summaryrefslogtreecommitdiffstats
path: root/ansible_collections/community/aws/tests/integration
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-18 05:52:35 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-18 05:52:35 +0000
commit7fec0b69a082aaeec72fee0612766aa42f6b1b4d (patch)
treeefb569b86ca4da888717f5433e757145fa322e08 /ansible_collections/community/aws/tests/integration
parentReleasing progress-linux version 7.7.0+dfsg-3~progress7.99u1. (diff)
downloadansible-7fec0b69a082aaeec72fee0612766aa42f6b1b4d.tar.xz
ansible-7fec0b69a082aaeec72fee0612766aa42f6b1b4d.zip
Merging upstream version 9.4.0+dfsg.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ansible_collections/community/aws/tests/integration')
-rw-r--r--ansible_collections/community/aws/tests/integration/constraints.txt10
-rw-r--r--ansible_collections/community/aws/tests/integration/requirements.txt2
-rw-r--r--ansible_collections/community/aws/tests/integration/requirements.yml8
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/accessanalyzer_validate_policy_info/tasks/main.yml8
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/acm_certificate/tasks/full_acm_test.yml76
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/acm_certificate/tasks/main.yml74
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/api_gateway/defaults/main.yml9
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/api_gateway/tasks/lookup.yml211
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/api_gateway/tasks/main.yml56
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/api_gateway/tasks/tagging.yml91
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/api_gateway/templates/minimal-swagger-api.yml.j22
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/api_gateway_domain/tasks/main.yml26
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/env_cleanup.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/env_setup.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/main.yml7
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/tests.yml16
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/autoscaling_instance_refresh/tasks/main.yml84
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/autoscaling_instance_refresh/tasks/refresh_and_cancel_three_times.yml14
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/env_cleanup.yml2
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/env_setup.yml2
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/main.yml44
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/main.yml50
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/meta/main.yml1
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/create_update_delete.yml75
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/env_cleanup.yml57
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/env_setup.yml22
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/main.yml34
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/autoscaling_policy/tasks/main.yml66
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/autoscaling_scheduled_action/tasks/main.yml72
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/aws_region_info/main.yml5
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/aws_region_info/tasks/main.yml107
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/cloudformation_exports_info/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/cloudformation_stack_set/tasks/main.yml12
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/cloudfront_distribution/aliases3
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/cloudfront_distribution/tasks/main.yml286
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/cloudfront_invalidation/aliases3
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/cloudfront_invalidation/defaults/main.yml2
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/cloudfront_invalidation/tasks/main.yml85
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/cloudfront_origin_access_identity/aliases3
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/cloudfront_origin_access_identity/defaults/main.yml2
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/cloudfront_origin_access_identity/tasks/main.yml153
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/cloudfront_reponse_headers_policy/task/main.yml8
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/description.yml22
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/main.yml16
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/tagging.yml38
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/codecommit_repository/tasks/main.yml42
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/codepipeline/tasks/main.yml16
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/config/defaults/main.yaml1
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/config/tasks/main.yaml124
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/config/templates/config-kms-policy.json.j251
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/connection/test_assume.yml16
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/connection/test_connection.yml29
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_addressing/aws_ssm_integration_test_setup.yml2
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/aliases (renamed from ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/aliases)0
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/aws_ssm_integration_test_setup.yml (renamed from ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/aws_ssm_integration_test_setup.yml)2
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/aws_ssm_integration_test_teardown.yml (renamed from ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/aws_ssm_integration_test_teardown.yml)0
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/meta/main.yml (renamed from ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/meta/main.yml)0
-rwxr-xr-xansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/runme.sh (renamed from ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/runme.sh)0
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_cross_region/aws_ssm_integration_test_setup.yml2
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_encrypted_s3/aws_ssm_integration_test_setup.yml2
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_endpoint/aws_ssm_integration_test_setup.yml2
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_profile/aws_ssm_integration_test_setup.yml2
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_ssm_document/aws_ssm_integration_test_setup.yml2
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_vars/aws_ssm_integration_test_setup.yml2
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_windows/aliases2
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/dms_endpoint/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/dms_replication_subnet_group/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/dynamodb_table/aliases2
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/dynamodb_table/defaults/main.yml28
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/dynamodb_table/meta/main.yml5
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/dynamodb_table/tasks/main.yml294
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/dynamodb_table/tasks/test_pay_per_request.yml1
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/aliases9
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/defaults/main.yml3
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/meta/main.yml (renamed from ansible_collections/community/aws/tests/integration/targets/aws_region_info/meta/main.yml)0
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/tasks/main.yml167
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/tasks/tags.yml224
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/meta/main.yml3
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/instance-metadata.yml50
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/tags_and_vpc_settings.yml4
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/env_cleanup.yml2
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/env_setup.yml2
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/main.yml36
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ec2_transit_gateway/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ec2_transit_gateway_vpc_attachment/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ec2_vpc_egress_igw/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ec2_vpc_nacl/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ec2_vpc_peer/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ec2_vpc_vgw/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ec2_vpc_vpn/tasks/main.yml71
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ecs_cluster/meta/main.yml5
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/01_create_requirements.yml8
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/20_ecs_service.yml101
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/99_terminate_everything.yml12
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/main.yml14
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ecs_ecr/tasks/main.yml12
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ecs_tag/tasks/main.yml22
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/efs/tasks/main.yml80
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/eks_cluster/tasks/full_test.yml36
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/eks_cluster/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/cleanup_eks_cluster.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/create_eks_cluster.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/main.yaml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/aliases3
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/cleanup.yml10
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/dependecies.yml12
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/full_test.yml17
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/elasticache/tasks/main.yml14
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/elasticache_subnet_group/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/elasticbeanstalk_app/tasks/main.yml26
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/elb_classic_lb_info/tasks/main.yml56
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/cleanup_instances.yml4
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/cleanup_vpc.yml2
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/manage_asgs.yml2
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/setup_instances.yml4
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/setup_vpc.yml4
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/main.yml10
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/test_nlb_tags.yml4
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/test_nlb_with_asg.yml12
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/elb_target/files/ansible_lambda_target.py10
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/alb_target.yml4
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/ec2_target.yml8
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/elb_target_info/tasks/main.yml28
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/test_connection_jdbc.yml12
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/test_connection_network.yml26
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/glue_crawler/aliases3
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/glue_crawler/tasks/main.yml24
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/glue_job/tasks/main.yml24
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_access_key/aliases9
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_access_key/defaults/main.yml2
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_access_key/tasks/main.yml808
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_group/aliases7
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_group/defaults/main.yml3
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_group/tasks/main.yml127
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/aliases6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/defaults/main.yml2
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/tasks/main.yml160
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_password_policy/aliases8
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_password_policy/meta/main.yml1
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_password_policy/tasks/main.yaml107
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_role/aliases9
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_role/defaults/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-all-a.json13
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-all-b.json13
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-all.json12
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-assume.json10
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_role/meta/main.yml1
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/boundary_policy.yml94
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/complex_role_creation.yml131
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/creation_deletion.yml404
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/description_update.yml148
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/inline_policy_update.yml48
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/main.yml119
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/max_session_update.yml71
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/parameter_checks.yml90
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/policy_update.yml250
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/role_removal.yml65
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/tags_update.yml341
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_saml_federation/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/iam_server_certificate/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/inspector_target/tasks/main.yml18
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/aliases (renamed from ansible_collections/community/aws/tests/integration/targets/sts_assume_role/aliases)1
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/meta/main.yml (renamed from ansible_collections/community/aws/tests/integration/targets/iam_access_key/meta/main.yml)0
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/create_inventory_config.yml16
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/empty_inventory_config.yml9
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/populate_cache.yml32
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/setup_instance.yml29
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/tasks/find_broker.yml10
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/tasks/mq_instance_create.yml27
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/tasks/mq_instance_delete.yml13
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_invalid_aws_mq_inventory_config.yml9
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_inventory_cache.yml18
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_inventory_no_hosts.yml16
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_inventory_with_hostvars_prefix_suffix.yml30
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_populating_inventory.yml17
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_populating_inventory_with_constructed.yml27
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/vars/main.yml6
-rwxr-xr-xansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/runme.sh72
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory.j212
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory_with_cache.j211
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory_with_constructed.j213
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory_with_hostvars_prefix_suffix.j214
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/kinesis_stream/tasks/main.yml12
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/legacy_missing_tests/aliases3
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/lightsail/tasks/main.yml38
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/aliases (renamed from ansible_collections/community/aws/tests/integration/targets/aws_region_info/aliases)0
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/defaults/main.yml3
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/meta/main.yml (renamed from ansible_collections/community/aws/tests/integration/targets/iam_group/meta/main.yml)0
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/tasks/main.yml85
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/lightsail_static_ip/tasks/main.yml8
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/mq/aliases13
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/mq/defaults/main.yml9
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/mq/files/broker_cfg.1.xml17
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/mq/files/broker_cfg.1a.xml21
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/mq/files/broker_cfg.2.xml17
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/mq/meta/main.yml (renamed from ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/meta/main.yml)0
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_cleanup.yml17
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_config_tests.yml82
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_delete_tests.yml43
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_tests.yml120
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_user_info_tests.yml65
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_user_tests.yml173
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/mq/tasks/env_cleanup.yml33
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/mq/tasks/env_setup.yml25
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/mq/tasks/main.yml35
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/mq/vars/main.yml1
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/msk_cluster-auth/tasks/main.yml12
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/msk_cluster-auth/tasks/test_create_auth.yml10
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/main.yml12
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_create.yml8
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_delete.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_update.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/msk_config/tasks/main.yml28
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/networkfirewall/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/meta/main.yml5
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/default_order.yml8
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/main.yml10
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/setup.yml3
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/strict_order.yml4
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/aliases2
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/meta/main.yml5
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/tasks/main.yml10
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/tasks/stateful.yml20
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/opensearch/meta/main.yml5
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/main.yml8
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_create_cert.yml11
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_delete_resources.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_delete_vpc_resources.yml4
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_vpc_setup.yml4
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/redshift/tasks/main.yml20
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/redshift_subnet_group/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/route53_wait/aliases (renamed from ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/aliases)0
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/route53_wait/tasks/main.yml245
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/defaults/main.yml5
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/meta/main.yml1
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/tasks/basic.yml72
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/tasks/bucket_ownership_controls.yml81
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/tasks/main.yml30
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/s3_bucket_notification/files/mini_lambda.py10
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/s3_bucket_notification/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/aliases1
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/meta/main.yml5
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/tasks/main.yml10
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/s3_logging/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/s3_metrics_configuration/tasks/main.yml8
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/s3_metrics_configuration/tasks/s3_metrics_info.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/s3_sync/tasks/main.yml24
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/aliases1
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/basic.yml82
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/main.yaml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/replication.yml14
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/rotation.yml18
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ses_identity/tasks/assert_defaults.yaml4
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ses_identity/tasks/main.yaml195
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ses_identity_policy/tasks/main.yaml60
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/active-rule-set-tests.yaml70
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/cleanup-lock.yaml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/inactive-rule-set-tests.yaml32
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/main.yaml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/setup_botocore_pip/defaults/main.yml4
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/defaults/main.yml12
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/cleanup.yml9
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/connection_args.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/encryption.yml2
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/defaults/main.yml11
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/meta/main.yml1
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/tasks/main.yml69
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/setup_sshkey/files/ec2-fingerprint.py20
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/sns/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/sns_topic/files/sns_topic_lambda/sns_topic_lambda.py5
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/sns_topic/tasks/main.yml12
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/sqs_queue/tasks/main.yml8
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/ssm_parameter/tasks/main.yml234
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/stepfunctions_state_machine/tasks/main.yml50
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/sts_assume_role/defaults/main.yml1
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/sts_assume_role/meta/main.yml1
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/sts_assume_role/tasks/main.yml332
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/sts_assume_role/templates/policy.json.j212
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/sts_session_token/tasks/main.yml12
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/waf_web_acl/tasks/main.yml170
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/alb.yml2
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/main.yml36
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/rule_group.yml3
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/wafv2_ip_set/tasks/main.yml6
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/wafv2_rule_group/tasks/main.yml9
-rw-r--r--ansible_collections/community/aws/tests/integration/targets/wafv2_web_acl/tasks/main.yml6
292 files changed, 4829 insertions, 5533 deletions
diff --git a/ansible_collections/community/aws/tests/integration/constraints.txt b/ansible_collections/community/aws/tests/integration/constraints.txt
index cd546e7c2..f388e1f90 100644
--- a/ansible_collections/community/aws/tests/integration/constraints.txt
+++ b/ansible_collections/community/aws/tests/integration/constraints.txt
@@ -1,7 +1,11 @@
# Specifically run tests against the oldest versions that we support
-boto3==1.18.0
-botocore==1.21.0
+botocore==1.29.0
+boto3==1.26.0
# AWS CLI has `botocore==` dependencies, provide the one that matches botocore
# to avoid needing to download over a years worth of awscli wheels.
-awscli==1.20.0
+awscli==1.27.0
+
+# AWS CLI depends on PyYAML <5.5,>=3.10; the latest PyYAML release in that range, 5.4.1, fails to install.
+# Use a version in that range that is known to work (https://github.com/yaml/pyyaml/issues/736)
+PyYAML==5.3.1
diff --git a/ansible_collections/community/aws/tests/integration/requirements.txt b/ansible_collections/community/aws/tests/integration/requirements.txt
index 352e8b7ff..aa71c9681 100644
--- a/ansible_collections/community/aws/tests/integration/requirements.txt
+++ b/ansible_collections/community/aws/tests/integration/requirements.txt
@@ -8,6 +8,6 @@ virtualenv
# Sometimes needed where we don't have features we need in modules
awscli
# Used for comparing SSH Public keys to the Amazon fingerprints
-pycrypto
+cryptography
# Used by ec2_asg_scheduled_action
python-dateutil
diff --git a/ansible_collections/community/aws/tests/integration/requirements.yml b/ansible_collections/community/aws/tests/integration/requirements.yml
new file mode 100644
index 000000000..d3e5b3032
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/requirements.yml
@@ -0,0 +1,8 @@
+---
+collections:
+ - name: https://github.com/ansible-collections/amazon.aws.git
+ type: git
+ version: main
+ - ansible.windows
+ - community.crypto
+ - community.general
diff --git a/ansible_collections/community/aws/tests/integration/targets/accessanalyzer_validate_policy_info/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/accessanalyzer_validate_policy_info/tasks/main.yml
index 857a7c1b4..811ef9fb5 100644
--- a/ansible_collections/community/aws/tests/integration/targets/accessanalyzer_validate_policy_info/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/accessanalyzer_validate_policy_info/tasks/main.yml
@@ -1,10 +1,10 @@
---
- module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key | default(omit) }}'
- aws_secret_key: '{{ aws_secret_key | default(omit) }}'
- security_token: '{{ security_token | default(omit) }}'
- region: '{{ aws_region | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
+ region: '{{ aws_region }}'
block:
- name: get ARN of calling user
diff --git a/ansible_collections/community/aws/tests/integration/targets/acm_certificate/tasks/full_acm_test.yml b/ansible_collections/community/aws/tests/integration/targets/acm_certificate/tasks/full_acm_test.yml
index 5cbd156dd..4c45db05e 100644
--- a/ansible_collections/community/aws/tests/integration/targets/acm_certificate/tasks/full_acm_test.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/acm_certificate/tasks/full_acm_test.yml
@@ -2,15 +2,15 @@
module_defaults:
group/aws:
aws_region: '{{ aws_region }}'
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
block:
- name: list certs
- aws_acm_info: null
+ acm_certificate_info: null
register: list_all
- name: list certs with check mode
- aws_acm_info: null
+ acm_certificate_info: null
register: list_all_check
check_mode: yes # read-only task, should work the same as with no
- name: check certificate listing worked
@@ -20,12 +20,12 @@
- list_all_check.certificates is defined
- list_all.certificates == list_all_check.certificates
- name: ensure absent cert which doesn't exist - first time
- aws_acm:
+ acm_certificate:
name_tag: '{{ item.name }}'
state: absent
with_items: '{{ local_certs }}'
- name: ensure absent cert which doesn't exist - second time
- aws_acm:
+ acm_certificate:
name_tag: '{{ item[0].name }}'
state: absent
check_mode: '{{ item[1] }}'
@@ -39,7 +39,7 @@
- not item.changed
with_items: "{{ absent_start_two.results }}"
- name: list cert which shouldn't exist
- aws_acm_info:
+ acm_certificate_info:
tags:
Name: '{{ item.name }}'
register: list_tag
@@ -75,7 +75,7 @@
privatekey_path: '{{ item.priv_key }}'
selfsigned_digest: sha256
- name: upload certificate with check mode
- aws_acm:
+ acm_certificate:
name_tag: '{{ item.name }}'
certificate: '{{ lookup(''file'', item.cert ) }}'
private_key: '{{ lookup(''file'', item.priv_key ) }}'
@@ -84,7 +84,7 @@
register: upload_check
with_items: '{{ local_certs }}'
- name: check whether cert was uploaded in check mode
- aws_acm_info:
+ acm_certificate_info:
tags:
Name: '{{ item.name }}'
register: list_after_check_mode_upload
@@ -96,7 +96,7 @@
- upload_check.changed
- (item.certificates | length) == 0
- name: upload certificates first time
- aws_acm:
+ acm_certificate:
name_tag: '{{ item.name }}'
certificate: '{{ lookup(''file'', item.cert ) }}'
private_key: '{{ lookup(''file'', item.priv_key ) }}'
@@ -119,7 +119,7 @@
original_cert: '{{ item.item }}'
prev_task: '{{ item }}'
- name: fetch data about cert just uploaded, by ARN
- aws_acm_info:
+ acm_certificate_info:
certificate_arn: '{{ item.certificate.arn }}'
register: fetch_after_up
with_items: '{{ upload.results }}'
@@ -138,7 +138,7 @@
upload_result: '{{ item.item }}'
original_cert: '{{ item.item.item }}'
- name: fetch data about cert just uploaded, by name
- aws_acm_info:
+ acm_certificate_info:
tags:
Name: '{{ original_cert.name }}'
register: fetch_after_up_name
@@ -161,7 +161,7 @@
upload_result: '{{ item.item }}'
original_cert: '{{ item.item.item }}'
- name: fetch data about cert just uploaded, by domain name
- aws_acm_info:
+ acm_certificate_info:
domain_name: '{{ original_cert.domain }}'
register: fetch_after_up_domain
with_items: '{{ upload.results }}'
@@ -182,7 +182,7 @@
upload_result: '{{ item.item }}'
original_cert: '{{ item.item.item }}'
- name: upload certificates again, check not changed
- aws_acm:
+ acm_certificate:
name_tag: '{{ item.name }}'
certificate: '{{ lookup(''file'', item.cert ) }}'
private_key: '{{ lookup(''file'', item.priv_key ) }}'
@@ -191,7 +191,7 @@
with_items: '{{ local_certs }}'
failed_when: upload2.changed
- name: update first cert with body of the second, first time, check mode
- aws_acm:
+ acm_certificate:
state: present
name_tag: '{{ local_certs[0].name }}'
certificate: '{{ lookup(''file'', local_certs[1].cert ) }}'
@@ -203,7 +203,7 @@
that:
- overwrite_check.changed
- name: check previous tasks did not change real cert
- aws_acm_info:
+ acm_certificate_info:
tags:
Name: '{{ local_certs[0].name }}'
register: fetch_after_overwrite_check
@@ -217,7 +217,7 @@
- '''Name'' in fetch_after_overwrite_check.certificates[0].tags'
- fetch_after_overwrite_check.certificates[0].tags['Name'] == local_certs[0].name
- name: update first cert with body of the second, first real time
- aws_acm:
+ acm_certificate:
state: present
name_tag: '{{ local_certs[0].name }}'
certificate: '{{ lookup(''file'', local_certs[1].cert ) }}'
@@ -232,7 +232,7 @@
- overwrite.certificate.domain_name == local_certs[1].domain
- overwrite.changed
- name: check update was sucessfull
- aws_acm_info:
+ acm_certificate_info:
tags:
Name: '{{ local_certs[0].name }}'
register: fetch_after_overwrite
@@ -246,7 +246,7 @@
- '''Name'' in fetch_after_overwrite.certificates[0].tags'
- fetch_after_overwrite.certificates[0].tags['Name'] == local_certs[0].name
- name: fetch other cert
- aws_acm_info:
+ acm_certificate_info:
tags:
Name: '{{ local_certs[1].name }}'
register: check_after_overwrite
@@ -260,7 +260,7 @@
- '''Name'' in check_after_overwrite.certificates[0].tags'
- check_after_overwrite.certificates[0].tags['Name'] == local_certs[1].name
- name: update first cert with body of the second again
- aws_acm:
+ acm_certificate:
state: present
name_tag: '{{ local_certs[0].name }}'
certificate: '{{ lookup(''file'', local_certs[1].cert ) }}'
@@ -275,7 +275,7 @@
- overwrite2.certificate.domain_name == local_certs[1].domain
- not overwrite2.changed
- name: delete certs 1 and 2 in check mode
- aws_acm:
+ acm_certificate:
state: absent
domain_name: '{{ local_certs[1].domain }}'
check_mode: yes
@@ -285,7 +285,7 @@
that:
- delete_both_check.changed
- name: fetch info for certs 1 and 2
- aws_acm_info:
+ acm_certificate_info:
tags:
Name: '{{ local_certs[item].name }}'
register: check_del_one_check
@@ -298,7 +298,7 @@
that:
- (item.certificates | length) == 1
- name: delete certs 1 and 2 real
- aws_acm:
+ acm_certificate:
state: absent
domain_name: '{{ local_certs[1].domain }}'
register: delete_both
@@ -310,7 +310,7 @@
- upload.results[0].certificate.arn in delete_both.arns
- delete_both.changed
- name: fetch info for certs 1 and 2
- aws_acm_info:
+ acm_certificate_info:
tags:
Name: '{{ local_certs[item].name }}'
register: check_del_one
@@ -327,7 +327,7 @@
assert:
that: (item.certificates | length) == 0
- name: check cert 3
- aws_acm_info:
+ acm_certificate_info:
tags:
Name: '{{ local_certs[2].name }}'
register: check_del_one_remain
@@ -336,7 +336,7 @@
that:
- (check_del_one_remain.certificates | length) == 1
- name: delete cert 3
- aws_acm:
+ acm_certificate:
state: absent
domain_name: '{{ local_certs[2].domain }}'
register: delete_third
@@ -348,13 +348,13 @@
- delete_third.arns[0] == upload.results[2].certificate.arn
- delete_third.changed
- name: check cert 3 was deleted
- aws_acm_info:
+ acm_certificate_info:
tags:
Name: '{{ local_certs[2].name }}'
register: check_del_three
failed_when: check_del_three.certificates | length != 0
- name: delete cert 3 again
- aws_acm:
+ acm_certificate:
state: absent
domain_name: '{{ local_certs[2].domain }}'
register: delete_third
@@ -365,7 +365,7 @@
- delete_third.arns | length == 0
- not delete_third.changed
- name: delete cert 3 again, check mode
- aws_acm:
+ acm_certificate:
state: absent
domain_name: '{{ local_certs[2].domain }}'
check_mode: yes
@@ -415,7 +415,7 @@
root_certificates:
- '{{ local_certs[item.ca].cert }}'
- name: upload chained cert, first chain, first time
- aws_acm:
+ acm_certificate:
name_tag: '{{ chained_cert.name }}'
certificate: '{{ lookup(''file'', chained_cert.chains[0].cert ) }}'
certificate_chain: '{{ chains.results[0].complete_chain | join(''
@@ -426,7 +426,7 @@
register: upload_chain
failed_when: not upload_chain.changed
- name: fetch chain of cert we just uploaded
- aws_acm_info:
+ acm_certificate_info:
tags:
Name: '{{ chained_cert.name }}'
register: check_chain
@@ -440,7 +440,7 @@
- (check_chain.certificates[0].certificate_chain | replace( ' ', '' ) | replace( '\n', '')) == ( chains.results[0].complete_chain | join( '\n' ) | replace( ' ', '' ) | replace( '\n', '') )
- (check_chain.certificates[0].certificate | replace( ' ', '' ) | replace( '\n', '')) == ( lookup('file', chained_cert.chains[0].cert ) | replace( ' ', '' ) | replace( '\n', '') )
- name: upload chained cert again, check not changed
- aws_acm:
+ acm_certificate:
name_tag: '{{ chained_cert.name }}'
certificate: '{{ lookup(''file'', chained_cert.chains[0].cert ) }}'
certificate_chain: '{{ chains.results[0].complete_chain | join(''
@@ -455,7 +455,7 @@
- upload_chain_2.certificate.arn == upload_chain.certificate.arn
- not upload_chain_2.changed
- name: upload chained cert, different chain
- aws_acm:
+ acm_certificate:
name_tag: '{{ chained_cert.name }}'
certificate: '{{ lookup(''file'', chained_cert.chains[1].cert ) }}'
certificate_chain: '{{ chains.results[1].complete_chain | join(''
@@ -470,7 +470,7 @@
- upload_chain_3.changed
- upload_chain_3.certificate.arn == upload_chain.certificate.arn
- name: fetch info about chain of cert we just updated
- aws_acm_info:
+ acm_certificate_info:
tags:
Name: '{{ chained_cert.name }}'
register: check_chain_2
@@ -480,7 +480,7 @@
- (check_chain_2.certificates[0].certificate_chain | replace( ' ', '' ) | replace( '\n', '')) == ( chains.results[1].complete_chain | join( '\n' ) | replace( ' ', '' ) | replace( '\n', '') )
- (check_chain_2.certificates[0].certificate | replace( ' ', '' ) | replace( '\n', '')) == ( lookup('file', chained_cert.chains[1].cert ) | replace( ' ', '' ) | replace( '\n', '') )
- name: delete chained cert
- aws_acm:
+ acm_certificate:
name_tag: '{{ chained_cert.name }}'
state: absent
register: delete_chain_3
@@ -491,13 +491,13 @@
- upload_chain.certificate.arn in delete_chain_3.arns
always:
- name: delete first bunch of certificates
- aws_acm:
+ acm_certificate:
name_tag: '{{ item.name }}'
state: absent
with_items: '{{ local_certs }}'
ignore_errors: true
- name: delete chained cert
- aws_acm:
+ acm_certificate:
state: absent
name_tag: '{{ chained_cert.name }}'
ignore_errors: true
diff --git a/ansible_collections/community/aws/tests/integration/targets/acm_certificate/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/acm_certificate/tasks/main.yml
index bf70587e6..5cc6d31a0 100644
--- a/ansible_collections/community/aws/tests/integration/targets/acm_certificate/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/acm_certificate/tasks/main.yml
@@ -2,9 +2,9 @@
module_defaults:
group/aws:
aws_region: '{{ aws_region }}'
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
block:
# The CI runs many of these tests in parallel
# Use this random ID to differentiate which resources
@@ -12,7 +12,7 @@
- set_fact:
aws_acm_test_uuid: "{{ (10**9) | random }}"
- name: attempt to delete cert without specifying required parameter
- aws_acm:
+ acm_certificate:
state: absent
register: result
ignore_errors: true
@@ -22,23 +22,23 @@
- 'result.failed'
- '"If ''state'' is specified as ''absent'' then exactly one of ''name_tag''" in result.msg'
- name: list certs
- aws_acm_info: null
+ acm_certificate_info: null
register: list_all
failed_when: list_all.certificates is not defined
- name: ensure absent cert which doesn't exist - first time
- aws_acm:
+ acm_certificate:
name_tag: '{{ item.name }}'
state: absent
with_items: '{{ local_certs }}'
- name: ensure absent cert which doesn't exist - second time
- aws_acm:
+ acm_certificate:
name_tag: '{{ item.name }}'
state: absent
with_items: '{{ local_certs }}'
register: absent_start_two
failed_when: absent_start_two.changed
- name: list cert which shouldn't exist
- aws_acm_info:
+ acm_certificate_info:
tags:
Name: '{{ item.name }}'
register: list_tag
@@ -71,7 +71,7 @@
- name: try to upload certificate, but name_tag conflicts with tags.Name
vars:
local_cert: '{{ local_certs[0] }}'
- aws_acm:
+ acm_certificate:
name_tag: '{{ local_cert.name }}'
certificate: '{{ lookup(''file'', local_cert.cert ) }}'
private_key: '{{ lookup(''file'', local_cert.priv_key ) }}'
@@ -88,7 +88,7 @@
- 'result.failed'
- '"conflicts with value of" in result.msg'
- name: upload certificates first time
- aws_acm:
+ acm_certificate:
name_tag: '{{ item.name }}'
certificate: '{{ lookup(''file'', item.cert ) }}'
private_key: '{{ lookup(''file'', item.priv_key ) }}'
@@ -115,7 +115,7 @@
original_cert: '{{ item.item }}'
prev_task: '{{ item }}'
- name: fetch data about cert just uploaded, by ARN
- aws_acm_info:
+ acm_certificate_info:
certificate_arn: '{{ item.certificate.arn }}'
register: fetch_after_up
with_items: '{{ upload.results }}'
@@ -138,7 +138,7 @@
upload_result: '{{ item.item }}'
original_cert: '{{ item.item.item }}'
- name: fetch data about cert just uploaded, by name
- aws_acm_info:
+ acm_certificate_info:
tags:
Name: '{{ original_cert.name }}'
register: fetch_after_up_name
@@ -161,7 +161,7 @@
upload_result: '{{ item.item }}'
original_cert: '{{ item.item.item }}'
- name: fetch data about cert just uploaded, by domain name
- aws_acm_info:
+ acm_certificate_info:
domain_name: '{{ original_cert.domain }}'
register: fetch_after_up_domain
with_items: '{{ upload.results }}'
@@ -182,7 +182,7 @@
upload_result: '{{ item.item }}'
original_cert: '{{ item.item.item }}'
- name: upload certificates again, check not changed
- aws_acm:
+ acm_certificate:
name_tag: '{{ item.name }}'
certificate: '{{ lookup(''file'', item.cert ) }}'
private_key: '{{ lookup(''file'', item.priv_key ) }}'
@@ -191,7 +191,7 @@
with_items: '{{ local_certs }}'
failed_when: upload2.changed
- name: change tags of existing certificate, check mode
- aws_acm:
+ acm_certificate:
certificate_arn: '{{ certificate_arn }}'
tags:
Name: '{{ name_tag }}'
@@ -208,7 +208,7 @@
that:
- certificate_with_tags.changed
- name: change tags of existing certificate, changes expected
- aws_acm:
+ acm_certificate:
# When applying tags to an existing certificate, it is sufficient to specify the 'certificate_arn'.
# Previously, the 'aws_acm' module was requiring the 'certificate', 'name_tag' and 'domain_name'
# attributes.
@@ -239,7 +239,7 @@
vars:
name_tag: '{{ upload2.results[0].item.name }}'
- name: change tags of existing certificate, check mode again
- aws_acm:
+ acm_certificate:
certificate_arn: '{{ certificate_arn }}'
tags:
Name: '{{ name_tag }}'
@@ -255,7 +255,7 @@
that:
- not certificate_with_tags.changed
- name: change tags of existing certificate, no change expected
- aws_acm:
+ acm_certificate:
certificate_arn: '{{ certificate_arn }}'
tags:
Name: '{{ name_tag }}'
@@ -299,7 +299,7 @@
- certificate_with_tags.certificate.tags['Environment'] == 'staging'
- certificate_with_tags.certificate.tags['Owner'] == 'Bob'
- name: change tags of existing certificate, purge tags
- aws_acm:
+ acm_certificate:
certificate_arn: '{{ certificate_arn }}'
tags:
Name: '{{ name_tag }}'
@@ -328,7 +328,7 @@
- certificate_with_tags.certificate.tags['Application'] == 'search'
- certificate_with_tags.certificate.tags['Environment'] == 'staging'
- name: update first cert with body of the second, first time
- aws_acm:
+ acm_certificate:
state: present
name_tag: '{{ local_certs[0].name }}'
certificate: '{{ lookup(''file'', local_certs[1].cert ) }}'
@@ -343,7 +343,7 @@
- overwrite.certificate.domain_name == local_certs[1].domain
- overwrite.changed
- name: check update was sucessfull
- aws_acm_info:
+ acm_certificate_info:
tags:
Name: '{{ local_certs[0].name }}'
register: fetch_after_overwrite
@@ -357,7 +357,7 @@
- '''Name'' in fetch_after_overwrite.certificates[0].tags'
- fetch_after_overwrite.certificates[0].tags['Name'] == local_certs[0].name
- name: fetch other cert
- aws_acm_info:
+ acm_certificate_info:
tags:
Name: '{{ local_certs[1].name }}'
register: check_after_overwrite
@@ -371,7 +371,7 @@
- '''Name'' in check_after_overwrite.certificates[0].tags'
- check_after_overwrite.certificates[0].tags['Name'] == local_certs[1].name
- name: update first cert with body of the second again
- aws_acm:
+ acm_certificate:
state: present
name_tag: '{{ local_certs[0].name }}'
certificate: '{{ lookup(''file'', local_certs[1].cert ) }}'
@@ -386,7 +386,7 @@
- overwrite2.certificate.domain_name == local_certs[1].domain
- not overwrite2.changed
- name: delete certs 1 and 2
- aws_acm:
+ acm_certificate:
state: absent
domain_name: '{{ local_certs[1].domain }}'
register: delete_both
@@ -398,7 +398,7 @@
- upload.results[0].certificate.arn in delete_both.arns
- delete_both.changed
- name: fetch info for certs 1 and 2
- aws_acm_info:
+ acm_certificate_info:
tags:
Name: '{{ local_certs[item].name }}'
register: check_del_one
@@ -415,13 +415,13 @@
assert:
that: item.certificates | length == 0
- name: check cert 3 not deleted
- aws_acm_info:
+ acm_certificate_info:
tags:
Name: '{{ local_certs[2].name }}'
register: check_del_one_remain
failed_when: check_del_one_remain.certificates | length != 1
- name: delete cert 3
- aws_acm:
+ acm_certificate:
state: absent
domain_name: '{{ local_certs[2].domain }}'
register: delete_third
@@ -433,13 +433,13 @@
- delete_third.arns[0] == upload.results[2].certificate.arn
- delete_third.changed
- name: check cert 3 was deleted
- aws_acm_info:
+ acm_certificate_info:
tags:
Name: '{{ local_certs[2].name }}'
register: check_del_three
failed_when: check_del_three.certificates | length != 0
- name: delete cert 3 again
- aws_acm:
+ acm_certificate:
state: absent
domain_name: '{{ local_certs[2].domain }}'
register: delete_third
@@ -490,7 +490,7 @@
root_certificates:
- '{{ local_certs[item.ca].cert }}'
- name: upload chained cert, first chain, first time
- aws_acm:
+ acm_certificate:
name_tag: '{{ chained_cert.name }}'
certificate: '{{ lookup(''file'', chained_cert.chains[0].cert ) }}'
certificate_chain: '{{ chains.results[0].complete_chain | join(''
@@ -501,7 +501,7 @@
register: upload_chain
failed_when: not upload_chain.changed
- name: fetch chain of cert we just uploaded
- aws_acm_info:
+ acm_certificate_info:
tags:
Name: '{{ chained_cert.name }}'
register: check_chain
@@ -513,7 +513,7 @@
- (check_chain.certificates[0].certificate_chain | replace( ' ', '' ) | replace( '\n', '')) == ( chains.results[0].complete_chain | join( '\n' ) | replace( ' ', '' ) | replace( '\n', '') )
- (check_chain.certificates[0].certificate | replace( ' ', '' ) | replace( '\n', '')) == ( lookup('file', chained_cert.chains[0].cert ) | replace( ' ', '' ) | replace( '\n', '') )
- name: upload chained cert again, check not changed
- aws_acm:
+ acm_certificate:
name_tag: '{{ chained_cert.name }}'
certificate: '{{ lookup(''file'', chained_cert.chains[0].cert ) }}'
certificate_chain: '{{ chains.results[0].complete_chain | join(''
@@ -528,7 +528,7 @@
- upload_chain_2.certificate.arn == upload_chain.certificate.arn
- not upload_chain_2.changed
- name: upload chained cert, different chain
- aws_acm:
+ acm_certificate:
name_tag: '{{ chained_cert.name }}'
certificate: '{{ lookup(''file'', chained_cert.chains[1].cert ) }}'
certificate_chain: '{{ chains.results[1].complete_chain | join(''
@@ -543,7 +543,7 @@
- upload_chain_3.changed
- upload_chain_3.certificate.arn == upload_chain.certificate.arn
- name: fetch info about chain of cert we just updated
- aws_acm_info:
+ acm_certificate_info:
tags:
Name: '{{ chained_cert.name }}'
register: check_chain_2
@@ -555,7 +555,7 @@
- (check_chain_2.certificates[0].certificate_chain | replace( ' ', '' ) | replace( '\n', '')) == ( chains.results[1].complete_chain | join( '\n' ) | replace( ' ', '' ) | replace( '\n', '') )
- (check_chain_2.certificates[0].certificate | replace( ' ', '' ) | replace( '\n', '')) == ( lookup('file', chained_cert.chains[1].cert ) | replace( ' ', '' ) | replace( '\n', '') )
- name: delete chained cert
- aws_acm:
+ acm_certificate:
name_tag: '{{ chained_cert.name }}'
state: absent
register: delete_chain_3
@@ -566,13 +566,13 @@
- upload_chain.certificate.arn in delete_chain_3.arns
always:
- name: delete first bunch of certificates
- aws_acm:
+ acm_certificate:
name_tag: '{{ item.name }}'
state: absent
with_items: '{{ local_certs }}'
ignore_errors: true
- name: delete chained cert
- aws_acm:
+ acm_certificate:
state: absent
name_tag: '{{ chained_cert.name }}'
ignore_errors: true
diff --git a/ansible_collections/community/aws/tests/integration/targets/api_gateway/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/api_gateway/defaults/main.yml
new file mode 100644
index 000000000..aca496660
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/api_gateway/defaults/main.yml
@@ -0,0 +1,9 @@
+---
+api_names:
+ - "ansible-api-{{ resource_prefix }}-1"
+ - "ansible-api-{{ resource_prefix }}-2"
+resource_tags:
+ - gateway_name: "ansible-api-{{ resource_prefix }}"
+ ansible_test: "{{ resource_prefix }}-1"
+ - gateway_name: "ansible-api-{{ resource_prefix }}"
+ ansible_test: "{{ resource_prefix }}-2"
diff --git a/ansible_collections/community/aws/tests/integration/targets/api_gateway/tasks/lookup.yml b/ansible_collections/community/aws/tests/integration/targets/api_gateway/tasks/lookup.yml
new file mode 100644
index 000000000..8e0965439
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/api_gateway/tasks/lookup.yml
@@ -0,0 +1,211 @@
+---
+- name: Test API gateway creation using lookup=tag
+ vars:
+ api_name: "{{ api_names[0] }}"
+ block:
+ - name: Define API gateway configuration
+ set_fact:
+ apigateway_swagger_text: "{{ lookup('template', 'minimal-swagger-api.yml.j2') }}"
+
+ # Test: create API gateway using check_mode = true
+ - name: Create API gateway (check_mode=true)
+ community.aws.api_gateway:
+ name: "{{ api_name }}"
+ swagger_text: "{{ apigateway_swagger_text }}"
+ check_mode: true
+ register: __create_check_mode
+
+ - name: List existing API gateway
+ community.aws.api_gateway_info:
+ register: gateways
+
+ - name: Ensure using check_mode=true, no API gateway was created
+ assert:
+ that:
+ - __create_check_mode is changed
+ - gateways.rest_apis | selectattr('name', 'equalto', api_name) | list | length == 0
+
+ # Test: create new API gateway using name and tags
+ - name: Create new API gateway
+ community.aws.api_gateway:
+ name: "{{ api_name }}"
+ swagger_text: "{{ apigateway_swagger_text }}"
+ lookup: tag
+ tags: "{{ resource_tags[0] }}"
+ register: __create
+
+ - name: List existing API gateway
+ community.aws.api_gateway_info:
+ register: gateways
+
+ - name: Ensure new API was created
+ assert:
+ that:
+ - __create is changed
+ - gateways.rest_apis | selectattr('name', 'equalto', api_name) | list | length == 1
+
+ # Test: create API gateway idempotency (task reported changed but no new API created)
+ - name: Create same API gateway once again
+ community.aws.api_gateway:
+ name: "{{ api_name }}"
+ swagger_text: "{{ apigateway_swagger_text }}"
+ lookup: tag
+ tags: "{{ resource_tags[0] }}"
+
+ - name: List existing API gateway
+ community.aws.api_gateway_info:
+ register: gateways
+
+ - name: Ensure no new API was created
+ assert:
+ that:
+ - gateways.rest_apis | selectattr('name', 'equalto', api_name) | list | length == 1
+
+ # Test: create new API using existing name but different tags (new API gateway should be created)
+ - name: Create another API gateway with the same name but different tags
+ community.aws.api_gateway:
+ name: "{{ api_name }}"
+ swagger_text: "{{ apigateway_swagger_text }}"
+ lookup: tag
+ tags: "{{ resource_tags[1] }}"
+
+ - name: List existing API gateway
+ community.aws.api_gateway_info:
+ register: gateways
+
+ - name: Ensure new API was created
+ assert:
+ that:
+ - gateways.rest_apis | selectattr('name', 'equalto', api_name) | list | length == 2
+
+ rescue:
+ - name: List existing API gateway
+ community.aws.api_gateway_info:
+ register: gateways
+
+ - name: Delete remaining API gateway
+ community.aws.api_gateway:
+ api_id: '{{ item }}'
+ state: absent
+ ignore_errors: true
+ with_items: "{{ gateways.rest_apis | selectattr('name', 'equalto', api_name) | map(attribute='id') | list }}"
+
+- name: Test API gateway deletion
+ block:
+ - name: "Create new API gateway name={{ api_name }}"
+ community.aws.api_gateway:
+ name: "{{ api_name }}"
+ swagger_text: "{{ lookup('template', 'minimal-swagger-api.yml.j2') }}"
+ lookup: tag
+ tags: "{{ resource_tags[0] }}"
+ vars:
+ api_name: "{{ api_names[1] }}"
+
+ - name: List existing API gateway
+ community.aws.api_gateway_info:
+ register: gateways
+
+ - name: Ensure new API was created
+ assert:
+ that:
+ - gateways.rest_apis | selectattr('name', 'equalto', api_names[1]) | list | length == 1
+ - gateways.rest_apis | selectattr('name', 'equalto', api_names[0]) | list | length == 2
+
+ # Test: Delete with lookup=tag (conflict), should failed
+ - name: Delete API gateway
+ community.aws.api_gateway:
+ lookup: tag
+ tags: "{{ resource_tags[0] }}"
+ state: absent
+ register: __delete_conflict
+ ignore_errors: true
+
+ - name: Ensure task failed
+ assert:
+ that:
+ - __delete_conflict is failed
+ - '__delete_conflict.msg == "Tags provided do not identify a unique API gateway"'
+
+ # Test: Delete with name only (no api_id)
+ - name: Create same API gateway once again
+ community.aws.api_gateway:
+ name: "{{ api_names[1] }}"
+ state: absent
+ register: __delete_missing_params
+ ignore_errors: true
+
+ - name: Ensure task failed
+ assert:
+ that:
+ - __delete_missing_params is failed
+ - '__delete_missing_params.msg == "API gateway id must be supplied to delete API gateway or provided tag with lookup=tag to identify API gateway id."'
+
+ # Test: Delete (check_mode)
+ - name: Delete API gateway - check mode
+ community.aws.api_gateway:
+ name: "{{ api_names[1] }}"
+ lookup: tag
+ tags: "{{ resource_tags[0] }}"
+ state: absent
+ register: __delete_check_mode
+ check_mode: true
+
+ - name: List existing API gateway
+ community.aws.api_gateway_info:
+ register: gateways
+
+ - name: Ensure running in check mode, API was not deleted.
+ assert:
+ that:
+ - __delete_check_mode is changed
+ - gateways.rest_apis | selectattr('name', 'equalto', api_names[1]) | list | length == 1
+ - gateways.rest_apis | selectattr('name', 'equalto', api_names[0]) | list | length == 2
+
+ # Test: Delete using name and API gateway
+ - name: Delete API gateway using name and lookup=tag
+ community.aws.api_gateway:
+ name: "{{ api_names[1] }}"
+ lookup: tag
+ tags: "{{ resource_tags[0] }}"
+ state: absent
+ register: __delete
+
+ - name: List existing API gateway
+ community.aws.api_gateway_info:
+ register: gateways
+
+ - name: Ensure matching API gateway was deleted
+ assert:
+ that:
+ - __delete is changed
+ - gateways.rest_apis | selectattr('name', 'equalto', api_names[1]) | list | length == 0
+ - gateways.rest_apis | selectattr('name', 'equalto', api_names[0]) | list | length == 2
+
+ # Test: Delete using api_id
+ - name: Delete API gateway using api_id
+ community.aws.api_gateway:
+ api_id: "{{ gateways.rest_apis | selectattr('name', 'equalto', api_names[0]) | map(attribute='id') | first }}"
+ state: absent
+ register: __delete
+
+ - name: List existing API gateway
+ community.aws.api_gateway_info:
+ register: gateways
+
+ - name: Ensure matching API gateway was deleted
+ assert:
+ that:
+ - __delete is changed
+ - gateways.rest_apis | selectattr('name', 'equalto', api_names[0]) | list | length == 1
+
+ always:
+ - name: List existing API gateway
+ community.aws.api_gateway_info:
+ register: gateways
+
+ - name: Delete remaining API gateway
+ community.aws.api_gateway:
+ api_id: '{{ item }}'
+ state: absent
+ ignore_errors: true
+ with_items: "{{ gateways.rest_apis | selectattr('name', 'in', api_names) | map(attribute='id') | list }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/api_gateway/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/api_gateway/tasks/main.yml
index 51db07f0d..2e00128cd 100644
--- a/ansible_collections/community/aws/tests/integration/targets/api_gateway/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/api_gateway/tasks/main.yml
@@ -1,9 +1,9 @@
- name: Wrap API Gateway tests with credentials by default
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
@@ -11,7 +11,7 @@
# ====================== testing failure cases: ==================================
- name: test with no parameters
- aws_api_gateway:
+ api_gateway:
register: result
ignore_errors: true
@@ -22,7 +22,7 @@
- '"no swagger info provided" in result.msg'
- name: test for disallowing multiple swagger sources
- aws_api_gateway:
+ api_gateway:
api_id: 'fake-api-doesnt-exist'
swagger_file: foo.yml
swagger_text: "this is not really an API"
@@ -42,9 +42,11 @@
template:
src: minimal-swagger-api.yml.j2
dest: "{{output_dir}}/minimal-swagger-api.yml"
+ vars:
+ api_name: "{{ resource_prefix }}-minimal"
- name: deploy new API
- aws_api_gateway:
+ api_gateway:
api_file: "{{output_dir}}/minimal-swagger-api.yml"
stage: "minimal"
endpoint_type: 'REGIONAL'
@@ -58,11 +60,14 @@
- 'create_result.failed == False'
- 'create_result.deploy_response.description == "Automatic deployment by Ansible."'
