{{ test_role }}" - register: role_info - -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 1 - - '"TagA" in role_info.iam_roles[0].tags' - - role_info.iam_roles[0].tags.TagA == "AValue" - -# ------------------------------------------------------------------------------------------ - -- name: "Add second Tag without purge (CHECK MODE)" - iam_role: - name: "{{ test_role }}" - purge_tags: no - tags: - TagB: ValueB - check_mode: yes - register: iam_role - -- assert: - that: - - iam_role is changed - -- name: "Add second Tag without purge" - iam_role: - name: "{{ test_role }}" - purge_tags: no - tags: - TagB: ValueB - register: iam_role - -- assert: - that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - - '"TagB" in iam_role.iam_role.tags' - - iam_role.iam_role.tags.TagB == "ValueB" - -- name: "Add second Tag without purge (no change) - check mode" - iam_role: - name: "{{ test_role }}" - purge_tags: no - tags: - TagB: ValueB - register: iam_role - check_mode: yes - -- assert: - that: - - iam_role is not changed - -- name: "Add second Tag without purge (no change)" - iam_role: - name: "{{ test_role }}" - purge_tags: no - tags: - TagB: ValueB - register: iam_role - -- assert: - that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role - - '"TagB" in iam_role.iam_role.tags' - - iam_role.iam_role.tags.TagB == "ValueB" - -- name: "iam_role_info after adding second Tag without purge" - iam_role_info: - name: "{{ test_role }}" - register: role_info - -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 2 - - '"TagA" in role_info.iam_roles[0].tags' - - role_info.iam_roles[0].tags.TagA == "AValue" - - '"TagB" in role_info.iam_roles[0].tags' - - role_info.iam_roles[0].tags.TagB == "ValueB" - -# ------------------------------------------------------------------------------------------ - -- name: "Purge first tag (CHECK MODE)" - iam_role: - name: "{{ test_role }}" - purge_tags: yes - tags: - TagB: ValueB - check_mode: yes - register: iam_role - -- assert: - that: - - iam_role is changed - -- name: "Purge first tag" - iam_role: - name: "{{ test_role }}" - purge_tags: yes - tags: - TagB: ValueB - register: iam_role - -- assert: - that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - - '"TagB" in iam_role.iam_role.tags' - - iam_role.iam_role.tags.TagB == "ValueB" - -- name: "Purge first tag (no change) - check mode" - iam_role: - name: "{{ test_role }}" - purge_tags: yes - tags: - TagB: ValueB - register: iam_role - -- assert: - that: - - iam_role is not changed - -- name: "Purge first tag (no change)" - iam_role: - name: "{{ test_role }}" - purge_tags: yes - tags: - TagB: ValueB - register: iam_role - -- assert: - that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role - - '"TagB" in iam_role.iam_role.tags' - - iam_role.iam_role.tags.TagB == "ValueB" - -- name: "iam_role_info after purging first Tag" - iam_role_info: - name: "{{ test_role }}" - register: role_info - -- assert: - that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 1 - - '"TagA" not in role_info.iam_roles[0].tags' - - '"TagB" in role_info.iam_roles[0].tags' - - role_info.iam_roles[0].tags.TagB == "ValueB" diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_saml_federation/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_saml_federation/tasks/main.yml index b061fc601..3098d4811 100644 --- a/ansible_collections/community/aws/tests/integration/targets/iam_saml_federation/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/iam_saml_federation/tasks/main.yml @@ -1,9 +1,9 @@ - module_defaults: group/aws: region: "{{ aws_region }}" - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" collections: - amazon.aws block: diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_server_certificate/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_server_certificate/tasks/main.yml index 0cfab38c8..d50ebfe52 100644 --- a/ansible_collections/community/aws/tests/integration/targets/iam_server_certificate/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/iam_server_certificate/tasks/main.yml @@ -11,9 +11,9 @@ # - module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: ################################################ diff --git a/ansible_collections/community/aws/tests/integration/targets/inspector_target/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/inspector_target/tasks/main.yml index 907e1ffdd..a32e3bd68 100644 --- a/ansible_collections/community/aws/tests/integration/targets/inspector_target/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/inspector_target/tasks/main.yml @@ -4,14 +4,14 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: - name: Create AWS Inspector Target Group - aws_inspector_target: + inspector_target: name: "{{ aws_inspector_scan_name }}" state: present tags: @@ -20,7 +20,7 @@ register: target_group_create - name: Create AWS Inspector Target Group (Verify) - aws_inspector_target: + inspector_target: name: "{{ aws_inspector_scan_name }}" state: present tags: @@ -41,7 +41,7 @@ - target_group_create_verify.tags.changed == "no" - name: Change AWS Inspector Target Group Tags - aws_inspector_target: + inspector_target: name: "{{ aws_inspector_scan_name }}" state: present tags: @@ -50,7 +50,7 @@ register: target_group_tag_change - name: Change AWS Inspector Target Group Tags (Verify) - aws_inspector_target: + inspector_target: name: "{{ aws_inspector_scan_name }}" state: present tags: @@ -72,13 +72,13 @@ always: - name: Delete AWS Inspector Target Group - aws_inspector_target: + inspector_target: name: "{{ aws_inspector_scan_name }}" state: absent register: target_group_delete - name: Delete AWS Inspector Target Group (Verify) - aws_inspector_target: + inspector_target: name: "{{ aws_inspector_scan_name }}" state: absent register: target_group_delete_verify diff --git a/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/aliases b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/aliases index 4ef4b2067..d528335bb 100644 --- a/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/aliases +++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/aliases @@ -1 +1,2 @@ +time=20m cloud/aws diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_access_key/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/meta/main.yml index 32cf5dda7..32cf5dda7 100644 --- a/ansible_collections/community/aws/tests/integration/targets/iam_access_key/meta/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/meta/main.yml diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/create_inventory_config.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/create_inventory_config.yml new file mode 100644 index 000000000..f91a9fba3 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/create_inventory_config.yml @@ -0,0 +1,16 @@ +--- +- hosts: 127.0.0.1 + connection: local + gather_facts: no + + vars: + template_name: "../templates/{{ template | default('inventory.j2') }}" + + vars_files: + - vars/main.yml + + tasks: + - name: write inventory config file + copy: + dest: ../test.aws_mq.yml + content: "{{ lookup('template', template_name) }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/empty_inventory_config.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/empty_inventory_config.yml new file mode 100644 index 000000000..6bc277e2a --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/empty_inventory_config.yml @@ -0,0 +1,9 @@ +--- +- hosts: 127.0.0.1 + connection: local + gather_facts: no + tasks: + - name: write inventory config file + copy: + dest: ../test.aws_mq.yml + content: "" diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/populate_cache.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/populate_cache.yml new file mode 100644 index 000000000..dff6ede2f --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/populate_cache.yml @@ -0,0 +1,32 @@ +--- +- hosts: 127.0.0.1 + connection: local + gather_facts: no + + environment: "{{ ansible_test.environment }}" + + module_defaults: + group/aws: + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' + region: '{{ aws_region }}' + + collections: + - community.aws + + vars_files: + - vars/main.yml + + tasks: + - name: refresh inventory to populate cache + meta: refresh_inventory + + - name: assert group was populated with inventory but is empty + assert: + that: + - "'aws_mq' in groups" + - "groups.aws_mq | length == 1" + + - name: Delete MQ instance + include_tasks: tasks/mq_instance_delete.yml
\ No newline at end of file diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/setup_instance.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/setup_instance.yml new file mode 100644 index 000000000..fcea9cd8c --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/setup_instance.yml @@ -0,0 +1,29 @@ +--- +- hosts: 127.0.0.1 + connection: local + gather_facts: no + + vars: + env_vars: + AWS_ACCESS_KEY_ID: '{{ aws_access_key }}' + AWS_SECRET_ACCESS_KEY: '{{ aws_secret_key }}' + AWS_DEFAULT_REGION: '{{ aws_region }}' + AWS_SECURITY_TOKEN: '{{ security_token }}' + + environment: "{{ ansible_test.environment | combine(env_vars) }}" + + module_defaults: + group/aws: + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' + region: '{{ aws_region }}' + + collections: + - community.aws + + vars_files: + - vars/main.yml + + tasks: + - include_tasks: 'tasks/mq_instance_{{ operation }}.yml' diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/tasks/find_broker.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/tasks/find_broker.yml new file mode 100644 index 000000000..e5f76d0a5 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/tasks/find_broker.yml @@ -0,0 +1,10 @@ +--- +- name: Find broker by name + community.aws.mq_broker_info: + broker_name: "{{ broker_name }}" + register: broker_info + failed_when: false + +- name: Find broker by name, if exists + set_fact: + broker_exists: "{{ not (('Invalid type for parameter BrokerId, value: None' in broker_info.msg) | bool) }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/tasks/mq_instance_create.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/tasks/mq_instance_create.yml new file mode 100644 index 000000000..88f60c093 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/tasks/mq_instance_create.yml @@ -0,0 +1,27 @@ +--- +# using command module until #1832 is resolved +- include_tasks: find_broker.yml +- block: + - name: Get engine versions + command: > + aws mq describe-broker-engine-types --engine {{ engine }} + register: describe_engine_result + + - name: Select latest engine version + set_fact: + engine_version: "{{ ( describe_engine_result.stdout | from_json ).BrokerEngineTypes[0].EngineVersions | map(attribute='Name') | sort | max }}" + + - name: Create minimal MQ instance in default VPC and default subnet group + command: > + aws mq create-broker + --broker-name {{ broker_name }} + --deployment-mode SINGLE_INSTANCE + --engine-type {{ engine }} + --engine-version {{ engine_version }} + {% if resource_tags is defined %}--tags '{{ resource_tags | to_json }}'{% endif %} + --host-instance-type mq.t3.micro + --users=ConsoleAccess=True,Groups=admin,Password=aODvFQAt4tt1W,Username=master + --auto-minor-version-upgrade + --no-publicly-accessible + when: + - not broker_exists
\ No newline at end of file diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/tasks/mq_instance_delete.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/tasks/mq_instance_delete.yml new file mode 100644 index 000000000..b533ee86b --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/tasks/mq_instance_delete.yml @@ -0,0 +1,13 @@ +--- +- name: remove broker instance + community.aws.mq_broker: + state: absent + engine_type: "{{ engine }}" + broker_name: '{{ broker_name }}' + register: delete_result + failed_when: + - delete_result.get('failed',false) + - (delete_result.get('message','')).find('be deleted while in state [CREATION_IN_PROGRESS]') == -1 + until: (delete_result.get('message','')).find('be deleted while in state [CREATION_IN_PROGRESS]') == -1 + retries: 150 + delay: 60 diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_invalid_aws_mq_inventory_config.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_invalid_aws_mq_inventory_config.yml new file mode 100644 index 000000000..c982d0d9e --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_invalid_aws_mq_inventory_config.yml @@ -0,0 +1,9 @@ +--- +- hosts: 127.0.0.1 + connection: local + gather_facts: no + tasks: + - name: assert inventory was not populated by aws_mq inventory plugin + assert: + that: + - "'aws_mq' not in groups" diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_inventory_cache.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_inventory_cache.yml new file mode 100644 index 000000000..8926cefa2 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_inventory_cache.yml @@ -0,0 +1,18 @@ +--- +- hosts: 127.0.0.1 + connection: local + gather_facts: no + tasks: + - name: assert cache was used to populate inventory + assert: + that: + - "'aws_mq' in groups" + - "groups.aws_mq | length == 1" + + - meta: refresh_inventory + + - name: assert refresh_inventory updated the cache + assert: + that: + - "'aws_mq' in groups" + - "not groups.aws_mq" diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_inventory_no_hosts.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_inventory_no_hosts.yml new file mode 100644 index 000000000..4873adc92 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_inventory_no_hosts.yml @@ -0,0 +1,16 @@ +--- +- hosts: 127.0.0.1 + connection: local + gather_facts: no + + environment: "{{ ansible_test.environment }}" + + collections: + - community.aws + tasks: + - debug: var=groups + - name: assert group was populated with inventory but is empty + assert: + that: + - "'aws_mq' in groups" + - groups.aws_mq | length == 0 diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_inventory_with_hostvars_prefix_suffix.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_inventory_with_hostvars_prefix_suffix.yml new file mode 100644 index 000000000..2db7f76ab --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_inventory_with_hostvars_prefix_suffix.yml @@ -0,0 +1,30 @@ +--- +- hosts: 127.0.0.1 + connection: local + gather_facts: no + + environment: "{{ ansible_test.environment }}" + + collections: + - community.aws + + vars_files: + - vars/main.yml + + tasks: + + - name: assert the hostvars are defined with prefix and/or suffix + assert: + that: + - "hostvars[broker_name][vars_prefix ~ 'host_instance_type' ~ vars_suffix] == 'mq.t3.micro'" + - "hostvars[broker_name][vars_prefix ~ 'engine_type' ~ vars_suffix] == engine" + - "hostvars[broker_name][vars_prefix ~ 'broker_state' ~ vars_suffix] in ('CREATION_IN_PROGRESS', 'RUNNING')" + - "'host_instance_type' not in hostvars[broker_name]" + - "'engine_type' not in hostvars[broker_name]" + - "'broker_state' not in hostvars[broker_name]" + - "'ansible_diff_mode' in hostvars[broker_name]" + - "'ansible_forks' in hostvars[broker_name]" + - "'ansible_version' in hostvars[broker_name]" + vars: + vars_prefix: "{{ inventory_prefix | default('') }}" + vars_suffix: "{{ inventory_suffix | default('') }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_populating_inventory.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_populating_inventory.yml new file mode 100644 index 000000000..a71043c70 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_populating_inventory.yml @@ -0,0 +1,17 @@ +--- +- hosts: 127.0.0.1 + connection: local + gather_facts: no + + environment: "{{ ansible_test.environment }}" + + vars_files: + - vars/main.yml + + tasks: + - name: assert aws_mq inventory group contains MQ instance created by previous playbook + assert: + that: + - "'aws_mq' in groups" + - "groups.aws_mq | length == 1" + - groups.aws_mq.0 == broker_name diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_populating_inventory_with_constructed.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_populating_inventory_with_constructed.yml new file mode 100644 index 000000000..8d840158f --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_populating_inventory_with_constructed.yml @@ -0,0 +1,27 @@ +--- +- hosts: 127.0.0.1 + connection: local + gather_facts: no + + environment: "{{ ansible_test.environment }}" + collections: + - community.aws + + vars_files: + - vars/main.yml + + tasks: + + - debug: + var: groups + + - name: assert the keyed groups from constructed config were added to inventory + assert: + that: + # There are 5 groups: all, ungrouped, aws_mq, tag and engine_type keyed group + - "groups | length == 5" + - '"all" in groups' + - '"ungrouped" in groups' + - '"aws_mq" in groups' + - '"tag_workload_type_other" in groups' + - '"mq_ACTIVEMQ" in groups' diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/vars/main.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/vars/main.yml new file mode 100644 index 000000000..2f599201c --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/vars/main.yml @@ -0,0 +1,6 @@ +--- +broker_name: "{{ resource_prefix }}-activemq" +engine: "ACTIVEMQ" +resource_tags: + workload_type: other +aws_inventory_cache_dir: "" diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/runme.sh b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/runme.sh new file mode 100755 index 000000000..68a3eda4b --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/runme.sh @@ -0,0 +1,72 @@ +#!/usr/bin/env bash + +set -eux + +function cleanup() { + ansible-playbook playbooks/setup_instance.yml -e "operation=delete" "$@" + exit 1 +} + +trap 'cleanup "${@}"' ERR + +# ensure test config is empty +ansible-playbook playbooks/empty_inventory_config.yml "$@" + +export ANSIBLE_INVENTORY_ENABLED="community.aws.aws_mq" + +# test with default inventory file +ansible-playbook playbooks/test_invalid_aws_mq_inventory_config.yml "$@" + +export ANSIBLE_INVENTORY=test.aws_mq.yml + +# test empty inventory config +ansible-playbook playbooks/test_invalid_aws_mq_inventory_config.yml "$@" + +# delete existing resources +ansible-playbook playbooks/setup_instance.yml -e "operation=delete" "$@" + +# generate inventory config and test using it +ansible-playbook playbooks/create_inventory_config.yml "$@" + +# test inventory with no hosts +ansible-playbook playbooks/test_inventory_no_hosts.yml "$@" + +# create MQ resources +ansible-playbook playbooks/setup_instance.yml -e "operation=create" "$@" + +# test inventory populated with MQ instance +ansible-playbook playbooks/test_populating_inventory.yml "$@" + +# generate inventory config with constructed features and test using it +ansible-playbook playbooks/create_inventory_config.yml -e "template='inventory_with_constructed.j2'" "$@" +ansible-playbook playbooks/test_populating_inventory_with_constructed.yml "$@" + +# generate inventory config with hostvars_prefix features and test using it +ansible-playbook playbooks/create_inventory_config.yml -e "template='inventory_with_hostvars_prefix_suffix.j2'" -e "inventory_prefix='aws_mq_'" "$@" +ansible-playbook playbooks/test_inventory_with_hostvars_prefix_suffix.yml -e "inventory_prefix='aws_mq_'" "$@" + +# generate inventory config with hostvars_suffix features and test using it +ansible-playbook playbooks/create_inventory_config.yml -e "template='inventory_with_hostvars_prefix_suffix.j2'" -e "inventory_suffix='_aws_mq'" "$@" +ansible-playbook playbooks/test_inventory_with_hostvars_prefix_suffix.yml -e "inventory_suffix='_aws_mq'" "$@" + +# generate inventory config with hostvars_prefix and hostvars_suffix features and test using it +ansible-playbook playbooks/create_inventory_config.yml -e "template='inventory_with_hostvars_prefix_suffix.j2'" -e "inventory_prefix='aws_'" -e "inventory_suffix='_mq'" "$@" +ansible-playbook playbooks/test_inventory_with_hostvars_prefix_suffix.yml -e "inventory_prefix='aws_'" -e "inventory_suffix='_mq'" "$@" + +# generate inventory config with statuses and test using it +ansible-playbook playbooks/create_inventory_config.yml -e '{"inventory_statuses": true}' "$@" +ansible-playbook playbooks/test_inventory_no_hosts.yml "$@" + +# generate inventory config with caching and test using it +AWS_MQ_CACHE_DIR="aws_mq_cache_dir" +rm -rf "${AWS_MQ_CACHE_DIR}" +ansible-playbook playbooks/create_inventory_config.yml -e "template='inventory_with_cache.j2'" -e "aws_inventory_cache_dir=$AWS_MQ_CACHE_DIR" "$@" +ansible-playbook playbooks/populate_cache.yml "$@" +ansible-playbook playbooks/test_inventory_cache.yml "$@" +rm -rf "${AWS_MQ_CACHE_DIR}" + +# cleanup inventory config +ansible-playbook playbooks/empty_inventory_config.yml "$@" + +ansible-playbook playbooks/setup_instance.yml -e "operation=delete" "$@" + diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory.j2 b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory.j2 new file mode 100644 index 000000000..25fa80918 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory.j2 @@ -0,0 +1,12 @@ +plugin: community.aws.aws_mq +access_key: '{{ aws_access_key }}' +secret_key: '{{ aws_secret_key }}' +{% if security_token | default(false) %} +session_token: '{{ security_token }}' +{% endif %} +regions: + - '{{ aws_region }}' +{% if inventory_statuses | default(false) %} +statuses: + - CREATION_FAILED +{% endif %} diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory_with_cache.j2 b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory_with_cache.j2 new file mode 100644 index 000000000..10941a8d5 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory_with_cache.j2 @@ -0,0 +1,11 @@ +plugin: community.aws.aws_mq +cache: True +cache_plugin: jsonfile +cache_connection: '{{ aws_inventory_cache_dir }}' +access_key: '{{ aws_access_key }}' +secret_key: '{{ aws_secret_key }}' +{% if security_token | default(false) %} +session_token: '{{ security_token }}' +{% endif %} +regions: + - '{{ aws_region }}' diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory_with_constructed.j2 b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory_with_constructed.j2 new file mode 100644 index 000000000..7b421ace4 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory_with_constructed.j2 @@ -0,0 +1,13 @@ +plugin: community.aws.aws_mq +access_key: '{{ aws_access_key }}' +secret_key: '{{ aws_secret_key }}' +{% if security_token | default(false) %} +session_token: '{{ security_token }}' +{% endif %} +regions: + - '{{ aws_region }}' +keyed_groups: + - key: tags + prefix: tag + - key: engine_type + prefix: mq diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory_with_hostvars_prefix_suffix.j2 b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory_with_hostvars_prefix_suffix.j2 new file mode 100644 index 000000000..13bc6ffa8 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory_with_hostvars_prefix_suffix.j2 @@ -0,0 +1,14 @@ +plugin: community.aws.aws_mq +access_key: '{{ aws_access_key }}' +secret_key: '{{ aws_secret_key }}' +{% if security_token | default(false) %} +session_token: '{{ security_token }}' +{% endif %} +regions: + - '{{ aws_region }}' +{% if inventory_prefix | default(false) %} +hostvars_prefix: '{{ inventory_prefix }}' +{% endif %} +{% if inventory_suffix | default(false) %} +hostvars_suffix: '{{ inventory_suffix }}' +{% endif %} diff --git a/ansible_collections/community/aws/tests/integration/targets/kinesis_stream/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/kinesis_stream/tasks/main.yml index b6791fb06..f219f0ae6 100644 --- a/ansible_collections/community/aws/tests/integration/targets/kinesis_stream/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/kinesis_stream/tasks/main.yml @@ -3,9 +3,9 @@ - name: 'Setup AWS Module Defaults' module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' kinesis_stream: # Number of shards is mandatory when state=present @@ -23,13 +23,13 @@ # Note: Because we're not a producer / consumer we don't actually need # access to the keys - name: 'Create KMS key 1' - aws_kms: + kms_key: alias: '{{ kms_cmk_alias_1 }}' state: present enabled: yes register: create_kms_1 - name: 'Create KMS key 2' - aws_kms: + kms_key: alias: '{{ kms_cmk_alias_2 }}' state: present enabled: yes @@ -680,7 +680,7 @@ block: - name: 'Delete the KMS keys' ignore_errors: yes - aws_kms: + kms_key: state: absent alias: '{{ item }}' loop: diff --git a/ansible_collections/community/aws/tests/integration/targets/legacy_missing_tests/aliases b/ansible_collections/community/aws/tests/integration/targets/legacy_missing_tests/aliases index 27c4351c4..edfaa127e 100644 --- a/ansible_collections/community/aws/tests/integration/targets/legacy_missing_tests/aliases +++ b/ansible_collections/community/aws/tests/integration/targets/legacy_missing_tests/aliases @@ -5,9 +5,6 @@ application_scaling_policy batch_compute_environment batch_job_definition batch_job_queue -cloudfront_distribution_info -cloudfront_invalidation -cloudfront_origin_access_identity data_pipeline directconnect_confirm_connection directconnect_connection diff --git a/ansible_collections/community/aws/tests/integration/targets/lightsail/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/lightsail/tasks/main.yml index 91f13a8ba..18e76756d 100644 --- a/ansible_collections/community/aws/tests/integration/targets/lightsail/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/lightsail/tasks/main.yml @@ -2,10 +2,10 @@ - module_defaults: group/aws: - aws_access_key: '{{ aws_access_key | default(omit) }}' - aws_secret_key: '{{ aws_secret_key | default(omit) }}' - security_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' + region: '{{ aws_region }}' block: @@ -15,8 +15,14 @@ lightsail: name: "{{ instance_name }}" zone: "{{ zone }}" - blueprint_id: amazon_linux + blueprint_id: amazon_linux_2 bundle_id: nano_2_0 + public_ports: + - from_port: 50 + to_port: 50 + protocol: "tcp" + cidrs: ["0.0.0.0/0"] + ipv6_cidrs: ["::/0"] wait: yes register: result @@ -25,8 +31,10 @@ - result.changed == True - "'instance' in result and result.instance.name == instance_name" - "result.instance.state.name == 'running'" + - "result.instance.networking.ports[0].from_port == 50" + - result.instance.networking.ports|length == 1 - - name: Make sure create is idempotent + - name: Check if it does not delete public ports config when no value is provided lightsail: name: "{{ instance_name }}" zone: "{{ zone }}" @@ -38,6 +46,24 @@ that: - result.changed == False + - name: Make sure create is idempotent + lightsail: + name: "{{ instance_name }}" + zone: "{{ zone }}" + blueprint_id: amazon_linux_2 + bundle_id: nano_2_0 + public_ports: + - from_port: 50 + to_port: 50 + protocol: "tcp" + cidrs: ["0.0.0.0/0"] + ipv6_cidrs: ["::/0"] + register: result + + - assert: + that: + - result.changed == False + - name: Start the running instance lightsail: name: "{{ instance_name }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/aws_region_info/aliases b/ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/aliases index 4ef4b2067..4ef4b2067 100644 --- a/ansible_collections/community/aws/tests/integration/targets/aws_region_info/aliases +++ b/ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/aliases diff --git a/ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/defaults/main.yml