- 'create_result.configure_response.id == create_result.api_id'
- - '"apigateway:CreateRestApi" in create_result.resource_actions'
- 'create_result.configure_response.endpoint_configuration.types.0 == "REGIONAL"'
- name: check if API endpoint works
- uri: url="https://{{create_result.api_id}}.execute-api.{{aws_region}}.amazonaws.com/minimal"
+ uri:
+ url: "https://{{create_result.api_id}}.execute-api.{{aws_region}}.amazonaws.com/minimal"
+ retries: 10
+ delay: 5
+ until: uri_result is successful
register: uri_result
- name: assert API works success
@@ -71,7 +76,8 @@
- 'uri_result.status == 200'
- name: check if nonexistent endpoint causes error
- uri: url="https://{{create_result.api_id}}.execute-api.{{aws_region}}.amazonaws.com/nominal"
+ uri:
+ url: "https://{{create_result.api_id}}.execute-api.{{aws_region}}.amazonaws.com/nominal"
register: bad_uri_result
ignore_errors: true
@@ -81,7 +87,7 @@
- bad_uri_result is failed
- name: Update API to test params effect
- aws_api_gateway:
+ api_gateway:
api_id: '{{create_result.api_id}}'
api_file: "{{output_dir}}/minimal-swagger-api.yml"
cache_enabled: true
@@ -93,14 +99,12 @@
- name: assert update result
assert:
that:
- - 'update_result.changed == True'
- - 'update_result.failed == False'
- - '"apigateway:PutRestApi" in update_result.resource_actions'
+ - update_result is changed
# ==== additional create/delete tests ====
- name: deploy first API
- aws_api_gateway:
+ api_gateway:
api_file: "{{output_dir}}/minimal-swagger-api.yml"
stage: "minimal"
cache_enabled: false
@@ -108,7 +112,7 @@
register: create_result_1
- name: deploy second API rapidly after first
- aws_api_gateway:
+ api_gateway:
api_file: "{{output_dir}}/minimal-swagger-api.yml"
stage: "minimal"
state: present
@@ -124,13 +128,13 @@
- 'create_result_1.configure_response.endpoint_configuration.types.0 == "EDGE"'
- name: destroy first API
- aws_api_gateway:
+ api_gateway:
state: absent
api_id: '{{create_result_1.api_id}}'
register: destroy_result_1
- name: destroy second API rapidly after first
- aws_api_gateway:
+ api_gateway:
state: absent
api_id: '{{create_result_2.api_id}}'
register: destroy_result_2
@@ -138,29 +142,33 @@
- name: assert both APIs deployed successfully
assert:
that:
- - 'destroy_result_1.changed == True'
- - 'destroy_result_2.changed == True'
- - '"apigateway:DeleteRestApi" in destroy_result_1.resource_actions'
- - '"apigateway:DeleteRestApi" in destroy_result_2.resource_actions'
+ - destroy_result_1 is changed
+ - destroy_result_2 is changed
+
+ # ==== test create/delete using lookup=tag ====
+ - include_tasks: lookup.yml
+
+ # ==== Tagging ====
+ - include_tasks: tagging.yml
# ================= end testing ====================================
always:
- name: Ensure cleanup of API deploy
- aws_api_gateway:
+ api_gateway:
state: absent
api_id: '{{create_result.api_id}}'
ignore_errors: true
- name: Ensure cleanup of API deploy 1
- aws_api_gateway:
+ api_gateway:
state: absent
api_id: '{{create_result_1.api_id}}'
ignore_errors: true
- name: Ensure cleanup of API deploy 2
- aws_api_gateway:
+ api_gateway:
state: absent
api_id: '{{create_result_2.api_id}}'
ignore_errors: true
diff --git a/ansible_collections/community/aws/tests/integration/targets/api_gateway/tasks/tagging.yml b/ansible_collections/community/aws/tests/integration/targets/api_gateway/tasks/tagging.yml
new file mode 100644
index 000000000..b72035083
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/api_gateway/tasks/tagging.yml
@@ -0,0 +1,91 @@
+---
+- name: Test API gateway tagging
+ vars:
+ api_name: "api-{{ resource_prefix }}-tagging"
+ apigateway_tags:
+ resource_prefix: "{{ resource_prefix }}"
+ collection: community.aws
+ new_tag:
+ resource_type: REST
+ block:
+ - name: Define API gateway configuration
+ set_fact:
+ apigateway_swagger_text: "{{ lookup('template', 'minimal-swagger-api.yml.j2') }}"
+
+ - name: Create API gateway
+ community.aws.api_gateway:
+ swagger_text: "{{ apigateway_swagger_text }}"
+ tags: "{{ apigateway_tags }}"
+ register: __api_gateway_create
+
+ - name: Assert resource was created with expected tags
+ assert:
+ that:
+ - __api_gateway_create.configure_response.tags == apigateway_tags
+
+ - name: Define API gateway id
+ ansible.builtin.set_fact:
+ apigateway_id: "{{ __api_gateway_create.api_id }}"
+
+ # Update tags purge_tags=false and check_mode
+ - name: Update tags using check_mode
+ community.aws.api_gateway:
+ api_id: "{{ apigateway_id }}"
+ tags: "{{ apigateway_tags | combine(new_tag) }}"
+ purge_tags: false
+ check_mode: true
+
+ - name: Get API Gateway
+ community.aws.api_gateway_info:
+ ids:
+ - "{{ apigateway_id }}"
+ register: __api_gateway_info
+
+ - name: Ensure tags were not changed
+ assert:
+ that:
+ - __api_gateway_info.rest_apis.0.tags == apigateway_tags
+
+ # Update tags purge_tags=false
+ - name: Update tags
+ community.aws.api_gateway:
+ api_id: "{{ apigateway_id }}"
+ tags: "{{ apigateway_tags | combine(new_tag) }}"
+ purge_tags: false
+
+ - name: Get API Gateway
+ community.aws.api_gateway_info:
+ ids:
+ - "{{ apigateway_id }}"
+ register: __api_gateway_info
+
+ - name: Ensure tags were not changed
+ assert:
+ that:
+ - __api_gateway_info.rest_apis.0.tags == apigateway_tags | combine(new_tag)
+
+ # Update tags purge_tags=true
+ - name: Update tags
+ community.aws.api_gateway:
+ api_id: "{{ apigateway_id }}"
+ tags: "{{ new_tag }}"
+ register: __update_api_gateway
+
+ - name: Get api gateway
+ community.aws.api_gateway_info:
+ ids:
+ - "{{ apigateway_id }}"
+ register: __api_gateway_info
+
+ - name: Ensure tags were not changed
+ assert:
+ that:
+ - __update_api_gateway is changed
+ - __api_gateway_info.rest_apis.0.tags == new_tag
+
+ always:
+ - name: Delete API Gateway
+ community.aws.api_gateway:
+ api_id: "{{ apigateway_id }}"
+ state: absent
+ ignore_errors: true
diff --git a/ansible_collections/community/aws/tests/integration/targets/api_gateway/templates/minimal-swagger-api.yml.j2 b/ansible_collections/community/aws/tests/integration/targets/api_gateway/templates/minimal-swagger-api.yml.j2
index 8c5c05810..d1d4c7ff6 100644
--- a/ansible_collections/community/aws/tests/integration/targets/api_gateway/templates/minimal-swagger-api.yml.j2
+++ b/ansible_collections/community/aws/tests/integration/targets/api_gateway/templates/minimal-swagger-api.yml.j2
@@ -2,7 +2,7 @@
swagger: "2.0"
info:
version: "2017-05-11T12:14:59Z"
- title: "{{resource_prefix}}Empty_API"
+ title: "{{ api_name }}"
host: "fakeexample.execute-api.us-east-1.amazonaws.com"
basePath: "/minimal"
schemes:
diff --git a/ansible_collections/community/aws/tests/integration/targets/api_gateway_domain/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/api_gateway_domain/tasks/main.yml
index 76de2657e..f3c740793 100644
--- a/ansible_collections/community/aws/tests/integration/targets/api_gateway_domain/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/api_gateway_domain/tasks/main.yml
@@ -4,9 +4,9 @@
- name: Run aws_api_gateway_domain module integration tests
module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
# NOTE: To make tests work set TLS ARN in defaults/main.yml to an existing and
@@ -17,7 +17,7 @@
# ==================== preparations ========================================
- name: Preperations - Create REST API Gateway on AWS API Gateway service to reference from domain tests
- aws_api_gateway:
+ api_gateway:
swagger_file: files/api_gw_swagger.yml
stage: test
state: present
@@ -26,7 +26,7 @@
# ================== integration tests ==========================================
- name: Create Test - API gateway custom domain setup
- aws_api_gateway_domain:
+ api_gateway_domain:
domain_name: "{{ api_gateway_domain_name }}"
certificate_arn: "{{ api_gateway_domain_tls_arn }}"
security_policy: 'TLS_1_0'
@@ -39,13 +39,13 @@
- assert:
that:
- create_result.changed == True
- - create_result.response.domain.domain_name == "{{ api_gateway_domain_name }}"
+ - create_result.response.domain.domain_name == api_gateway_domain_name
- create_result.response.domain.distribution_domain_name is defined
- create_result.response.domain.distribution_hosted_zone_id is defined
- create_result.response.path_mappings is defined
- name: Idempotence Test - API gateway custom domain setup
- aws_api_gateway_domain:
+ api_gateway_domain:
domain_name: "{{ api_gateway_domain_name }}"
certificate_arn: "{{ api_gateway_domain_tls_arn }}"
security_policy: 'TLS_1_0'
@@ -59,10 +59,10 @@
that:
- repeat_result.changed == False
- repeat_result.failed == False
- - repeat_result.response.domain_name == "{{ api_gateway_domain_name }}"
+ - repeat_result.response.domain_name == api_gateway_domain_name
- name: Update Test - API gateway custom domain setup, change settings
- aws_api_gateway_domain:
+ api_gateway_domain:
domain_name: "{{ api_gateway_domain_name }}"
certificate_arn: "{{ api_gateway_domain_tls_arn }}"
security_policy: 'TLS_1_2'
@@ -75,13 +75,13 @@
- assert:
that:
- update_result.changed == True
- - update_result.response.domain.domain_name == "{{ api_gateway_domain_name }}"
+ - update_result.response.domain.domain_name == api_gateway_domain_name
- update_result.response.domain.security_policy == 'TLS_1_2'
- update_result.response.domain.endpoint_configuration.types.0 == 'REGIONAL'
- update_result.response.path_mappings.0.base_path = '/v1'
- name: Delete - API gateway custom domain setup deletion
- aws_api_gateway_domain:
+ api_gateway_domain:
domain_name: "{{ api_gateway_domain_name }}"
certificate_arn: "{{ api_gateway_domain_tls_arn }}"
security_policy: 'TLS_1_2'
@@ -101,7 +101,7 @@
always:
- name: Cleanup - delete test domain setup
- aws_api_gateway_domain:
+ api_gateway_domain:
domain_name: "{{ api_gateway_domain_name }}"
certificate_arn: "{{ api_gateway_domain_tls_arn }}"
domain_mappings: []
@@ -109,7 +109,7 @@
ignore_errors: true
- name: Cleanup - remove REST API Gateway on AWS API Gateway service
- aws_api_gateway:
+ api_gateway:
api_id: "{{ api_gateway_result.api_id }}"
swagger_file: files/api_gw_swagger.yml
state: absent
diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/env_cleanup.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/env_cleanup.yml
index 75d1ecfad..ef894ff54 100644
--- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/env_cleanup.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/env_cleanup.yml
@@ -1,5 +1,5 @@
- name: kill asg
- ec2_asg:
+ autoscaling_group:
name: "{{ asg_name }}"
state: absent
register: removed
@@ -8,7 +8,7 @@
retries: 10
- name: remove launch configs
- ec2_lc:
+ autoscaling_launch_config:
name: "{{ lc_name }}"
state: absent
register: removed
@@ -17,7 +17,7 @@
retries: 10
- name: remove the security group
- ec2_group:
+ ec2_security_group:
name: "{{ sg_name }}"
description: a security group for ansible tests
vpc_id: "{{ testing_vpc.vpc.id }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/env_setup.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/env_setup.yml
index ae958cd89..b4609ea97 100644
--- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/env_setup.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/env_setup.yml
@@ -37,7 +37,7 @@
- "{{ testing_subnet.subnet.id }}"
- name: create a security group with the vpc created in the ec2_setup
- ec2_group:
+ ec2_security_group:
name: "{{ sg_name }}"
description: a security group for ansible tests
vpc_id: "{{ testing_vpc.vpc.id }}"
@@ -53,7 +53,7 @@
register: sg
- name: create a launch configuration
- ec2_lc:
+ autoscaling_launch_config:
name: "{{ lc_name }}"
image_id: "{{ ec2_ami_id }}"
instance_type: t2.micro
@@ -67,7 +67,7 @@
- create_lc.failed is false
- name: create a AutoScalingGroup
- ec2_asg:
+ autoscaling_group:
name: "{{ asg_name }}"
launch_config_name: "{{ lc_name }}"
health_check_period: 60
diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/main.yml
index d8380d913..d4b2a7c7a 100644
--- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/main.yml
@@ -2,11 +2,12 @@
- name: "Wrap up all tests and setup AWS credentials"
module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
collections:
+ - amazon.aws
- community.aws
block:
- include_tasks: 'env_setup.yml'
diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/tests.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/tests.yml
index 7d326c6ff..804f802bb 100644
--- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/tests.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_complete_lifecycle_action/tasks/tests.yml
@@ -3,7 +3,7 @@
block:
#----------------------------------------------------------------------
- name: Create lifecycle hook
- ec2_asg_lifecycle_hook:
+ autoscaling_lifecycle_hook:
autoscaling_group_name: "{{ asg_name }}"
lifecycle_hook_name: "{{ resource_prefix }}-lifecycle-hook"
transition: autoscaling:EC2_INSTANCE_LAUNCHING
@@ -18,7 +18,7 @@
- output is not failed
- name: Create lifecycle hook
- ec2_asg_lifecycle_hook:
+ autoscaling_lifecycle_hook:
autoscaling_group_name: "{{ asg_name }}"
lifecycle_hook_name: "{{ resource_prefix }}-lifecycle-hook-terminate"
transition: autoscaling:EC2_INSTANCE_TERMINATING
@@ -33,7 +33,7 @@
- output is not failed
- name: Trigger scale-up
- ec2_asg:
+ autoscaling_group:
name: "{{ asg_name }}"
replace_all_instances: yes
min_size: 0
@@ -47,7 +47,7 @@
- scale_asg is changed
- name: Describe ASG
- ec2_asg_info:
+ autoscaling_group_info:
name: "{{ asg_name }}"
register: scaled_asg
retries: 24
@@ -62,7 +62,7 @@
instance_ids: '{{ scaled_asg.results[0].instances | map(attribute="instance_id") | list }}'
- name: Describe ASG
- ec2_asg_info:
+ autoscaling_group_info:
name: "{{ asg_name }}"
- name: Complete Lifecycle Hook
@@ -80,7 +80,7 @@
instance_id: '{{ instance_ids[1] }}'
- name: Describe ASG
- ec2_asg_info:
+ autoscaling_group_info:
name: "{{ asg_name }}"
register: hooks_pending
retries: 24
@@ -104,7 +104,7 @@
always:
- name: Delete lifecycle hook
- community.aws.ec2_asg_lifecycle_hook:
+ community.aws.autoscaling_lifecycle_hook:
autoscaling_group_name: "{{ asg_name }}"
lifecycle_hook_name: "{{ resource_prefix }}-lifecycle-hook"
state: absent
@@ -112,7 +112,7 @@
ignore_errors: True
- name: Delete lifecycle hook
- community.aws.ec2_asg_lifecycle_hook:
+ community.aws.autoscaling_lifecycle_hook:
autoscaling_group_name: "{{ asg_name }}"
lifecycle_hook_name: "{{ resource_prefix }}-lifecycle-hook-terminate"
state: absent
diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_instance_refresh/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_instance_refresh/tasks/main.yml
index 32cfd5378..5b754d47d 100644
--- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_instance_refresh/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_instance_refresh/tasks/main.yml
@@ -2,9 +2,9 @@
- name: setup credentials and region
module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
collections:
@@ -47,7 +47,7 @@
- "{{ testing_subnet.subnet.id }}"
- name: create a security group with the vpc created in the ec2_setup
- ec2_group:
+ ec2_security_group:
name: "{{ sg_name }}"
description: a security group for ansible tests
vpc_id: "{{ testing_vpc.vpc.id }}"
@@ -63,7 +63,7 @@
register: sg
- name: ensure launch configs exist
- ec2_lc:
+ autoscaling_launch_config:
name: "{{ item }}"
assign_public_ip: true
image_id: "{{ ec2_ami_id }}"
@@ -81,7 +81,7 @@
- "{{ lc_name_2 }}"
- name: launch asg and do not wait for instances to be deemed healthy (no ELB)
- ec2_asg:
+ autoscaling_group:
name: "{{ asg_name }}"
launch_config_name: "{{ lc_name_1 }}"
desired_capacity: 1
@@ -99,7 +99,7 @@
# ============================================================
- name: test invalid cancelation - V1 - (pre-refresh)
- ec2_asg_instance_refresh:
+ autoscaling_instance_refresh:
name: "{{ asg_name }}"
state: "cancelled"
ignore_errors: yes
@@ -107,10 +107,10 @@
- assert:
that:
- - "'An error occurred (ActiveInstanceRefreshNotFound) when calling the CancelInstanceRefresh operation: No in progress or pending Instance Refresh found for Auto Scaling group {{ resource_prefix }}-asg' in result.msg"
+ - "'An error occurred (ActiveInstanceRefreshNotFound) when calling the CancelInstanceRefresh operation: No in progress or pending Instance Refresh found for Auto Scaling group ' ~ resource_prefix ~ '-asg' in result.msg"
- name: test starting a refresh with a valid ASG name - check_mode
- ec2_asg_instance_refresh:
+ autoscaling_instance_refresh:
name: "{{ asg_name }}"
state: "started"
check_mode: true
@@ -123,7 +123,7 @@
- '"autoscaling:StartInstanceRefresh" not in output.resource_actions'
- name: test starting a refresh with a valid ASG name
- ec2_asg_instance_refresh:
+ autoscaling_instance_refresh:
name: "{{ asg_name }}"
state: "started"
register: output
@@ -133,7 +133,7 @@
- "'instance_refresh_id' in output.instance_refreshes"
- name: test starting a refresh with a valid ASG name - Idempotent
- ec2_asg_instance_refresh:
+ autoscaling_instance_refresh:
name: "{{ asg_name }}"
state: "started"
ignore_errors: true
@@ -145,7 +145,7 @@
- '"Failed to start InstanceRefresh: An error occurred (InstanceRefreshInProgress) when calling the StartInstanceRefresh operation: An Instance Refresh is already in progress and blocks the execution of this Instance Refresh." in output.msg'
- name: test starting a refresh with a valid ASG name - Idempotent (check_mode)
- ec2_asg_instance_refresh:
+ autoscaling_instance_refresh:
name: "{{ asg_name }}"
state: "started"
ignore_errors: true
@@ -159,7 +159,7 @@
- '"In check_mode - Instance Refresh is already in progress, can not start new instance refresh." in output.msg'
- name: test starting a refresh with a nonexistent ASG name
- ec2_asg_instance_refresh:
+ autoscaling_instance_refresh:
name: "nonexistentname-asg"
state: "started"
ignore_errors: yes
@@ -170,7 +170,7 @@
- "'Failed to start InstanceRefresh: An error occurred (ValidationError) when calling the StartInstanceRefresh operation: AutoScalingGroup name not found' in result.msg"
- name: test canceling a refresh with an ASG name - check_mode
- ec2_asg_instance_refresh:
+ autoscaling_instance_refresh:
name: "{{ asg_name }}"
state: "cancelled"
check_mode: true
@@ -183,7 +183,7 @@
- '"autoscaling:CancelInstanceRefresh" not in output.resource_actions'
- name: test canceling a refresh with an ASG name
- ec2_asg_instance_refresh:
+ autoscaling_instance_refresh:
name: "{{ asg_name }}"
state: "cancelled"
register: output
@@ -193,7 +193,7 @@
- "'instance_refresh_id' in output.instance_refreshes"
- name: test canceling a refresh with a ASG name - Idempotent
- ec2_asg_instance_refresh:
+ autoscaling_instance_refresh:
name: "{{ asg_name }}"
state: "cancelled"
ignore_errors: yes
@@ -204,7 +204,7 @@
- output is not changed
- name: test cancelling a refresh with a valid ASG name - Idempotent (check_mode)
- ec2_asg_instance_refresh:
+ autoscaling_instance_refresh:
name: "{{ asg_name }}"
state: "cancelled"
ignore_errors: true
@@ -217,7 +217,7 @@
- output is not failed
- name: test starting a refresh with an ASG name and preferences dict
- ec2_asg_instance_refresh:
+ autoscaling_instance_refresh:
name: "{{ asg_name }}"
state: "started"
preferences:
@@ -232,7 +232,7 @@
- "'instance_refresh_id' in output.instance_refreshes"
- name: re-test canceling a refresh with an ASG name
- ec2_asg_instance_refresh:
+ autoscaling_instance_refresh:
name: "{{ asg_name }}"
state: "cancelled"
register: output
@@ -242,7 +242,7 @@
- "'instance_refresh_id' in output.instance_refreshes"
- name: test valid start - V1 - (with preferences missing instance_warmup)
- ec2_asg_instance_refresh:
+ autoscaling_instance_refresh:
name: "{{ asg_name }}"
state: "started"
preferences:
@@ -257,7 +257,7 @@
- "'instance_refresh_id' in output.instance_refreshes"
- name: re-test canceling a refresh with an ASG name
- ec2_asg_instance_refresh:
+ autoscaling_instance_refresh:
name: "{{ asg_name }}"
state: "cancelled"
register: output
@@ -267,7 +267,7 @@
- "'instance_refresh_id' in output.instance_refreshes"
- name: test valid start - V2 - (with preferences missing min_healthy_percentage)
- ec2_asg_instance_refresh:
+ autoscaling_instance_refresh:
name: "{{ asg_name }}"
state: "started"
preferences:
@@ -282,7 +282,7 @@
- "'instance_refresh_id' in output.instance_refreshes"
- name: test invalid cancelation - V2 - (with preferences)
- ec2_asg_instance_refresh:
+ autoscaling_instance_refresh:
name: "{{ asg_name }}"
state: "cancelled"
preferences:
@@ -302,7 +302,7 @@
loop: "{{ query('sequence', 'start=1 end=3') }}"
- name: test getting info for an ASG name
- ec2_asg_instance_refresh_info:
+ autoscaling_instance_refresh_info:
name: "{{ asg_name }}"
region: "{{ aws_region }}"
ignore_errors: yes
@@ -315,7 +315,7 @@
inst_refresh_id_json_query: instance_refreshes[].instance_refresh_id
- name: test using fake refresh ID
- ec2_asg_instance_refresh_info:
+ autoscaling_instance_refresh_info:
name: "{{ asg_name }}"
ids: ['0e367f58-blabla-bla-bla-ca870dc5dbfe']
ignore_errors: yes
@@ -323,10 +323,10 @@
- assert:
that:
- - "{{ output.instance_refreshes|length }} == 0"
+ - output.instance_refreshes | length == 0
- name: test using a real refresh ID
- ec2_asg_instance_refresh_info:
+ autoscaling_instance_refresh_info:
name: "{{ asg_name }}"
ids: [ '{{ refreshout.instance_refreshes.instance_refresh_id }}' ]
ignore_errors: yes
@@ -334,10 +334,10 @@
- assert:
that:
- - "{{ output.instance_refreshes |length }} == 1"
+ - output.instance_refreshes | length == 1
- name: test getting info for an ASG name which doesn't exist
- ec2_asg_instance_refresh_info:
+ autoscaling_instance_refresh_info:
name: n0n3x1stentname27b
ignore_errors: yes
register: output
@@ -347,17 +347,17 @@
- "'Failed to describe InstanceRefreshes: An error occurred (ValidationError) when calling the DescribeInstanceRefreshes operation: AutoScalingGroup name not found - AutoScalingGroup n0n3x1stentname27b not found' == output.msg"
- name: assert that the correct number of records are returned
- ec2_asg_instance_refresh_info:
+ autoscaling_instance_refresh_info:
name: "{{ asg_name }}"
ignore_errors: yes
register: output
- assert:
that:
- - "{{ output.instance_refreshes|length }} == 7"
+ - output.instance_refreshes | length == 7
- name: assert that valid message with fake-token is returned
- ec2_asg_instance_refresh_info:
+ autoscaling_instance_refresh_info:
name: "{{ asg_name }}"
next_token: "fake-token-123"
ignore_errors: yes
@@ -368,7 +368,7 @@
- '"Failed to describe InstanceRefreshes: An error occurred (InvalidNextToken) when calling the DescribeInstanceRefreshes operation: The token ''********'' is invalid." == output.msg'
- name: assert that max records=1 returns no more than one record
- ec2_asg_instance_refresh_info:
+ autoscaling_instance_refresh_info:
name: "{{ asg_name }}"
max_records: 1
ignore_errors: yes
@@ -376,10 +376,10 @@
- assert:
that:
- - "{{ output.instance_refreshes|length }} < 2"
+ - output.instance_refreshes | length < 2
- name: assert that valid message with real-token is returned
- ec2_asg_instance_refresh_info:
+ autoscaling_instance_refresh_info:
name: "{{ asg_name }}"
next_token: "{{ output.next_token }}"
ignore_errors: yes
@@ -387,10 +387,10 @@
- assert:
that:
- - "{{ output.instance_refreshes|length }} == 7"
+ - output.instance_refreshes | length == 7
- name: test using both real nextToken and max_records=1
- ec2_asg_instance_refresh_info:
+ autoscaling_instance_refresh_info:
name: "{{ asg_name }}"
max_records: 1
next_token: "{{ output.next_token }}"
@@ -399,12 +399,12 @@
- assert:
that:
- - "{{ output.instance_refreshes|length }} == 1"
+ - output.instance_refreshes | length == 1
always:
- name: kill asg
- ec2_asg:
+ autoscaling_group:
name: "{{ asg_name }}"
state: absent
register: removed
@@ -414,7 +414,7 @@
# Remove the testing dependencies
- name: remove the load balancer
- ec2_elb_lb:
+ elb_classic_lb:
name: "{{ load_balancer_name }}"
state: absent
security_group_ids:
@@ -440,7 +440,7 @@
retries: 10
- name: remove launch configs
- ec2_lc:
+ autoscaling_launch_config:
name: "{{ item }}"
state: absent
register: removed
@@ -461,7 +461,7 @@
ignore_errors: true
- name: remove the security group
- ec2_group:
+ ec2_security_group:
name: "{{ sg_name }}"
description: a security group for ansible tests
vpc_id: "{{ testing_vpc.vpc.id }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_instance_refresh/tasks/refresh_and_cancel_three_times.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_instance_refresh/tasks/refresh_and_cancel_three_times.yml
index 15fa2100c..9b051a054 100644
--- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_instance_refresh/tasks/refresh_and_cancel_three_times.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_instance_refresh/tasks/refresh_and_cancel_three_times.yml
@@ -1,17 +1,17 @@
---
- name: try to cancel pre-loop
- ec2_asg_instance_refresh:
+ autoscaling_instance_refresh:
name: "{{ asg_name }}"
state: "cancelled"
ignore_errors: yes
- name: test starting a refresh with an ASG name
- ec2_asg_instance_refresh:
+ autoscaling_instance_refresh:
name: "{{ asg_name }}"
state: "started"
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
region: "{{ aws_region }}"
ignore_errors: no
retries: 10
@@ -20,10 +20,10 @@
until: refreshout is not failed
- name: test cancelling a refresh with an ASG name
- ec2_asg_instance_refresh:
+ autoscaling_instance_refresh:
name: "{{ asg_name }}"
state: "cancelled"
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
region: "{{ aws_region }}"
ignore_errors: yes
diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/env_cleanup.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/env_cleanup.yml
index 9e5ae6a93..ce626b69c 100644
--- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/env_cleanup.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/env_cleanup.yml
@@ -24,7 +24,7 @@
retries: 10
- name: remove the security group
- ec2_group:
+ ec2_security_group:
name: "{{ resource_prefix }}-sg"
description: a security group for ansible tests
vpc_id: "{{ testing_vpc.vpc.id }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/env_setup.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/env_setup.yml
index 88f5bb6fe..d48bae66c 100644
--- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/env_setup.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/env_setup.yml
@@ -48,7 +48,7 @@
- "{{ testing_subnet_b.subnet.id }}"
- name: create a security group with the vpc
- ec2_group:
+ ec2_security_group:
name: "{{ resource_prefix }}-sg"
description: a security group for ansible tests
vpc_id: "{{ testing_vpc.vpc.id }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/main.yml
index 6606484b1..da1f2fb1f 100644
--- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_launch_config/tasks/main.yml
@@ -1,9 +1,9 @@
- name: run ec2_lc tests
module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
collections:
- amazon.aws
@@ -14,7 +14,7 @@
include_tasks: env_setup.yml
- name: Create launch configuration 1
- community.aws.ec2_lc:
+ community.aws.autoscaling_launch_config:
name: '{{ resource_prefix }}-lc1'
image_id: '{{ ec2_ami_id }}'
assign_public_ip: yes
@@ -28,7 +28,7 @@
register: lc_1_create
- name: Gather information about launch configuration 1
- community.aws.ec2_lc_info:
+ community.aws.autoscaling_launch_config_info:
name: '{{ resource_prefix }}-lc1'
register: lc_1_info_result
@@ -42,7 +42,7 @@
- lc_1_info_result.launch_configurations[0].instance_type == 't2.micro'
- name: Create launch configuration 1 - Idempotency
- community.aws.ec2_lc:
+ community.aws.autoscaling_launch_config:
name: '{{ resource_prefix }}-lc1'
image_id: '{{ ec2_ami_id }}'
assign_public_ip: yes
@@ -61,7 +61,7 @@
- '"autoscaling:CreateLaunchConfiguration" not in lc_1_create_idem.resource_actions'
- name: Create launch configuration 2
- community.aws.ec2_lc:
+ community.aws.autoscaling_launch_config:
name: '{{ resource_prefix }}-lc2'
image_id: '{{ ec2_ami_id }}'
assign_public_ip: yes
@@ -75,7 +75,7 @@
register: lc_2_create
- name: Gather information about launch configuration 2
- community.aws.ec2_lc_info:
+ community.aws.autoscaling_launch_config_info:
name: '{{ resource_prefix }}-lc2'
register: lc_2_info_result
@@ -90,7 +90,7 @@
- '"autoscaling:CreateLaunchConfiguration" in lc_2_create.resource_actions'
- name: Create launch configuration 2 - Idempotency
- community.aws.ec2_lc:
+ community.aws.autoscaling_launch_config:
name: '{{ resource_prefix }}-lc2'
image_id: '{{ ec2_ami_id }}'
assign_public_ip: yes
@@ -109,7 +109,7 @@
- '"autoscaling:CreateLaunchConfiguration" not in lc_2_create_idem.resource_actions'
- name: Create launch configuration 3 - test throughput parameter
- community.aws.ec2_lc:
+ community.aws.autoscaling_launch_config:
name: '{{ resource_prefix }}-lc3'
image_id: '{{ ec2_ami_id }}'
instance_type: '{{ ec2_instance_type }}'
@@ -122,7 +122,7 @@
register: lc_3_create
- name: Gather information about launch configuration 3
- community.aws.ec2_lc_info:
+ community.aws.autoscaling_launch_config_info:
name: '{{ resource_prefix }}-lc3'
register: lc_3_info_result
@@ -137,7 +137,7 @@
- '"autoscaling:CreateLaunchConfiguration" in lc_3_create.resource_actions'
- name: Create launch configuration 3 - Idempotency
- community.aws.ec2_lc:
+ community.aws.autoscaling_launch_config:
name: '{{ resource_prefix }}-lc3'
image_id: '{{ ec2_ami_id }}'
instance_type: '{{ ec2_instance_type }}'
@@ -155,7 +155,7 @@
- '"autoscaling:CreateLaunchConfiguration" not in lc_3_create_idem.resource_actions'
- name: Search for the Launch Configurations that start with test resource_prefix
- community.aws.ec2_lc_find:
+ community.aws.autoscaling_launch_config_find:
name_regex: '{{ resource_prefix }}*'
sort_order: descending
register: lc_find_result
@@ -166,7 +166,7 @@
- '"autoscaling:DescribeLaunchConfigurations" in lc_find_result.resource_actions'
- name: Delete launch configuration 1
- community.aws.ec2_lc:
+ community.aws.autoscaling_launch_config:
name: '{{ resource_prefix }}-lc1'
state: absent
register: lc_1_delete
@@ -177,7 +177,7 @@
- '"autoscaling:DeleteLaunchConfiguration" in lc_1_delete.resource_actions'
- name: Delete launch configuration 1 - Idempotency
- community.aws.ec2_lc:
+ community.aws.autoscaling_launch_config:
name: '{{ resource_prefix }}-lc1'
state: absent
register: lc_1_delete_idem
@@ -188,7 +188,7 @@
- '"autoscaling:DeleteLaunchConfiguration" not in lc_1_delete_idem.resource_actions'
- name: Gather information about launch configuration 1
- community.aws.ec2_lc_info:
+ community.aws.autoscaling_launch_config_info:
name: '{{ resource_prefix }}-lc1'
register: lc_1_info_result
@@ -198,7 +198,7 @@
- lc_1_info_result.launch_configurations | length == 0
- name: Delete launch configuration 2
- community.aws.ec2_lc:
+ community.aws.autoscaling_launch_config:
name: '{{ resource_prefix }}-lc2'
state: absent
register: lc_2_delete
@@ -209,7 +209,7 @@
- '"autoscaling:DeleteLaunchConfiguration" in lc_2_delete.resource_actions'
- name: Delete launch configuration 2 - Idempotency
- community.aws.ec2_lc:
+ community.aws.autoscaling_launch_config:
name: '{{ resource_prefix }}-lc2'
state: absent
register: lc_2_delete_idem
@@ -220,7 +220,7 @@
- '"autoscaling:DeleteLaunchConfiguration" not in lc_2_delete_idem.resource_actions'
- name: Gather information about launch configuration 2
- community.aws.ec2_lc_info:
+ community.aws.autoscaling_launch_config_info:
name: '{{ resource_prefix }}-lc2'
register: lc_2_info_result
@@ -230,7 +230,7 @@
- lc_2_info_result.launch_configurations | length == 0
- name: Delete launch configuration 3
- community.aws.ec2_lc:
+ community.aws.autoscaling_launch_config:
name: '{{ resource_prefix }}-lc3'
state: absent
register: lc_3_delete
@@ -241,7 +241,7 @@
- '"autoscaling:DeleteLaunchConfiguration" in lc_3_delete.resource_actions'
- name: Delete launch configuration 3 - Idempotency
- community.aws.ec2_lc:
+ community.aws.autoscaling_launch_config:
name: '{{ resource_prefix }}-lc3'
state: absent
register: lc_3_delete_idem
@@ -252,7 +252,7 @@
- '"autoscaling:DeleteLaunchConfiguration" not in lc_3_delete_idem.resource_actions'
- name: Gather information about launch configuration 3
- community.aws.ec2_lc_info:
+ community.aws.autoscaling_launch_config_info:
name: '{{ resource_prefix }}-lc2'
register: lc_3_info_result
diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/main.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/main.yml
index a22182146..e8fdfd37b 100644
--- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/main.yml
@@ -2,40 +2,38 @@
# Beware: most of our tests here are run in parallel.
# To add new tests you'll need to add a new host to the inventory and a matching
# '{{ inventory_hostname }}'.yml file in roles/ec2_asg_lifecycle_hook/tasks/
-
-
# Prepare the VPC and figure out which AMI to use
- hosts: all
- gather_facts: no
+ gather_facts: false
tasks:
- - module_defaults:
- group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
- region: "{{ aws_region }}"
- vars:
+ - module_defaults:
+ group/aws:
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
+ region: "{{ aws_region }}"
+ vars:
# We can't just use "run_once" because the facts don't propagate when
# running an 'include' that was run_once
- setup_run_once: yes
- block:
- - include_role:
- name: 'setup_ec2_facts'
- - include_role:
- name: 'ec2_asg_lifecycle_hook'
- tasks_from: env_setup.yml
- rescue:
- - include_role:
- name: 'ec2_asg_lifecycle_hook'
- tasks_from: env_cleanup.yml
- run_once: yes
- - fail:
- msg: 'Environment preparation failed'
- run_once: yes
+ setup_run_once: true
+ block:
+ - ansible.builtin.include_role:
+ name: setup_ec2_facts
+ - ansible.builtin.include_role:
+ name: ec2_asg_lifecycle_hook
+ tasks_from: env_setup.yml
+ rescue:
+ - ansible.builtin.include_role:
+ name: ec2_asg_lifecycle_hook
+ tasks_from: env_cleanup.yml
+ run_once: true
+ - ansible.builtin.fail:
+ msg: Environment preparation failed
+ run_once: true
# VPC should get cleaned up once all hosts have run
- hosts: all
- gather_facts: no
+ gather_facts: false
strategy: free
serial: 6
roles:
diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/meta/main.yml
index 1471b11f6..fcadd50dc 100644
--- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/meta/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/meta/main.yml
@@ -1,2 +1,3 @@
+---
dependencies:
- setup_ec2_facts
diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/create_update_delete.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/create_update_delete.yml
index 800ee6358..f6b92213e 100644
--- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/create_update_delete.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/create_update_delete.yml
@@ -2,47 +2,46 @@
- name: Test create/update/delete AutoScalingGroups Lifecycle Hooks with ec2_asg_lifecycle_hook
block:
- #----------------------------------------------------------------------
- - name: create a launch configuration
- ec2_lc:
+ # ----------------------------------------------------------------------
+ - name: Create a launch configuration
+ community.aws.autoscaling_launch_config:
name: "{{ resource_prefix }}-lc"
image_id: "{{ ec2_ami_id }}"
region: "{{ aws_region }}"
instance_type: t2.micro
- assign_public_ip: yes
+ assign_public_ip: true
register: create_lc
- - name: ensure that lc is created
- assert:
+ - name: Ensure that lc is created
+ ansible.builtin.assert:
that:
- create_lc is changed
- create_lc.failed is false
- #----------------------------------------------------------------------
- - name: create a AutoScalingGroup
- ec2_asg:
+ # ----------------------------------------------------------------------
+ - name: Create a AutoScalingGroup
+ amazon.aws.autoscaling_group:
name: "{{ resource_prefix }}-asg"
launch_config_name: "{{ resource_prefix }}-lc"
health_check_period: 60
health_check_type: ELB
- replace_all_instances: yes
+ replace_all_instances: true
min_size: 1
max_size: 1
desired_capacity: 1
region: "{{ aws_region }}"
register: create_asg
- - name: ensure that AutoScalingGroup is created
- assert:
+ - name: Ensure that AutoScalingGroup is created
+ ansible.builtin.assert:
that:
- create_asg is changed
- create_asg.failed is false
- '"autoscaling:CreateAutoScalingGroup" in create_asg.resource_actions'
- #----------------------------------------------------------------------
-
+ # ----------------------------------------------------------------------
- name: Create lifecycle hook - check_mode
- community.aws.ec2_asg_lifecycle_hook:
+ community.aws.autoscaling_lifecycle_hook:
region: "{{ aws_region }}"
autoscaling_group_name: "{{ resource_prefix }}-asg"
lifecycle_hook_name: "{{ resource_prefix }}-test-hook"
@@ -53,7 +52,7 @@
check_mode: true
register: output
- - assert:
+ - ansible.builtin.assert:
that:
- output is changed
- output is not failed
@@ -61,7 +60,7 @@
- '"Would have created AutoScalingGroup Lifecycle Hook if not in check_mode" in output.msg'
- name: Create lifecycle hook
- community.aws.ec2_asg_lifecycle_hook:
+ community.aws.autoscaling_lifecycle_hook:
region: "{{ aws_region }}"
autoscaling_group_name: "{{ resource_prefix }}-asg"
lifecycle_hook_name: "{{ resource_prefix }}-test-hook"
@@ -71,7 +70,7 @@
state: present
register: output
- - assert:
+ - ansible.builtin.assert:
that:
- output is changed
- output is not failed
@@ -79,7 +78,7 @@
- output.lifecycle_hook_info[0].heartbeat_timeout == 7000
- name: Create lifecycle hook - Idempotency
- community.aws.ec2_asg_lifecycle_hook:
+ community.aws.autoscaling_lifecycle_hook:
region: "{{ aws_region }}"
autoscaling_group_name: "{{ resource_prefix }}-asg"
lifecycle_hook_name: "{{ resource_prefix }}-test-hook"
@@ -89,14 +88,14 @@
state: present
register: output
- - assert:
+ - ansible.builtin.assert:
that:
- output is not changed
- output is not failed
- '"lifecycle_hook_info" not in output'
- name: Create lifecycle hook - check_mode (Idempotency)
- community.aws.ec2_asg_lifecycle_hook:
+ community.aws.autoscaling_lifecycle_hook:
region: "{{ aws_region }}"
autoscaling_group_name: "{{ resource_prefix }}-asg"
lifecycle_hook_name: "{{ resource_prefix }}-test-hook"
@@ -107,14 +106,14 @@
check_mode: true
register: output
- - assert:
+ - ansible.builtin.assert:
that:
- output is not changed
- output is not failed
- '"lifecycle_hook_info" not in output'
- name: Update lifecycle hook - check_mode
- community.aws.ec2_asg_lifecycle_hook:
+ community.aws.autoscaling_lifecycle_hook:
region: "{{ aws_region }}"
autoscaling_group_name: "{{ resource_prefix }}-asg"
lifecycle_hook_name: "{{ resource_prefix }}-test-hook"
@@ -125,7 +124,7 @@
check_mode: true
register: output
- - assert:
+ - ansible.builtin.assert:
that:
- output is changed
- output is not failed
@@ -133,7 +132,7 @@
- '"Would have modified AutoScalingGroup Lifecycle Hook if not in check_mode." in output.msg'
- name: Update lifecycle hook
- community.aws.ec2_asg_lifecycle_hook:
+ community.aws.autoscaling_lifecycle_hook:
region: "{{ aws_region }}"
autoscaling_group_name: "{{ resource_prefix }}-asg"
lifecycle_hook_name: "{{ resource_prefix }}-test-hook"
@@ -143,7 +142,7 @@
state: present
register: output
- - assert:
+ - ansible.builtin.assert:
that:
- output is changed
- output is not failed
@@ -151,7 +150,7 @@
- output.lifecycle_hook_info[0].heartbeat_timeout == 6000
- name: Update lifecycle hook - Idempotency
- community.aws.ec2_asg_lifecycle_hook:
+ community.aws.autoscaling_lifecycle_hook:
region: "{{ aws_region }}"
autoscaling_group_name: "{{ resource_prefix }}-asg"
lifecycle_hook_name: "{{ resource_prefix }}-test-hook"
@@ -161,14 +160,14 @@
state: present
register: output
- - assert:
+ - ansible.builtin.assert:
that:
- output is not changed
- output is not failed
- '"lifecycle_hook_info" not in output'
- name: Update lifecycle hook - check_mode (Idempotency)
- community.aws.ec2_asg_lifecycle_hook:
+ community.aws.autoscaling_lifecycle_hook:
region: "{{ aws_region }}"
autoscaling_group_name: "{{ resource_prefix }}-asg"
lifecycle_hook_name: "{{ resource_prefix }}-test-hook"
@@ -179,14 +178,14 @@
check_mode: true
register: output
- - assert:
+ - ansible.builtin.assert:
that:
- output is not changed
- output is not failed
- '"lifecycle_hook_info" not in output'
- name: Delete lifecycle hook - check_mode
- community.aws.ec2_asg_lifecycle_hook:
+ community.aws.autoscaling_lifecycle_hook:
region: "{{ aws_region }}"
autoscaling_group_name: "{{ resource_prefix }}-asg"
lifecycle_hook_name: "{{ resource_prefix }}-test-hook"
@@ -194,7 +193,7 @@
check_mode: true
register: output
- - assert:
+ - ansible.builtin.assert:
that:
- output is changed
- output is not failed
@@ -202,35 +201,35 @@
- '"Would have deleted AutoScalingGroup Lifecycle Hook if not in check_mode." in output.msg'
- name: Delete lifecycle hook
- community.aws.ec2_asg_lifecycle_hook:
+ community.aws.autoscaling_lifecycle_hook:
region: "{{ aws_region }}"
autoscaling_group_name: "{{ resource_prefix }}-asg"
lifecycle_hook_name: "{{ resource_prefix }}-test-hook"
state: absent
register: output
- - assert:
+ - ansible.builtin.assert:
that:
- output is changed
- output is not failed
- '"lifecycle_hook_removed" in output'
- name: Delete lifecycle hook - Idempotency
- community.aws.ec2_asg_lifecycle_hook:
+ community.aws.autoscaling_lifecycle_hook:
region: "{{ aws_region }}"
autoscaling_group_name: "{{ resource_prefix }}-asg"
lifecycle_hook_name: "{{ resource_prefix }}-test-hook"
state: absent
register: output
- - assert:
+ - ansible.builtin.assert:
that:
- output is not changed
- output is not failed
- '"lifecycle_hook_removed" not in output'
- name: Delete lifecycle hook - check_mode (Idempotency)
- community.aws.ec2_asg_lifecycle_hook:
+ community.aws.autoscaling_lifecycle_hook:
region: "{{ aws_region }}"
autoscaling_group_name: "{{ resource_prefix }}-asg"
lifecycle_hook_name: "{{ resource_prefix }}-test-hook"
@@ -238,7 +237,7 @@
check_mode: true
register: output
- - assert:
+ - ansible.builtin.assert:
that:
- output is not changed
- output is not failed
diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/env_cleanup.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/env_cleanup.yml
index 3b4ee869b..1befe278a 100644
--- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/env_cleanup.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/env_cleanup.yml
@@ -1,5 +1,6 @@
-- name: kill asg
- ec2_asg:
+---
+- name: Kill asg
+ amazon.aws.autoscaling_group:
name: "{{ resource_prefix }}-asg"
state: absent
register: removed
@@ -8,8 +9,8 @@
retries: 10
# Remove the testing dependencies
-- name: remove target group
- elb_target_group:
+- name: Remove target group
+ community.aws.elb_target_group:
name: "{{ item }}"
state: absent
register: removed
@@ -20,8 +21,8 @@
- "{{ tg1_name }}"
- "{{ tg2_name }}"
-- name: remove the load balancer
- ec2_elb_lb:
+- name: Remove the load balancer
+ amazon.aws.elb_classic_lb:
name: "{{ load_balancer_name }}"
state: absent
security_group_ids:
@@ -34,20 +35,20 @@
load_balancer_port: 80
instance_port: 80
health_check:
- ping_protocol: tcp
- ping_port: 80
- ping_path: "/"
- response_timeout: 5
- interval: 10
- unhealthy_threshold: 4
- healthy_threshold: 2
+ ping_protocol: tcp
+ ping_port: 80
+ ping_path: /
+ response_timeout: 5
+ interval: 10
+ unhealthy_threshold: 4
+ healthy_threshold: 2
register: removed
until: removed is not failed
ignore_errors: true
retries: 10
-- name: remove launch configs
- ec2_lc:
+- name: Remove launch configs
+ community.aws.autoscaling_launch_config:
name: "{{ item }}"
state: absent
register: removed
@@ -57,8 +58,8 @@
loop:
- "{{ resource_prefix }}-lc"
-- name: delete launch template
- ec2_launch_template:
+- name: Delete launch template
+ community.aws.ec2_launch_template:
name: "{{ resource_prefix }}-lt"
state: absent
register: del_lt
@@ -66,8 +67,8 @@
until: del_lt is not failed
ignore_errors: true
-- name: remove the security group
- ec2_group:
+- name: Remove the security group
+ amazon.aws.ec2_security_group:
name: "{{ resource_prefix }}-sg"
description: a security group for ansible tests
vpc_id: "{{ testing_vpc.vpc.id }}"
@@ -77,14 +78,14 @@
ignore_errors: true
retries: 10
-- name: remove routing rules
- ec2_vpc_route_table:
+- name: Remove routing rules
+ amazon.aws.ec2_vpc_route_table:
state: absent
vpc_id: "{{ testing_vpc.vpc.id }}"
tags:
created: "{{ resource_prefix }}-route"
routes:
- - dest: 0.0.0.0/0
+ - dest: "0.0.0.0/0"
gateway_id: "{{ igw.gateway_id }}"
subnets:
- "{{ testing_subnet.subnet.id }}"
@@ -93,8 +94,8 @@
ignore_errors: true
retries: 10
-- name: remove internet gateway
- ec2_vpc_igw:
+- name: Remove internet gateway
+ amazon.aws.ec2_vpc_igw:
vpc_id: "{{ testing_vpc.vpc.id }}"
state: absent
register: removed
@@ -102,8 +103,8 @@
ignore_errors: true
retries: 10
-- name: remove the subnet
- ec2_vpc_subnet:
+- name: Remove the subnet
+ amazon.aws.ec2_vpc_subnet:
state: absent
vpc_id: "{{ testing_vpc.vpc.id }}"
cidr: 10.55.77.0/24
@@ -112,8 +113,8 @@
ignore_errors: true
retries: 10
-- name: remove the VPC
- ec2_vpc_net:
+- name: Remove the VPC
+ amazon.aws.ec2_vpc_net:
name: "{{ resource_prefix }}-vpc"
cidr_block: 10.55.77.0/24
state: absent
diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/env_setup.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/env_setup.yml
index 8e9be1d55..d51654310 100644
--- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/env_setup.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/env_setup.yml
@@ -1,25 +1,25 @@
+---
- name: Run ec2_asg_lifecycle_hook integration tests.
block:
-
# ============================================================
# Set up the testing dependencies: VPC, subnet, security group, and two launch configurations
- name: Create VPC for use in testing
- ec2_vpc_net:
+ amazon.aws.ec2_vpc_net:
name: "{{ resource_prefix }}-vpc"
cidr_block: 10.55.77.0/24
tenancy: default
register: testing_vpc
- name: Create internet gateway for use in testing
- ec2_vpc_igw:
+ amazon.aws.ec2_vpc_igw:
vpc_id: "{{ testing_vpc.vpc.id }}"
state: present
register: igw
- name: Create subnet for use in testing
- ec2_vpc_subnet:
+ amazon.aws.ec2_vpc_subnet:
state: present
vpc_id: "{{ testing_vpc.vpc.id }}"
cidr: 10.55.77.0/24
@@ -28,19 +28,19 @@
Name: "{{ resource_prefix }}-subnet"
register: testing_subnet
- - name: create routing rules
- ec2_vpc_route_table:
+ - name: Create routing rules
+ amazon.aws.ec2_vpc_route_table:
vpc_id: "{{ testing_vpc.vpc.id }}"
tags:
created: "{{ resource_prefix }}-route"
routes:
- - dest: 0.0.0.0/0
+ - dest: "0.0.0.0/0"
gateway_id: "{{ igw.gateway_id }}"
subnets:
- "{{ testing_subnet.subnet.id }}"
- - name: create a security group with the vpc created in the ec2_setup
- ec2_group:
+ - name: Create a security group with the vpc created in the ec2_setup
+ amazon.aws.ec2_security_group:
name: "{{ resource_prefix }}-sg"
description: a security group for ansible tests
vpc_id: "{{ testing_vpc.vpc.id }}"
@@ -48,9 +48,9 @@
- proto: tcp
from_port: 22
to_port: 22
- cidr_ip: 0.0.0.0/0
+ cidr_ip: "0.0.0.0/0"
- proto: tcp
from_port: 80
to_port: 80
- cidr_ip: 0.0.0.0/0
+ cidr_ip: "0.0.0.0/0"
register: sg
diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/main.yml
index 16442c7fa..e38324bda 100644
--- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_lifecycle_hook/roles/ec2_asg_lifecycle_hook/tasks/main.yml
@@ -3,38 +3,36 @@
# To add new tests you'll need to add a new host to the inventory and a matching
# '{{ inventory_hostname }}'.yml file in roles/ec2_asg_lifecycle_hook/tasks/
-- name: "Wrap up all tests and setup AWS credentials"
+- name: Wrap up all tests and setup AWS credentials
module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
aws_config:
retries:
# Unfortunately AWSRetry doesn't support paginators and boto3's paginators
# don't support any configuration of the delay between retries.
max_attempts: 20
- collections:
- - community.aws
block:
- - debug:
- msg: "{{ inventory_hostname }} start: {{ lookup('pipe','date') }}"
- - include_tasks: '{{ inventory_hostname }}.yml'
- - debug:
- msg: "{{ inventory_hostname }} finish: {{ lookup('pipe','date') }}"
+ - ansible.builtin.debug:
+ msg: "{{ inventory_hostname }} start: {{ lookup('pipe', 'date') }}"
+ - ansible.builtin.include_tasks: "{{ inventory_hostname }}.yml"
+ - ansible.builtin.debug:
+ msg: "{{ inventory_hostname }} finish: {{ lookup('pipe', 'date') }}"
always:
- - set_fact:
- _role_complete: True
+ - ansible.builtin.set_fact:
+ _role_complete: true
- vars:
completed_hosts: '{{ ansible_play_hosts_all | map("extract", hostvars, "_role_complete") | list | select("defined") | list | length }}'
- hosts_in_play: '{{ ansible_play_hosts_all | length }}'
- debug:
+ hosts_in_play: "{{ ansible_play_hosts_all | length }}"
+ ansible.builtin.debug:
msg: "{{ completed_hosts }} of {{ hosts_in_play }} complete"
- - include_tasks: env_cleanup.yml
+ - ansible.builtin.include_tasks: env_cleanup.yml
vars:
completed_hosts: '{{ ansible_play_hosts_all | map("extract", hostvars, "_role_complete") | list | select("defined") | list | length }}'
- hosts_in_play: '{{ ansible_play_hosts_all | length }}'
+ hosts_in_play: "{{ ansible_play_hosts_all | length }}"
when:
- - completed_hosts == hosts_in_play
+ - completed_hosts == hosts_in_play
diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_policy/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_policy/tasks/main.yml
index 24b3eea62..684522d64 100644
--- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_policy/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_policy/tasks/main.yml
@@ -12,22 +12,22 @@
- module_defaults:
group/aws:
region: "{{ aws_region }}"
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
collections:
- amazon.aws
block:
- name: create trivial launch_configuration
- ec2_lc:
+ autoscaling_launch_config:
name: "{{ scaling_policy_lc_name }}"
state: present
instance_type: t3.nano
image_id: "{{ ec2_ami_id }}"
- name: create trivial ASG
- ec2_asg:
+ autoscaling_group:
name: "{{ scaling_policy_asg_name }}"
state: present
launch_config_name: "{{ scaling_policy_lc_name }}"
@@ -36,7 +36,7 @@
desired_capacity: 0
- name: Create Simple Scaling policy using implicit defaults
- ec2_scaling_policy:
+ autoscaling_policy:
name: "{{ resource_prefix }}_simplescaling_policy"
asg_name: "{{ scaling_policy_asg_name }}"
state: present
@@ -46,11 +46,11 @@
- assert:
that:
- - result.policy_name == "{{ resource_prefix }}_simplescaling_policy"
+ - result.policy_name == resource_prefix ~ '_simplescaling_policy'
- result.changed
- name: Update Simple Scaling policy using explicit defaults
- ec2_scaling_policy:
+ autoscaling_policy:
name: "{{ resource_prefix }}_simplescaling_policy"
asg_name: "{{ scaling_policy_asg_name }}"
state: present
@@ -61,11 +61,11 @@
- assert:
that:
- - result.policy_name == "{{ resource_prefix }}_simplescaling_policy"
+ - result.policy_name == resource_prefix ~ '_simplescaling_policy'
- not result.changed
- name: min_adjustment_step is ignored with ChangeInCapacity
- ec2_scaling_policy:
+ autoscaling_policy:
name: "{{ resource_prefix }}_simplescaling_policy"
asg_name: "{{ scaling_policy_asg_name }}"
state: present
@@ -77,12 +77,12 @@
- assert:
that:
- - result.policy_name == "{{ resource_prefix }}_simplescaling_policy"
+ - result.policy_name == resource_prefix ~ '_simplescaling_policy'
- not result.changed
- result.adjustment_type == "ChangeInCapacity"
- name: Change Simple Scaling policy adjustment_type to PercentChangeInCapacity
- ec2_scaling_policy:
+ autoscaling_policy:
name: "{{ resource_prefix }}_simplescaling_policy"
asg_name: "{{ scaling_policy_asg_name }}"
state: present
@@ -94,12 +94,12 @@
- assert:
that:
- - result.policy_name == "{{ resource_prefix }}_simplescaling_policy"
+ - result.policy_name == resource_prefix ~ '_simplescaling_policy'
- result.changed
- result.adjustment_type == "PercentChangeInCapacity"
- name: Remove Simple Scaling policy
- ec2_scaling_policy:
+ autoscaling_policy:
name: "{{ resource_prefix }}_simplescaling_policy"
asg_name: "{{ scaling_policy_asg_name }}"
state: absent
@@ -110,7 +110,7 @@
- result.changed
- name: Create Step Scaling policy
- ec2_scaling_policy:
+ autoscaling_policy:
name: "{{ resource_prefix }}_stepscaling_policy"
asg_name: "{{ scaling_policy_asg_name }}"
state: present
@@ -126,11 +126,11 @@
- assert:
that:
- - result.policy_name == "{{ resource_prefix }}_stepscaling_policy"
+ - result.policy_name == resource_prefix ~ '_stepscaling_policy'
- result.changed
- name: Add another step
- ec2_scaling_policy:
+ autoscaling_policy:
name: "{{ resource_prefix }}_stepscaling_policy"
asg_name: "{{ scaling_policy_asg_name }}"
state: present
@@ -149,12 +149,12 @@
- assert:
that:
- - result.policy_name == "{{ resource_prefix }}_stepscaling_policy"
+ - result.policy_name == resource_prefix ~ '_stepscaling_policy'
- result.changed
- result.adjustment_type == "PercentChangeInCapacity"
- name: Remove Step Scaling policy
- ec2_scaling_policy:
+ autoscaling_policy:
name: "{{ resource_prefix }}_stepscaling_policy"
asg_name: "{{ scaling_policy_asg_name }}"
state: absent
@@ -165,7 +165,7 @@
- result.changed
- name: Remove Step Scaling policy (idemopotency)
- ec2_scaling_policy:
+ autoscaling_policy:
name: "{{ resource_prefix }}_stepscaling_policy"
asg_name: "{{ scaling_policy_asg_name }}"
state: absent
@@ -177,7 +177,7 @@
- result is successful
- name: create TargetTracking predefined policy
- ec2_scaling_policy:
+ autoscaling_policy:
name: "{{ resource_prefix }}_targettracking_predefined_policy"
policy_type: TargetTrackingScaling
target_tracking_config:
@@ -189,12 +189,12 @@
- assert:
that:
- - result.policy_name == "{{ resource_prefix }}_targettracking_predefined_policy"
+ - result.policy_name == resource_prefix ~ '_targettracking_predefined_policy'
- result.changed
- result is successful
- name: create TargetTrackingScaling predefined policy (idempotency)
- ec2_scaling_policy:
+ autoscaling_policy:
name: "{{ resource_prefix }}_targettracking_predefined_policy"
policy_type: TargetTrackingScaling
target_tracking_config:
@@ -206,12 +206,12 @@
- assert:
that:
- - result.policy_name == "{{ resource_prefix }}_targettracking_predefined_policy"
+ - result.policy_name == resource_prefix ~ '_targettracking_predefined_policy'
- result is not changed
# # It would be good to also test this but we would need an Target group and an ALB
# - name: create TargetTracking predefined policy with resource_label
-# ec2_scaling_policy:
+# autoscaling_policy:
# name: "{{ resource_prefix }}_targettracking_predefined_rl_policy"
# policy_type: TargetTrackingScaling
# target_tracking_config:
@@ -229,7 +229,7 @@
# - result is successful
#
# - name: create TargetTracking predefined policy with resource_label (idempotency)
-# ec2_scaling_policy:
+# autoscaling_policy:
# name: "{{ resource_prefix }}_targettracking_predefined_rl_policy"
# policy_type: TargetTrackingScaling
# target_tracking_config:
@@ -246,7 +246,7 @@
# - result is not changed
- name: create TargetTrackingScaling custom policy
- ec2_scaling_policy:
+ autoscaling_policy:
name: "{{ resource_prefix }}_targettracking_custom_policy"
policy_type: TargetTrackingScaling
target_tracking_config:
@@ -263,12 +263,12 @@
- assert:
that:
- - result.policy_name == "{{ resource_prefix }}_targettracking_custom_policy"
+ - result.policy_name == resource_prefix ~ '_targettracking_custom_policy'
- result.changed
- result is successful
- name: create TargetTrackingScaling custom policy (idempotency)
- ec2_scaling_policy:
+ autoscaling_policy:
name: "{{ resource_prefix }}_targettracking_custom_policy"
policy_type: TargetTrackingScaling
target_tracking_config:
@@ -285,14 +285,14 @@
- assert:
that:
- - result.policy_name == "{{ resource_prefix }}_targettracking_custom_policy"
+ - result.policy_name == resource_prefix ~ '_targettracking_custom_policy'
- result is not changed
always:
# ============================================================
- name: Remove the scaling policies
- ec2_scaling_policy:
+ autoscaling_policy:
name: "{{ item }}"
state: absent
register: result
@@ -305,13 +305,13 @@
ignore_errors: yes
- name: remove the ASG
- ec2_asg:
+ autoscaling_group:
name: "{{ scaling_policy_asg_name }}"
state: absent
ignore_errors: yes
- name: remove the Launch Configuration
- ec2_lc:
+ autoscaling_launch_config:
name: "{{ scaling_policy_lc_name }}"
state: absent
ignore_errors: yes
diff --git a/ansible_collections/community/aws/tests/integration/targets/autoscaling_scheduled_action/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/autoscaling_scheduled_action/tasks/main.yml
index c78c7efae..4c0e97220 100644
--- a/ansible_collections/community/aws/tests/integration/targets/autoscaling_scheduled_action/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/autoscaling_scheduled_action/tasks/main.yml
@@ -5,9 +5,9 @@
- community.aws
module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:
## Set up the testing dependencies: VPC, subnet, security group, and launch configuration
@@ -29,7 +29,7 @@
register: testing_subnet
- name: create a security group with the vpc created in the ec2_setup
- ec2_group:
+ ec2_security_group:
name: "{{ resource_prefix }}-sg"
description: a security group for ansible tests
vpc_id: "{{ testing_vpc.vpc.id }}"
@@ -45,7 +45,7 @@
register: sg
- name: ensure launch configs exist
- ec2_lc:
+ autoscaling_launch_config:
name: "{{ resource_prefix }}-lc"
assign_public_ip: true
image_id: "{{ ec2_ami_id }}"
@@ -53,7 +53,7 @@
instance_type: t3.micro
- name: Create ASG ready
- ec2_asg:
+ autoscaling_group:
name: "{{ resource_prefix }}-asg"
launch_config_name: "{{ resource_prefix }}-lc"
desired_capacity: 1
@@ -70,10 +70,10 @@
## Create minimal basic scheduled action
- name: Create basic scheduled_action - check_mode
- ec2_asg_scheduled_action:
+ autoscaling_scheduled_action:
autoscaling_group_name: "{{ resource_prefix }}-asg"
scheduled_action_name: "{{ resource_prefix }}-test"
- start_time: 2022 October 25 08:00 UTC
+ start_time: 2027 November 9 08:00 UTC
recurrence: 40 22 * * 1-5
desired_capacity: 2
state: present
@@ -87,10 +87,10 @@
- scheduled_action is changed
- name: Create basic scheduled_action
- ec2_asg_scheduled_action:
+ autoscaling_scheduled_action:
autoscaling_group_name: "{{ resource_prefix }}-asg"
scheduled_action_name: "{{ resource_prefix }}-test"
- start_time: 2022 October 25 08:00 UTC
+ start_time: 2027 November 9 08:00 UTC
recurrence: 40 22 * * 1-5
desired_capacity: 2
state: present
@@ -101,14 +101,14 @@
that:
- scheduled_action is successful
- scheduled_action is changed
- - scheduled_action.scheduled_action_name == "{{ resource_prefix }}-test"
+ - scheduled_action.scheduled_action_name == resource_prefix ~ '-test'
- scheduled_action.desired_capacity == 2
- name: Create basic scheduled_action - idempotent
- ec2_asg_scheduled_action:
+ autoscaling_scheduled_action:
autoscaling_group_name: "{{ resource_prefix }}-asg"
scheduled_action_name: "{{ resource_prefix }}-test"
- start_time: 2022 October 25 08:00 UTC
+ start_time: 2027 November 9 08:00 UTC
recurrence: 40 22 * * 1-5
desired_capacity: 2
state: present
@@ -122,10 +122,10 @@
## Update minimal basic scheduled action
- name: Update basic scheduled_action - check_mode
- ec2_asg_scheduled_action:
+ autoscaling_scheduled_action:
autoscaling_group_name: "{{ resource_prefix }}-asg"
scheduled_action_name: "{{ resource_prefix }}-test"
- start_time: 2022 October 25 08:00 UTC
+ start_time: 2027 November 9 08:00 UTC
recurrence: 40 22 * * 1-5
desired_capacity: 3
min_size: 3
@@ -140,10 +140,10 @@
- scheduled_action is changed
- name: Update basic scheduled_action
- ec2_asg_scheduled_action:
+ autoscaling_scheduled_action:
autoscaling_group_name: "{{ resource_prefix }}-asg"
scheduled_action_name: "{{ resource_prefix }}-test"
- start_time: 2022 October 25 08:00 UTC
+ start_time: 2027 November 9 08:00 UTC
recurrence: 40 22 * * 1-5
desired_capacity: 3
min_size: 3
@@ -155,15 +155,15 @@
that:
- scheduled_action is successful
- scheduled_action is changed
- - scheduled_action.scheduled_action_name == "{{ resource_prefix }}-test"
+ - scheduled_action.scheduled_action_name == resource_prefix ~ '-test'
- scheduled_action.desired_capacity == 3
- scheduled_action.min_size == 3
- name: Update basic scheduled_action - idempotent
- ec2_asg_scheduled_action:
+ autoscaling_scheduled_action:
autoscaling_group_name: "{{ resource_prefix }}-asg"
scheduled_action_name: "{{ resource_prefix }}-test"
- start_time: 2022 October 25 08:00 UTC
+ start_time: 2027 November 9 08:00 UTC
recurrence: 40 22 * * 1-5
desired_capacity: 3
min_size: 3
@@ -178,11 +178,11 @@
## Create advanced scheduled action
- name: Create advanced scheduled_action - check_mode
- ec2_asg_scheduled_action:
+ autoscaling_scheduled_action:
autoscaling_group_name: "{{ resource_prefix }}-asg"
scheduled_action_name: "{{ resource_prefix }}-test"
- start_time: 2022 October 25 09:00 UTC
- end_time: 2022 October 25 10:00 UTC
+ start_time: 2027 November 9 09:00 UTC
+ end_time: 2027 November 9 10:00 UTC
time_zone: Europe/London
recurrence: 40 22 * * 1-5
min_size: 2
@@ -199,11 +199,11 @@
- advanced_scheduled_action is changed
- name: Create advanced scheduled_action
- ec2_asg_scheduled_action:
+ autoscaling_scheduled_action:
autoscaling_group_name: "{{ resource_prefix }}-asg"
scheduled_action_name: "{{ resource_prefix }}-test1"
- start_time: 2022 October 25 09:00 UTC
- end_time: 2022 October 25 10:00 UTC
+ start_time: 2027 November 9 09:00 UTC
+ end_time: 2027 November 9 10:00 UTC
time_zone: Europe/London
recurrence: 40 22 * * 1-5
min_size: 2
@@ -217,18 +217,18 @@
that:
- advanced_scheduled_action is successful
- advanced_scheduled_action is changed
- - advanced_scheduled_action.scheduled_action_name == "{{ resource_prefix }}-test1"
+ - advanced_scheduled_action.scheduled_action_name == resource_prefix ~ '-test1'
- advanced_scheduled_action.desired_capacity == 2
- advanced_scheduled_action.min_size == 2
- advanced_scheduled_action.max_size == 5
- advanced_scheduled_action.time_zone == "Europe/London"
- name: Create advanced scheduled_action - idempotent
- ec2_asg_scheduled_action:
+ autoscaling_scheduled_action:
autoscaling_group_name: "{{ resource_prefix }}-asg"
scheduled_action_name: "{{ resource_prefix }}-test1"
- start_time: 2022 October 25 09:00 UTC
- end_time: 2022 October 25 10:00 UTC
+ start_time: 2027 November 9 09:00 UTC
+ end_time: 2027 November 9 10:00 UTC
time_zone: Europe/London
recurrence: 40 22 * * 1-5
min_size: 2
@@ -245,7 +245,7 @@
## Delete scheduled action
- name: Delete scheduled_action - check_mode
- ec2_asg_scheduled_action:
+ autoscaling_scheduled_action:
autoscaling_group_name: "{{ resource_prefix }}-asg"
scheduled_action_name: "{{ resource_prefix }}-test1"
state: absent
@@ -259,7 +259,7 @@
- scheduled_action_deletion is changed
- name: Delete scheduled_action
- ec2_asg_scheduled_action:
+ autoscaling_scheduled_action:
autoscaling_group_name: "{{ resource_prefix }}-asg"
scheduled_action_name: "{{ resource_prefix }}-test1"
state: absent
@@ -272,7 +272,7 @@
- scheduled_action_deletion is changed
- name: Delete scheduled_action - idempotent
- ec2_asg_scheduled_action:
+ autoscaling_scheduled_action:
autoscaling_group_name: "{{ resource_prefix }}-asg"
scheduled_action_name: "{{ resource_prefix }}-test1"
state: absent
@@ -285,7 +285,7 @@
- scheduled_action_deletion is not changed
always:
- name: Remove ASG
- ec2_asg:
+ autoscaling_group:
name: "{{ resource_prefix }}-asg"
state: absent
register: removed
@@ -295,7 +295,7 @@
# Remove the testing dependencies
- name: Remove launch configs
- ec2_lc:
+ autoscaling_launch_config:
name: "{{ resource_prefix }}-lc"
state: absent
register: removed
@@ -304,7 +304,7 @@
retries: 10
- name: Remove the security group
- ec2_group:
+ ec2_security_group:
name: "{{ resource_prefix }}-sg"
description: a security group for ansible tests
vpc_id: "{{ testing_vpc.vpc.id }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/aws_region_info/main.yml b/ansible_collections/community/aws/tests/integration/targets/aws_region_info/main.yml
deleted file mode 100644
index abffda916..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/aws_region_info/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-- hosts: localhost
- connection: local
- environment: "{{ ansible_test.environment }}"
- tasks:
- - include_tasks: 'tasks/tests.yml'
diff --git a/ansible_collections/community/aws/tests/integration/targets/aws_region_info/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/aws_region_info/tasks/main.yml
deleted file mode 100644
index 3edbbaded..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/aws_region_info/tasks/main.yml
+++ /dev/null
@@ -1,107 +0,0 @@
----
-- module_defaults:
- group/aws:
- aws_access_key: '{{ aws_access_key | default(omit) }}'
- aws_secret_key: '{{ aws_secret_key | default(omit) }}'
- security_token: '{{ security_token | default(omit) }}'
- region: '{{ aws_region | default(omit) }}'
-
- block:
- - name: 'List available Regions'
- aws_region_info:
- register: regions
-
- - name: check task return attributes
- vars:
- first_region: '{{ regions.regions[0] }}'
- assert:
- that:
- - regions is successful
- - regions is not changed
- - '"regions" in regions'
- - '"endpoint" in first_region'
- - '"opt_in_status" in first_region'
- - '"region_name" in first_region'
-
- - name: 'List available Regions - check_mode'
- aws_region_info:
- register: check_regions
-
- - name: check task return attributes - check_mode
- vars:
- first_region: '{{ check_regions.regions[0] }}'
- assert:
- that:
- - check_regions is successful
- - check_regions is not changed
- - '"regions" in check_regions'
- - '"endpoint" in first_region'
- - '"opt_in_status" in first_region'
- - '"region_name" in first_region'
-
- - name: 'Filter available Regions using - ("region-name")'
- aws_region_info:
- filters:
- region-name: 'us-west-1'
- register: us_west_1
-
- - name: check task return attributes - filtering using -
- vars:
- first_region: '{{ us_west_1.regions[0] }}'
- assert:
- that:
- - us_west_1 is successful
- - us_west_1 is not changed
- - '"regions" in us_west_1'
- - us_west_1.regions | length == 1
- - '"endpoint" in first_region'
- - first_region.endpoint == 'ec2.us-west-1.amazonaws.com'
- - '"opt_in_status" in first_region'
- - first_region.opt_in_status == 'opt-in-not-required'
- - '"region_name" in first_region'
- - first_region.region_name == 'us-west-1'
-
- - name: 'Filter available Regions using _ ("region_name")'
- aws_region_info:
- filters:
- region_name: 'us-west-2'
- register: us_west_2
-
- - name: check task return attributes - filtering using _
- vars:
- first_region: '{{ us_west_2.regions[0] }}'
- assert:
- that:
- - us_west_2 is successful
- - us_west_2 is not changed
- - '"regions" in us_west_2'
- - us_west_2.regions | length == 1
- - '"endpoint" in first_region'
- - first_region.endpoint == 'ec2.us-west-2.amazonaws.com'
- - '"opt_in_status" in first_region'
- - first_region.opt_in_status == 'opt-in-not-required'
- - '"region_name" in first_region'
- - first_region.region_name == 'us-west-2'
-
- - name: 'Filter available Regions using _ and - to check precedence'
- aws_region_info:
- filters:
- region-name: 'eu-west-1'
- region_name: 'eu-central-1'
- register: regions_prededence
-
- - name: check task return attributes - precedence
- vars:
- first_region: '{{ regions_prededence.regions[0] }}'
- assert:
- that:
- - regions_prededence is successful
- - regions_prededence is not changed
- - '"regions" in regions_prededence'
- - regions_prededence.regions | length == 1
- - '"endpoint" in first_region'
- - first_region.endpoint == 'ec2.eu-central-1.amazonaws.com'
- - '"opt_in_status" in first_region'
- - first_region.opt_in_status == 'opt-in-not-required'
- - '"region_name" in first_region'