new file mode 100644 index 000000000..5866de4ec --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/defaults/main.yml @@ -0,0 +1,3 @@ +instance_name: "{{ resource_prefix }}_instance" +snapshot_name: "{{ resource_prefix }}_instance_snapshot" +zone: "{{ aws_region }}a" diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_group/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/meta/main.yml index 32cf5dda7..32cf5dda7 100644 --- a/ansible_collections/community/aws/tests/integration/targets/iam_group/meta/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/meta/main.yml diff --git a/ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/tasks/main.yml new file mode 100644 index 000000000..98553d278 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/tasks/main.yml @@ -0,0 +1,85 @@ +--- + +- module_defaults: + group/aws: + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' + region: '{{ aws_region }}' + + block: + + # ==== Tests =================================================== + + - name: Create a new instance + lightsail: + name: "{{ instance_name }}" + zone: "{{ zone }}" + blueprint_id: amazon_linux_2 + bundle_id: nano_2_0 + wait: yes + + - name: Create a new snapshot + lightsail_snapshot: + snapshot_name: "{{ snapshot_name }}" + instance_name: "{{ instance_name }}" + region: "{{ aws_region }}" + wait: yes + register: result + + - assert: + that: + - result.changed == True + - "'instance_snapshot' in result and result.instance_snapshot.name == snapshot_name" + - "result.instance_snapshot.state == 'available'" + + - name: Make sure instance snapshot creation is idempotent + lightsail_snapshot: + snapshot_name: "{{ snapshot_name }}" + instance_name: "{{ instance_name }}" + region: "{{ aws_region }}" + wait: yes + register: result + + - assert: + that: + - result.changed == False + + - name: Delete the instance snapshot + lightsail_snapshot: + snapshot_name: "{{ snapshot_name }}" + region: "{{ aws_region }}" + state: absent + register: result + + - assert: + that: + - result.changed == True + + - name: Make sure instance snapshot deletion is idempotent + lightsail_snapshot: + snapshot_name: "{{ snapshot_name }}" + region: "{{ aws_region }}" + state: absent + register: result + + - assert: + that: + - result.changed == False + + # ==== Cleanup ==================================================== + + always: + + - name: Cleanup - delete instance snapshot + lightsail_snapshot: + snapshot_name: "{{ snapshot_name }}" + region: "{{ aws_region }}" + state: absent + ignore_errors: yes + + - name: Cleanup - delete instance + lightsail: + name: "{{ instance_name }}" + state: absent + ignore_errors: yes diff --git a/ansible_collections/community/aws/tests/integration/targets/lightsail_static_ip/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/lightsail_static_ip/tasks/main.yml index f8f327344..e0b452f3e 100644 --- a/ansible_collections/community/aws/tests/integration/targets/lightsail_static_ip/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/lightsail_static_ip/tasks/main.yml @@ -2,10 +2,10 @@ - module_defaults: group/aws: - aws_access_key: '{{ aws_access_key | default(omit) }}' - aws_secret_key: '{{ aws_secret_key | default(omit) }}' - security_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' + region: '{{ aws_region }}' block: diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/aliases b/ansible_collections/community/aws/tests/integration/targets/mq/aliases new file mode 100644 index 000000000..fef8ae9bd --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/mq/aliases @@ -0,0 +1,13 @@ +# reason: missing-policy +# We don't have CI or 'unsupported' policy for Amazon MQ, yet +# reason: slow +# tests run about 30 minutes +unsupported + +cloud/aws + +mq_broker_info +mq_broker +mq_broker_config +mq_user_info +mq_user diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/mq/defaults/main.yml new file mode 100644 index 000000000..2199c2f63 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/mq/defaults/main.yml @@ -0,0 +1,9 @@ +--- +# default files for mq_* +broker_name: '{{resource_prefix}}-mq' +vpc_name: "{{ resource_prefix }}-vpc" +vpc_cidr: "10.0.0.0/16" +subnet_cidr: "10.0.1.0/24" +sg_name: "{{resource_prefix}}-sg" +tags: + workload_type: other
\ No newline at end of file diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/files/broker_cfg.1.xml b/ansible_collections/community/aws/tests/integration/targets/mq/files/broker_cfg.1.xml new file mode 100644 index 000000000..0fdc98e46 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/mq/files/broker_cfg.1.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<broker schedulePeriodForDestinationPurge="10000" xmlns="http://activemq.apache.org/schema/core"> + <!-- update 1 --> + <destinationPolicy> + <policyMap> + <policyEntries> + <policyEntry gcInactiveDestinations="true" inactiveTimoutBeforeGC="600000" topic=">"> + <pendingMessageLimitStrategy> + <constantPendingMessageLimitStrategy limit="1000"/> + </pendingMessageLimitStrategy> + </policyEntry> + <policyEntry gcInactiveDestinations="true" inactiveTimoutBeforeGC="600000" queue=">"/> + </policyEntries> + </policyMap> + </destinationPolicy> + <plugins/> +</broker> diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/files/broker_cfg.1a.xml b/ansible_collections/community/aws/tests/integration/targets/mq/files/broker_cfg.1a.xml new file mode 100644 index 000000000..b374d1357 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/mq/files/broker_cfg.1a.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<broker schedulePeriodForDestinationPurge="10000" xmlns="http://activemq.apache.org/schema/core"> + <!-- update 1 --> + + <destinationPolicy> + <policyMap> + <policyEntries> + <policyEntry gcInactiveDestinations="true" inactiveTimoutBeforeGC="600000" topic=">"> + <pendingMessageLimitStrategy> + <constantPendingMessageLimitStrategy limit="1000"/> + </pendingMessageLimitStrategy> + </policyEntry> + <policyEntry gcInactiveDestinations="true" inactiveTimoutBeforeGC="600000" queue=">"/> + </policyEntries> + </policyMap> + </destinationPolicy> + <plugins/> + +</broker> + + diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/files/broker_cfg.2.xml b/ansible_collections/community/aws/tests/integration/targets/mq/files/broker_cfg.2.xml new file mode 100644 index 000000000..0d10ebdc6 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/mq/files/broker_cfg.2.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<broker schedulePeriodForDestinationPurge="10000" xmlns="http://activemq.apache.org/schema/core"> + <!-- update 2 --> + <destinationPolicy> + <policyMap> + <policyEntries> + <policyEntry gcInactiveDestinations="true" inactiveTimoutBeforeGC="600000" topic=">"> + <pendingMessageLimitStrategy> + <constantPendingMessageLimitStrategy limit="1000"/> + </pendingMessageLimitStrategy> + </policyEntry> + <policyEntry gcInactiveDestinations="true" inactiveTimoutBeforeGC="600000" queue=">"/> + </policyEntries> + </policyMap> + </destinationPolicy> + <plugins/> +</broker> diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/mq/meta/main.yml index 32cf5dda7..32cf5dda7 100644 --- a/ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/meta/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/mq/meta/main.yml diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_cleanup.yml b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_cleanup.yml new file mode 100644 index 000000000..9507f99fa --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_cleanup.yml @@ -0,0 +1,17 @@ +- name: cleanup broker + mq_broker: + broker_name: "{{ broker_name }}" + state: "absent" + ignore_errors: true + when: not ansible_check_mode +# we need to wait - otherwise env_cleanup.yml will fail +- name: wait until broker deletion is finished + mq_broker_info: + broker_id: "{{ broker_id }}" + register: result + # the condition will never be met - instead it wail fail in the end + until: result.broker['broker_state'] != 'DELETION_IN_PROGRESS' + retries: 15 + delay: 60 + ignore_errors: true + when: not ansible_check_mode diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_config_tests.yml b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_config_tests.yml new file mode 100644 index 000000000..31c67438b --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_config_tests.yml @@ -0,0 +1,82 @@ +- name: get broker details + mq_broker_info: + broker_id: "{{ broker_id }}" + register: result +- name: verify test broker is running + assert: + fail_msg: "broker with id {{ broker_id }} is not in RUNNING state" + that: + - result.broker['broker_state'] == 'RUNNING' + when: not ansible_check_mode +- name: test 1 - send update to broker config + mq_broker_config: + broker_id: "{{ broker_id }}" + config_xml: "{{ lookup('file', '../files/broker_cfg.1.xml')}}" + register: result +- name: verify test1 + assert: + fail_msg: test1 failed + that: + - result.changed | bool + - result.broker['broker_id'] == broker_id + - result.configuration['id'] == result.broker['configurations']['pending']['id'] + - result.configuration['revision'] == result.broker['configurations']['pending']['revision'] + when: not ansible_check_mode +- name: test 1a - send same config again + mq_broker_config: + broker_id: "{{ broker_id }}" + config_xml: "{{ lookup('file', '../files/broker_cfg.1.xml')}}" + register: result +- name: verify test1a + assert: + fail_msg: test1a failed + that: + - not (result.changed | bool ) + when: not ansible_check_mode +- name: test 2 - send (almost) same config again - differs by whitespace + mq_broker_config: + broker_id: "{{ broker_id }}" + config_xml: "{{ lookup('file', '../files/broker_cfg.1a.xml')}}" + register: result +- name: verify test2 + assert: + fail_msg: test2 failed + that: + - not (result.changed | bool ) + when: not ansible_check_mode +- name: test 3 - send new config with custom description and request reboot + mq_broker_config: + broker_id: "{{ broker_id }}" + config_xml: "{{ lookup('file', '../files/broker_cfg.2.xml')}}" + config_description: "test 3 used custom description" + reboot: true + register: result +- name: verify test3 + assert: + fail_msg: test3 failed + that: + - result.changed | bool + - result.broker['broker_state'] == 'REBOOT_IN_PROGRESS' + when: not ansible_check_mode +- name: wait for reboot + mq_broker_info: + broker_id: "{{ broker_id }}" + register: result + until: result.broker['broker_state'] == 'RUNNING' + retries: 15 + delay: 60 + when: not ansible_check_mode +- name: test 3a - send new config again + mq_broker_config: + broker_id: "{{ broker_id }}" + config_xml: "{{ lookup('file', '../files/broker_cfg.2.xml')}}" + config_description: "test 3 used custom description" + reboot: true + register: result +- name: verify test3a + assert: + fail_msg: test3a failed + that: + - not (result.changed | bool ) + when: not ansible_check_mode +# Note: currently there's no way to delete a broker configuration (version) diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_delete_tests.yml b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_delete_tests.yml new file mode 100644 index 000000000..bde36cd13 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_delete_tests.yml @@ -0,0 +1,43 @@ +- name: delete broker + mq_broker: + broker_name: "{{ broker_name }}" + state: "absent" + register: result +- name: verify broker delete + assert: + fail_msg: broker delete failed + that: + - ( result.changed | bool) + when: not ansible_check_mode +- name: get details after delete + mq_broker_info: + broker_name: "{{ broker_name }}" + register: result_d1 +- name: verify broker deletion on progress + assert: + fail_msg: broker delete too fast? + that: + - result_d1.broker['broker_state'] == 'DELETION_IN_PROGRESS' + when: not ansible_check_mode +- name: repeat broker deletion + mq_broker: + broker_name: "{{ broker_name }}" + state: "absent" + register: result +- name: verify broker repeated delete + assert: + fail_msg: didn't detect DELETION_IN_PROGRESS in progress + that: + - not ( result.changed | bool) + when: not ansible_check_mode +- name: deletion unknown broker - simulates re-deletion of completely deleted broker + mq_broker: + broker_name: "{{ broker_name }}__unknown_broker__" + state: "absent" + register: result +- name: verify delete unknown broker + assert: + fail_msg: deletion of unknown broker return unexpected result + that: + - not ( result.changed | bool) + when: not ansible_check_mode diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_tests.yml b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_tests.yml new file mode 100644 index 000000000..515306abf --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_tests.yml @@ -0,0 +1,120 @@ +- name: create broker with minimal parameters + mq_broker: + broker_name: "{{ broker_name }}" + security_groups: "{{ broker_sg_ids.split(',') }}" + subnet_ids: "{{ broker_subnet_ids.split(',') }}" + tags: "{{ tags }}" + wait: true + register: result +- set_fact: + broker_id: "{{ result.broker['broker_id'] }}" +- name: get broker details by id + mq_broker_info: + broker_id: "{{ broker_id }}" + register: result_c1 +- name: verify creation result + assert: + fail_msg: broker creation failed + that: + # change state is from previous operation: + - ( result.changed | bool ) + - result_c1.broker['broker_id'] == broker_id + - result_c1.broker['broker_name'] == broker_name + - result_c1.broker['broker_state'] == 'RUNNING' + - ( result_c1.broker['storage_type'] | upper ) == 'EFS' + - result_c1.broker['tags'] == tags + when: not ansible_check_mode +- name: repeat creation + mq_broker: + broker_name: "{{ broker_name }}" + security_groups: "{{ broker_sg_ids.split(',') }}" + subnet_ids: "{{ broker_subnet_ids.split(',') }}" + register: result +- set_fact: + broker_id: "{{ result.broker['broker_id'] }}" +- name: get broker details - this time by name + mq_broker_info: + broker_name: "{{ broker_name }}" + register: result_c2 +- name: verify broker re-creation + assert: + fail_msg: broker re-creation failed + that: + # change state is from previous operation: + - not ( result.changed | bool) + - result_c2.broker['broker_id'] == broker_id + - result_c2.broker['broker_name'] == broker_name + - ( result_c2.broker['storage_type'] | upper ) == 'EFS' + when: not ansible_check_mode +- name: update broker + mq_broker: + broker_name: "{{ broker_name }}" + auto_minor_version_upgrade: false + storage_type: EBS + register: result +- name: verify broker update + assert: + fail_msg: broker update failed + that: + - ( result.changed | bool) + - result.broker['broker_id'] == broker_id + when: not ansible_check_mode +- name: reboot broker to make pending changes active + mq_broker: + broker_name: "{{ broker_name }}" + state: "restarted" + register: result +- name: get broker details by id + mq_broker_info: + broker_id: "{{ broker_id }}" + register: result_r1 +- name: check for pending reboot + assert: + fail_msg: trigger reboot failed + that: + - result.changed | bool + - result_r1.broker['broker_state'] == 'REBOOT_IN_PROGRESS' + when: not ansible_check_mode +- debug: + msg: "Wait until reboot of broker {{ broker_name }} ({{ broker_id }}) is finished. This may take several minutes" +- name: wait for reboot + mq_broker_info: + broker_id: "{{ broker_id }}" + register: result + until: result.broker['broker_state'] == 'RUNNING' + retries: 15 + delay: 60 + when: not ansible_check_mode +- name: get details after update + mq_broker_info: + broker_name: "{{ broker_name }}" + register: result_u1 +- name: verify broker update + assert: + fail_msg: broker update failed + that: + - result_u1.broker['broker_id'] == broker_id + - result_u1.broker['broker_name'] == broker_name + - not ( result_u1.broker['auto_minor_version_upgrade'] | bool ) + # the next one checks that changes to create-only parameters are silently ignore + - result_u1.broker['storage_type'] == result_c1.broker['storage_type'] + when: not ansible_check_mode +- name: repeat update broker + mq_broker: + broker_name: "{{ broker_name }}" + auto_minor_version_upgrade: false + storage_type: EBS + register: result +- name: get details after re-update + mq_broker_info: + broker_name: "{{ broker_name }}" + register: result_u2 +- name: verify broker re-update + assert: + fail_msg: broker update failed + that: + - not ( result.changed | bool) + - result_u2.broker['broker_id'] == result_u1.broker['broker_id'] + - result_u2.broker['storage_type'] == result_u1.broker['storage_type'] + - result_u2.broker['engine_version'] == result_u1.broker['engine_version'] + when: not ansible_check_mode diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_user_info_tests.yml b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_user_info_tests.yml new file mode 100644 index 000000000..427e272b6 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_user_info_tests.yml @@ -0,0 +1,65 @@ +- name: set test data + set_fact: + create_users: + - "info_user1" + - "info_user2" + - "info_user3" + - "info_user4" + - "info_user5" + delete_users: + - "info_user2" + - "info_user5" +- name: prepare tests - create users + mq_user: + state: present + broker_id: "{{ broker_id }}" + username: "{{ item }}" + loop: "{{ create_users | flatten(levels=1) }}" +- name: prepare tests - delete users + mq_user: + state: absent + broker_id: "{{ broker_id }}" + username: "{{ item }}" + loop: "{{ delete_users | flatten(levels=1) }}" +- name: test2 - list all users + mq_user_info: + broker_id: "{{ broker_id }}" + register: result +- name: test2 - verify + assert: + fail_msg: test2 failed + that: + - result.users['info_user1'] + - result.users['info_user2'] + - result.users['info_user3'] + when: not ansible_check_mode +- name: test3 - list only user currently being active until next broker reboot + mq_user_info: + broker_id: "{{ broker_id }}" + skip_pending_create: true + register: result +- name: test3 - verify + assert: + fail_msg: test3 failed + that: + - not ('info_user1' in result.users) + - result.users['info_user2'] + - not ('info_user3' in result.users) + - not ('info_user4' in result.users) + - result.users['info_user5'] + when: not ansible_check_mode +- name: test4 - list only user that will be active after next broker reboot + mq_user_info: + broker_id: "{{ broker_id }}" + skip_pending_delete: true + register: result +- name: test4 - verify + assert: + fail_msg: test4 failed + that: + - result.users['info_user1'] + - not ('info_user2' in result.users) + - result.users['info_user3'] + - result.users['info_user4'] + - not ('info_user5' in result.users) + when: not ansible_check_mode diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_user_tests.yml b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_user_tests.yml new file mode 100644 index 000000000..6a30c694b --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_user_tests.yml @@ -0,0 +1,173 @@ +- name: set test data + set_fact: + usernames: + - "test_user1" + - "test_user2" + - "test_user3" + +- name: test1 - create user with default settings + mq_user: + broker_id: "{{ broker_id }}" + username: "{{ usernames[0] }}" + register: result +- name: test1 - verify + assert: + fail_msg: test1 failed + that: + - result.changed | bool + - result.user['username'] == usernames[0] + - not (result.user['pending']['console_access'] | bool) + - result.user['pending']['groups'] | length == 0 + when: not ansible_check_mode +- name: test2 - create user with console access and group list + mq_user: + state: present + broker_id: "{{ broker_id }}" + username: "{{ usernames[1] }}" + console_access: true + groups: [ "g1", "g2" ] + register: result +- name: test2 - verify + assert: + fail_msg: test2 failed + that: + - result.changed | bool + - result.user['username'] == usernames[1] + - result.user['pending']['console_access'] | bool + - result.user['pending']['groups'] | length == 2 + when: not ansible_check_mode +- name: test3 - create user with defined password + mq_user: + broker_id: "{{ broker_id }}" + username: "{{ usernames[2] }}" + password: "09234092jzxkjvjk23kn23qn5lk34" + register: result +- name: test3 - verify + assert: + fail_msg: test3 failed + that: + - result.changed | bool + - result.user['username'] == usernames[2] + - not (result.user['pending']['console_access'] | bool) + - result.user['pending']['groups'] | length == 0 + when: not ansible_check_mode +- name: test4 - update user password - ignore mode + mq_user: + broker_id: "{{ broker_id }}" + username: "{{ usernames[2] }}" + password: "new_password_ignored" + register: result +- name: test4 - verify + assert: + fail_msg: test4 failed + that: + - not (result.changed | bool) + when: not ansible_check_mode +- name: test5 - update user password - force mode + mq_user: + broker_id: "{{ broker_id }}" + username: "{{ usernames[2] }}" + password: "new_Password_Accepted0815%" + allow_pw_update: true + register: result +- name: test5 - verify + assert: + fail_msg: test5 failed + that: + - result.changed | bool + when: not ansible_check_mode +- name: test6 - update console access - same value + mq_user: + broker_id: "{{ broker_id }}" + username: "{{ usernames[2] }}" + console_access: false + register: result +- name: test6 - verify + assert: + fail_msg: test6 failed + that: + - not (result.changed | bool) + when: not ansible_check_mode +- name: test7 - update console access - new value + mq_user: + broker_id: "{{ broker_id }}" + username: "{{ usernames[1] }}" + console_access: false + register: result +- name: test7 - verify + assert: + fail_msg: test7 failed + that: + - result.changed | bool + - not( result.user['pending']['console_access'] | bool ) + - result.user['pending']['groups'] | length == 2 + when: not ansible_check_mode +- name: test8 - update group list - same list but different order + mq_user: + broker_id: "{{ broker_id }}" + username: "{{ usernames[1] }}" + groups: [ "g2", "g1" ] + register: result +- name: test8 - verify + assert: + fail_msg: test8 failed + that: + - not (result.changed | bool) + when: not ansible_check_mode +- name: test9 - update group list - add element + mq_user: + broker_id: "{{ broker_id }}" + username: "{{ usernames[1] }}" + groups: [ "g2", "g1", "g3" ] + register: result +- name: test9 - verify + assert: + fail_msg: test9 failed + that: + - result.changed | bool + - result.user['pending']['groups'] | length == 3 + when: not ansible_check_mode +- name: test10 - update group list - remove element + mq_user: + broker_id: "{{ broker_id }}" + username: "{{ usernames[1] }}" + groups: [ "g2", "g3" ] + register: result +- name: test10 - verify + assert: + fail_msg: test10 failed + that: + - result.changed | bool + - result.user['pending']['groups'] | length == 2 + when: not ansible_check_mode +- name: test11 - update group list - set to empty list + mq_user: + broker_id: "{{ broker_id }}" + username: "{{ usernames[1] }}" + groups: [] + register: result +- name: test11 - verify + assert: + fail_msg: test11 failed + that: + - result.changed | bool + - result.user['pending']['groups'] | length == 0 + when: not ansible_check_mode +- name: delete all users + mq_user: + state: absent + broker_id: "{{ broker_id }}" + username: "{{ item }}" + loop: "{{ usernames | flatten(levels=1) }}" +- name: test13 - delete deleted user + mq_user: + state: absent + broker_id: "{{ broker_id }}" + username: "{{ usernames[1] }}" + register: result +- name: test13 - verify + assert: + fail_msg: test13 failed + that: + - not(result.changed | bool) + when: not ansible_check_mode diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/tasks/env_cleanup.yml b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/env_cleanup.yml new file mode 100644 index 000000000..0ccb37907 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/env_cleanup.yml @@ -0,0 +1,33 @@ +- name: remove the security group + ec2_security_group: + name: "{{ sg_name }}" + description: a security group for ansible tests + vpc_id: "{{ testing_vpc.vpc.id }}" + state: absent + register: removed + until: removed is not failed + ignore_errors: yes + retries: 10 + +- name: remove subnet A + ec2_vpc_subnet: + state: absent + vpc_id: "{{ testing_vpc.vpc.id }}" + cidr: "{{ subnet_cidr }}" + register: removed + until: removed is not failed + ignore_errors: yes + retries: 10 + +- name: remove the VPC + ec2_vpc_net: + name: "{{ vpc_name }}" + cidr_block: "{{ vpc_cidr }}" + state: absent + tags: + Name: Ansible Testing VPC + tenancy: default + register: removed + until: removed is not failed + ignore_errors: yes + retries: 10 diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/tasks/env_setup.yml b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/env_setup.yml new file mode 100644 index 000000000..e27b66f27 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/env_setup.yml @@ -0,0 +1,25 @@ +- name: Create VPC for use in testing + ec2_vpc_net: + name: "{{ vpc_name }}" + cidr_block: "{{ vpc_cidr }}" + tags: + Name: Ansible ec2_instance Testing VPC + tenancy: default + register: testing_vpc + +- name: Create subnet in zone A + ec2_vpc_subnet: + state: present + vpc_id: "{{ testing_vpc.vpc.id }}" + cidr: "{{ subnet_cidr }}" + az: "{{ aws_region }}a" + resource_tags: + Name: "{{ resource_prefix }}-subnet-a" + register: testing_subnet_a + +- name: create a security group with the vpc + ec2_security_group: + name: "{{ sg_name }}" + description: a security group for ansible tests + vpc_id: "{{ testing_vpc.vpc.id }}" + register: testing_sg diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/main.yml new file mode 100644 index 000000000..e84367a76 --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/main.yml @@ -0,0 +1,35 @@ +--- +- name: run amazon MQ tests + module_defaults: + group/aws: + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" + aws_region: "{{ aws_region }}" + collections: + - amazon.aws + + block: + - name: set up environment for testing. + include_tasks: env_setup.yml + - name: set subnet and security group + set_fact: + broker_subnet_ids: "{{ testing_subnet_a.subnet.id }}" + broker_sg_ids: "{{ testing_sg.group_id }}" + - name: run broker tests + include_tasks: broker_tests.yml + # re-user broker_id for other tests + - name: run broker config tests + include_tasks: broker_config_tests.yml + - name: run broker user tests + include_tasks: broker_user_tests.yml + - name: run broker user info tests + include_tasks: broker_user_info_tests.yml + - name: run broker delete tests + include_tasks: broker_delete_tests.yml + + always: + - name: cleanup broker + include_tasks: broker_cleanup.yml + + - include_tasks: env_cleanup.yml diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/vars/main.yml b/ansible_collections/community/aws/tests/integration/targets/mq/vars/main.yml new file mode 100644 index 000000000..ed97d539c --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/mq/vars/main.yml @@ -0,0 +1 @@ +--- diff --git a/ansible_collections/community/aws/tests/integration/targets/msk_cluster-auth/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/msk_cluster-auth/tasks/main.yml index 5a6487607..9ed2e92d5 100644 --- a/ansible_collections/community/aws/tests/integration/targets/msk_cluster-auth/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/msk_cluster-auth/tasks/main.yml @@ -2,9 +2,9 @@ - name: aws_msk_cluster integration tests module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" collections: - amazon.aws @@ -42,7 +42,7 @@ # ============================================================ - name: create msk configuration - aws_msk_config: + msk_config: name: "{{ msk_config_name }}" state: "present" kafka_versions: @@ -55,14 +55,14 @@ always: - name: delete msk cluster - aws_msk_cluster: + msk_cluster: name: "{{ msk_cluster_name }}" state: absent wait: true ignore_errors: yes - name: remove msk configuration - aws_msk_config: + msk_config: name: "{{ msk_config_name }}" state: absent ignore_errors: yes diff --git a/ansible_collections/community/aws/tests/integration/targets/msk_cluster-auth/tasks/test_create_auth.yml b/ansible_collections/community/aws/tests/integration/targets/msk_cluster-auth/tasks/test_create_auth.yml index d7cdd3a71..9535c235f 100644 --- a/ansible_collections/community/aws/tests/integration/targets/msk_cluster-auth/tasks/test_create_auth.yml +++ b/ansible_collections/community/aws/tests/integration/targets/msk_cluster-auth/tasks/test_create_auth.yml @@ -1,6 +1,6 @@ --- - name: create a msk cluster with authentication flipped from default (check mode) - aws_msk_cluster: + msk_cluster: name: "{{ msk_cluster_name }}" state: "present" version: "{{ msk_version }}" @@ -24,7 +24,7 @@ - msk_cluster is changed - name: create a msk cluster with authentication flipped from default - aws_msk_cluster: + msk_cluster: name: "{{ msk_cluster_name }}" state: "present" version: "{{ msk_version }}" @@ -62,10 +62,10 @@ # Not always returned by API # - "msk_cluster.cluster_info.client_authentication.unauthenticated.enabled == false" - "msk_cluster.cluster_info.open_monitoring.prometheus.jmx_exporter.enabled_in_broker == false" - - "msk_cluster.cluster_info.cluster_arn.startswith('arn:aws:kafka:{{ aws_region }}:')" + - "msk_cluster.cluster_info.cluster_arn.startswith('arn:aws:kafka:' ~ aws_region ~ ':')" - name: create a msk cluster with authentication flipped from default (idempotency) - aws_msk_cluster: + msk_cluster: name: "{{ msk_cluster_name }}" state: "present" version: "{{ msk_version }}" @@ -89,7 +89,7 @@ ### Keep delete simple as we're not checking delete here - name: delete msk cluster - aws_msk_cluster: + msk_cluster: name: "{{ msk_cluster_name }}" state: "absent" wait: true diff --git a/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/main.yml index a3049dad0..6425d7ec7 100644 --- a/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/main.yml @@ -2,9 +2,9 @@ - name: aws_msk_cluster integration tests module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" collections: - amazon.aws @@ -42,7 +42,7 @@ # ============================================================ - name: create msk configuration - aws_msk_config: + msk_config: name: "{{ msk_config_name }}" state: "present" kafka_versions: @@ -61,14 +61,14 @@ always: - name: delete msk cluster - aws_msk_cluster: + msk_cluster: name: "{{ msk_cluster_name }}" state: absent wait: true ignore_errors: yes - name: remove msk configuration - aws_msk_config: + msk_config: name: "{{ msk_config_name }}" state: absent ignore_errors: yes diff --git a/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_create.yml b/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_create.yml index 4fd7073cc..f6845059f 100644 --- a/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_create.yml +++ b/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_create.yml @@ -1,6 +1,6 @@ --- - name: create msk cluster (check mode) - aws_msk_cluster: + msk_cluster: name: "{{ msk_cluster_name }}" state: "present" version: "{{ msk_version }}" @@ -20,7 +20,7 @@ - msk_cluster is changed - name: create msk cluster - aws_msk_cluster: + msk_cluster: name: "{{ msk_cluster_name }}" state: "present" version: "{{ msk_version }}" @@ -50,10 +50,10 @@ - "msk_cluster.cluster_info.broker_node_group_info.instance_type == 'kafka.t3.small'" - "msk_cluster.cluster_info.broker_node_group_info.storage_info.ebs_storage_info.volume_size == 10" - "msk_cluster.cluster_info.open_monitoring.prometheus.jmx_exporter.enabled_in_broker == false" - - "msk_cluster.cluster_info.cluster_arn.startswith('arn:aws:kafka:{{ aws_region }}:')" + - "msk_cluster.cluster_info.cluster_arn.startswith('arn:aws:kafka:' ~ aws_region ~ ':')" - name: create msk cluster (idempotency) - aws_msk_cluster: + msk_cluster: name: "{{ msk_cluster_name }}" state: "present" version: "{{ msk_version }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_delete.yml b/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_delete.yml index efd90fa14..53a0d7c8f 100644 --- a/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_delete.yml +++ b/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_delete.yml @@ -1,6 +1,6 @@ --- - name: delete msk cluster (check mode) - aws_msk_cluster: + msk_cluster: name: "{{ msk_cluster_name }}" state: "absent" wait: true @@ -13,7 +13,7 @@ - msk_cluster is changed - name: delete msk cluster - aws_msk_cluster: + msk_cluster: name: "{{ msk_cluster_name }}" state: "absent" wait: true @@ -25,7 +25,7 @@ - msk_cluster is changed - name: delete msk cluster (idempotency) - aws_msk_cluster: + msk_cluster: name: "{{ msk_cluster_name }}" state: "absent" wait: true diff --git a/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_update.yml b/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_update.yml index 50ac91718..600d8eb59 100644 --- a/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_update.yml +++ b/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_update.yml @@ -1,6 +1,6 @@ --- - name: update msk cluster (check mode) - aws_msk_cluster: + msk_cluster: name: "{{ msk_cluster_name }}" state: "present" version: "{{ msk_version }}" @@ -22,7 +22,7 @@ - msk_cluster is changed - name: update msk cluster - aws_msk_cluster: + msk_cluster: name: "{{ msk_cluster_name }}" state: "present" version: "{{ msk_version }}" @@ -51,7 +51,7 @@ - "msk_cluster.cluster_info.tags.key3 == 'value3'" - name: update msk cluster (idempotency) - aws_msk_cluster: + msk_cluster: name: "{{ msk_cluster_name }}" state: "present" version: "{{ msk_version }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/msk_config/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/msk_config/tasks/main.yml index cef9e1dfc..5f7f6c782 100644 --- a/ansible_collections/community/aws/tests/integration/targets/msk_config/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/msk_config/tasks/main.yml @@ -2,15 +2,15 @@ - name: tests for community.aws.aws_msk_config module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" collections: - amazon.aws block: - name: create msk configuration (check mode) - aws_msk_config: + msk_config: name: "{{ msk_config_name }}" state: "present" kafka_versions: "{{ msk_kafka_versions }}" @@ -24,7 +24,7 @@ - msk_config is changed - name: create msk configuration - aws_msk_config: + msk_config: name: "{{ msk_config_name }}" state: "present" kafka_versions: "{{ msk_kafka_versions }}" @@ -37,7 +37,7 @@ - msk_config is changed - name: create msk configuration (idempotency) - aws_msk_config: + msk_config: name: "{{ msk_config_name }}" state: "present" kafka_versions: "{{ msk_kafka_versions }}" @@ -53,12 +53,12 @@ assert: that: - msk_config.revision == 1 - - "msk_config.arn.startswith('arn:aws:kafka:{{ aws_region }}:')" + - "msk_config.arn.startswith('arn:aws:kafka:' ~ aws_region ~ ':')" - "'auto.create.topics.enable=True' in msk_config.server_properties" - "'zookeeper.session.timeout.ms=18000' in msk_config.server_properties" - name: update msk configuration (check mode) - aws_msk_config: + msk_config: name: "{{ msk_config_name }}" state: "present" kafka_versions: "{{ msk_kafka_versions }}" @@ -72,7 +72,7 @@ - msk_config is changed - name: update msk configuration - aws_msk_config: + msk_config: name: "{{ msk_config_name }}" state: "present" kafka_versions: "{{ msk_kafka_versions }}" @@ -93,7 +93,7 @@ - "'zookeeper.session.timeout.ms=36000' in msk_config.server_properties" - name: update msk configuration (idempotency) - aws_msk_config: + msk_config: name: "{{ msk_config_name }}" state: "present" kafka_versions: "{{ msk_kafka_versions }}" @@ -106,7 +106,7 @@ - msk_config is not changed - name: delete msk configuration (check mode) - aws_msk_config: + msk_config: name: "{{ msk_config_name }}" state: "absent" check_mode: yes @@ -118,7 +118,7 @@ - msk_config is changed - name: delete msk configuration - aws_msk_config: + msk_config: name: "{{ msk_config_name }}" state: "absent" register: msk_config @@ -129,7 +129,7 @@ - msk_config is changed - name: delete msk configuration (idempotency) - aws_msk_config: + msk_config: name: "{{ msk_config_name }}" state: "absent" register: msk_config @@ -142,7 +142,7 @@ always: - name: remove msk configuration - aws_msk_config: + msk_config: name: "{{ msk_config_name }}" state: absent ignore_errors: yes diff --git a/ansible_collections/community/aws/tests/integration/targets/networkfirewall/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/networkfirewall/tasks/main.yml index 6a77d4f93..5a60654d8 100644 --- a/ansible_collections/community/aws/tests/integration/targets/networkfirewall/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/networkfirewall/tasks/main.yml @@ -5,9 +5,9 @@ - community.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: diff --git a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/meta/main.yml index f09ab4af1..32cf5dda7 100644 --- a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/meta/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/meta/main.yml @@ -1,4 +1 @@ -dependencies: - - role: setup_botocore_pip - vars: - botocore_version: "1.23.23" +dependencies: [] diff --git a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/default_order.yml b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/default_order.yml index 50df7e7ab..4c7d2ba25 100644 --- a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/default_order.yml +++ b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/default_order.yml @@ -223,8 +223,6 @@ stateful_rule_order: strict register: default_policy ignore_errors: True - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" - assert: that: @@ -237,8 +235,6 @@ stateful_rule_order: strict register: default_policy ignore_errors: True - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" - assert: that: @@ -1143,8 +1139,6 @@ - 'aws:drop_strict' register: default_policy ignore_errors: True - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" - assert: that: @@ -1158,8 +1152,6 @@ - 'aws:drop_strict' register: default_policy ignore_errors: True - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" - assert: that: diff --git a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/main.yml index d3890c680..14c3d1182 100644 --- a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/main.yml @@ -1,10 +1,10 @@ --- - module_defaults: group/aws: - aws_access_key: '{{ aws_access_key | default(omit) }}' - aws_secret_key: '{{ aws_secret_key | default(omit) }}' - security_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' + region: '{{ aws_region }}' collections: - amazon.aws - community.aws @@ -27,8 +27,6 @@ # Tests specifically related to policies using 'strict' rule order - include_tasks: 'strict_order.yml' - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" - include_tasks: 'actions.yml' diff --git a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/setup.yml b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/setup.yml index 27f0ebb48..e77e4d9a9 100644 --- a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/setup.yml +++ b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/setup.yml @@ -23,9 +23,6 @@ rule_order: strict register: strict_groups loop: '{{ range(1,4,1) | list }}' - # Setting rule order requires botocore>=1.23.23 - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" - debug: var: default_groups diff --git a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/strict_order.yml b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/strict_order.yml index b842eebae..745009bf5 100644 --- a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/strict_order.yml +++ b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/strict_order.yml @@ -260,8 +260,6 @@ stateful_rule_order: default register: strict_policy ignore_errors: True - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" - assert: that: @@ -274,8 +272,6 @@ stateful_rule_order: default register: strict_policy ignore_errors: True - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" - assert: that: diff --git a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/aliases b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/aliases index 3a0301661..ef3989f4b 100644 --- a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/aliases +++ b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/aliases @@ -1,4 +1,6 @@ time=18m cloud/aws +# Idempotency issues - https://github.com/ansible-collections/community.aws/issues/1634 +disabled networkfirewall_rule_group_info diff --git a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/meta/main.yml index f09ab4af1..32cf5dda7 100644 --- a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/meta/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/meta/main.yml @@ -1,4 +1 @@ -dependencies: - - role: setup_botocore_pip - vars: - botocore_version: "1.23.23" +dependencies: [] diff --git a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/tasks/main.yml index a6e84426e..46823c3c8 100644 --- a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/tasks/main.yml @@ -1,10 +1,10 @@ --- - module_defaults: group/aws: - aws_access_key: '{{ aws_access_key | default(omit) }}' - aws_secret_key: '{{ aws_secret_key | default(omit) }}' - security_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' + region: '{{ aws_region }}' collections: - amazon.aws - community.aws @@ -22,8 +22,6 @@ # List the Managed Rule Groups (there's no access to the rules themselves) - include_tasks: 'managed.yml' - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" # Minimal tests and manipulation of common metadata - include_tasks: 'minimal.yml' diff --git a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/tasks/stateful.yml b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/tasks/stateful.yml index 3b92a4cee..b6f51eff5 100644 --- a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/tasks/stateful.yml +++ b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/tasks/stateful.yml @@ -1078,8 +1078,6 @@ rule_order: 'strict' register: stateful_group ignore_errors: True - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" - assert: that: @@ -1092,8 +1090,6 @@ rule_order: 'strict' register: stateful_group ignore_errors: True - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" - assert: that: @@ -1142,8 +1138,6 @@ rule_order: strict register: strict_group check_mode: true - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" - assert: that: @@ -1170,8 +1164,6 @@ - 'pass tcp any any -> any any (sid:1000001;)' rule_order: strict register: strict_group - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" - assert: that: @@ -1208,8 +1200,6 @@ rule_order: strict register: strict_group check_mode: true - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" - assert: that: @@ -1238,8 +1228,6 @@ - 'pass tcp any any -> any any (sid:1000001;)' rule_order: strict register: strict_group - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" - assert: that: @@ -1269,8 +1257,6 @@ rule_order: 'default' register: strict_group ignore_errors: True - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" - assert: that: @@ -1283,8 +1269,6 @@ rule_order: 'default' register: strict_group ignore_errors: True - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" - assert: that: @@ -1299,8 +1283,6 @@ rule_order: 'strict' register: strict_group ignore_errors: True - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" - assert: that: @@ -1313,8 +1295,6 @@ rule_order: 'strict' register: strict_group ignore_errors: True - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" - assert: that: diff --git a/ansible_collections/community/aws/tests/integration/targets/opensearch/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/opensearch/meta/main.yml index 13d6ecd91..32cf5dda7 100644 --- a/ansible_collections/community/aws/tests/integration/targets/opensearch/meta/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/opensearch/meta/main.yml @@ -1,4 +1 @@ -dependencies: - - role: setup_botocore_pip - vars: - botocore_version: "1.21.38" +dependencies: [] diff --git a/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/main.yml index 6d3b47cad..e3c33d238 100644 --- a/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/main.yml @@ -4,17 +4,15 @@ module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" route53: # Route53 is explicitly a global service region: null collections: - amazon.aws - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" block: # Get some information about who we are before starting our tests diff --git a/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_create_cert.yml b/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_create_cert.yml index 533e75e96..5492bb922 100644 --- a/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_create_cert.yml +++ b/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_create_cert.yml @@ -1,10 +1,3 @@ -- pip: - name: - # The 'cryptography' module is required by community.crypto.openssl_privatekey - - 'cryptography' - virtualenv: "{{ botocore_virtualenv }}" - virtualenv_command: "{{ botocore_virtualenv_command }}" - virtualenv_site_packages: no - name: Create temporary directory ansible.builtin.tempfile: state: directory @@ -28,7 +21,7 @@ privatekey_path: '{{ tempdir_1.path }}/rsa-private-key.pem' selfsigned_digest: sha256 - name: import certificate to ACM - aws_acm: + acm_certificate: name_tag: 'opensearch.ansible-integ-test.com' domain_name: 'opensearch.ansible-integ-test.com' certificate: "{{ lookup('file', tempdir_1.path + '/rsa-certificate.pem') }}" @@ -50,4 +43,4 @@ - name: Delete temporary directory ansible.builtin.file: state: absent - path: "{{ tempdir_1.path }}"
\ No newline at end of file + path: "{{ tempdir_1.path }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_delete_resources.yml b/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_delete_resources.yml index d9ddfc913..470706f15 100644 --- a/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_delete_resources.yml +++ b/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_delete_resources.yml @@ -43,12 +43,12 @@ vpc_name: "{{ item.tags['Name'] }}" - name: collect info about KMS keys used for test purpose - aws_kms_info: + kms_key_info: filters: "tag:AnsibleTest": "AnsibleTestVpc" register: kms_info - name: Delete KMS keys that were created for test purpose - aws_kms: + kms_key: key_id: "{{ kms_arn }}" state: absent with_items: "{{ kms_info.kms_keys }}" @@ -56,6 +56,6 @@ kms_arn: "{{ item.key_arn }}" - name: delete certificate from ACM - aws_acm: + acm_certificate: name_tag: 'opensearch.ansible-integ-test.com' state: absent diff --git a/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_delete_vpc_resources.yml b/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_delete_vpc_resources.yml index 5fb803c90..b0cfa6434 100644 --- a/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_delete_vpc_resources.yml +++ b/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_delete_vpc_resources.yml @@ -30,13 +30,13 @@ when: route53_zone_ids | length > 0 - name: Get security groups that have been created for test purpose in the VPC - ec2_group_info: + ec2_security_group_info: filters: vpc-id: "{{ vpc_id }}" register: sg_info - name: Delete security groups - ec2_group: + ec2_security_group: group_id: "{{ sg_id }}" state: absent loop_control: diff --git a/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_vpc_setup.yml b/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_vpc_setup.yml index 90aeb50bb..6e1fec1ab 100644 --- a/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_vpc_setup.yml +++ b/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_vpc_setup.yml @@ -83,7 +83,7 @@ AnsibleTest: AnsibleTestVpc - name: Create security group for use in testing - ec2_group: + ec2_security_group: name: "{{ tiny_prefix }}-sg" description: a security group for ansible tests vpc_id: "{{ testing_vpc.vpc.id }}" @@ -120,7 +120,7 @@ - name: Create KMS key for test purpose # The key is needed for OpenSearch encryption at rest. - aws_kms: + kms_key: alias: "{{ tiny_prefix }}-kms" description: a key used for encryption at rest in test OpenSearch cluster state: present diff --git a/ansible_collections/community/aws/tests/integration/targets/redshift/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/redshift/tasks/main.yml index f79991d4e..a50c0372e 100644 --- a/ansible_collections/community/aws/tests/integration/targets/redshift/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/redshift/tasks/main.yml @@ -8,9 +8,9 @@ - module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" block: @@ -120,7 +120,7 @@ assert: that: - 'result.changed' - - 'result.cluster.identifier == "{{ redshift_cluster_name }}"' + - result.cluster.identifier == redshift_cluster_name - 'result.cluster.tags.foo == "bar"' - 'result.cluster.tags.Tizio == "Caio"' @@ -143,7 +143,7 @@ assert: that: - 'not result.changed' - - 'result.cluster.identifier == "{{ redshift_cluster_name }}"' + - result.cluster.identifier == redshift_cluster_name - 'result.cluster.tags.foo == "bar"' - 'result.cluster.tags.Tizio == "Caio"' - 'result.cluster.tags | count() == 2' @@ -166,7 +166,7 @@ assert: that: - 'result.changed' - - 'result.cluster.identifier == "{{ redshift_cluster_name }}-modified"' + - result.cluster.identifier == redshift_cluster_name ~ '-modified' - 'result.cluster.enhanced_vpc_routing == True' - 'result.cluster.tags | count() == 1' - 'result.cluster.tags.foo == "bar"' @@ -234,7 +234,7 @@ assert: that: - 'result.changed' - - 'result.cluster.identifier == "{{ redshift_cluster_name }}"' + - result.cluster.identifier == redshift_cluster_name - 'result.cluster.db_name == "integration_test"' # ============================================================ @@ -260,7 +260,7 @@ assert: that: - 'result.changed' - - 'result.cluster.identifier == "{{ redshift_cluster_name }}"' + - result.cluster.identifier == redshift_cluster_name - 'result.cluster.db_name == "integration_test"' - 'result.cluster.tags.foo == "bar"' @@ -289,7 +289,7 @@ assert: that: - 'result.changed' - - 'result.cluster.identifier == "{{ redshift_cluster_name }}"' + - result.cluster.identifier == redshift_cluster_name - 'result.cluster.db_name == "integration_test"' - 'result.cluster.tags.test1 == "value1"' - 'result.cluster.tags.foo == "bar"' @@ -318,7 +318,7 @@ assert: that: - 'not result.changed' - - 'result.cluster.identifier == "{{ redshift_cluster_name }}"' + - result.cluster.identifier == redshift_cluster_name - 'result.cluster.db_name == "integration_test"' - 'result.cluster.tags | count() == 2' diff --git a/ansible_collections/community/aws/tests/integration/targets/redshift_subnet_group/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/redshift_subnet_group/tasks/main.yml index e15ee9b93..0df7d98d0 100644 --- a/ansible_collections/community/aws/tests/integration/targets/redshift_subnet_group/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/redshift_subnet_group/tasks/main.yml @@ -9,9 +9,9 @@ # - module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/aliases b/ansible_collections/community/aws/tests/integration/targets/route53_wait/aliases index 4ef4b2067..4ef4b2067 100644 --- a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/aliases +++ b/ansible_collections/community/aws/tests/integration/targets/route53_wait/aliases diff --git a/ansible_collections/community/aws/tests/integration/targets/route53_wait/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/route53_wait/tasks/main.yml new file mode 100644 index 000000000..f9df05f5c --- /dev/null +++ b/ansible_collections/community/aws/tests/integration/targets/route53_wait/tasks/main.yml @@ -0,0 +1,245 @@ +--- +# tasks file for route53_wait integration tests + +- set_fact: + zone_one: '{{ resource_prefix | replace("-", "") }}.one.ansible.test.' +- debug: + msg: Set zone {{ zone_one }} + +- name: Test basics (new zone, A and AAAA records) + module_defaults: + group/aws: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token | default(omit) }}' + region: '{{ aws_region }}' + amazon.aws.route53: + # Route53 is explicitly a global service + region: + block: + - name: create VPC + ec2_vpc_net: + cidr_block: 192.0.2.0/24 + name: '{{ resource_prefix }}_vpc' + state: present + register: vpc + + - name: Create a zone + route53_zone: + zone: '{{ zone_one }}' + comment: Created in Ansible test {{ resource_prefix }} + tags: + TestTag: '{{ resource_prefix }}.z1' + register: z1 + + - name: Create A record (check mode) + route53: + state: present + hosted_zone_id: '{{ z1.zone_id }}' + record: test.{{ zone_one }} + overwrite: true + type: A + value: 192.0.2.1 + wait: false + register: result + check_mode: true + - assert: + that: + - result is not failed + - result is changed + - "'wait_id' in result" + - result.wait_id is none + + - name: Wait for A record to propagate (should do nothing) + route53_wait: + result: '{{ result }}' + + - name: Create A record + route53: + state: present + hosted_zone_id: '{{ z1.zone_id }}' + record: test.{{ zone_one }} + overwrite: true + type: A + value: 192.0.2.1 + wait: false + register: result + - assert: + that: + - result is not failed + - result is changed + - "'wait_id' in result" + - result.wait_id is string + + - name: Wait for A record to propagate + route53_wait: + result: '{{ result }}' + + - name: Create A record (idempotent) + route53: + state: present + hosted_zone_id: '{{ z1.zone_id }}' + record: test.{{ zone_one }} + overwrite: true + type: A + value: 192.0.2.1 + wait: false + register: result + - assert: + that: + - result is not failed + - result is not changed + - "'wait_id' not in result" + + - name: Wait for A record to propagate (should do nothing) + route53_wait: + result: '{{ result }}' + + - name: Create A records + route53: + state: present + hosted_zone_id: '{{ z1.zone_id }}' + record: '{{ item.record }}' + overwrite: true + type: A + value: '{{ item.value }}' + wait: false + loop: + - record: test-1.{{ zone_one }} + value: 192.0.2.1 + - record: test-2.{{ zone_one }} + value: 192.0.2.2 + - record: test-3.{{ zone_one }} + value: 192.0.2.3 + register: results + - assert: + that: + - results is not failed + - results is changed + - results.results | length == 3 + - results.results[0] is changed + - results.results[1] is changed + - results.results[2] is changed + + - name: Wait for A records to propagate + route53_wait: + results: '{{ results }}' + + - name: Create A records (idempotent) + route53: + state: present + hosted_zone_id: '{{ z1.zone_id }}' + record: '{{ item.record }}' + overwrite: true + type: A + value: '{{ item.value }}' + wait: false + loop: + - record: test-1.