- - first_region.region_name == 'eu-central-1'
diff --git a/ansible_collections/community/aws/tests/integration/targets/cloudformation_exports_info/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/cloudformation_exports_info/tasks/main.yml
index eb703d49e..f1b99df1b 100644
--- a/ansible_collections/community/aws/tests/integration/targets/cloudformation_exports_info/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/cloudformation_exports_info/tasks/main.yml
@@ -1,9 +1,9 @@
- name: set connection information for aws modules and run tasks
module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
collections:
- amazon.aws
diff --git a/ansible_collections/community/aws/tests/integration/targets/cloudformation_stack_set/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/cloudformation_stack_set/tasks/main.yml
index afd614a55..39f13a71f 100644
--- a/ansible_collections/community/aws/tests/integration/targets/cloudformation_stack_set/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/cloudformation_stack_set/tasks/main.yml
@@ -5,14 +5,14 @@
- name: set up aws connection info
set_fact:
aws_connection_info: &aws_connection_info
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
aws_secondary_connection_info: &aws_secondary_connection_info
- aws_access_key: "{{ secondary_aws_access_key }}"
- aws_secret_key: "{{ secondary_aws_secret_key }}"
- security_token: "{{ secondary_security_token }}"
+ access_key: "{{ secondary_aws_access_key }}"
+ secret_key: "{{ secondary_aws_secret_key }}"
+ session_token: "{{ secondary_security_token | default(omit) }}"
region: "{{ aws_region }}"
no_log: true
diff --git a/ansible_collections/community/aws/tests/integration/targets/cloudfront_distribution/aliases b/ansible_collections/community/aws/tests/integration/targets/cloudfront_distribution/aliases
index e04e1b287..4ef4b2067 100644
--- a/ansible_collections/community/aws/tests/integration/targets/cloudfront_distribution/aliases
+++ b/ansible_collections/community/aws/tests/integration/targets/cloudfront_distribution/aliases
@@ -1,4 +1 @@
-# reason: broken
-disabled
-
cloud/aws
diff --git a/ansible_collections/community/aws/tests/integration/targets/cloudfront_distribution/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/cloudfront_distribution/tasks/main.yml
index a6ac0571a..281097db1 100644
--- a/ansible_collections/community/aws/tests/integration/targets/cloudfront_distribution/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/cloudfront_distribution/tasks/main.yml
@@ -1,8 +1,8 @@
- module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
cloudfront_distribution:
alias: "{{ cloudfront_alias | default(omit) }}"
viewer_certificate: "{{ cloudfront_viewer_cert | default(omit) }}"
@@ -19,12 +19,18 @@
default_cache_behavior:
target_origin_id: "{{ cloudfront_hostname }}-origin.example.com"
state: present
- purge_origins: yes
+ purge_origins: true
register: cf_distribution
- set_fact:
distribution_id: '{{ cf_distribution.id }}'
+ - name: ensure that default value of 'enabled' is 'true'
+ assert:
+ that:
+ - cf_distribution.changed
+ - cf_distribution.enabled
+
- name: ensure that default value of 'ipv6_enabled' is 'false'
assert:
that:
@@ -49,7 +55,7 @@
cloudfront_distribution:
state: present
distribution_id: "{{ distribution_id }}"
- ipv6_enabled: True
+ ipv6_enabled: true
register: cf_update_ipv6
- name: ensure the 'ipv6_enabled' value has changed (new value is true)
@@ -76,7 +82,7 @@
cloudfront_distribution:
state: present
distribution_id: "{{ distribution_id }}"
- ipv6_enabled: True
+ ipv6_enabled: true
register: cf_update_ipv6
- name: ensure the 'ipv6_enabled' value has changed (new value is true)
@@ -86,45 +92,122 @@
# - not cf_update_ipv6.changed
- cf_update_ipv6.is_ipv6_enabled
- - name: re-run cloudfront distribution with same defaults
+ - name: Ensure that default value of 'http_version' is 'http2'
+ assert:
+ that:
+ - cf_update_ipv6.http_version == 'http2'
+
+ - name: Update the distribution http_version to http2and3
+ cloudfront_distribution:
+ state: present
+ distribution_id: "{{ distribution_id }}"
+ http_version: http2and3
+ register: cf_update_http_version
+
+ - name: Ensure that default value of 'http_version' is 'http2and3'
+ assert:
+ that:
+ - cf_update_http_version.changed
+ - cf_update_http_version.http_version == 'http2and3'
+
+ # - name: re-run cloudfront distribution with same defaults
+ # cloudfront_distribution:
+ # distribution_id: "{{ distribution_id }}"
+ # origins:
+ # - domain_name: "{{ cloudfront_hostname }}-origin.example.com"
+ # state: present
+ # register: cf_dist_no_update
+
+ # - name: ensure distribution was not updated
+ # assert:
+ # that:
+ # - not cf_dist_no_update.changed
+
+ # - name: re-run cloudfront distribution using distribution id
+ # cloudfront_distribution:
+ # distribution_id: "{{ distribution_id }}"
+ # purge_origins: no
+ # state: present
+ # register: cf_dist_with_id
+
+ # - name: ensure distribution was not updated
+ # assert:
+ # that:
+ # - not cf_dist_with_id.changed
+
+ - name: update origin http port
cloudfront_distribution:
distribution_id: "{{ distribution_id }}"
origins:
- domain_name: "{{ cloudfront_hostname }}-origin.example.com"
+ custom_origin_config:
+ http_port: 8080
state: present
- register: cf_dist_no_update
+ register: update_origin_http_port
- - name: ensure distribution was not updated
+ - name: ensure http port was updated
assert:
that:
- - not cf_dist_no_update.changed
+ - update_origin_http_port.changed
- - name: re-run cloudfront distribution using distribution id
+ - name: enable origin Origin Shield
cloudfront_distribution:
distribution_id: "{{ distribution_id }}"
- purge_origins: no
+ origins:
+ - domain_name: "{{ cloudfront_hostname }}-origin.example.com"
+ custom_origin_config:
+ http_port: 8080
+ origin_shield:
+ enabled: true
+ origin_shield_region: '{{ aws_region }}'
state: present
- register: cf_dist_with_id
+ register: update_origin_origin_shield
- - name: ensure distribution was not updated
+ - name: ensure origin Origin Shield was enabled
assert:
that:
- - not cf_dist_with_id.changed
-
- - name: update origin http port
+ - update_origin_origin_shield.changed
+ - update_origin_origin_shield.origins['items'][0].origin_shield.enabled
+ - update_origin_origin_shield.origins['items'][0].origin_shield.origin_shield_region == aws_region
+
+ # TODO: fix module idempotency issue
+ # - name: enable origin Origin Shield again to test idempotency
+ # cloudfront_distribution:
+ # distribution_id: "{{ distribution_id }}"
+ # origins:
+ # - domain_name: "{{ cloudfront_hostname }}-origin.example.com"
+ # custom_origin_config:
+ # http_port: 8080
+ # origin_shield:
+ # enabled: true
+ # origin_shield_region: '{{ aws_region }}'
+ # state: present
+ # register: update_origin_origin_shield_idempotency
+
+ # - name: test idempotency for Origin Shield
+ # assert:
+ # that:
+ # - not update_origin_origin_shield_idempotency.changed
+ # - update_origin_origin_shield_idempotency.origins['items'][0].origin_shield.enabled
+ # - update_origin_origin_shield_idempotency.origins['items'][0].origin_shield.origin_shield_region == '{{ aws_region }}'
+
+ - name: disable origin Origin Shield
cloudfront_distribution:
distribution_id: "{{ distribution_id }}"
origins:
- domain_name: "{{ cloudfront_hostname }}-origin.example.com"
custom_origin_config:
http_port: 8080
+ origin_shield:
+ enabled: false
state: present
- register: update_origin_http_port
+ register: update_origin_origin_shield_disable
- - name: ensure http port was updated
+ - name: ensure origin Origin Shield was disabled
assert:
that:
- - update_origin_http_port.changed
+ - update_origin_origin_shield_disable.changed
+ - not update_origin_origin_shield_disable.origins['items'][0].origin_shield.enabled
- name: update restrictions
cloudfront_distribution:
@@ -167,7 +250,7 @@
id: "{{ resource_prefix }}2.example.com"
default_root_object: index.html
state: present
- wait: yes
+ wait: true
register: cf_add_origin
- name: ensure origin was added
@@ -186,7 +269,7 @@
http_port: 8080
- domain_name: "{{ resource_prefix }}2.example.com"
default_root_object: index.html
- wait: yes
+ wait: true
state: present
register: cf_rerun_second_origin
@@ -194,7 +277,7 @@
assert:
that:
- cf_rerun_second_origin.origins.quantity == 2
- - not cf_rerun_second_origin.changed
+ # - not cf_rerun_second_origin.changed
- name: run with origins in reverse order
cloudfront_distribution:
@@ -211,7 +294,7 @@
assert:
that:
- cf_rerun_second_origin_reversed.origins.quantity == 2
- - not cf_rerun_second_origin_reversed.changed
+ # - not cf_rerun_second_origin_reversed.changed
- name: purge first origin
@@ -221,7 +304,7 @@
- domain_name: "{{ resource_prefix }}2.example.com"
default_cache_behavior:
target_origin_id: "{{ resource_prefix }}2.example.com"
- purge_origins: yes
+ purge_origins: true
state: present
register: cf_purge_origin
@@ -278,12 +361,13 @@
- name: delete distribution
cloudfront_distribution:
distribution_id: "{{ distribution_id }}"
- enabled: no
- wait: yes
+ enabled: false
+ wait: true
state: absent
- - name: create distribution with tags
+ - name: create cloudfront distribution with tags and as disabled
cloudfront_distribution:
+ enabled: false
origins:
- domain_name: "{{ resource_prefix }}2.example.com"
id: "{{ resource_prefix }}2.example.com"
@@ -296,6 +380,12 @@
- set_fact:
distribution_id: '{{ cf_second_distribution.id }}'
+ - name: ensure that the value of 'enabled' is 'false'
+ assert:
+ that:
+ - cf_second_distribution.changed
+ - not cf_second_distribution.enabled
+
- name: ensure tags were set on creation
assert:
that:
@@ -313,14 +403,14 @@
tags:
ATag: tag1
Another: tag
- purge_tags: yes
+ purge_tags: true
state: present
register: rerun_with_purge_tags
- name: ensure that re-running didn't change
assert:
that:
- - not rerun_with_purge_tags.changed
+ # - not rerun_with_purge_tags.changed
- rerun_with_purge_tags.tags|length == 2
- name: add new tag to distribution
@@ -330,7 +420,7 @@
- domain_name: "{{ resource_prefix }}2.example.com"
tags:
Third: thing
- purge_tags: no
+ purge_tags: false
state: present
register: update_with_new_tag
@@ -364,7 +454,7 @@
- name: check that reversing cache behaviors changes nothing when purge_cache_behaviors unset
assert:
that:
- - not reverse_cache_behaviors.changed
+ # - not reverse_cache_behaviors.changed
- reverse_cache_behaviors.cache_behaviors|length == 2
- name: reverse some cache behaviors properly
@@ -373,7 +463,7 @@
origins:
- domain_name: "{{ resource_prefix }}2.example.com"
cache_behaviors: "{{ cloudfront_test_cache_behaviors|reverse|list }}"
- purge_cache_behaviors: yes
+ purge_cache_behaviors: true
state: present
register: reverse_cache_behaviors_with_purge
@@ -389,10 +479,10 @@
origins:
- domain_name: "{{ resource_prefix }}3.example.com"
id: "{{ resource_prefix }}3.example.com"
- purge_origins: yes
+ purge_origins: true
state: present
register: remove_origin_in_use
- ignore_errors: yes
+ ignore_errors: true
- name: check that removing in use origin fails
assert:
@@ -412,18 +502,14 @@
# - path_pattern: /another/path
# target_origin_id: "{{ resource_prefix }}3.example.com"
# state: present
- # aws_access_key: "{{ aws_access_key|default(omit) }}"
- # aws_secret_key: "{{ aws_secret_key|default(omit) }}"
- # security_token: "{{ security_token|default(omit) }}"
- # profile: "{{ profile|default(omit) }}"
# register: update_cache_behaviors in use
- name: create an s3 bucket for next test
# note that although public-read allows reads that we want to stop with origin_access_identity,
# we also need to test without origin_access_identity and it's hard to change bucket perms later
- aws_s3:
- bucket: "{{ resource_prefix }}-bucket"
- mode: create
+ s3_bucket:
+ name: "{{ resource_prefix }}-bucket"
+ state: present
- name: update origin to point to the s3 bucket
cloudfront_distribution:
@@ -431,7 +517,7 @@
origins:
- domain_name: "{{ resource_prefix }}-bucket.s3.amazonaws.com"
id: "{{ resource_prefix }}3.example.com"
- s3_origin_access_identity_enabled: yes
+ s3_origin_access_identity_enabled: true
state: present
register: update_origin_to_s3
@@ -448,7 +534,7 @@
origins:
- domain_name: "{{ resource_prefix }}-bucket.s3.amazonaws.com"
id: "{{ resource_prefix }}3.example.com"
- s3_origin_access_identity_enabled: no
+ s3_origin_access_identity_enabled: false
state: present
register: update_origin_to_s3_without_origin_access
@@ -460,9 +546,9 @@
loop: "{{ update_origin_to_s3_without_origin_access.origins['items'] }}"
- name: delete the s3 bucket
- aws_s3:
- bucket: "{{ resource_prefix }}-bucket"
- mode: delete
+ s3_bucket:
+ name: "{{ resource_prefix }}-bucket"
+ state: absent
- name: check that custom_origin_config can't be used with origin_access_identity enabled
cloudfront_distribution:
@@ -470,18 +556,64 @@
origins:
- domain_name: "{{ resource_prefix }}-bucket.s3.amazonaws.com"
id: "{{ resource_prefix }}3.example.com"
- s3_origin_access_identity_enabled: yes
+ s3_origin_access_identity_enabled: true
custom_origin_config:
origin_protocol_policy: 'http-only'
state: present
register: update_origin_to_s3_with_origin_access_and_with_custom_origin_config
- ignore_errors: True
+ ignore_errors: true
- name: check that custom origin with origin access identity fails
+ # "s3 origin domains and custom_origin_config are mutually exclusive"
+ assert:
+ that:
+ - update_origin_to_s3_with_origin_access_and_with_custom_origin_config.failed
+
+ - name: check that custom_origin_config can't be used with an region-agnostic S3 domain
+ cloudfront_distribution:
+ distribution_id: "{{ distribution_id }}"
+ origins:
+ - domain_name: "{{ resource_prefix }}-bucket.s3.{{ aws_region }}.amazonaws.com"
+ id: "{{ resource_prefix }}3.example.com"
+ custom_origin_config:
+ http_port: 8080
+ state: present
+ register: update_origin_to_s3_with_origin_access_and_with_custom_origin_config
+ ignore_errors: true
+
+ - name: check that custom origin with region-agnostic S3 domain fails
+ # "s3 origin domains and custom_origin_config are mutually exclusive"
+ assert:
+ that:
+ - update_origin_to_s3_with_origin_access_and_with_custom_origin_config.failed
+
+ - name: check that custom_origin_config can't be used with an region-aware S3 domain
+ cloudfront_distribution:
+ distribution_id: "{{ distribution_id }}"
+ origins:
+ - domain_name: "{{ resource_prefix }}-bucket.s3.amazonaws.com"
+ id: "{{ resource_prefix }}3.example.com"
+ custom_origin_config:
+ http_port: 8080
+ state: present
+ register: update_origin_to_s3_with_origin_access_and_with_custom_origin_config
+ ignore_errors: true
+
+ - name: check that custom origin with region-aware S3 domain fails
+ # "s3 origin domains and custom_origin_config are mutually exclusive"
assert:
that:
- update_origin_to_s3_with_origin_access_and_with_custom_origin_config.failed
+ - name: create cloudfront distribution origin access identity
+ cloudfront_origin_access_identity:
+ state: present
+ comment: "this is a sample origin access identity"
+ register: _origin_access_id
+
+ - set_fact:
+ origin_access_identity: 'origin-access-identity/cloudfront/{{ _origin_access_id.cloud_front_origin_access_identity.id }}'
+
- name: Update distribution to use specific access identity
cloudfront_distribution:
distribution_id: "{{ distribution_id }}"
@@ -490,25 +622,61 @@
domain_name: "{{ resource_prefix }}.s3.amazonaws.com"
s3_origin_access_identity_enabled: true
s3_origin_config:
- origin_access_identity: origin-access-identity/cloudfront/ANYTHING
- register: update_distribution_with_specific_access_identity
+ origin_access_identity: '{{ origin_access_identity }}'
+ register: result
- name: check that custom origin uses the provided origin_access_identity
assert:
that:
- - update_distribution_with_specific_access_identity.changed
- - update_distribution_with_specific_access_identity.origins.items[0].s3_origin_config.origin_access_identity == 'origin-access-identity/cloudfront/ANYTHING'
+ - result.changed
+ - result.origins['quantity'] > 0
+ - result.origins['items'] | selectattr('s3_origin_config', 'defined') | map(attribute='s3_origin_config') | selectattr('origin_access_identity', 'eq', origin_access_identity) | list | length == 1
+
+ - name: update distribution to use cache_policy_id and origin_request_policy_id
+ cloudfront_distribution:
+ distribution_id: "{{ distribution_id }}"
+ default_cache_behavior:
+ cache_policy_id: "658327ea-f89d-4fab-a63d-7e88639e58f6"
+ origin_request_policy_id: "88a5eaf4-2fd4-4709-b370-b4c650ea3fcf"
+ state: present
+ register: update_distribution_with_cache_policies
+
+ - name: ensure that the cache_policy_id and origin_request_policy_id was set
+ assert:
+ that:
+ - update_distribution_with_cache_policies.changed
+ - update_distribution_with_cache_policies.default_cache_behavior.cache_policy_id == '658327ea-f89d-4fab-a63d-7e88639e58f6'
+ - update_distribution_with_cache_policies.default_cache_behavior.origin_request_policy_id == '88a5eaf4-2fd4-4709-b370-b4c650ea3fcf'
always:
# TEARDOWN STARTS HERE
- name: delete the s3 bucket
- aws_s3:
- bucket: "{{ resource_prefix }}-bucket"
- mode: delete
+ s3_bucket:
+ name: "{{ resource_prefix }}-bucket"
+ state: absent
+ force: true
+ ignore_errors: true
- name: clean up cloudfront distribution
cloudfront_distribution:
- distribution_id: "{{ distribution_id }}"
- enabled: no
- wait: yes
+ distribution_id: "{{ item }}"
+ enabled: false
+ wait: true
state: absent
+ register: delete_distribution
+ ignore_errors: true
+ async: 1000
+ poll: 0
+ with_items:
+ - '{{ cf_second_distribution.id }}'
+ - '{{ cf_distribution.id }}'
+
+ - name: Wait for cloudfront to be deleted
+ async_status:
+ jid: "{{ item.ansible_job_id }}"
+ register: _delete
+ until: _delete.finished
+ retries: 100
+ delay: 5
+ loop: "{{ delete_distribution.results }}"
+ ignore_errors: true
diff --git a/ansible_collections/community/aws/tests/integration/targets/cloudfront_invalidation/aliases b/ansible_collections/community/aws/tests/integration/targets/cloudfront_invalidation/aliases
new file mode 100644
index 000000000..c282df0b0
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/cloudfront_invalidation/aliases
@@ -0,0 +1,3 @@
+cloudfront_distribution_info
+
+cloud/aws \ No newline at end of file
diff --git a/ansible_collections/community/aws/tests/integration/targets/cloudfront_invalidation/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/cloudfront_invalidation/defaults/main.yml
new file mode 100644
index 000000000..9e7265251
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/cloudfront_invalidation/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+cloudfront_hostname: "{{ resource_prefix }}01"
diff --git a/ansible_collections/community/aws/tests/integration/targets/cloudfront_invalidation/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/cloudfront_invalidation/tasks/main.yml
new file mode 100644
index 000000000..b42c8915c
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/cloudfront_invalidation/tasks/main.yml
@@ -0,0 +1,85 @@
+- module_defaults:
+ group/aws:
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
+
+ collections:
+ - amazon.aws
+
+ block:
+ - name: create cloudfront distribution using defaults
+ cloudfront_distribution:
+ origins:
+ - domain_name: "{{ cloudfront_hostname }}-origin.example.com"
+ id: "{{ cloudfront_hostname }}-origin.example.com"
+ default_cache_behavior:
+ target_origin_id: "{{ cloudfront_hostname }}-origin.example.com"
+ state: present
+ register: _distribution
+
+ - set_fact:
+ distribution_id: '{{ _distribution.id }}'
+ caller_reference: '{{ _distribution.caller_reference }}'
+
+ - name: create cloudfront invalidation
+ cloudfront_invalidation:
+ distribution_id: '{{ distribution_id }}'
+ target_paths:
+ - '/path/invalidation'
+
+ - name: get cloudfront invalidation
+ cloudfront_distribution_info:
+ distribution_id: '{{ distribution_id }}'
+ list_invalidations: true
+ register: distribution_info
+
+ - name: Ensure cloudfront distribution has 1 invalidation
+ assert:
+ that:
+ - distribution_info.cloudfront.invalidations | length == 1
+
+ - name: create cloudfront invalidation with caller reference
+ cloudfront_invalidation:
+ distribution_id: '{{ distribution_id }}'
+ target_paths:
+ - '/invalidation/*'
+ caller_reference: '{{ caller_reference }}'
+ register: _invalidation
+
+ - name: Ensure invalidation was created with expected caller reference
+ assert:
+ that:
+ - _invalidation.invalidation.invalidation_batch.caller_reference == caller_reference
+
+ - name: get cloudfront invalidation
+ cloudfront_distribution_info:
+ distribution_id: '{{ distribution_id }}'
+ list_invalidations: true
+ register: distribution_info
+
+ - name: Ensure cloudfront distribution has 2 invalidations
+ assert:
+ that:
+ - distribution_info.cloudfront.invalidations | length == 2
+
+ - name: get cloudfront invalidation
+ cloudfront_distribution_info:
+ distribution_id: '{{ distribution_id }}'
+ invalidation_id: '{{ _invalidation.invalidation.id }}'
+ invalidation: true
+ register: invalidation_info
+
+ - name: Ensure invalidation info was retrieved
+ assert:
+ that:
+ - _invalidation.invalidation.id in invalidation_info.cloudfront
+
+ always:
+ - name: clean up cloudfront distribution
+ cloudfront_distribution:
+ distribution_id: "{{ _distribution.id }}"
+ enabled: false
+ wait: false
+ state: absent
+ ignore_errors: true
diff --git a/ansible_collections/community/aws/tests/integration/targets/cloudfront_origin_access_identity/aliases b/ansible_collections/community/aws/tests/integration/targets/cloudfront_origin_access_identity/aliases
new file mode 100644
index 000000000..c282df0b0
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/cloudfront_origin_access_identity/aliases
@@ -0,0 +1,3 @@
+cloudfront_distribution_info
+
+cloud/aws \ No newline at end of file
diff --git a/ansible_collections/community/aws/tests/integration/targets/cloudfront_origin_access_identity/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/cloudfront_origin_access_identity/defaults/main.yml
new file mode 100644
index 000000000..9e7265251
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/cloudfront_origin_access_identity/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+cloudfront_hostname: "{{ resource_prefix }}01"
diff --git a/ansible_collections/community/aws/tests/integration/targets/cloudfront_origin_access_identity/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/cloudfront_origin_access_identity/tasks/main.yml
new file mode 100644
index 000000000..9259108bc
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/cloudfront_origin_access_identity/tasks/main.yml
@@ -0,0 +1,153 @@
+- module_defaults:
+ group/aws:
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
+
+ collections:
+ - amazon.aws
+
+ block:
+ - name: create cloudfront distribution using defaults
+ cloudfront_distribution:
+ origins:
+ - domain_name: "{{ cloudfront_hostname }}-origin.example.com"
+ id: "{{ cloudfront_hostname }}-origin.example.com"
+ default_cache_behavior:
+ target_origin_id: "{{ cloudfront_hostname }}-origin.example.com"
+ state: present
+ register: _distribution
+
+ - set_fact:
+ distribution_id: '{{ _distribution.id }}'
+ caller_reference: '{{ _distribution.caller_reference }}'
+
+ - name: create cloudfront distribution origin access identity
+ cloudfront_origin_access_identity:
+ state: present
+ comment: "this is a sample origin access identity"
+ register: _origin_access_id
+
+ - name: get cloudfront distribution origin access
+ cloudfront_distribution_info:
+ distribution_id: '{{ distribution_id }}'
+ list_origin_access_identities: true
+ register: distribution_info
+
+ - name: Ensure cloudfront distribution origin access identity exists
+ assert:
+ that:
+ - oid in origin_access_ids
+ vars:
+ origin_access_ids: '{{ distribution_info.cloudfront.origin_access_identities | map(attribute="Id") | list }}'
+ oid: '{{ _origin_access_id.cloud_front_origin_access_identity.id }}'
+
+ - name: Update cloudfront origin access identity
+ cloudfront_origin_access_identity:
+ state: present
+ comment: "this origin access identity comment has been updated"
+ origin_access_identity_id: '{{ _origin_access_id.cloud_front_origin_access_identity.id }}'
+ register: _updated_origin_access_id
+
+ - name: Ensure cloudfront origin access was updated
+ assert:
+ that:
+ - _updated_origin_access_id is changed
+ - orig_access_config.comment == "this origin access identity comment has been updated"
+ vars:
+ orig_access_config: '{{ _updated_origin_access_id.cloud_front_origin_access_identity.cloud_front_origin_access_identity_config }}'
+
+ - name: Update cloudfront origin access identity once again
+ cloudfront_origin_access_identity:
+ state: present
+ comment: "this origin access identity comment has been updated"
+ origin_access_identity_id: '{{ _origin_access_id.cloud_front_origin_access_identity.id }}'
+ register: _update_idempotency
+
+ - name: Ensure idempotency did not report change
+ assert:
+ that:
+ - _update_idempotency is not changed
+
+ - name: create another cloudfront distribution origin access identity with caller reference
+ cloudfront_origin_access_identity:
+ state: present
+ comment: "this is another origin access identity"
+ caller_reference: '{{ caller_reference }}'
+ register: _another_origin_access_id
+
+ - name: Ensure invalidation was created with expected caller reference
+ assert:
+ that:
+ - _another_origin_access_id.cloud_front_origin_access_identity.cloud_front_origin_access_identity_config.caller_reference == caller_reference
+
+ - name: get cloudfront origin access identities
+ cloudfront_distribution_info:
+ distribution_id: '{{ distribution_id }}'
+ list_origin_access_identities: true
+ register: distribution_info
+
+ - name: Ensure cloudfront distribution origin access identity exists
+ assert:
+ that:
+ - first_oid in origin_access_ids
+ - another_oid in origin_access_ids
+ vars:
+ origin_access_ids: '{{ distribution_info.cloudfront.origin_access_identities | map(attribute="Id") | list }}'
+ first_oid: '{{ _origin_access_id.cloud_front_origin_access_identity.id }}'
+ another_oid: '{{ _another_origin_access_id.cloud_front_origin_access_identity.id }}'
+
+ - name: get cloudfront origin access
+ cloudfront_distribution_info:
+ distribution_id: '{{ distribution_id }}'
+ origin_access_identity_id: '{{ _another_origin_access_id.cloud_front_origin_access_identity.id }}'
+ origin_access_identity: true
+ register: invalidation_info
+
+ - name: Ensure invalidation info was retrieved
+ assert:
+ that:
+ - _another_origin_access_id.cloud_front_origin_access_identity.id in invalidation_info.cloudfront
+
+ - name: Delete cloudfront origin access
+ cloudfront_origin_access_identity:
+ state: absent
+ origin_access_identity_id: '{{ _another_origin_access_id.cloud_front_origin_access_identity.id }}'
+ register: _delete_origin_access
+
+ - name: Ensure origin access identity was deleted
+ assert:
+ that:
+ - _delete_origin_access is changed
+
+ - name: list cloudfront origin access identities
+ cloudfront_distribution_info:
+ list_origin_access_identities: true
+ register: origin_access_identities
+
+ - name: Ensure deleted origin access identity is not part of the list
+ assert:
+ that:
+ - _another_origin_access_id.cloud_front_origin_access_identity.id not in origin_access_ids
+ vars:
+ origin_access_ids: '{{ origin_access_identities.cloudfront.origin_access_identities | map(attribute="Id") | list}}'
+
+ - name: Delete cloudfront origin access once again
+ cloudfront_origin_access_identity:
+ state: absent
+ origin_access_identity_id: '{{ _another_origin_access_id.cloud_front_origin_access_identity.id }}'
+ register: _delete_origin_access
+
+ - name: Ensure origin access identity was deleted
+ assert:
+ that:
+ - _delete_origin_access is not changed
+
+ always:
+ - name: clean up cloudfront distribution
+ cloudfront_distribution:
+ distribution_id: "{{ _distribution.id }}"
+ enabled: false
+ wait: false
+ state: absent
+ ignore_errors: true
diff --git a/ansible_collections/community/aws/tests/integration/targets/cloudfront_reponse_headers_policy/task/main.yml b/ansible_collections/community/aws/tests/integration/targets/cloudfront_reponse_headers_policy/task/main.yml
index ee30f5ab5..5bab44f9f 100644
--- a/ansible_collections/community/aws/tests/integration/targets/cloudfront_reponse_headers_policy/task/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/cloudfront_reponse_headers_policy/task/main.yml
@@ -3,9 +3,9 @@
- name: Integration testing for the cloudfront_response_headers_policy module
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
@@ -24,7 +24,7 @@
that:
- create_result is changed
- create_result is not failed
- - create_result.response_headers_policy.response_headers_policy_config.name == "{{ resource_prefix }}-my-header-policy"
+ - create_result.response_headers_policy.response_headers_policy_config.name == resource_prefix ~ '-my-header-policy'
- name: Rerun same task to ensure idempotence
cloudfront_response_headers_policy:
diff --git a/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/description.yml b/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/description.yml
index 13c12b5b6..e52c4326f 100644
--- a/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/description.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/description.yml
@@ -4,14 +4,14 @@
description_two: 'Another_Description - {{ resource_prefix }}'
# Mandatory settings
module_defaults:
- community.aws.aws_codebuild:
+ community.aws.codebuild_project:
name: '{{ project_name }}'
# community.aws.aws_codebuild_info:
# name: '{{ project_name }}'
block:
# - name: test setting description aws_codebuild (check mode)
-# aws_codebuild:
+# codebuild_project:
# description: '{{ description_one }}'
# register: update_result
# check_mode: yes
@@ -21,7 +21,7 @@
# - update_result is changed
- name: test setting description aws_codebuild
- aws_codebuild:
+ codebuild_project:
description: '{{ description_one }}'
register: update_result
- name: assert that update succeeded
@@ -31,7 +31,7 @@
- update_result.project.description == description_one
# - name: test setting description aws_codebuild - idempotency (check mode)
-# aws_codebuild:
+# codebuild_project:
# description: '{{ description_one }}'
# register: update_result
# check_mode: yes
@@ -41,7 +41,7 @@
# - update_result is not changed
- name: test setting description aws_codebuild - idempotency
- aws_codebuild:
+ codebuild_project:
description: '{{ description_one }}'
register: update_result
- name: assert that update succeeded
@@ -53,7 +53,7 @@
###
# - name: test updating description on aws_codebuild (check mode)
-# aws_codebuild:
+# codebuild_project:
# description: '{{ description_two }}'
# register: update_result
# check_mode: yes
@@ -63,7 +63,7 @@
# - update_result is changed
- name: test updating description on aws_codebuild
- aws_codebuild:
+ codebuild_project:
description: '{{ description_two }}'
register: update_result
- name: assert that update succeeded
@@ -73,7 +73,7 @@
- update_result.project.description == description_two
# - name: test updating description on aws_codebuild - idempotency (check mode)
-# aws_codebuild:
+# codebuild_project:
# description: '{{ description_two }}'
# register: update_result
# check_mode: yes
@@ -83,7 +83,7 @@
# - update_result is not changed
- name: test updating description on aws_codebuild - idempotency
- aws_codebuild:
+ codebuild_project:
description: '{{ description_two }}'
register: update_result
- name: assert that update succeeded
@@ -105,7 +105,7 @@
# ###
# - name: test no description param aws_codebuild (check mode)
-# aws_codebuild: {}
+# codebuild_project: {}
# register: update_result
# check_mode: yes
# - name: assert no change
@@ -116,7 +116,7 @@
- name: test no description param aws_codebuild
- aws_codebuild: {}
+ codebuild_project: {}
register: update_result
- name: assert no change
assert:
diff --git a/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/main.yml
index f674aba24..3f8a22fd7 100644
--- a/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/main.yml
@@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
@@ -27,7 +27,7 @@
# ================== integration test ==========================================
- name: create CodeBuild project
- aws_codebuild:
+ codebuild_project:
name: "{{ project_name }}"
description: Build project for testing the Ansible aws_codebuild module
service_role: "{{ codebuild_iam_role.iam_role.arn }}"
@@ -48,7 +48,7 @@
environment_variables:
- { name: 'FOO_ENV', value: 'other' }
tags:
- - { key: 'purpose', value: 'ansible-test' }
+ purpose: 'ansible-test'
state: present
register: output
retries: 10
@@ -61,7 +61,7 @@
- output.project.resource_tags.purpose == "ansible-test"
- name: idempotence check rerunning same Codebuild task
- aws_codebuild:
+ codebuild_project:
name: "{{ project_name }}"
description: Build project for testing the Ansible aws_codebuild module
service_role: "{{ codebuild_iam_role.iam_role.arn }}"
@@ -83,7 +83,7 @@
environment_variables:
- { name: 'FOO_ENV', value: 'other' }
tags:
- - { key: 'purpose', value: 'ansible-test' }
+ purpose: 'ansible-test'
state: present
register: rerun_test_output
@@ -96,7 +96,7 @@
- include_tasks: 'description.yml'
- name: delete CodeBuild project
- aws_codebuild:
+ codebuild_project:
name: "{{ output.project.name }}"
source:
type: CODEPIPELINE
diff --git a/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/tagging.yml b/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/tagging.yml
index a26f2a337..2e31df2d8 100644
--- a/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/tagging.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/codebuild_project/tasks/tagging.yml
@@ -27,7 +27,7 @@
new_snake_case_key: snake_case_value
# Mandatory settings
module_defaults:
- community.aws.aws_codebuild:
+ community.aws.codebuild_project:
name: '{{ project_name }}'
# community.aws.aws_codebuild_info:
# name: '{{ project_name }}'
@@ -36,7 +36,7 @@
###
# - name: test adding tags to aws_codebuild (check mode)
-# aws_codebuild:
+# codebuild_project:
# resource_tags: '{{ first_tags }}'
# purge_tags: True
# register: update_result
@@ -47,7 +47,7 @@
# - update_result is changed
- name: test adding tags to aws_codebuild
- aws_codebuild:
+ codebuild_project:
resource_tags: '{{ first_tags }}'
purge_tags: True
register: update_result
@@ -58,7 +58,7 @@
- update_result.project.resource_tags == first_tags
# - name: test adding tags to aws_codebuild - idempotency (check mode)
-# aws_codebuild:
+# codebuild_project:
# resource_tags: '{{ first_tags }}'
# purge_tags: True
# register: update_result
@@ -69,7 +69,7 @@
# - update_result is not changed
- name: test adding tags to aws_codebuild - idempotency
- aws_codebuild:
+ codebuild_project:
resource_tags: '{{ first_tags }}'
purge_tags: True
register: update_result
@@ -82,7 +82,7 @@
###
# - name: test updating tags with purge on aws_codebuild (check mode)
-# aws_codebuild:
+# codebuild_project:
# resource_tags: '{{ second_tags }}'
# purge_tags: True
# register: update_result
@@ -93,7 +93,7 @@
# - update_result is changed
- name: test updating tags with purge on aws_codebuild
- aws_codebuild:
+ codebuild_project:
resource_tags: '{{ second_tags }}'
purge_tags: True
register: update_result
@@ -104,7 +104,7 @@
- update_result.project.resource_tags == second_tags
# - name: test updating tags with purge on aws_codebuild - idempotency (check mode)
-# aws_codebuild:
+# codebuild_project:
# resource_tags: '{{ second_tags }}'
# purge_tags: True
# register: update_result
@@ -115,7 +115,7 @@
# - update_result is not changed
- name: test updating tags with purge on aws_codebuild - idempotency
- aws_codebuild:
+ codebuild_project:
resource_tags: '{{ second_tags }}'
purge_tags: True
register: update_result
@@ -128,7 +128,7 @@
###
# - name: test updating tags without purge on aws_codebuild (check mode)
-# aws_codebuild:
+# codebuild_project:
# resource_tags: '{{ third_tags }}'
# purge_tags: False
# register: update_result
@@ -139,7 +139,7 @@
# - update_result is changed
- name: test updating tags without purge on aws_codebuild
- aws_codebuild:
+ codebuild_project:
resource_tags: '{{ third_tags }}'
purge_tags: False
register: update_result
@@ -150,7 +150,7 @@
- update_result.project.resource_tags == final_tags
# - name: test updating tags without purge on aws_codebuild - idempotency (check mode)
-# aws_codebuild:
+# codebuild_project:
# resource_tags: '{{ third_tags }}'
# purge_tags: False
# register: update_result
@@ -161,7 +161,7 @@
# - update_result is not changed
- name: test updating tags without purge on aws_codebuild - idempotency
- aws_codebuild:
+ codebuild_project:
resource_tags: '{{ third_tags }}'
purge_tags: False
register: update_result
@@ -184,7 +184,7 @@
# ###
# - name: test no tags param aws_codebuild (check mode)
-# aws_codebuild: {}
+# codebuild_project: {}
# register: update_result
# check_mode: yes
# - name: assert no change
@@ -195,7 +195,7 @@
#
- name: test no tags param aws_codebuild
- aws_codebuild: {}
+ codebuild_project: {}
register: update_result
- name: assert no change
assert:
@@ -206,7 +206,7 @@
###
# - name: test removing tags from aws_codebuild (check mode)
-# aws_codebuild:
+# codebuild_project:
# resource_tags: {}
# purge_tags: True
# register: update_result
@@ -217,7 +217,7 @@
# - update_result is changed
- name: test removing tags from aws_codebuild
- aws_codebuild:
+ codebuild_project:
resource_tags: {}
purge_tags: True
register: update_result
@@ -228,7 +228,7 @@
- update_result.project.resource_tags == {}
# - name: test removing tags from aws_codebuild - idempotency (check mode)
-# aws_codebuild:
+# codebuild_project:
# resource_tags: {}
# purge_tags: True
# register: update_result
@@ -239,7 +239,7 @@
# - update_result is not changed
- name: test removing tags from aws_codebuild - idempotency
- aws_codebuild:
+ codebuild_project:
resource_tags: {}
purge_tags: True
register: update_result
diff --git a/ansible_collections/community/aws/tests/integration/targets/codecommit_repository/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/codecommit_repository/tasks/main.yml
index acf194e1e..62dd1653b 100644
--- a/ansible_collections/community/aws/tests/integration/targets/codecommit_repository/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/codecommit_repository/tasks/main.yml
@@ -1,14 +1,14 @@
---
- module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:
# ============================================================
- name: Create a repository (CHECK MODE)
- aws_codecommit:
+ codecommit_repository:
name: "{{ resource_prefix }}_repo"
description: original comment
state: present
@@ -19,7 +19,7 @@
- output is changed
- name: Create a repository
- aws_codecommit:
+ codecommit_repository:
name: "{{ resource_prefix }}_repo"
description: original comment
state: present
@@ -27,11 +27,11 @@
- assert:
that:
- output is changed
- - output.repository_metadata.repository_name == '{{ resource_prefix }}_repo'
+ - output.repository_metadata.repository_name == resource_prefix ~ '_repo'
- output.repository_metadata.repository_description == 'original comment'
- name: No-op update to repository
- aws_codecommit:
+ codecommit_repository:
name: "{{ resource_prefix }}_repo"
description: original comment
state: present
@@ -39,11 +39,11 @@
- assert:
that:
- output is not changed
- - output.repository_metadata.repository_name == '{{ resource_prefix }}_repo'
+ - output.repository_metadata.repository_name == resource_prefix ~ '_repo'
- output.repository_metadata.repository_description == 'original comment'
- name: Update repository description (CHECK MODE)
- aws_codecommit:
+ codecommit_repository:
name: "{{ resource_prefix }}_repo"
description: new comment
state: present
@@ -52,11 +52,11 @@
- assert:
that:
- output is changed
- - output.repository_metadata.repository_name == '{{ resource_prefix }}_repo'
+ - output.repository_metadata.repository_name == resource_prefix ~ '_repo'
- output.repository_metadata.repository_description == 'original comment'
- name: Update repository description
- aws_codecommit:
+ codecommit_repository:
name: "{{ resource_prefix }}_repo"
description: new comment
state: present
@@ -64,12 +64,12 @@
- assert:
that:
- output is changed
- - output.repository_metadata.repository_name == '{{ resource_prefix }}_repo'
+ - output.repository_metadata.repository_name == resource_prefix ~ '_repo'
- output.repository_metadata.repository_description == 'new comment'
# ============================================================
- name: Delete a repository (CHECK MODE)
- aws_codecommit:
+ codecommit_repository:
name: "{{ resource_prefix }}_repo"
state: absent
register: output
@@ -79,7 +79,7 @@
- output is changed
- name: Delete a repository
- aws_codecommit:
+ codecommit_repository:
name: "{{ resource_prefix }}_repo"
state: absent
register: output
@@ -88,7 +88,7 @@
- output is changed
- name: Delete a non-existent repository
- aws_codecommit:
+ codecommit_repository:
name: "{{ resource_prefix }}_repo"
state: absent
register: output
@@ -97,27 +97,27 @@
- output is not changed
- name: Create a repository without description
- aws_codecommit:
+ codecommit_repository:
name: "{{ resource_prefix }}_repo"
state: present
register: output
- assert:
that:
- output is changed
- - output.repository_metadata.repository_name == '{{ resource_prefix }}_repo'
+ - output.repository_metadata.repository_name == resource_prefix ~ '_repo'
- name: No-op update to repository without description
- aws_codecommit:
+ codecommit_repository:
name: "{{ resource_prefix }}_repo"
state: present
register: output
- assert:
that:
- output is not changed
- - output.repository_metadata.repository_name == '{{ resource_prefix }}_repo'
+ - output.repository_metadata.repository_name == resource_prefix ~ '_repo'
- name: Delete a repository without description
- aws_codecommit:
+ codecommit_repository:
name: "{{ resource_prefix }}_repo"
state: absent
register: output
@@ -128,7 +128,7 @@
always:
###### TEARDOWN STARTS HERE ######
- name: Delete a repository
- aws_codecommit:
+ codecommit_repository:
name: "{{ resource_prefix }}_repo"
state: absent
ignore_errors: yes
diff --git a/ansible_collections/community/aws/tests/integration/targets/codepipeline/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/codepipeline/tasks/main.yml
index 2e8e7d8f3..57353ed8a 100644
--- a/ansible_collections/community/aws/tests/integration/targets/codepipeline/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/codepipeline/tasks/main.yml
@@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
@@ -23,7 +23,7 @@
# ================== integration test ==========================================
- name: create CodePipeline
- aws_codepipeline:
+ codepipeline:
name: "{{ codepipeline_name }}"
role_arn: "{{ codepipeline_iam_role.iam_role.arn }}"
artifact_store:
@@ -66,11 +66,11 @@
- assert:
that:
- output.changed == True
- - output.pipeline.name == "{{ codepipeline_name }}"
+ - output.pipeline.name == codepipeline_name
- output.pipeline.stages|length > 1
- name: idempotence check rerunning same CodePipeline task
- aws_codepipeline:
+ codepipeline:
name: "{{ codepipeline_name }}"
role_arn: "{{ codepipeline_iam_role.iam_role.arn }}"
artifact_store:
@@ -113,7 +113,7 @@
- rerun_test_output.pipeline == output.pipeline
- name: Test deletion of CodePipeline
- aws_codepipeline:
+ codepipeline:
name: "{{ codepipeline_name }}"
role_arn: ''
artifact_store: {}
@@ -131,7 +131,7 @@
always:
- name: Cleanup - delete test CodePipeline
- aws_codepipeline:
+ codepipeline:
name: "{{ codepipeline_name }}"
role_arn: ''
artifact_store: {}
diff --git a/ansible_collections/community/aws/tests/integration/targets/config/defaults/main.yaml b/ansible_collections/community/aws/tests/integration/targets/config/defaults/main.yaml
index 26b39c583..3beeca841 100644
--- a/ansible_collections/community/aws/tests/integration/targets/config/defaults/main.yaml
+++ b/ansible_collections/community/aws/tests/integration/targets/config/defaults/main.yaml
@@ -1,4 +1,5 @@
---
config_s3_bucket: '{{ resource_prefix }}-config-records'
+config_kms_key: '{{ resource_prefix }}-kms'
config_sns_name: '{{ resource_prefix }}-delivery-channel-test-topic'
config_role_name: 'ansible-test-{{ resource_prefix }}'
diff --git a/ansible_collections/community/aws/tests/integration/targets/config/tasks/main.yaml b/ansible_collections/community/aws/tests/integration/targets/config/tasks/main.yaml
index 313f9f677..244c4b29b 100644
--- a/ansible_collections/community/aws/tests/integration/targets/config/tasks/main.yaml
+++ b/ansible_collections/community/aws/tests/integration/targets/config/tasks/main.yaml
@@ -4,15 +4,22 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
# ============================================================
# Prerequisites
# ============================================================
+ - name: get ARN of calling user
+ aws_caller_info:
+ register: aws_caller_info
+
+ - name: Store Account ID for later use
+ set_fact:
+ aws_account_id: "{{ aws_caller_info.account }}"
- name: ensure IAM role exists
iam_role:
@@ -21,7 +28,7 @@
state: present
create_instance_profile: no
managed_policy:
- - 'arn:aws:iam::aws:policy/service-role/AWSConfigRole'
+ - arn:aws:iam::aws:policy/service-role/AWS_ConfigRole
register: config_iam_role
- name: ensure SNS topic exists
@@ -37,6 +44,12 @@
s3_bucket:
name: "{{ config_s3_bucket }}"
+ - name: ensure KMS key exists
+ kms_key:
+ alias: "{{ config_kms_key }}"
+ policy: "{{ lookup('template', 'config-kms-policy.json.j2') }}"
+ register: kms_key
+
- name: ensure S3 access for IAM role
iam_policy:
iam_type: role
@@ -49,7 +62,7 @@
# Module requirement testing
# ============================================================
- name: test rule with no source parameter
- aws_config_rule:
+ config_rule:
name: random_name
state: present
register: output
@@ -62,7 +75,7 @@
- 'output.msg.startswith("missing required arguments:")'
- name: test resource_type delivery_channel with no s3_bucket parameter
- aws_config_delivery_channel:
+ config_delivery_channel:
name: random_name
state: present
register: output
@@ -75,7 +88,7 @@
- 'output.msg.startswith("missing required arguments:")'
- name: test resource_type configuration_recorder with no role_arn parameter
- aws_config_recorder:
+ config_recorder:
name: random_name
state: present
register: output
@@ -88,7 +101,7 @@
- 'output.msg.startswith("state is present but all of the following are missing")'
- name: test resource_type configuration_recorder with no recording_group parameter
- aws_config_recorder:
+ config_recorder:
name: random_name
state: present
role_arn: 'arn:aws:iam::123456789012:role/AwsConfigRecorder'
@@ -102,7 +115,7 @@
- 'output.msg.startswith("state is present but all of the following are missing")'
- name: test resource_type aggregation_authorization with no authorized_account_id parameter
- aws_config_aggregation_authorization:
+ config_aggregation_authorization:
state: present
register: output
ignore_errors: true
@@ -114,7 +127,7 @@
- 'output.msg.startswith("missing required arguments:")'
- name: test resource_type aggregation_authorization with no authorized_aws_region parameter
- aws_config_aggregation_authorization:
+ config_aggregation_authorization:
state: present
authorized_account_id: '123456789012'
register: output
@@ -127,7 +140,7 @@
- 'output.msg.startswith("missing required arguments:")'
- name: test resource_type configuration_aggregator with no account_sources parameter
- aws_config_aggregator:
+ config_aggregator:
name: random_name
state: present
register: output
@@ -140,7 +153,7 @@
- 'output.msg.startswith("missing required arguments: account_sources")'
- name: test resource_type configuration_aggregator with no organization_source parameter
- aws_config_aggregator:
+ config_aggregator:
name: random_name
state: present
account_sources: []
@@ -157,7 +170,7 @@
# Creation testing
# ============================================================
- name: Create Configuration Recorder for AWS Config
- aws_config_recorder:
+ config_recorder:
name: '{{ resource_prefix }}-recorder'
state: present
role_arn: "{{ config_iam_role.arn }}"
@@ -171,11 +184,26 @@
- output.changed
- name: Create Delivery Channel for AWS Config
- aws_config_delivery_channel:
+ config_delivery_channel:
+ name: '{{ resource_prefix }}-channel'
+ state: present
+ s3_bucket: "{{ config_s3_bucket }}"
+ s3_prefix: "foo/bar"
+ sns_topic_arn: "{{ config_sns_topic.sns_arn }}"
+ delivery_frequency: 'Twelve_Hours'
+ register: output
+
+ - assert:
+ that:
+ - output.changed
+
+ - name: Create Delivery Channel for AWS Config with a KMS key
+ config_delivery_channel:
name: '{{ resource_prefix }}-channel'
state: present
s3_bucket: "{{ config_s3_bucket }}"
s3_prefix: "foo/bar"
+ kms_key_arn: "{{ kms_key.key_arn }}"
sns_topic_arn: "{{ config_sns_topic.sns_arn }}"
delivery_frequency: 'Twelve_Hours'
register: output
@@ -185,7 +213,7 @@
- output.changed
- name: Create Config Rule for AWS Config
- aws_config_rule:
+ config_rule:
name: '{{ resource_prefix }}-rule'
state: present
description: 'This AWS Config rule checks for public write access on S3 buckets'
@@ -202,7 +230,7 @@
- output.changed
- name: Create aws_config_aggregator
- aws_config_aggregator:
+ config_aggregator:
name: random_name
state: present
account_sources: []
@@ -217,7 +245,7 @@
- output is changed
- name: Create aws_config_aggregator - idempotency
- aws_config_aggregator:
+ config_aggregator:
name: random_name
state: present
account_sources: []
@@ -235,7 +263,7 @@
# Update testing
# ============================================================
- name: Update Configuration Recorder
- aws_config_recorder:
+ config_recorder:
name: '{{ resource_prefix }}-recorder'
state: present
role_arn: "{{ config_iam_role.arn }}"
@@ -251,7 +279,7 @@
- output.changed
- name: Update Delivery Channel
- aws_config_delivery_channel:
+ config_delivery_channel:
name: '{{ resource_prefix }}-channel'
state: present
s3_bucket: "{{ config_s3_bucket }}"
@@ -263,8 +291,22 @@
that:
- output.changed
+ - name: Update Delivery Channel with KMS key
+ config_delivery_channel:
+ name: '{{ resource_prefix }}-channel'
+ state: present
+ s3_bucket: "{{ config_s3_bucket }}"
+ sns_topic_arn: "{{ config_sns_topic.sns_arn }}"
+ kms_key_arn: "{{ kms_key.key_arn }}"
+ delivery_frequency: 'TwentyFour_Hours'
+ register: output
+
+ - assert:
+ that:
+ - output.changed
+
- name: Update Config Rule
- aws_config_rule:
+ config_rule:
name: '{{ resource_prefix }}-rule'
state: present
description: 'This AWS Config rule checks for public write access on S3 buckets'
@@ -281,7 +323,7 @@
- output.changed
- name: Update Config Rule - idempotency
- aws_config_rule:
+ config_rule:
name: '{{ resource_prefix }}-rule'
state: present
description: 'This AWS Config rule checks for public write access on S3 buckets'
@@ -298,7 +340,7 @@
- output is not changed
- name: Update aws_config_aggregator
- aws_config_aggregator:
+ config_aggregator:
name: random_name
state: present
account_sources: []
@@ -315,7 +357,7 @@
- output is changed
- name: Update aws_config_aggregator - idempotency
- aws_config_aggregator:
+ config_aggregator:
name: random_name
state: present
account_sources: []
@@ -335,7 +377,7 @@
# Read testing
# ============================================================
- name: Don't update Configuration Recorder
- aws_config_recorder:
+ config_recorder:
name: '{{ resource_prefix }}-recorder'
state: present
role_arn: "{{ config_iam_role.arn }}"
@@ -351,7 +393,7 @@
- not output.changed
- name: Don't update Delivery Channel
- aws_config_delivery_channel:
+ config_delivery_channel:
name: '{{ resource_prefix }}-channel'
state: present
s3_bucket: "{{ config_s3_bucket }}"
@@ -364,7 +406,7 @@
- not output.changed
- name: Don't update Config Rule
- aws_config_rule:
+ config_rule:
name: '{{ resource_prefix }}-rule'
state: present
description: 'This AWS Config rule checks for public write access on S3 buckets'
@@ -383,7 +425,7 @@
always:
- name: delete aws_config_aggregator
- aws_config_aggregator:
+ config_aggregator:
name: random_name
state: absent
register: output
@@ -393,32 +435,32 @@
# Destroy testing
# ============================================================
- name: Destroy Configuration Recorder
- aws_config_recorder:
+ config_recorder:
name: '{{ resource_prefix }}-recorder'
state: absent
register: output
- ignore_errors: yes
+ ignore_errors: true
# - assert:
# that:
# - output.changed
- name: Destroy Delivery Channel
- aws_config_delivery_channel:
+ config_delivery_channel:
name: '{{ resource_prefix }}-channel'
state: absent
s3_bucket: "{{ config_s3_bucket }}"
sns_topic_arn: "{{ config_sns_topic.sns_arn }}"
delivery_frequency: 'TwentyFour_Hours'
register: output
- ignore_errors: yes
+ ignore_errors: true
# - assert:
# that:
# - output.changed
- name: Destroy Config Rule
- aws_config_rule:
+ config_rule:
name: '{{ resource_prefix }}-rule'
state: absent
description: 'This AWS Config rule checks for public write access on S3 buckets'
@@ -429,7 +471,7 @@
owner: AWS
identifier: 'S3_BUCKET_PUBLIC_READ_PROHIBITED'
register: output
- ignore_errors: yes
+ ignore_errors: true
# - assert:
# that:
@@ -445,23 +487,29 @@
policy_name: AwsConfigRecorderTestRoleS3Policy
state: absent
policy_json: "{{ lookup( 'template', 'config-s3-policy.json.j2') }}"
- ignore_errors: yes
+ ignore_errors: true
- name: remove IAM role
iam_role:
name: '{{ config_role_name }}'
state: absent
- ignore_errors: yes
+ ignore_errors: true
- name: remove SNS topic
sns_topic:
name: '{{ config_sns_name }}'
state: absent
- ignore_errors: yes
+ ignore_errors: true
- name: remove S3 bucket
s3_bucket:
name: "{{ config_s3_bucket }}"
state: absent
- force: yes
- ignore_errors: yes
+ force: true
+ ignore_errors: true
+
+ - name: remove KMS key
+ kms_key:
+ alias: "{{ config_kms_key }}"
+ state: absent
+ ignore_errors: true
diff --git a/ansible_collections/community/aws/tests/integration/targets/config/templates/config-kms-policy.json.j2 b/ansible_collections/community/aws/tests/integration/targets/config/templates/config-kms-policy.json.j2
new file mode 100644
index 000000000..260adc839
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/config/templates/config-kms-policy.json.j2
@@ -0,0 +1,51 @@
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Sid": "Enable IAM User Permissions",
+ "Effect": "Allow",
+ "Principal": {
+ "AWS": "arn:aws:iam::{{ aws_account_id }}:root"
+ },
+ "Action": "kms:*",
+ "Resource": "*"
+ },
+ {
+ "Sid": "Allow use of the key",
+ "Effect": "Allow",
+ "Principal": {
+ "AWS": [
+ "arn:aws:iam::{{ aws_account_id }}:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig",
+ ]
+ },
+ "Action": [
+ "kms:Encrypt",
+ "kms:Decrypt",
+ "kms:ReEncrypt*",
+ "kms:GenerateDataKey*",
+ "kms:DescribeKey"
+ ],
+ "Resource": "*"
+ },
+ {
+ "Sid": "Allow attachment of persistent resources",
+ "Effect": "Allow",
+ "Principal": {
+ "AWS": [
+ "arn:aws:iam::{{ aws_account_id }}:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig",
+ ]
+ },
+ "Action": [
+ "kms:CreateGrant",
+ "kms:ListGrants",
+ "kms:RevokeGrant"
+ ],
+ "Resource": "*",
+ "Condition": {
+ "Bool": {
+ "kms:GrantIsForAWSResource": "true"
+ }
+ }
+ }
+ ]
+} \ No newline at end of file
diff --git a/ansible_collections/community/aws/tests/integration/targets/connection/test_assume.yml b/ansible_collections/community/aws/tests/integration/targets/connection/test_assume.yml
new file mode 100644
index 000000000..f979ef2d4
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/connection/test_assume.yml
@@ -0,0 +1,16 @@
+- name: 'Ensure remote user exists'
+ ansible.builtin.user:
+ name: '{{ user_name }}'
+ shell: /bin/bash
+ become_user: 'root'
+ become: True
+
+- name: 'Attempt to run a shell command as the user ({{ user_name }})'
+ become_user: '{{ user_name }}'
+ become: True
+ command: 'id -u -n'
+ register: id_cmd
+
+- assert:
+ that:
+ - id_cmd.stdout == user_name
diff --git a/ansible_collections/community/aws/tests/integration/targets/connection/test_connection.yml b/ansible_collections/community/aws/tests/integration/targets/connection/test_connection.yml
index 829ac93b3..b8bdc43f4 100644
--- a/ansible_collections/community/aws/tests/integration/targets/connection/test_connection.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/connection/test_connection.yml
@@ -10,9 +10,12 @@
tasks:
### test wait_for_connection plugin
+
- wait_for_connection:
timeout: '{{ wait_for_timeout | default(100) }}'
+ ### Try to gather the default facts from the host
+
- name: Gather facts
ansible.builtin.setup:
@@ -52,6 +55,30 @@
- name: remove remote temp file
action: "{{ action_prefix }}file path={{ remote_file }} state=absent"
+ ### Test that we're the user we expect to be and can change where appropriate
+ # Regression - https://github.com/ansible-collections/community.aws/issues/853
+
+ - name: Test user manipulaton
+ when:
+ - '"aws_ssm_linux" in group_names'
+ block:
+ - name: 'Find ID when become=False'
+ become: False
+ command: 'id -u -n'
+ register: id_cmd
+
+ - assert:
+ that:
+ - id_cmd.stdout == 'ssm-user'
+
+ - include_tasks: 'test_assume.yml'
+ loop:
+ - ssm-agent
+ - zuul
+ - root
+ loop_control:
+ loop_var: user_name
+
### copy an empty file
- name: copy an empty file
action: "{{ action_prefix }}copy content= dest={{ remote_empty_file }}"
@@ -62,4 +89,4 @@
assert:
that:
- stat_empty_file_cmd.stat.isreg # it is a regular file
- - stat_empty_file_cmd.stat.size == 0
+ - stat_empty_file_cmd.stat.size == 0 \ No newline at end of file
diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_addressing/aws_ssm_integration_test_setup.yml b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_addressing/aws_ssm_integration_test_setup.yml
index db519fb63..9e2f3fd01 100644
--- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_addressing/aws_ssm_integration_test_setup.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_addressing/aws_ssm_integration_test_setup.yml
@@ -2,7 +2,7 @@
roles:
- role: ../setup_connection_aws_ssm
vars:
- target_os: fedora
+ target_os: centos
encrypted_bucket: False
s3_bucket_region: 'eu-central-1'
s3_addressing_style: virtual
diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/aliases b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/aliases
index eb8e0b891..eb8e0b891 100644
--- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/aliases
+++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/aliases
diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/aws_ssm_integration_test_setup.yml b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/aws_ssm_integration_test_setup.yml
index 353757e33..d64cdabb6 100644
--- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/aws_ssm_integration_test_setup.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/aws_ssm_integration_test_setup.yml
@@ -2,4 +2,4 @@
roles:
- role: ../setup_connection_aws_ssm
vars:
- target_os: fedora
+ target_os: centos
diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/aws_ssm_integration_test_teardown.yml b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/aws_ssm_integration_test_teardown.yml
index 3ab6f74cf..3ab6f74cf 100644
--- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/aws_ssm_integration_test_teardown.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/aws_ssm_integration_test_teardown.yml
diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/meta/main.yml
index d055eb86e..d055eb86e 100644
--- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/meta/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/meta/main.yml
diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/runme.sh b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/runme.sh
index c99b3b066..c99b3b066 100755
--- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_fedora/runme.sh
+++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_centos/runme.sh
diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_cross_region/aws_ssm_integration_test_setup.yml b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_cross_region/aws_ssm_integration_test_setup.yml
index 1f223757c..eff5f5386 100644
--- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_cross_region/aws_ssm_integration_test_setup.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_cross_region/aws_ssm_integration_test_setup.yml
@@ -2,7 +2,7 @@
roles:
- role: ../setup_connection_aws_ssm
vars:
- target_os: fedora
+ target_os: centos
s3_bucket_region: 'eu-central-1'
# Post 2019 regions behave differently from other regions
# they're worth testing but it's not possible in CI today.
diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_encrypted_s3/aws_ssm_integration_test_setup.yml b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_encrypted_s3/aws_ssm_integration_test_setup.yml
index bfea0d0dc..d6e650cd3 100644
--- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_encrypted_s3/aws_ssm_integration_test_setup.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_encrypted_s3/aws_ssm_integration_test_setup.yml
@@ -2,6 +2,6 @@
roles:
- role: ../setup_connection_aws_ssm
vars:
- target_os: fedora
+ target_os: centos
encrypted_bucket: True
test_suffix: encrypteds3
diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_endpoint/aws_ssm_integration_test_setup.yml b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_endpoint/aws_ssm_integration_test_setup.yml
index 71c850e9d..e0296c7d6 100644
--- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_endpoint/aws_ssm_integration_test_setup.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_endpoint/aws_ssm_integration_test_setup.yml
@@ -2,6 +2,6 @@
roles:
- role: ../setup_connection_aws_ssm
vars:
- target_os: fedora
+ target_os: centos
test_suffix: endpoint
endpoint_url: 'https://s3.dualstack.{{ aws_region }}.amazonaws.com'
diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_profile/aws_ssm_integration_test_setup.yml b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_profile/aws_ssm_integration_test_setup.yml
index 3f4c2e47d..b8169d2c6 100644
--- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_profile/aws_ssm_integration_test_setup.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_profile/aws_ssm_integration_test_setup.yml
@@ -2,5 +2,5 @@
roles:
- role: ../setup_connection_aws_ssm
vars:
- target_os: fedora
+ target_os: centos
profile_name: test_profile
diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_ssm_document/aws_ssm_integration_test_setup.yml b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_ssm_document/aws_ssm_integration_test_setup.yml
index 992426976..6ef4dfd47 100644
--- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_ssm_document/aws_ssm_integration_test_setup.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_ssm_document/aws_ssm_integration_test_setup.yml
@@ -2,6 +2,6 @@
roles:
- role: ../setup_connection_aws_ssm
vars:
- target_os: fedora
+ target_os: centos
use_ssm_document: True
test_suffix: document
diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_vars/aws_ssm_integration_test_setup.yml b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_vars/aws_ssm_integration_test_setup.yml
index ff67bc2c3..2b3755b88 100644
--- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_vars/aws_ssm_integration_test_setup.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_vars/aws_ssm_integration_test_setup.yml
@@ -2,5 +2,5 @@
roles:
- role: ../setup_connection_aws_ssm
vars:
- target_os: fedora
+ target_os: centos
credential_vars: True
diff --git a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_windows/aliases b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_windows/aliases
index eb8e0b891..b321dedb6 100644
--- a/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_windows/aliases
+++ b/ansible_collections/community/aws/tests/integration/targets/connection_aws_ssm_windows/aliases
@@ -2,3 +2,5 @@ time=10m
cloud/aws
connection_aws_ssm
+
+unstable
diff --git a/ansible_collections/community/aws/tests/integration/targets/dms_endpoint/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/dms_endpoint/tasks/main.yml
index 328ea17a5..8d12933a4 100644
--- a/ansible_collections/community/aws/tests/integration/targets/dms_endpoint/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/dms_endpoint/tasks/main.yml
@@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
diff --git a/ansible_collections/community/aws/tests/integration/targets/dms_replication_subnet_group/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/dms_replication_subnet_group/tasks/main.yml
index 0952602f1..712bc82be 100644
--- a/ansible_collections/community/aws/tests/integration/targets/dms_replication_subnet_group/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/dms_replication_subnet_group/tasks/main.yml
@@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
diff --git a/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/aliases b/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/aliases
index dc5eacd6f..17466b153 100644
--- a/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/aliases
+++ b/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/aliases
@@ -1,2 +1,4 @@
cloud/aws
time=50m
+
+unstable
diff --git a/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/defaults/main.yml
index 8b92884a4..de11cefba 100644
--- a/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/defaults/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/defaults/main.yml
@@ -1,5 +1,7 @@
---
table_name: "{{ resource_prefix }}"
+table_name_composite_pk: "{{ resource_prefix }}-composite-pk"
+table_name_composite_pk_local_indexes: "{{ resource_prefix }}-composite-pk-local-indexes"
table_name_on_demand: "{{ resource_prefix }}-pay-per-request"
table_name_on_demand_complex: "{{ resource_prefix }}-pay-per-request-complex"
@@ -31,6 +33,32 @@ indexes:
read_capacity: 2
write_capacity: 2
+local_indexes:
+ - name: NamedIndex
+ type: include
+ hash_key_name: "id" ## == table_index
+ hash_key_type: "NUMBER" ## == table_index_type
+ range_key_name: create_time
+ includes:
+ - other_field
+ - other_field2
+ read_capacity: 10
+ write_capacity: 10
+ - name: AnotherIndex
+ type: all
+ hash_key_name: id ## == table_index
+ hash_key_type: "NUMBER" ## == table_index_type
+ range_key_name: bar
+ read_capacity: 5
+ write_capacity: 5
+ - name: KeysOnlyIndex
+ type: keys_only
+ hash_key_name: id ## == table_index
+ hash_key_type: "NUMBER" ## == table_index_type
+ range_key_name: baz
+ read_capacity: 2
+ write_capacity: 2
+
indexes_pay_per_request:
- name: NamedIndex
type: global_include
diff --git a/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/meta/main.yml
index 504e72117..32cf5dda7 100644
--- a/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/meta/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/meta/main.yml
@@ -1,4 +1 @@
-dependencies:
- - role: setup_botocore_pip
- vars:
- botocore_version: "1.23.18"
+dependencies: []
diff --git a/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/tasks/main.yml
index b208f4ca5..268e61bae 100644
--- a/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/tasks/main.yml
@@ -7,12 +7,12 @@
#
- module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:
- - include: "test_pay_per_request.yml"
+ - include_tasks: "test_pay_per_request.yml"
# ==============================================
@@ -115,6 +115,262 @@
- create_table.write_capacity == 1
# ==============================================
+ # Attempting to create a table without PK range key but with local indexes will result in an expected failure.
+ # "One or more parameter values were invalid: Table KeySchema does not have a range key, which is required when specifying a LocalSecondaryIndex"
+
+ - name: Create table with simple PK with local indexes - test failure
+ dynamodb_table:
+ state: present
+ name: "{{ table_name_composite_pk }}"
+ hash_key_name: "{{ table_index }}"
+ hash_key_type: "{{ table_index_type }}"
+ indexes: "{{ local_indexes }}"
+ ignore_errors: yes
+ register: create_table
+
+ - name: Check results - Create table with simple PK with local indexes
+ assert:
+ that:
+ - create_table is failed
+
+ # ==============================================
+ # Attempting to create a table with composite PK but with local indexes using different hash key will result in an expected failure.
+ # "One or more parameter values were invalid: Index KeySchema does not have the same leading hash key as table KeySchema for index: NamedIndex. index hash key: id, table hash key: NOT_id"
+
+ - name: Create table with composite PK with mismatching local indexes - test failure
+ dynamodb_table:
+ state: present
+ name: "{{ table_name_composite_pk }}"
+ hash_key_name: "NOT_{{ table_index }}"
+ hash_key_type: "{{ table_index_type }}"
+ range_key_name: "{{ range_index }}"
+ range_key_type: "{{ range_index_type }}"
+ indexes: "{{ local_indexes }}"
+ ignore_errors: yes
+ register: create_table
+
+ - name: Check results - Create table with composite PK with mismatching local indexes
+ assert:
+ that:
+ - create_table is failed
+
+ # ==============================================
+
+ - name: Create table with composite PK - check_mode
+ dynamodb_table:
+ state: present
+ name: "{{ table_name_composite_pk }}"
+ hash_key_name: "{{ table_index }}"
+ hash_key_type: "{{ table_index_type }}"
+ range_key_name: "{{ range_index }}"
+ range_key_type: "{{ range_index_type }}"
+ register: create_table
+ check_mode: True
+
+ - name: Check results - Create table with composite PK - check_mode
+ assert:
+ that:
+ - create_table is successful
+ - create_table is changed
+
+ - name: Create table with composite PK
+ dynamodb_table:
+ state: present
+ name: "{{ table_name_composite_pk }}"
+ hash_key_name: "{{ table_index }}"
+ hash_key_type: "{{ table_index_type }}"
+ range_key_name: "{{ range_index }}"
+ range_key_type: "{{ range_index_type }}"
+ register: create_table
+
+ - name: Check results - Create table with composite PK
+ assert:
+ that:
+ - create_table is successful
+ - create_table is changed
+ - '"hash_key_name" in create_table'
+ - '"hash_key_type" in create_table'
+ - '"indexes" in create_table'
+ - '"range_key_name" in create_table'
+ - '"range_key_type" in create_table'
+ - '"read_capacity" in create_table'
+ - '"region" in create_table'
+ - '"table_name" in create_table'
+ - '"table_status" in create_table'
+ - '"tags" in create_table'
+ - '"write_capacity" in create_table'
+ - create_table.hash_key_name == table_index
+ - create_table.hash_key_type == table_index_type
+ - create_table.range_key_name == range_index
+ - create_table.range_key_type == range_index_type
+ - create_table.indexes | length == 0
+ - create_table.read_capacity == 1
+ - create_table.table_name == table_name_composite_pk
+ - create_table.write_capacity == 1
+
+ - name: Create table with composite PK - idempotent - check_mode
+ dynamodb_table:
+ state: present
+ name: "{{ table_name_composite_pk }}"
+ hash_key_name: "{{ table_index }}"
+ hash_key_type: "{{ table_index_type }}"
+ range_key_name: "{{ range_index }}"
+ range_key_type: "{{ range_index_type }}"
+ register: create_table
+ check_mode: True
+
+ - name: Check results - Create table with composite PK - idempotent - check_mode
+ assert:
+ that:
+ - create_table is successful
+ - create_table is not changed
+
+ - name: Create table with composite PK - idempotent
+ dynamodb_table:
+ state: present
+ name: "{{ table_name_composite_pk }}"
+ hash_key_name: "{{ table_index }}"
+ hash_key_type: "{{ table_index_type }}"
+ range_key_name: "{{ range_index }}"
+ range_key_type: "{{ range_index_type }}"
+ register: create_table
+
+ - name: Check results - Create table with composite PK - idempotent
+ assert:
+ that:
+ - create_table is successful
+ - create_table is not changed
+ - '"hash_key_name" in create_table'
+ - '"hash_key_type" in create_table'
+ - '"indexes" in create_table'
+ - '"range_key_name" in create_table'
+ - '"range_key_type" in create_table'
+ - '"read_capacity" in create_table'
+ - '"region" in create_table'
+ - '"table_name" in create_table'
+ - '"table_status" in create_table'
+ - '"tags" in create_table'
+ - '"write_capacity" in create_table'
+ - create_table.hash_key_name == table_index
+ - create_table.hash_key_type == table_index_type
+ - create_table.range_key_name == range_index
+ - create_table.range_key_type == range_index_type
+ - create_table.indexes | length == 0
+ - create_table.read_capacity == 1
+ - create_table.table_name == table_name_composite_pk
+ - create_table.write_capacity == 1
+
+ # ==============================================
+
+ - name: Create table with composite PK and local indexes - check_mode
+ dynamodb_table:
+ state: present
+ name: "{{ table_name_composite_pk_local_indexes }}"
+ hash_key_name: "{{ table_index }}"
+ hash_key_type: "{{ table_index_type }}"
+ range_key_name: "{{ range_index }}"
+ range_key_type: "{{ range_index_type }}"
+ indexes: "{{ local_indexes }}"
+ register: create_table
+ check_mode: True
+
+ - name: Check results - Create table with composite PK and local indexes - check_mode
+ assert:
+ that:
+ - create_table is successful
+ - create_table is changed
+
+ - name: Create table with composite PK and local indexes
+ dynamodb_table:
+ state: present
+ name: "{{ table_name_composite_pk_local_indexes }}"
+ hash_key_name: "{{ table_index }}"
+ hash_key_type: "{{ table_index_type }}"
+ range_key_name: "{{ range_index }}"
+ range_key_type: "{{ range_index_type }}"
+ indexes: "{{ local_indexes }}"
+ register: create_table
+
+ - name: Check results - Create table with composite PK and local indexes
+ assert:
+ that:
+ - create_table is successful
+ - create_table is changed
+ - '"hash_key_name" in create_table'
+ - '"hash_key_type" in create_table'
+ - '"indexes" in create_table'
+ - '"range_key_name" in create_table'
+ - '"range_key_type" in create_table'
+ - '"read_capacity" in create_table'
+ - '"region" in create_table'
+ - '"table_name" in create_table'
+ - '"table_status" in create_table'
+ - '"tags" in create_table'
+ - '"write_capacity" in create_table'
+ - create_table.hash_key_name == table_index
+ - create_table.hash_key_type == table_index_type
+ - create_table.range_key_name == range_index
+ - create_table.range_key_type == range_index_type
+ - create_table.indexes | length == 3
+ - create_table.read_capacity == 1
+ - create_table.table_name == table_name_composite_pk_local_indexes
+ - create_table.write_capacity == 1
+
+ - name: Create table with composite PK and local indexes - idempotent - check_mode
+ dynamodb_table:
+ state: present
+ name: "{{ table_name_composite_pk_local_indexes }}"
+ hash_key_name: "{{ table_index }}"
+ hash_key_type: "{{ table_index_type }}"
+ range_key_name: "{{ range_index }}"
+ range_key_type: "{{ range_index_type }}"
+ indexes: "{{ local_indexes }}"
+ register: create_table
+ check_mode: True
+
+ - name: Check results - Create table with composite PK and local indexes - idempotent - check_mode
+ assert:
+ that:
+ - create_table is successful
+ - create_table is not changed
+
+ - name: Create table with composite PK and local indexes - idempotent
+ dynamodb_table:
+ state: present
+ name: "{{ table_name_composite_pk_local_indexes }}"
+ hash_key_name: "{{ table_index }}"
+ hash_key_type: "{{ table_index_type }}"
+ range_key_name: "{{ range_index }}"
+ range_key_type: "{{ range_index_type }}"
+ indexes: "{{ local_indexes }}"
+ register: create_table
+
+ - name: Check results - Create table with composite PK and local indexes - idempotent
+ assert:
+ that:
+ - create_table is successful
+ - create_table is not changed
+ - '"hash_key_name" in create_table'
+ - '"hash_key_type" in create_table'
+ - '"indexes" in create_table'
+ - '"range_key_name" in create_table'
+ - '"range_key_type" in create_table'
+ - '"read_capacity" in create_table'
+ - '"region" in create_table'
+ - '"table_name" in create_table'
+ - '"table_status" in create_table'
+ - '"tags" in create_table'
+ - '"write_capacity" in create_table'
+ - create_table.hash_key_name == table_index
+ - create_table.hash_key_type == table_index_type
+ - create_table.range_key_name == range_index
+ - create_table.range_key_type == range_index_type
+ - create_table.indexes | length == 3
+ - create_table.read_capacity == 1
+ - create_table.table_name == table_name_composite_pk_local_indexes
+ - create_table.write_capacity == 1
+
+ # ==============================================
- name: Tag table - check_mode
dynamodb_table:
@@ -488,14 +744,14 @@
- update_indexes is successful
- update_indexes is not changed
- - name: Update table add indexes - idempotent
+ - name: Update table add global indexes - idempotent
dynamodb_table:
state: present
name: "{{ table_name }}"
indexes: "{{ indexes }}"
register: update_indexes
- - name: Check results - Update table add indexes - idempotent
+ - name: Check results - Update table add global indexes - idempotent
assert:
that:
- update_indexes is successful
@@ -588,8 +844,6 @@
tags: "{{ tags_default }}"
indexes: "{{ indexes }}"
register: create_complex_table
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
check_mode: True
- name: Check results - Create complex table - check_mode
@@ -612,8 +866,6 @@
tags: "{{ tags_default }}"
indexes: "{{ indexes }}"
register: create_complex_table
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
- name: Check results - Create complex table
assert:
@@ -656,8 +908,6 @@
tags: "{{ tags_default }}"
indexes: "{{ indexes }}"
register: create_complex_table
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
check_mode: True
- name: Check results - Create complex table - idempotent - check_mode
@@ -680,8 +930,6 @@
tags: "{{ tags_default }}"
indexes: "{{ indexes }}"
register: create_complex_table
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
- name: Check results - Create complex table - idempotent
assert:
@@ -719,8 +967,6 @@
name: "{{ table_name }}"
table_class: "STANDARD"
register: update_class
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
check_mode: True
- name: Check results - Update table class - check_mode
@@ -734,8 +980,6 @@
state: present
name: "{{ table_name }}"
table_class: "STANDARD"
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
register: update_class
- name: Check results - Update table class
@@ -873,6 +1117,20 @@
wait: false
register: delete_table
+ - name: Delete provisoned table with composite key
+ dynamodb_table:
+ state: absent
+ name: "{{ table_name_composite_pk }}"
+ wait: false
+ register: delete_table
+
+ - name: Delete provisoned table with composite key and local indexes
+ dynamodb_table:
+ state: absent
+ name: "{{ table_name_composite_pk_local_indexes }}"
+ wait: false
+ register: delete_table
+
- name: Delete on-demand table
dynamodb_table:
state: absent
diff --git a/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/tasks/test_pay_per_request.yml b/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/tasks/test_pay_per_request.yml
index a05021154..b469a1b51 100644
--- a/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/tasks/test_pay_per_request.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/dynamodb_table/tasks/test_pay_per_request.yml
@@ -22,6 +22,7 @@
hash_key_name: "{{ table_index }}"
hash_key_type: "{{ table_index_type }}"
billing_mode: PAY_PER_REQUEST
+ wait_timeout: 450
register: create_table
- name: Check results - Create table
diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/aliases b/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/aliases
new file mode 100644
index 000000000..913237649
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/aliases
@@ -0,0 +1,9 @@
+# reason: missing-policy
+# To test Carrier Gateway in the VPC, the Wavelength subnet
+# group should be enabled on the AWS Account.
+unsupported
+
+cloud/aws
+
+ec2_carrier_gateway
+ec2_carrier_gateway_info
diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/defaults/main.yml
new file mode 100644
index 000000000..2e8c38f88
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+vpc_name: '{{ resource_prefix }}-ec2-vpc-cagw'
+cagw_name: '{{ resource_prefix }}-ec2-vpc-cagw'
diff --git a/ansible_collections/community/aws/tests/integration/targets/aws_region_info/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/meta/main.yml
index 32cf5dda7..32cf5dda7 100644
--- a/ansible_collections/community/aws/tests/integration/targets/aws_region_info/meta/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/meta/main.yml
diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/tasks/main.yml
new file mode 100644
index 000000000..4d005b90a
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/tasks/main.yml
@@ -0,0 +1,167 @@
+---
+- name: 'ec2_carrier_gateway integration tests'
+ collections:
+ - community.aws
+ module_defaults:
+ group/aws:
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
+ region: '{{ aws_region }}'
+ block:
+
+ # ============================================================
+ - debug: msg="Setting up test dependencies"
+
+ - name: create a VPC
+ ec2_vpc_net:
+ name: "{{ vpc_name }}-{{ item }}"
+ state: present
+ cidr_block: "{{ vpc_cidr }}"
+ tags:
+ Description: "Created by ansible-test for CAGW tests"
+ register: vpc_result
+ loop: [1]
+
+ - name: use set fact for vpc ids
+ set_fact:
+ vpc_id_1: '{{ vpc_result.results.0.vpc.id }}'
+
+ # ============================================================
+ - debug: msg="Running tests"
+
+ - name: create carrier gateway and attach it to vpc
+ ec2_carrier_gateway:
+ state: present
+ vpc_id: '{{ vpc_id_1 }}'
+ name: "{{ cagw_name }}"
+ register: cagw
+ check_mode: true
+
+ - name: use set fact for cagw ids
+ set_fact:
+ cagw_id: '{{ cagw.carrier_gateway_id }}'
+
+ - assert:
+ that:
+ - cagw.changed
+ - cagw.vpc_id == vpc_id_1
+ - cagw.tags.Name == cagw_name
+
+ - name: test idempotence
+ ec2_carrier_gateway:
+ state: present
+ vpc_id: '{{ vpc_id_1 }}'
+ name: "{{ cagw_name }}"
+ register: cagw
+ check_mode: true
+
+ - assert:
+ that:
+ - not cagw.changed
+ - cagw.carrier_gateway_id == cagw_id
+
+ # ============================================================
+
+ - name: get VPC CAGW facts by ID (CHECK)
+ ec2_carrier_gateway_info:
+ carrier_gateway_id: ['{{ cagw_id }}']
+ register: cagw_info
+ check_mode: True
+
+ - name: verify expected facts
+ vars:
+ cagw_details: '{{ cagw_info.carrier_gateways[0] }}'
+ assert:
+ that:
+ - cagw_info.carrier_gateways | length == 1
+ - '"carrier_gateway_id" in cagw_details'
+ - '"tags" in cagw_details'
+ - '"vpc_id" in cagw_details'
+ - cagw_details.carrier_gateway_id == cagw_id
+ - '"Name" in cagw_details.tags'
+ - cagw_details.tags.Name == cagw_name
+
+ - name: get VPC CAGW facts by Tag
+ ec2_carrier_gateway_info:
+ filters:
+ "tag:Name": "{{ cagw_name }}"
+ register: cagw_info
+
+ - name: verify expected facts
+ vars:
+ cagw_details: '{{ cagw_info.virtual_gateways[0] }}'
+ assert:
+ that:
+ - cagw_info.virtual_gateways | length == 1
+ - '"carrier_gateway_id" in cagw_details'
+ - '"state" in cagw_details'
+ - '"tags" in cagw_details'
+ - cagw_details.carrier_gateway_id == cagw_id
+ - '"Name" in cagw_details.tags'
+ - cagw_details.tags.Name == cagw_name
+
+
+ # ============================================================
+
+ - name: get all CAGWs
+ ec2_carrier_gateway_info:
+ register: cagw_info
+
+ - name: verify test CAGW is in the results
+ vars:
+ cagw_id_list: '{{ cagw_info.carrier_gateways | map(attribute="carrier_gateway_id") | list }}'
+ assert:
+ that:
+ - cagw_id in cagw_id_list
+
+ # ============================================================
+
+ - include_tasks: 'tags.yml'
+
+ # ============================================================
+
+ - name: delete carrier gateway
+ ec2_carrier_gateway:
+ state: absent
+ name: "{{ cagw_name }}"
+ register: cagw
+ check_mode: true
+
+ - assert:
+ that:
+ - cagw.changed
+
+ - name: test idempotence
+ ec2_carrier_gateway:
+ state: absent
+ name: "{{ cagw_name }}"
+ register: cagw
+ check_mode: true
+
+ - assert:
+ that:
+ - not cagw.changed
+
+ always:
+
+ - debug: msg="Removing test dependencies"
+
+ - name: delete carrier gateway
+ ec2_carrier_gateway:
+ state: absent
+ carrier_gateway_id: '{{ cagw.carrier_gateway_id }}'
+ ignore_errors: true
+ check_mode: true
+
+ - name: delete vpc
+ ec2_vpc_net:
+ name: "{{ vpc_name }}-{{ item }}"
+ state: absent
+ cidr_block: "{{ vpc_cidr }}"
+ loop: [1, 2]
+ register: result
+ retries: 10
+ delay: 5
+ until: result is not failed
+ ignore_errors: true
diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/tasks/tags.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/tasks/tags.yml
new file mode 100644
index 000000000..07104daa7
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/ec2_carrier_gateway/tasks/tags.yml
@@ -0,0 +1,224 @@
+- vars:
+ first_tags:
+ 'Key with Spaces': Value with spaces
+ CamelCaseKey: CamelCaseValue
+ pascalCaseKey: pascalCaseValue
+ snake_case_key: snake_case_value
+ second_tags:
+ 'New Key with Spaces': Value with spaces
+ NewCamelCaseKey: CamelCaseValue
+ newPascalCaseKey: pascalCaseValue
+ new_snake_case_key: snake_case_value
+ third_tags:
+ 'Key with Spaces': Value with spaces
+ CamelCaseKey: CamelCaseValue
+ pascalCaseKey: pascalCaseValue
+ snake_case_key: snake_case_value
+ 'New Key with Spaces': Updated Value with spaces
+ final_tags:
+ 'Key with Spaces': Value with spaces
+ CamelCaseKey: CamelCaseValue
+ pascalCaseKey: pascalCaseValue
+ snake_case_key: snake_case_value
+ 'New Key with Spaces': Updated Value with spaces
+ NewCamelCaseKey: CamelCaseValue
+ newPascalCaseKey: pascalCaseValue
+ new_snake_case_key: snake_case_value
+ name_tags:
+ Name: '{{ cagw_name }}'
+ module_defaults:
+ ec2_carrier_gateway:
+ name: '{{ cagw_name }}'
+ ec2_carrier_gateway_info:
+ vpn_gateway_ids: ['{{ cagw_id }}']
+ block:
+
+ # ============================================================
+
+ - name: add tags
+ ec2_carrier_gateway:
+ tags: '{{ first_tags }}'
+ state: 'present'
+ register: tag_cagw
+ check_mode: true
+
+ - name: get VPC CAGW facts
+ ec2_carrier_gateway_info: {}
+ register: tag_cagw_info
+
+ - name: verify the tags were added
+ assert:
+ that:
+ - tag_cagw is changed
+ - tag_cagw.carrier_gateway_id == cagw_id
+ - tag_cagw_info.carrier_gateways[0].carrier_gateway_id == cagw_id
+ - tag_cagw_info.carrier_gateways[0].tags == ( first_tags | combine(name_tags) )
+
+ - name: add tags - IDEMPOTENCY
+ ec2_carrier_gateway:
+ tags: '{{ first_tags }}'
+ state: 'present'
+ register: tag_cagw
+ check_mode: true
+ - name: get VPC CAGW facts
+ ec2_carrier_gateway_info: {}
+ register: tag_carrier_gateway_info
+
+ - name: verify no change
+ assert:
+ that:
+ - tag_cagw is not changed
+ - tag_cagw.carrier_gateway_id == cagw_id
+ - tag_cagw_info.carrier_gateways[0].carrier_gateway_id == cagw_id
+ - tag_cagw_info.carrier_gateways[0].tags == ( first_tags | combine(name_tags) )
+
+ # ============================================================
+
+ - name: get VPC CAGW facts by filter
+ ec2_carrier_gateway_info:
+ filters:
+ 'tag:Name': '{{ cagw_name }}'
+ vpn_gateway_ids: '{{ omit }}'
+ register: tag_cagw_info
+
+ - name: assert the facts are the same as before
+ assert:
+ that:
+ - tag_cagw_info.carrier_gateways | length == 1
+ - tag_cagw.carrier_gateway_id == cagw_id
+ - tag_cagw_info.carrier_gateways[0].carrier_gateway_id == cagw_id
+
+ # ============================================================
+
+ - name: modify tags with purge
+ ec2_carrier_gateway:
+ tags: '{{ second_tags }}'
+ state: 'present'
+ register: tag_cagw
+ check_mode: true
+ - name: get VPC CAGW facts
+ ec2_carrier_gateway_info:
+ register: tag_cagw_info
+
+ - name: verify the tags were added
+ assert:
+ that:
+ - tag_cagw is changed
+ - tag_cagw.carrier_gateway_id == cagw_id
+ - tag_cagw_info.carrier_gateways[0].carrier_gateway_id == cagw_id
+ - tag_cagw_info.carrier_gateways[0].tags == ( second_tags | combine(name_tags) )
+
+ - name: modify tags with purge - IDEMPOTENCY
+ ec2_carrier_gateway:
+ tags: '{{ second_tags }}'
+ state: 'present'
+ register: tag_cagw
+ check_mode: true
+ - name: get VPC CAGW facts
+ ec2_carrier_gateway_info:
+ register: tag_cagw_info
+
+ - name: verify no change
+ assert:
+ that:
+ - tag_cagw is not changed
+ - tag_cagw.carrier_gateway_id == cagw_id
+ - tag_cagw_info.carrier_gateways[0].carrier_gateway_id == cagw_id
+ - tag_cagw_info.carrier_gateways[0].tags == ( second_tags | combine(name_tags) )
+
+ # ============================================================
+
+ - name: modify tags without purge
+ ec2_carrier_gateway:
+ tags: '{{ third_tags }}'
+ state: 'present'
+ purge_tags: False
+ register: tag_cagw
+ check_mode: true
+ - name: get VPC CAGW facts
+ ec2_carrier_gateway_info:
+ register: tag_cagw_info
+
+ - name: verify the tags were added
+ assert:
+ that:
+ - tag_cagw is changed
+ - tag_cagw.carrier_gateway_id == cagw_id
+ - tag_cagw_info.carrier_gateways[0].carrier_gateway_id == cagw_id
+ - tag_cagw_info.carrier_gateways[0].tags == ( final_tags | combine(name_tags) )
+
+ - name: modify tags without purge - IDEMPOTENCY
+ ec2_carrier_gateway:
+ tags: '{{ third_tags }}'
+ state: 'present'
+ purge_tags: False
+ register: tag_cagw
+ check_mode: true
+ - name: get VPC CAGW facts
+ ec2_carrier_gateway_info:
+ register: tag_cagw_info
+
+ - name: verify no change
+ assert:
+ that:
+ - tag_cagw is not changed
+ - tag_cagw.carrier_gateway_id == cagw_id
+ - tag_cagw_info.carrier_gateways[0].carrier_gateway_id == cagw_id
+ - tag_cagw_info.carrier_gateways[0].tags == ( final_tags | combine(name_tags) )
+
+ # ============================================================
+
+ - name: No change to tags without setting tags
+ ec2_carrier_gateway:
+ state: 'present'
+ register: tag_cagw
+ check_mode: true
+ - name: get VPC CAGW facts
+ ec2_carrier_gateway_info:
+ register: tag_cagw_info
+
+ - name: verify the tags were added
+ assert:
+ that:
+ - tag_cagw is not changed
+ - tag_cagw.carrier_gateway_id == cagw_id
+ - tag_cagw_info.carrier_gateways[0].carrier_gateway_id == cagw_id
+ - tag_cagw_info.carrier_gateways[0].tags == ( final_tags | combine(name_tags) )
+
+ # ============================================================
+
+ - name: remove non name tags
+ ec2_carrier_gateway:
+ tags: {}
+ state: 'present'
+ register: tag_cagw
+ check_mode: true
+ - name: get VPC CAGW facts
+ ec2_carrier_gateway_info:
+ register: tag_cagw_info
+
+ - name: verify the tags were added
+ assert:
+ that:
+ - tag_cagw is changed
+ - tag_cagw.carrier_gateway_id == cagw_id
+ - tag_cagw_info.carrier_gateways[0].carrier_gateway_id == cagw_id
+ - tag_cagw_info.carrier_gateways[0].tags == name_tags
+
+ - name: remove non name tags - IDEMPOTENCY
+ ec2_carrier_gateway:
+ tags: {}
+ state: 'present'
+ register: tag_cagw
+ check_mode: true
+ - name: get VPC CAGW facts
+ ec2_carrier_gateway_info:
+ register: tag_cagw_info
+
+ - name: verify no change
+ assert:
+ that:
+ - tag_cagw is not changed
+ - tag_cagw.carrier_gateway_id == cagw_id
+ - tag_cagw_info.carrier_gateways[0].carrier_gateway_id == cagw_id
+ - tag_cagw_info.carrier_gateways[0].tags == name_tags
diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/meta/main.yml
index ca18dd30f..1471b11f6 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/meta/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/meta/main.yml
@@ -1,5 +1,2 @@
dependencies:
- setup_ec2_facts
- - role: setup_botocore_pip
- vars:
- botocore_version: "1.23.30"
diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/instance-metadata.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/instance-metadata.yml
index afe907f4f..7648f00ef 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/instance-metadata.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/instance-metadata.yml
@@ -1,53 +1,5 @@
---
-- name: test with older boto3 version that does not support instance_metadata_tags
- block:
- - name: fail metadata_options
- ec2_launch_template:
- name: "{{ resource_prefix }}-test-metadata"
- metadata_options:
- http_put_response_hop_limit: 1
- http_tokens: required
- http_protocol_ipv6: enabled
- instance_metadata_tags: enabled
- state: present
- register: metadata_options_launch_template
- ignore_errors: yes
- - name: verify fail with usefull error message
- assert:
- that:
- - metadata_options_launch_template.failed
- - metadata_options_launch_template is not changed
- - "'This is required to set instance_metadata_tags' in metadata_options_launch_template.msg"
-
- - name: success metadata_options
- ec2_launch_template:
- name: "{{ resource_prefix }}-test-metadata"
- metadata_options:
- http_put_response_hop_limit: 1
- http_tokens: required
- state: present
- register: metadata_options_launch_template
- - name: instance with metadata_options created with the right options
- assert:
- that:
- - metadata_options_launch_template is changed
- - "metadata_options_launch_template.latest_template.launch_template_data.metadata_options.http_put_response_hop_limit == 1"
- - "metadata_options_launch_template.latest_template.launch_template_data.metadata_options.http_tokens == 'required'"
- - "metadata_options_launch_template.latest_template.launch_template_data.metadata_options.http_protocol_ipv6 is not defined"
- - "metadata_options_launch_template.latest_template.launch_template_data.metadata_options.instance_metadata_tags is not defined"
- always:
- - name: delete the template
- ec2_launch_template:
- name: "{{ resource_prefix }}-test-metadata"
- state: absent
- register: del_lt
- retries: 10
- until: del_lt is not failed
- ignore_errors: true
-
-- name: test with boto3 version that supports instance_metadata_tags
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
+- name: instance_metadata_tags
block:
- name: metadata_options
ec2_launch_template:
diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/main.yml
index aa87871ce..e89dfceb5 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/main.yml
@@ -1,9 +1,9 @@
---
- module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:
- include_tasks: cpu_options.yml
diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/tags_and_vpc_settings.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/tags_and_vpc_settings.yml
index 026c59907..41ff9082b 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/tags_and_vpc_settings.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/ec2_launch_template/tasks/tags_and_vpc_settings.yml
@@ -31,7 +31,7 @@
register: testing_subnet_b
- name: create a security group with the vpc
- ec2_group:
+ ec2_security_group:
name: "{{ resource_prefix }}-sg"
description: a security group for ansible tests
vpc_id: "{{ testing_vpc.vpc.id }}"
@@ -164,7 +164,7 @@
always:
- name: remove the security group
- ec2_group:
+ ec2_security_group:
name: "{{ resource_prefix }}-sg"
description: a security group for ansible tests
vpc_id: "{{ testing_vpc.vpc.id }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/env_cleanup.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/env_cleanup.yml
index 9e5ae6a93..ce626b69c 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/env_cleanup.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/env_cleanup.yml
@@ -24,7 +24,7 @@
retries: 10
- name: remove the security group
- ec2_group:
+ ec2_security_group:
name: "{{ resource_prefix }}-sg"
description: a security group for ansible tests
vpc_id: "{{ testing_vpc.vpc.id }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/env_setup.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/env_setup.yml
index 88f5bb6fe..d48bae66c 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/env_setup.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/env_setup.yml
@@ -48,7 +48,7 @@
- "{{ testing_subnet_b.subnet.id }}"
- name: create a security group with the vpc
- ec2_group:
+ ec2_security_group:
name: "{{ resource_prefix }}-sg"
description: a security group for ansible tests
vpc_id: "{{ testing_vpc.vpc.id }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/main.yml
index 91fd9497c..10695571e 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/ec2_placement_group/tasks/main.yml
@@ -1,9 +1,9 @@
- name: run ec2_placement_group tests
module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
collections:
- amazon.aws
@@ -25,7 +25,7 @@
- assert:
that:
- pg_1_create_check_mode is changed
- - pg_1_create_check_mode.placement_group.name == '{{ resource_prefix }}-pg1'
+ - pg_1_create_check_mode.placement_group.name == resource_prefix ~ '-pg1'
- pg_1_create_check_mode.placement_group.state == "DryRun"
- '"ec2:CreatePlacementGroup" in pg_1_create_check_mode.resource_actions'
@@ -41,7 +41,7 @@
- assert:
that:
- pg_1_create is changed
- - pg_1_create.placement_group.name == '{{ resource_prefix }}-pg1'
+ - pg_1_create.placement_group.name == resource_prefix ~ '-pg1'
- pg_1_create.placement_group.state == "available"
- '"ec2:CreatePlacementGroup" in pg_1_create.resource_actions'
@@ -54,7 +54,7 @@
- assert:
that:
- pg_1_info_result is not changed
- - pg_1_info_result.placement_groups[0].name == '{{ resource_prefix }}-pg1'
+ - pg_1_info_result.placement_groups[0].name == resource_prefix ~ '-pg1'
- pg_1_info_result.placement_groups[0].state == "available"
- pg_1_info_result.placement_groups[0].strategy == "cluster"
- '"ec2:DescribePlacementGroups" in pg_1_info_result.resource_actions'
@@ -68,7 +68,7 @@
- assert:
that:
- pg_1_create is not changed
- - pg_1_create.placement_group.name == '{{ resource_prefix }}-pg1'
+ - pg_1_create.placement_group.name == resource_prefix ~ '-pg1'
- pg_1_create.placement_group.state == "available"
- '"ec2:CreatePlacementGroup" not in pg_1_create.resource_actions'
@@ -82,7 +82,7 @@
- assert:
that:
- pg_1_create_check_mode_idem is not changed
- - pg_1_create_check_mode_idem.placement_group.name == '{{ resource_prefix }}-pg1'
+ - pg_1_create_check_mode_idem.placement_group.name == resource_prefix ~ '-pg1'
- pg_1_create_check_mode_idem.placement_group.state == "available"
- '"ec2:CreatePlacementGroup" not in pg_1_create_check_mode_idem.resource_actions'
@@ -97,7 +97,7 @@
- assert:
that:
- pg_2_create_check_mode is changed
- - pg_2_create_check_mode.placement_group.name == '{{ resource_prefix }}-pg2'
+ - pg_2_create_check_mode.placement_group.name == resource_prefix ~ '-pg2'
- pg_2_create_check_mode.placement_group.state == "DryRun"
- '"ec2:CreatePlacementGroup" in pg_2_create_check_mode.resource_actions'
@@ -111,7 +111,7 @@
- assert:
that:
- pg_2_create is changed
- - pg_2_create.placement_group.name == '{{ resource_prefix }}-pg2'
+ - pg_2_create.placement_group.name == resource_prefix ~ '-pg2'
- pg_2_create.placement_group.state == "available"
- '"ec2:CreatePlacementGroup" in pg_2_create.resource_actions'
@@ -127,7 +127,7 @@
- assert:
that:
- pg_2_info_result is not changed
- - pg_2_info_result.placement_groups[0].name == '{{ resource_prefix }}-pg2'
+ - pg_2_info_result.placement_groups[0].name == resource_prefix ~ '-pg2'
- pg_2_info_result.placement_groups[0].state == "available"
- pg_2_info_result.placement_groups[0].strategy == "spread"
- '"ec2:DescribePlacementGroups" in pg_2_info_result.resource_actions'
@@ -142,7 +142,7 @@
- assert:
that:
- pg_2_create is not changed
- - pg_2_create.placement_group.name == '{{ resource_prefix }}-pg2'
+ - pg_2_create.placement_group.name == resource_prefix ~ '-pg2'
- pg_2_create.placement_group.state == "available"
- '"ec2:CreatePlacementGroup" not in pg_2_create.resource_actions'
@@ -157,7 +157,7 @@
- assert:
that:
- pg_2_create_check_mode_idem is not changed
- - pg_2_create_check_mode_idem.placement_group.name == '{{ resource_prefix }}-pg2'
+ - pg_2_create_check_mode_idem.placement_group.name == resource_prefix ~ '-pg2'
- pg_2_create_check_mode_idem.placement_group.state == "available"
- '"ec2:CreatePlacementGroup" not in pg_2_create_check_mode_idem.resource_actions'
@@ -173,7 +173,7 @@
- assert:
that:
- pg_3_create_check_mode is changed
- - pg_3_create_check_mode.placement_group.name == '{{ resource_prefix }}-pg3'
+ - pg_3_create_check_mode.placement_group.name == resource_prefix ~ '-pg3'
- pg_3_create_check_mode.placement_group.state == "DryRun"
- '"ec2:CreatePlacementGroup" in pg_3_create_check_mode.resource_actions'
@@ -188,7 +188,7 @@
- assert:
that:
- pg_3_create is changed
- - pg_3_create.placement_group.name == '{{ resource_prefix }}-pg3'
+ - pg_3_create.placement_group.name == resource_prefix ~ '-pg3'
- pg_3_create.placement_group.state == "available"
- '"ec2:CreatePlacementGroup" in pg_3_create.resource_actions'
@@ -205,7 +205,7 @@
- assert:
that:
- pg_3_info_result is not changed
- - pg_3_info_result.placement_groups[0].name == '{{ resource_prefix }}-pg3'
+ - pg_3_info_result.placement_groups[0].name == resource_prefix ~ '-pg3'
- pg_3_info_result.placement_groups[0].state == "available"
- pg_3_info_result.placement_groups[0].strategy == "partition"
- '"ec2:DescribePlacementGroups" in pg_3_info_result.resource_actions'
@@ -221,7 +221,7 @@
- assert:
that:
- pg_3_create is not changed
- - pg_3_create.placement_group.name == '{{ resource_prefix }}-pg3'
+ - pg_3_create.placement_group.name == resource_prefix ~ '-pg3'
- pg_3_create.placement_group.state == "available"
- '"ec2:CreatePlacementGroup" not in pg_3_create.resource_actions'
@@ -237,7 +237,7 @@
- assert:
that:
- pg_3_create_check_mode_idem is not changed
- - pg_3_create_check_mode_idem.placement_group.name == '{{ resource_prefix }}-pg3'
+ - pg_3_create_check_mode_idem.placement_group.name == resource_prefix ~ '-pg3'
- pg_3_create_check_mode_idem.placement_group.state == "available"
- '"ec2:CreatePlacementGroup" not in pg_3_create_check_mode_idem.resource_actions'
diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_transit_gateway/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_transit_gateway/tasks/main.yml
index 6cb279f77..c7353cfc0 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ec2_transit_gateway/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/ec2_transit_gateway/tasks/main.yml
@@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_transit_gateway_vpc_attachment/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_transit_gateway_vpc_attachment/tasks/main.yml
index 8694b829e..ce9659473 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ec2_transit_gateway_vpc_attachment/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/ec2_transit_gateway_vpc_attachment/tasks/main.yml
@@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_egress_igw/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_egress_igw/tasks/main.yml
index 41540b8d4..75fff0e4e 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_egress_igw/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_egress_igw/tasks/main.yml
@@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_nacl/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_nacl/tasks/main.yml
index e1538049a..36c7ab2d8 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_nacl/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_nacl/tasks/main.yml
@@ -1,9 +1,9 @@
---
- module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
collections:
- amazon.aws
diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_peer/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_peer/tasks/main.yml
index cdb7c6680..b39b69b74 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_peer/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_peer/tasks/main.yml
@@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:
- name: get ARN of calling user
diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_vgw/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_vgw/tasks/main.yml
index 37bbf5e37..f5a850a71 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_vgw/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_vgw/tasks/main.yml
@@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
diff --git a/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_vpn/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_vpn/tasks/main.yml
index a4c740887..9514d7cf3 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_vpn/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/ec2_vpc_vpn/tasks/main.yml
@@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
@@ -35,7 +35,63 @@
name: testcgw
register: cgw
- - name: create vpn connection, with customer gateway
+ - name: create transit gateway
+ ec2_transit_gateway:
+ description: "Transit Gateway for vpn attachment"
+ register: tgw
+
+ - name: create vpn connection, with customer gateway, vpn_gateway_id and transit_gateway
+ ec2_vpc_vpn:
+ customer_gateway_id: '{{ cgw.gateway.customer_gateway.customer_gateway_id }}'
+ vpn_gateway_id: '{{ vgw.vgw.id }}'
+ transit_gateway_id: '{{ tgw.transit_gateway.transit_gateway_id }}'
+ state: present
+ register: result
+ ignore_errors: true
+
+ - name: assert creation of vpn failed
+ assert:
+ that:
+ - result is failed
+ - result.msg == "parameters are mutually exclusive: vpn_gateway_id|transit_gateway_id"
+
+
+ - name: create vpn connection, with customer gateway and transit_gateway
+ ec2_vpc_vpn:
+ customer_gateway_id: '{{ cgw.gateway.customer_gateway.customer_gateway_id }}'
+ transit_gateway_id: '{{ tgw.transit_gateway.transit_gateway_id }}'
+ state: present
+ register: tgw_vpn
+
+ - name: Store ID of VPN
+ set_fact:
+ vpn_id: '{{ tgw_vpn.vpn_connection_id }}'
+
+ # ============================================================
+ - name: test success with no parameters
+ ec2_vpc_vpn_info:
+ register: result
+
+ - name: assert success with no parameters
+ assert:
+ that:
+ - 'result.changed == false'
+ - 'result.vpn_connections != []'
+ # ============================================================
+
+ - name: Delete vpn created with transit gateway
+ ec2_vpc_vpn:
+ state: absent
+ vpn_connection_id: '{{ vpn_id }}'
+ register: result
+ retries: 10
+ delay: 3
+ until: result is not failed
+ ignore_errors: true
+
+ # ============================================================
+
+ - name: create vpn connection, with customer gateway and vpn gateway
ec2_vpc_vpn:
customer_gateway_id: '{{ cgw.gateway.customer_gateway.customer_gateway_id }}'
vpn_gateway_id: '{{ vgw.vgw.id }}'
@@ -47,6 +103,7 @@
vpn_id: '{{ vpn.vpn_connection_id }}'
# ============================================================
+
- name: test success with no parameters
ec2_vpc_vpn_info:
register: result
@@ -163,3 +220,9 @@
delay: 3
until: result is not failed
ignore_errors: true
+
+ - name: delete transit gateway
+ ec2_transit_gateway:
+ transit_gateway_id: '{{ tgw.transit_gateway.transit_gateway_id }}'
+ state: absent
+ ignore_errors: true
diff --git a/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/meta/main.yml
index 7f42526eb..32cf5dda7 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/meta/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/meta/main.yml
@@ -1,4 +1 @@
-dependencies:
- - role: setup_botocore_pip
- vars:
- botocore_version: "1.24.14"
+dependencies: []
diff --git a/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/01_create_requirements.yml b/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/01_create_requirements.yml
index 31ca3cf27..14c1b6337 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/01_create_requirements.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/01_create_requirements.yml
@@ -72,7 +72,7 @@
register: igw
- name: create a security group to use for creating an ec2 instance
- ec2_group:
+ ec2_security_group:
name: '{{ resource_prefix }}_ecs_cluster-sg'
description: 'created by Ansible integration tests'
state: present
@@ -86,9 +86,9 @@
# As a lookup plugin we don't have access to module_defaults
connection_args:
region: "{{ aws_region }}"
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- aws_security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
no_log: True
- name: set image id fact
diff --git a/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/20_ecs_service.yml b/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/20_ecs_service.yml
index 4e0620555..3c4bbcb28 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/20_ecs_service.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/20_ecs_service.yml
@@ -86,8 +86,6 @@
- not ecs_service_again.changed
- name: create same ECS service definition via force_new_deployment
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
ecs_service:
state: present
force_new_deployment: true
@@ -113,8 +111,6 @@
- ecs_service_again.changed
- name: force_new_deployment should work without providing a task_definition
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
ecs_service:
state: present
force_new_deployment: yes
@@ -139,8 +135,6 @@
- ecs_service_notaskdef.changed
- name: attempt to use ECS network configuration on task definition without awsvpc network_mode (expected to fail)
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
ecs_service:
state: present
name: "{{ ecs_service_name }}3"
@@ -166,8 +160,6 @@
- ecs_service_network_without_awsvpc_task is failed
- name: scale down ECS service
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
ecs_service:
state: present
name: "{{ ecs_service_name }}"
@@ -191,8 +183,6 @@
- ecs_service_scale_down.service.desiredCount == 0
- name: scale down ECS service again
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
ecs_service:
state: present
name: "{{ ecs_service_name }}"
@@ -228,8 +218,6 @@
- ecs_task_update.changed
- name: Enable ExecuteCommand
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
ecs_service:
state: present
name: "{{ ecs_service_name }}"
@@ -315,8 +303,6 @@
- "ecs_taskdefinition_info.network_mode == 'awsvpc'"
- name: create ECS service definition with network configuration
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
ecs_service:
state: present
name: "{{ ecs_service_name }}2"
@@ -344,8 +330,6 @@
- "create_ecs_service_with_vpc.service.networkConfiguration.awsvpcConfiguration.securityGroups|length == 1"
- name: create ecs_service using health_check_grace_period_seconds
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
ecs_service:
name: "{{ ecs_service_name }}-mft"
cluster: "{{ ecs_cluster_name }}"
@@ -364,11 +348,9 @@
assert:
that:
- ecs_service_creation_hcgp.changed
- - "{{ecs_service_creation_hcgp.service.healthCheckGracePeriodSeconds}} == 30"
+ - ecs_service_creation_hcgp.service.healthCheckGracePeriodSeconds == 30
- name: update ecs_service using health_check_grace_period_seconds
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
ecs_service:
name: "{{ ecs_service_name }}-mft"
cluster: "{{ ecs_cluster_name }}"
@@ -386,11 +368,9 @@
assert:
that:
- ecs_service_creation_hcgp2.changed
- - "{{ecs_service_creation_hcgp2.service.healthCheckGracePeriodSeconds}} == 10"
+ - ecs_service_creation_hcgp2.service.healthCheckGracePeriodSeconds == 10
- name: update ecs_service using REPLICA scheduling_strategy
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
ecs_service:
name: "{{ ecs_service_name }}-replica"
cluster: "{{ ecs_cluster_name }}"
@@ -473,8 +453,8 @@
assert:
that:
- ecs_task_definition_constraints is changed
- - ecs_task_definition_constraints.taskdefinition.placementConstraints[0].type == "{{ ecs_taskdefinition_placement_constraints[0].type }}"
- - ecs_task_definition_constraints.taskdefinition.placementConstraints[0].expression == "{{ ecs_taskdefinition_placement_constraints[0].expression }}"
+ - ecs_task_definition_constraints.taskdefinition.placementConstraints[0].type == ecs_taskdefinition_placement_constraints[0].type
+ - ecs_task_definition_constraints.taskdefinition.placementConstraints[0].expression == ecs_taskdefinition_placement_constraints[0].expression
- name: Remove ecs task definition with placement constraints
ecs_taskdefinition:
@@ -517,8 +497,6 @@
- "ecs_service_create_no_load_balancer.service.loadBalancers | length == 0"
- name: Update ecs_service load balancer
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
ecs_service:
name: "{{ ecs_service_name }}-lb"
cluster: "{{ ecs_cluster_name }}"
@@ -541,8 +519,6 @@
- "ecs_service_update_load_balancer.service.loadBalancers[0].targetGroupArn == elb_target_group_instance.target_group_arn"
- name: Create ecs service with placement constraints
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
ecs_service:
name: "{{ ecs_service_name }}-constraint"
cluster: "{{ ecs_cluster_name }}"
@@ -593,8 +569,6 @@
until: "ECS.services[0].deployments[0].rolloutState == 'COMPLETED'"
- name: Update ecs service's placement constraints
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
ecs_service:
name: "{{ ecs_service_name }}-constraint"
cluster: "{{ ecs_cluster_name }}"
@@ -621,8 +595,6 @@
- "ecs_service_update_constraints.service.placementConstraints[0].expression == 'attribute:ecs.instance-type == t3.micro'"
- name: Remove ecs service's placement constraints
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
ecs_service:
name: "{{ ecs_service_name }}-constraint"
cluster: "{{ ecs_cluster_name }}"
@@ -645,8 +617,6 @@
- "ecs_service_remove_constraints.service.placementConstraints | length == 0"
- name: Create ecs service with placement strategy
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
ecs_service:
name: "{{ ecs_service_name }}-strategy"
cluster: "{{ ecs_cluster_name }}"
@@ -672,8 +642,6 @@
- "ecs_service_creation_strategy.service.placementStrategy[0].field == 'MEMORY'"
- name: Update ecs service's placement strategy
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
ecs_service:
name: "{{ ecs_service_name }}-strategy"
cluster: "{{ ecs_cluster_name }}"
@@ -700,8 +668,6 @@
- "ecs_service_update_strategy.service.placementStrategy[0].field == 'instanceId'"
- name: Remove ecs service's placement strategy
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
ecs_service:
name: "{{ ecs_service_name }}-strategy"
cluster: "{{ ecs_cluster_name }}"
@@ -942,6 +908,65 @@
started_by: ansible_user
register: fargate_run_task_output_with_assign_ip
+- name: create task definition for ARM
+ ecs_taskdefinition:
+ containers: "{{ ecs_fargate_task_containers }}"
+ family: "{{ ecs_task_name }}-arm"
+ network_mode: awsvpc
+ launch_type: FARGATE
+ cpu: 512
+ memory: 1024
+ execution_role_arn: "{{ iam_execution_role.arn }}"
+ state: present
+ runtime_platform:
+ cpuArchitecture: "ARM64"
+ operatingSystemFamily: "LINUX"
+ vars:
+ ecs_task_host_port: 8080
+ register: fargate_arm_task_definition
+
+- name: check that initial task definition for ARM changes
+ assert:
+ that:
+ - fargate_arm_task_definition.changed
+
+- name: recreate task definition for ARM
+ ecs_taskdefinition:
+ containers: "{{ ecs_fargate_task_containers }}"
+ family: "{{ ecs_task_name }}-arm"
+ network_mode: awsvpc
+ launch_type: FARGATE
+ cpu: 512
+ memory: 1024
+ execution_role_arn: "{{ iam_execution_role.arn }}"
+ state: present
+ runtime_platform:
+ cpuArchitecture: "ARM64"
+ operatingSystemFamily: "LINUX"
+ vars:
+ ecs_task_host_port: 8080
+ register: fargate_arm_task_definition_again
+
+- name: check that task definition for ARM does not change
+ assert:
+ that:
+ - not fargate_arm_task_definition_again.changed
+
+- name: delete task definition for ARM
+ ecs_taskdefinition:
+ containers: "{{ ecs_fargate_task_containers }}"
+ family: "{{ ecs_task_name }}-arm"
+ network_mode: awsvpc
+ launch_type: FARGATE
+ cpu: 512
+ memory: 1024
+ execution_role_arn: "{{ iam_execution_role.arn }}"
+ state: present
+ runtime_platform:
+ cpuArchitecture: "ARM64"
+ operatingSystemFamily: "LINUX"
+ vars:
+ ecs_task_host_port: 8080
# ============================================================
# End tests for Fargate
diff --git a/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/99_terminate_everything.yml b/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/99_terminate_everything.yml
index 7016f9e70..5d7ba5c72 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/99_terminate_everything.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/99_terminate_everything.yml
@@ -18,8 +18,6 @@
ignore_errors: true
- name: scale down ECS service
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
ecs_service:
state: present
name: "{{ ecs_service_name }}"
@@ -44,8 +42,6 @@
register: ecs_service_info
- name: scale down second ECS service
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
ecs_service:
state: present
name: "{{ ecs_service_name }}2"
@@ -62,8 +58,6 @@
register: ecs_service_scale_down
- name: scale down multifunction-test service
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
ecs_service:
name: "{{ ecs_service_name }}-mft"
cluster: "{{ ecs_cluster_name }}"
@@ -78,8 +72,6 @@
register: ecs_service_scale_down
- name: scale down scheduling_strategy service
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
ecs_service:
name: "{{ ecs_service_name }}-replica"
cluster: "{{ ecs_cluster_name }}"
@@ -94,8 +86,6 @@
register: ecs_service_scale_down
- name: scale down Fargate ECS service
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
ecs_service:
state: present
name: "{{ ecs_service_name }}4"
@@ -271,7 +261,7 @@
register: this_deletion
- name: remove security groups
- ec2_group:
+ ec2_security_group:
name: '{{ item }}'
description: 'created by Ansible integration tests'
state: absent
diff --git a/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/main.yml
index 1d27cdc73..12d3cb52b 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/ecs_cluster/tasks/main.yml
@@ -4,15 +4,15 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
- - include: 01_create_requirements.yml
- - include: 10_ecs_cluster.yml
- - include: 20_ecs_service.yml
+ - include_tasks: 01_create_requirements.yml
+ - include_tasks: 10_ecs_cluster.yml
+ - include_tasks: 20_ecs_service.yml
always:
- - include: 99_terminate_everything.yml
+ - include_tasks: 99_terminate_everything.yml
diff --git a/ansible_collections/community/aws/tests/integration/targets/ecs_ecr/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ecs_ecr/tasks/main.yml
index e0ce4f3f6..68750e06e 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ecs_ecr/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/ecs_ecr/tasks/main.yml
@@ -2,9 +2,9 @@
- module_defaults:
group/aws:
region: "{{ aws_region }}"
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
block:
- set_fact:
@@ -15,7 +15,7 @@
register: aws_caller_info
- name: create KMS key for testing
- aws_kms:
+ kms_key:
alias: "{{ resource_prefix }}-ecr"
description: a key used for testing ECR
state: present
@@ -597,7 +597,7 @@
- name: it should use the provided KMS key
assert:
that:
- - result.repository.encryptionConfiguration.kmsKey == '{{ kms_test_key.key_arn }}'
+ - result.repository.encryptionConfiguration.kmsKey == kms_test_key.key_arn
always:
@@ -607,6 +607,6 @@
state: absent
- name: Delete KMS key
- aws_kms:
+ kms_key:
key_id: '{{ kms_test_key.key_arn }}'
state: absent
diff --git a/ansible_collections/community/aws/tests/integration/targets/ecs_tag/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ecs_tag/tasks/main.yml
index fff9ee27d..2c5614eb8 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ecs_tag/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/ecs_tag/tasks/main.yml
@@ -1,9 +1,9 @@
- module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key | default(omit) }}'
- aws_secret_key: '{{ aws_secret_key | default(omit) }}'
- security_token: '{{ security_token | default(omit) }}'
- region: '{{ aws_region | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
+ region: '{{ aws_region }}'
collections:
- amazon.aws
block:
@@ -73,7 +73,7 @@
assert:
that:
- taglist.changed == true
- - taglist.added_tags.Name == "{{ resource_prefix }}"
+ - taglist.added_tags.Name == resource_prefix
- taglist.added_tags.another == "foobar"
- name: cluster tags - Add tags to cluster again
@@ -162,8 +162,8 @@
assert:
that:
- taglist.changed == true
- - taglist.added_tags.Name == "service-{{ resource_prefix }}"
- - taglist.tags.Name == "service-{{ resource_prefix }}"
+ - "taglist.added_tags.Name == 'service-' ~ resource_prefix"
+ - "taglist.tags.Name == 'service-' ~ resource_prefix"
- name: services tags - Add name tag again - see no change
ecs_tag:
@@ -179,7 +179,7 @@
assert:
that:
- taglist.changed == false
- - taglist.tags.Name == "service-{{ resource_prefix }}"
+ - "taglist.tags.Name == 'service-' ~ resource_prefix"
- name: service tags - remove service tags
ecs_tag:
@@ -215,8 +215,8 @@
assert:
that:
- taglist.changed == true
- - taglist.added_tags.Name == "task_definition-{{ resource_prefix }}"
- - taglist.tags.Name == "task_definition-{{ resource_prefix }}"
+ - "taglist.added_tags.Name == 'task_definition-' ~ resource_prefix"
+ - "taglist.tags.Name == 'task_definition-' ~ resource_prefix"
- name: task_definition tags - Add name tag again - see no change
ecs_tag:
@@ -232,7 +232,7 @@
assert:
that:
- taglist.changed == false
- - taglist.tags.Name == "task_definition-{{ resource_prefix }}"
+ - "taglist.tags.Name == 'task_definition-' ~ resource_prefix"
- name: task_definition tags - remove task_definition tags
ecs_tag:
diff --git a/ansible_collections/community/aws/tests/integration/targets/efs/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/efs/tasks/main.yml
index d2e9d4bee..bc23f3a11 100644
--- a/ansible_collections/community/aws/tests/integration/targets/efs/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/efs/tasks/main.yml
@@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
@@ -41,7 +41,7 @@
register: testing_subnet_b
- name: Get default security group id for vpc
- ec2_group_info:
+ ec2_security_group_info:
filters:
vpc-id: "{{ testing_vpc.vpc.id }}"
register: sg_facts
@@ -98,7 +98,7 @@
- efs_result.efs[0].mount_targets[1].security_groups[0] == vpc_default_sg_id
- assert:
- that: "{{efs_result_assertions}}"
+ that: efs_result_assertions
# ============================================================
- name: Get EFS by id
@@ -107,7 +107,7 @@
register: efs_result
- assert:
- that: "{{efs_result_assertions}}"
+ that: efs_result_assertions
# ============================================================
- name: Get EFS by tag
@@ -117,7 +117,7 @@
register: efs_result
- assert:
- that: "{{efs_result_assertions}}"
+ that: efs_result_assertions
# ============================================================
- name: Get EFS by target (subnet_id)
@@ -127,7 +127,7 @@
register: efs_result
- assert:
- that: "{{efs_result_assertions}}"
+ that: efs_result_assertions