{{ zone_one }} + value: 192.0.2.1 + - record: test-2.{{ zone_one }} + value: 192.0.2.2 + - record: test-3.{{ zone_one }} + value: 192.0.2.3 + register: results + - assert: + that: + - results is not failed + - results is not changed + - results.results | length == 3 + - results.results[0] is not changed + - results.results[1] is not changed + - results.results[2] is not changed + + - name: Wait for A records to propagate (should do nothing) + route53_wait: + results: '{{ results }}' + + - name: Update some A records + route53: + state: present + hosted_zone_id: '{{ z1.zone_id }}' + record: '{{ item.record }}' + overwrite: true + type: A + value: '{{ item.value }}' + wait: false + loop: + - record: test-1.{{ zone_one }} + value: 192.0.2.1 + - record: test-2.{{ zone_one }} + value: 192.0.2.4 + - record: test-3.{{ zone_one }} + value: 192.0.2.3 + register: results + - assert: + that: + - results is not failed + - results is changed + - results.results | length == 3 + - results.results[0] is not changed + - results.results[1] is changed + - results.results[2] is not changed + + - name: Wait for A records to propagate + route53_wait: + results: '{{ results }}' + +#Cleanup------------------------------------------------------ + + always: + + - route53_info: + query: record_sets + hosted_zone_id: '{{ z1.zone_id }}' + register: z1_records + + - name: Loop over A/AAAA/CNAME records and delete them + route53: + state: absent + zone: '{{ zone_one }}' + record: '{{ item.Name }}' + type: '{{ item.Type }}' + value: '{{ item.ResourceRecords | map(attribute="Value") | join(",") }}' + weight: '{{ item.Weight | default(omit) }}' + identifier: '{{ item.SetIdentifier }}' + region: '{{ omit }}' + ignore_errors: true + loop: '{{ z1_records.ResourceRecordSets | selectattr("Type", "in", ["A", "AAAA", + "CNAME", "CAA"]) | list }}' + when: + - '"ResourceRecords" in item' + - '"SetIdentifier" in item' + + - name: Loop over A/AAAA/CNAME records and delete them + route53: + state: absent + zone: '{{ zone_one }}' + record: '{{ item.Name }}' + type: '{{ item.Type }}' + value: '{{ item.ResourceRecords | map(attribute="Value") | join(",") }}' + ignore_errors: true + loop: '{{ z1_records.ResourceRecordSets | selectattr("Type", "in", ["A", "AAAA", + "CNAME", "CAA"]) | list }}' + when: + - '"ResourceRecords" in item' + + - name: Delete test zone one {{ zone_one }} + route53_zone: + state: absent + zone: '{{ zone_one }}' + register: delete_one + ignore_errors: true + retries: 10 + until: delete_one is not failed + + - name: destroy VPC + ec2_vpc_net: + cidr_block: 192.0.2.0/24 + name: '{{ resource_prefix }}_vpc' + state: absent + register: remove_vpc + retries: 10 + delay: 5 + until: remove_vpc is success + ignore_errors: true diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/defaults/main.yml deleted file mode 100644 index 464c0a299..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/defaults/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -name_pattern: "testbucket-ansible-integration" -testing_buckets: - - "{{ tiny_prefix }}-{{ name_pattern }}-1" - - "{{ tiny_prefix }}-{{ name_pattern }}-2" diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/meta/main.yml deleted file mode 100644 index 32cf5dda7..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/meta/main.yml +++ /dev/null @@ -1 +0,0 @@ -dependencies: [] diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/tasks/basic.yml b/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/tasks/basic.yml deleted file mode 100644 index bf09665af..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/tasks/basic.yml +++ /dev/null @@ -1,72 +0,0 @@ ---- -- name: Get simple S3 bucket list - aws_s3_bucket_info: - register: bucket_list - -- name: Assert result.changed == False and bucket list was retrieved - assert: - that: - - bucket_list.changed == False - - bucket_list.buckets - -- name: Get complex S3 bucket list - aws_s3_bucket_info: - name_filter: "{{ name_pattern }}" - bucket_facts: - bucket_accelerate_configuration: true - bucket_acl: true - bucket_cors: true - bucket_encryption: true - bucket_lifecycle_configuration: true - bucket_location: true - bucket_logging: true - bucket_notification_configuration: true - bucket_policy: true - bucket_policy_status: true - bucket_replication: true - bucket_request_payment: true - bucket_tagging: true - bucket_website: true - public_access_block: true - transform_location: true - register: bucket_list - -- name: Assert that buckets list contains requested bucket facts - assert: - that: - - item.name is search(name_pattern) - - item.bucket_accelerate_configuration is defined - - item.bucket_acl is defined - - item.bucket_cors is defined - - item.bucket_encryption is defined - - item.bucket_lifecycle_configuration is defined - - item.bucket_location is defined - - item.bucket_logging is defined - - item.bucket_notification_configuration is defined - - item.bucket_policy is defined - - item.bucket_policy_status is defined - - item.bucket_replication is defined - - item.bucket_request_payment is defined - - item.bucket_tagging is defined - - item.bucket_website is defined - - item.public_access_block is defined - loop: "{{ bucket_list.buckets }}" - loop_control: - label: "{{ item.name }}" - -- name: Assert that retrieved bucket facts contains valid data - assert: - that: - - item.bucket_acl.Owner is defined - - item.bucket_tagging.snake_case is defined - - item.bucket_tagging.CamelCase is defined - - item.bucket_tagging["lowercase spaced"] is defined - - item.bucket_tagging["Title Case"] is defined - - item.bucket_tagging.snake_case == 'simple_snake_case' - - item.bucket_tagging.CamelCase == 'SimpleCamelCase' - - item.bucket_tagging["lowercase spaced"] == 'hello cruel world' - - item.bucket_tagging["Title Case"] == 'Hello Cruel World' - - item.bucket_location.LocationConstraint == aws_region - loop: "{{ bucket_list.buckets }}" - loop_control: - label: "{{ item.name }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/tasks/bucket_ownership_controls.yml b/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/tasks/bucket_ownership_controls.yml deleted file mode 100644 index 3acd99cf6..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/tasks/bucket_ownership_controls.yml +++ /dev/null @@ -1,81 +0,0 @@ ---- -- name: Get S3 bucket ownership controls - aws_s3_bucket_info: - name_filter: "{{ name_pattern }}" - bucket_facts: - bucket_ownership_controls: true - transform_location: true - register: bucket_list - -- name: Assert that buckets list contains requested bucket facts - assert: - that: - - item.name is search(name_pattern) - - item.bucket_ownership_controls is defined - loop: "{{ bucket_list.buckets }}" - loop_control: - label: "{{ item.name }}" - -- name: Get complex S3 bucket list (including ownership controls) - aws_s3_bucket_info: - name_filter: "{{ name_pattern }}" - bucket_facts: - bucket_accelerate_configuration: true - bucket_acl: true - bucket_cors: true - bucket_encryption: true - bucket_lifecycle_configuration: true - bucket_location: true - bucket_logging: true - bucket_notification_configuration: true - bucket_ownership_controls: true - bucket_policy: true - bucket_policy_status: true - bucket_replication: true - bucket_request_payment: true - bucket_tagging: true - bucket_website: true - public_access_block: true - transform_location: true - register: bucket_list - -- name: Assert that buckets list contains requested bucket facts - assert: - that: - - item.name is search(name_pattern) - - item.bucket_accelerate_configuration is defined - - item.bucket_acl is defined - - item.bucket_cors is defined - - item.bucket_encryption is defined - - item.bucket_lifecycle_configuration is defined - - item.bucket_location is defined - - item.bucket_logging is defined - - item.bucket_notification_configuration is defined - - item.bucket_ownership_controls is defined - - item.bucket_policy is defined - - item.bucket_policy_status is defined - - item.bucket_replication is defined - - item.bucket_request_payment is defined - - item.bucket_tagging is defined - - item.bucket_website is defined - - item.public_access_block is defined - loop: "{{ bucket_list.buckets }}" - loop_control: - label: "{{ item.name }}" - -- name: Assert that retrieved bucket facts contains valid data - assert: - that: - - item.bucket_acl.Owner is defined - - item.bucket_tagging.snake_case is defined - - item.bucket_tagging.CamelCase is defined - - item.bucket_tagging["lowercase spaced"] is defined - - item.bucket_tagging["Title Case"] is defined - - item.bucket_tagging.snake_case == 'simple_snake_case' - - item.bucket_tagging.CamelCase == 'SimpleCamelCase' - - item.bucket_tagging["lowercase spaced"] == 'hello cruel world' - - item.bucket_tagging["Title Case"] == 'Hello Cruel World' - - item.bucket_location.LocationConstraint == aws_region - loop: "{{ bucket_list.buckets }}" - loop_control: - label: "{{ item.name }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/tasks/main.yml deleted file mode 100644 index 47d24cd0e..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/tasks/main.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -- name: Test community.aws.aws_s3_bucket_info - module_defaults: - group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" - region: "{{ aws_region }}" - block: - - name: Create a simple s3_bucket - s3_bucket: - name: "{{ item }}" - state: present - tags: - "lowercase spaced": "hello cruel world" - "Title Case": "Hello Cruel World" - CamelCase: "SimpleCamelCase" - snake_case: "simple_snake_case" - register: output - loop: "{{ testing_buckets }}" - - - include_tasks: basic.yml - - include_tasks: bucket_ownership_controls.yml - - always: - - name: Delete simple s3_buckets - s3_bucket: - name: "{{ item }}" - state: absent - loop: "{{ testing_buckets }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_notification/files/mini_lambda.py b/ansible_collections/community/aws/tests/integration/targets/s3_bucket_notification/files/mini_lambda.py index d0d08dae9..c2b19be1d 100644 --- a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_notification/files/mini_lambda.py +++ b/ansible_collections/community/aws/tests/integration/targets/s3_bucket_notification/files/mini_lambda.py @@ -1,13 +1,13 @@ # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import +from __future__ import division +from __future__ import print_function + __metaclass__ = type import json def lambda_handler(event, context): - return { - 'statusCode': 200, - 'body': json.dumps('Hello from Lambda!') - } + return {"statusCode": 200, "body": json.dumps("Hello from Lambda!")} diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_notification/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/s3_bucket_notification/tasks/main.yml index ea7201065..ce81efc8c 100644 --- a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_notification/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/s3_bucket_notification/tasks/main.yml @@ -4,9 +4,9 @@ - community.general module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" block: - include_tasks: test_sns_sqs_notifications.yml diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/aliases b/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/aliases index 4ef4b2067..1ba8d84ef 100644 --- a/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/aliases +++ b/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/aliases @@ -1 +1,2 @@ +time=17m cloud/aws diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/meta/main.yml index c01990664..32cf5dda7 100644 --- a/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/meta/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/meta/main.yml @@ -1,4 +1 @@ -dependencies: - - role: setup_botocore_pip - vars: - botocore_version: "1.23.12" +dependencies: [] diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/tasks/main.yml index 7a15e4b66..d9f169561 100644 --- a/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/tasks/main.yml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' s3_lifecycle: wait: true @@ -465,8 +465,6 @@ noncurrent_version_keep_newer: 6 prefix: /something register: output - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" - assert: that: @@ -479,8 +477,6 @@ noncurrent_version_keep_newer: 6 prefix: /something register: output - vars: - ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" - assert: that: diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_logging/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/s3_logging/tasks/main.yml index f6c9a1710..e9a7b220b 100644 --- a/ansible_collections/community/aws/tests/integration/targets/s3_logging/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/s3_logging/tasks/main.yml @@ -11,9 +11,9 @@ # - module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' collections: - amazon.aws diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_metrics_configuration/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/s3_metrics_configuration/tasks/main.yml index ba5cce9e6..9e9f1133a 100644 --- a/ansible_collections/community/aws/tests/integration/targets/s3_metrics_configuration/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/s3_metrics_configuration/tasks/main.yml @@ -6,10 +6,10 @@ # - module_defaults: group/aws: - aws_access_key: '{{ aws_access_key | default(omit) }}' - aws_secret_key: '{{ aws_secret_key | default(omit) }}' - security_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' + region: '{{ aws_region }}' collections: - amazon.aws block: diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_metrics_configuration/tasks/s3_metrics_info.yml b/ansible_collections/community/aws/tests/integration/targets/s3_metrics_configuration/tasks/s3_metrics_info.yml index cca7cad05..fdbc8cbfc 100644 --- a/ansible_collections/community/aws/tests/integration/targets/s3_metrics_configuration/tasks/s3_metrics_info.yml +++ b/ansible_collections/community/aws/tests/integration/targets/s3_metrics_configuration/tasks/s3_metrics_info.yml @@ -6,10 +6,10 @@ aws s3api list-bucket-metrics-configurations --bucket {{ test_bucket }} environment: - AWS_ACCESS_KEY_ID: "{{ aws_access_key | default(omit) }}" - AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key | default(omit) }}" + AWS_ACCESS_KEY_ID: "{{ aws_access_key }}" + AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}" AWS_SESSION_TOKEN: "{{ security_token | default(omit) }}" - AWS_DEFAULT_REGION: "{{ aws_region | default(omit) }}" + AWS_DEFAULT_REGION: "{{ aws_region }}" register: list_comand_result - set_fact: diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_sync/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/s3_sync/tasks/main.yml index 08496cd74..600490706 100644 --- a/ansible_collections/community/aws/tests/integration/targets/s3_sync/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/s3_sync/tasks/main.yml @@ -5,9 +5,9 @@ - community.general module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: # ============================================================ @@ -23,7 +23,7 @@ - assert: that: - output.changed - - output.name == "{{ test_bucket }}" + - output.name == test_bucket - not output.requester_pays # ============================================================ - name: Prepare fixtures folder @@ -67,7 +67,7 @@ - assert: that: - output.changed - - output.name == "{{ test_bucket_2 }}" + - output.name == test_bucket_2 - not output.requester_pays - name: Sync files with remote bucket using glacier storage class @@ -113,7 +113,7 @@ - assert: that: - output.changed - - output.name == "{{ test_bucket_3 }}" + - output.name == test_bucket_3 - not output.requester_pays - name: Sync individual file with remote bucket @@ -158,14 +158,14 @@ - name: Empty all buckets before deleting block: - name: list test_bucket objects - aws_s3: + s3_object: bucket: "{{ test_bucket }}" mode: list register: objects ignore_errors: true - name: remove objects from test_bucket - aws_s3: + s3_object: bucket: "{{ test_bucket }}" mode: delobj object: "{{ obj }}" @@ -175,14 +175,14 @@ ignore_errors: true - name: list test_bucket_2 objects - aws_s3: + s3_object: bucket: "{{ test_bucket_2 }}" mode: list register: objects ignore_errors: true - name: remove objects from test_bucket_2 - aws_s3: + s3_object: bucket: "{{ test_bucket_2 }}" mode: delobj object: "{{ obj }}" @@ -192,14 +192,14 @@ ignore_errors: true - name: list test_bucket_3 objects - aws_s3: + s3_object: bucket: "{{ test_bucket_3 }}" mode: list register: objects ignore_errors: true - name: remove objects from test_bucket_3 - aws_s3: + s3_object: bucket: "{{ test_bucket_3 }}" mode: delobj object: "{{ obj }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/aliases b/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/aliases index 4ef4b2067..e5729917b 100644 --- a/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/aliases +++ b/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/aliases @@ -1 +1,2 @@ +time=37m cloud/aws diff --git a/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/basic.yml b/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/basic.yml index 5d1fb071e..ea285ee05 100644 --- a/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/basic.yml +++ b/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/basic.yml @@ -23,9 +23,9 @@ # As a lookup plugin we won't have access to module_defaults connection_args: region: "{{ aws_region }}" - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - aws_security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" no_log: True - vars: @@ -73,7 +73,7 @@ # Creation testing # ============================================================ - name: add secret to AWS Secrets Manager - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" state: present secret_type: 'string' @@ -100,7 +100,7 @@ secret_arn: '{{ result.secret.arn }}' - name: no changes to secret - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" state: present secret_type: 'string' @@ -122,7 +122,7 @@ - result.secret.version_ids_to_stages | length == 1 - name: Set secret description - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -151,7 +151,7 @@ ############################################################### - name: Set tags (CHECK_MODE) - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -167,7 +167,7 @@ - result is changed - name: Set tags - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -197,7 +197,7 @@ - result.secret.version_ids_to_stages | length == 2 - name: Set tags - idempotency (CHECK_MODE) - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -213,7 +213,7 @@ - result is not changed - name: Set tags - idempotency - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -245,7 +245,7 @@ ### - name: Update tags with purge (CHECK_MODE) - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -261,7 +261,7 @@ - result is changed - name: Update tags with purge - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -291,7 +291,7 @@ - result.secret.version_ids_to_stages | length == 2 - name: Update tags with purge - idempotency (CHECK_MODE) - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -307,7 +307,7 @@ - result is not changed - name: Update tags with purge - idempotency - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -339,7 +339,7 @@ ### - name: Update tags without purge (CHECK_MODE) - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -356,7 +356,7 @@ - result is changed - name: Update tags without purge - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -387,7 +387,7 @@ - result.secret.version_ids_to_stages | length == 2 - name: Update tags without purge - idempotency (CHECK_MODE) - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -404,7 +404,7 @@ - result is not changed - name: Update tags without purge - idempotency - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -437,7 +437,7 @@ ### - name: Tags not set - idempotency (CHECK_MODE) - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -452,7 +452,7 @@ - result is not changed - name: Tags not set - idempotency - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -483,7 +483,7 @@ ### - name: remove all tags from secret (CHECK_MODE) - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -499,7 +499,7 @@ - result is changed - name: remove all tags from secret - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -529,7 +529,7 @@ - result.secret.version_ids_to_stages | length == 2 - name: remove all tags from secret - idempotency (CHECK_MODE) - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -545,7 +545,7 @@ - result is not changed - name: remove all tags from secret - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -579,7 +579,7 @@ ############################################################### - name: add resource policy to secret - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -594,7 +594,7 @@ - result.changed - name: remove existing resource policy from secret - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -608,7 +608,7 @@ - result.changed - name: remove resource policy from secret (idempotency) - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -626,7 +626,7 @@ # ============================================================ - name: Update secret with JSON (CHECK_MODE) - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -642,7 +642,7 @@ - result.changed - name: Update secret with JSON - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" state: present description: 'this is a change to this secret' @@ -657,7 +657,7 @@ - result.changed - name: Update secret with JSON - idempotency (CHECK_MODE) - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -673,7 +673,7 @@ - result is not changed - name: Update secret with JSON - idempotency - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to this secret' state: present @@ -693,7 +693,7 @@ # ============================================================ - name: Create secret with overwrite = False (Check mode) - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}-2" state: present secret_type: 'string' @@ -708,7 +708,7 @@ - result is changed - name: Create secret with overwrite = False - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}-2" state: present secret_type: 'string' @@ -722,7 +722,7 @@ - result is changed - name: Update secret with overwrite = False (Check mode) - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}-2" state: present secret_type: 'string' @@ -737,7 +737,7 @@ - result is not changed - name: Create secret with overwrite = False - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}-2" state: present secret_type: 'string' @@ -755,7 +755,7 @@ # ============================================================ - name: remove secret - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" state: absent recovery_window: 7 @@ -767,7 +767,7 @@ - result.changed - name: remove secret (idempotency) - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" state: absent recovery_window: 7 @@ -779,7 +779,7 @@ - not result.changed - name: immediate secret removal - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" state: absent recovery_window: 0 @@ -793,7 +793,7 @@ # AWS Doesn't expose when the secret will be removed, all we can do is # check that we didn't throw an error - name: immediate secret removal - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" state: absent recovery_window: 0 @@ -806,14 +806,14 @@ always: - name: remove secret - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" state: absent recovery_window: 0 ignore_errors: yes - name: remove secret 2 - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}-2" state: absent recovery_window: 0 diff --git a/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/main.yaml b/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/main.yaml index 41fbedd9d..9011071f8 100644 --- a/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/main.yaml +++ b/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/main.yaml @@ -1,9 +1,9 @@ --- - module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" collections: - amazon.aws diff --git a/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/replication.yml b/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/replication.yml index 30d3a9484..30f178c06 100644 --- a/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/replication.yml +++ b/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/replication.yml @@ -4,7 +4,7 @@ # Creation/Deletion testing # ============================================================ - name: add secret to AWS Secrets Manager - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" state: present secret_type: 'string' @@ -28,7 +28,7 @@ - result.version_ids_to_stages is not none - name: no changes to secret - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" state: present secret: "{{ super_secret_string }}" @@ -45,7 +45,7 @@ - result.arn is not none - name: remove region replica - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to remove replication' secret: "{{ super_secret_string }}" @@ -60,7 +60,7 @@ - '"replication_status" not in result.secret' - name: add region replica to an existing secret - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change add replication' secret: "{{ super_secret_string }}" @@ -80,7 +80,7 @@ - result.secret.replication_status[1]["kms_key_id"] == 'alias/aws/secretsmanager' - name: change replica regions - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" state: present secret: "{{ super_secret_string }}" @@ -100,7 +100,7 @@ always: - name: remove region replica - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" description: 'this is a change to remove replication' state: present @@ -109,7 +109,7 @@ ignore_errors: yes - name: remove secret - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}" state: absent recovery_window: 0 diff --git a/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/rotation.yml b/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/rotation.yml index 5a1d146e5..697c5ecc2 100644 --- a/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/rotation.yml +++ b/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/rotation.yml @@ -1,9 +1,9 @@ --- - module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" collections: - amazon.aws @@ -70,7 +70,7 @@ # Creation/Deletion testing # ============================================================ - name: add secret to AWS Secrets Manager - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}-rotate" state: present secret_type: 'string' @@ -95,7 +95,7 @@ principal: "secretsmanager.amazonaws.com" - name: add rotation lambda to secret - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}-rotate" description: 'this is a change to this secret' state: present @@ -113,7 +113,7 @@ - result.changed - name: remove rotation lambda from secret - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}-rotate" description: 'this is a