# ============================================================
- name: Get EFS by target (security_group_id)
@@ -137,7 +137,7 @@
register: efs_result
- assert:
- that: "{{efs_result_assertions}}"
+ that: efs_result_assertions
# ============================================================
- name: Get EFS by tag and target
@@ -149,7 +149,7 @@
register: efs_result
- assert:
- that: "{{efs_result_assertions}}"
+ that: efs_result_assertions
# ============================================================
# Not checking efs_result.efs["throughput_mode"] here as
@@ -231,7 +231,7 @@
- efs_result.efs[0].file_system_id == created_efs.efs.file_system_id
- assert:
- that: "{{efs_result_assertions}}"
+ that: efs_result_assertions
# ============================================================
- name: Efs configure IA transition
@@ -332,9 +332,9 @@
efs_tag:
state: present
resource: "{{ created_efs.efs.file_system_id }}"
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: "{{ aws_region }}"
tags:
check_mode_tag: 'this tag should not be applied'
@@ -349,9 +349,9 @@
efs_tag:
state: present
resource: "{{ created_efs.efs.file_system_id }}"
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: "{{ aws_region }}"
tags:
"Title Case": 'Hello Cruel World'
@@ -366,7 +366,7 @@
- efs_tag_result.tags.Env is defined
- efs_tag_result.tags.Env is search("IntegrationTests")
- efs_tag_result.tags.Name is defined
- - efs_tag_result.tags.Name is search("{{ efs_name }}-test-tag")
+ - efs_tag_result.tags.Name is search(efs_name ~ '-test-tag')
- efs_tag_result.tags["CamelCase"] == 'SimpleCamelCase'
- efs_tag_result.tags["Title Case"] == 'Hello Cruel World'
- efs_tag_result.tags["lowercase spaced"] == 'hello cruel world'
@@ -377,9 +377,9 @@
efs_tag:
state: present
resource: "{{ created_efs.efs.file_system_id }}"
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: "{{ aws_region }}"
tags:
Env: IntegrationTests
@@ -394,9 +394,9 @@
efs_tag:
state: absent
resource: "{{ created_efs.efs.file_system_id }}"
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: "{{ aws_region }}"
tags:
snake_case: 'simple_snake_case'
@@ -412,9 +412,9 @@
efs_tag:
state: present
resource: "{{ created_efs.efs.file_system_id }}"
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: "{{ aws_region }}"
tags:
Env: OtherIntegrationTests
@@ -430,9 +430,9 @@
efs_tag:
state: present
resource: "{{ created_efs.efs.file_system_id }}"
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: "{{ aws_region }}"
tags:
Env: OtherIntegrationTests
@@ -448,9 +448,9 @@
efs_tag:
state: absent
resource: "{{ created_efs.efs.file_system_id }}"
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: "{{ aws_region }}"
tags:
"Title Case": 'Hello Cruel World'
@@ -464,7 +464,7 @@
- efs_tag_result.tags.Env is defined
- efs_tag_result.tags.Env is search("IntegrationTests")
- efs_tag_result.tags.Name is defined
- - efs_tag_result.tags.Name is search("{{ efs_name }}-test-tag")
+ - efs_tag_result.tags.Name is search(efs_name ~ '-test-tag')
- not efs_tag_result.tags["CamelCase"] is defined
- not efs_tag_result.tags["Title Case"] is defined
- not efs_tag_result.tags["lowercase spaced"] is defined
@@ -474,9 +474,9 @@
efs_tag:
state: absent
resource: "{{ created_efs.efs.file_system_id }}"
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: "{{ aws_region }}"
tags:
snake_case: 'simple_snake_case'
@@ -491,9 +491,9 @@
state: absent
resource: "{{ created_efs.efs.file_system_id }}"
region: "{{ aws_region }}"
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
tags: {}
purge_tags: true
register: efs_tag_result
diff --git a/ansible_collections/community/aws/tests/integration/targets/eks_cluster/tasks/full_test.yml b/ansible_collections/community/aws/tests/integration/targets/eks_cluster/tasks/full_test.yml
index e3aca2863..71cc1fc87 100644
--- a/ansible_collections/community/aws/tests/integration/targets/eks_cluster/tasks/full_test.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/eks_cluster/tasks/full_test.yml
@@ -4,12 +4,12 @@
# If us-west-1 does become supported, change this test to use an unsupported region
# or if all regions are supported, delete this test
- name: attempt to use eks in unsupported region
- aws_eks_cluster:
+ eks_cluster:
name: "{{ eks_cluster_name }}"
state: absent
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: us-west-1
register: aws_eks_unsupported_region
ignore_errors: yes
@@ -21,7 +21,7 @@
- '"msg" in aws_eks_unsupported_region'
- name: delete an as yet non-existent EKS cluster
- aws_eks_cluster:
+ eks_cluster:
name: "{{ eks_cluster_name }}"
state: absent
register: aws_eks_delete_non_existent
@@ -64,7 +64,7 @@
- "{{ eks_subnets }}"
- name: create security groups to use for EKS
- ec2_group:
+ ec2_security_group:
name: "{{ item.name }}"
description: "{{ item.description }}"
state: present
@@ -75,7 +75,7 @@
register: setup_security_groups
- name: create EKS cluster
- aws_eks_cluster:
+ eks_cluster:
name: "{{ eks_cluster_name }}"
security_groups: "{{ eks_security_groups | map(attribute='name') }}"
subnets: "{{ setup_subnets.results | map(attribute='subnet.id') }}"
@@ -93,7 +93,7 @@
- eks_create.tags.another == "foobar"
- name: create EKS cluster with same details but wait for it to become active
- aws_eks_cluster:
+ eks_cluster:
name: "{{ eks_cluster_name }}"
security_groups: "{{ eks_security_groups | map(attribute='name') }}"
subnets: "{{ setup_subnets.results | map(attribute='subnet.id') }}"
@@ -113,7 +113,7 @@
- eks_create.endpoint != ""
- name: create EKS cluster with same details but using SG ids
- aws_eks_cluster:
+ eks_cluster:
name: "{{ eks_cluster_name }}"
security_groups: "{{ setup_security_groups.results | map(attribute='group_id') }}"
subnets: "{{ setup_subnets.results | map(attribute='subnet.id') }}"
@@ -127,7 +127,7 @@
- eks_create.name == eks_cluster_name
- name: remove EKS cluster, waiting until complete
- aws_eks_cluster:
+ eks_cluster:
name: "{{ eks_cluster_name }}"
state: absent
wait: yes
@@ -139,7 +139,7 @@
- eks_delete is changed
- name: create EKS cluster with same details but wait for it to become active
- aws_eks_cluster:
+ eks_cluster:
name: "{{ eks_cluster_name }}"
security_groups: "{{ eks_security_groups | map(attribute='name') }}"
subnets: "{{ setup_subnets.results | map(attribute='subnet.id') }}"
@@ -154,7 +154,7 @@
- eks_create.name == eks_cluster_name
- name: remove EKS cluster, without waiting this time
- aws_eks_cluster:
+ eks_cluster:
name: "{{ eks_cluster_name }}"
state: absent
register: eks_delete
@@ -165,7 +165,7 @@
- eks_delete is changed
- name: create EKS cluster with short name
- aws_eks_cluster:
+ eks_cluster:
name: "{{ eks_cluster_short_name }}"
security_groups: "{{ eks_security_groups | map(attribute='name') }}"
subnets: "{{ setup_subnets.results | map(attribute='subnet.id') }}"
@@ -180,7 +180,7 @@
- eks_create is not failed
- name: remove EKS cluster with short name
- aws_eks_cluster:
+ eks_cluster:
name: "{{ eks_cluster_short_name }}"
state: absent
wait: yes
@@ -192,7 +192,7 @@
msg: "***** TESTING COMPLETE. COMMENCE TEARDOWN *****"
- name: remove EKS cluster
- aws_eks_cluster:
+ eks_cluster:
name: "{{ eks_cluster_name }}"
state: absent
wait: yes
@@ -200,7 +200,7 @@
ignore_errors: yes
- name: remove EKS cluster
- aws_eks_cluster:
+ eks_cluster:
name: "{{ eks_cluster_short_name }}"
state: absent
wait: yes
@@ -216,7 +216,7 @@
- name: "{{ eks_cluster_name }}-workers-sg"
- name: set all security group rule lists to empty to remove circular dependency
- ec2_group:
+ ec2_security_group:
name: "{{ item.name }}"
description: "{{ item.description }}"
state: present
@@ -229,7 +229,7 @@
ignore_errors: yes
- name: remove security groups
- ec2_group:
+ ec2_security_group:
name: '{{ item.name }}'
state: absent
vpc_id: '{{ setup_vpc.vpc.id }}'
diff --git a/ansible_collections/community/aws/tests/integration/targets/eks_cluster/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/eks_cluster/tasks/main.yml
index 61aa32cd1..0f414f56f 100644
--- a/ansible_collections/community/aws/tests/integration/targets/eks_cluster/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/eks_cluster/tasks/main.yml
@@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
- include_tasks: full_test.yml
diff --git a/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/cleanup_eks_cluster.yml b/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/cleanup_eks_cluster.yml
index d30761fa3..21adb30a8 100644
--- a/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/cleanup_eks_cluster.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/cleanup_eks_cluster.yml
@@ -5,7 +5,7 @@
ignore_errors: true
- name: remove EKS cluster
- aws_eks_cluster:
+ eks_cluster:
name: '{{ eks_cluster_name }}'
state: absent
wait: 'yes'
@@ -17,7 +17,7 @@
- name: '{{ eks_cluster_name }}-workers-sg'
- name: set all security group rule lists to empty to remove circular dependency
- ec2_group:
+ ec2_security_group:
name: '{{ item.name }}'
description: '{{ item.description }}'
state: present
@@ -30,7 +30,7 @@
ignore_errors: 'yes'
- name: remove security groups
- ec2_group:
+ ec2_security_group:
name: '{{ item.name }}'
state: absent
vpc_id: '{{ setup_vpc.vpc.id }}'
diff --git a/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/create_eks_cluster.yml b/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/create_eks_cluster.yml
index d5affa5b5..48fbbef80 100644
--- a/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/create_eks_cluster.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/create_eks_cluster.yml
@@ -72,7 +72,7 @@
register: nat_route_table
- name: create security groups to use for EKS
- ec2_group:
+ ec2_security_group:
name: '{{ item.name }}'
description: '{{ item.description }}'
state: present
@@ -83,7 +83,7 @@
register: setup_security_groups
- name: create EKS cluster
- aws_eks_cluster:
+ eks_cluster:
name: '{{ eks_cluster_name }}'
security_groups: '{{ eks_security_groups | map(attribute=''name'') }}'
subnets: '{{ setup_subnets.results | map(attribute=''subnet.id'') }}'
@@ -94,4 +94,4 @@
- name: check that EKS cluster was created
assert:
that:
- - eks_create.name == eks_cluster_name \ No newline at end of file
+ - eks_create.name == eks_cluster_name
diff --git a/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/main.yaml b/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/main.yaml
index 77298dc81..d6606e3db 100644
--- a/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/main.yaml
+++ b/ansible_collections/community/aws/tests/integration/targets/eks_fargate_profile/tasks/main.yaml
@@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
- include_tasks: create_eks_cluster.yml
diff --git a/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/aliases b/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/aliases
index 0b84301d7..1809e989b 100644
--- a/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/aliases
+++ b/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/aliases
@@ -1 +1,2 @@
-cloud/aws \ No newline at end of file
+cloud/aws
+time=30m
diff --git a/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/cleanup.yml b/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/cleanup.yml
index ff841f0f5..8bdb5bad4 100644
--- a/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/cleanup.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/cleanup.yml
@@ -5,7 +5,7 @@
ignore_errors: yes
- name: remove EKS cluster
- aws_eks_cluster:
+ eks_cluster:
name: '{{ eks_cluster_name }}'
state: absent
wait: 'yes'
@@ -17,7 +17,7 @@
- name: '{{ eks_cluster_name }}-workers-sg'
- name: set all security group rule lists to empty to remove circular dependency
- ec2_group:
+ ec2_security_group:
name: '{{ item.name }}'
description: '{{ item.description }}'
state: present
@@ -30,7 +30,7 @@
ignore_errors: 'yes'
- name: remove security groups
- ec2_group:
+ ec2_security_group:
name: '{{ item.name }}'
state: absent
vpc_id: '{{ setup_vpc.vpc.id }}'
@@ -74,10 +74,10 @@
state: absent
vpc_id: '{{ setup_vpc.vpc.id}}'
ignore_errors: 'yes'
-
+
- name: remove setup VPC
ec2_vpc_net:
cidr_block: 10.0.0.0/16
state: absent
name: '{{ resource_prefix }}_aws_eks'
- ignore_errors: 'yes' \ No newline at end of file
+ ignore_errors: 'yes'
diff --git a/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/dependecies.yml b/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/dependecies.yml
index dd6efd27a..882d45dd7 100644
--- a/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/dependecies.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/dependecies.yml
@@ -2,7 +2,7 @@
# This space was a copy by aws_eks_cluster integration test
- name: ensure IAM instance role exists
iam_role:
- name: ansible-test-eks_cluster_role
+ name: ansible-test-{{ tiny_prefix }}-eks_nodegroup-cluster
assume_role_policy_document: '{{ lookup(''file'',''eks-trust-policy.json'') }}'
state: present
create_instance_profile: 'no'
@@ -44,7 +44,7 @@
community.aws.ec2_vpc_route_table:
vpc_id: '{{ setup_vpc.vpc.id }}'
tags:
- Name: EKS
+ Name: "EKS-ng-{{ tiny_prefix }}"
subnets: '{{ setup_subnets.results | map(attribute=''subnet.id'') }}'
routes:
- dest: 0.0.0.0/0
@@ -52,7 +52,7 @@
register: public_route_table
- name: create security groups to use for EKS
- ec2_group:
+ ec2_security_group:
name: '{{ item.name }}'
description: '{{ item.description }}'
state: present
@@ -63,7 +63,7 @@
register: setup_security_groups
- name: create EKS cluster
- aws_eks_cluster:
+ eks_cluster:
name: '{{ eks_cluster_name }}'
security_groups: '{{ eks_security_groups | map(attribute=''name'') }}'
subnets: '{{ setup_subnets.results | map(attribute=''subnet.id'') }}'
@@ -77,9 +77,9 @@
- eks_create.name == eks_cluster_name
# Dependecies to eks nodegroup
-- name: create IAM instance role
+- name: create IAM instance role
iam_role:
- name: 'ansible-test-eks_nodegroup'
+ name: 'ansible-test-{{ tiny_prefix }}-eks_nodegroup-ng'
assume_role_policy_document: '{{ lookup(''file'',''eks-nodegroup-trust-policy.json'') }}'
state: present
create_instance_profile: no
diff --git a/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/full_test.yml b/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/full_test.yml
index dcb35d2d1..9accc8e8f 100644
--- a/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/full_test.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/full_test.yml
@@ -445,7 +445,6 @@
state: absent
cluster_name: '{{ eks_cluster_name }}'
register: eks_nodegroup_result
- check_mode: True
- name: check that eks_nodegroup is not changed (idempotency)
assert:
@@ -578,9 +577,21 @@
cluster_name: '{{ eks_cluster_name }}'
wait: True
register: eks_nodegroup_result
- check_mode: True
- name: check that eks_nodegroup is not changed (idempotency)
assert:
that:
- - eks_nodegroup_result is not changed \ No newline at end of file
+ - eks_nodegroup_result is not changed
+
+- name: wait for deletion of name_a nodegroup (idempotency)
+ eks_nodegroup:
+ name: '{{ eks_nodegroup_name_a }}'
+ state: absent
+ cluster_name: '{{ eks_cluster_name }}'
+ wait: True
+ register: eks_nodegroup_result
+
+- name: check that eks_nodegroup is not changed (idempotency)
+ assert:
+ that:
+ - eks_nodegroup_result is not changed
diff --git a/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/main.yml
index 9f896bec6..5c1a76f57 100644
--- a/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/eks_nodegroup/tasks/main.yml
@@ -5,9 +5,9 @@
- amozon.community
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
- include_tasks: dependecies.yml
diff --git a/ansible_collections/community/aws/tests/integration/targets/elasticache/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/elasticache/tasks/main.yml
index 31ae3d9cf..9664a70f1 100644
--- a/ansible_collections/community/aws/tests/integration/targets/elasticache/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/elasticache/tasks/main.yml
@@ -3,9 +3,9 @@
- name: Integration testing for the elasticache module
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
collections:
- amazon.aws
@@ -60,11 +60,11 @@
that:
- elasticache_redis is changed
- elasticache_redis.elasticache.data is defined
- - elasticache_redis.elasticache.name == "{{ elasticache_redis_test_name }}"
- - elasticache_redis.elasticache.data.CacheSubnetGroupName == "{{ elasticache_subnet_group_name }}"
+ - elasticache_redis.elasticache.name == elasticache_redis_test_name
+ - elasticache_redis.elasticache.data.CacheSubnetGroupName == elasticache_subnet_group_name
- name: Add security group for Redis access in Elasticache
- ec2_group:
+ ec2_security_group:
name: "{{ elasticache_redis_sg_name }}"
description: Allow access to Elasticache Redis for testing EC module
vpc_id: "{{ elasticache_vpc.vpc.id }}"
@@ -186,7 +186,7 @@
state: absent
- name: Make sure Redis Security Group is deleted again
- ec2_group:
+ ec2_security_group:
name: "{{ elasticache_redis_sg_name }}"
state: absent
diff --git a/ansible_collections/community/aws/tests/integration/targets/elasticache_subnet_group/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/elasticache_subnet_group/tasks/main.yml
index 5814f9dc9..921a37eb0 100644
--- a/ansible_collections/community/aws/tests/integration/targets/elasticache_subnet_group/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/elasticache_subnet_group/tasks/main.yml
@@ -8,9 +8,9 @@
#
- module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
diff --git a/ansible_collections/community/aws/tests/integration/targets/elasticbeanstalk_app/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/elasticbeanstalk_app/tasks/main.yml
index d90a7ce8d..e1deb9df9 100644
--- a/ansible_collections/community/aws/tests/integration/targets/elasticbeanstalk_app/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/elasticbeanstalk_app/tasks/main.yml
@@ -4,15 +4,15 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
# ============================================================
- name: test with no parameters
- aws_elasticbeanstalk_app:
+ elasticbeanstalk_app:
register: result
ignore_errors: true
@@ -23,7 +23,7 @@
# ============================================================
- name: test create app
- aws_elasticbeanstalk_app:
+ elasticbeanstalk_app:
app_name: "{{ app_name }}"
description: "{{ description }}"
state: present
@@ -36,7 +36,7 @@
# ============================================================
- name: test create when app already exists
- aws_elasticbeanstalk_app:
+ elasticbeanstalk_app:
app_name: "{{ app_name }}"
description: "{{ description }}"
state: present
@@ -49,7 +49,7 @@
# ============================================================
- name: make an update to an existing app
- aws_elasticbeanstalk_app:
+ elasticbeanstalk_app:
app_name: "{{ app_name }}"
description: "{{ alternate_description }}"
state: present
@@ -62,7 +62,7 @@
# # ============================================================
# - name: fail deleting an app that has environments that exist
-# aws_elasticbeanstalk_app:
+# elasticbeanstalk_app:
# app_name: "non_app"
# state: absent
# register: result
@@ -75,7 +75,7 @@
# # ============================================================
# - name: deleting an app that has environments that exist with terminate_by_force True
-# aws_elasticbeanstalk_app:
+# elasticbeanstalk_app:
# app_name: "non_app"
# state: absent
# terminate_by_force: True
@@ -98,7 +98,7 @@
# # ============================================================
# - name: deleting an app that has environments that exist with terminate_by_force True
-# aws_elasticbeanstalk_app:
+# elasticbeanstalk_app:
# app_name: "non_app"
# state: absent
# terminate_by_force: True
@@ -111,7 +111,7 @@
#
# ============================================================
- name: delete non existent app
- aws_elasticbeanstalk_app:
+ elasticbeanstalk_app:
app_name: "non_app"
state: absent
register: result
@@ -125,7 +125,7 @@
# ============================================================
- name: delete existing app
- aws_elasticbeanstalk_app:
+ elasticbeanstalk_app:
app_name: "{{ app_name }}"
state: absent
register: result
@@ -140,6 +140,6 @@
always:
- name: delete existing app
- aws_elasticbeanstalk_app:
+ elasticbeanstalk_app:
app_name: "{{ app_name }}"
state: absent
diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_classic_lb_info/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/elb_classic_lb_info/tasks/main.yml
index e4cd8144b..b09e88072 100644
--- a/ansible_collections/community/aws/tests/integration/targets/elb_classic_lb_info/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/elb_classic_lb_info/tasks/main.yml
@@ -18,10 +18,10 @@
- module_defaults:
group/aws:
- region: "{{ ec2_region }}"
- ec2_access_key: "{{ ec2_access_key }}"
- ec2_secret_key: "{{ ec2_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ region: "{{ aws_region }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
block:
# ============================================================
@@ -32,8 +32,8 @@
name: "{{ elb_name }}"
state: present
zones:
- - "{{ ec2_region }}a"
- - "{{ ec2_region }}b"
+ - "{{ aws_region }}a"
+ - "{{ aws_region }}b"
listeners:
- protocol: http
load_balancer_port: 80
@@ -55,8 +55,8 @@
that:
- create is changed
# We rely on these for the info test, make sure they're what we expect
- - '"{{ ec2_region }}a" in create.elb.zones'
- - '"{{ ec2_region }}b" in create.elb.zones'
+ - aws_region ~ 'a' in create.elb.zones
+ - aws_region ~ 'b' in create.elb.zones
- create.elb.health_check.healthy_threshold == 10
- create.elb.health_check.interval == 30
- create.elb.health_check.target == "HTTP:80/index.html"
@@ -74,8 +74,8 @@
that:
- info.elbs|length == 1
- elb.availability_zones|length == 2
- - '"{{ ec2_region }}a" in elb.availability_zones'
- - '"{{ ec2_region }}b" in elb.availability_zones'
+ - aws_region ~ 'a' in elb.availability_zones
+ - aws_region ~ 'b' in elb.availability_zones
- elb.health_check.healthy_threshold == 10
- elb.health_check.interval == 30
- elb.health_check.target == "HTTP:80/index.html"
@@ -115,7 +115,7 @@
name: "{{ elb_name }}"
state: present
zones:
- - "{{ ec2_region }}c"
+ - "{{ aws_region }}c"
listeners:
- protocol: http
load_balancer_port: 80
@@ -134,7 +134,7 @@
- assert:
that:
- update_az is changed
- - update_az.elb.zones[0] == "{{ ec2_region }}c"
+ - update_az.elb.zones[0] == aws_region ~ 'c'
- name: Get ELB info after changing AZ's
elb_classic_lb_info:
@@ -144,7 +144,7 @@
- assert:
that:
- elb.availability_zones|length == 1
- - '"{{ ec2_region }}c" in elb.availability_zones[0]'
+ - aws_region ~ 'c' in elb.availability_zones[0]
vars:
elb: "{{ info.elbs[0] }}"
@@ -157,9 +157,9 @@
name: "{{ elb_name }}"
state: present
zones:
- - "{{ ec2_region }}a"
- - "{{ ec2_region }}b"
- - "{{ ec2_region }}c"
+ - "{{ aws_region }}a"
+ - "{{ aws_region }}b"
+ - "{{ aws_region }}c"
listeners:
- protocol: http
load_balancer_port: 80
@@ -170,9 +170,9 @@
- assert:
that:
- update_az is changed
- - '"{{ ec2_region }}a" in update_az.elb.zones'
- - '"{{ ec2_region }}b" in update_az.elb.zones'
- - '"{{ ec2_region }}c" in update_az.elb.zones'
+ - aws_region ~ 'a' in update_az.elb.zones
+ - aws_region ~ 'b' in update_az.elb.zones
+ - aws_region ~ 'c' in update_az.elb.zones
- name: Get ELB info after updating AZ's
elb_classic_lb_info:
@@ -182,9 +182,9 @@
- assert:
that:
- elb.availability_zones|length == 3
- - '"{{ ec2_region }}a" in elb.availability_zones'
- - '"{{ ec2_region }}b" in elb.availability_zones'
- - '"{{ ec2_region }}c" in elb.availability_zones'
+ - aws_region ~ 'a' in elb.availability_zones
+ - aws_region ~ 'b' in elb.availability_zones
+ - aws_region ~ 'c' in elb.availability_zones
vars:
elb: "{{ info.elbs[0] }}"
@@ -197,9 +197,9 @@
name: "{{ elb_name }}"
state: present
zones:
- - "{{ ec2_region }}a"
- - "{{ ec2_region }}b"
- - "{{ ec2_region }}c"
+ - "{{ aws_region }}a"
+ - "{{ aws_region }}b"
+ - "{{ aws_region }}c"
listeners:
- protocol: http
load_balancer_port: 80
@@ -235,9 +235,9 @@
name: "{{ elb_name }}"
state: present
zones:
- - "{{ ec2_region }}a"
- - "{{ ec2_region }}b"
- - "{{ ec2_region }}c"
+ - "{{ aws_region }}a"
+ - "{{ aws_region }}b"
+ - "{{ aws_region }}c"
listeners:
- protocol: http
load_balancer_port: 8081
diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/cleanup_instances.yml b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/cleanup_instances.yml
index 7ae91ac00..262bc99b2 100644
--- a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/cleanup_instances.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/cleanup_instances.yml
@@ -9,14 +9,14 @@
ignore_errors: true
- name: Delete ASG
- ec2_asg:
+ autoscaling_group:
name: '{{ asg_name }}'
state: absent
ignore_errors: true
register: ec2_asg_a
- name: Delete Launch Template
- ec2_lc:
+ autoscaling_launch_config:
name: '{{ lc_name }}'
state: absent
ignore_errors: true
diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/cleanup_vpc.yml b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/cleanup_vpc.yml
index 9abeb74a2..754b685f6 100644
--- a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/cleanup_vpc.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/cleanup_vpc.yml
@@ -1,6 +1,6 @@
---
- name: delete security groups
- ec2_group:
+ ec2_security_group:
name: '{{ item }}'
state: absent
ignore_errors: true
diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/main.yml
index 247b6f6b6..3ab9be64d 100644
--- a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/main.yml
@@ -2,9 +2,9 @@
- module_defaults:
group/aws:
region: "{{ aws_region }}"
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
collections:
- community.aws
- amazon.aws
diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/manage_asgs.yml b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/manage_asgs.yml
index f0e9db601..ea726b8fe 100644
--- a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/manage_asgs.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/manage_asgs.yml
@@ -1,6 +1,6 @@
---
- name: Get ASG info
- ec2_asg_info:
+ autoscaling_group_info:
name: "{{ asg_name }}$"
register: asg_info
diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/setup_instances.yml b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/setup_instances.yml
index b89b38d20..455a9886b 100644
--- a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/setup_instances.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/setup_instances.yml
@@ -25,7 +25,7 @@
instance_b: "{{ ec2_instance_b.instance_ids[0] }}"
- name: Create a Launch Template
- ec2_lc:
+ autoscaling_launch_config:
name: "{{ lc_name }}"
image_id: "{{ ec2_ami_id }}"
security_groups: "{{ sg_a }}"
@@ -34,7 +34,7 @@
register: ec2_lc_a
- name: Create an ASG
- ec2_asg:
+ autoscaling_group:
name: "{{ asg_name }}"
load_balancers:
- "{{ elb_name_1 }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/setup_vpc.yml b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/setup_vpc.yml
index 26fafa41c..60c85b8eb 100644
--- a/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/setup_vpc.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/elb_instance/tasks/setup_vpc.yml
@@ -32,7 +32,7 @@
register: setup_subnet_2
- name: create a security group
- ec2_group:
+ ec2_security_group:
name: '{{ sg_name_1 }}'
description: 'created by Ansible integration tests'
state: present
@@ -45,7 +45,7 @@
register: setup_sg_1
- name: create a security group
- ec2_group:
+ ec2_security_group:
name: '{{ sg_name_2 }}'
description: 'created by Ansible integration tests'
state: present
diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/main.yml
index cf0a13ec4..e277fffd7 100644
--- a/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/main.yml
@@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
@@ -89,7 +89,7 @@
gateway_id: "{{ igw.gateway_id }}"
register: route_table
- - ec2_group:
+ - ec2_security_group:
name: "{{ resource_prefix }}"
description: "security group for Ansible NLB integration tests"
state: present
@@ -173,7 +173,7 @@
ignore_errors: yes
- name: destroy sec group
- ec2_group:
+ ec2_security_group:
name: "{{ sec_group.group_name }}"
description: "security group for Ansible NLB integration tests"
state: absent
diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/test_nlb_tags.yml b/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/test_nlb_tags.yml
index b55a0777f..f1e920de8 100644
--- a/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/test_nlb_tags.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/test_nlb_tags.yml
@@ -34,7 +34,7 @@
- assert:
that:
- nlb.changed
- - 'nlb.tags.created_by == "NLB test {{ resource_prefix }}"'
+ - nlb.tags.created_by == 'NLB test ' ~ resource_prefix
- name: test tags are not removed if unspecified
elb_network_lb:
@@ -46,7 +46,7 @@
- assert:
that:
- not nlb.changed
- - 'nlb.tags.created_by == "NLB test {{ resource_prefix }}"'
+ - nlb.tags.created_by == 'NLB test ' ~ resource_prefix
- name: remove tags from NLB
elb_network_lb:
diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/test_nlb_with_asg.yml b/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/test_nlb_with_asg.yml
index 06fab22b5..295e5e469 100644
--- a/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/test_nlb_with_asg.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/elb_network_lb/tasks/test_nlb_with_asg.yml
@@ -1,17 +1,17 @@
- block:
# create instances
- - ec2_asg:
+ - autoscaling_group:
state: absent
name: "{{ resource_prefix }}-webservers"
wait_timeout: 900
- - ec2_lc:
+ - autoscaling_launch_config:
name: "{{ resource_prefix }}-web-lcfg"
state: absent
- name: Create launch config for testing
- ec2_lc:
+ autoscaling_launch_config:
name: "{{ resource_prefix }}-web-lcfg"
assign_public_ip: true
image_id: "{{ ec2_ami_id }}"
@@ -31,7 +31,7 @@
delete_on_termination: true
- name: Create autoscaling group for app server fleet
- ec2_asg:
+ autoscaling_group:
name: "{{ resource_prefix }}-webservers"
vpc_zone_identifier: "{{ nlb_subnets }}"
launch_config_name: "{{ resource_prefix }}-web-lcfg"
@@ -50,13 +50,13 @@
always:
- - ec2_asg:
+ - autoscaling_group:
state: absent
name: "{{ resource_prefix }}-webservers"
wait_timeout: 900
ignore_errors: yes
- - ec2_lc:
+ - autoscaling_launch_config:
name: "{{ resource_prefix }}-web-lcfg"
state: absent
ignore_errors: yes
diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_target/files/ansible_lambda_target.py b/ansible_collections/community/aws/tests/integration/targets/elb_target/files/ansible_lambda_target.py
index 3ea22472e..d652d6097 100644
--- a/ansible_collections/community/aws/tests/integration/targets/elb_target/files/ansible_lambda_target.py
+++ b/ansible_collections/community/aws/tests/integration/targets/elb_target/files/ansible_lambda_target.py
@@ -1,10 +1,10 @@
-from __future__ import (absolute_import, division, print_function)
+from __future__ import absolute_import
+from __future__ import division
+from __future__ import print_function
+
__metaclass__ = type
import json
def lambda_handler(event, context):
- return {
- 'statusCode': 200,
- 'body': json.dumps('Hello from Lambda!')
- }
+ return {"statusCode": 200, "body": json.dumps("Hello from Lambda!")}
diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/alb_target.yml b/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/alb_target.yml
index d3638a63c..446b59031 100644
--- a/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/alb_target.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/alb_target.yml
@@ -51,7 +51,7 @@
register: route_table
- name: create testing security group
- ec2_group:
+ ec2_security_group:
name: "{{ resource_prefix }}-sg"
description: a security group for ansible tests
vpc_id: "{{ vpc.vpc.id }}"
@@ -177,7 +177,7 @@
ignore_errors: true
- name: remove testing security group
- ec2_group:
+ ec2_security_group:
state: absent
name: "{{ resource_prefix }}-sg"
register: removed
diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/ec2_target.yml b/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/ec2_target.yml
index 611aca26f..20931f1d7 100644
--- a/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/ec2_target.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/ec2_target.yml
@@ -58,7 +58,7 @@
register: route_table
- name: create testing security group
- ec2_group:
+ ec2_security_group:
name: "{{ resource_prefix }}-sg"
description: a security group for ansible tests
vpc_id: "{{ vpc.vpc.id }}"
@@ -147,7 +147,7 @@
- result.health_check_protocol == 'TCP'
- '"tags" in result'
- '"target_group_arn" in result'
- - result.target_group_name == "{{ tg_name }}-nlb"
+ - result.target_group_name == tg_name ~ '-nlb'
- result.target_type == 'instance'
- result.deregistration_delay_timeout_seconds == '60'
- result.deregistration_delay_connection_termination_enabled
@@ -214,7 +214,7 @@
- '"load_balancer_arn" in result'
- '"tags" in result'
- result.type == 'network'
- - result.vpc_id == '{{ vpc.vpc.id }}'
+ - result.vpc_id == vpc.vpc.id
- name: modify up testing target group for NLB (preserve_client_ip_enabled=false)
elb_target_group:
@@ -603,7 +603,7 @@
ignore_errors: true
- name: remove testing security group
- ec2_group:
+ ec2_security_group:
state: absent
name: "{{ resource_prefix }}-sg"
register: removed
diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/main.yml
index e99118c64..8f03edfa8 100644
--- a/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/elb_target/tasks/main.yml
@@ -2,9 +2,9 @@
- name: set up elb_target test prerequisites
module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
collections:
- community.general
diff --git a/ansible_collections/community/aws/tests/integration/targets/elb_target_info/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/elb_target_info/tasks/main.yml
index fc11cdbcd..fadce2135 100644
--- a/ansible_collections/community/aws/tests/integration/targets/elb_target_info/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/elb_target_info/tasks/main.yml
@@ -2,9 +2,9 @@
- name: set up elb_target_info test prerequisites
module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
collections:
- amazon.aws
@@ -66,7 +66,7 @@
register: route_table
- name: create testing security group
- ec2_group:
+ ec2_security_group:
name: "{{ resource_prefix }}-sg"
description: a security group for ansible tests
vpc_id: "{{ vpc.vpc.id }}"
@@ -207,9 +207,9 @@
- assert:
that:
- - "{{ alb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn')) }}"
- - "{{ nlb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn')) }}"
- - "{{ idle_target_group.target_group_arn not in (target_facts.instance_target_groups | map(attribute='target_group_arn')) }}"
+ - "alb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn'))"
+ - "nlb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn'))"
+ - "idle_target_group.target_group_arn not in (target_facts.instance_target_groups | map(attribute='target_group_arn'))"
- (target_facts.instance_target_groups | length) == 2
msg: "target facts showed the target in the right target groups"
@@ -228,9 +228,9 @@
- assert:
that:
- - "{{ alb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn')) }}"
- - "{{ nlb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn')) }}"
- - "{{ idle_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn')) }}"
+ - "alb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn'))"
+ - "nlb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn'))"
+ - "idle_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn'))"
- (target_facts.instance_target_groups | length) == 3
msg: "target facts reflected the addition of the target to the idle group"
@@ -242,9 +242,9 @@
- assert:
that:
- - "{{ alb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn')) }}"
- - "{{ nlb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn')) }}"
- - "{{ idle_target_group.target_group_arn not in (target_facts.instance_target_groups | map(attribute='target_group_arn')) }}"
+ - "alb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn'))"
+ - "nlb_target_group.target_group_arn in (target_facts.instance_target_groups | map(attribute='target_group_arn'))"
+ - "idle_target_group.target_group_arn not in (target_facts.instance_target_groups | map(attribute='target_group_arn'))"
- (target_facts.instance_target_groups | length) == 2
msg: "target_facts.instance_target_groups did not gather unused target groups when variable was set"
@@ -407,7 +407,7 @@
ignore_errors: true
- name: remove testing security group
- ec2_group:
+ ec2_security_group:
state: absent
name: "{{ resource_prefix }}-sg"
description: a security group for ansible tests
diff --git a/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/main.yml
index 837f9bd17..c11b297af 100644
--- a/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/main.yml
@@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:
- include_tasks: test_connection_network.yml
diff --git a/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/test_connection_jdbc.yml b/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/test_connection_jdbc.yml
index 966d8156f..a3b052ba9 100644
--- a/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/test_connection_jdbc.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/test_connection_jdbc.yml
@@ -5,7 +5,7 @@
# TODO: description, match_criteria, security_groups, and subnet_id are unused module options
- name: create glue connection
- aws_glue_connection:
+ glue_connection:
name: "{{ resource_prefix }}"
connection_properties:
JDBC_CONNECTION_URL: "jdbc:mysql://mydb:3306/{{ resource_prefix }}"
@@ -19,7 +19,7 @@
- result.changed
- name: test idempotence creating glue connection
- aws_glue_connection:
+ glue_connection:
name: "{{ resource_prefix }}"
connection_properties:
JDBC_CONNECTION_URL: "jdbc:mysql://mydb:3306/{{ resource_prefix }}"
@@ -33,7 +33,7 @@
- not result.changed
- name: test updating JDBC connection url
- aws_glue_connection:
+ glue_connection:
name: "{{ resource_prefix }}"
connection_properties:
JDBC_CONNECTION_URL: "jdbc:mysql://mydb:3306/{{ resource_prefix }}-updated"
@@ -47,7 +47,7 @@
- result.changed
- name: delete glue connection
- aws_glue_connection:
+ glue_connection:
name: "{{ resource_prefix }}"
state: absent
register: result
@@ -57,7 +57,7 @@
- result.changed
- name: test idempotence removing glue connection
- aws_glue_connection:
+ glue_connection:
name: "{{ resource_prefix }}"
state: absent
register: result
@@ -69,6 +69,6 @@
always:
- name: delete glue connection
- aws_glue_connection:
+ glue_connection:
name: "{{ resource_prefix }}"
state: absent
diff --git a/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/test_connection_network.yml b/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/test_connection_network.yml
index 230015585..bc7d5cb4c 100644
--- a/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/test_connection_network.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/glue_connection/tasks/test_connection_network.yml
@@ -26,7 +26,7 @@
register: glue_subnet_a
- name: Create security group 1
- ec2_group:
+ ec2_security_group:
name: "{{ resource_prefix }}-sg-glue-1"
description: A security group for Ansible tests
vpc_id: "{{ glue_vpc.vpc.id }}"
@@ -37,7 +37,7 @@
rule_desc: Connections from Glue
- name: Create security group 2
- ec2_group:
+ ec2_security_group:
name: "{{ resource_prefix }}-sg-glue-2"
description: A security group for Ansible tests
vpc_id: "{{ glue_vpc.vpc.id }}"
@@ -48,7 +48,7 @@
rule_desc: Connections from Glue
- name: Create Glue connection (check mode)
- aws_glue_connection:
+ glue_connection:
name: "{{ resource_prefix }}"
availability_zone: "{{ aws_region }}a"
connection_properties:
@@ -69,7 +69,7 @@
- glue_connection_check.description is not defined
- name: Create Glue connection
- aws_glue_connection:
+ glue_connection:
name: "{{ resource_prefix }}"
availability_zone: "{{ aws_region }}a"
connection_properties:
@@ -109,7 +109,7 @@
- glue_connection.raw_connection_properties == connection_info["Connection"]["ConnectionProperties"]
- name: Create Glue connection (idempotent) (check mode)
- aws_glue_connection:
+ glue_connection:
name: "{{ resource_prefix }}"
availability_zone: "{{ aws_region }}a"
connection_properties:
@@ -149,7 +149,7 @@
- connection_info_idempotent_check["Connection"]["PhysicalConnectionRequirements"]["AvailabilityZone"] == connection_info["Connection"]["PhysicalConnectionRequirements"]["AvailabilityZone"]
- name: Create Glue connection (idempotent)
- aws_glue_connection:
+ glue_connection:
name: "{{ resource_prefix }}"
availability_zone: "{{ aws_region }}a"
connection_properties:
@@ -188,7 +188,7 @@
- connection_info_idempotent["Connection"]["PhysicalConnectionRequirements"]["AvailabilityZone"] == connection_info["Connection"]["PhysicalConnectionRequirements"]["AvailabilityZone"]
- name: Update Glue connection (check mode)
- aws_glue_connection:
+ glue_connection:
name: "{{ resource_prefix }}"
availability_zone: "{{ aws_region }}a"
connection_properties:
@@ -229,7 +229,7 @@
- glue_connection_update_check.raw_connection_properties == connection_info_update_check["Connection"]["ConnectionProperties"]
- name: Update Glue connection
- aws_glue_connection:
+ glue_connection:
name: "{{ resource_prefix }}"
availability_zone: "{{ aws_region }}a"
connection_properties:
@@ -269,7 +269,7 @@
- glue_connection_update.raw_connection_properties == connection_info_update["Connection"]["ConnectionProperties"]
- name: Delete Glue connection (check mode)
- aws_glue_connection:
+ glue_connection:
name: "{{ resource_prefix }}"
state: absent
check_mode: true
@@ -295,7 +295,7 @@
- connection_info["Connection"]["Name"] == connection_info_delete_check["Connection"]["Name"]
- name: Delete Glue connection
- aws_glue_connection:
+ glue_connection:
name: "{{ resource_prefix }}"
state: absent
register: glue_connection_delete
@@ -307,17 +307,17 @@
always:
- name: Delete Glue connection
- aws_glue_connection:
+ glue_connection:
name: "{{ resource_prefix }}"
state: absent
ignore_errors: true
- name: Delete security group 1
- ec2_group:
+ ec2_security_group:
name: "{{ resource_prefix }}-sg-glue-1"
state: absent
ignore_errors: true
- name: Delete security group 2
- ec2_group:
+ ec2_security_group:
name: "{{ resource_prefix }}-sg-glue-2"
state: absent
ignore_errors: true
diff --git a/ansible_collections/community/aws/tests/integration/targets/glue_crawler/aliases b/ansible_collections/community/aws/tests/integration/targets/glue_crawler/aliases
index 4ef4b2067..21fa9fd98 100644
--- a/ansible_collections/community/aws/tests/integration/targets/glue_crawler/aliases
+++ b/ansible_collections/community/aws/tests/integration/targets/glue_crawler/aliases
@@ -1 +1,4 @@
cloud/aws
+
+disabled
+# https://github.com/ansible-collections/community.aws/issues/1796
diff --git a/ansible_collections/community/aws/tests/integration/targets/glue_crawler/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/glue_crawler/tasks/main.yml
index b96968195..82ff4addf 100644
--- a/ansible_collections/community/aws/tests/integration/targets/glue_crawler/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/glue_crawler/tasks/main.yml
@@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:
@@ -29,7 +29,7 @@
seconds: 10
- name: Create Glue crawler (check mode)
- aws_glue_crawler:
+ glue_crawler:
name: "{{ glue_crawler_name }}"
database_name: my_database
description: "{{ glue_crawler_description }}"
@@ -56,7 +56,7 @@
- glue_crawler_check.description is not defined
- name: Create Glue crawler
- aws_glue_crawler:
+ glue_crawler:
name: "{{ glue_crawler_name }}"
database_name: my_database
description: "{{ glue_crawler_description }}"
@@ -102,7 +102,7 @@
- glue_crawler.targets.S3Targets == crawler_info["Crawler"]["Targets"]["S3Targets"]
- name: Create Glue crawler (idempotent) (check mode)
- aws_glue_crawler:
+ glue_crawler:
name: "{{ glue_crawler_name }}"
database_name: my_database
description: "{{ glue_crawler_description }}"
@@ -149,7 +149,7 @@
- crawler_info["Crawler"]["Targets"]["S3Targets"] == crawler_info_idempotent_check["Crawler"]["Targets"]["S3Targets"]
- name: Create Glue crawler (idempotent)
- aws_glue_crawler:
+ glue_crawler:
name: "{{ glue_crawler_name }}"
database_name: my_database
description: "{{ glue_crawler_description }}"
@@ -195,7 +195,7 @@
- crawler_info["Crawler"]["Targets"]["S3Targets"] == crawler_info_idempotent["Crawler"]["Targets"]["S3Targets"]
- name: Update Glue crawler (check mode)
- aws_glue_crawler:
+ glue_crawler:
name: "{{ glue_crawler_name }}"
database_name: my_database_2
description: "{{ glue_crawler_description }}"
@@ -242,7 +242,7 @@
- glue_crawler_update_check.targets.S3Targets == crawler_info_update_check["Crawler"]["Targets"]["S3Targets"]
- name: Update Glue crawler
- aws_glue_crawler:
+ glue_crawler:
name: "{{ glue_crawler_name }}"
database_name: my_database_2
description: "{{ glue_crawler_description }}"
@@ -288,7 +288,7 @@
- glue_crawler_update.targets.S3Targets == crawler_info_update["Crawler"]["Targets"]["S3Targets"]
- name: Delete Glue crawler (check mode)
- aws_glue_crawler:
+ glue_crawler:
name: "{{ glue_crawler_name }}"
state: absent
check_mode: true
@@ -315,7 +315,7 @@
- crawler_info["Crawler"]["Name"] == crawler_info_delete_check["Crawler"]["Name"]
- name: Delete Glue crawler
- aws_glue_crawler:
+ glue_crawler:
name: "{{ glue_crawler_name }}"
state: absent
register: glue_crawler_delete
@@ -327,7 +327,7 @@
always:
- name: Delete Glue crawler
- aws_glue_crawler:
+ glue_crawler:
name: "{{ glue_crawler_name }}"
state: absent
ignore_errors: true
diff --git a/ansible_collections/community/aws/tests/integration/targets/glue_job/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/glue_job/tasks/main.yml
index 307a9befb..85080fd02 100644
--- a/ansible_collections/community/aws/tests/integration/targets/glue_job/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/glue_job/tasks/main.yml
@@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:
# AWS CLI is needed until there's a module to get info about Glue jobs
@@ -30,7 +30,7 @@
- "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess"
- name: Create Glue job (check mode)
- aws_glue_job:
+ glue_job:
name: "{{ glue_job_name }}"
command_python_version: 3
command_script_location: "{{ glue_job_command_script_location }}"
@@ -53,7 +53,7 @@
- glue_job_check.description is not defined
- name: Create Glue job
- aws_glue_job:
+ glue_job:
name: "{{ glue_job_name }}"
command_python_version: 3
command_script_location: "{{ glue_job_command_script_location }}"
@@ -93,7 +93,7 @@
- glue_job.role == job_info["Job"]["Role"]
- name: Create Glue job (idempotent) (check mode)
- aws_glue_job:
+ glue_job:
name: "{{ glue_job_name }}"
command_python_version: 3
command_script_location: "{{ glue_job_command_script_location }}"
@@ -135,7 +135,7 @@
- job_info["Job"]["Role"] == job_info_idempotent_check["Job"]["Role"]
- name: Create Glue job (idempotent)
- aws_glue_job:
+ glue_job:
name: "{{ glue_job_name }}"
command_python_version: 3
command_script_location: "{{ glue_job_command_script_location }}"
@@ -176,7 +176,7 @@
- job_info["Job"]["Role"] == job_info_idempotent["Job"]["Role"]
- name: Update Glue job (check mode)
- aws_glue_job:
+ glue_job:
name: "{{ glue_job_name }}"
command_python_version: 2
command_script_location: "{{ glue_job_command_script_location }}"
@@ -216,7 +216,7 @@
- glue_job_update_check.role == job_info_update_check["Job"]["Role"]
- name: Update Glue job
- aws_glue_job:
+ glue_job:
name: "{{ glue_job_name }}"
command_python_version: 2
command_script_location: "{{ glue_job_command_script_location }}"
@@ -255,7 +255,7 @@
- glue_job_update.role == job_info_update["Job"]["Role"]
- name: Delete Glue job (check mode)
- aws_glue_job:
+ glue_job:
name: "{{ glue_job_name }}"
state: absent
check_mode: true
@@ -281,7 +281,7 @@
- job_info["Job"]["Name"] == job_info_delete_check["Job"]["Name"]
- name: Delete Glue job
- aws_glue_job:
+ glue_job:
name: "{{ glue_job_name }}"
state: absent
register: glue_job_delete
@@ -293,7 +293,7 @@
always:
- name: Delete Glue job
- aws_glue_job:
+ glue_job:
name: "{{ glue_job_name }}"
state: absent
ignore_errors: true
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_access_key/aliases b/ansible_collections/community/aws/tests/integration/targets/iam_access_key/aliases
deleted file mode 100644
index ffceccfcc..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_access_key/aliases
+++ /dev/null
@@ -1,9 +0,0 @@
-# reason: missing-policy
-# It should be possible to test iam_user by limiting which policies can be
-# attached to the users.
-# Careful review is needed prior to adding this to the main CI.
-unsupported
-
-cloud/aws
-
-iam_access_key_info
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_access_key/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_access_key/defaults/main.yml
deleted file mode 100644
index eaaa3523e..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_access_key/defaults/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-test_user: '{{ resource_prefix }}'
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_access_key/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_access_key/tasks/main.yml
deleted file mode 100644
index a7fcc633c..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_access_key/tasks/main.yml
+++ /dev/null
@@ -1,808 +0,0 @@
----
-- name: AWS AuthN details
- module_defaults:
- group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
- region: "{{ aws_region }}"
- collections:
- - amazon.aws
- - community.aws
- block:
- # ==================================================================================
- # Preparation
- # ==================================================================================
- # We create an IAM user with no attached permissions. The *only* thing the
- # user will be able to do is call sts.get_caller_identity
- # https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html
- - name: Create test user
- iam_user:
- name: '{{ test_user }}'
- state: present
- register: iam_user
-
- - assert:
- that:
- - iam_user is successful
- - iam_user is changed
-
- # ==================================================================================
-
- - name: Fetch IAM key info (no keys)
- iam_access_key_info:
- user_name: '{{ test_user }}'
- register: access_key_info
-
- - assert:
- that:
- - access_key_info is successful
- - '"access_keys" in access_key_info'
- - access_key_info.access_keys | length == 0
-
- # ==================================================================================
-
- - name: Create a key (check_mode)
- iam_access_key:
- user_name: '{{ test_user }}'
- state: present
- register: create_key_1
- check_mode: true
-
- - assert:
- that:
- - create_key_1 is successful
- - create_key_1 is changed
-
- - name: Create a key
- iam_access_key:
- user_name: '{{ test_user }}'
- state: present
- register: create_key_1
-
- - assert:
- that:
- - create_key_1 is successful
- - create_key_1 is changed
- - '"access_key" in create_key_1'
- - '"secret_access_key" in create_key_1'
- - '"deleted_access_key_id" not in create_key_1'
- - '"access_key_id" in create_key_1.access_key'
- - '"create_date" in create_key_1.access_key'
- - '"user_name" in create_key_1.access_key'
- - '"status" in create_key_1.access_key'
- - create_key_1.access_key.user_name == test_user
- - create_key_1.access_key.status == 'Active'
-
- - name: Fetch IAM key info (1 key)
- iam_access_key_info:
- user_name: '{{ test_user }}'
- register: access_key_info
-
- - assert:
- that:
- - access_key_info is successful
- - '"access_keys" in access_key_info'
- - access_key_info.access_keys | length == 1
- - '"access_key_id" in access_key_1'
- - '"create_date" in access_key_1'
- - '"user_name" in access_key_1'
- - '"status" in access_key_1'
- - access_key_1.user_name == test_user
- - access_key_1.access_key_id == create_key_1.access_key.access_key_id
- - access_key_1.create_date == create_key_1.access_key.create_date
- - access_key_1.status == 'Active'
- vars:
- access_key_1: '{{ access_key_info.access_keys[0] }}'
-
- # ==================================================================================
-
- - name: Create a second key (check_mode)
- iam_access_key:
- user_name: '{{ test_user }}'
- state: present
- register: create_key_2
- check_mode: true
-
- - assert:
- that:
- - create_key_2 is successful
- - create_key_2 is changed
-
- - name: Create a second key
- iam_access_key:
- user_name: '{{ test_user }}'
- state: present
- register: create_key_2
-
- - assert:
- that:
- - create_key_2 is successful
- - create_key_2 is changed
- - '"access_key" in create_key_2'
- - '"secret_access_key" in create_key_2'
- - '"deleted_access_key_id" not in create_key_2'
- - '"access_key_id" in create_key_2.access_key'
- - '"create_date" in create_key_2.access_key'
- - '"user_name" in create_key_2.access_key'
- - '"status" in create_key_2.access_key'
- - create_key_2.access_key.user_name == test_user
- - create_key_2.access_key.status == 'Active'
-
- - name: Fetch IAM key info (2 keys)
- iam_access_key_info:
- user_name: '{{ test_user }}'
- register: access_key_info
-
- - assert:
- that:
- - access_key_info is successful
- - '"access_keys" in access_key_info'
- - access_key_info.access_keys | length == 2
- - '"access_key_id" in access_key_1'
- - '"create_date" in access_key_1'
- - '"user_name" in access_key_1'
- - '"status" in access_key_1'
- - access_key_1.user_name == test_user
- - access_key_1.access_key_id == create_key_1.access_key.access_key_id
- - access_key_1.create_date == create_key_1.access_key.create_date
- - access_key_1.status == 'Active'
- - '"access_key_id" in access_key_2'
- - '"create_date" in access_key_2'
- - '"user_name" in access_key_2'
- - '"status" in access_key_2'
- - access_key_2.user_name == test_user
- - access_key_2.access_key_id == create_key_2.access_key.access_key_id
- - access_key_2.create_date == create_key_2.access_key.create_date
- - access_key_2.status == 'Active'
- vars:
- access_key_1: '{{ access_key_info.access_keys[0] }}'
- access_key_2: '{{ access_key_info.access_keys[1] }}'
-
- # ==================================================================================
-
- # We don't block the attempt to create a third access key - should AWS change
- # the limits this will "JustWork".
-
- # - name: Create a third key (check_mode)
- # iam_access_key:
- # user_name: '{{ test_user }}'
- # state: present
- # register: create_key_3
- # ignore_errors: True
- # check_mode: true
-
- # - assert:
- # that:
- # - create_key_3 is successful
- # - create_key_3 is changed
-
- - name: Create a third key without rotation
- iam_access_key:
- user_name: '{{ test_user }}'
- state: present
- register: create_key_3
- ignore_errors: True
-
- - assert:
- that:
- # If Amazon update the limits we may need to change the expectation here.
- - create_key_3 is failed
-
- - name: Fetch IAM key info (2 keys - not changed)
- iam_access_key_info:
- user_name: '{{ test_user }}'
- register: access_key_info
-
- - assert:
- that:
- - access_key_info is successful
- - '"access_keys" in access_key_info'
- - access_key_info.access_keys | length == 2
- - '"access_key_id" in access_key_1'
- - '"create_date" in access_key_1'
- - '"user_name" in access_key_1'
- - '"status" in access_key_1'
- - access_key_1.user_name == test_user
- - access_key_1.access_key_id == create_key_1.access_key.access_key_id
- - access_key_1.create_date == create_key_1.access_key.create_date
- - access_key_1.status == 'Active'
- - '"access_key_id" in access_key_2'
- - '"create_date" in access_key_2'
- - '"user_name" in access_key_2'
- - '"status" in access_key_2'
- - access_key_2.user_name == test_user
- - access_key_2.access_key_id == create_key_2.access_key.access_key_id
- - access_key_2.create_date == create_key_2.access_key.create_date
- - access_key_2.status == 'Active'
- vars:
- access_key_1: '{{ access_key_info.access_keys[0] }}'
- access_key_2: '{{ access_key_info.access_keys[1] }}'
-
- # ==================================================================================
-
- - name: Create a third key - rotation enabled (check_mode)
- iam_access_key:
- user_name: '{{ test_user }}'
- state: present
- rotate_keys: true
- register: create_key_3
- check_mode: true
-
- - assert:
- that:
- - create_key_3 is successful
- - create_key_3 is changed
- - '"deleted_access_key_id" in create_key_3'
- - create_key_3.deleted_access_key_id == create_key_1.access_key.access_key_id
-
- - name: Create a second key
- iam_access_key:
- user_name: '{{ test_user }}'
- state: present
- rotate_keys: true
- register: create_key_3
-
- - assert:
- that:
- - create_key_3 is successful
- - create_key_3 is changed
- - '"access_key" in create_key_3'
- - '"secret_access_key" in create_key_3'
- - '"deleted_access_key_id" in create_key_3'
- - create_key_3.deleted_access_key_id == create_key_1.access_key.access_key_id
- - '"access_key_id" in create_key_3.access_key'
- - '"create_date" in create_key_3.access_key'
- - '"user_name" in create_key_3.access_key'
- - '"status" in create_key_3.access_key'
- - create_key_3.access_key.user_name == test_user
- - create_key_3.access_key.status == 'Active'
-
- - name: Fetch IAM key info (2 keys - oldest rotated)
- iam_access_key_info:
- user_name: '{{ test_user }}'
- register: access_key_info
-
- - assert:
- that:
- - access_key_info is successful
- - '"access_keys" in access_key_info'
- - access_key_info.access_keys | length == 2
- - '"access_key_id" in access_key_1'
- - '"create_date" in access_key_1'
- - '"user_name" in access_key_1'
- - '"status" in access_key_1'
- - access_key_1.user_name == test_user
- - access_key_1.access_key_id == create_key_2.access_key.access_key_id
- - access_key_1.create_date == create_key_2.access_key.create_date
- - access_key_1.status == 'Active'
- - '"access_key_id" in access_key_2'
- - '"create_date" in access_key_2'
- - '"user_name" in access_key_2'
- - '"status" in access_key_2'
- - access_key_2.user_name == test_user
- - access_key_2.access_key_id == create_key_3.access_key.access_key_id
- - access_key_2.create_date == create_key_3.access_key.create_date
- - access_key_2.status == 'Active'
- vars:
- access_key_1: '{{ access_key_info.access_keys[0] }}'
- access_key_2: '{{ access_key_info.access_keys[1] }}'
-
- # ==================================================================================
-
- - name: Disable third key (check_mode)
- iam_access_key:
- user_name: '{{ test_user }}'
- id: '{{ create_key_3.access_key.access_key_id }}'
- enabled: False
- register: disable_key
- check_mode: true
-
- - assert:
- that:
- - disable_key is successful
- - disable_key is changed
-
- - name: Disable third key
- iam_access_key:
- user_name: '{{ test_user }}'
- id: '{{ create_key_3.access_key.access_key_id }}'
- enabled: False
- register: disable_key
-
- - assert:
- that:
- - disable_key is successful
- - disable_key is changed
- - '"access_key" in disable_key'
- - '"secret_access_key" not in disable_key'
- - '"deleted_access_key_id" not in disable_key'
- - '"access_key_id" in disable_key.access_key'
- - '"create_date" in disable_key.access_key'
- - '"user_name" in disable_key.access_key'
- - '"status" in disable_key.access_key'
- - disable_key.access_key.user_name == test_user
- - disable_key.access_key.status == 'Inactive'
-
- - name: Disable third key - idempotency (check_mode)
- iam_access_key:
- user_name: '{{ test_user }}'
- id: '{{ create_key_3.access_key.access_key_id }}'
- enabled: False
- register: disable_key
- check_mode: true
-
- - assert:
- that:
- - disable_key is successful
- - disable_key is not changed
-
- - name: Disable third key - idempotency
- iam_access_key:
- user_name: '{{ test_user }}'
- id: '{{ create_key_3.access_key.access_key_id }}'
- enabled: False
- register: disable_key
-
- - assert:
- that:
- - disable_key is successful
- - disable_key is not changed
- - '"access_key" in disable_key'
- - '"secret_access_key" not in disable_key'
- - '"deleted_access_key_id" not in disable_key'
- - '"access_key_id" in disable_key.access_key'
- - '"create_date" in disable_key.access_key'
- - '"user_name" in disable_key.access_key'
- - '"status" in disable_key.access_key'
- - disable_key.access_key.user_name == test_user
- - disable_key.access_key.status == 'Inactive'
-
- - name: Fetch IAM key info (2 keys - 1 disabled)
- iam_access_key_info:
- user_name: '{{ test_user }}'
- register: access_key_info
-
- - assert:
- that:
- - access_key_info is successful
- - '"access_keys" in access_key_info'
- - access_key_info.access_keys | length == 2
- - '"access_key_id" in access_key_1'
- - '"create_date" in access_key_1'
- - '"user_name" in access_key_1'
- - '"status" in access_key_1'
- - access_key_1.user_name == test_user
- - access_key_1.access_key_id == create_key_2.access_key.access_key_id
- - access_key_1.create_date == create_key_2.access_key.create_date
- - access_key_1.status == 'Active'
- - '"access_key_id" in access_key_2'
- - '"create_date" in access_key_2'
- - '"user_name" in access_key_2'
- - '"status" in access_key_2'
- - access_key_2.user_name == test_user
- - access_key_2.access_key_id == create_key_3.access_key.access_key_id
- - access_key_2.create_date == create_key_3.access_key.create_date
- - access_key_2.status == 'Inactive'
- vars:
- access_key_1: '{{ access_key_info.access_keys[0] }}'
- access_key_2: '{{ access_key_info.access_keys[1] }}'
-
- # ==================================================================================
-
- - name: Touch third key - no change (check_mode)
- iam_access_key:
- user_name: '{{ test_user }}'
- id: '{{ create_key_3.access_key.access_key_id }}'
- register: touch_key
- check_mode: true
-
- - assert:
- that:
- - touch_key is successful
- - touch_key is not changed
-
- - name: Touch third key - no change
- iam_access_key:
- user_name: '{{ test_user }}'
- id: '{{ create_key_3.access_key.access_key_id }}'
- register: touch_key
-
- - assert:
- that:
- - touch_key is successful
- - touch_key is not changed
- - '"access_key" in touch_key'
- - '"secret_access_key" not in touch_key'
- - '"deleted_access_key_id" not in touch_key'
- - '"access_key_id" in touch_key.access_key'
- - '"create_date" in touch_key.access_key'
- - '"user_name" in touch_key.access_key'
- - '"status" in touch_key.access_key'
- - touch_key.access_key.user_name == test_user
- - touch_key.access_key.status == 'Inactive'
-
- # ==================================================================================
-
- - name: Enable third key (check_mode)
- iam_access_key:
- user_name: '{{ test_user }}'
- id: '{{ create_key_3.access_key.access_key_id }}'
- enabled: True
- register: enable_key
- check_mode: true
-
- - assert:
- that:
- - enable_key is successful
- - enable_key is changed
-
- - name: Enable third key
- iam_access_key:
- user_name: '{{ test_user }}'
- id: '{{ create_key_3.access_key.access_key_id }}'
- enabled: True
- register: enable_key
-
- - assert:
- that:
- - enable_key is successful
- - enable_key is changed
- - '"access_key" in enable_key'
- - '"secret_access_key" not in enable_key'
- - '"deleted_access_key_id" not in enable_key'
- - '"access_key_id" in enable_key.access_key'
- - '"create_date" in enable_key.access_key'
- - '"user_name" in enable_key.access_key'
- - '"status" in enable_key.access_key'
- - enable_key.access_key.user_name == test_user
- - enable_key.access_key.status == 'Active'
-
- - name: Enable third key - idempotency (check_mode)
- iam_access_key:
- user_name: '{{ test_user }}'
- id: '{{ create_key_3.access_key.access_key_id }}'
- enabled: True
- register: enable_key
- check_mode: true
-
- - assert:
- that:
- - enable_key is successful
- - enable_key is not changed
-
- - name: Enable third key - idempotency
- iam_access_key:
- user_name: '{{ test_user }}'
- id: '{{ create_key_3.access_key.access_key_id }}'
- enabled: True
- register: enable_key
-
- - assert:
- that:
- - enable_key is successful
- - enable_key is not changed
- - '"access_key" in enable_key'
- - '"secret_access_key" not in enable_key'
- - '"deleted_access_key_id" not in enable_key'
- - '"access_key_id" in enable_key.access_key'
- - '"create_date" in enable_key.access_key'
- - '"user_name" in enable_key.access_key'
- - '"status" in enable_key.access_key'
- - enable_key.access_key.user_name == test_user
- - enable_key.access_key.status == 'Active'
-
- # ==================================================================================
-
- - name: Touch third key again - no change (check_mode)
- iam_access_key:
- user_name: '{{ test_user }}'
- id: '{{ create_key_3.access_key.access_key_id }}'
- register: touch_key
- check_mode: true
-
- - assert:
- that:
- - touch_key is successful
- - touch_key is not changed
-
- - name: Touch third key again - no change
- iam_access_key:
- user_name: '{{ test_user }}'
- id: '{{ create_key_3.access_key.access_key_id }}'
- register: touch_key
-
- - assert:
- that:
- - touch_key is successful
- - touch_key is not changed
- - '"access_key" in touch_key'
- - '"secret_access_key" not in touch_key'
- - '"deleted_access_key_id" not in touch_key'
- - '"access_key_id" in touch_key.access_key'
- - '"create_date" in touch_key.access_key'
- - '"user_name" in touch_key.access_key'
- - '"status" in touch_key.access_key'
- - touch_key.access_key.user_name == test_user
- - touch_key.access_key.status == 'Active'
-
- # ==================================================================================
-
- - name: Re-Disable third key
- iam_access_key:
- user_name: '{{ test_user }}'
- id: '{{ create_key_3.access_key.access_key_id }}'
- enabled: False
- register: redisable_key
-
- - assert:
- that:
- - redisable_key is successful
- - redisable_key is changed
- - redisable_key.access_key.status == 'Inactive'
-
- - pause:
- seconds: 10
-
- # ==================================================================================
-
- - name: Test GetCallerIdentity - Key 2
- aws_caller_info:
- aws_access_key: "{{ create_key_2.access_key.access_key_id }}"
- aws_secret_key: "{{ create_key_2.secret_access_key }}"
- security_token: "{{ omit }}"
- register: caller_identity_2
-
- - assert:
- that:
- - caller_identity_2 is successful
- - caller_identity_2.arn == iam_user.iam_user.user.arn
-
- - name: Test GetCallerIdentity - Key 1 (gone)
- aws_caller_info:
- aws_access_key: "{{ create_key_1.access_key.access_key_id }}"
- aws_secret_key: "{{ create_key_1.secret_access_key }}"
- security_token: "{{ omit }}"
- register: caller_identity_1
- ignore_errors: true
-
- - assert:
- that:
- - caller_identity_1 is failed
- - caller_identity_1.error.code == 'InvalidClientTokenId'
-
- - name: Test GetCallerIdentity - Key 3 (disabled)
- aws_caller_info:
- aws_access_key: "{{ create_key_3.access_key.access_key_id }}"
- aws_secret_key: "{{ create_key_3.secret_access_key }}"
- security_token: "{{ omit }}"
- register: caller_identity_3
- ignore_errors: true
-
- - assert:
- that:
- - caller_identity_3 is failed
- - caller_identity_3.error.code == 'InvalidClientTokenId'
-
- # ==================================================================================
-
- - name: Delete active key (check_mode)
- iam_access_key:
- user_name: '{{ test_user }}'
- id: '{{ create_key_2.access_key.access_key_id }}'
- state: absent
- register: delete_active_key
- check_mode: true
-
- - assert:
- that:
- - delete_active_key is successful
- - delete_active_key is changed
-
- - name: Delete active key
- iam_access_key:
- user_name: '{{ test_user }}'
- id: '{{ create_key_2.access_key.access_key_id }}'
- state: absent
- register: delete_active_key
-
- - assert:
- that:
- - delete_active_key is successful
- - delete_active_key is changed
-
- - name: Delete active key - idempotency (check_mode)
- iam_access_key:
- user_name: '{{ test_user }}'
- id: '{{ create_key_2.access_key.access_key_id }}'
- state: absent
- register: delete_active_key
- check_mode: true
-
- - assert:
- that:
- - delete_active_key is successful
- - delete_active_key is not changed
-
- - name: Delete active key - idempotency
- iam_access_key:
- user_name: '{{ test_user }}'
- id: '{{ create_key_2.access_key.access_key_id }}'
- state: absent
- register: delete_active_key
-
- - assert:
- that:
- - delete_active_key is successful
- - delete_active_key is not changed
-
- # ==================================================================================
-
- - name: Delete inactive key (check_mode)
- iam_access_key:
- user_name: '{{ test_user }}'
- id: '{{ create_key_3.access_key.access_key_id }}'
- state: absent
- register: delete_inactive_key
- check_mode: true
-
- - assert:
- that:
- - delete_inactive_key is successful
- - delete_inactive_key is changed
-
- - name: Delete inactive key
- iam_access_key:
- user_name: '{{ test_user }}'
- id: '{{ create_key_3.access_key.access_key_id }}'
- state: absent
- register: delete_inactive_key
-
- - assert:
- that:
- - delete_inactive_key is successful
- - delete_inactive_key is changed
-
- - name: Delete inactive key - idempotency (check_mode)
- iam_access_key:
- user_name: '{{ test_user }}'
- id: '{{ create_key_3.access_key.access_key_id }}'
- state: absent
- register: delete_inactive_key
- check_mode: true
-
- - assert:
- that:
- - delete_inactive_key is successful
- - delete_inactive_key is not changed
-
- - name: Delete inactive key - idempotency
- iam_access_key:
- user_name: '{{ test_user }}'
- id: '{{ create_key_3.access_key.access_key_id }}'
- state: absent
- register: delete_inactive_key
-
- - assert:
- that:
- - delete_inactive_key is successful
- - delete_inactive_key is not changed
-
- # ==================================================================================
-
- - name: Fetch IAM key info (no keys)
- iam_access_key_info:
- user_name: '{{ test_user }}'
- register: access_key_info
-
- - assert:
- that:
- - access_key_info is successful
- - '"access_keys" in access_key_info'
- - access_key_info.access_keys | length == 0
-
- # ==================================================================================
-
- - name: Create an inactive key (check_mode)
- iam_access_key:
- user_name: '{{ test_user }}'
- state: present
- enabled: false
- register: create_key_4
- check_mode: true
-
- - assert:
- that:
- - create_key_4 is successful
- - create_key_4 is changed
-
- - name: Create a key
- iam_access_key:
- user_name: '{{ test_user }}'
- state: present
- enabled: false
- register: create_key_4
-
- - assert:
- that:
- - create_key_4 is successful
- - create_key_4 is changed
- - '"access_key" in create_key_4'
- - '"secret_access_key" in create_key_4'
- - '"deleted_access_key_id" not in create_key_4'
- - '"access_key_id" in create_key_4.access_key'
- - '"create_date" in create_key_4.access_key'
- - '"user_name" in create_key_4.access_key'
- - '"status" in create_key_4.access_key'
- - create_key_4.access_key.user_name == test_user
- - create_key_4.access_key.status == 'Inactive'
-
- - name: Fetch IAM key info (1 inactive key)
- iam_access_key_info:
- user_name: '{{ test_user }}'
- register: access_key_info
-
- - assert:
- that:
- - access_key_info is successful
- - '"access_keys" in access_key_info'
- - access_key_info.access_keys | length == 1
- - '"access_key_id" in access_key_1'
- - '"create_date" in access_key_1'
- - '"user_name" in access_key_1'
- - '"status" in access_key_1'
- - access_key_1.user_name == test_user
- - access_key_1.access_key_id == create_key_4.access_key.access_key_id
- - access_key_1.create_date == create_key_4.access_key.create_date
- - access_key_1.status == 'Inactive'
- vars:
- access_key_1: '{{ access_key_info.access_keys[0] }}'
-
- # We already tested the idempotency of disabling keys, use this to verify that
- # the key is disabled
- - name: Disable new key
- iam_access_key:
- user_name: '{{ test_user }}'
- id: '{{ create_key_4.access_key.access_key_id }}'
- enabled: False
- register: disable_new_key
-
- - assert:
- that:
- - disable_new_key is successful
- - disable_new_key is not changed
- - '"access_key" in disable_new_key'
-
- # ==================================================================================
- # Cleanup
-
- - name: Delete new key
- iam_access_key:
- user_name: '{{ test_user }}'
- id: '{{ create_key_4.access_key.access_key_id }}'
- state: absent
- register: delete_new_key
-
- - assert:
- that:
- - delete_new_key is successful
- - delete_new_key is changed
-
- - name: Remove test user
- iam_user:
- name: '{{ test_user }}'
- state: absent
- register: delete_user
-
- - assert:
- that:
- - delete_user is successful
- - delete_user is changed
-
- always:
-
- - name: Remove test user
- iam_user:
- name: '{{ test_user }}'
- state: absent
- ignore_errors: yes
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_group/aliases b/ansible_collections/community/aws/tests/integration/targets/iam_group/aliases
deleted file mode 100644
index 2da398045..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_group/aliases
+++ /dev/null
@@ -1,7 +0,0 @@
-# reason: missing-policy
-# It should be possible to test iam_groups by limiting which policies can be
-# attached to the groups as well as which users can be added to the groups.
-# Careful review is needed prior to adding this to the main CI.
-unsupported
-
-cloud/aws
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_group/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_group/defaults/main.yml
deleted file mode 100644
index f5112b1a4..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_group/defaults/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-test_user: '{{ resource_prefix }}-user'
-test_group: '{{ resource_prefix }}-group'
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_group/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_group/tasks/main.yml
deleted file mode 100644
index 65b441827..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_group/tasks/main.yml
+++ /dev/null
@@ -1,127 +0,0 @@
----
-- name: set up aws connection info
- module_defaults:
- group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
- region: "{{ aws_region }}"
- collections:
- - amazon.aws
- block:
- - name: ensure ansible user exists
- iam_user:
- name: '{{ test_user }}'
- state: present
-
- - name: ensure group exists
- iam_group:
- name: '{{ test_group }}'
- users:
- - '{{ test_user }}'
- state: present
- register: iam_group
-
- - assert:
- that:
- - iam_group.iam_group.users
- - iam_group is changed
-
- - name: add non existent user to group
- iam_group:
- name: '{{ test_group }}'
- users:
- - '{{ test_user }}'
- - NonExistentUser
- state: present
- ignore_errors: yes
- register: iam_group
-
- - name: assert that adding non existent user to group fails with helpful message
- assert:
- that:
- - iam_group is failed
- - iam_group.msg.startswith("Couldn't add user NonExistentUser to group {{ test_group }}")
-
- - name: remove a user
- iam_group:
- name: '{{ test_group }}'
- purge_users: True
- users: []
- state: present
- register: iam_group
-
- - assert:
- that:
- - iam_group is changed
- - not iam_group.iam_group.users
-
- - name: re-remove a user (no change)
- iam_group:
- name: '{{ test_group }}'
- purge_users: True
- users: []
- state: present
- register: iam_group
-
- - assert:
- that:
- - iam_group is not changed
- - not iam_group.iam_group.users
-
- - name: Add the user again
- iam_group:
- name: '{{ test_group }}'
- users:
- - '{{ test_user }}'
- state: present
- register: iam_group
-
- - assert:
- that:
- - iam_group is changed
- - iam_group.iam_group.users
-
- - name: Re-add the user
- iam_group:
- name: '{{ test_group }}'
- users:
- - '{{ test_user }}'
- state: present
- register: iam_group
-
- - assert:
- that:
- - iam_group is not changed
- - iam_group.iam_group.users
-
- - name: remove group
- iam_group:
- name: '{{ test_group }}'
- state: absent
- register: iam_group
-
- - assert:
- that:
- - iam_group is changed
-
- - name: re-remove group
- iam_group:
- name: '{{ test_group }}'
- state: absent
- register: iam_group
-
- - assert:
- that:
- - iam_group is not changed
-
- always:
- - name: remove group
- iam_group:
- name: '{{ test_group }}'
- state: absent
-
- - name: remove ansible user
- iam_user:
- name: '{{ test_user }}'
- state: absent
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/aliases b/ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/aliases
deleted file mode 100644
index 839bd014b..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/aliases
+++ /dev/null
@@ -1,6 +0,0 @@
-# reason: missing-policy
-# It's not possible to control what permissions are granted to a policy.
-# This makes securely testing iam_policy very difficult
-unsupported
-
-cloud/aws
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/defaults/main.yml
deleted file mode 100644
index a6edcacef..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/defaults/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-policy_name: "{{ resource_prefix }}-policy"
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/tasks/main.yml
deleted file mode 100644
index f17b7cad0..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/tasks/main.yml
+++ /dev/null
@@ -1,160 +0,0 @@
----
-- name: "Run integration tests for IAM managed policy"
- module_defaults:
- group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
- region: "{{ aws_region }}"
- collections:
- - amazon.aws
- block:
- ## Test policy creation
- - name: Create IAM managed policy - check mode
- iam_managed_policy:
- policy_name: "{{ policy_name }}"
- policy:
- Version: "2012-10-17"
- Statement:
- - Effect: "Deny"
- Action: "logs:CreateLogGroup"
- Resource: "*"
- state: present
- register: result
- check_mode: yes
-
- - name: Create IAM managed policy - check mode
- assert:
- that:
- - result.changed
-
- - name: Create IAM managed policy
- iam_managed_policy:
- policy_name: "{{ policy_name }}"
- policy:
- Version: "2012-10-17"
- Statement:
- - Effect: "Deny"
- Action: "logs:CreateLogGroup"
- Resource: "*"
- state: present
- register: result
-
- - name: Create IAM managed policy
- assert:
- that:
- - result.changed
- - result.policy.policy_name == policy_name
-
- - name: Create IAM managed policy - idempotency check
- iam_managed_policy:
- policy_name: "{{ policy_name }}"
- policy:
- Version: "2012-10-17"
- Statement:
- - Effect: "Deny"
- Action: "logs:CreateLogGroup"
- Resource: "*"
- state: present
- register: result
-
- - name: Create IAM managed policy - idempotency check
- assert:
- that:
- - not result.changed
-
- ## Test policy update
- - name: Update IAM managed policy - check mode
- iam_managed_policy:
- policy_name: "{{ policy_name }}"
- policy:
- Version: "2012-10-17"
- Statement:
- - Effect: "Deny"
- Action: "logs:Describe*"
- Resource: "*"
- state: present
- register: result
- check_mode: yes
-
- - name: Update IAM managed policy - check mode
- assert:
- that:
- - result.changed
-
- - name: Update IAM managed policy
- iam_managed_policy:
- policy_name: "{{ policy_name }}"
- policy:
- Version: "2012-10-17"
- Statement:
- - Effect: "Deny"
- Action: "logs:Describe*"
- Resource: "*"
- state: present
- register: result
-
- - name: Update IAM managed policy
- assert:
- that:
- - result.changed
- - result.policy.policy_name == policy_name
-
- - name: Update IAM managed policy - idempotency check
- iam_managed_policy:
- policy_name: "{{ policy_name }}"
- policy:
- Version: "2012-10-17"
- Statement:
- - Effect: "Deny"
- Action: "logs:Describe*"
- Resource: "*"
- state: present
- register: result
-
- - name: Update IAM managed policy - idempotency check
- assert:
- that:
- - not result.changed
-
- ## Test policy deletion
- - name: Delete IAM managed policy - check mode
- iam_managed_policy:
- policy_name: "{{ policy_name }}"
- state: absent
- register: result
- check_mode: yes
-
- - name: Delete IAM managed policy - check mode
- assert:
- that:
- - result.changed
-
- - name: Delete IAM managed policy
- iam_managed_policy:
- policy_name: "{{ policy_name }}"
- state: absent
- register: result
-
- - name: Delete IAM managed policy
- assert:
- that:
- - result.changed
-
- - name: Delete IAM managed policy - idempotency check
- iam_managed_policy:
- policy_name: "{{ policy_name }}"
- state: absent
- register: result
-
- - name: Delete IAM managed policy - idempotency check
- assert:
- that:
- - not result.changed
-
- always:
- - name: Delete IAM managed policy
- iam_managed_policy:
- policy_name: "{{ policy_name }}"
- state: absent
- ignore_errors: yes
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_password_policy/aliases b/ansible_collections/community/aws/tests/integration/targets/iam_password_policy/aliases
deleted file mode 100644
index 140a2f2dc..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_password_policy/aliases
+++ /dev/null
@@ -1,8 +0,0 @@
-# reason: missing-policy
-# IAM Password Policies configure account-wide settings, this makes then
-# difficult to safely test
-# reason: serial
-# Only one password policy can be configured per account
-unsupported
-
-cloud/aws
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_password_policy/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_password_policy/meta/main.yml
deleted file mode 100644
index 32cf5dda7..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_password_policy/meta/main.yml
+++ /dev/null
@@ -1 +0,0 @@
-dependencies: []
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_password_policy/tasks/main.yaml b/ansible_collections/community/aws/tests/integration/targets/iam_password_policy/tasks/main.yaml
deleted file mode 100644
index 7b773eac8..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_password_policy/tasks/main.yaml
+++ /dev/null
@@ -1,107 +0,0 @@
-- module_defaults:
- group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
- region: "{{ aws_region }}"
- collections:
- - amazon.aws
- block:
- - name: set iam password policy
- iam_password_policy:
- state: present
- min_pw_length: 8
- require_symbols: false
- require_numbers: true
- require_uppercase: true
- require_lowercase: true
- allow_pw_change: true
- pw_max_age: 60
- pw_reuse_prevent: 5
- pw_expire: false
- register: result
-
- - name: assert that changes were made
- assert:
- that:
- - result.changed
-
- - name: verify iam password policy has been created
- iam_password_policy:
- state: present
- min_pw_length: 8
- require_symbols: false
- require_numbers: true
- require_uppercase: true
- require_lowercase: true
- allow_pw_change: true
- pw_max_age: 60
- pw_reuse_prevent: 5
- pw_expire: false
- register: result
-
- - name: assert that no changes were made
- assert:
- that:
- - not result.changed
-
- - name: update iam password policy with different settings
- iam_password_policy:
- state: present
- min_pw_length: 15
- require_symbols: true
- require_numbers: true
- require_uppercase: true
- require_lowercase: true
- allow_pw_change: true
- pw_max_age: 30
- pw_reuse_prevent: 10
- pw_expire: true
- register: result
-
- - name: assert that updates were made
- assert:
- that:
- - result.changed
-
- # Test for regression of #59102
- - name: update iam password policy without expiry
- iam_password_policy:
- state: present
- min_pw_length: 15
- require_symbols: true
- require_numbers: true
- require_uppercase: true
- require_lowercase: true
- allow_pw_change: true
- register: result
-
- - name: assert that changes were made
- assert:
- that:
- - result.changed
-
- - name: remove iam password policy
- iam_password_policy:
- state: absent
- register: result
-
- - name: assert password policy has been removed
- assert:
- that:
- - result.changed
-
- - name: verify password policy has been removed
- iam_password_policy:
- state: absent
- register: result
-
- - name: assert no changes were made
- assert:
- that:
- - not result.changed
- always:
- - name: remove iam password policy
- iam_password_policy:
- state: absent
- register: result
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/aliases b/ansible_collections/community/aws/tests/integration/targets/iam_role/aliases
deleted file mode 100644
index 483c86115..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_role/aliases
+++ /dev/null
@@ -1,9 +0,0 @@
-# reason: missing-policy
-# It should be possible to test iam_role by limiting which policies can be
-# attached to the roles.
-# Careful review is needed prior to adding this to the main CI.
-unsupported
-
-cloud/aws
-
-iam_role_info
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/defaults/main.yml
deleted file mode 100644
index d496c4216..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_role/defaults/main.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-test_role: '{{ resource_prefix }}-role'
-test_path: '/{{ resource_prefix }}/'
-safe_managed_policy: 'AWSDenyAll'
-custom_policy_name: '{{ resource_prefix }}-denyall'
-boundary_policy: 'arn:aws:iam::aws:policy/AWSDenyAll'
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-all-a.json b/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-all-a.json
deleted file mode 100644
index ae62fd197..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-all-a.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
- "Version": "2012-10-17",
- "Statement": [
- {
- "Action": [
- "*"
- ],
- "Effect": "Deny",
- "Resource": "*",
- "Sid": "DenyA"
- }
- ]
-}
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-all-b.json b/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-all-b.json
deleted file mode 100644
index 3a4704a46..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-all-b.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
- "Version": "2012-10-17",
- "Statement": [
- {
- "Action": [
- "*"
- ],
- "Effect": "Deny",
- "Resource": "*",
- "Sid": "DenyB"
- }
- ]
-}
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-all.json b/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-all.json
deleted file mode 100644
index 3d324b9b9..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-all.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- "Version": "2012-10-17",
- "Statement": [
- {
- "Action": [
- "*"
- ],
- "Effect": "Deny",
- "Resource": "*"
- }
- ]
-}
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-assume.json b/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-assume.json
deleted file mode 100644
index 73e877158..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_role/files/deny-assume.json
+++ /dev/null
@@ -1,10 +0,0 @@
-{
- "Version": "2012-10-17",
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Principal": { "Service": "ec2.amazonaws.com" },
- "Effect": "Deny"
- }
- ]
-}
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/meta/main.yml
deleted file mode 100644
index 32cf5dda7..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_role/meta/main.yml
+++ /dev/null
@@ -1 +0,0 @@
-dependencies: []
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/boundary_policy.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/boundary_policy.yml
deleted file mode 100644
index 89a983f15..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/boundary_policy.yml
+++ /dev/null
@@ -1,94 +0,0 @@
----
-- name: "Create minimal role with no boundary policy"
- iam_role:
- name: "{{ test_role }}"
- create_instance_profile: no
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
- - iam_role.iam_role.role_name == test_role
-
-- name: "Configure Boundary Policy (CHECK MODE)"
- iam_role:
- name: "{{ test_role }}"
- create_instance_profile: no
- boundary: "{{ boundary_policy }}"
- check_mode: yes
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
-
-- name: "Configure Boundary Policy"
- iam_role:
- name: "{{ test_role }}"
- create_instance_profile: no
- boundary: "{{ boundary_policy }}"
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
- - iam_role.iam_role.role_name == test_role
-
-- name: "Configure Boundary Policy (no change) - check mode"
- iam_role:
- name: "{{ test_role }}"
- create_instance_profile: no
- boundary: "{{ boundary_policy }}"
- register: iam_role
- check_mode: yes
-
-- assert:
- that:
- - iam_role is not changed
-
-- name: "Configure Boundary Policy (no change)"
- iam_role:
- name: "{{ test_role }}"
- create_instance_profile: no
- boundary: "{{ boundary_policy }}"
- register: iam_role
-
-- assert:
- that:
- - iam_role is not changed
- - iam_role.iam_role.role_name == test_role
-
-- name: "iam_role_info after adding boundary policy"
- iam_role_info:
- name: "{{ test_role }}"
- register: role_info
-
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 1
- - 'role_info.iam_roles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )'
- - '"assume_role_policy_document" in role_info.iam_roles[0]'
- - '"create_date" in role_info.iam_roles[0]'
- - '"description" not in role_info.iam_roles[0]'
- - role_info.iam_roles[0].inline_policies | length == 0
- - role_info.iam_roles[0].instance_profiles | length == 0
- - role_info.iam_roles[0].managed_policies | length == 0
- - role_info.iam_roles[0].max_session_duration == 3600
- - role_info.iam_roles[0].path == '/'
- - role_info.iam_roles[0].permissions_boundary.permissions_boundary_arn == boundary_policy
- - role_info.iam_roles[0].permissions_boundary.permissions_boundary_type == 'Policy'
- - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id
- - role_info.iam_roles[0].role_name == test_role
-
-- name: "Remove IAM Role"
- iam_role:
- state: absent
- name: "{{ test_role }}"
- delete_instance_profile: yes
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed \ No newline at end of file
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/complex_role_creation.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/complex_role_creation.yml
deleted file mode 100644
index c23234ebf..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/complex_role_creation.yml
+++ /dev/null
@@ -1,131 +0,0 @@
----
-- name: "Complex IAM Role (CHECK MODE)"
- iam_role:
- name: "{{ test_role }}"
- assume_role_policy_document: '{{ lookup("file", "deny-assume.json") }}'
- boundary: "{{ boundary_policy }}"
- create_instance_profile: no
- description: "Ansible Test Role {{ resource_prefix }}"
- managed_policy:
- - "{{ safe_managed_policy }}"
- - "{{ custom_policy_name }}"
- max_session_duration: 43200
- path: "{{ test_path }}"
- tags:
- TagA: "ValueA"
- check_mode: yes
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
-
-- name: "iam_role_info after Complex Role creation in check_mode"
- iam_role_info:
- name: "{{ test_role }}"
- register: role_info
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 0
-
-- name: "Complex IAM Role"
- iam_role:
- name: "{{ test_role }}"
- assume_role_policy_document: '{{ lookup("file", "deny-assume.json") }}'
- boundary: "{{ boundary_policy }}"
- create_instance_profile: no
- description: "Ansible Test Role {{ resource_prefix }}"
- managed_policy:
- - "{{ safe_managed_policy }}"
- - "{{ custom_policy_name }}"
- max_session_duration: 43200
- path: "{{ test_path }}"
- tags:
- TagA: "ValueA"
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
- - iam_role.iam_role.role_name == test_role
- - 'iam_role.iam_role.arn.startswith("arn")'
- - 'iam_role.iam_role.arn.endswith("role" + test_path + test_role )'
- # Would be nice to test the contents...
- - '"assume_role_policy_document" in iam_role.iam_role'
- - iam_role.iam_role.attached_policies | length == 2
- - iam_role.iam_role.max_session_duration == 43200
- - iam_role.iam_role.path == test_path
- - iam_role.iam_role.role_name == test_role
- - '"create_date" in iam_role.iam_role'
- - '"role_id" in iam_role.iam_role'
-
-- name: "Complex IAM role (no change) - check mode"
- iam_role:
- name: "{{ test_role }}"
- assume_role_policy_document: '{{ lookup("file", "deny-assume.json") }}'
- boundary: "{{ boundary_policy }}"
- create_instance_profile: no
- description: "Ansible Test Role {{ resource_prefix }}"
- managed_policy:
- - "{{ safe_managed_policy }}"
- - "{{ custom_policy_name }}"
- max_session_duration: 43200
- path: "{{ test_path }}"
- tags:
- TagA: "ValueA"
- register: iam_role
- check_mode: yes
-
-- assert:
- that:
- - iam_role is not changed
-
-- name: "Complex IAM role (no change)"
- iam_role:
- name: "{{ test_role }}"
- assume_role_policy_document: '{{ lookup("file", "deny-assume.json") }}'
- boundary: "{{ boundary_policy }}"
- create_instance_profile: no
- description: "Ansible Test Role {{ resource_prefix }}"
- managed_policy:
- - "{{ safe_managed_policy }}"
- - "{{ custom_policy_name }}"
- max_session_duration: 43200
- path: "{{ test_path }}"
- tags:
- TagA: "ValueA"
- register: iam_role
-
-- assert:
- that:
- - iam_role is not changed
- - iam_role.iam_role.role_name == test_role
-
-- name: "iam_role_info after Role creation"
- iam_role_info:
- name: "{{ test_role }}"
- register: role_info
-
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 1
- - 'role_info.iam_roles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].arn.endswith("role" + test_path + test_role )'
- - '"assume_role_policy_document" in role_info.iam_roles[0]'
- - '"create_date" in role_info.iam_roles[0]'
- - 'role_info.iam_roles[0].description == "Ansible Test Role {{ resource_prefix }}"'
- - role_info.iam_roles[0].inline_policies | length == 0
- - role_info.iam_roles[0].instance_profiles | length == 0
- - role_info.iam_roles[0].managed_policies | length == 2
- - safe_managed_policy in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten )
- - custom_policy_name in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten )
- - role_info.iam_roles[0].max_session_duration == 43200
- - role_info.iam_roles[0].path == test_path
- - role_info.iam_roles[0].permissions_boundary.permissions_boundary_arn == boundary_policy
- - role_info.iam_roles[0].permissions_boundary.permissions_boundary_type == 'Policy'
- - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id
- - role_info.iam_roles[0].role_name == test_role
- - '"TagA" in role_info.iam_roles[0].tags'
- - role_info.iam_roles[0].tags.TagA == "ValueA"
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/creation_deletion.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/creation_deletion.yml
deleted file mode 100644
index 0579a6d34..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/creation_deletion.yml
+++ /dev/null
@@ -1,404 +0,0 @@
----
-- name: Try running some rapid fire create/delete tests
- block:
- - name: "Minimal IAM Role without instance profile (rapid)"
- iam_role:
- name: "{{ test_role }}"
- create_instance_profile: no
- register: iam_role
-
- - name: "Minimal IAM Role without instance profile (rapid)"
- iam_role:
- name: "{{ test_role }}"
- create_instance_profile: no
- register: iam_role_again
-
- - assert:
- that:
- - iam_role is changed
- - iam_role_again is not changed
-
- - name: "Remove IAM Role (rapid)"
- iam_role:
- state: absent
- name: "{{ test_role }}"
- register: iam_role
-
- - name: "Remove IAM Role (rapid)"
- iam_role:
- state: absent
- name: "{{ test_role }}"
- register: iam_role_again
-
- - assert:
- that:
- - iam_role is changed
- - iam_role_again is not changed
-
- - name: "Minimal IAM Role without instance profile (rapid)"
- iam_role:
- name: "{{ test_role }}"
- create_instance_profile: no
- register: iam_role
-
- - name: "Remove IAM Role (rapid)"
- iam_role:
- state: absent
- name: "{{ test_role }}"
-
- register: iam_role_again
- - assert:
- that:
- - iam_role is changed
- - iam_role_again is changed
-
-# ===================================================================
-# Role Creation
-# (without Instance profile)
-- name: "iam_role_info before Role creation (no args)"
- iam_role_info:
- register: role_info
-
-- assert:
- that:
- - role_info is succeeded
-
-- name: "iam_role_info before Role creation (search for test role)"
- iam_role_info:
- name: "{{ test_role }}"
- register: role_info
-
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 0
-
-- name: "Minimal IAM Role (CHECK MODE)"
- iam_role:
- name: "{{ test_role }}"
- create_instance_profile: no
- register: iam_role
- check_mode: yes
-
-- assert:
- that:
- - iam_role is changed
-
-- name: "iam_role_info after Role creation in check_mode"
- iam_role_info:
- name: "{{ test_role }}"
- register: role_info
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 0
-
-- name: "Minimal IAM Role without instance profile"
- iam_role:
- name: "{{ test_role }}"
- create_instance_profile: no
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
- - iam_role.iam_role.role_name == test_role
- - 'iam_role.iam_role.arn.startswith("arn")'
- - 'iam_role.iam_role.arn.endswith("role/" + test_role )'
- - '"assume_role_policy_document" in iam_role.iam_role'
- - '"assume_role_policy_document_raw" in iam_role.iam_role'
- - iam_role.iam_role.assume_role_policy_document_raw == assume_deny_policy
- - iam_role.iam_role.attached_policies | length == 0
- - iam_role.iam_role.max_session_duration == 3600
- - iam_role.iam_role.path == '/'
- - iam_role.iam_role.role_name == test_role
- - '"create_date" in iam_role.iam_role'
- - '"role_id" in iam_role.iam_role'
-
-- name: "Minimal IAM Role without instance profile (no change) - check mode"
- iam_role:
- name: "{{ test_role }}"
- create_instance_profile: no
- register: iam_role
- check_mode: yes
-
-- assert:
- that:
- - iam_role is not changed
-
-- name: "Minimal IAM Role without instance profile (no change)"
- iam_role:
- name: "{{ test_role }}"
- create_instance_profile: no
- register: iam_role
-
-- assert:
- that:
- - iam_role is not changed
- - iam_role.iam_role.role_name == test_role
-
-- name: "iam_role_info after Role creation"
- iam_role_info:
- name: "{{ test_role }}"
- register: role_info
-
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 1
- - 'role_info.iam_roles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )'
- - '"assume_role_policy_document" in role_info.iam_roles[0]'
- - '"assume_role_policy_document_raw" in role_info.iam_roles[0]'
- - '"create_date" in role_info.iam_roles[0]'
- - '"description" not in role_info.iam_roles[0]'
- - role_info.iam_roles[0].assume_role_policy_document_raw == assume_deny_policy
- - role_info.iam_roles[0].inline_policies | length == 0
- - role_info.iam_roles[0].instance_profiles | length == 0
- - role_info.iam_roles[0].managed_policies | length == 0
- - role_info.iam_roles[0].max_session_duration == 3600
- - role_info.iam_roles[0].path == '/'
- - '"permissions_boundary" not in role_info.iam_roles[0]'
- - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id
- - role_info.iam_roles[0].role_name == test_role
- - role_info.iam_roles[0].tags | length == 0
-
-- name: "Remove IAM Role"
- iam_role:
- state: absent
- name: "{{ test_role }}"
- delete_instance_profile: yes
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
-
-- name: "iam_role_info after Role deletion"
- iam_role_info:
- name: "{{ test_role }}"
- register: role_info
-
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 0
-
-# ------------------------------------------------------------------------------------------
-
-# (with path)
-- name: "Minimal IAM Role with path (CHECK MODE)"
- iam_role:
- name: "{{ test_role }}"
- path: "{{ test_path }}"
- register: iam_role
- check_mode: yes
-
-- assert:
- that:
- - iam_role is changed
-
-- name: "Minimal IAM Role with path"
- iam_role:
- name: "{{ test_role }}"
- path: "{{ test_path }}"
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
- - iam_role.iam_role.role_name == test_role
- - 'iam_role.iam_role.arn.startswith("arn")'
- - 'iam_role.iam_role.arn.endswith("role" + test_path + test_role )'
- # Would be nice to test the contents...
- - '"assume_role_policy_document" in iam_role.iam_role'
- - iam_role.iam_role.attached_policies | length == 0
- - iam_role.iam_role.max_session_duration == 3600
- - iam_role.iam_role.path == '{{ test_path }}'
- - iam_role.iam_role.role_name == test_role
- - '"create_date" in iam_role.iam_role'
- - '"role_id" in iam_role.iam_role'
-
-- name: "Minimal IAM Role with path (no change) - check mode"
- iam_role:
- name: "{{ test_role }}"
- path: "{{ test_path }}"
- register: iam_role
- check_mode: yes
-
-- assert:
- that:
- - iam_role is not changed
-
-- name: "Minimal IAM Role with path (no change)"
- iam_role:
- name: "{{ test_role }}"
- path: "{{ test_path }}"
- register: iam_role
-
-- assert:
- that:
- - iam_role is not changed
- - iam_role.iam_role.role_name == test_role
-
-- name: "iam_role_info after Role creation"
- iam_role_info:
- name: "{{ test_role }}"
- register: role_info
-
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 1
- - 'role_info.iam_roles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].arn.endswith("role" + test_path + test_role )'
- - '"assume_role_policy_document" in role_info.iam_roles[0]'
- - '"create_date" in role_info.iam_roles[0]'
- - '"description" not in role_info.iam_roles[0]'
- - role_info.iam_roles[0].inline_policies | length == 0
- - role_info.iam_roles[0].instance_profiles | length == 1
- - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role
- - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile" + test_path + test_role)'
- - role_info.iam_roles[0].managed_policies | length == 0
- - role_info.iam_roles[0].max_session_duration == 3600
- - role_info.iam_roles[0].path == '{{ test_path }}'
- - '"permissions_boundary" not in role_info.iam_roles[0]'
- - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id
- - role_info.iam_roles[0].role_name == test_role
- - role_info.iam_roles[0].tags | length == 0
-
-- name: "iam_role_info after Role creation (searching a path)"
- iam_role_info:
- path_prefix: "{{ test_path }}"
- register: role_info
-
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 1
- - 'role_info.iam_roles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].arn.endswith("role" + test_path + test_role )'
- - '"assume_role_policy_document" in role_info.iam_roles[0]'
- - '"create_date" in role_info.iam_roles[0]'
- - '"description" not in role_info.iam_roles[0]'
- - role_info.iam_roles[0].inline_policies | length == 0
- - role_info.iam_roles[0].instance_profiles | length == 1
- - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role
- - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile" + test_path + test_role)'
- - role_info.iam_roles[0].managed_policies | length == 0
- - role_info.iam_roles[0].max_session_duration == 3600
- - '"permissions_boundary" not in role_info.iam_roles[0]'
- - role_info.iam_roles[0].path == '{{ test_path }}'
- - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id
- - role_info.iam_roles[0].role_name == test_role
- - role_info.iam_roles[0].tags | length == 0
-
-- name: "Remove IAM Role"
- iam_role:
- state: absent
- name: "{{ test_role }}"
- path: "{{ test_path }}"
- # If we don't delete the existing profile it'll be reused (with the path)
- # by the test below.
- delete_instance_profile: yes
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
-
-- name: "iam_role_info after Role deletion"
- iam_role_info:
- name: "{{ test_role }}"
- register: role_info
-
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 0
-
-# ------------------------------------------------------------------------------------------
-
-# (with Instance profile)
-- name: "Minimal IAM Role with instance profile - check mode"
- iam_role:
- name: "{{ test_role }}"
- create_instance_profile: yes
- register: iam_role
- check_mode: yes
-
-- assert:
- that:
- - iam_role is changed
-
-- name: "Minimal IAM Role with instance profile"
- iam_role:
- name: "{{ test_role }}"
- create_instance_profile: yes
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
- - iam_role.iam_role.role_name == test_role
- - 'iam_role.iam_role.arn.startswith("arn")'
- - 'iam_role.iam_role.arn.endswith("role/" + test_role )'
- # Would be nice to test the contents...