change to this secret' state: present @@ -127,7 +127,7 @@ - result.changed - name: remove rotation lambda from secret - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}-rotate" description: 'this is a change to this secret' state: present @@ -141,7 +141,7 @@ - not result.changed - name: remove secret - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}-rotate" state: absent recovery_window: 0 @@ -149,7 +149,7 @@ always: - name: remove secret - aws_secret: + secretsmanager_secret: name: "{{ secret_name }}-rotate" state: absent recovery_window: 0 diff --git a/ansible_collections/community/aws/tests/integration/targets/ses_identity/tasks/assert_defaults.yaml b/ansible_collections/community/aws/tests/integration/targets/ses_identity/tasks/assert_defaults.yaml index 0f74d2f05..266822633 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ses_identity/tasks/assert_defaults.yaml +++ b/ansible_collections/community/aws/tests/integration/targets/ses_identity/tasks/assert_defaults.yaml @@ -5,8 +5,8 @@ - name: assert returned identity_arn assert: that: - - "result.identity_arn|regex_search('^arn:aws:ses:' + ec2_region + ':[0-9]*:identity/' + identity + '$')" - msg: "'{{ result.identity_arn}}' doesn't match regex '^arn:aws:ses:{{ ec2_region }}:[0-9]*:identity/{{ identity }}'" + - "result.identity_arn|regex_search('^arn:aws:ses:' + aws_region + ':[0-9]*:identity/' + identity + '$')" + msg: "'{{ result.identity_arn}}' doesn't match regex '^arn:aws:ses:{{ aws_region }}:[0-9]*:identity/{{ identity }}'" - name: assert verification_attributes.verification_status == 'Pending' assert: that: diff --git a/ansible_collections/community/aws/tests/integration/targets/ses_identity/tasks/main.yaml b/ansible_collections/community/aws/tests/integration/targets/ses_identity/tasks/main.yaml index 81ab3c4a7..3ecb68c38 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ses_identity/tasks/main.yaml +++ b/ansible_collections/community/aws/tests/integration/targets/ses_identity/tasks/main.yaml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: @@ -14,7 +14,7 @@ - name: test register email identity block: - name: register email identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: present register: result @@ -27,14 +27,14 @@ identity: "{{ email_identity }}" always: - name: cleanup email identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: absent # ============================================================ - name: test register domain identity block: - name: register domain identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: present register: result @@ -51,18 +51,18 @@ - result.verification_attributes.verification_token always: - name: cleanup domain identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: absent # ============================================================ - name: test email_identity unchanged when already existing block: - name: register identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: present - name: duplicate register identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: present register: result @@ -75,18 +75,18 @@ identity: "{{ email_identity }}" always: - name: cleanup identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: absent # ============================================================ - name: test domain_identity unchanged when already existing block: - name: register identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: present - name: duplicate register identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: present register: result @@ -99,7 +99,7 @@ identity: "{{ domain_identity }}" always: - name: cleanup identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: absent # ============================================================ @@ -110,7 +110,7 @@ - name: test register identity without explicit region block: - name: register email identity without explicit region - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: present region: "{{ omit }}" @@ -126,35 +126,35 @@ identity: "{{ email_identity }}" always: - name: cleanup email identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: absent # ============================================================ - name: test register email identity check mode block: - name: register email identity check mode - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: present register: result check_mode: True - + - name: assert changed is True assert: that: - result.changed == True - + - import_tasks: assert_defaults.yaml vars: identity: "{{ email_identity }}" - + always: - name: cleanup email identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: absent register: result - + - name: assert nothing to clean up since check mode assert: that: @@ -163,35 +163,35 @@ - name: test register domain identity check mode block: - name: register domain identity check mode - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: present register: result check_mode: True - + - name: assert changed is True assert: that: - result.changed == True - + - import_tasks: assert_defaults.yaml vars: identity: "{{ domain_identity }}" - + always: - name: cleanup domain identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: absent register: result - + - name: assert nothing to clean up since check mode assert: that: - result.changed == False # ============================================================ - name: remove non-existent email identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: absent register: result @@ -201,7 +201,7 @@ - result.changed == False # ============================================================ - name: remove non-existent domain identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: absent register: result @@ -213,29 +213,29 @@ - name: test remove email identity check mode block: - name: register email identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: present register: result - + - name: remove email identity check mode - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: absent register: result check_mode: True - + - name: assert changed is True assert: that: - result.changed == True always: - name: cleanup email identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: absent register: result - + - name: assert something to clean up since remove was check mode assert: that: @@ -244,29 +244,29 @@ - name: test remove domain identity check mode block: - name: register domain identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: present register: result - + - name: remove domain identity check mode - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: absent register: result check_mode: True - + - name: assert changed is True assert: that: - result.changed == True always: - name: cleanup domain identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: absent register: result - + - name: assert something to clean up since remove was check mode assert: that: @@ -284,7 +284,7 @@ - complaint - delivery - name: register email identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: present bounce_notifications: @@ -316,7 +316,7 @@ - complaint - delivery - name: cleanup email identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: absent # ============================================================ @@ -332,11 +332,11 @@ - complaint - delivery - name: register email identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: present - name: set notification topics - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: present bounce_notifications: @@ -366,7 +366,67 @@ - complaint - delivery - name: cleanup email identity - aws_ses_identity: + ses_identity: + identity: "{{ email_identity }}" + state: absent + # ============================================================ + - name: test clear notification configuration + block: + - name: test topic + sns_topic: + name: "{{ notification_queue_name }}-{{ item }}" + state: present + register: topic_info + with_items: + - bounce + - complaint + - delivery + - name: register email identity + ses_identity: + identity: "{{ email_identity }}" + state: present + bounce_notifications: + topic: "{{ topic_info.results[0].sns_arn }}" + complaint_notifications: + topic: "{{ topic_info.results[1].sns_arn }}" + delivery_notifications: + topic: "{{ topic_info.results[2].sns_arn }}" + - name: Make no change to identity + ses_identity: + identity: "{{ email_identity }}" + state: present + register: result + - name: assert no change + assert: + that: + - result.changed == False + + - name: clear notification settings + ses_identity: + identity: "{{ email_identity }}" + state: present + bounce_notifications: {} + complaint_notifications: {} + delivery_notifications: {} + register: result + - name: assert notification settings + assert: + that: + - result.changed == True + - "'bounce_topic' not in result.notification_attributes" + - "'delivery_topic' not in result.notification_attributes" + - "'complaint_topic' not in result.notification_attributes" + always: + - name: cleanup topics + sns_topic: + name: "{{ notification_queue_name }}-{{ item }}" + state: absent + with_items: + - bounce + - complaint + - delivery + - name: cleanup email identity + ses_identity: identity: "{{ email_identity }}" state: absent # ============================================================ @@ -381,14 +441,14 @@ - bounce - complaint - delivery - + - name: register email identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: present - + - name: set notification settings check mode - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: present bounce_notifications: @@ -403,12 +463,12 @@ feedback_forwarding: No register: result check_mode: True - + - name: assert changed is True assert: that: - result.changed == True - + - name: assert notification settings assert: that: @@ -419,13 +479,13 @@ - result.notification_attributes.complaint_topic == topic_info.results[1].sns_arn - result.notification_attributes.headers_in_complaint_notifications_enabled == True - result.notification_attributes.forwarding_enabled == False - + - name: re-register base email identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: present register: result - + - name: assert no change since notifications were check mode assert: that: @@ -437,7 +497,6 @@ - "'complaint_topic' not in result.notification_attributes" - result.notification_attributes.headers_in_complaint_notifications_enabled == False - result.notification_attributes.forwarding_enabled == True - always: - name: cleanup topics sns_topic: @@ -447,16 +506,16 @@ - bounce - complaint - delivery - + - name: cleanup email identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: absent # ============================================================ - name: test include headers on notification queues block: - name: register email identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: present bounce_notifications: @@ -474,7 +533,7 @@ - result.notification_attributes.headers_in_delivery_notifications_enabled == True always: - name: cleanup email identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: absent # ============================================================ @@ -489,7 +548,7 @@ - bounce - complaint - name: register email identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: present bounce_notifications: @@ -511,14 +570,14 @@ - bounce - complaint - name: cleanup email identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: absent # ============================================================ - name: test disable feedback forwarding fails if no topics block: - name: register identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: present feedback_forwarding: No @@ -530,7 +589,7 @@ - '"Invalid Parameter Value" in result.msg' always: - name: cleanup identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: absent # ============================================================ @@ -542,7 +601,7 @@ state: present register: topic_info - name: register email identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: present bounce_notifications: @@ -560,7 +619,7 @@ name: "{{ notification_queue_name }}-bounce" state: absent - name: cleanup identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: absent # ============================================================ @@ -572,7 +631,7 @@ state: present register: topic_info - name: register email identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: present complaint_notifications: @@ -590,6 +649,6 @@ name: "{{ notification_queue_name }}-complaint" state: absent - name: cleanup identity - aws_ses_identity: + ses_identity: identity: "{{ email_identity }}" state: absent diff --git a/ansible_collections/community/aws/tests/integration/targets/ses_identity_policy/tasks/main.yaml b/ansible_collections/community/aws/tests/integration/targets/ses_identity_policy/tasks/main.yaml index 5aa3d867b..8fe290b56 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ses_identity_policy/tasks/main.yaml +++ b/ansible_collections/community/aws/tests/integration/targets/ses_identity_policy/tasks/main.yaml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: @@ -14,13 +14,13 @@ - name: test add identity policy block: - name: register identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: present register: identity_info - name: register identity policy - aws_ses_identity_policy: + ses_identity_policy: identity: "{{ domain_identity }}" policy_name: "{{ policy_name }}" policy: "{{ lookup('template', 'policy.json.j2') }}" @@ -40,27 +40,27 @@ always: - name: clean-up identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: absent # ============================================================ - name: test add duplicate identity policy block: - name: register identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: present register: identity_info - name: register identity policy - aws_ses_identity_policy: + ses_identity_policy: identity: "{{ domain_identity }}" policy_name: "{{ policy_name }}" policy: "{{ lookup('template', 'policy.json.j2') }}" state: present - name: register duplicate identity policy - aws_ses_identity_policy: + ses_identity_policy: identity: "{{ domain_identity }}" policy_name: "{{ policy_name }}" policy: "{{ lookup('template', 'policy.json.j2') }}" @@ -80,20 +80,20 @@ always: - name: clean-up identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: absent # ============================================================ - name: test add identity policy by identity arn block: - name: register identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: present register: identity_info - name: register identity policy - aws_ses_identity_policy: + ses_identity_policy: identity: "{{ identity_info.identity_arn }}" policy_name: "{{ policy_name }}" policy: "{{ lookup('template', 'policy.json.j2') }}" @@ -113,20 +113,20 @@ always: - name: clean-up identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: absent # ============================================================ - name: test add multiple identity policies block: - name: register identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: present register: identity_info - name: register identity policy - aws_ses_identity_policy: + ses_identity_policy: identity: "{{ domain_identity }}" policy_name: "{{ policy_name }}-{{ item }}" policy: "{{ lookup('template', 'policy.json.j2') }}" @@ -145,20 +145,20 @@ always: - name: clean-up identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: absent # ============================================================ - name: test add inline identity policy block: - name: register identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: present register: identity_info - name: register identity policy - aws_ses_identity_policy: + ses_identity_policy: identity: "{{ domain_identity }}" policy_name: "{{ policy_name }}" policy: @@ -185,7 +185,7 @@ - result.policies|select('equalto', policy_name)|list|length == 1 - name: register duplicate identity policy - aws_ses_identity_policy: + ses_identity_policy: identity: "{{ domain_identity }}" policy_name: "{{ policy_name }}" policy: @@ -207,27 +207,27 @@ always: - name: clean-up identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: absent # ============================================================ - name: test remove identity policy block: - name: register identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: present register: identity_info - name: register identity policy - aws_ses_identity_policy: + ses_identity_policy: identity: "{{ domain_identity }}" policy_name: "{{ policy_name }}" policy: "{{ lookup('template', 'policy.json.j2') }}" state: present - name: delete identity policy - aws_ses_identity_policy: + ses_identity_policy: identity: "{{ domain_identity }}" policy_name: "{{ policy_name }}" state: absent @@ -245,20 +245,20 @@ always: - name: clean-up identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: absent # ============================================================ - name: test remove missing identity policy block: - name: register identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: present register: identity_info - name: delete identity policy - aws_ses_identity_policy: + ses_identity_policy: identity: "{{ domain_identity }}" policy_name: "{{ policy_name }}" state: absent @@ -276,20 +276,20 @@ always: - name: clean-up identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: absent # ============================================================ - name: test add identity policy with invalid policy block: - name: register identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: present register: identity_info - name: register identity policy - aws_ses_identity_policy: + ses_identity_policy: identity: "{{ domain_identity }}" policy_name: "{{ policy_name }}" policy: '{"noSuchAttribute": 2}' @@ -304,6 +304,6 @@ always: - name: clean-up identity - aws_ses_identity: + ses_identity: identity: "{{ domain_identity }}" state: absent diff --git a/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/active-rule-set-tests.yaml b/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/active-rule-set-tests.yaml index ea79dbbcc..d83cd2f85 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/active-rule-set-tests.yaml +++ b/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/active-rule-set-tests.yaml @@ -10,10 +10,10 @@ - name: mark rule set active block: - name: create rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" - name: mark rule set active - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" active: True register: result @@ -23,7 +23,7 @@ - result.changed == True - result.active == True - name: remark rule set active - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" active: True register: result @@ -33,7 +33,7 @@ - result.changed == False always: - name: cleanup rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" state: absent force: True @@ -42,7 +42,7 @@ - name: create rule set active block: - name: create rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" active: True register: result @@ -53,7 +53,7 @@ - result.active == True - "default_rule_set in result.rule_sets|map(attribute='name')" - name: remark rule set active - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" active: True register: result @@ -63,7 +63,7 @@ - result.changed == False always: - name: cleanup rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" state: absent force: True @@ -72,11 +72,11 @@ - name: mark rule set inactive block: - name: create active rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" active: True - name: mark rule set inactive - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" active: False register: result @@ -86,7 +86,7 @@ - result.changed == True - result.active == False - name: remark rule set inactive - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" active: False register: result @@ -96,7 +96,7 @@ - result.changed == False always: - name: cleanup rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" state: absent force: True @@ -105,11 +105,11 @@ - name: Absent active flag does not change active status block: - name: create active rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" active: True - name: recreate rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" register: result - name: assert not changed and still active @@ -119,7 +119,7 @@ - result.active == True always: - name: cleanup rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" state: absent force: True @@ -128,11 +128,11 @@ - name: Cannot Remove Active Rule Set block: - name: create active rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" active: True - name: remove rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" state: absent register: result @@ -143,7 +143,7 @@ - "result.error.code == 'CannotDelete'" always: - name: cleanup rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" state: absent force: True @@ -152,11 +152,11 @@ - name: Remove Active Rule Set with Force block: - name: create active rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" active: True - name: force remove rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" state: absent force: True @@ -168,7 +168,7 @@ - "default_rule_set not in result.rule_sets|map(attribute='name')" always: - name: cleanup rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" state: absent force: True @@ -177,15 +177,15 @@ - name: Force Remove of Inactive Rule Set does Not Affect Active Rule Set block: - name: create active rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" active: True - name: create inactive rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ second_rule_set }}" active: False - name: force remove inactiave rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ second_rule_set }}" state: absent force: True @@ -196,7 +196,7 @@ - result.changed == True - "second_rule_set not in result.rule_sets|map(attribute='name')" - name: remark active rule set active - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" active: True register: result @@ -206,7 +206,7 @@ - result.changed == False always: - name: cleanup rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ item }}" state: absent force: True @@ -218,11 +218,11 @@ - name: mark rule set inactive in check mode block: - name: create rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" active: True - name: mark rule set inactive in check mode - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" active: False register: result @@ -233,7 +233,7 @@ - result.changed == True - result.active == False - name: remark rule set inactive - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" active: False register: result @@ -243,7 +243,7 @@ - result.changed == True always: - name: cleanup rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" state: absent force: True @@ -252,11 +252,11 @@ - name: Cannot Remove Active Rule Set in check mode block: - name: create active rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" active: True - name: remove rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" state: absent register: result @@ -268,7 +268,7 @@ - "result.error.code == 'CannotDelete'" always: - name: cleanup rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" state: absent force: True @@ -277,11 +277,11 @@ - name: Remove Active Rule Set with Force in check mode block: - name: create active rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" active: True - name: force remove rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" state: absent force: True @@ -294,7 +294,7 @@ - "default_rule_set not in result.rule_sets|map(attribute='name')" always: - name: cleanup rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" state: absent force: True diff --git a/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/cleanup-lock.yaml b/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/cleanup-lock.yaml index 155bf472e..941e0148a 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/cleanup-lock.yaml +++ b/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/cleanup-lock.yaml @@ -9,7 +9,7 @@ - cloudwatchlogs_log_group: log_group_name: "{{ lock_attempt_log_group_name }}" state: absent - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/inactive-rule-set-tests.yaml b/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/inactive-rule-set-tests.yaml index 845168c23..92321b3eb 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/inactive-rule-set-tests.yaml +++ b/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/inactive-rule-set-tests.yaml @@ -14,7 +14,7 @@ - name: test create rule sets block: - name: create rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" register: result - name: assert changed to exists inactive @@ -24,7 +24,7 @@ - result.active == False - "default_rule_set in result.rule_sets|map(attribute='name')" - name: recreate rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" register: result - name: assert changed is False @@ -33,7 +33,7 @@ - result.changed == False always: - name: cleanup rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" state: absent force: True @@ -41,7 +41,7 @@ - name: Remove No Such Rules Set block: - name: remove ruleset - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" state: absent register: result @@ -54,10 +54,10 @@ - name: Remove Inactive Rule Set block: - name: create rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" - name: remove rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" state: absent register: result @@ -68,7 +68,7 @@ - "default_rule_set not in result.rule_sets|map(attribute='name')" always: - name: cleanup rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" state: absent force: True @@ -76,7 +76,7 @@ - name: test create in check mode block: - name: create rule set in check mode - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" register: result check_mode: True @@ -88,7 +88,7 @@ - "default_rule_set in result.rule_sets|map(attribute='name')" always: - name: cleanup rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" state: absent force: True @@ -101,10 +101,10 @@ - name: mark rule set active in check mode block: - name: create rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" - name: mark rule set active in check mode - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" active: True register: result @@ -118,7 +118,7 @@ # it active again as that way this test can be run in # parallel - name: Ensure rule set is inactive - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" active: False register: result @@ -128,7 +128,7 @@ - result.changed == False always: - name: cleanup rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" state: absent force: True @@ -136,10 +136,10 @@ - name: Remove Inactive Rule Set in check mode block: - name: create rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" - name: remove rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" state: absent register: result @@ -151,7 +151,7 @@ - "default_rule_set not in result.rule_sets|map(attribute='name')" always: - name: cleanup rule set - aws_ses_rule_set: + ses_rule_set: name: "{{ default_rule_set }}" state: absent force: True diff --git a/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/main.yaml b/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/main.yaml index 4902b5c60..99938b774 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/main.yaml +++ b/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/main.yaml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: diff --git a/ansible_collections/community/aws/tests/integration/targets/setup_botocore_pip/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/setup_botocore_pip/defaults/main.yml index 16ad00270..9745064c9 100644 --- a/ansible_collections/community/aws/tests/integration/targets/setup_botocore_pip/defaults/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/setup_botocore_pip/defaults/main.yml @@ -1,2 +1,2 @@ -default_botocore_version: '1.21.0' -default_boto3_version: '1.18.0' +default_botocore_version: "{{ lookup('amazon.aws.aws_collection_constants', 'MINIMUM_BOTOCORE_VERSION') }}" +default_boto3_version: "{{ lookup('amazon.aws.aws_collection_constants', 'MINIMUM_BOTO3_VERSION') }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/defaults/main.yml index ec7cf0ec6..f7ac20eee 100644 --- a/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/defaults/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/defaults/main.yml @@ -4,7 +4,15 @@ instance_type: t3.micro ami_details: fedora: owner: 125523088429 - name: Fedora-Cloud-Base-34-1.2.x86_64* + name: 'Fedora-Cloud-Base-41-1.2.x86_64*' + user_data: | + #!