- - '"assume_role_policy_document" in iam_role.iam_role'
- - iam_role.iam_role.attached_policies | length == 0
- - iam_role.iam_role.max_session_duration == 3600
- - iam_role.iam_role.path == '/'
- - iam_role.iam_role.role_name == test_role
- - '"create_date" in iam_role.iam_role'
- - '"role_id" in iam_role.iam_role'
-
-- name: "Minimal IAM Role wth instance profile (no change) - check mode"
- iam_role:
- name: "{{ test_role }}"
- create_instance_profile: yes
- register: iam_role
- check_mode: yes
-
-- assert:
- that:
- - iam_role is not changed
-
-- name: "Minimal IAM Role wth instance profile (no change)"
- iam_role:
- name: "{{ test_role }}"
- create_instance_profile: yes
- register: iam_role
-
-- assert:
- that:
- - iam_role is not changed
- - iam_role.iam_role.role_name == test_role
-
-- name: "iam_role_info after Role creation"
- iam_role_info:
- name: "{{ test_role }}"
- register: role_info
-
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 1
- - 'role_info.iam_roles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )'
- - '"assume_role_policy_document" in role_info.iam_roles[0]'
- - '"create_date" in role_info.iam_roles[0]'
- - '"description" not in role_info.iam_roles[0]'
- - role_info.iam_roles[0].inline_policies | length == 0
- - role_info.iam_roles[0].instance_profiles | length == 1
- - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role
- - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)'
- - role_info.iam_roles[0].managed_policies | length == 0
- - role_info.iam_roles[0].max_session_duration == 3600
- - role_info.iam_roles[0].path == '/'
- - '"permissions_boundary" not in role_info.iam_roles[0]'
- - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id
- - role_info.iam_roles[0].role_name == test_role
- - role_info.iam_roles[0].tags | length == 0
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/description_update.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/description_update.yml
deleted file mode 100644
index 85f5e1f56..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/description_update.yml
+++ /dev/null
@@ -1,148 +0,0 @@
----
-- name: "Add Description (CHECK MODE)"
- iam_role:
- name: "{{ test_role }}"
- description: "Ansible Test Role {{ resource_prefix }}"
- check_mode: yes
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
-
-- name: "Add Description"
- iam_role:
- name: "{{ test_role }}"
- description: "Ansible Test Role {{ resource_prefix }}"
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
- - iam_role.iam_role.role_name == test_role
- - iam_role.iam_role.description == 'Ansible Test Role {{ resource_prefix }}'
-
-- name: "Add Description (no change) - check mode"
- iam_role:
- name: "{{ test_role }}"
- description: "Ansible Test Role {{ resource_prefix }}"
- register: iam_role
- check_mode: yes
-
-- assert:
- that:
- - iam_role is not changed
-
-- name: "Add Description (no change)"
- iam_role:
- name: "{{ test_role }}"
- description: "Ansible Test Role {{ resource_prefix }}"
- register: iam_role
-
-- assert:
- that:
- - iam_role is not changed
- - iam_role.iam_role.role_name == test_role
- - iam_role.iam_role.description == 'Ansible Test Role {{ resource_prefix }}'
-
-- name: "iam_role_info after adding Description"
- iam_role_info:
- name: "{{ test_role }}"
- register: role_info
-
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 1
- - 'role_info.iam_roles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )'
- - '"assume_role_policy_document" in role_info.iam_roles[0]'
- - '"create_date" in role_info.iam_roles[0]'
- - 'role_info.iam_roles[0].description == "Ansible Test Role {{ resource_prefix }}"'
- - role_info.iam_roles[0].inline_policies | length == 0
- - role_info.iam_roles[0].instance_profiles | length == 1
- - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role
- - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)'
- - role_info.iam_roles[0].managed_policies | length == 0
- - role_info.iam_roles[0].max_session_duration == 43200
- - role_info.iam_roles[0].path == '/'
- - '"permissions_boundary" not in role_info.iam_roles[0]'
- - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id
- - role_info.iam_roles[0].role_name == test_role
- - role_info.iam_roles[0].tags | length == 0
-
-# ------------------------------------------------------------------------------------------
-
-- name: "Update Description (CHECK MODE)"
- iam_role:
- name: "{{ test_role }}"
- description: "Ansible Test Role (updated) {{ resource_prefix }}"
- check_mode: yes
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
-
-- name: "Update Description"
- iam_role:
- name: "{{ test_role }}"
- description: "Ansible Test Role (updated) {{ resource_prefix }}"
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
- - iam_role.iam_role.role_name == test_role
- - iam_role.iam_role.description == 'Ansible Test Role (updated) {{ resource_prefix }}'
-
-- name: "Update Description (no change) - check mode"
- iam_role:
- name: "{{ test_role }}"
- description: "Ansible Test Role (updated) {{ resource_prefix }}"
- register: iam_role
- check_mode: yes
-
-- assert:
- that:
- - iam_role is not changed
-
-- name: "Update Description (no change)"
- iam_role:
- name: "{{ test_role }}"
- description: "Ansible Test Role (updated) {{ resource_prefix }}"
- register: iam_role
-
-- assert:
- that:
- - iam_role is not changed
- - iam_role.iam_role.role_name == test_role
- - iam_role.iam_role.description == 'Ansible Test Role (updated) {{ resource_prefix }}'
-
-- name: "iam_role_info after updating Description"
- iam_role_info:
- name: "{{ test_role }}"
- register: role_info
-
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 1
- - 'role_info.iam_roles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )'
- - '"assume_role_policy_document" in role_info.iam_roles[0]'
- - '"create_date" in role_info.iam_roles[0]'
- - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"'
- - role_info.iam_roles[0].inline_policies | length == 0
- - role_info.iam_roles[0].instance_profiles | length == 1
- - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role
- - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)'
- - role_info.iam_roles[0].managed_policies | length == 0
- - role_info.iam_roles[0].max_session_duration == 43200
- - role_info.iam_roles[0].path == '/'
- - '"permissions_boundary" not in role_info.iam_roles[0]'
- - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id
- - role_info.iam_roles[0].role_name == test_role
- - role_info.iam_roles[0].tags | length == 0
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/inline_policy_update.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/inline_policy_update.yml
deleted file mode 100644
index d364d87d7..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/inline_policy_update.yml
+++ /dev/null
@@ -1,48 +0,0 @@
----
-- name: "Attach inline policy a"
- iam_policy:
- state: present
- iam_type: "role"
- iam_name: "{{ test_role }}"
- policy_name: "inline-policy-a"
- policy_json: '{{ lookup("file", "deny-all-a.json") }}'
-
-- name: "Attach inline policy b"
- iam_policy:
- state: present
- iam_type: "role"
- iam_name: "{{ test_role }}"
- policy_name: "inline-policy-b"
- policy_json: '{{ lookup("file", "deny-all-b.json") }}'
-
-- name: "iam_role_info after attaching inline policies (using iam_policy)"
- iam_role_info:
- name: "{{ test_role }}"
- register: role_info
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 1
- - 'role_info.iam_roles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )'
- - '"assume_role_policy_document" in role_info.iam_roles[0]'
- - '"create_date" in role_info.iam_roles[0]'
- - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"'
- - role_info.iam_roles[0].inline_policies | length == 2
- - '"inline-policy-a" in role_info.iam_roles[0].inline_policies'
- - '"inline-policy-b" in role_info.iam_roles[0].inline_policies'
- - role_info.iam_roles[0].instance_profiles | length == 1
- - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role
- - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)'
- - role_info.iam_roles[0].managed_policies | length == 1
- - safe_managed_policy not in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten )
- - custom_policy_name in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten )
- - role_info.iam_roles[0].max_session_duration == 43200
- - role_info.iam_roles[0].path == '/'
- - '"permissions_boundary" not in role_info.iam_roles[0]'
- - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id
- - role_info.iam_roles[0].role_name == test_role
- - role_info.iam_roles[0].tags | length == 1
- - '"TagB" in role_info.iam_roles[0].tags'
- - role_info.iam_roles[0].tags.TagB == "ValueB"
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/main.yml
deleted file mode 100644
index ae47ada1a..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/main.yml
+++ /dev/null
@@ -1,119 +0,0 @@
----
-# Tests for iam_role and iam_role_info
-#
-# Tests:
-# - Minimal Role creation
-# - Role deletion
-# - Fetching a specific role
-# - Creating roles w/ and w/o instance profiles
-# - Creating roles w/ a path
-# - Updating Max Session Duration
-# - Updating Description
-# - Managing list of managed policies
-# - Managing list of inline policies (for testing _info)
-# - Managing boundary policy
-#
-# Notes:
-# - Only tests *documented* return values ( RESULT.iam_role )
-# - There are some known timing issues with boto3 returning before actions
-# complete in the case of problems with "changed" status it's worth enabling
-# the standard_pauses and paranoid_pauses options as a first step in debugging
-
-
-- name: "Setup AWS connection info"
- module_defaults:
- group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
- region: "{{ aws_region }}"
- iam_role:
- assume_role_policy_document: '{{ lookup("file", "deny-assume.json") }}'
- collections:
- - amazon.aws
- - community.general
- block:
- - set_fact:
- assume_deny_policy: '{{ lookup("file", "deny-assume.json") | from_json }}'
- # ===================================================================
- # Parameter Checks
- - include_tasks: parameter_checks.yml
-
- # ===================================================================
- # Supplemental resource pre-creation
- - name: "Create Safe IAM Managed Policy"
- iam_managed_policy:
- state: present
- policy_name: "{{ custom_policy_name }}"
- policy_description: "A safe (deny-all) managed policy"
- policy: "{{ lookup('file', 'deny-all.json') }}"
- register: create_managed_policy
-
- - assert:
- that:
- - create_managed_policy is succeeded
-
- # ===================================================================
- # Rapid Role Creation and deletion
- - include_tasks: creation_deletion.yml
-
- # ===================================================================
- # Max Session Duration Manipulation
- - include_tasks: max_session_update.yml
-
- # ===================================================================
- # Description Manipulation
- - include_tasks: description_update.yml
-
- # ===================================================================
- # Tag Manipulation
- - include_tasks: tags_update.yml
-
- # ===================================================================
- # Policy Manipulation
- - include_tasks: policy_update.yml
-
- # ===================================================================
- # Inline Policy (test _info behavior)
- - include_tasks: inline_policy_update.yml
-
- # ===================================================================
- # Role Removal
- - include_tasks: role_removal.yml
-
- # ===================================================================
- # Boundary Policy (requires create_instance_profile: no)
- - include_tasks: boundary_policy.yml
-
- # ===================================================================
- # Complex role Creation
- - include_tasks: complex_role_creation.yml
-
- always:
- # ===================================================================
- # Cleanup
-
- - name: "Remove IAM Role"
- iam_role:
- state: absent
- name: "{{ test_role }}"
- delete_instance_profile: yes
- ignore_errors: true
-
- - name: "Remove IAM Role (with path)"
- iam_role:
- state: absent
- name: "{{ test_role }}"
- path: "{{ test_path }}"
- delete_instance_profile: yes
- ignore_errors: true
-
- - name: "iam_role_info after Role deletion"
- iam_role_info:
- name: "{{ test_role }}"
- ignore_errors: true
-
- - name: "Remove test managed policy"
- iam_managed_policy:
- state: absent
- policy_name: "{{ custom_policy_name }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/max_session_update.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/max_session_update.yml
deleted file mode 100644
index 8ad3641be..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/max_session_update.yml
+++ /dev/null
@@ -1,71 +0,0 @@
----
-- name: "Update Max Session Duration (CHECK MODE)"
- iam_role:
- name: "{{ test_role }}"
- max_session_duration: 43200
- check_mode: yes
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
-
-- name: "Update Max Session Duration"
- iam_role:
- name: "{{ test_role }}"
- max_session_duration: 43200
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
- - iam_role.iam_role.role_name == test_role
- - iam_role.iam_role.max_session_duration == 43200
-
-- name: "Update Max Session Duration (no change)"
- iam_role:
- name: "{{ test_role }}"
- max_session_duration: 43200
- register: iam_role
-
-- assert:
- that:
- - iam_role is not changed
-
-- name: "Update Max Session Duration (no change) - check mode"
- iam_role:
- name: "{{ test_role }}"
- max_session_duration: 43200
- register: iam_role
- check_mode: yes
-
-- assert:
- that:
- - iam_role is not changed
-
-- name: "iam_role_info after updating Max Session Duration"
- iam_role_info:
- name: "{{ test_role }}"
- register: role_info
-
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 1
- - 'role_info.iam_roles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )'
- - '"assume_role_policy_document" in role_info.iam_roles[0]'
- - '"create_date" in role_info.iam_roles[0]'
- - '"description" not in role_info.iam_roles[0]'
- - role_info.iam_roles[0].inline_policies | length == 0
- - role_info.iam_roles[0].instance_profiles | length == 1
- - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role
- - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)'
- - role_info.iam_roles[0].managed_policies | length == 0
- - role_info.iam_roles[0].max_session_duration == 43200
- - role_info.iam_roles[0].path == '/'
- - '"permissions_boundary" not in role_info.iam_roles[0]'
- - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id
- - role_info.iam_roles[0].role_name == test_role
- - role_info.iam_roles[0].tags | length == 0
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/parameter_checks.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/parameter_checks.yml
deleted file mode 100644
index 57df5436a..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/parameter_checks.yml
+++ /dev/null
@@ -1,90 +0,0 @@
----
-# Parameter Checks
-- name: "Friendly message when creating an instance profile and adding a boundary profile"
- iam_role:
- name: "{{ test_role }}"
- boundary: "{{ boundary_policy }}"
- register: iam_role
- ignore_errors: yes
-
-- assert:
- that:
- - iam_role is failed
- - '"boundary policy" in iam_role.msg'
- - '"create_instance_profile" in iam_role.msg'
- - '"false" in iam_role.msg'
-
-- name: "Friendly message when boundary profile is not an ARN"
- iam_role:
- name: "{{ test_role }}"
- boundary: "AWSDenyAll"
- create_instance_profile: no
- register: iam_role
- ignore_errors: yes
-
-- assert:
- that:
- - iam_role is failed
- - '"Boundary policy" in iam_role.msg'
- - '"ARN" in iam_role.msg'
-
-- name: 'Friendly message when "present" without assume_role_policy_document'
- module_defaults: { iam_role: {} }
- iam_role:
- name: "{{ test_role }}"
- register: iam_role
- ignore_errors: yes
-
-- assert:
- that:
- - iam_role is failed
- - 'iam_role.msg.startswith("state is present but all of the following are missing")'
- - '"assume_role_policy_document" in iam_role.msg'
-
-- name: "Maximum Session Duration needs to be between 1 and 12 hours"
- iam_role:
- name: "{{ test_role }}"
- max_session_duration: 3599
- register: iam_role
- ignore_errors: yes
-
-- assert:
- that:
- - iam_role is failed
- - '"max_session_duration must be between" in iam_role.msg'
-
-- name: "Maximum Session Duration needs to be between 1 and 12 hours"
- iam_role:
- name: "{{ test_role }}"
- max_session_duration: 43201
- register: iam_role
- ignore_errors: yes
-
-- assert:
- that:
- - iam_role is failed
- - '"max_session_duration must be between" in iam_role.msg'
-
-- name: "Role Paths must start with /"
- iam_role:
- name: "{{ test_role }}"
- path: "test/"
- register: iam_role
- ignore_errors: yes
-
-- assert:
- that:
- - iam_role is failed
- - '"path must begin and end with /" in iam_role.msg'
-
-- name: "Role Paths must end with /"
- iam_role:
- name: "{{ test_role }}"
- path: "/test"
- register: iam_role
- ignore_errors: yes
-
-- assert:
- that:
- - iam_role is failed
- - '"path must begin and end with /" in iam_role.msg'
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/policy_update.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/policy_update.yml
deleted file mode 100644
index a822edf74..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/policy_update.yml
+++ /dev/null
@@ -1,250 +0,0 @@
----
-- name: "Add Managed Policy (CHECK MODE)"
- iam_role:
- name: "{{ test_role }}"
- purge_policies: no
- managed_policy:
- - "{{ safe_managed_policy }}"
- check_mode: yes
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
-
-- name: "Add Managed Policy"
- iam_role:
- name: "{{ test_role }}"
- purge_policies: no
- managed_policy:
- - "{{ safe_managed_policy }}"
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
- - iam_role.iam_role.role_name == test_role
-
-- name: "Add Managed Policy (no change) - check mode"
- iam_role:
- name: "{{ test_role }}"
- purge_policies: no
- managed_policy:
- - "{{ safe_managed_policy }}"
- register: iam_role
- check_mode: yes
-
-- assert:
- that:
- - iam_role is not changed
-
-- name: "Add Managed Policy (no change)"
- iam_role:
- name: "{{ test_role }}"
- purge_policies: no
- managed_policy:
- - "{{ safe_managed_policy }}"
- register: iam_role
-
-- assert:
- that:
- - iam_role is not changed
- - iam_role.iam_role.role_name == test_role
-
-- name: "iam_role_info after adding Managed Policy"
- iam_role_info:
- name: "{{ test_role }}"
- register: role_info
-
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 1
- - 'role_info.iam_roles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )'
- - '"assume_role_policy_document" in role_info.iam_roles[0]'
- - '"create_date" in role_info.iam_roles[0]'
- - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"'
- - role_info.iam_roles[0].inline_policies | length == 0
- - role_info.iam_roles[0].instance_profiles | length == 1
- - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role
- - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)'
- - role_info.iam_roles[0].managed_policies | length == 1
- - safe_managed_policy in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten )
- - custom_policy_name not in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten )
- - role_info.iam_roles[0].max_session_duration == 43200
- - role_info.iam_roles[0].path == '/'
- - '"permissions_boundary" not in role_info.iam_roles[0]'
- - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id
- - role_info.iam_roles[0].role_name == test_role
- - role_info.iam_roles[0].tags | length == 1
- - '"TagB" in role_info.iam_roles[0].tags'
- - role_info.iam_roles[0].tags.TagB == "ValueB"
-
-# ------------------------------------------------------------------------------------------
-
-- name: "Update Managed Policy without purge (CHECK MODE)"
- iam_role:
- name: "{{ test_role }}"
- purge_policies: no
- managed_policy:
- - "{{ custom_policy_name }}"
- check_mode: yes
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
-
-- name: "Update Managed Policy without purge"
- iam_role:
- name: "{{ test_role }}"
- purge_policies: no
- managed_policy:
- - "{{ custom_policy_name }}"
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
- - iam_role.iam_role.role_name == test_role
-
-- name: "Update Managed Policy without purge (no change) - check mode"
- iam_role:
- name: "{{ test_role }}"
- purge_policies: no
- managed_policy:
- - "{{ custom_policy_name }}"
- register: iam_role
- check_mode: yes
-
-- assert:
- that:
- - iam_role is not changed
-
-- name: "Update Managed Policy without purge (no change)"
- iam_role:
- name: "{{ test_role }}"
- purge_policies: no
- managed_policy:
- - "{{ custom_policy_name }}"
- register: iam_role
-
-- assert:
- that:
- - iam_role is not changed
- - iam_role.iam_role.role_name == test_role
-
-- name: "iam_role_info after updating Managed Policy without purge"
- iam_role_info:
- name: "{{ test_role }}"
- register: role_info
-
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 1
- - 'role_info.iam_roles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )'
- - '"assume_role_policy_document" in role_info.iam_roles[0]'
- - '"create_date" in role_info.iam_roles[0]'
- - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"'
- - role_info.iam_roles[0].inline_policies | length == 0
- - role_info.iam_roles[0].instance_profiles | length == 1
- - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role
- - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)'
- - role_info.iam_roles[0].managed_policies | length == 2
- - safe_managed_policy in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten )
- - custom_policy_name in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten )
- - role_info.iam_roles[0].max_session_duration == 43200
- - role_info.iam_roles[0].path == '/'
- - '"permissions_boundary" not in role_info.iam_roles[0]'
- - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id
- - role_info.iam_roles[0].role_name == test_role
- - role_info.iam_roles[0].tags | length == 1
- - '"TagB" in role_info.iam_roles[0].tags'
- - role_info.iam_roles[0].tags.TagB == "ValueB"
-
-# ------------------------------------------------------------------------------------------
-
-# Managed Policies are purged by default
-- name: "Update Managed Policy with purge (CHECK MODE)"
- iam_role:
- name: "{{ test_role }}"
- managed_policy:
- - "{{ custom_policy_name }}"
- check_mode: yes
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
-
-- name: "Update Managed Policy with purge"
- iam_role:
- name: "{{ test_role }}"
- managed_policy:
- - "{{ custom_policy_name }}"
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
- - iam_role.iam_role.role_name == test_role
-
-- name: "Update Managed Policy with purge (no change) - check mode"
- iam_role:
- name: "{{ test_role }}"
- managed_policy:
- - "{{ custom_policy_name }}"
- register: iam_role
- check_mode: yes
-
-- assert:
- that:
- - iam_role is not changed
-
-- name: "Update Managed Policy with purge (no change)"
- iam_role:
- name: "{{ test_role }}"
- managed_policy:
- - "{{ custom_policy_name }}"
- register: iam_role
-
-- assert:
- that:
- - iam_role is not changed
- - iam_role.iam_role.role_name == test_role
-
-- name: "iam_role_info after updating Managed Policy with purge"
- iam_role_info:
- name: "{{ test_role }}"
- register: role_info
-
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 1
- - 'role_info.iam_roles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )'
- - '"assume_role_policy_document" in role_info.iam_roles[0]'
- - '"create_date" in role_info.iam_roles[0]'
- - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"'
- - role_info.iam_roles[0].inline_policies | length == 0
- - role_info.iam_roles[0].instance_profiles | length == 1
- - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role
- - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)'
- - role_info.iam_roles[0].managed_policies | length == 1
- - safe_managed_policy not in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten )
- - custom_policy_name in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten )
- - role_info.iam_roles[0].max_session_duration == 43200
- - role_info.iam_roles[0].path == '/'
- - '"permissions_boundary" not in role_info.iam_roles[0]'
- - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id
- - role_info.iam_roles[0].role_name == test_role
- - role_info.iam_roles[0].tags | length == 1
- - '"TagB" in role_info.iam_roles[0].tags'
- - role_info.iam_roles[0].tags.TagB == "ValueB"
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/role_removal.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/role_removal.yml
deleted file mode 100644
index ebcfd5453..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/role_removal.yml
+++ /dev/null
@@ -1,65 +0,0 @@
----
-- name: "Remove IAM Role (CHECK MODE)"
- iam_role:
- state: absent
- name: "{{ test_role }}"
- delete_instance_profile: yes
- check_mode: yes
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
-
-- name: "iam_role_info after deleting role in check mode"
- iam_role_info:
- name: "{{ test_role }}"
- register: role_info
-
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 1
-
-- name: "Remove IAM Role"
- iam_role:
- state: absent
- name: "{{ test_role }}"
- delete_instance_profile: yes
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
-
-- name: "iam_role_info after deleting role"
- iam_role_info:
- name: "{{ test_role }}"
- register: role_info
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 0
-
-- name: "Remove IAM Role (should be gone already) - check mode"
- iam_role:
- state: absent
- name: "{{ test_role }}"
- delete_instance_profile: yes
- register: iam_role
- check_mode: yes
-
-- assert:
- that:
- - iam_role is not changed
-
-- name: "Remove IAM Role (should be gone already)"
- iam_role:
- state: absent
- name: "{{ test_role }}"
- delete_instance_profile: yes
- register: iam_role
-
-- assert:
- that:
- - iam_role is not changed
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/tags_update.yml b/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/tags_update.yml
deleted file mode 100644
index 5eadd9fdf..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/iam_role/tasks/tags_update.yml
+++ /dev/null
@@ -1,341 +0,0 @@
----
-- name: "Add Tag (CHECK MODE)"
- iam_role:
- name: "{{ test_role }}"
- tags:
- TagA: ValueA
- check_mode: yes
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
-
-- name: "Add Tag"
- iam_role:
- name: "{{ test_role }}"
- tags:
- TagA: ValueA
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
- - iam_role.iam_role.role_name == test_role
- - iam_role.iam_role.tags | length == 1
- - '"TagA" in iam_role.iam_role.tags'
- - iam_role.iam_role.tags.TagA == "ValueA"
-
-- name: "Add Tag (no change) - check mode"
- iam_role:
- name: "{{ test_role }}"
- tags:
- TagA: ValueA
- register: iam_role
- check_mode: yes
-
-- assert:
- that:
- - iam_role is not changed
-
-- name: "Add Tag (no change)"
- iam_role:
- name: "{{ test_role }}"
- tags:
- TagA: ValueA
- register: iam_role
-
-- assert:
- that:
- - iam_role is not changed
- - iam_role.iam_role.role_name == test_role
- - '"TagA" in iam_role.iam_role.tags'
- - iam_role.iam_role.tags.TagA == "ValueA"
-
-- name: "iam_role_info after adding Tags"
- iam_role_info:
- name: "{{ test_role }}"
- register: role_info
-
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 1
- - 'role_info.iam_roles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )'
- - '"assume_role_policy_document" in role_info.iam_roles[0]'
- - '"create_date" in role_info.iam_roles[0]'
- - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"'
- - role_info.iam_roles[0].inline_policies | length == 0
- - role_info.iam_roles[0].instance_profiles | length == 1
- - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role
- - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)'
- - role_info.iam_roles[0].managed_policies | length == 0
- - role_info.iam_roles[0].max_session_duration == 43200
- - role_info.iam_roles[0].path == '/'
- - '"permissions_boundary" not in role_info.iam_roles[0]'
- - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id
- - role_info.iam_roles[0].role_name == test_role
- - role_info.iam_roles[0].tags | length == 1
- - '"TagA" in role_info.iam_roles[0].tags'
- - role_info.iam_roles[0].tags.TagA == "ValueA"
-
-# ------------------------------------------------------------------------------------------
-
-- name: "Update Tag (CHECK MODE)"
- iam_role:
- name: "{{ test_role }}"
- tags:
- TagA: AValue
- check_mode: yes
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
-
-- name: "Update Tag"
- iam_role:
- name: "{{ test_role }}"
- tags:
- TagA: AValue
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
- - iam_role.iam_role.role_name == test_role
- - '"TagA" in iam_role.iam_role.tags'
- - iam_role.iam_role.tags.TagA == "AValue"
-
-- name: "Update Tag (no change) - check mode"
- iam_role:
- name: "{{ test_role }}"
- tags:
- TagA: AValue
- register: iam_role
- check_mode: yes
-
-- assert:
- that:
- - iam_role is not changed
-
-- name: "Update Tag (no change)"
- iam_role:
- name: "{{ test_role }}"
- tags:
- TagA: AValue
- register: iam_role
-
-- assert:
- that:
- - iam_role is not changed
- - iam_role.iam_role.role_name == test_role
- - '"TagA" in iam_role.iam_role.tags'
- - iam_role.iam_role.tags.TagA == "AValue"
-
-- name: "iam_role_info after updating Tag"
- iam_role_info:
- name: "{{ test_role }}"
- register: role_info
-
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 1
- - 'role_info.iam_roles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )'
- - '"assume_role_policy_document" in role_info.iam_roles[0]'
- - '"create_date" in role_info.iam_roles[0]'
- - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"'
- - role_info.iam_roles[0].inline_policies | length == 0
- - role_info.iam_roles[0].instance_profiles | length == 1
- - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role
- - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)'
- - role_info.iam_roles[0].managed_policies | length == 0
- - role_info.iam_roles[0].max_session_duration == 43200
- - role_info.iam_roles[0].path == '/'
- - '"permissions_boundary" not in role_info.iam_roles[0]'
- - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id
- - role_info.iam_roles[0].role_name == test_role
- - role_info.iam_roles[0].tags | length == 1
- - '"TagA" in role_info.iam_roles[0].tags'
- - role_info.iam_roles[0].tags.TagA == "AValue"
-
-# ------------------------------------------------------------------------------------------
-
-- name: "Add second Tag without purge (CHECK MODE)"
- iam_role:
- name: "{{ test_role }}"
- purge_tags: no
- tags:
- TagB: ValueB
- check_mode: yes
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
-
-- name: "Add second Tag without purge"
- iam_role:
- name: "{{ test_role }}"
- purge_tags: no
- tags:
- TagB: ValueB
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
- - iam_role.iam_role.role_name == test_role
- - '"TagB" in iam_role.iam_role.tags'
- - iam_role.iam_role.tags.TagB == "ValueB"
-
-- name: "Add second Tag without purge (no change) - check mode"
- iam_role:
- name: "{{ test_role }}"
- purge_tags: no
- tags:
- TagB: ValueB
- register: iam_role
- check_mode: yes
-
-- assert:
- that:
- - iam_role is not changed
-
-- name: "Add second Tag without purge (no change)"
- iam_role:
- name: "{{ test_role }}"
- purge_tags: no
- tags:
- TagB: ValueB
- register: iam_role
-
-- assert:
- that:
- - iam_role is not changed
- - iam_role.iam_role.role_name == test_role
- - '"TagB" in iam_role.iam_role.tags'
- - iam_role.iam_role.tags.TagB == "ValueB"
-
-- name: "iam_role_info after adding second Tag without purge"
- iam_role_info:
- name: "{{ test_role }}"
- register: role_info
-
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 1
- - 'role_info.iam_roles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )'
- - '"assume_role_policy_document" in role_info.iam_roles[0]'
- - '"create_date" in role_info.iam_roles[0]'
- - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"'
- - role_info.iam_roles[0].inline_policies | length == 0
- - role_info.iam_roles[0].instance_profiles | length == 1
- - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role
- - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)'
- - role_info.iam_roles[0].managed_policies | length == 0
- - role_info.iam_roles[0].max_session_duration == 43200
- - role_info.iam_roles[0].path == '/'
- - '"permissions_boundary" not in role_info.iam_roles[0]'
- - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id
- - role_info.iam_roles[0].role_name == test_role
- - role_info.iam_roles[0].tags | length == 2
- - '"TagA" in role_info.iam_roles[0].tags'
- - role_info.iam_roles[0].tags.TagA == "AValue"
- - '"TagB" in role_info.iam_roles[0].tags'
- - role_info.iam_roles[0].tags.TagB == "ValueB"
-
-# ------------------------------------------------------------------------------------------
-
-- name: "Purge first tag (CHECK MODE)"
- iam_role:
- name: "{{ test_role }}"
- purge_tags: yes
- tags:
- TagB: ValueB
- check_mode: yes
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
-
-- name: "Purge first tag"
- iam_role:
- name: "{{ test_role }}"
- purge_tags: yes
- tags:
- TagB: ValueB
- register: iam_role
-
-- assert:
- that:
- - iam_role is changed
- - iam_role.iam_role.role_name == test_role
- - '"TagB" in iam_role.iam_role.tags'
- - iam_role.iam_role.tags.TagB == "ValueB"
-
-- name: "Purge first tag (no change) - check mode"
- iam_role:
- name: "{{ test_role }}"
- purge_tags: yes
- tags:
- TagB: ValueB
- register: iam_role
-
-- assert:
- that:
- - iam_role is not changed
-
-- name: "Purge first tag (no change)"
- iam_role:
- name: "{{ test_role }}"
- purge_tags: yes
- tags:
- TagB: ValueB
- register: iam_role
-
-- assert:
- that:
- - iam_role is not changed
- - iam_role.iam_role.role_name == test_role
- - '"TagB" in iam_role.iam_role.tags'
- - iam_role.iam_role.tags.TagB == "ValueB"
-
-- name: "iam_role_info after purging first Tag"
- iam_role_info:
- name: "{{ test_role }}"
- register: role_info
-
-- assert:
- that:
- - role_info is succeeded
- - role_info.iam_roles | length == 1
- - 'role_info.iam_roles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )'
- - '"assume_role_policy_document" in role_info.iam_roles[0]'
- - '"create_date" in role_info.iam_roles[0]'
- - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"'
- - role_info.iam_roles[0].inline_policies | length == 0
- - role_info.iam_roles[0].instance_profiles | length == 1
- - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role
- - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")'
- - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)'
- - role_info.iam_roles[0].managed_policies | length == 0
- - role_info.iam_roles[0].max_session_duration == 43200
- - role_info.iam_roles[0].path == '/'
- - '"permissions_boundary" not in role_info.iam_roles[0]'
- - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id
- - role_info.iam_roles[0].role_name == test_role
- - role_info.iam_roles[0].tags | length == 1
- - '"TagA" not in role_info.iam_roles[0].tags'
- - '"TagB" in role_info.iam_roles[0].tags'
- - role_info.iam_roles[0].tags.TagB == "ValueB"
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_saml_federation/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_saml_federation/tasks/main.yml
index b061fc601..3098d4811 100644
--- a/ansible_collections/community/aws/tests/integration/targets/iam_saml_federation/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/iam_saml_federation/tasks/main.yml
@@ -1,9 +1,9 @@
- module_defaults:
group/aws:
region: "{{ aws_region }}"
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
collections:
- amazon.aws
block:
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_server_certificate/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/iam_server_certificate/tasks/main.yml
index 0cfab38c8..d50ebfe52 100644
--- a/ansible_collections/community/aws/tests/integration/targets/iam_server_certificate/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/iam_server_certificate/tasks/main.yml
@@ -11,9 +11,9 @@
#
- module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
################################################
diff --git a/ansible_collections/community/aws/tests/integration/targets/inspector_target/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/inspector_target/tasks/main.yml
index 907e1ffdd..a32e3bd68 100644
--- a/ansible_collections/community/aws/tests/integration/targets/inspector_target/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/inspector_target/tasks/main.yml
@@ -4,14 +4,14 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
- name: Create AWS Inspector Target Group
- aws_inspector_target:
+ inspector_target:
name: "{{ aws_inspector_scan_name }}"
state: present
tags:
@@ -20,7 +20,7 @@
register: target_group_create
- name: Create AWS Inspector Target Group (Verify)
- aws_inspector_target:
+ inspector_target:
name: "{{ aws_inspector_scan_name }}"
state: present
tags:
@@ -41,7 +41,7 @@
- target_group_create_verify.tags.changed == "no"
- name: Change AWS Inspector Target Group Tags
- aws_inspector_target:
+ inspector_target:
name: "{{ aws_inspector_scan_name }}"
state: present
tags:
@@ -50,7 +50,7 @@
register: target_group_tag_change
- name: Change AWS Inspector Target Group Tags (Verify)
- aws_inspector_target:
+ inspector_target:
name: "{{ aws_inspector_scan_name }}"
state: present
tags:
@@ -72,13 +72,13 @@
always:
- name: Delete AWS Inspector Target Group
- aws_inspector_target:
+ inspector_target:
name: "{{ aws_inspector_scan_name }}"
state: absent
register: target_group_delete
- name: Delete AWS Inspector Target Group (Verify)
- aws_inspector_target:
+ inspector_target:
name: "{{ aws_inspector_scan_name }}"
state: absent
register: target_group_delete_verify
diff --git a/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/aliases b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/aliases
index 4ef4b2067..d528335bb 100644
--- a/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/aliases
+++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/aliases
@@ -1 +1,2 @@
+time=20m
cloud/aws
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_access_key/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/meta/main.yml
index 32cf5dda7..32cf5dda7 100644
--- a/ansible_collections/community/aws/tests/integration/targets/iam_access_key/meta/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/meta/main.yml
diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/create_inventory_config.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/create_inventory_config.yml
new file mode 100644
index 000000000..f91a9fba3
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/create_inventory_config.yml
@@ -0,0 +1,16 @@
+---
+- hosts: 127.0.0.1
+ connection: local
+ gather_facts: no
+
+ vars:
+ template_name: "../templates/{{ template | default('inventory.j2') }}"
+
+ vars_files:
+ - vars/main.yml
+
+ tasks:
+ - name: write inventory config file
+ copy:
+ dest: ../test.aws_mq.yml
+ content: "{{ lookup('template', template_name) }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/empty_inventory_config.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/empty_inventory_config.yml
new file mode 100644
index 000000000..6bc277e2a
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/empty_inventory_config.yml
@@ -0,0 +1,9 @@
+---
+- hosts: 127.0.0.1
+ connection: local
+ gather_facts: no
+ tasks:
+ - name: write inventory config file
+ copy:
+ dest: ../test.aws_mq.yml
+ content: ""
diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/populate_cache.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/populate_cache.yml
new file mode 100644
index 000000000..dff6ede2f
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/populate_cache.yml
@@ -0,0 +1,32 @@
+---
+- hosts: 127.0.0.1
+ connection: local
+ gather_facts: no
+
+ environment: "{{ ansible_test.environment }}"
+
+ module_defaults:
+ group/aws:
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
+ region: '{{ aws_region }}'
+
+ collections:
+ - community.aws
+
+ vars_files:
+ - vars/main.yml
+
+ tasks:
+ - name: refresh inventory to populate cache
+ meta: refresh_inventory
+
+ - name: assert group was populated with inventory but is empty
+ assert:
+ that:
+ - "'aws_mq' in groups"
+ - "groups.aws_mq | length == 1"
+
+ - name: Delete MQ instance
+ include_tasks: tasks/mq_instance_delete.yml \ No newline at end of file
diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/setup_instance.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/setup_instance.yml
new file mode 100644
index 000000000..fcea9cd8c
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/setup_instance.yml
@@ -0,0 +1,29 @@
+---
+- hosts: 127.0.0.1
+ connection: local
+ gather_facts: no
+
+ vars:
+ env_vars:
+ AWS_ACCESS_KEY_ID: '{{ aws_access_key }}'
+ AWS_SECRET_ACCESS_KEY: '{{ aws_secret_key }}'
+ AWS_DEFAULT_REGION: '{{ aws_region }}'
+ AWS_SECURITY_TOKEN: '{{ security_token }}'
+
+ environment: "{{ ansible_test.environment | combine(env_vars) }}"
+
+ module_defaults:
+ group/aws:
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
+ region: '{{ aws_region }}'
+
+ collections:
+ - community.aws
+
+ vars_files:
+ - vars/main.yml
+
+ tasks:
+ - include_tasks: 'tasks/mq_instance_{{ operation }}.yml'
diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/tasks/find_broker.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/tasks/find_broker.yml
new file mode 100644
index 000000000..e5f76d0a5
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/tasks/find_broker.yml
@@ -0,0 +1,10 @@
+---
+- name: Find broker by name
+ community.aws.mq_broker_info:
+ broker_name: "{{ broker_name }}"
+ register: broker_info
+ failed_when: false
+
+- name: Find broker by name, if exists
+ set_fact:
+ broker_exists: "{{ not (('Invalid type for parameter BrokerId, value: None' in broker_info.msg) | bool) }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/tasks/mq_instance_create.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/tasks/mq_instance_create.yml
new file mode 100644
index 000000000..88f60c093
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/tasks/mq_instance_create.yml
@@ -0,0 +1,27 @@
+---
+# using command module until #1832 is resolved
+- include_tasks: find_broker.yml
+- block:
+ - name: Get engine versions
+ command: >
+ aws mq describe-broker-engine-types --engine {{ engine }}
+ register: describe_engine_result
+
+ - name: Select latest engine version
+ set_fact:
+ engine_version: "{{ ( describe_engine_result.stdout | from_json ).BrokerEngineTypes[0].EngineVersions | map(attribute='Name') | sort | max }}"
+
+ - name: Create minimal MQ instance in default VPC and default subnet group
+ command: >
+ aws mq create-broker
+ --broker-name {{ broker_name }}
+ --deployment-mode SINGLE_INSTANCE
+ --engine-type {{ engine }}
+ --engine-version {{ engine_version }}
+ {% if resource_tags is defined %}--tags '{{ resource_tags | to_json }}'{% endif %}
+ --host-instance-type mq.t3.micro
+ --users=ConsoleAccess=True,Groups=admin,Password=aODvFQAt4tt1W,Username=master
+ --auto-minor-version-upgrade
+ --no-publicly-accessible
+ when:
+ - not broker_exists \ No newline at end of file
diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/tasks/mq_instance_delete.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/tasks/mq_instance_delete.yml
new file mode 100644
index 000000000..b533ee86b
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/tasks/mq_instance_delete.yml
@@ -0,0 +1,13 @@
+---
+- name: remove broker instance
+ community.aws.mq_broker:
+ state: absent
+ engine_type: "{{ engine }}"
+ broker_name: '{{ broker_name }}'
+ register: delete_result
+ failed_when:
+ - delete_result.get('failed',false)
+ - (delete_result.get('message','')).find('be deleted while in state [CREATION_IN_PROGRESS]') == -1
+ until: (delete_result.get('message','')).find('be deleted while in state [CREATION_IN_PROGRESS]') == -1
+ retries: 150
+ delay: 60
diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_invalid_aws_mq_inventory_config.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_invalid_aws_mq_inventory_config.yml
new file mode 100644
index 000000000..c982d0d9e
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_invalid_aws_mq_inventory_config.yml
@@ -0,0 +1,9 @@
+---
+- hosts: 127.0.0.1
+ connection: local
+ gather_facts: no
+ tasks:
+ - name: assert inventory was not populated by aws_mq inventory plugin
+ assert:
+ that:
+ - "'aws_mq' not in groups"
diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_inventory_cache.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_inventory_cache.yml
new file mode 100644
index 000000000..8926cefa2
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_inventory_cache.yml
@@ -0,0 +1,18 @@
+---
+- hosts: 127.0.0.1
+ connection: local
+ gather_facts: no
+ tasks:
+ - name: assert cache was used to populate inventory
+ assert:
+ that:
+ - "'aws_mq' in groups"
+ - "groups.aws_mq | length == 1"
+
+ - meta: refresh_inventory
+
+ - name: assert refresh_inventory updated the cache
+ assert:
+ that:
+ - "'aws_mq' in groups"
+ - "not groups.aws_mq"
diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_inventory_no_hosts.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_inventory_no_hosts.yml
new file mode 100644
index 000000000..4873adc92
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_inventory_no_hosts.yml
@@ -0,0 +1,16 @@
+---
+- hosts: 127.0.0.1
+ connection: local
+ gather_facts: no
+
+ environment: "{{ ansible_test.environment }}"
+
+ collections:
+ - community.aws
+ tasks:
+ - debug: var=groups
+ - name: assert group was populated with inventory but is empty
+ assert:
+ that:
+ - "'aws_mq' in groups"
+ - groups.aws_mq | length == 0
diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_inventory_with_hostvars_prefix_suffix.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_inventory_with_hostvars_prefix_suffix.yml
new file mode 100644
index 000000000..2db7f76ab
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_inventory_with_hostvars_prefix_suffix.yml
@@ -0,0 +1,30 @@
+---
+- hosts: 127.0.0.1
+ connection: local
+ gather_facts: no
+
+ environment: "{{ ansible_test.environment }}"
+
+ collections:
+ - community.aws
+
+ vars_files:
+ - vars/main.yml
+
+ tasks:
+
+ - name: assert the hostvars are defined with prefix and/or suffix
+ assert:
+ that:
+ - "hostvars[broker_name][vars_prefix ~ 'host_instance_type' ~ vars_suffix] == 'mq.t3.micro'"
+ - "hostvars[broker_name][vars_prefix ~ 'engine_type' ~ vars_suffix] == engine"
+ - "hostvars[broker_name][vars_prefix ~ 'broker_state' ~ vars_suffix] in ('CREATION_IN_PROGRESS', 'RUNNING')"
+ - "'host_instance_type' not in hostvars[broker_name]"
+ - "'engine_type' not in hostvars[broker_name]"
+ - "'broker_state' not in hostvars[broker_name]"
+ - "'ansible_diff_mode' in hostvars[broker_name]"
+ - "'ansible_forks' in hostvars[broker_name]"
+ - "'ansible_version' in hostvars[broker_name]"
+ vars:
+ vars_prefix: "{{ inventory_prefix | default('') }}"
+ vars_suffix: "{{ inventory_suffix | default('') }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_populating_inventory.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_populating_inventory.yml
new file mode 100644
index 000000000..a71043c70
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_populating_inventory.yml
@@ -0,0 +1,17 @@
+---
+- hosts: 127.0.0.1
+ connection: local
+ gather_facts: no
+
+ environment: "{{ ansible_test.environment }}"
+
+ vars_files:
+ - vars/main.yml
+
+ tasks:
+ - name: assert aws_mq inventory group contains MQ instance created by previous playbook
+ assert:
+ that:
+ - "'aws_mq' in groups"
+ - "groups.aws_mq | length == 1"
+ - groups.aws_mq.0 == broker_name
diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_populating_inventory_with_constructed.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_populating_inventory_with_constructed.yml
new file mode 100644
index 000000000..8d840158f
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/test_populating_inventory_with_constructed.yml
@@ -0,0 +1,27 @@
+---
+- hosts: 127.0.0.1
+ connection: local
+ gather_facts: no
+
+ environment: "{{ ansible_test.environment }}"
+ collections:
+ - community.aws
+
+ vars_files:
+ - vars/main.yml
+
+ tasks:
+
+ - debug:
+ var: groups
+
+ - name: assert the keyed groups from constructed config were added to inventory
+ assert:
+ that:
+ # There are 5 groups: all, ungrouped, aws_mq, tag and engine_type keyed group
+ - "groups | length == 5"
+ - '"all" in groups'
+ - '"ungrouped" in groups'
+ - '"aws_mq" in groups'
+ - '"tag_workload_type_other" in groups'
+ - '"mq_ACTIVEMQ" in groups'
diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/vars/main.yml b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/vars/main.yml
new file mode 100644
index 000000000..2f599201c
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/playbooks/vars/main.yml
@@ -0,0 +1,6 @@
+---
+broker_name: "{{ resource_prefix }}-activemq"
+engine: "ACTIVEMQ"
+resource_tags:
+ workload_type: other
+aws_inventory_cache_dir: ""
diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/runme.sh b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/runme.sh
new file mode 100755
index 000000000..68a3eda4b
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/runme.sh
@@ -0,0 +1,72 @@
+#!/usr/bin/env bash
+
+set -eux
+
+function cleanup() {
+ ansible-playbook playbooks/setup_instance.yml -e "operation=delete" "$@"
+ exit 1
+}
+
+trap 'cleanup "${@}"' ERR
+
+# ensure test config is empty
+ansible-playbook playbooks/empty_inventory_config.yml "$@"
+
+export ANSIBLE_INVENTORY_ENABLED="community.aws.aws_mq"
+
+# test with default inventory file
+ansible-playbook playbooks/test_invalid_aws_mq_inventory_config.yml "$@"
+
+export ANSIBLE_INVENTORY=test.aws_mq.yml
+
+# test empty inventory config
+ansible-playbook playbooks/test_invalid_aws_mq_inventory_config.yml "$@"
+
+# delete existing resources
+ansible-playbook playbooks/setup_instance.yml -e "operation=delete" "$@"
+
+# generate inventory config and test using it
+ansible-playbook playbooks/create_inventory_config.yml "$@"
+
+# test inventory with no hosts
+ansible-playbook playbooks/test_inventory_no_hosts.yml "$@"
+
+# create MQ resources
+ansible-playbook playbooks/setup_instance.yml -e "operation=create" "$@"
+
+# test inventory populated with MQ instance
+ansible-playbook playbooks/test_populating_inventory.yml "$@"
+
+# generate inventory config with constructed features and test using it
+ansible-playbook playbooks/create_inventory_config.yml -e "template='inventory_with_constructed.j2'" "$@"
+ansible-playbook playbooks/test_populating_inventory_with_constructed.yml "$@"
+
+# generate inventory config with hostvars_prefix features and test using it
+ansible-playbook playbooks/create_inventory_config.yml -e "template='inventory_with_hostvars_prefix_suffix.j2'" -e "inventory_prefix='aws_mq_'" "$@"
+ansible-playbook playbooks/test_inventory_with_hostvars_prefix_suffix.yml -e "inventory_prefix='aws_mq_'" "$@"
+
+# generate inventory config with hostvars_suffix features and test using it
+ansible-playbook playbooks/create_inventory_config.yml -e "template='inventory_with_hostvars_prefix_suffix.j2'" -e "inventory_suffix='_aws_mq'" "$@"
+ansible-playbook playbooks/test_inventory_with_hostvars_prefix_suffix.yml -e "inventory_suffix='_aws_mq'" "$@"
+
+# generate inventory config with hostvars_prefix and hostvars_suffix features and test using it
+ansible-playbook playbooks/create_inventory_config.yml -e "template='inventory_with_hostvars_prefix_suffix.j2'" -e "inventory_prefix='aws_'" -e "inventory_suffix='_mq'" "$@"
+ansible-playbook playbooks/test_inventory_with_hostvars_prefix_suffix.yml -e "inventory_prefix='aws_'" -e "inventory_suffix='_mq'" "$@"
+
+# generate inventory config with statuses and test using it
+ansible-playbook playbooks/create_inventory_config.yml -e '{"inventory_statuses": true}' "$@"
+ansible-playbook playbooks/test_inventory_no_hosts.yml "$@"
+
+# generate inventory config with caching and test using it
+AWS_MQ_CACHE_DIR="aws_mq_cache_dir"
+rm -rf "${AWS_MQ_CACHE_DIR}"
+ansible-playbook playbooks/create_inventory_config.yml -e "template='inventory_with_cache.j2'" -e "aws_inventory_cache_dir=$AWS_MQ_CACHE_DIR" "$@"
+ansible-playbook playbooks/populate_cache.yml "$@"
+ansible-playbook playbooks/test_inventory_cache.yml "$@"
+rm -rf "${AWS_MQ_CACHE_DIR}"
+
+# cleanup inventory config
+ansible-playbook playbooks/empty_inventory_config.yml "$@"
+
+ansible-playbook playbooks/setup_instance.yml -e "operation=delete" "$@"
+
diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory.j2 b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory.j2
new file mode 100644
index 000000000..25fa80918
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory.j2
@@ -0,0 +1,12 @@
+plugin: community.aws.aws_mq
+access_key: '{{ aws_access_key }}'
+secret_key: '{{ aws_secret_key }}'
+{% if security_token | default(false) %}
+session_token: '{{ security_token }}'
+{% endif %}
+regions:
+ - '{{ aws_region }}'
+{% if inventory_statuses | default(false) %}
+statuses:
+ - CREATION_FAILED
+{% endif %}
diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory_with_cache.j2 b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory_with_cache.j2
new file mode 100644
index 000000000..10941a8d5
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory_with_cache.j2
@@ -0,0 +1,11 @@
+plugin: community.aws.aws_mq
+cache: True
+cache_plugin: jsonfile
+cache_connection: '{{ aws_inventory_cache_dir }}'
+access_key: '{{ aws_access_key }}'
+secret_key: '{{ aws_secret_key }}'
+{% if security_token | default(false) %}
+session_token: '{{ security_token }}'
+{% endif %}
+regions:
+ - '{{ aws_region }}'
diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory_with_constructed.j2 b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory_with_constructed.j2
new file mode 100644
index 000000000..7b421ace4
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory_with_constructed.j2
@@ -0,0 +1,13 @@
+plugin: community.aws.aws_mq
+access_key: '{{ aws_access_key }}'
+secret_key: '{{ aws_secret_key }}'
+{% if security_token | default(false) %}
+session_token: '{{ security_token }}'
+{% endif %}
+regions:
+ - '{{ aws_region }}'
+keyed_groups:
+ - key: tags
+ prefix: tag
+ - key: engine_type
+ prefix: mq
diff --git a/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory_with_hostvars_prefix_suffix.j2 b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory_with_hostvars_prefix_suffix.j2
new file mode 100644
index 000000000..13bc6ffa8
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/inventory_aws_mq/templates/inventory_with_hostvars_prefix_suffix.j2
@@ -0,0 +1,14 @@
+plugin: community.aws.aws_mq
+access_key: '{{ aws_access_key }}'
+secret_key: '{{ aws_secret_key }}'
+{% if security_token | default(false) %}
+session_token: '{{ security_token }}'
+{% endif %}
+regions:
+ - '{{ aws_region }}'
+{% if inventory_prefix | default(false) %}
+hostvars_prefix: '{{ inventory_prefix }}'
+{% endif %}
+{% if inventory_suffix | default(false) %}
+hostvars_suffix: '{{ inventory_suffix }}'
+{% endif %}
diff --git a/ansible_collections/community/aws/tests/integration/targets/kinesis_stream/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/kinesis_stream/tasks/main.yml
index b6791fb06..f219f0ae6 100644
--- a/ansible_collections/community/aws/tests/integration/targets/kinesis_stream/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/kinesis_stream/tasks/main.yml
@@ -3,9 +3,9 @@
- name: 'Setup AWS Module Defaults'
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
kinesis_stream:
# Number of shards is mandatory when state=present
@@ -23,13 +23,13 @@
# Note: Because we're not a producer / consumer we don't actually need
# access to the keys
- name: 'Create KMS key 1'
- aws_kms:
+ kms_key:
alias: '{{ kms_cmk_alias_1 }}'
state: present
enabled: yes
register: create_kms_1
- name: 'Create KMS key 2'
- aws_kms:
+ kms_key:
alias: '{{ kms_cmk_alias_2 }}'
state: present
enabled: yes
@@ -680,7 +680,7 @@
block:
- name: 'Delete the KMS keys'
ignore_errors: yes
- aws_kms:
+ kms_key:
state: absent
alias: '{{ item }}'
loop:
diff --git a/ansible_collections/community/aws/tests/integration/targets/legacy_missing_tests/aliases b/ansible_collections/community/aws/tests/integration/targets/legacy_missing_tests/aliases
index 27c4351c4..edfaa127e 100644
--- a/ansible_collections/community/aws/tests/integration/targets/legacy_missing_tests/aliases
+++ b/ansible_collections/community/aws/tests/integration/targets/legacy_missing_tests/aliases
@@ -5,9 +5,6 @@ application_scaling_policy
batch_compute_environment
batch_job_definition
batch_job_queue
-cloudfront_distribution_info
-cloudfront_invalidation
-cloudfront_origin_access_identity
data_pipeline
directconnect_confirm_connection
directconnect_connection
diff --git a/ansible_collections/community/aws/tests/integration/targets/lightsail/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/lightsail/tasks/main.yml
index 91f13a8ba..18e76756d 100644
--- a/ansible_collections/community/aws/tests/integration/targets/lightsail/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/lightsail/tasks/main.yml
@@ -2,10 +2,10 @@
- module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key | default(omit) }}'
- aws_secret_key: '{{ aws_secret_key | default(omit) }}'
- security_token: '{{ security_token | default(omit) }}'
- region: '{{ aws_region | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
+ region: '{{ aws_region }}'
block:
@@ -15,8 +15,14 @@
lightsail:
name: "{{ instance_name }}"
zone: "{{ zone }}"
- blueprint_id: amazon_linux
+ blueprint_id: amazon_linux_2
bundle_id: nano_2_0
+ public_ports:
+ - from_port: 50
+ to_port: 50
+ protocol: "tcp"
+ cidrs: ["0.0.0.0/0"]
+ ipv6_cidrs: ["::/0"]
wait: yes
register: result
@@ -25,8 +31,10 @@
- result.changed == True
- "'instance' in result and result.instance.name == instance_name"
- "result.instance.state.name == 'running'"
+ - "result.instance.networking.ports[0].from_port == 50"
+ - result.instance.networking.ports|length == 1
- - name: Make sure create is idempotent
+ - name: Check if it does not delete public ports config when no value is provided
lightsail:
name: "{{ instance_name }}"
zone: "{{ zone }}"
@@ -38,6 +46,24 @@
that:
- result.changed == False
+ - name: Make sure create is idempotent
+ lightsail:
+ name: "{{ instance_name }}"
+ zone: "{{ zone }}"
+ blueprint_id: amazon_linux_2
+ bundle_id: nano_2_0
+ public_ports:
+ - from_port: 50
+ to_port: 50
+ protocol: "tcp"
+ cidrs: ["0.0.0.0/0"]
+ ipv6_cidrs: ["::/0"]
+ register: result
+
+ - assert:
+ that:
+ - result.changed == False
+
- name: Start the running instance
lightsail:
name: "{{ instance_name }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/aws_region_info/aliases b/ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/aliases
index 4ef4b2067..4ef4b2067 100644
--- a/ansible_collections/community/aws/tests/integration/targets/aws_region_info/aliases
+++ b/ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/aliases
diff --git a/ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/defaults/main.yml
new file mode 100644
index 000000000..5866de4ec
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/defaults/main.yml
@@ -0,0 +1,3 @@
+instance_name: "{{ resource_prefix }}_instance"
+snapshot_name: "{{ resource_prefix }}_instance_snapshot"
+zone: "{{ aws_region }}a"
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_group/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/meta/main.yml
index 32cf5dda7..32cf5dda7 100644
--- a/ansible_collections/community/aws/tests/integration/targets/iam_group/meta/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/meta/main.yml
diff --git a/ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/tasks/main.yml
new file mode 100644
index 000000000..98553d278
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/lightsail_snapshot/tasks/main.yml
@@ -0,0 +1,85 @@
+---
+
+- module_defaults:
+ group/aws:
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
+ region: '{{ aws_region }}'
+
+ block:
+
+ # ==== Tests ===================================================
+
+ - name: Create a new instance
+ lightsail:
+ name: "{{ instance_name }}"
+ zone: "{{ zone }}"
+ blueprint_id: amazon_linux_2
+ bundle_id: nano_2_0
+ wait: yes
+
+ - name: Create a new snapshot
+ lightsail_snapshot:
+ snapshot_name: "{{ snapshot_name }}"
+ instance_name: "{{ instance_name }}"
+ region: "{{ aws_region }}"
+ wait: yes
+ register: result
+
+ - assert:
+ that:
+ - result.changed == True
+ - "'instance_snapshot' in result and result.instance_snapshot.name == snapshot_name"
+ - "result.instance_snapshot.state == 'available'"
+
+ - name: Make sure instance snapshot creation is idempotent
+ lightsail_snapshot:
+ snapshot_name: "{{ snapshot_name }}"
+ instance_name: "{{ instance_name }}"
+ region: "{{ aws_region }}"
+ wait: yes
+ register: result
+
+ - assert:
+ that:
+ - result.changed == False
+
+ - name: Delete the instance snapshot
+ lightsail_snapshot:
+ snapshot_name: "{{ snapshot_name }}"
+ region: "{{ aws_region }}"
+ state: absent
+ register: result
+
+ - assert:
+ that:
+ - result.changed == True
+
+ - name: Make sure instance snapshot deletion is idempotent
+ lightsail_snapshot:
+ snapshot_name: "{{ snapshot_name }}"
+ region: "{{ aws_region }}"
+ state: absent
+ register: result
+
+ - assert:
+ that:
+ - result.changed == False
+
+ # ==== Cleanup ====================================================
+
+ always:
+
+ - name: Cleanup - delete instance snapshot
+ lightsail_snapshot:
+ snapshot_name: "{{ snapshot_name }}"
+ region: "{{ aws_region }}"
+ state: absent
+ ignore_errors: yes
+
+ - name: Cleanup - delete instance
+ lightsail:
+ name: "{{ instance_name }}"
+ state: absent
+ ignore_errors: yes
diff --git a/ansible_collections/community/aws/tests/integration/targets/lightsail_static_ip/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/lightsail_static_ip/tasks/main.yml
index f8f327344..e0b452f3e 100644
--- a/ansible_collections/community/aws/tests/integration/targets/lightsail_static_ip/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/lightsail_static_ip/tasks/main.yml
@@ -2,10 +2,10 @@
- module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key | default(omit) }}'
- aws_secret_key: '{{ aws_secret_key | default(omit) }}'
- security_token: '{{ security_token | default(omit) }}'
- region: '{{ aws_region | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
+ region: '{{ aws_region }}'
block:
diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/aliases b/ansible_collections/community/aws/tests/integration/targets/mq/aliases
new file mode 100644
index 000000000..fef8ae9bd
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/mq/aliases
@@ -0,0 +1,13 @@
+# reason: missing-policy
+# We don't have CI or 'unsupported' policy for Amazon MQ, yet
+# reason: slow
+# tests run about 30 minutes
+unsupported
+
+cloud/aws
+
+mq_broker_info
+mq_broker
+mq_broker_config
+mq_user_info
+mq_user
diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/mq/defaults/main.yml
new file mode 100644
index 000000000..2199c2f63
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/mq/defaults/main.yml
@@ -0,0 +1,9 @@
+---
+# default files for mq_*
+broker_name: '{{resource_prefix}}-mq'
+vpc_name: "{{ resource_prefix }}-vpc"
+vpc_cidr: "10.0.0.0/16"
+subnet_cidr: "10.0.1.0/24"
+sg_name: "{{resource_prefix}}-sg"
+tags:
+ workload_type: other \ No newline at end of file
diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/files/broker_cfg.1.xml b/ansible_collections/community/aws/tests/integration/targets/mq/files/broker_cfg.1.xml
new file mode 100644
index 000000000..0fdc98e46
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/mq/files/broker_cfg.1.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<broker schedulePeriodForDestinationPurge="10000" xmlns="http://activemq.apache.org/schema/core">
+ <!-- update 1 -->
+ <destinationPolicy>
+ <policyMap>
+ <policyEntries>
+ <policyEntry gcInactiveDestinations="true" inactiveTimoutBeforeGC="600000" topic="&gt;">
+ <pendingMessageLimitStrategy>
+ <constantPendingMessageLimitStrategy limit="1000"/>
+ </pendingMessageLimitStrategy>
+ </policyEntry>
+ <policyEntry gcInactiveDestinations="true" inactiveTimoutBeforeGC="600000" queue="&gt;"/>
+ </policyEntries>
+ </policyMap>
+ </destinationPolicy>
+ <plugins/>
+</broker>
diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/files/broker_cfg.1a.xml b/ansible_collections/community/aws/tests/integration/targets/mq/files/broker_cfg.1a.xml
new file mode 100644
index 000000000..b374d1357
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/mq/files/broker_cfg.1a.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<broker schedulePeriodForDestinationPurge="10000" xmlns="http://activemq.apache.org/schema/core">
+ <!-- update 1 -->
+
+ <destinationPolicy>
+ <policyMap>
+ <policyEntries>
+ <policyEntry gcInactiveDestinations="true" inactiveTimoutBeforeGC="600000" topic="&gt;">
+ <pendingMessageLimitStrategy>
+ <constantPendingMessageLimitStrategy limit="1000"/>
+ </pendingMessageLimitStrategy>
+ </policyEntry>
+ <policyEntry gcInactiveDestinations="true" inactiveTimoutBeforeGC="600000" queue="&gt;"/>
+ </policyEntries>
+ </policyMap>
+ </destinationPolicy>
+ <plugins/>
+
+</broker>
+
+
diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/files/broker_cfg.2.xml b/ansible_collections/community/aws/tests/integration/targets/mq/files/broker_cfg.2.xml
new file mode 100644
index 000000000..0d10ebdc6
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/mq/files/broker_cfg.2.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<broker schedulePeriodForDestinationPurge="10000" xmlns="http://activemq.apache.org/schema/core">
+ <!-- update 2 -->
+ <destinationPolicy>
+ <policyMap>
+ <policyEntries>
+ <policyEntry gcInactiveDestinations="true" inactiveTimoutBeforeGC="600000" topic="&gt;">
+ <pendingMessageLimitStrategy>
+ <constantPendingMessageLimitStrategy limit="1000"/>
+ </pendingMessageLimitStrategy>
+ </policyEntry>
+ <policyEntry gcInactiveDestinations="true" inactiveTimoutBeforeGC="600000" queue="&gt;"/>
+ </policyEntries>
+ </policyMap>
+ </destinationPolicy>
+ <plugins/>
+</broker>
diff --git a/ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/mq/meta/main.yml
index 32cf5dda7..32cf5dda7 100644
--- a/ansible_collections/community/aws/tests/integration/targets/iam_managed_policy/meta/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/mq/meta/main.yml
diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_cleanup.yml b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_cleanup.yml
new file mode 100644
index 000000000..9507f99fa
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_cleanup.yml
@@ -0,0 +1,17 @@
+- name: cleanup broker
+ mq_broker:
+ broker_name: "{{ broker_name }}"
+ state: "absent"
+ ignore_errors: true
+ when: not ansible_check_mode
+# we need to wait - otherwise env_cleanup.yml will fail
+- name: wait until broker deletion is finished
+ mq_broker_info:
+ broker_id: "{{ broker_id }}"
+ register: result
+ # the condition will never be met - instead it wail fail in the end
+ until: result.broker['broker_state'] != 'DELETION_IN_PROGRESS'
+ retries: 15
+ delay: 60
+ ignore_errors: true
+ when: not ansible_check_mode
diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_config_tests.yml b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_config_tests.yml
new file mode 100644
index 000000000..31c67438b
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_config_tests.yml
@@ -0,0 +1,82 @@
+- name: get broker details
+ mq_broker_info:
+ broker_id: "{{ broker_id }}"
+ register: result
+- name: verify test broker is running
+ assert:
+ fail_msg: "broker with id {{ broker_id }} is not in RUNNING state"
+ that:
+ - result.broker['broker_state'] == 'RUNNING'
+ when: not ansible_check_mode
+- name: test 1 - send update to broker config
+ mq_broker_config:
+ broker_id: "{{ broker_id }}"
+ config_xml: "{{ lookup('file', '../files/broker_cfg.1.xml')}}"
+ register: result
+- name: verify test1
+ assert:
+ fail_msg: test1 failed
+ that:
+ - result.changed | bool
+ - result.broker['broker_id'] == broker_id
+ - result.configuration['id'] == result.broker['configurations']['pending']['id']
+ - result.configuration['revision'] == result.broker['configurations']['pending']['revision']
+ when: not ansible_check_mode
+- name: test 1a - send same config again
+ mq_broker_config:
+ broker_id: "{{ broker_id }}"
+ config_xml: "{{ lookup('file', '../files/broker_cfg.1.xml')}}"
+ register: result
+- name: verify test1a
+ assert:
+ fail_msg: test1a failed
+ that:
+ - not (result.changed | bool )
+ when: not ansible_check_mode
+- name: test 2 - send (almost) same config again - differs by whitespace
+ mq_broker_config:
+ broker_id: "{{ broker_id }}"
+ config_xml: "{{ lookup('file', '../files/broker_cfg.1a.xml')}}"
+ register: result
+- name: verify test2
+ assert:
+ fail_msg: test2 failed
+ that:
+ - not (result.changed | bool )
+ when: not ansible_check_mode
+- name: test 3 - send new config with custom description and request reboot
+ mq_broker_config:
+ broker_id: "{{ broker_id }}"
+ config_xml: "{{ lookup('file', '../files/broker_cfg.2.xml')}}"
+ config_description: "test 3 used custom description"
+ reboot: true
+ register: result
+- name: verify test3
+ assert:
+ fail_msg: test3 failed
+ that:
+ - result.changed | bool
+ - result.broker['broker_state'] == 'REBOOT_IN_PROGRESS'
+ when: not ansible_check_mode
+- name: wait for reboot
+ mq_broker_info:
+ broker_id: "{{ broker_id }}"
+ register: result
+ until: result.broker['broker_state'] == 'RUNNING'
+ retries: 15
+ delay: 60
+ when: not ansible_check_mode
+- name: test 3a - send new config again
+ mq_broker_config:
+ broker_id: "{{ broker_id }}"
+ config_xml: "{{ lookup('file', '../files/broker_cfg.2.xml')}}"
+ config_description: "test 3 used custom description"
+ reboot: true
+ register: result
+- name: verify test3a
+ assert:
+ fail_msg: test3a failed
+ that:
+ - not (result.changed | bool )
+ when: not ansible_check_mode
+# Note: currently there's no way to delete a broker configuration (version)
diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_delete_tests.yml b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_delete_tests.yml
new file mode 100644
index 000000000..bde36cd13
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_delete_tests.yml
@@ -0,0 +1,43 @@
+- name: delete broker
+ mq_broker:
+ broker_name: "{{ broker_name }}"
+ state: "absent"
+ register: result
+- name: verify broker delete
+ assert:
+ fail_msg: broker delete failed
+ that:
+ - ( result.changed | bool)
+ when: not ansible_check_mode
+- name: get details after delete
+ mq_broker_info:
+ broker_name: "{{ broker_name }}"
+ register: result_d1
+- name: verify broker deletion on progress
+ assert:
+ fail_msg: broker delete too fast?
+ that:
+ - result_d1.broker['broker_state'] == 'DELETION_IN_PROGRESS'
+ when: not ansible_check_mode
+- name: repeat broker deletion
+ mq_broker:
+ broker_name: "{{ broker_name }}"
+ state: "absent"
+ register: result
+- name: verify broker repeated delete
+ assert:
+ fail_msg: didn't detect DELETION_IN_PROGRESS in progress
+ that:
+ - not ( result.changed | bool)
+ when: not ansible_check_mode
+- name: deletion unknown broker - simulates re-deletion of completely deleted broker
+ mq_broker:
+ broker_name: "{{ broker_name }}__unknown_broker__"
+ state: "absent"
+ register: result
+- name: verify delete unknown broker
+ assert:
+ fail_msg: deletion of unknown broker return unexpected result
+ that:
+ - not ( result.changed | bool)
+ when: not ansible_check_mode
diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_tests.yml b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_tests.yml
new file mode 100644
index 000000000..515306abf
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_tests.yml
@@ -0,0 +1,120 @@
+- name: create broker with minimal parameters
+ mq_broker:
+ broker_name: "{{ broker_name }}"
+ security_groups: "{{ broker_sg_ids.split(',') }}"
+ subnet_ids: "{{ broker_subnet_ids.split(',') }}"
+ tags: "{{ tags }}"
+ wait: true
+ register: result
+- set_fact:
+ broker_id: "{{ result.broker['broker_id'] }}"
+- name: get broker details by id
+ mq_broker_info:
+ broker_id: "{{ broker_id }}"
+ register: result_c1
+- name: verify creation result
+ assert:
+ fail_msg: broker creation failed
+ that:
+ # change state is from previous operation:
+ - ( result.changed | bool )
+ - result_c1.broker['broker_id'] == broker_id
+ - result_c1.broker['broker_name'] == broker_name
+ - result_c1.broker['broker_state'] == 'RUNNING'
+ - ( result_c1.broker['storage_type'] | upper ) == 'EFS'
+ - result_c1.broker['tags'] == tags
+ when: not ansible_check_mode
+- name: repeat creation
+ mq_broker:
+ broker_name: "{{ broker_name }}"
+ security_groups: "{{ broker_sg_ids.split(',') }}"
+ subnet_ids: "{{ broker_subnet_ids.split(',') }}"
+ register: result
+- set_fact:
+ broker_id: "{{ result.broker['broker_id'] }}"
+- name: get broker details - this time by name
+ mq_broker_info:
+ broker_name: "{{ broker_name }}"
+ register: result_c2
+- name: verify broker re-creation
+ assert:
+ fail_msg: broker re-creation failed
+ that:
+ # change state is from previous operation:
+ - not ( result.changed | bool)
+ - result_c2.broker['broker_id'] == broker_id
+ - result_c2.broker['broker_name'] == broker_name
+ - ( result_c2.broker['storage_type'] | upper ) == 'EFS'
+ when: not ansible_check_mode
+- name: update broker
+ mq_broker:
+ broker_name: "{{ broker_name }}"
+ auto_minor_version_upgrade: false
+ storage_type: EBS
+ register: result
+- name: verify broker update
+ assert:
+ fail_msg: broker update failed
+ that:
+ - ( result.changed | bool)
+ - result.broker['broker_id'] == broker_id
+ when: not ansible_check_mode
+- name: reboot broker to make pending changes active
+ mq_broker:
+ broker_name: "{{ broker_name }}"
+ state: "restarted"
+ register: result
+- name: get broker details by id
+ mq_broker_info:
+ broker_id: "{{ broker_id }}"
+ register: result_r1
+- name: check for pending reboot
+ assert:
+ fail_msg: trigger reboot failed
+ that:
+ - result.changed | bool
+ - result_r1.broker['broker_state'] == 'REBOOT_IN_PROGRESS'
+ when: not ansible_check_mode
+- debug:
+ msg: "Wait until reboot of broker {{ broker_name }} ({{ broker_id }}) is finished. This may take several minutes"
+- name: wait for reboot
+ mq_broker_info:
+ broker_id: "{{ broker_id }}"
+ register: result
+ until: result.broker['broker_state'] == 'RUNNING'
+ retries: 15
+ delay: 60
+ when: not ansible_check_mode
+- name: get details after update
+ mq_broker_info:
+ broker_name: "{{ broker_name }}"
+ register: result_u1
+- name: verify broker update
+ assert:
+ fail_msg: broker update failed
+ that:
+ - result_u1.broker['broker_id'] == broker_id
+ - result_u1.broker['broker_name'] == broker_name
+ - not ( result_u1.broker['auto_minor_version_upgrade'] | bool )
+ # the next one checks that changes to create-only parameters are silently ignore
+ - result_u1.broker['storage_type'] == result_c1.broker['storage_type']
+ when: not ansible_check_mode
+- name: repeat update broker
+ mq_broker:
+ broker_name: "{{ broker_name }}"
+ auto_minor_version_upgrade: false
+ storage_type: EBS
+ register: result
+- name: get details after re-update
+ mq_broker_info:
+ broker_name: "{{ broker_name }}"
+ register: result_u2
+- name: verify broker re-update
+ assert:
+ fail_msg: broker update failed
+ that:
+ - not ( result.changed | bool)
+ - result_u2.broker['broker_id'] == result_u1.broker['broker_id']
+ - result_u2.broker['storage_type'] == result_u1.broker['storage_type']
+ - result_u2.broker['engine_version'] == result_u1.broker['engine_version']
+ when: not ansible_check_mode
diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_user_info_tests.yml b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_user_info_tests.yml
new file mode 100644
index 000000000..427e272b6
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_user_info_tests.yml
@@ -0,0 +1,65 @@
+- name: set test data
+ set_fact:
+ create_users:
+ - "info_user1"
+ - "info_user2"
+ - "info_user3"
+ - "info_user4"
+ - "info_user5"
+ delete_users:
+ - "info_user2"
+ - "info_user5"
+- name: prepare tests - create users
+ mq_user:
+ state: present
+ broker_id: "{{ broker_id }}"
+ username: "{{ item }}"
+ loop: "{{ create_users | flatten(levels=1) }}"
+- name: prepare tests - delete users
+ mq_user:
+ state: absent
+ broker_id: "{{ broker_id }}"
+ username: "{{ item }}"
+ loop: "{{ delete_users | flatten(levels=1) }}"
+- name: test2 - list all users
+ mq_user_info:
+ broker_id: "{{ broker_id }}"
+ register: result
+- name: test2 - verify
+ assert:
+ fail_msg: test2 failed
+ that:
+ - result.users['info_user1']
+ - result.users['info_user2']
+ - result.users['info_user3']
+ when: not ansible_check_mode
+- name: test3 - list only user currently being active until next broker reboot
+ mq_user_info:
+ broker_id: "{{ broker_id }}"
+ skip_pending_create: true
+ register: result
+- name: test3 - verify
+ assert:
+ fail_msg: test3 failed
+ that:
+ - not ('info_user1' in result.users)
+ - result.users['info_user2']
+ - not ('info_user3' in result.users)
+ - not ('info_user4' in result.users)
+ - result.users['info_user5']
+ when: not ansible_check_mode
+- name: test4 - list only user that will be active after next broker reboot
+ mq_user_info:
+ broker_id: "{{ broker_id }}"
+ skip_pending_delete: true
+ register: result
+- name: test4 - verify
+ assert:
+ fail_msg: test4 failed
+ that:
+ - result.users['info_user1']
+ - not ('info_user2' in result.users)
+ - result.users['info_user3']
+ - result.users['info_user4']
+ - not ('info_user5' in result.users)
+ when: not ansible_check_mode
diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_user_tests.yml b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_user_tests.yml
new file mode 100644
index 000000000..6a30c694b
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/broker_user_tests.yml
@@ -0,0 +1,173 @@
+- name: set test data
+ set_fact:
+ usernames:
+ - "test_user1"
+ - "test_user2"
+ - "test_user3"
+
+- name: test1 - create user with default settings
+ mq_user:
+ broker_id: "{{ broker_id }}"
+ username: "{{ usernames[0] }}"
+ register: result
+- name: test1 - verify
+ assert:
+ fail_msg: test1 failed
+ that:
+ - result.changed | bool
+ - result.user['username'] == usernames[0]
+ - not (result.user['pending']['console_access'] | bool)
+ - result.user['pending']['groups'] | length == 0
+ when: not ansible_check_mode
+- name: test2 - create user with console access and group list
+ mq_user:
+ state: present
+ broker_id: "{{ broker_id }}"
+ username: "{{ usernames[1] }}"
+ console_access: true
+ groups: [ "g1", "g2" ]
+ register: result
+- name: test2 - verify
+ assert:
+ fail_msg: test2 failed
+ that:
+ - result.changed | bool
+ - result.user['username'] == usernames[1]
+ - result.user['pending']['console_access'] | bool
+ - result.user['pending']['groups'] | length == 2
+ when: not ansible_check_mode
+- name: test3 - create user with defined password
+ mq_user:
+ broker_id: "{{ broker_id }}"
+ username: "{{ usernames[2] }}"
+ password: "09234092jzxkjvjk23kn23qn5lk34"
+ register: result
+- name: test3 - verify
+ assert:
+ fail_msg: test3 failed
+ that:
+ - result.changed | bool
+ - result.user['username'] == usernames[2]
+ - not (result.user['pending']['console_access'] | bool)
+ - result.user['pending']['groups'] | length == 0
+ when: not ansible_check_mode
+- name: test4 - update user password - ignore mode
+ mq_user:
+ broker_id: "{{ broker_id }}"
+ username: "{{ usernames[2] }}"
+ password: "new_password_ignored"
+ register: result
+- name: test4 - verify
+ assert:
+ fail_msg: test4 failed
+ that:
+ - not (result.changed | bool)
+ when: not ansible_check_mode
+- name: test5 - update user password - force mode
+ mq_user:
+ broker_id: "{{ broker_id }}"
+ username: "{{ usernames[2] }}"
+ password: "new_Password_Accepted0815%"
+ allow_pw_update: true
+ register: result
+- name: test5 - verify
+ assert:
+ fail_msg: test5 failed
+ that:
+ - result.changed | bool
+ when: not ansible_check_mode
+- name: test6 - update console access - same value
+ mq_user:
+ broker_id: "{{ broker_id }}"
+ username: "{{ usernames[2] }}"
+ console_access: false
+ register: result
+- name: test6 - verify
+ assert:
+ fail_msg: test6 failed
+ that:
+ - not (result.changed | bool)
+ when: not ansible_check_mode
+- name: test7 - update console access - new value
+ mq_user:
+ broker_id: "{{ broker_id }}"
+ username: "{{ usernames[1] }}"
+ console_access: false
+ register: result
+- name: test7 - verify
+ assert:
+ fail_msg: test7 failed
+ that:
+ - result.changed | bool
+ - not( result.user['pending']['console_access'] | bool )
+ - result.user['pending']['groups'] | length == 2
+ when: not ansible_check_mode
+- name: test8 - update group list - same list but different order
+ mq_user:
+ broker_id: "{{ broker_id }}"
+ username: "{{ usernames[1] }}"
+ groups: [ "g2", "g1" ]
+ register: result
+- name: test8 - verify
+ assert:
+ fail_msg: test8 failed
+ that:
+ - not (result.changed | bool)
+ when: not ansible_check_mode
+- name: test9 - update group list - add element
+ mq_user:
+ broker_id: "{{ broker_id }}"
+ username: "{{ usernames[1] }}"
+ groups: [ "g2", "g1", "g3" ]
+ register: result
+- name: test9 - verify
+ assert:
+ fail_msg: test9 failed
+ that:
+ - result.changed | bool
+ - result.user['pending']['groups'] | length == 3
+ when: not ansible_check_mode
+- name: test10 - update group list - remove element
+ mq_user:
+ broker_id: "{{ broker_id }}"
+ username: "{{ usernames[1] }}"
+ groups: [ "g2", "g3" ]
+ register: result
+- name: test10 - verify
+ assert:
+ fail_msg: test10 failed
+ that:
+ - result.changed | bool
+ - result.user['pending']['groups'] | length == 2
+ when: not ansible_check_mode
+- name: test11 - update group list - set to empty list
+ mq_user:
+ broker_id: "{{ broker_id }}"
+ username: "{{ usernames[1] }}"
+ groups: []
+ register: result
+- name: test11 - verify
+ assert:
+ fail_msg: test11 failed
+ that:
+ - result.changed | bool
+ - result.user['pending']['groups'] | length == 0
+ when: not ansible_check_mode
+- name: delete all users
+ mq_user:
+ state: absent
+ broker_id: "{{ broker_id }}"
+ username: "{{ item }}"
+ loop: "{{ usernames | flatten(levels=1) }}"
+- name: test13 - delete deleted user
+ mq_user:
+ state: absent
+ broker_id: "{{ broker_id }}"
+ username: "{{ usernames[1] }}"
+ register: result
+- name: test13 - verify
+ assert:
+ fail_msg: test13 failed
+ that:
+ - not(result.changed | bool)
+ when: not ansible_check_mode
diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/tasks/env_cleanup.yml b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/env_cleanup.yml
new file mode 100644
index 000000000..0ccb37907
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/env_cleanup.yml
@@ -0,0 +1,33 @@
+- name: remove the security group
+ ec2_security_group:
+ name: "{{ sg_name }}"
+ description: a security group for ansible tests
+ vpc_id: "{{ testing_vpc.vpc.id }}"
+ state: absent
+ register: removed
+ until: removed is not failed
+ ignore_errors: yes
+ retries: 10
+
+- name: remove subnet A
+ ec2_vpc_subnet:
+ state: absent
+ vpc_id: "{{ testing_vpc.vpc.id }}"
+ cidr: "{{ subnet_cidr }}"
+ register: removed
+ until: removed is not failed
+ ignore_errors: yes
+ retries: 10
+
+- name: remove the VPC
+ ec2_vpc_net:
+ name: "{{ vpc_name }}"
+ cidr_block: "{{ vpc_cidr }}"
+ state: absent
+ tags:
+ Name: Ansible Testing VPC
+ tenancy: default
+ register: removed
+ until: removed is not failed
+ ignore_errors: yes
+ retries: 10
diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/tasks/env_setup.yml b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/env_setup.yml
new file mode 100644
index 000000000..e27b66f27
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/env_setup.yml
@@ -0,0 +1,25 @@
+- name: Create VPC for use in testing
+ ec2_vpc_net:
+ name: "{{ vpc_name }}"
+ cidr_block: "{{ vpc_cidr }}"
+ tags:
+ Name: Ansible ec2_instance Testing VPC
+ tenancy: default
+ register: testing_vpc
+
+- name: Create subnet in zone A
+ ec2_vpc_subnet:
+ state: present
+ vpc_id: "{{ testing_vpc.vpc.id }}"
+ cidr: "{{ subnet_cidr }}"
+ az: "{{ aws_region }}a"
+ resource_tags:
+ Name: "{{ resource_prefix }}-subnet-a"
+ register: testing_subnet_a
+
+- name: create a security group with the vpc
+ ec2_security_group:
+ name: "{{ sg_name }}"
+ description: a security group for ansible tests
+ vpc_id: "{{ testing_vpc.vpc.id }}"
+ register: testing_sg
diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/main.yml
new file mode 100644
index 000000000..e84367a76
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/mq/tasks/main.yml
@@ -0,0 +1,35 @@
+---
+- name: run amazon MQ tests
+ module_defaults:
+ group/aws:
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
+ aws_region: "{{ aws_region }}"
+ collections:
+ - amazon.aws
+
+ block:
+ - name: set up environment for testing.