/bin/sh + sudo dnf install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm + sudo systemctl start amazon-ssm-agent + os_type: linux + centos: + owner: 125523088429 + name: 'CentOS Stream 9 x86_64*' user_data: | #!/bin/sh sudo dnf install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm @@ -25,6 +33,8 @@ ami_details: # name: ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server* user_data: | #!/bin/sh + apt-get update + apt-get --yes install acl # Pre-Installed just needs started sudo systemctl start amazon-ssm-agent os_type: linux diff --git a/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/cleanup.yml b/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/cleanup.yml index 6171e5eb6..fce828a3c 100644 --- a/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/cleanup.yml +++ b/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/cleanup.yml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: @@ -68,11 +68,12 @@ iam_role: name: "{{ iam_role_name }}" state: absent + delete_instance_profile: True ignore_errors: yes when: iam_role_vars_file.stat.exists == true - name: Delete the KMS key - aws_kms: + kms_key: state: absent alias: '{{ kms_key_name }}' diff --git a/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/connection_args.yml b/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/connection_args.yml index 727220e49..8d5c4b714 100644 --- a/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/connection_args.yml +++ b/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/connection_args.yml @@ -3,9 +3,9 @@ # As a lookup plugin we don't have access to module_defaults connection_args: region: "{{ aws_region }}" - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - aws_security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" connection_env: AWS_DEFAULT_REGION: "{{ aws_region }}" AWS_ACCESS_KEY_ID: "{{ aws_access_key }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/encryption.yml b/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/encryption.yml index 949892d18..1379b0428 100644 --- a/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/encryption.yml +++ b/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/encryption.yml @@ -1,7 +1,7 @@ --- ## Task file for setup/teardown AWS resources for aws_ssm integration testing - name: create a KMS key - aws_kms: + kms_key: alias: '{{ kms_key_name }}' grants: - name: SSM-Agent-Access diff --git a/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/main.yml index 830bd5fcc..6c29c4154 100644 --- a/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/main.yml @@ -5,9 +5,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: diff --git a/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/defaults/main.yml index 6fbe55e83..11a1e561e 100644 --- a/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/defaults/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/defaults/main.yml @@ -1,6 +1,7 @@ +--- # CentOS Community Platform Engineering (CPE) -ec2_ami_owner_id: '125523088429' -#ec2_ami_name: 'Fedora-Cloud-Base-*.x86_64*' -ec2_ami_name: 'CentOS Stream 9 x86_64*' -#ec2_ami_ssh_user: 'fedora' -ec2_ami_ssh_user: 'centos' +ec2_ami_owner_id: "125523088429" +# ec2_ami_name: 'Fedora-Cloud-Base-*.x86_64*' +ec2_ami_name: CentOS Stream 9 x86_64* +# ec2_ami_ssh_user: 'fedora' +ec2_ami_ssh_user: centos diff --git a/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/meta/main.yml index 32cf5dda7..23d65c7ef 100644 --- a/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/meta/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/meta/main.yml @@ -1 +1,2 @@ +--- dependencies: [] diff --git a/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/tasks/main.yml index f41791073..bd059c866 100644 --- a/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/tasks/main.yml @@ -8,46 +8,47 @@ # rather than hardcoding the IDs so we're not limited to specific Regions # - ec2_ami_id # -- module_defaults: +- name: Setup common EC2 related facts. + module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region }}' + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" + region: "{{ aws_region }}" - run_once: True + run_once: true block: # ============================================================ - - name: Get available AZs - aws_az_info: - filters: - region-name: '{{ aws_region }}' - register: _az_info + - name: Get available AZs + amazon.aws.aws_az_info: + filters: + region-name: "{{ aws_region }}" + register: _az_info - - name: Pick an AZ - set_fact: - ec2_availability_zone_names: '{{ _az_info.availability_zones | selectattr("zone_name", "defined") | map(attribute="zone_name") | list }}' + - name: Pick an AZ + ansible.builtin.set_fact: + ec2_availability_zone_names: '{{ _az_info.availability_zones | selectattr("zone_name", "defined") | map(attribute="zone_name") | list }}' - # ============================================================ + # ============================================================ - - name: Get a list of images - ec2_ami_info: - filters: - name: '{{ ec2_ami_name }}' - owner-id: '{{ ec2_ami_owner_id }}' - architecture: x86_64 - virtualization-type: hvm - root-device-type: ebs - register: _images_info - # Very spammy - no_log: True + - name: Get a list of images + amazon.aws.ec2_ami_info: + filters: + name: "{{ ec2_ami_name }}" + owner-id: "{{ ec2_ami_owner_id }}" + architecture: x86_64 + virtualization-type: hvm + root-device-type: ebs + register: _images_info + # Very spammy + no_log: true - - name: Set Fact for latest AMI - vars: - latest_image: '{{ _images_info.images | sort(attribute="creation_date") | reverse | first }}' - set_fact: - ec2_ami_id: '{{ latest_image.image_id }}' - ec2_ami_details: '{{ latest_image }}' - ec2_ami_root_disk: '{{ latest_image.block_device_mappings[0].device_name }}' - ec2_ami_ssh_user: '{{ ec2_ami_ssh_user }}' + - name: Set Fact for latest AMI + vars: + latest_image: '{{ _images_info.images | sort(attribute="creation_date") | reverse | first }}' + ansible.builtin.set_fact: + ec2_ami_id: "{{ latest_image.image_id }}" + ec2_ami_details: "{{ latest_image }}" + ec2_ami_root_disk: "{{ latest_image.block_device_mappings[0].device_name }}" + ec2_ami_ssh_user: "{{ ec2_ami_ssh_user }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/setup_sshkey/files/ec2-fingerprint.py b/ansible_collections/community/aws/tests/integration/targets/setup_sshkey/files/ec2-fingerprint.py index ea2f51b0f..04d2eb1ea 100644 --- a/ansible_collections/community/aws/tests/integration/targets/setup_sshkey/files/ec2-fingerprint.py +++ b/ansible_collections/community/aws/tests/integration/targets/setup_sshkey/files/ec2-fingerprint.py @@ -8,24 +8,26 @@ ssh-keygen -f id_rsa.pub -e -m PKCS8 | openssl pkey -pubin -outform DER | openss (but without needing the OpenSSL CLI) """ -from __future__ import absolute_import, division, print_function -__metaclass__ = type import hashlib import sys -from Crypto.PublicKey import RSA + +from cryptography.hazmat.primitives import serialization if len(sys.argv) == 0: ssh_public_key = "id_rsa.pub" else: ssh_public_key = sys.argv[1] -with open(ssh_public_key, 'r') as key_fh: - data = key_fh.read() - -# Convert from SSH format to DER format -public_key = RSA.importKey(data).exportKey('DER') -md5digest = hashlib.md5(public_key).hexdigest() +with open(ssh_public_key, "rb") as key_file: + public_key = serialization.load_ssh_public_key( + key_file.read(), + ) +pub_der = public_key.public_bytes( + encoding=serialization.Encoding.DER, + format=serialization.PublicFormat.SubjectPublicKeyInfo, +) +md5digest = hashlib.md5(pub_der).hexdigest() # Format the md5sum into the normal format pairs = zip(md5digest[::2], md5digest[1::2]) md5string = ":".join(["".join(pair) for pair in pairs]) diff --git a/ansible_collections/community/aws/tests/integration/targets/sns/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/sns/tasks/main.yml index 42ef9b190..99be6b218 100644 --- a/ansible_collections/community/aws/tests/integration/targets/sns/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/sns/tasks/main.yml @@ -1,9 +1,9 @@ - name: set up AWS connection info module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' collections: - amazon.aws diff --git a/ansible_collections/community/aws/tests/integration/targets/sns_topic/files/sns_topic_lambda/sns_topic_lambda.py b/ansible_collections/community/aws/tests/integration/targets/sns_topic/files/sns_topic_lambda/sns_topic_lambda.py index 98f657836..99c6a8105 100644 --- a/ansible_collections/community/aws/tests/integration/targets/sns_topic/files/sns_topic_lambda/sns_topic_lambda.py +++ b/ansible_collections/community/aws/tests/integration/targets/sns_topic/files/sns_topic_lambda/sns_topic_lambda.py @@ -1,6 +1,9 @@ # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import +from __future__ import division +from __future__ import print_function + __metaclass__ = type diff --git a/ansible_collections/community/aws/tests/integration/targets/sns_topic/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/sns_topic/tasks/main.yml index d5b389e4d..00f3f71d9 100644 --- a/ansible_collections/community/aws/tests/integration/targets/sns_topic/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/sns_topic/tasks/main.yml @@ -1,8 +1,8 @@ - module_defaults: group/aws: - aws_secret_key: '{{ aws_secret_key }}' - aws_access_key: '{{ aws_access_key }}' - security_token: '{{ security_token|default(omit) }}' + secret_key: '{{ aws_secret_key }}' + access_key: '{{ aws_access_key }}' + session_token: '{{ security_token|default(omit) }}' region: '{{ aws_region }}' block: @@ -62,7 +62,7 @@ that: - sns_topic_info is successful - "'result' in sns_topic_info" - - sns_topic_info.result["sns_arn"] == "{{ sns_arn }}" + - sns_topic_info.result["sns_arn"] == sns_arn - "'sns_topic' in sns_topic_info.result" - "'display_name' in sns_topic_info.result['sns_topic']" - sns_topic_info.result["sns_topic"]["display_name"] == "My topic name" @@ -79,7 +79,7 @@ that: - sns_topic_info is successful - "'result' in sns_topic_info" - - sns_topic_info.result["sns_arn"] == "{{ sns_arn }}" + - sns_topic_info.result["sns_arn"] == sns_arn - "'sns_topic' in sns_topic_info.result" - "'display_name' in sns_topic_info.result['sns_topic']" - sns_topic_info.result["sns_topic"]["display_name"] == "My topic name" @@ -110,7 +110,7 @@ that: - sns_fifo_topic.changed - sns_fifo_topic.sns_topic.topic_type == 'fifo' - - sns_fifo_topic.sns_topic.name == '{{ sns_topic_topic_name }}-fifo' + - sns_fifo_topic.sns_topic.name == sns_topic_topic_name ~ '-fifo' - name: Run create a FIFO topic again for idempotence test (with .fifo) sns_topic: diff --git a/ansible_collections/community/aws/tests/integration/targets/sqs_queue/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/sqs_queue/tasks/main.yml index bcba06c8f..4c16be313 100644 --- a/ansible_collections/community/aws/tests/integration/targets/sqs_queue/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/sqs_queue/tasks/main.yml @@ -3,9 +3,9 @@ module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" block: @@ -19,7 +19,7 @@ assert: that: - create_result.changed - - create_result.region == "{{ aws_region }}" + - create_result.region == aws_region always: - name: Test deleting SQS queue diff --git a/ansible_collections/community/aws/tests/integration/targets/ssm_parameter/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ssm_parameter/tasks/main.yml index ac461392a..7c0e27fee 100644 --- a/ansible_collections/community/aws/tests/integration/targets/ssm_parameter/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/ssm_parameter/tasks/main.yml @@ -3,9 +3,9 @@ # As a lookup plugin we don't have access to module_defaults connection_args: region: "{{ aws_region }}" - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - aws_security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" no_log: True - name: 'aws_ssm lookup plugin integration tests' @@ -13,9 +13,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' vars: simple_name: '/{{ ssm_key_prefix }}/Simple' @@ -87,7 +87,7 @@ # Create - name: Create key/value pair in aws parameter store (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_name }}' description: '{{ simple_description }}' value: '{{ simple_value }}' @@ -98,7 +98,7 @@ - result is changed - name: Create key/value pair in aws parameter store - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_name }}' description: '{{ simple_description }}' value: '{{ simple_value }}' @@ -129,7 +129,7 @@ - result.parameter_metadata.type == 'String' - name: Create key/value pair in aws parameter store - idempotency (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_name }}' description: '{{ simple_description }}' value: '{{ simple_value }}' @@ -140,7 +140,7 @@ - result is not changed - name: Create key/value pair in aws parameter store - idempotency - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_name }}' description: '{{ simple_description }}' value: '{{ simple_value }}' @@ -174,7 +174,7 @@ # Update description - name: Update description (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_name }}' description: '{{ updated_description }}' register: result @@ -184,7 +184,7 @@ - result is changed - name: Update description - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_name }}' description: '{{ updated_description }}' register: result @@ -214,7 +214,7 @@ - result.parameter_metadata.type == 'String' - name: Update description - idempotency (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_name }}' description: '{{ updated_description }}' register: result @@ -224,7 +224,7 @@ - result is not changed - name: Update description - idempotency - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_name }}' description: '{{ updated_description }}' register: result @@ -258,7 +258,7 @@ # Update value - name: Update key/value pair in aws parameter store (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_name }}' value: '{{ updated_value }}' register: result @@ -268,7 +268,7 @@ - result is changed - name: Update key/value pair in aws parameter store - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_name }}' value: '{{ updated_value }}' register: result @@ -298,7 +298,7 @@ - result.parameter_metadata.type == 'String' - name: Update key/value pair in aws parameter store - idempotency (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_name }}' value: '{{ updated_value }}' register: result @@ -308,7 +308,7 @@ - result is not changed - name: Update key/value pair in aws parameter store - idempotency - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_name }}' value: '{{ updated_value }}' register: result @@ -341,7 +341,7 @@ # Complex update - name: Complex update to key/value pair in aws parameter store (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_name }}' value: '{{ simple_value }}' description: '{{ simple_description }}' @@ -352,7 +352,7 @@ - result is changed - name: Complex update to key/value pair in aws parameter store - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_name }}' value: '{{ simple_value }}' description: '{{ simple_description }}' @@ -383,7 +383,7 @@ - result.parameter_metadata.type == 'String' - name: Complex update to key/value pair in aws parameter store - idempotency (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_name }}' value: '{{ simple_value }}' description: '{{ simple_description }}' @@ -394,7 +394,7 @@ - result is not changed - name: Complex update to key/value pair in aws parameter store - idempotency - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_name }}' value: '{{ simple_value }}' description: '{{ simple_description }}' @@ -428,7 +428,7 @@ # Delete - name: Delete key/value pair in aws parameter store (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_name }}' state: absent register: result @@ -438,7 +438,7 @@ - result is changed - name: Delete key/value pair in aws parameter store - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_name }}' state: absent register: result @@ -454,7 +454,7 @@ - info_result is failed - name: Delete key/value pair in aws parameter store - idempotency (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_name }}' state: absent register: result @@ -464,7 +464,7 @@ - result is not changed - name: Delete key/value pair in aws parameter store - idempotency - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_name }}' state: absent register: result @@ -474,7 +474,7 @@ - result is not changed - name: Create key/value pair in aws parameter store with no description - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_name }}' value: '{{ simple_value }}' register: result @@ -485,7 +485,7 @@ - '"description" not in result.parameter_metadata' - name: Add a description - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_name }}' value: '{{ simple_value }}' description: '{{ simple_description }}' @@ -501,7 +501,7 @@ # Test tags - Create parameter with tags case - name: Create parameter with tags case - Create parameter (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' description: '{{ simple_tag_param_description }}' value: '{{ simple_tag_param_value }}' @@ -513,7 +513,7 @@ - result is changed - name: Create parameter with tags case - Create parameter - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' description: '{{ simple_tag_param_description }}' value: '{{ simple_tag_param_value }}' @@ -523,7 +523,7 @@ - name: Create parameter with tags case - Ensure tags is correct assert: that: - - result.parameter_metadata.tags['{{ item.key }}'] == simple_tags_orig['{{ item.key }}'] + - result.parameter_metadata.tags[item.key] == simple_tags_orig[item.key] loop: "{{ simple_tags_orig | dict2items }}" - name: Create parameter with tags case - Ensure no missing or additional tags @@ -560,7 +560,7 @@ # Test tags - Update description only case - name: Update description only case - Update parameter (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' description: '{{ simple_tag_param_updated_description }}' register: result @@ -570,7 +570,7 @@ - result is changed - name: Update description only case - Update parameter - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' description: '{{ simple_tag_param_updated_description }}' register: result @@ -578,7 +578,7 @@ - name: Update description only case - Ensure expected tags is correct assert: that: - - result.parameter_metadata.tags['{{ item.key }}'] == simple_tags_orig['{{ item.key }}'] + - result.parameter_metadata.tags[item.key] == simple_tags_orig[item.key] loop: "{{ simple_tags_orig | dict2items }}" - name: Update description only case - Ensure no missing or additional tags @@ -615,7 +615,7 @@ # Test tags - Add tag to existing parameter case - name: Add tag to existing parameter case - Update parameter (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: '{{ simple_tags_add_owner }}' register: result @@ -625,7 +625,7 @@ - result is changed - name: Add tag to existing parameter case - Update parameter - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: '{{ simple_tags_add_owner }}' register: result @@ -633,7 +633,7 @@ - name: Add tag to existing parameter case - Ensure tags correct assert: that: - - result.parameter_metadata.tags['{{ item.key }}'] == simple_tags_add_owner['{{ item.key }}'] + - result.parameter_metadata.tags[item.key] == simple_tags_add_owner[item.key] loop: "{{ simple_tags_add_owner | dict2items }}" - name: Add tag to existing parameter case - Ensure no missing or additional tags @@ -667,7 +667,7 @@ - result.parameter_metadata.type == 'String' - name: Add tag to existing parameter case - Delete parameter - aws_ssm_parameter_store: + ssm_parameter: name: "{{item}}" state: absent ignore_errors: True @@ -678,7 +678,7 @@ # Test tags - update tags only - change tag - name: Change single tag case - Create parameter - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' description: '{{ simple_tag_param_description }}' value: '{{ simple_tag_param_value }}' @@ -686,7 +686,7 @@ register: result - name: Change single tag case - Update tag (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: '{{ simple_tags_change_environment }}' register: result @@ -696,7 +696,7 @@ - result is changed - name: Change single tag case - Update tag - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: '{{ simple_tags_change_environment }}' register: result @@ -704,7 +704,7 @@ - name: Change single tag case - Ensure expected tags is correct assert: that: - - result.parameter_metadata.tags['{{ item.key }}'] == simple_tags_change_environment['{{ item.key }}'] + - result.parameter_metadata.tags[item.key] == simple_tags_change_environment[item.key] loop: "{{ simple_tags_change_environment | dict2items }}" - name: Change single tag case - Ensure no missing or additional tags @@ -738,7 +738,7 @@ - result.parameter_metadata.type == 'String' - name: Change single tag case - Delete parameter - aws_ssm_parameter_store: + ssm_parameter: name: "{{item}}" state: absent ignore_errors: True @@ -749,7 +749,7 @@ # Test tags - delete tag case - name: Delete single tag case - Create parameter - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' description: '{{ simple_tag_param_description }}' value: '{{ simple_tag_param_value }}' @@ -757,7 +757,7 @@ register: result - name: Delete single tag case - Update tag (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: '{{ simple_tags_delete_version }}' register: result @@ -767,7 +767,7 @@ - result is changed - name: Delete single tag case - Update tag - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: '{{ simple_tags_delete_version }}' register: result @@ -775,7 +775,7 @@ - name: Delete single tag case - Ensure expected tags is correct assert: that: - - result.parameter_metadata.tags['{{ item.key }}'] == simple_tags_delete_version['{{ item.key }}'] + - result.parameter_metadata.tags[item.key] == simple_tags_delete_version[item.key] loop: "{{ simple_tags_delete_version | dict2items }}" - name: Delete single tag case - Ensure no missing or additional tags @@ -809,7 +809,7 @@ - result.parameter_metadata.type == 'String' - name: Delete single tag case - Delete parameter - aws_ssm_parameter_store: + ssm_parameter: name: "{{item}}" state: absent ignore_errors: True @@ -820,7 +820,7 @@ # Test tags - delete tag w/ spaces case - name: Delete single tag w/ spaces case - Create parameter - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' description: '{{ simple_tag_param_description }}' value: '{{ simple_tag_param_value }}' @@ -828,7 +828,7 @@ register: result - name: Delete single tag w/ spaces case - Update tag (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: '{{ simple_tags_delete_tag_with_space }}' register: result @@ -838,7 +838,7 @@ - result is changed - name: Delete single tag w/ spaces case - Update tag - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: '{{ simple_tags_delete_tag_with_space }}' register: result @@ -846,7 +846,7 @@ - name: Delete single tag w/ spaces case - Ensure expected tags is correct assert: that: - - result.parameter_metadata.tags['{{ item.key }}'] == simple_tags_delete_tag_with_space['{{ item.key }}'] + - result.parameter_metadata.tags[item.key] == simple_tags_delete_tag_with_space[item.key] loop: "{{ simple_tags_delete_tag_with_space | dict2items }}" - name: Delete single tag w/ spaces case - Ensure no missing or additional tags @@ -880,7 +880,7 @@ - result.parameter_metadata.type == 'String' - name: Delete single tag w/ spaces case - Delete parameter - aws_ssm_parameter_store: + ssm_parameter: name: "{{item}}" state: absent ignore_errors: True @@ -891,7 +891,7 @@ # Test tags - Add/delete/change tags case - name: Add/delete/change tags case - Create parameter - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' description: '{{ simple_tag_param_description }}' value: '{{ simple_tag_param_value }}' @@ -899,7 +899,7 @@ register: result - name: Add/delete/change tags case - Update tag (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: '{{ simple_tags_add_delete_change }}' register: result @@ -909,7 +909,7 @@ - result is changed - name: Add/delete/change tags case - Update tag - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: '{{ simple_tags_add_delete_change }}' register: result @@ -917,7 +917,7 @@ - name: Add/delete/change tags case - Ensure expected tags is correct assert: that: - - result.parameter_metadata.tags['{{ item.key }}'] == simple_tags_add_delete_change['{{ item.key }}'] + - result.parameter_metadata.tags[item.key] == simple_tags_add_delete_change[item.key] loop: "{{ simple_tags_add_delete_change | dict2items }}" - name: Add/delete/change tags case - Ensure no missing or additional tags @@ -951,7 +951,7 @@ - result.parameter_metadata.type == 'String' - name: Add/delete/change tags case - Delete parameter - aws_ssm_parameter_store: + ssm_parameter: name: "{{item}}" state: absent ignore_errors: True @@ -962,7 +962,7 @@ # Test tags - Delete all tags case - name: Delete all tags case - Create parameter - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' description: '{{ simple_tag_param_description }}' value: '{{ simple_tag_param_value }}' @@ -970,7 +970,7 @@ register: result - name: Delete all tags case - Update tag (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: '{{ simple_tags_delete_all_tags }}' register: result @@ -980,7 +980,7 @@ - result is changed - name: Delete all tags case - Update tag - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: '{{ simple_tags_delete_all_tags }}' register: result @@ -988,7 +988,7 @@ - name: Delete all tags case - Ensure expected tags is correct assert: that: - - result.parameter_metadata.tags['{{ item.key }}'] == simple_tags_delete_all_tags['{{ item.key }}'] + - result.parameter_metadata.tags[item.key] == simple_tags_delete_all_tags[item.key] loop: "{{ simple_tags_delete_all_tags | dict2items }}" - name: Delete all tags case - Ensure no missing or additional tags @@ -1022,7 +1022,7 @@ - result.parameter_metadata.type == 'String' - name: Delete all tags case - Delete parameter - aws_ssm_parameter_store: + ssm_parameter: name: "{{item}}" state: absent ignore_errors: True @@ -1033,7 +1033,7 @@ # Test tags - Add tag case (purge_tags=false) - name: Add tag case (purge_tags=false) - Create parameter - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' description: '{{ simple_tag_param_description }}' value: '{{ simple_tag_param_value }}' @@ -1041,7 +1041,7 @@ register: result - name: Add tag case (purge_tags=false) - Add tag (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: '{{ simple_tags_purge_false_add_owner }}' purge_tags: False @@ -1052,7 +1052,7 @@ - result is changed - name: Add tag case (purge_tags=false) - Add tag - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: '{{ simple_tags_purge_false_add_owner }}' purge_tags: False @@ -1062,8 +1062,8 @@ assert: that: - > - result.parameter_metadata.tags['{{ item.key }}'] == - (simple_tags_orig | combine(simple_tags_purge_false_add_owner))['{{ item.key }}'] + result.parameter_metadata.tags[item.key] == + (simple_tags_orig | combine(simple_tags_purge_false_add_owner))[item.key] loop: > {{ simple_tags_orig | combine(simple_tags_purge_false_add_owner) | dict2items }} @@ -1071,8 +1071,8 @@ assert: that: - > - result.parameter_metadata.tags | length == {{ simple_tags_orig | - combine(simple_tags_purge_false_add_owner) | dict2items }} | length + result.parameter_metadata.tags | length == simple_tags_orig | + combine(simple_tags_purge_false_add_owner) | dict2items | length - name: Add tag case (purge_tags=false) - Lookup a tagged parameter set_fact: @@ -1100,7 +1100,7 @@ - result.parameter_metadata.type == 'String' - name: Add tag case (purge_tags=false) - Delete parameter - aws_ssm_parameter_store: + ssm_parameter: name: "{{item}}" state: absent ignore_errors: True @@ -1111,7 +1111,7 @@ # Test tags - Add multiple tags case (purge_tags=false) - name: Add multiple tags case (purge_tags=false) - Create parameter - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' description: '{{ simple_tag_param_description }}' value: '{{ simple_tag_param_value }}' @@ -1119,7 +1119,7 @@ register: result - name: Add multiple tags case (purge_tags=false) - Add tag (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: '{{ simple_tags_purge_false_add_multiple }}' purge_tags: False @@ -1130,7 +1130,7 @@ - result is changed - name: Add multiple tags case (purge_tags=false) - Add tag - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: '{{ simple_tags_purge_false_add_multiple }}' purge_tags: False @@ -1140,8 +1140,8 @@ assert: that: - > - result.parameter_metadata.tags['{{ item.key }}'] == - (simple_tags_orig | combine(simple_tags_purge_false_add_multiple))['{{ item.key }}'] + result.parameter_metadata.tags[item.key] == + (simple_tags_orig | combine(simple_tags_purge_false_add_multiple))[item.key] loop: > {{ simple_tags_orig | combine(simple_tags_purge_false_add_multiple) | dict2items }} @@ -1149,8 +1149,8 @@ assert: that: - > - result.parameter_metadata.tags | length == {{ simple_tags_orig | - combine(simple_tags_purge_false_add_multiple) | dict2items }} | length + result.parameter_metadata.tags | length == simple_tags_orig | + combine(simple_tags_purge_false_add_multiple) | dict2items | length - name: Add multiple tags case (purge_tags=false) - Lookup a tagged parameter set_fact: @@ -1178,7 +1178,7 @@ - result.parameter_metadata.type == 'String' - name: Add multiple tags case (purge_tags=false) - Delete parameter - aws_ssm_parameter_store: + ssm_parameter: name: "{{item}}" state: absent ignore_errors: True @@ -1189,7 +1189,7 @@ # Test tags - Change tag case (purge_tags=false) - name: Change tag case (purge_tags=false) - Create parameter - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' description: '{{ simple_tag_param_description }}' value: '{{ simple_tag_param_value }}' @@ -1197,7 +1197,7 @@ register: result - name: Change tag case (purge_tags=false) - Change tag (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: '{{ simple_tags_purge_false_change_environment}}' purge_tags: False @@ -1208,7 +1208,7 @@ - result is changed - name: Change tag case (purge_tags=false) - Change tag - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: '{{ simple_tags_purge_false_change_environment }}' purge_tags: False @@ -1218,8 +1218,8 @@ assert: that: - > - result.parameter_metadata.tags['{{ item.key }}'] == - (simple_tags_orig | combine(simple_tags_purge_false_change_environment))['{{ item.key }}'] + result.parameter_metadata.tags[item.key] == + (simple_tags_orig | combine(simple_tags_purge_false_change_environment))[item.key] loop: > {{ simple_tags_orig | combine(simple_tags_purge_false_change_environment) | dict2items }} loop_control: @@ -1230,8 +1230,8 @@ assert: that: - > - result.parameter_metadata.tags | length == {{ simple_tags_orig | - combine(simple_tags_purge_false_change_environment) | dict2items }} | length + result.parameter_metadata.tags | length == simple_tags_orig | + combine(simple_tags_purge_false_change_environment) | dict2items | length - name: Change tag case (purge_tags=false) - Lookup a tagged parameter set_fact: @@ -1259,7 +1259,7 @@ - result.parameter_metadata.type == 'String' - name: Change tag case (purge_tags=false) - Delete parameter - aws_ssm_parameter_store: + ssm_parameter: name: "{{item}}" state: absent ignore_errors: True @@ -1270,7 +1270,7 @@ # Test tags - Change multiple tags case (purge_tags=false) - name: Change multiple tags (purge_tags=false) - Create parameter - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' description: '{{ simple_tag_param_description }}' value: '{{ simple_tag_param_value }}' @@ -1278,7 +1278,7 @@ register: result - name: Change multiple tags (purge_tags=false) - Change tag (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: '{{ simple_tags_purge_false_change_multiple}}' purge_tags: False @@ -1289,7 +1289,7 @@ - result is changed - name: Change multiple tags (purge_tags=false) - Change tag - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: '{{ simple_tags_purge_false_change_multiple }}' purge_tags: False @@ -1299,8 +1299,8 @@ assert: that: - > - result.parameter_metadata.tags['{{ item.key }}'] == - (simple_tags_orig | combine(simple_tags_purge_false_change_multiple))['{{ item.key }}'] + result.parameter_metadata.tags[item.key] == + (simple_tags_orig | combine(simple_tags_purge_false_change_multiple))[item.key] loop: > {{ simple_tags_orig | combine(simple_tags_purge_false_change_multiple) | dict2items }} loop_control: @@ -1311,8 +1311,8 @@ assert: that: - > - result.parameter_metadata.tags | length == {{ simple_tags_orig | - combine(simple_tags_purge_false_change_multiple) | dict2items }} | length + result.parameter_metadata.tags | length == simple_tags_orig | + combine(simple_tags_purge_false_change_multiple) | dict2items | length - name: Change multiple tags (purge_tags=false) - Lookup a tagged parameter set_fact: @@ -1340,7 +1340,7 @@ - result.parameter_metadata.type == 'String' - name: Change multiple tags (purge_tags=false) - Delete parameter - aws_ssm_parameter_store: + ssm_parameter: name: "{{item}}" state: absent ignore_errors: True @@ -1351,7 +1351,7 @@ # Test tags - Add/Change multiple tags case (purge_tags=false) - name: Add/Change multiple tags (purge_tags=false) - Create parameter - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' description: '{{ simple_tag_param_description }}' value: '{{ simple_tag_param_value }}' @@ -1359,7 +1359,7 @@ register: result - name: Add/Change multiple tags (purge_tags=false) - Change tag (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: '{{ simple_tags_purge_false_add_and_change}}' purge_tags: False @@ -1370,7 +1370,7 @@ - result is changed - name: Add/Change multiple tags (purge_tags=false) - Change tag - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: '{{ simple_tags_purge_false_add_and_change }}' purge_tags: False @@ -1380,8 +1380,8 @@ assert: that: - > - result.parameter_metadata.tags['{{ item.key }}'] == - (simple_tags_orig | combine(simple_tags_purge_false_add_and_change))['{{ item.key }}'] + result.parameter_metadata.tags[item.key] == + (simple_tags_orig | combine(simple_tags_purge_false_add_and_change))[item.key] loop: > {{ simple_tags_orig | combine(simple_tags_purge_false_add_and_change) | dict2items }} loop_control: @@ -1392,8 +1392,8 @@ assert: that: - > - result.parameter_metadata.tags | length == {{ simple_tags_orig | - combine(simple_tags_purge_false_add_and_change) | dict2items }} | length + result.parameter_metadata.tags | length == simple_tags_orig | + combine(simple_tags_purge_false_add_and_change) | dict2items | length - name: Add/Change multiple tags (purge_tags=false) - Lookup a tagged parameter set_fact: @@ -1421,7 +1421,7 @@ - result.parameter_metadata.type == 'String' - name: Add/Change multiple tags (purge_tags=false) - Delete parameter - aws_ssm_parameter_store: + ssm_parameter: name: "{{item}}" state: absent ignore_errors: True @@ -1432,7 +1432,7 @@ # Test tags - Empty tags dict case (purge_tags=false) # should be no change - name: Empty tags dict (purge_tags=false) - Create parameter - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' description: '{{ simple_tag_param_description }}' value: '{{ simple_tag_param_value }}' @@ -1440,7 +1440,7 @@ register: result - name: Empty tags dict (purge_tags=false) - Change tag (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: {} purge_tags: False @@ -1451,7 +1451,7 @@ - result != 'changed' - name: Empty tags dict (purge_tags=false) - Change tag - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' tags: {} purge_tags: False @@ -1461,7 +1461,7 @@ assert: that: - > - result.parameter_metadata.tags['{{ item.key }}'] == simple_tags_orig['{{ item.key }}'] + result.parameter_metadata.tags[item.key] == simple_tags_orig[item.key] loop: > {{ simple_tags_orig | dict2items }} loop_control: @@ -1472,7 +1472,7 @@ that: - > result.parameter_metadata.tags | length - == {{ simple_tags_orig | dict2items }} | length + == simple_tags_orig | dict2items | length - name: Empty tags dict (purge_tags=false) - Lookup a tagged parameter set_fact: @@ -1500,7 +1500,7 @@ - result.parameter_metadata.type == 'String' - name: Empty tags dict (purge_tags=false) - Delete parameter - aws_ssm_parameter_store: + ssm_parameter: name: "{{item}}" state: absent ignore_errors: True @@ -1511,7 +1511,7 @@ # Test tags - No tags parameter (purge_tags=true) case # should be no change - name: No tags parameter (purge_tags=true) - Create parameter - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' description: '{{ simple_tag_param_description }}' value: '{{ simple_tag_param_value }}' @@ -1519,7 +1519,7 @@ register: result - name: No tags parameter (purge_tags=true) - Change tag (CHECK) - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' description: '{{ simple_tag_param_updated_description }}' register: result @@ -1529,7 +1529,7 @@ - result is changed - name: No tags parameter (purge_tags=true) - Change tag - aws_ssm_parameter_store: + ssm_parameter: name: '{{ simple_tag_param_name }}' description: '{{ simple_tag_param_updated_description }}' register: result @@ -1538,8 +1538,8 @@ assert: that: - > - result.parameter_metadata.tags['{{ item.key }}'] - == simple_tags_orig['{{ item.key }}'] + result.parameter_metadata.tags[item.key] + == simple_tags_orig[item.key] loop: > {{ simple_tags_orig | dict2items }} loop_control: @@ -1550,7 +1550,7 @@ that: - > result.parameter_metadata.tags | length - == {{ simple_tags_orig | dict2items }} | length + == simple_tags_orig | dict2items | length - name: No tags parameter (purge_tags=true) - Lookup a tagged parameter set_fact: @@ -1578,7 +1578,7 @@ - result.parameter_metadata.type == 'String' - name: No tags parameter (purge_tags=true) - Delete parameter - aws_ssm_parameter_store: + ssm_parameter: name: "{{item}}" state: absent ignore_errors: true @@ -1588,7 +1588,7 @@ always: # ============================================================ - name: Delete remaining key/value pairs in aws parameter store - aws_ssm_parameter_store: + ssm_parameter: name: "{{item}}" state: absent ignore_errors: True diff --git a/ansible_collections/community/aws/tests/integration/targets/stepfunctions_state_machine/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/stepfunctions_state_machine/tasks/main.yml index 8c4bbec71..061acb2c3 100644 --- a/ansible_collections/community/aws/tests/integration/targets/stepfunctions_state_machine/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/stepfunctions_state_machine/tasks/main.yml @@ -3,9 +3,9 @@ - name: Integration test for AWS Step Function state machine module module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" collections: - amazon.aws @@ -33,7 +33,7 @@ # ==== Tests =================================================== - name: Create a new state machine -- check_mode - aws_step_functions_state_machine: + stepfunctions_state_machine: name: "{{ state_machine_name }}" definition: "{{ lookup('file','state_machine.json') }}" role_arn: "{{ step_functions_role.iam_role.arn }}" @@ -49,7 +49,7 @@ - creation_check.output == 'State machine would be created.' - name: Create a new state machine - aws_step_functions_state_machine: + stepfunctions_state_machine: name: "{{ state_machine_name }}" definition: "{{ lookup('file','state_machine.json') }}" role_arn: "{{ step_functions_role.iam_role.arn }}" @@ -68,7 +68,7 @@ seconds: 5 - name: Idempotent rerun of same state function -- check_mode - aws_step_functions_state_machine: + stepfunctions_state_machine: name: "{{ state_machine_name }}" definition: "{{ lookup('file','state_machine.json') }}" role_arn: "{{ step_functions_role.iam_role.arn }}" @@ -84,7 +84,7 @@ - result.output == 'State is up-to-date.' - name: Idempotent rerun of same state function - aws_step_functions_state_machine: + stepfunctions_state_machine: name: "{{ state_machine_name }}" definition: "{{ lookup('file','state_machine.json') }}" role_arn: "{{ step_functions_role.iam_role.arn }}" @@ -99,7 +99,7 @@ - result.state_machine_arn == creation_output.state_machine_arn - name: Update an existing state machine -- check_mode - aws_step_functions_state_machine: + stepfunctions_state_machine: name: "{{ state_machine_name }}" definition: "{{ lookup('file','alternative_state_machine.json') }}" role_arn: "{{ step_functions_role.iam_role.arn }}" @@ -112,10 +112,10 @@ - assert: that: - update_check.changed == True - - "update_check.output == 'State machine would be updated: {{ creation_output.state_machine_arn }}'" + - "update_check.output == 'State machine would be updated: ' ~ creation_output.state_machine_arn" - name: Update an existing state machine - aws_step_functions_state_machine: + stepfunctions_state_machine: name: "{{ state_machine_name }}" definition: "{{ lookup('file','alternative_state_machine.json') }}" role_arn: "{{ step_functions_role.iam_role.arn }}" @@ -130,7 +130,7 @@ - update_output.state_machine_arn == creation_output.state_machine_arn - name: Start execution of state machine -- check_mode - aws_step_functions_state_machine_execution: + stepfunctions_state_machine_execution: name: "{{ execution_name }}" execution_input: "{}" state_machine_arn: "{{ creation_output.state_machine_arn }}" @@ -143,7 +143,7 @@ - "start_execution_output.output == 'State machine execution would be started.'" - name: Start execution of state machine - aws_step_functions_state_machine_execution: + stepfunctions_state_machine_execution: name: "{{ execution_name }}" execution_input: "{}" state_machine_arn: "{{ creation_output.state_machine_arn }}" @@ -156,7 +156,7 @@ - "'start_date' in start_execution_output" - name: Start execution of state machine (check for idempotency) (check mode) - aws_step_functions_state_machine_execution: + stepfunctions_state_machine_execution: name: "{{ execution_name }}" execution_input: "{}" state_machine_arn: "{{ creation_output.state_machine_arn }}" @@ -169,7 +169,7 @@ - "start_execution_output_idem_check.output == 'State machine execution already exists.'" - name: Start execution of state machine (check for idempotency) - aws_step_functions_state_machine_execution: + stepfunctions_state_machine_execution: name: "{{ execution_name }}" execution_input: "{}" state_machine_arn: "{{ creation_output.state_machine_arn }}" @@ -180,7 +180,7 @@ - not start_execution_output_idem.changed - name: Stop execution of state machine -- check_mode - aws_step_functions_state_machine_execution: + stepfunctions_state_machine_execution: action: stop execution_arn: "{{ start_execution_output.execution_arn }}" cause: "cause of the failure" @@ -194,7 +194,7 @@ - "stop_execution_output.output == 'State machine execution would be stopped.'" - name: Stop execution of state machine - aws_step_functions_state_machine_execution: + stepfunctions_state_machine_execution: action: stop execution_arn: "{{ start_execution_output.execution_arn }}" cause: "cause of the failure" @@ -207,7 +207,7 @@ - "'stop_date' in stop_execution_output" - name: Stop execution of state machine (check for idempotency) - aws_step_functions_state_machine_execution: + stepfunctions_state_machine_execution: action: stop execution_arn: "{{ start_execution_output.execution_arn }}" cause: "cause of the failure" @@ -219,7 +219,7 @@ - not stop_execution_output.changed - name: Try stopping a non-running execution -- check_mode - aws_step_functions_state_machine_execution: + stepfunctions_state_machine_execution: action: stop execution_arn: "{{ start_execution_output.execution_arn }}" cause: "cause of the failure" @@ -233,7 +233,7 @@ - "stop_execution_output.output == 'State machine execution is not running.'" - name: Try stopping a non-running execution - aws_step_functions_state_machine_execution: + stepfunctions_state_machine_execution: action: stop execution_arn: "{{ start_execution_output.execution_arn }}" cause: "cause of the failure" @@ -246,7 +246,7 @@ - not stop_execution_output.changed - name: Start execution of state machine with the same execution name - aws_step_functions_state_machine_execution: + stepfunctions_state_machine_execution: name: "{{ execution_name }}" state_machine_arn: "{{ creation_output.state_machine_arn }}" register: start_execution_output_again @@ -256,7 +256,7 @@ - not start_execution_output_again.changed - name: Remove state machine -- check_mode - aws_step_functions_state_machine: + stepfunctions_state_machine: name: "{{ state_machine_name }}" state: absent register: deletion_check @@ -265,10 +265,10 @@ - assert: that: - deletion_check.changed == True - - "deletion_check.output == 'State machine would be deleted: {{ creation_output.state_machine_arn }}'" + - "deletion_check.output == 'State machine would be deleted: ' ~ creation_output.state_machine_arn" - name: Remove state machine - aws_step_functions_state_machine: + stepfunctions_state_machine: name: "{{ state_machine_name }}" state: absent register: deletion_output @@ -279,7 +279,7 @@ - deletion_output.state_machine_arn == creation_output.state_machine_arn - name: Non-existent state machine is absent - aws_step_functions_state_machine: + stepfunctions_state_machine: name: "non_existing_state_machine" state: absent register: result @@ -293,7 +293,7 @@ always: - name: Cleanup - delete state machine - aws_step_functions_state_machine: + stepfunctions_state_machine: name: "{{ state_machine_name }}" state: absent ignore_errors: true diff --git a/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/defaults/main.yml deleted file mode 100644 index 17072d6a4..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ -iam_role_name: "ansible-test-{{ tiny_prefix }}" diff --git a/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/meta/main.yml deleted file mode 100644 index 32cf5dda7..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/meta/main.yml +++ /dev/null @@ -1 +0,0 @@ -dependencies: [] diff --git a/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/tasks/main.yml deleted file mode 100644 index be684dcea..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/tasks/main.yml +++ /dev/null @@ -1,332 +0,0 @@ ---- -# tasks file for sts_assume_role - -- module_defaults: - group/aws: - region: "{{ aws_region }}" - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" - collections: - - amazon.aws - block: - # Get some information about who we are before starting our tests - # we'll need this as soon as we start working on the policies - - name: get ARN of calling user - aws_caller_info: - register: aws_caller_info - - - name: register account id - set_fact: - aws_account: "{{ aws_caller_info.account }}" - - # ============================================================ - - name: create test iam role - iam_role: - name: "{{ iam_role_name }}" - assume_role_policy_document: "{{ lookup('template','policy.json.j2') }}" - create_instance_profile: False - managed_policy: - - arn:aws:iam::aws:policy/IAMReadOnlyAccess - state: present - register: test_role - - # ============================================================ - - name: pause to ensure role exists before using - pause: - seconds: 30 - - # ============================================================ - - name: test with no parameters - sts_assume_role: - aws_access_key: '{{ omit }}' - aws_secret_key: '{{ omit }}' - security_token: '{{ omit }}' - register: result - ignore_errors: true - - - name: assert with no parameters - assert: - that: - - 'result.failed' - - "'missing required arguments:' in result.msg" - - # ============================================================ - - name: test with empty parameters - sts_assume_role: - role_arn: - role_session_name: - policy: - duration_seconds: - external_id: - mfa_token: - mfa_serial_number: - register: result - ignore_errors: true - - - name: assert with empty parameters - assert: - that: - - 'result.failed' - - "'Missing required parameter in input:' in result.msg" - when: result.module_stderr is not defined - - - name: assert with empty parameters - assert: - that: - - 'result.failed' - - "'Member must have length greater than or equal to 20' in result.module_stderr" - when: result.module_stderr is defined - - # ============================================================ - - name: test with only 'role_arn' parameter - sts_assume_role: - role_arn: "{{ test_role.iam_role.arn }}" - register: result - ignore_errors: true - - - name: assert with only 'role_arn' parameter - assert: - that: - - 'result.failed' - - "'missing required arguments: role_session_name' in result.msg" - - # ============================================================ - - name: test with only 'role_session_name' parameter - sts_assume_role: - role_session_name: "AnsibleTest" - register: result - ignore_errors: true - - - name: assert with only 'role_session_name' parameter - assert: - that: - - 'result.failed' - - "'missing required arguments: role_arn' in result.msg" - - # ============================================================ - - name: test assume role with invalid policy - sts_assume_role: - role_arn: "{{ test_role.iam_role.arn }}" - role_session_name: "AnsibleTest" - policy: "invalid policy" - register: result - ignore_errors: true - - - name: assert assume role with invalid policy - assert: - that: - - 'result.failed' - - "'The policy is not in the valid JSON format.' in result.msg" - when: result.module_stderr is not defined - - - name: assert assume role with invalid policy - assert: - that: - - 'result.failed' - - "'The policy is not in the valid JSON format.' in result.module_stderr" - when: result.module_stderr is defined - - # ============================================================ - - name: test assume role with invalid duration seconds - sts_assume_role: - role_arn: "{{ test_role.iam_role.arn }}" - role_session_name: AnsibleTest - duration_seconds: invalid duration - register: result - ignore_errors: true - - - name: assert assume role with invalid duration seconds - assert: - that: - - result is failed - - "'duration_seconds' in result.msg" - - "'cannot be converted to an int' in result.msg" - - # ============================================================ - - name: test assume role with invalid external id - sts_assume_role: - role_arn: "{{ test_role.iam_role.arn }}" - role_session_name: AnsibleTest - external_id: invalid external id - register: result - ignore_errors: true - - - name: assert assume role with invalid external id - assert: - that: - - 'result.failed' - - "'Member must satisfy regular expression pattern:' in result.msg" - when: result.module_stderr is not defined - - - name: assert assume role with invalid external id - assert: - that: - - 'result.failed' - - "'Member must satisfy regular expression pattern:' in result.module_stderr" - when: result.module_stderr is defined - - # ============================================================ - - name: test assume role with invalid mfa serial number - sts_assume_role: - role_arn: "{{ test_role.iam_role.arn }}" - role_session_name: AnsibleTest - mfa_serial_number: invalid serial number - register: result - ignore_errors: true - - - name: assert assume role with invalid mfa serial number - assert: - that: - - 'result.failed' - - "'Member must satisfy regular expression pattern:' in result.msg" - when: result.module_stderr is not defined - - - name: assert assume role with invalid mfa serial number - assert: - that: - - 'result.failed' - - "'Member must satisfy regular expression pattern:' in result.module_stderr" - when: result.module_stderr is defined - - # ============================================================ - - name: test assume role with invalid mfa token code - sts_assume_role: - role_arn: "{{ test_role.iam_role.arn }}" - role_session_name: AnsibleTest - mfa_token: invalid token code - register: result - ignore_errors: true - - - name: assert assume role with invalid mfa token code - assert: - that: - - 'result.failed' - - "'Member must satisfy regular expression pattern:' in result.msg" - when: result.module_stderr is not defined - - - name: assert assume role with invalid mfa token code - assert: - that: - - 'result.failed' - - "'Member must satisfy regular expression pattern:' in result.module_stderr" - when: result.module_stderr is defined - - # ============================================================ - - name: test assume role with invalid role_arn - sts_assume_role: - role_arn: invalid role arn - role_session_name: AnsibleTest - register: result - ignore_errors: true - - - name: assert assume role with invalid role_arn - assert: - that: - - result.failed - - "'Invalid length for parameter RoleArn' in result.msg" - when: result.module_stderr is not defined - - - name: assert assume role with invalid role_arn - assert: - that: - - 'result.failed' - - "'Member must have length greater than or equal to 20' in result.module_stderr" - when: result.module_stderr is defined - - # ============================================================ - - name: test assume not existing sts role - sts_assume_role: - role_arn: "arn:aws:iam::123456789:role/non-existing-role" - role_session_name: "AnsibleTest" - register: result - ignore_errors: true - - - name: assert assume not existing sts role - assert: - that: - - 'result.failed' - - "'is not authorized to perform: sts:AssumeRole' in result.msg" - when: result.module_stderr is not defined - - - name: assert assume not existing sts role - assert: - that: - - 'result.failed' - - "'is not authorized to perform: sts:AssumeRole' in result.msg" - when: result.module_stderr is defined - - # ============================================================ - - name: test assume role - sts_assume_role: - role_arn: "{{ test_role.iam_role.arn }}" - role_session_name: AnsibleTest - register: assumed_role - - - name: assert assume role - assert: - that: - - 'not assumed_role.failed' - - "'sts_creds' in assumed_role" - - "'access_key' in assumed_role.sts_creds" - - "'secret_key' in assumed_role.sts_creds" - - "'session_token' in assumed_role.sts_creds" - - # ============================================================ - - name: test that assumed credentials have IAM read-only access - iam_role: - aws_access_key: "{{ assumed_role.sts_creds.access_key }}" - aws_secret_key: "{{ assumed_role.sts_creds.secret_key }}" - security_token: "{{ assumed_role.sts_creds.session_token }}" - name: "{{ iam_role_name }}" - assume_role_policy_document: "{{ lookup('template','policy.json.j2') }}" - create_instance_profile: False - state: present - register: result - - - name: assert assumed role with privileged action (expect changed=false) - assert: - that: - - 'not result.failed' - - 'not result.changed' - - "'iam_role' in result" - - # ============================================================ - - name: test assumed role with unprivileged action - iam_role: - aws_access_key: "{{ assumed_role.sts_creds.access_key }}" - aws_secret_key: "{{ assumed_role.sts_creds.secret_key }}" - security_token: "{{ assumed_role.sts_creds.session_token }}" - name: "{{ iam_role_name }}-new" - assume_role_policy_document: "{{ lookup('template','policy.json.j2') }}" - state: present - register: result - ignore_errors: true - - - name: assert assumed role with unprivileged action (expect changed=false) - assert: - that: - - 'result.failed' - - "'is not authorized to perform: iam:CreateRole' in result.msg" - # runs on Python2 - when: result.module_stderr is not defined - - - name: assert assumed role with unprivileged action (expect changed=false) - assert: - that: - - 'result.failed' - - "'is not authorized to perform: iam:CreateRole' in result.module_stderr" - # runs on Python3 - when: result.module_stderr is defined - - # ============================================================ - always: - - - name: delete test iam role - iam_role: - name: "{{ iam_role_name }}" - assume_role_policy_document: "{{ lookup('template','policy.json.j2') }}" - delete_instance_profile: True - managed_policy: - - arn:aws:iam::aws:policy/IAMReadOnlyAccess - state: absent diff --git a/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/templates/policy.json.j2 b/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/templates/policy.json.j2 deleted file mode 100644 index 559562fd9..000000000 --- a/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/templates/policy.json.j2 +++ /dev/null @@ -1,12 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::{{ aws_account }}:root" - }, - "Action": "sts:AssumeRole" - } - ] -}
\ No newline at end of file diff --git a/ansible_collections/community/aws/tests/integration/targets/sts_session_token/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/sts_session_token/tasks/main.yml index 6231119ec..c814cfd5f 100644 --- a/ansible_collections/community/aws/tests/integration/targets/sts_session_token/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/sts_session_token/tasks/main.yml @@ -3,9 +3,9 @@ - module_defaults: group/aws: region: "{{ aws_region }}" - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" collections: - amazon.aws block: @@ -54,9 +54,9 @@ - name: Get ARN of user when running with generated token aws_caller_info: - aws_access_key: "{{ token_details.sts_creds.access_key }}" - aws_secret_key: "{{ token_details.sts_creds.secret_key }}" - security_token: "{{ token_details.sts_creds.session_token }}" + access_key: "{{ token_details.sts_creds.access_key }}" + secret_key: "{{ token_details.sts_creds.secret_key }}" + session_token: "{{ token_details.sts_creds.session_token }}" register: token_aws_caller_info - assert: diff --git a/ansible_collections/community/aws/tests/integration/targets/waf_web_acl/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/waf_web_acl/tasks/main.yml index c176e7def..acbf1f29c 100644 --- a/ansible_collections/community/aws/tests/integration/targets/waf_web_acl/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/waf_web_acl/tasks/main.yml @@ -4,9 +4,9 @@ - amazon.aws module_defaults: group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' region: '{{ aws_region }}' block: @@ -15,7 +15,7 @@ ################################################## - name: create WAF IP condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_ip_condition" filters: - ip_address: "10.0.0.0/8" @@ -23,7 +23,7 @@ register: create_waf_ip_condition - name: add an IP address to WAF condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_ip_condition" filters: - ip_address: "10.0.0.0/8" @@ -37,7 +37,7 @@ - add_ip_address_to_waf_condition.condition.ip_set_descriptors|length == 2 - name: add an IP address to WAF condition (rely on purge_filters defaulting to false) - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_ip_condition" filters: - ip_address: "192.168.10.0/24" @@ -51,7 +51,7 @@ - add_ip_address_to_waf_condition_no_purge.changed - name: add an IP address to WAF condition (set purge_filters) - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_ip_condition" filters: - ip_address: "192.168.20.0/24" @@ -66,7 +66,7 @@ - add_ip_address_to_waf_condition_purge.changed - name: create WAF byte condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_byte_condition" filters: - field_to_match: header @@ -77,7 +77,7 @@ register: create_waf_byte_condition - name: recreate WAF byte condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_byte_condition" filters: - field_to_match: header @@ -93,7 +93,7 @@ - not recreate_waf_byte_condition.changed - name: create WAF geo condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_geo_condition" filters: - country: US @@ -103,7 +103,7 @@ register: create_waf_geo_condition - name: create WAF size condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_size_condition" filters: - field_to_match: query_string @@ -113,7 +113,7 @@ register: create_waf_size_condition - name: create WAF sql condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_sql_condition" filters: - field_to_match: query_string @@ -122,7 +122,7 @@ register: create_waf_sql_condition - name: create WAF xss condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_xss_condition" filters: - field_to_match: query_string @@ -131,7 +131,7 @@ register: create_waf_xss_condition - name: create WAF regex condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_regex_condition" filters: - field_to_match: query_string @@ -145,7 +145,7 @@ register: create_waf_regex_condition - name: create a second WAF regex condition with the same regex - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_regex_condition_part_2" filters: - field_to_match: header @@ -169,7 +169,7 @@ - name: delete first WAF regex condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_regex_condition" filters: - field_to_match: query_string @@ -184,7 +184,7 @@ register: delete_waf_regex_condition - name: delete second WAF regex condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_regex_condition_part_2" filters: - field_to_match: header @@ -200,7 +200,7 @@ register: delete_second_waf_regex_condition - name: create WAF regex condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_regex_condition" filters: - field_to_match: query_string @@ -221,7 +221,7 @@ create_waf_regex_condition.condition.regex_match_tuples[0].regex_pattern_set_id - name: create WAF Regional IP condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_ip_condition" filters: - ip_address: "10.0.0.0/8" @@ -231,7 +231,7 @@ register: create_waf_regional_ip_condition - name: add an IP address to WAF Regional condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_ip_condition" filters: - ip_address: "10.0.0.0/8" @@ -247,7 +247,7 @@ - add_ip_address_to_waf_regional_condition.condition.ip_set_descriptors|length == 2 - name: add an IP address to WAF Regional condition (rely on purge_filters defaulting to false) - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_ip_condition" filters: - ip_address: "192.168.10.0/24" @@ -263,7 +263,7 @@ - add_ip_address_to_waf_regional_condition_no_purge.changed - name: add an IP address to WAF Regional condition (set purge_filters) - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_ip_condition" filters: - ip_address: "192.168.20.0/24" @@ -280,7 +280,7 @@ - add_ip_address_to_waf_regional_condition_purge.changed - name: create WAF Regional byte condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_byte_condition" filters: - field_to_match: header @@ -293,7 +293,7 @@ register: create_waf_regional_byte_condition - name: recreate WAF Regional byte condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_byte_condition" filters: - field_to_match: header @@ -311,7 +311,7 @@ - not recreate_waf_regional_byte_condition.changed - name: create WAF Regional geo condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_geo_condition" filters: - country: US @@ -323,7 +323,7 @@ register: create_waf_regional_geo_condition - name: create WAF Regional size condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_size_condition" filters: - field_to_match: query_string @@ -335,7 +335,7 @@ register: create_waf_regional_size_condition - name: create WAF Regional sql condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_sql_condition" filters: - field_to_match: query_string @@ -346,7 +346,7 @@ register: create_waf_regional_sql_condition - name: create WAF Regional xss condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_xss_condition" filters: - field_to_match: query_string @@ -357,7 +357,7 @@ register: create_waf_regional_xss_condition - name: create WAF Regional regex condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_regex_condition" filters: - field_to_match: query_string @@ -373,7 +373,7 @@ register: create_waf_regional_regex_condition - name: create a second WAF Regional regex condition with the same regex - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_regex_condition_part_2" filters: - field_to_match: header @@ -399,7 +399,7 @@ - name: delete first WAF Regional regex condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_regex_condition" filters: - field_to_match: query_string @@ -416,7 +416,7 @@ register: delete_waf_regional_regex_condition - name: delete second WAF Regional regex condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_regex_condition_part_2" filters: - field_to_match: header @@ -434,7 +434,7 @@ register: delete_second_waf_regional_regex_condition - name: create WAF Regional regex condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_regex_condition" filters: - field_to_match: query_string @@ -461,7 +461,7 @@ ################################################## - name: create WAF rule - aws_waf_rule: + waf_rule: name: "{{ resource_prefix }}_rule" conditions: - name: "{{ resource_prefix }}_regex_condition" @@ -483,7 +483,7 @@ - create_aws_waf_rule.rule.predicates|length == 3 - name: recreate WAF rule - aws_waf_rule: + waf_rule: name: "{{ resource_prefix }}_rule" conditions: - name: "{{ resource_prefix }}_regex_condition" @@ -504,7 +504,7 @@ - create_aws_waf_rule.rule.predicates|length == 3 - name: add further WAF rules relying on purge_conditions defaulting to false - aws_waf_rule: + waf_rule: name: "{{ resource_prefix }}_rule" conditions: - name: "{{ resource_prefix }}_ip_condition" @@ -525,7 +525,7 @@ - add_conditions_to_aws_waf_rule.rule.predicates|length == 6 - name: remove some rules through purging conditions - aws_waf_rule: + waf_rule: name: "{{ resource_prefix }}_rule" conditions: - name: "{{ resource_prefix }}_ip_condition" @@ -550,7 +550,7 @@ - add_and_remove_waf_rule_conditions.rule.predicates|length == 4 - name: attempt to remove an in use condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_size_condition" type: size state: absent @@ -561,10 +561,10 @@ assert: that: - remove_in_use_condition.failed - - "'Condition {{ resource_prefix }}_size_condition is in use' in remove_in_use_condition.msg" + - "'Condition ' ~ resource_prefix ~ '_size_condition is in use' in remove_in_use_condition.msg" - name: create WAF Regional rule - aws_waf_rule: + waf_rule: name: "{{ resource_prefix }}_rule" conditions: - name: "{{ resource_prefix }}_regex_condition" @@ -588,7 +588,7 @@ - create_aws_waf_regional_rule.rule.predicates|length == 3 - name: recreate WAF Regional rule - aws_waf_rule: + waf_rule: name: "{{ resource_prefix }}_rule" conditions: - name: "{{ resource_prefix }}_regex_condition" @@ -611,7 +611,7 @@ - create_aws_waf_regional_rule.rule.predicates|length == 3 - name: add further WAF Regional rules relying on purge_conditions defaulting to false - aws_waf_rule: + waf_rule: name: "{{ resource_prefix }}_rule" conditions: - name: "{{ resource_prefix }}_ip_condition" @@ -634,7 +634,7 @@ - add_conditions_to_aws_waf_regional_rule.rule.predicates|length == 6 - name: remove some rules through purging conditions - aws_waf_rule: + waf_rule: name: "{{ resource_prefix }}_rule" conditions: - name: "{{ resource_prefix }}_ip_condition" @@ -661,7 +661,7 @@ - add_and_remove_waf_regional_rule_conditions.rule.predicates|length == 4 - name: attempt to remove an WAF Regional in use condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_size_condition" type: size state: absent @@ -674,14 +674,14 @@ assert: that: - remove_in_use_condition.failed - - "'Condition {{ resource_prefix }}_size_condition is in use' in remove_in_use_condition.msg" + - "'Condition ' ~ resource_prefix ~ '_size_condition is in use' in remove_in_use_condition.msg" ################################################## # aws_waf_web_acl tests ################################################## - name: create web ACL - aws_waf_web_acl: + waf_web_acl: name: "{{ resource_prefix }}_web_acl" rules: - name: "{{ resource_prefix }}_rule" @@ -693,7 +693,7 @@ register: create_web_acl - name: recreate web acl - aws_waf_web_acl: + waf_web_acl: name: "{{ resource_prefix }}_web_acl" rules: - name: "{{ resource_prefix }}_rule" @@ -710,7 +710,7 @@ - recreate_web_acl.web_acl.rules|length == 1 - name: create a second WAF rule - aws_waf_rule: + waf_rule: name: "{{ resource_prefix }}_rule_2" conditions: - name: "{{ resource_prefix }}_ip_condition" @@ -724,7 +724,7 @@ negated: no - name: add a new rule to the web acl - aws_waf_web_acl: + waf_web_acl: name: "{{ resource_prefix }}_web_acl" rules: - name: "{{ resource_prefix }}_rule_2" @@ -741,7 +741,7 @@ - web_acl_add_rule.web_acl.rules|length == 2 - name: use purge rules to remove the first rule - aws_waf_web_acl: + waf_web_acl: name: "{{ resource_prefix }}_web_acl" rules: - name: "{{ resource_prefix }}_rule_2" @@ -759,7 +759,7 @@ - web_acl_add_rule.web_acl.rules|length == 1 - name: swap two rules of same priority - aws_waf_web_acl: + waf_web_acl: name: "{{ resource_prefix }}_web_acl" rules: - name: "{{ resource_prefix }}_rule" @@ -771,7 +771,7 @@ register: web_acl_swap_rule - name: attempt to delete the inuse first rule - aws_waf_rule: + waf_rule: name: "{{ resource_prefix }}_rule" state: absent ignore_errors: yes @@ -783,7 +783,7 @@ - remove_inuse_rule.failed - name: delete the web acl - aws_waf_web_acl: + waf_web_acl: name: "{{ resource_prefix }}_web_acl" state: absent register: delete_web_acl @@ -795,12 +795,12 @@ - not delete_web_acl.web_acl - name: delete the no longer in use first rule - aws_waf_rule: + waf_rule: name: "{{ resource_prefix }}_rule" state: absent - name: create WAF Regional web ACL - aws_waf_web_acl: + waf_web_acl: name: "{{ resource_prefix }}_web_acl" rules: - name: "{{ resource_prefix }}_rule" @@ -814,7 +814,7 @@ register: create_waf_regional_web_acl - name: recreate WAF Regional web acl - aws_waf_web_acl: + waf_web_acl: name: "{{ resource_prefix }}_web_acl" rules: - name: "{{ resource_prefix }}_rule" @@ -833,7 +833,7 @@ - recreate_waf_regional_web_acl.web_acl.rules|length == 1 - name: create a second WAF Regional rule - aws_waf_rule: + waf_rule: name: "{{ resource_prefix }}_rule_2" conditions: - name: "{{ resource_prefix }}_ip_condition" @@ -849,7 +849,7 @@ waf_regional: true - name: add a new rule to the WAF Regional web acl - aws_waf_web_acl: + waf_web_acl: name: "{{ resource_prefix }}_web_acl" rules: - name: "{{ resource_prefix }}_rule_2" @@ -868,7 +868,7 @@ - waf_regional_web_acl_add_rule.web_acl.rules|length == 2 - name: use purge rules to remove the WAF Regional first rule - aws_waf_web_acl: + waf_web_acl: name: "{{ resource_prefix }}_web_acl" rules: - name: "{{ resource_prefix }}_rule_2" @@ -888,7 +888,7 @@ - waf_regional_web_acl_add_rule.web_acl.rules|length == 1 - name: swap two WAF Regional rules of same priority - aws_waf_web_acl: + waf_web_acl: name: "{{ resource_prefix }}_web_acl" rules: - name: "{{ resource_prefix }}_rule" @@ -902,7 +902,7 @@ register: waf_regional_web_acl_swap_rule - name: attempt to delete the WAF Regional inuse first rule - aws_waf_rule: + waf_rule: name: "{{ resource_prefix }}_rule" state: absent region: "{{ aws_region }}" @@ -916,7 +916,7 @@ - remove_waf_regional_inuse_rule.failed - name: delete the WAF Regional web acl - aws_waf_web_acl: + waf_web_acl: name: "{{ resource_prefix }}_web_acl" state: absent region: "{{ aws_region }}" @@ -930,7 +930,7 @@ - not delete_waf_regional_web_acl.web_acl - name: delete the no longer in use WAF Regional first rule - aws_waf_rule: + waf_rule: name: "{{ resource_prefix }}_rule" state: absent region: "{{ aws_region }}" @@ -945,84 +945,84 @@ msg: "****** TEARDOWN STARTS HERE ******" - name: delete the web acl - aws_waf_web_acl: + waf_web_acl: name: "{{ resource_prefix }}_web_acl" state: absent purge_rules: yes ignore_errors: yes - name: remove second WAF rule - aws_waf_rule: + waf_rule: name: "{{ resource_prefix }}_rule_2" state: absent purge_conditions: yes ignore_errors: yes - name: remove WAF rule - aws_waf_rule: + waf_rule: name: "{{ resource_prefix }}_rule" state: absent purge_conditions: yes ignore_errors: yes - name: remove XSS condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_xss_condition" type: xss state: absent ignore_errors: yes - name: remove SQL condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_sql_condition" type: sql state: absent ignore_errors: yes - name: remove size condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_size_condition" type: size state: absent ignore_errors: yes - name: remove geo condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_geo_condition" type: geo state: absent ignore_errors: yes - name: remove byte condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_byte_condition" type: byte state: absent ignore_errors: yes - name: remove ip address condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_ip_condition" type: ip state: absent ignore_errors: yes - name: remove regex part 2 condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_regex_condition_part_2" type: regex state: absent ignore_errors: yes - name: remove first regex condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_regex_condition" type: regex state: absent ignore_errors: yes - name: delete the WAF Regional web acl - aws_waf_web_acl: + waf_web_acl: name: "{{ resource_prefix }}_web_acl" state: absent purge_rules: yes @@ -1031,7 +1031,7 @@ ignore_errors: yes - name: remove second WAF Regional rule - aws_waf_rule: + waf_rule: name: "{{ resource_prefix }}_rule_2" state: absent purge_conditions: yes @@ -1040,7 +1040,7 @@ ignore_errors: yes - name: remove WAF Regional rule - aws_waf_rule: + waf_rule: name: "{{ resource_prefix }}_rule" state: absent purge_conditions: yes @@ -1049,7 +1049,7 @@ ignore_errors: yes - name: remove WAF Regional XSS condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_xss_condition" type: xss state: absent @@ -1058,7 +1058,7 @@ ignore_errors: yes - name: remove WAF Regional SQL condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_sql_condition" type: sql state: absent @@ -1067,7 +1067,7 @@ ignore_errors: yes - name: remove WAF Regional size condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_size_condition" type: size state: absent @@ -1076,7 +1076,7 @@ ignore_errors: yes - name: remove WAF Regional geo condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_geo_condition" type: geo state: absent @@ -1085,7 +1085,7 @@ ignore_errors: yes - name: remove WAF Regional byte condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_byte_condition" type: byte state: absent @@ -1094,7 +1094,7 @@ ignore_errors: yes - name: remove WAF Regional ip address condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_ip_condition" type: ip state: absent @@ -1103,7 +1103,7 @@ ignore_errors: yes - name: remove WAF Regional regex part 2 condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_regex_condition_part_2" type: regex state: absent @@ -1112,7 +1112,7 @@ ignore_errors: yes - name: remove first WAF Regional regex condition - aws_waf_condition: + waf_condition: name: "{{ resource_prefix }}_regex_condition" type: regex state: absent diff --git a/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/alb.yml b/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/alb.yml index 32aeb376a..c56ad6d46 100644 --- a/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/alb.yml +++ b/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/alb.yml @@ -63,7 +63,7 @@ gateway_id: '{{ igw.gateway_id }}' register: route_table -- ec2_group: +- ec2_security_group: name: '{{ resource_prefix }}' description: security group for Ansible ALB integration tests state: present diff --git a/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/main.yml index 547c4c151..a536cf405 100644 --- a/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/main.yml @@ -1,9 +1,9 @@ --- - module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" block: @@ -103,10 +103,6 @@ ######################### - name: destroy ALB elb_application_lb: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' name: '{{ alb_name }}' state: absent wait: true @@ -115,10 +111,6 @@ - name: destroy target group if it was created elb_target_group: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' name: '{{ tg_name }}' protocol: http port: 80 @@ -134,11 +126,7 @@ ignore_errors: true - name: destroy sec group - ec2_group: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' + ec2_security_group: name: '{{ sec_group.group_name }}' description: security group for Ansible ALB integration tests state: absent @@ -151,10 +139,6 @@ - name: remove route table ec2_vpc_route_table: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' vpc_id: '{{ vpc.vpc.id }}' route_table_id: '{{ route_table.route_table.route_table_id }}' lookup: id @@ -167,10 +151,6 @@ - name: destroy subnets ec2_vpc_subnet: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' cidr: '{{ item.cidr }}' vpc_id: '{{ vpc.vpc.id }}' state: absent @@ -187,10 +167,6 @@ - name: destroy internet gateway ec2_vpc_igw: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' vpc_id: '{{ vpc.vpc.id }}' tags: Name: '{{ resource_prefix }}' @@ -203,10 +179,6 @@ - name: destroy VPC ec2_vpc_net: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token }}' - region: '{{ aws_region }}' cidr_block: 10.228.228.0/22 name: '{{ resource_prefix }}_vpc' state: absent diff --git a/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/rule_group.yml b/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/rule_group.yml index 6ec46f5dd..7648504be 100644 --- a/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/rule_group.yml +++ b/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/rule_group.yml @@ -79,7 +79,6 @@ - name: rule group info wafv2_rule_group_info: name: "{{ rule_group_name }}" - state: present scope: REGIONAL register: out @@ -554,7 +553,6 @@ - name: rule group info wafv2_rule_group_info: name: "{{ rule_group_name }}" - state: present scope: REGIONAL register: out @@ -671,7 +669,6 @@ - name: rule group info wafv2_rule_group_info: name: "{{ rule_group_name }}" - state: present scope: REGIONAL register: out diff --git a/ansible_collections/community/aws/tests/integration/targets/wafv2_ip_set/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/wafv2_ip_set/tasks/main.yml index f7afc5b93..6fcf4438c 100644 --- a/ansible_collections/community/aws/tests/integration/targets/wafv2_ip_set/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/wafv2_ip_set/tasks/main.yml @@ -1,9 +1,9 @@ --- - module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" block: - name: check_mode create ip set diff --git a/ansible_collections/community/aws/tests/integration/targets/wafv2_rule_group/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/wafv2_rule_group/tasks/main.yml index 630d5de29..b2a2fcd8c 100644 --- a/ansible_collections/community/aws/tests/integration/targets/wafv2_rule_group/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/wafv2_rule_group/tasks/main.yml @@ -1,9 +1,9 @@ --- - module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" block: #################################### @@ -87,7 +87,6 @@ - name: rule group info wafv2_rule_group_info: name: "{{ rule_group_name }}" - state: present scope: REGIONAL register: out @@ -562,7 +561,6 @@ - name: rule group info wafv2_rule_group_info: name: "{{ rule_group_name }}" - state: present scope: REGIONAL register: out @@ -679,7 +677,6 @@ - name: rule group info wafv2_rule_group_info: name: "{{ rule_group_name }}" - state: present scope: REGIONAL register: out diff --git a/ansible_collections/community/aws/tests/integration/targets/wafv2_web_acl/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/wafv2_web_acl/tasks/main.yml index 9d44e2b77..64544fd50 100644 --- a/ansible_collections/community/aws/tests/integration/targets/wafv2_web_acl/tasks/main.yml +++ b/ansible_collections/community/aws/tests/integration/targets/wafv2_web_acl/tasks/main.yml @@ -1,9 +1,9 @@ --- - module_defaults: group/aws: - aws_access_key: "{{ aws_access_key }}" - aws_secret_key: "{{ aws_secret_key }}" - security_token: "{{ security_token | default(omit) }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" block: |