+ include_tasks: env_setup.yml
+ - name: set subnet and security group
+ set_fact:
+ broker_subnet_ids: "{{ testing_subnet_a.subnet.id }}"
+ broker_sg_ids: "{{ testing_sg.group_id }}"
+ - name: run broker tests
+ include_tasks: broker_tests.yml
+ # re-user broker_id for other tests
+ - name: run broker config tests
+ include_tasks: broker_config_tests.yml
+ - name: run broker user tests
+ include_tasks: broker_user_tests.yml
+ - name: run broker user info tests
+ include_tasks: broker_user_info_tests.yml
+ - name: run broker delete tests
+ include_tasks: broker_delete_tests.yml
+
+ always:
+ - name: cleanup broker
+ include_tasks: broker_cleanup.yml
+
+ - include_tasks: env_cleanup.yml
diff --git a/ansible_collections/community/aws/tests/integration/targets/mq/vars/main.yml b/ansible_collections/community/aws/tests/integration/targets/mq/vars/main.yml
new file mode 100644
index 000000000..ed97d539c
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/mq/vars/main.yml
@@ -0,0 +1 @@
+---
diff --git a/ansible_collections/community/aws/tests/integration/targets/msk_cluster-auth/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/msk_cluster-auth/tasks/main.yml
index 5a6487607..9ed2e92d5 100644
--- a/ansible_collections/community/aws/tests/integration/targets/msk_cluster-auth/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/msk_cluster-auth/tasks/main.yml
@@ -2,9 +2,9 @@
- name: aws_msk_cluster integration tests
module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
collections:
- amazon.aws
@@ -42,7 +42,7 @@
# ============================================================
- name: create msk configuration
- aws_msk_config:
+ msk_config:
name: "{{ msk_config_name }}"
state: "present"
kafka_versions:
@@ -55,14 +55,14 @@
always:
- name: delete msk cluster
- aws_msk_cluster:
+ msk_cluster:
name: "{{ msk_cluster_name }}"
state: absent
wait: true
ignore_errors: yes
- name: remove msk configuration
- aws_msk_config:
+ msk_config:
name: "{{ msk_config_name }}"
state: absent
ignore_errors: yes
diff --git a/ansible_collections/community/aws/tests/integration/targets/msk_cluster-auth/tasks/test_create_auth.yml b/ansible_collections/community/aws/tests/integration/targets/msk_cluster-auth/tasks/test_create_auth.yml
index d7cdd3a71..9535c235f 100644
--- a/ansible_collections/community/aws/tests/integration/targets/msk_cluster-auth/tasks/test_create_auth.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/msk_cluster-auth/tasks/test_create_auth.yml
@@ -1,6 +1,6 @@
---
- name: create a msk cluster with authentication flipped from default (check mode)
- aws_msk_cluster:
+ msk_cluster:
name: "{{ msk_cluster_name }}"
state: "present"
version: "{{ msk_version }}"
@@ -24,7 +24,7 @@
- msk_cluster is changed
- name: create a msk cluster with authentication flipped from default
- aws_msk_cluster:
+ msk_cluster:
name: "{{ msk_cluster_name }}"
state: "present"
version: "{{ msk_version }}"
@@ -62,10 +62,10 @@
# Not always returned by API
# - "msk_cluster.cluster_info.client_authentication.unauthenticated.enabled == false"
- "msk_cluster.cluster_info.open_monitoring.prometheus.jmx_exporter.enabled_in_broker == false"
- - "msk_cluster.cluster_info.cluster_arn.startswith('arn:aws:kafka:{{ aws_region }}:')"
+ - "msk_cluster.cluster_info.cluster_arn.startswith('arn:aws:kafka:' ~ aws_region ~ ':')"
- name: create a msk cluster with authentication flipped from default (idempotency)
- aws_msk_cluster:
+ msk_cluster:
name: "{{ msk_cluster_name }}"
state: "present"
version: "{{ msk_version }}"
@@ -89,7 +89,7 @@
### Keep delete simple as we're not checking delete here
- name: delete msk cluster
- aws_msk_cluster:
+ msk_cluster:
name: "{{ msk_cluster_name }}"
state: "absent"
wait: true
diff --git a/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/main.yml
index a3049dad0..6425d7ec7 100644
--- a/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/main.yml
@@ -2,9 +2,9 @@
- name: aws_msk_cluster integration tests
module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
collections:
- amazon.aws
@@ -42,7 +42,7 @@
# ============================================================
- name: create msk configuration
- aws_msk_config:
+ msk_config:
name: "{{ msk_config_name }}"
state: "present"
kafka_versions:
@@ -61,14 +61,14 @@
always:
- name: delete msk cluster
- aws_msk_cluster:
+ msk_cluster:
name: "{{ msk_cluster_name }}"
state: absent
wait: true
ignore_errors: yes
- name: remove msk configuration
- aws_msk_config:
+ msk_config:
name: "{{ msk_config_name }}"
state: absent
ignore_errors: yes
diff --git a/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_create.yml b/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_create.yml
index 4fd7073cc..f6845059f 100644
--- a/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_create.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_create.yml
@@ -1,6 +1,6 @@
---
- name: create msk cluster (check mode)
- aws_msk_cluster:
+ msk_cluster:
name: "{{ msk_cluster_name }}"
state: "present"
version: "{{ msk_version }}"
@@ -20,7 +20,7 @@
- msk_cluster is changed
- name: create msk cluster
- aws_msk_cluster:
+ msk_cluster:
name: "{{ msk_cluster_name }}"
state: "present"
version: "{{ msk_version }}"
@@ -50,10 +50,10 @@
- "msk_cluster.cluster_info.broker_node_group_info.instance_type == 'kafka.t3.small'"
- "msk_cluster.cluster_info.broker_node_group_info.storage_info.ebs_storage_info.volume_size == 10"
- "msk_cluster.cluster_info.open_monitoring.prometheus.jmx_exporter.enabled_in_broker == false"
- - "msk_cluster.cluster_info.cluster_arn.startswith('arn:aws:kafka:{{ aws_region }}:')"
+ - "msk_cluster.cluster_info.cluster_arn.startswith('arn:aws:kafka:' ~ aws_region ~ ':')"
- name: create msk cluster (idempotency)
- aws_msk_cluster:
+ msk_cluster:
name: "{{ msk_cluster_name }}"
state: "present"
version: "{{ msk_version }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_delete.yml b/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_delete.yml
index efd90fa14..53a0d7c8f 100644
--- a/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_delete.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_delete.yml
@@ -1,6 +1,6 @@
---
- name: delete msk cluster (check mode)
- aws_msk_cluster:
+ msk_cluster:
name: "{{ msk_cluster_name }}"
state: "absent"
wait: true
@@ -13,7 +13,7 @@
- msk_cluster is changed
- name: delete msk cluster
- aws_msk_cluster:
+ msk_cluster:
name: "{{ msk_cluster_name }}"
state: "absent"
wait: true
@@ -25,7 +25,7 @@
- msk_cluster is changed
- name: delete msk cluster (idempotency)
- aws_msk_cluster:
+ msk_cluster:
name: "{{ msk_cluster_name }}"
state: "absent"
wait: true
diff --git a/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_update.yml b/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_update.yml
index 50ac91718..600d8eb59 100644
--- a/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_update.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/msk_cluster/tasks/test_update.yml
@@ -1,6 +1,6 @@
---
- name: update msk cluster (check mode)
- aws_msk_cluster:
+ msk_cluster:
name: "{{ msk_cluster_name }}"
state: "present"
version: "{{ msk_version }}"
@@ -22,7 +22,7 @@
- msk_cluster is changed
- name: update msk cluster
- aws_msk_cluster:
+ msk_cluster:
name: "{{ msk_cluster_name }}"
state: "present"
version: "{{ msk_version }}"
@@ -51,7 +51,7 @@
- "msk_cluster.cluster_info.tags.key3 == 'value3'"
- name: update msk cluster (idempotency)
- aws_msk_cluster:
+ msk_cluster:
name: "{{ msk_cluster_name }}"
state: "present"
version: "{{ msk_version }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/msk_config/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/msk_config/tasks/main.yml
index cef9e1dfc..5f7f6c782 100644
--- a/ansible_collections/community/aws/tests/integration/targets/msk_config/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/msk_config/tasks/main.yml
@@ -2,15 +2,15 @@
- name: tests for community.aws.aws_msk_config
module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
collections:
- amazon.aws
block:
- name: create msk configuration (check mode)
- aws_msk_config:
+ msk_config:
name: "{{ msk_config_name }}"
state: "present"
kafka_versions: "{{ msk_kafka_versions }}"
@@ -24,7 +24,7 @@
- msk_config is changed
- name: create msk configuration
- aws_msk_config:
+ msk_config:
name: "{{ msk_config_name }}"
state: "present"
kafka_versions: "{{ msk_kafka_versions }}"
@@ -37,7 +37,7 @@
- msk_config is changed
- name: create msk configuration (idempotency)
- aws_msk_config:
+ msk_config:
name: "{{ msk_config_name }}"
state: "present"
kafka_versions: "{{ msk_kafka_versions }}"
@@ -53,12 +53,12 @@
assert:
that:
- msk_config.revision == 1
- - "msk_config.arn.startswith('arn:aws:kafka:{{ aws_region }}:')"
+ - "msk_config.arn.startswith('arn:aws:kafka:' ~ aws_region ~ ':')"
- "'auto.create.topics.enable=True' in msk_config.server_properties"
- "'zookeeper.session.timeout.ms=18000' in msk_config.server_properties"
- name: update msk configuration (check mode)
- aws_msk_config:
+ msk_config:
name: "{{ msk_config_name }}"
state: "present"
kafka_versions: "{{ msk_kafka_versions }}"
@@ -72,7 +72,7 @@
- msk_config is changed
- name: update msk configuration
- aws_msk_config:
+ msk_config:
name: "{{ msk_config_name }}"
state: "present"
kafka_versions: "{{ msk_kafka_versions }}"
@@ -93,7 +93,7 @@
- "'zookeeper.session.timeout.ms=36000' in msk_config.server_properties"
- name: update msk configuration (idempotency)
- aws_msk_config:
+ msk_config:
name: "{{ msk_config_name }}"
state: "present"
kafka_versions: "{{ msk_kafka_versions }}"
@@ -106,7 +106,7 @@
- msk_config is not changed
- name: delete msk configuration (check mode)
- aws_msk_config:
+ msk_config:
name: "{{ msk_config_name }}"
state: "absent"
check_mode: yes
@@ -118,7 +118,7 @@
- msk_config is changed
- name: delete msk configuration
- aws_msk_config:
+ msk_config:
name: "{{ msk_config_name }}"
state: "absent"
register: msk_config
@@ -129,7 +129,7 @@
- msk_config is changed
- name: delete msk configuration (idempotency)
- aws_msk_config:
+ msk_config:
name: "{{ msk_config_name }}"
state: "absent"
register: msk_config
@@ -142,7 +142,7 @@
always:
- name: remove msk configuration
- aws_msk_config:
+ msk_config:
name: "{{ msk_config_name }}"
state: absent
ignore_errors: yes
diff --git a/ansible_collections/community/aws/tests/integration/targets/networkfirewall/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/networkfirewall/tasks/main.yml
index 6a77d4f93..5a60654d8 100644
--- a/ansible_collections/community/aws/tests/integration/targets/networkfirewall/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/networkfirewall/tasks/main.yml
@@ -5,9 +5,9 @@
- community.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
diff --git a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/meta/main.yml
index f09ab4af1..32cf5dda7 100644
--- a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/meta/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/meta/main.yml
@@ -1,4 +1 @@
-dependencies:
- - role: setup_botocore_pip
- vars:
- botocore_version: "1.23.23"
+dependencies: []
diff --git a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/default_order.yml b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/default_order.yml
index 50df7e7ab..4c7d2ba25 100644
--- a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/default_order.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/default_order.yml
@@ -223,8 +223,6 @@
stateful_rule_order: strict
register: default_policy
ignore_errors: True
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
- assert:
that:
@@ -237,8 +235,6 @@
stateful_rule_order: strict
register: default_policy
ignore_errors: True
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
- assert:
that:
@@ -1143,8 +1139,6 @@
- 'aws:drop_strict'
register: default_policy
ignore_errors: True
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
- assert:
that:
@@ -1158,8 +1152,6 @@
- 'aws:drop_strict'
register: default_policy
ignore_errors: True
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
- assert:
that:
diff --git a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/main.yml
index d3890c680..14c3d1182 100644
--- a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/main.yml
@@ -1,10 +1,10 @@
---
- module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key | default(omit) }}'
- aws_secret_key: '{{ aws_secret_key | default(omit) }}'
- security_token: '{{ security_token | default(omit) }}'
- region: '{{ aws_region | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
+ region: '{{ aws_region }}'
collections:
- amazon.aws
- community.aws
@@ -27,8 +27,6 @@
# Tests specifically related to policies using 'strict' rule order
- include_tasks: 'strict_order.yml'
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
- include_tasks: 'actions.yml'
diff --git a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/setup.yml b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/setup.yml
index 27f0ebb48..e77e4d9a9 100644
--- a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/setup.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/setup.yml
@@ -23,9 +23,6 @@
rule_order: strict
register: strict_groups
loop: '{{ range(1,4,1) | list }}'
- # Setting rule order requires botocore>=1.23.23
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
- debug:
var: default_groups
diff --git a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/strict_order.yml b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/strict_order.yml
index b842eebae..745009bf5 100644
--- a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/strict_order.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_policy/tasks/strict_order.yml
@@ -260,8 +260,6 @@
stateful_rule_order: default
register: strict_policy
ignore_errors: True
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
- assert:
that:
@@ -274,8 +272,6 @@
stateful_rule_order: default
register: strict_policy
ignore_errors: True
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
- assert:
that:
diff --git a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/aliases b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/aliases
index 3a0301661..ef3989f4b 100644
--- a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/aliases
+++ b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/aliases
@@ -1,4 +1,6 @@
time=18m
cloud/aws
+# Idempotency issues - https://github.com/ansible-collections/community.aws/issues/1634
+disabled
networkfirewall_rule_group_info
diff --git a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/meta/main.yml
index f09ab4af1..32cf5dda7 100644
--- a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/meta/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/meta/main.yml
@@ -1,4 +1 @@
-dependencies:
- - role: setup_botocore_pip
- vars:
- botocore_version: "1.23.23"
+dependencies: []
diff --git a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/tasks/main.yml
index a6e84426e..46823c3c8 100644
--- a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/tasks/main.yml
@@ -1,10 +1,10 @@
---
- module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key | default(omit) }}'
- aws_secret_key: '{{ aws_secret_key | default(omit) }}'
- security_token: '{{ security_token | default(omit) }}'
- region: '{{ aws_region | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
+ region: '{{ aws_region }}'
collections:
- amazon.aws
- community.aws
@@ -22,8 +22,6 @@
# List the Managed Rule Groups (there's no access to the rules themselves)
- include_tasks: 'managed.yml'
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
# Minimal tests and manipulation of common metadata
- include_tasks: 'minimal.yml'
diff --git a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/tasks/stateful.yml b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/tasks/stateful.yml
index 3b92a4cee..b6f51eff5 100644
--- a/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/tasks/stateful.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/networkfirewall_rule_group/tasks/stateful.yml
@@ -1078,8 +1078,6 @@
rule_order: 'strict'
register: stateful_group
ignore_errors: True
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
- assert:
that:
@@ -1092,8 +1090,6 @@
rule_order: 'strict'
register: stateful_group
ignore_errors: True
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
- assert:
that:
@@ -1142,8 +1138,6 @@
rule_order: strict
register: strict_group
check_mode: true
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
- assert:
that:
@@ -1170,8 +1164,6 @@
- 'pass tcp any any -> any any (sid:1000001;)'
rule_order: strict
register: strict_group
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
- assert:
that:
@@ -1208,8 +1200,6 @@
rule_order: strict
register: strict_group
check_mode: true
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
- assert:
that:
@@ -1238,8 +1228,6 @@
- 'pass tcp any any -> any any (sid:1000001;)'
rule_order: strict
register: strict_group
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
- assert:
that:
@@ -1269,8 +1257,6 @@
rule_order: 'default'
register: strict_group
ignore_errors: True
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
- assert:
that:
@@ -1283,8 +1269,6 @@
rule_order: 'default'
register: strict_group
ignore_errors: True
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
- assert:
that:
@@ -1299,8 +1283,6 @@
rule_order: 'strict'
register: strict_group
ignore_errors: True
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
- assert:
that:
@@ -1313,8 +1295,6 @@
rule_order: 'strict'
register: strict_group
ignore_errors: True
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
- assert:
that:
diff --git a/ansible_collections/community/aws/tests/integration/targets/opensearch/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/opensearch/meta/main.yml
index 13d6ecd91..32cf5dda7 100644
--- a/ansible_collections/community/aws/tests/integration/targets/opensearch/meta/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/opensearch/meta/main.yml
@@ -1,4 +1 @@
-dependencies:
- - role: setup_botocore_pip
- vars:
- botocore_version: "1.21.38"
+dependencies: []
diff --git a/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/main.yml
index 6d3b47cad..e3c33d238 100644
--- a/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/main.yml
@@ -4,17 +4,15 @@
module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
route53:
# Route53 is explicitly a global service
region: null
collections:
- amazon.aws
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
block:
# Get some information about who we are before starting our tests
diff --git a/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_create_cert.yml b/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_create_cert.yml
index 533e75e96..5492bb922 100644
--- a/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_create_cert.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_create_cert.yml
@@ -1,10 +1,3 @@
-- pip:
- name:
- # The 'cryptography' module is required by community.crypto.openssl_privatekey
- - 'cryptography'
- virtualenv: "{{ botocore_virtualenv }}"
- virtualenv_command: "{{ botocore_virtualenv_command }}"
- virtualenv_site_packages: no
- name: Create temporary directory
ansible.builtin.tempfile:
state: directory
@@ -28,7 +21,7 @@
privatekey_path: '{{ tempdir_1.path }}/rsa-private-key.pem'
selfsigned_digest: sha256
- name: import certificate to ACM
- aws_acm:
+ acm_certificate:
name_tag: 'opensearch.ansible-integ-test.com'
domain_name: 'opensearch.ansible-integ-test.com'
certificate: "{{ lookup('file', tempdir_1.path + '/rsa-certificate.pem') }}"
@@ -50,4 +43,4 @@
- name: Delete temporary directory
ansible.builtin.file:
state: absent
- path: "{{ tempdir_1.path }}" \ No newline at end of file
+ path: "{{ tempdir_1.path }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_delete_resources.yml b/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_delete_resources.yml
index d9ddfc913..470706f15 100644
--- a/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_delete_resources.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_delete_resources.yml
@@ -43,12 +43,12 @@
vpc_name: "{{ item.tags['Name'] }}"
- name: collect info about KMS keys used for test purpose
- aws_kms_info:
+ kms_key_info:
filters:
"tag:AnsibleTest": "AnsibleTestVpc"
register: kms_info
- name: Delete KMS keys that were created for test purpose
- aws_kms:
+ kms_key:
key_id: "{{ kms_arn }}"
state: absent
with_items: "{{ kms_info.kms_keys }}"
@@ -56,6 +56,6 @@
kms_arn: "{{ item.key_arn }}"
- name: delete certificate from ACM
- aws_acm:
+ acm_certificate:
name_tag: 'opensearch.ansible-integ-test.com'
state: absent
diff --git a/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_delete_vpc_resources.yml b/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_delete_vpc_resources.yml
index 5fb803c90..b0cfa6434 100644
--- a/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_delete_vpc_resources.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_delete_vpc_resources.yml
@@ -30,13 +30,13 @@
when: route53_zone_ids | length > 0
- name: Get security groups that have been created for test purpose in the VPC
- ec2_group_info:
+ ec2_security_group_info:
filters:
vpc-id: "{{ vpc_id }}"
register: sg_info
- name: Delete security groups
- ec2_group:
+ ec2_security_group:
group_id: "{{ sg_id }}"
state: absent
loop_control:
diff --git a/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_vpc_setup.yml b/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_vpc_setup.yml
index 90aeb50bb..6e1fec1ab 100644
--- a/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_vpc_setup.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/opensearch/tasks/test_vpc_setup.yml
@@ -83,7 +83,7 @@
AnsibleTest: AnsibleTestVpc
- name: Create security group for use in testing
- ec2_group:
+ ec2_security_group:
name: "{{ tiny_prefix }}-sg"
description: a security group for ansible tests
vpc_id: "{{ testing_vpc.vpc.id }}"
@@ -120,7 +120,7 @@
- name: Create KMS key for test purpose
# The key is needed for OpenSearch encryption at rest.
- aws_kms:
+ kms_key:
alias: "{{ tiny_prefix }}-kms"
description: a key used for encryption at rest in test OpenSearch cluster
state: present
diff --git a/ansible_collections/community/aws/tests/integration/targets/redshift/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/redshift/tasks/main.yml
index f79991d4e..a50c0372e 100644
--- a/ansible_collections/community/aws/tests/integration/targets/redshift/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/redshift/tasks/main.yml
@@ -8,9 +8,9 @@
- module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:
@@ -120,7 +120,7 @@
assert:
that:
- 'result.changed'
- - 'result.cluster.identifier == "{{ redshift_cluster_name }}"'
+ - result.cluster.identifier == redshift_cluster_name
- 'result.cluster.tags.foo == "bar"'
- 'result.cluster.tags.Tizio == "Caio"'
@@ -143,7 +143,7 @@
assert:
that:
- 'not result.changed'
- - 'result.cluster.identifier == "{{ redshift_cluster_name }}"'
+ - result.cluster.identifier == redshift_cluster_name
- 'result.cluster.tags.foo == "bar"'
- 'result.cluster.tags.Tizio == "Caio"'
- 'result.cluster.tags | count() == 2'
@@ -166,7 +166,7 @@
assert:
that:
- 'result.changed'
- - 'result.cluster.identifier == "{{ redshift_cluster_name }}-modified"'
+ - result.cluster.identifier == redshift_cluster_name ~ '-modified'
- 'result.cluster.enhanced_vpc_routing == True'
- 'result.cluster.tags | count() == 1'
- 'result.cluster.tags.foo == "bar"'
@@ -234,7 +234,7 @@
assert:
that:
- 'result.changed'
- - 'result.cluster.identifier == "{{ redshift_cluster_name }}"'
+ - result.cluster.identifier == redshift_cluster_name
- 'result.cluster.db_name == "integration_test"'
# ============================================================
@@ -260,7 +260,7 @@
assert:
that:
- 'result.changed'
- - 'result.cluster.identifier == "{{ redshift_cluster_name }}"'
+ - result.cluster.identifier == redshift_cluster_name
- 'result.cluster.db_name == "integration_test"'
- 'result.cluster.tags.foo == "bar"'
@@ -289,7 +289,7 @@
assert:
that:
- 'result.changed'
- - 'result.cluster.identifier == "{{ redshift_cluster_name }}"'
+ - result.cluster.identifier == redshift_cluster_name
- 'result.cluster.db_name == "integration_test"'
- 'result.cluster.tags.test1 == "value1"'
- 'result.cluster.tags.foo == "bar"'
@@ -318,7 +318,7 @@
assert:
that:
- 'not result.changed'
- - 'result.cluster.identifier == "{{ redshift_cluster_name }}"'
+ - result.cluster.identifier == redshift_cluster_name
- 'result.cluster.db_name == "integration_test"'
- 'result.cluster.tags | count() == 2'
diff --git a/ansible_collections/community/aws/tests/integration/targets/redshift_subnet_group/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/redshift_subnet_group/tasks/main.yml
index e15ee9b93..0df7d98d0 100644
--- a/ansible_collections/community/aws/tests/integration/targets/redshift_subnet_group/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/redshift_subnet_group/tasks/main.yml
@@ -9,9 +9,9 @@
#
- module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/aliases b/ansible_collections/community/aws/tests/integration/targets/route53_wait/aliases
index 4ef4b2067..4ef4b2067 100644
--- a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/aliases
+++ b/ansible_collections/community/aws/tests/integration/targets/route53_wait/aliases
diff --git a/ansible_collections/community/aws/tests/integration/targets/route53_wait/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/route53_wait/tasks/main.yml
new file mode 100644
index 000000000..f9df05f5c
--- /dev/null
+++ b/ansible_collections/community/aws/tests/integration/targets/route53_wait/tasks/main.yml
@@ -0,0 +1,245 @@
+---
+# tasks file for route53_wait integration tests
+
+- set_fact:
+ zone_one: '{{ resource_prefix | replace("-", "") }}.one.ansible.test.'
+- debug:
+ msg: Set zone {{ zone_one }}
+
+- name: Test basics (new zone, A and AAAA records)
+ module_defaults:
+ group/aws:
+ aws_access_key: '{{ aws_access_key }}'
+ aws_secret_key: '{{ aws_secret_key }}'
+ security_token: '{{ security_token | default(omit) }}'
+ region: '{{ aws_region }}'
+ amazon.aws.route53:
+ # Route53 is explicitly a global service
+ region:
+ block:
+ - name: create VPC
+ ec2_vpc_net:
+ cidr_block: 192.0.2.0/24
+ name: '{{ resource_prefix }}_vpc'
+ state: present
+ register: vpc
+
+ - name: Create a zone
+ route53_zone:
+ zone: '{{ zone_one }}'
+ comment: Created in Ansible test {{ resource_prefix }}
+ tags:
+ TestTag: '{{ resource_prefix }}.z1'
+ register: z1
+
+ - name: Create A record (check mode)
+ route53:
+ state: present
+ hosted_zone_id: '{{ z1.zone_id }}'
+ record: test.{{ zone_one }}
+ overwrite: true
+ type: A
+ value: 192.0.2.1
+ wait: false
+ register: result
+ check_mode: true
+ - assert:
+ that:
+ - result is not failed
+ - result is changed
+ - "'wait_id' in result"
+ - result.wait_id is none
+
+ - name: Wait for A record to propagate (should do nothing)
+ route53_wait:
+ result: '{{ result }}'
+
+ - name: Create A record
+ route53:
+ state: present
+ hosted_zone_id: '{{ z1.zone_id }}'
+ record: test.{{ zone_one }}
+ overwrite: true
+ type: A
+ value: 192.0.2.1
+ wait: false
+ register: result
+ - assert:
+ that:
+ - result is not failed
+ - result is changed
+ - "'wait_id' in result"
+ - result.wait_id is string
+
+ - name: Wait for A record to propagate
+ route53_wait:
+ result: '{{ result }}'
+
+ - name: Create A record (idempotent)
+ route53:
+ state: present
+ hosted_zone_id: '{{ z1.zone_id }}'
+ record: test.{{ zone_one }}
+ overwrite: true
+ type: A
+ value: 192.0.2.1
+ wait: false
+ register: result
+ - assert:
+ that:
+ - result is not failed
+ - result is not changed
+ - "'wait_id' not in result"
+
+ - name: Wait for A record to propagate (should do nothing)
+ route53_wait:
+ result: '{{ result }}'
+
+ - name: Create A records
+ route53:
+ state: present
+ hosted_zone_id: '{{ z1.zone_id }}'
+ record: '{{ item.record }}'
+ overwrite: true
+ type: A
+ value: '{{ item.value }}'
+ wait: false
+ loop:
+ - record: test-1.{{ zone_one }}
+ value: 192.0.2.1
+ - record: test-2.{{ zone_one }}
+ value: 192.0.2.2
+ - record: test-3.{{ zone_one }}
+ value: 192.0.2.3
+ register: results
+ - assert:
+ that:
+ - results is not failed
+ - results is changed
+ - results.results | length == 3
+ - results.results[0] is changed
+ - results.results[1] is changed
+ - results.results[2] is changed
+
+ - name: Wait for A records to propagate
+ route53_wait:
+ results: '{{ results }}'
+
+ - name: Create A records (idempotent)
+ route53:
+ state: present
+ hosted_zone_id: '{{ z1.zone_id }}'
+ record: '{{ item.record }}'
+ overwrite: true
+ type: A
+ value: '{{ item.value }}'
+ wait: false
+ loop:
+ - record: test-1.{{ zone_one }}
+ value: 192.0.2.1
+ - record: test-2.{{ zone_one }}
+ value: 192.0.2.2
+ - record: test-3.{{ zone_one }}
+ value: 192.0.2.3
+ register: results
+ - assert:
+ that:
+ - results is not failed
+ - results is not changed
+ - results.results | length == 3
+ - results.results[0] is not changed
+ - results.results[1] is not changed
+ - results.results[2] is not changed
+
+ - name: Wait for A records to propagate (should do nothing)
+ route53_wait:
+ results: '{{ results }}'
+
+ - name: Update some A records
+ route53:
+ state: present
+ hosted_zone_id: '{{ z1.zone_id }}'
+ record: '{{ item.record }}'
+ overwrite: true
+ type: A
+ value: '{{ item.value }}'
+ wait: false
+ loop:
+ - record: test-1.{{ zone_one }}
+ value: 192.0.2.1
+ - record: test-2.{{ zone_one }}
+ value: 192.0.2.4
+ - record: test-3.{{ zone_one }}
+ value: 192.0.2.3
+ register: results
+ - assert:
+ that:
+ - results is not failed
+ - results is changed
+ - results.results | length == 3
+ - results.results[0] is not changed
+ - results.results[1] is changed
+ - results.results[2] is not changed
+
+ - name: Wait for A records to propagate
+ route53_wait:
+ results: '{{ results }}'
+
+#Cleanup------------------------------------------------------
+
+ always:
+
+ - route53_info:
+ query: record_sets
+ hosted_zone_id: '{{ z1.zone_id }}'
+ register: z1_records
+
+ - name: Loop over A/AAAA/CNAME records and delete them
+ route53:
+ state: absent
+ zone: '{{ zone_one }}'
+ record: '{{ item.Name }}'
+ type: '{{ item.Type }}'
+ value: '{{ item.ResourceRecords | map(attribute="Value") | join(",") }}'
+ weight: '{{ item.Weight | default(omit) }}'
+ identifier: '{{ item.SetIdentifier }}'
+ region: '{{ omit }}'
+ ignore_errors: true
+ loop: '{{ z1_records.ResourceRecordSets | selectattr("Type", "in", ["A", "AAAA",
+ "CNAME", "CAA"]) | list }}'
+ when:
+ - '"ResourceRecords" in item'
+ - '"SetIdentifier" in item'
+
+ - name: Loop over A/AAAA/CNAME records and delete them
+ route53:
+ state: absent
+ zone: '{{ zone_one }}'
+ record: '{{ item.Name }}'
+ type: '{{ item.Type }}'
+ value: '{{ item.ResourceRecords | map(attribute="Value") | join(",") }}'
+ ignore_errors: true
+ loop: '{{ z1_records.ResourceRecordSets | selectattr("Type", "in", ["A", "AAAA",
+ "CNAME", "CAA"]) | list }}'
+ when:
+ - '"ResourceRecords" in item'
+
+ - name: Delete test zone one {{ zone_one }}
+ route53_zone:
+ state: absent
+ zone: '{{ zone_one }}'
+ register: delete_one
+ ignore_errors: true
+ retries: 10
+ until: delete_one is not failed
+
+ - name: destroy VPC
+ ec2_vpc_net:
+ cidr_block: 192.0.2.0/24
+ name: '{{ resource_prefix }}_vpc'
+ state: absent
+ register: remove_vpc
+ retries: 10
+ delay: 5
+ until: remove_vpc is success
+ ignore_errors: true
diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/defaults/main.yml
deleted file mode 100644
index 464c0a299..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/defaults/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-name_pattern: "testbucket-ansible-integration"
-testing_buckets:
- - "{{ tiny_prefix }}-{{ name_pattern }}-1"
- - "{{ tiny_prefix }}-{{ name_pattern }}-2"
diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/meta/main.yml
deleted file mode 100644
index 32cf5dda7..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/meta/main.yml
+++ /dev/null
@@ -1 +0,0 @@
-dependencies: []
diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/tasks/basic.yml b/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/tasks/basic.yml
deleted file mode 100644
index bf09665af..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/tasks/basic.yml
+++ /dev/null
@@ -1,72 +0,0 @@
----
-- name: Get simple S3 bucket list
- aws_s3_bucket_info:
- register: bucket_list
-
-- name: Assert result.changed == False and bucket list was retrieved
- assert:
- that:
- - bucket_list.changed == False
- - bucket_list.buckets
-
-- name: Get complex S3 bucket list
- aws_s3_bucket_info:
- name_filter: "{{ name_pattern }}"
- bucket_facts:
- bucket_accelerate_configuration: true
- bucket_acl: true
- bucket_cors: true
- bucket_encryption: true
- bucket_lifecycle_configuration: true
- bucket_location: true
- bucket_logging: true
- bucket_notification_configuration: true
- bucket_policy: true
- bucket_policy_status: true
- bucket_replication: true
- bucket_request_payment: true
- bucket_tagging: true
- bucket_website: true
- public_access_block: true
- transform_location: true
- register: bucket_list
-
-- name: Assert that buckets list contains requested bucket facts
- assert:
- that:
- - item.name is search(name_pattern)
- - item.bucket_accelerate_configuration is defined
- - item.bucket_acl is defined
- - item.bucket_cors is defined
- - item.bucket_encryption is defined
- - item.bucket_lifecycle_configuration is defined
- - item.bucket_location is defined
- - item.bucket_logging is defined
- - item.bucket_notification_configuration is defined
- - item.bucket_policy is defined
- - item.bucket_policy_status is defined
- - item.bucket_replication is defined
- - item.bucket_request_payment is defined
- - item.bucket_tagging is defined
- - item.bucket_website is defined
- - item.public_access_block is defined
- loop: "{{ bucket_list.buckets }}"
- loop_control:
- label: "{{ item.name }}"
-
-- name: Assert that retrieved bucket facts contains valid data
- assert:
- that:
- - item.bucket_acl.Owner is defined
- - item.bucket_tagging.snake_case is defined
- - item.bucket_tagging.CamelCase is defined
- - item.bucket_tagging["lowercase spaced"] is defined
- - item.bucket_tagging["Title Case"] is defined
- - item.bucket_tagging.snake_case == 'simple_snake_case'
- - item.bucket_tagging.CamelCase == 'SimpleCamelCase'
- - item.bucket_tagging["lowercase spaced"] == 'hello cruel world'
- - item.bucket_tagging["Title Case"] == 'Hello Cruel World'
- - item.bucket_location.LocationConstraint == aws_region
- loop: "{{ bucket_list.buckets }}"
- loop_control:
- label: "{{ item.name }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/tasks/bucket_ownership_controls.yml b/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/tasks/bucket_ownership_controls.yml
deleted file mode 100644
index 3acd99cf6..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/tasks/bucket_ownership_controls.yml
+++ /dev/null
@@ -1,81 +0,0 @@
----
-- name: Get S3 bucket ownership controls
- aws_s3_bucket_info:
- name_filter: "{{ name_pattern }}"
- bucket_facts:
- bucket_ownership_controls: true
- transform_location: true
- register: bucket_list
-
-- name: Assert that buckets list contains requested bucket facts
- assert:
- that:
- - item.name is search(name_pattern)
- - item.bucket_ownership_controls is defined
- loop: "{{ bucket_list.buckets }}"
- loop_control:
- label: "{{ item.name }}"
-
-- name: Get complex S3 bucket list (including ownership controls)
- aws_s3_bucket_info:
- name_filter: "{{ name_pattern }}"
- bucket_facts:
- bucket_accelerate_configuration: true
- bucket_acl: true
- bucket_cors: true
- bucket_encryption: true
- bucket_lifecycle_configuration: true
- bucket_location: true
- bucket_logging: true
- bucket_notification_configuration: true
- bucket_ownership_controls: true
- bucket_policy: true
- bucket_policy_status: true
- bucket_replication: true
- bucket_request_payment: true
- bucket_tagging: true
- bucket_website: true
- public_access_block: true
- transform_location: true
- register: bucket_list
-
-- name: Assert that buckets list contains requested bucket facts
- assert:
- that:
- - item.name is search(name_pattern)
- - item.bucket_accelerate_configuration is defined
- - item.bucket_acl is defined
- - item.bucket_cors is defined
- - item.bucket_encryption is defined
- - item.bucket_lifecycle_configuration is defined
- - item.bucket_location is defined
- - item.bucket_logging is defined
- - item.bucket_notification_configuration is defined
- - item.bucket_ownership_controls is defined
- - item.bucket_policy is defined
- - item.bucket_policy_status is defined
- - item.bucket_replication is defined
- - item.bucket_request_payment is defined
- - item.bucket_tagging is defined
- - item.bucket_website is defined
- - item.public_access_block is defined
- loop: "{{ bucket_list.buckets }}"
- loop_control:
- label: "{{ item.name }}"
-
-- name: Assert that retrieved bucket facts contains valid data
- assert:
- that:
- - item.bucket_acl.Owner is defined
- - item.bucket_tagging.snake_case is defined
- - item.bucket_tagging.CamelCase is defined
- - item.bucket_tagging["lowercase spaced"] is defined
- - item.bucket_tagging["Title Case"] is defined
- - item.bucket_tagging.snake_case == 'simple_snake_case'
- - item.bucket_tagging.CamelCase == 'SimpleCamelCase'
- - item.bucket_tagging["lowercase spaced"] == 'hello cruel world'
- - item.bucket_tagging["Title Case"] == 'Hello Cruel World'
- - item.bucket_location.LocationConstraint == aws_region
- loop: "{{ bucket_list.buckets }}"
- loop_control:
- label: "{{ item.name }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/tasks/main.yml
deleted file mode 100644
index 47d24cd0e..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_info/tasks/main.yml
+++ /dev/null
@@ -1,30 +0,0 @@
----
-- name: Test community.aws.aws_s3_bucket_info
- module_defaults:
- group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
- region: "{{ aws_region }}"
- block:
- - name: Create a simple s3_bucket
- s3_bucket:
- name: "{{ item }}"
- state: present
- tags:
- "lowercase spaced": "hello cruel world"
- "Title Case": "Hello Cruel World"
- CamelCase: "SimpleCamelCase"
- snake_case: "simple_snake_case"
- register: output
- loop: "{{ testing_buckets }}"
-
- - include_tasks: basic.yml
- - include_tasks: bucket_ownership_controls.yml
-
- always:
- - name: Delete simple s3_buckets
- s3_bucket:
- name: "{{ item }}"
- state: absent
- loop: "{{ testing_buckets }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_notification/files/mini_lambda.py b/ansible_collections/community/aws/tests/integration/targets/s3_bucket_notification/files/mini_lambda.py
index d0d08dae9..c2b19be1d 100644
--- a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_notification/files/mini_lambda.py
+++ b/ansible_collections/community/aws/tests/integration/targets/s3_bucket_notification/files/mini_lambda.py
@@ -1,13 +1,13 @@
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
-from __future__ import (absolute_import, division, print_function)
+from __future__ import absolute_import
+from __future__ import division
+from __future__ import print_function
+
__metaclass__ = type
import json
def lambda_handler(event, context):
- return {
- 'statusCode': 200,
- 'body': json.dumps('Hello from Lambda!')
- }
+ return {"statusCode": 200, "body": json.dumps("Hello from Lambda!")}
diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_notification/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/s3_bucket_notification/tasks/main.yml
index ea7201065..ce81efc8c 100644
--- a/ansible_collections/community/aws/tests/integration/targets/s3_bucket_notification/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/s3_bucket_notification/tasks/main.yml
@@ -4,9 +4,9 @@
- community.general
module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:
- include_tasks: test_sns_sqs_notifications.yml
diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/aliases b/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/aliases
index 4ef4b2067..1ba8d84ef 100644
--- a/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/aliases
+++ b/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/aliases
@@ -1 +1,2 @@
+time=17m
cloud/aws
diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/meta/main.yml
index c01990664..32cf5dda7 100644
--- a/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/meta/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/meta/main.yml
@@ -1,4 +1 @@
-dependencies:
- - role: setup_botocore_pip
- vars:
- botocore_version: "1.23.12"
+dependencies: []
diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/tasks/main.yml
index 7a15e4b66..d9f169561 100644
--- a/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/s3_lifecycle/tasks/main.yml
@@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
s3_lifecycle:
wait: true
@@ -465,8 +465,6 @@
noncurrent_version_keep_newer: 6
prefix: /something
register: output
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
- assert:
that:
@@ -479,8 +477,6 @@
noncurrent_version_keep_newer: 6
prefix: /something
register: output
- vars:
- ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
- assert:
that:
diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_logging/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/s3_logging/tasks/main.yml
index f6c9a1710..e9a7b220b 100644
--- a/ansible_collections/community/aws/tests/integration/targets/s3_logging/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/s3_logging/tasks/main.yml
@@ -11,9 +11,9 @@
#
- module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
collections:
- amazon.aws
diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_metrics_configuration/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/s3_metrics_configuration/tasks/main.yml
index ba5cce9e6..9e9f1133a 100644
--- a/ansible_collections/community/aws/tests/integration/targets/s3_metrics_configuration/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/s3_metrics_configuration/tasks/main.yml
@@ -6,10 +6,10 @@
#
- module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key | default(omit) }}'
- aws_secret_key: '{{ aws_secret_key | default(omit) }}'
- security_token: '{{ security_token | default(omit) }}'
- region: '{{ aws_region | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
+ region: '{{ aws_region }}'
collections:
- amazon.aws
block:
diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_metrics_configuration/tasks/s3_metrics_info.yml b/ansible_collections/community/aws/tests/integration/targets/s3_metrics_configuration/tasks/s3_metrics_info.yml
index cca7cad05..fdbc8cbfc 100644
--- a/ansible_collections/community/aws/tests/integration/targets/s3_metrics_configuration/tasks/s3_metrics_info.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/s3_metrics_configuration/tasks/s3_metrics_info.yml
@@ -6,10 +6,10 @@
aws s3api list-bucket-metrics-configurations
--bucket {{ test_bucket }}
environment:
- AWS_ACCESS_KEY_ID: "{{ aws_access_key | default(omit) }}"
- AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key | default(omit) }}"
+ AWS_ACCESS_KEY_ID: "{{ aws_access_key }}"
+ AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}"
AWS_SESSION_TOKEN: "{{ security_token | default(omit) }}"
- AWS_DEFAULT_REGION: "{{ aws_region | default(omit) }}"
+ AWS_DEFAULT_REGION: "{{ aws_region }}"
register: list_comand_result
- set_fact:
diff --git a/ansible_collections/community/aws/tests/integration/targets/s3_sync/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/s3_sync/tasks/main.yml
index 08496cd74..600490706 100644
--- a/ansible_collections/community/aws/tests/integration/targets/s3_sync/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/s3_sync/tasks/main.yml
@@ -5,9 +5,9 @@
- community.general
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
# ============================================================
@@ -23,7 +23,7 @@
- assert:
that:
- output.changed
- - output.name == "{{ test_bucket }}"
+ - output.name == test_bucket
- not output.requester_pays
# ============================================================
- name: Prepare fixtures folder
@@ -67,7 +67,7 @@
- assert:
that:
- output.changed
- - output.name == "{{ test_bucket_2 }}"
+ - output.name == test_bucket_2
- not output.requester_pays
- name: Sync files with remote bucket using glacier storage class
@@ -113,7 +113,7 @@
- assert:
that:
- output.changed
- - output.name == "{{ test_bucket_3 }}"
+ - output.name == test_bucket_3
- not output.requester_pays
- name: Sync individual file with remote bucket
@@ -158,14 +158,14 @@
- name: Empty all buckets before deleting
block:
- name: list test_bucket objects
- aws_s3:
+ s3_object:
bucket: "{{ test_bucket }}"
mode: list
register: objects
ignore_errors: true
- name: remove objects from test_bucket
- aws_s3:
+ s3_object:
bucket: "{{ test_bucket }}"
mode: delobj
object: "{{ obj }}"
@@ -175,14 +175,14 @@
ignore_errors: true
- name: list test_bucket_2 objects
- aws_s3:
+ s3_object:
bucket: "{{ test_bucket_2 }}"
mode: list
register: objects
ignore_errors: true
- name: remove objects from test_bucket_2
- aws_s3:
+ s3_object:
bucket: "{{ test_bucket_2 }}"
mode: delobj
object: "{{ obj }}"
@@ -192,14 +192,14 @@
ignore_errors: true
- name: list test_bucket_3 objects
- aws_s3:
+ s3_object:
bucket: "{{ test_bucket_3 }}"
mode: list
register: objects
ignore_errors: true
- name: remove objects from test_bucket_3
- aws_s3:
+ s3_object:
bucket: "{{ test_bucket_3 }}"
mode: delobj
object: "{{ obj }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/aliases b/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/aliases
index 4ef4b2067..e5729917b 100644
--- a/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/aliases
+++ b/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/aliases
@@ -1 +1,2 @@
+time=37m
cloud/aws
diff --git a/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/basic.yml b/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/basic.yml
index 5d1fb071e..ea285ee05 100644
--- a/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/basic.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/basic.yml
@@ -23,9 +23,9 @@
# As a lookup plugin we won't have access to module_defaults
connection_args:
region: "{{ aws_region }}"
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- aws_security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
no_log: True
- vars:
@@ -73,7 +73,7 @@
# Creation testing
# ============================================================
- name: add secret to AWS Secrets Manager
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
state: present
secret_type: 'string'
@@ -100,7 +100,7 @@
secret_arn: '{{ result.secret.arn }}'
- name: no changes to secret
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
state: present
secret_type: 'string'
@@ -122,7 +122,7 @@
- result.secret.version_ids_to_stages | length == 1
- name: Set secret description
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -151,7 +151,7 @@
###############################################################
- name: Set tags (CHECK_MODE)
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -167,7 +167,7 @@
- result is changed
- name: Set tags
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -197,7 +197,7 @@
- result.secret.version_ids_to_stages | length == 2
- name: Set tags - idempotency (CHECK_MODE)
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -213,7 +213,7 @@
- result is not changed
- name: Set tags - idempotency
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -245,7 +245,7 @@
###
- name: Update tags with purge (CHECK_MODE)
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -261,7 +261,7 @@
- result is changed
- name: Update tags with purge
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -291,7 +291,7 @@
- result.secret.version_ids_to_stages | length == 2
- name: Update tags with purge - idempotency (CHECK_MODE)
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -307,7 +307,7 @@
- result is not changed
- name: Update tags with purge - idempotency
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -339,7 +339,7 @@
###
- name: Update tags without purge (CHECK_MODE)
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -356,7 +356,7 @@
- result is changed
- name: Update tags without purge
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -387,7 +387,7 @@
- result.secret.version_ids_to_stages | length == 2
- name: Update tags without purge - idempotency (CHECK_MODE)
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -404,7 +404,7 @@
- result is not changed
- name: Update tags without purge - idempotency
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -437,7 +437,7 @@
###
- name: Tags not set - idempotency (CHECK_MODE)
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -452,7 +452,7 @@
- result is not changed
- name: Tags not set - idempotency
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -483,7 +483,7 @@
###
- name: remove all tags from secret (CHECK_MODE)
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -499,7 +499,7 @@
- result is changed
- name: remove all tags from secret
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -529,7 +529,7 @@
- result.secret.version_ids_to_stages | length == 2
- name: remove all tags from secret - idempotency (CHECK_MODE)
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -545,7 +545,7 @@
- result is not changed
- name: remove all tags from secret
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -579,7 +579,7 @@
###############################################################
- name: add resource policy to secret
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -594,7 +594,7 @@
- result.changed
- name: remove existing resource policy from secret
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -608,7 +608,7 @@
- result.changed
- name: remove resource policy from secret (idempotency)
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -626,7 +626,7 @@
# ============================================================
- name: Update secret with JSON (CHECK_MODE)
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -642,7 +642,7 @@
- result.changed
- name: Update secret with JSON
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
state: present
description: 'this is a change to this secret'
@@ -657,7 +657,7 @@
- result.changed
- name: Update secret with JSON - idempotency (CHECK_MODE)
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -673,7 +673,7 @@
- result is not changed
- name: Update secret with JSON - idempotency
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to this secret'
state: present
@@ -693,7 +693,7 @@
# ============================================================
- name: Create secret with overwrite = False (Check mode)
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}-2"
state: present
secret_type: 'string'
@@ -708,7 +708,7 @@
- result is changed
- name: Create secret with overwrite = False
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}-2"
state: present
secret_type: 'string'
@@ -722,7 +722,7 @@
- result is changed
- name: Update secret with overwrite = False (Check mode)
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}-2"
state: present
secret_type: 'string'
@@ -737,7 +737,7 @@
- result is not changed
- name: Create secret with overwrite = False
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}-2"
state: present
secret_type: 'string'
@@ -755,7 +755,7 @@
# ============================================================
- name: remove secret
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
state: absent
recovery_window: 7
@@ -767,7 +767,7 @@
- result.changed
- name: remove secret (idempotency)
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
state: absent
recovery_window: 7
@@ -779,7 +779,7 @@
- not result.changed
- name: immediate secret removal
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
state: absent
recovery_window: 0
@@ -793,7 +793,7 @@
# AWS Doesn't expose when the secret will be removed, all we can do is
# check that we didn't throw an error
- name: immediate secret removal
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
state: absent
recovery_window: 0
@@ -806,14 +806,14 @@
always:
- name: remove secret
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
state: absent
recovery_window: 0
ignore_errors: yes
- name: remove secret 2
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}-2"
state: absent
recovery_window: 0
diff --git a/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/main.yaml b/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/main.yaml
index 41fbedd9d..9011071f8 100644
--- a/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/main.yaml
+++ b/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/main.yaml
@@ -1,9 +1,9 @@
---
- module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
collections:
- amazon.aws
diff --git a/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/replication.yml b/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/replication.yml
index 30d3a9484..30f178c06 100644
--- a/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/replication.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/replication.yml
@@ -4,7 +4,7 @@
# Creation/Deletion testing
# ============================================================
- name: add secret to AWS Secrets Manager
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
state: present
secret_type: 'string'
@@ -28,7 +28,7 @@
- result.version_ids_to_stages is not none
- name: no changes to secret
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
state: present
secret: "{{ super_secret_string }}"
@@ -45,7 +45,7 @@
- result.arn is not none
- name: remove region replica
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to remove replication'
secret: "{{ super_secret_string }}"
@@ -60,7 +60,7 @@
- '"replication_status" not in result.secret'
- name: add region replica to an existing secret
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change add replication'
secret: "{{ super_secret_string }}"
@@ -80,7 +80,7 @@
- result.secret.replication_status[1]["kms_key_id"] == 'alias/aws/secretsmanager'
- name: change replica regions
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
state: present
secret: "{{ super_secret_string }}"
@@ -100,7 +100,7 @@
always:
- name: remove region replica
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
description: 'this is a change to remove replication'
state: present
@@ -109,7 +109,7 @@
ignore_errors: yes
- name: remove secret
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}"
state: absent
recovery_window: 0
diff --git a/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/rotation.yml b/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/rotation.yml
index 5a1d146e5..697c5ecc2 100644
--- a/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/rotation.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/secretsmanager_secret/tasks/rotation.yml
@@ -1,9 +1,9 @@
---
- module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
collections:
- amazon.aws
@@ -70,7 +70,7 @@
# Creation/Deletion testing
# ============================================================
- name: add secret to AWS Secrets Manager
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}-rotate"
state: present
secret_type: 'string'
@@ -95,7 +95,7 @@
principal: "secretsmanager.amazonaws.com"
- name: add rotation lambda to secret
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}-rotate"
description: 'this is a change to this secret'
state: present
@@ -113,7 +113,7 @@
- result.changed
- name: remove rotation lambda from secret
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}-rotate"
description: 'this is a change to this secret'
state: present
@@ -127,7 +127,7 @@
- result.changed
- name: remove rotation lambda from secret
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}-rotate"
description: 'this is a change to this secret'
state: present
@@ -141,7 +141,7 @@
- not result.changed
- name: remove secret
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}-rotate"
state: absent
recovery_window: 0
@@ -149,7 +149,7 @@
always:
- name: remove secret
- aws_secret:
+ secretsmanager_secret:
name: "{{ secret_name }}-rotate"
state: absent
recovery_window: 0
diff --git a/ansible_collections/community/aws/tests/integration/targets/ses_identity/tasks/assert_defaults.yaml b/ansible_collections/community/aws/tests/integration/targets/ses_identity/tasks/assert_defaults.yaml
index 0f74d2f05..266822633 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ses_identity/tasks/assert_defaults.yaml
+++ b/ansible_collections/community/aws/tests/integration/targets/ses_identity/tasks/assert_defaults.yaml
@@ -5,8 +5,8 @@
- name: assert returned identity_arn
assert:
that:
- - "result.identity_arn|regex_search('^arn:aws:ses:' + ec2_region + ':[0-9]*:identity/' + identity + '$')"
- msg: "'{{ result.identity_arn}}' doesn't match regex '^arn:aws:ses:{{ ec2_region }}:[0-9]*:identity/{{ identity }}'"
+ - "result.identity_arn|regex_search('^arn:aws:ses:' + aws_region + ':[0-9]*:identity/' + identity + '$')"
+ msg: "'{{ result.identity_arn}}' doesn't match regex '^arn:aws:ses:{{ aws_region }}:[0-9]*:identity/{{ identity }}'"
- name: assert verification_attributes.verification_status == 'Pending'
assert:
that:
diff --git a/ansible_collections/community/aws/tests/integration/targets/ses_identity/tasks/main.yaml b/ansible_collections/community/aws/tests/integration/targets/ses_identity/tasks/main.yaml
index 81ab3c4a7..3ecb68c38 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ses_identity/tasks/main.yaml
+++ b/ansible_collections/community/aws/tests/integration/targets/ses_identity/tasks/main.yaml
@@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
@@ -14,7 +14,7 @@
- name: test register email identity
block:
- name: register email identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: present
register: result
@@ -27,14 +27,14 @@
identity: "{{ email_identity }}"
always:
- name: cleanup email identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: absent
# ============================================================
- name: test register domain identity
block:
- name: register domain identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: present
register: result
@@ -51,18 +51,18 @@
- result.verification_attributes.verification_token
always:
- name: cleanup domain identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: absent
# ============================================================
- name: test email_identity unchanged when already existing
block:
- name: register identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: present
- name: duplicate register identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: present
register: result
@@ -75,18 +75,18 @@
identity: "{{ email_identity }}"
always:
- name: cleanup identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: absent
# ============================================================
- name: test domain_identity unchanged when already existing
block:
- name: register identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: present
- name: duplicate register identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: present
register: result
@@ -99,7 +99,7 @@
identity: "{{ domain_identity }}"
always:
- name: cleanup identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: absent
# ============================================================
@@ -110,7 +110,7 @@
- name: test register identity without explicit region
block:
- name: register email identity without explicit region
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: present
region: "{{ omit }}"
@@ -126,35 +126,35 @@
identity: "{{ email_identity }}"
always:
- name: cleanup email identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: absent
# ============================================================
- name: test register email identity check mode
block:
- name: register email identity check mode
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: present
register: result
check_mode: True
-
+
- name: assert changed is True
assert:
that:
- result.changed == True
-
+
- import_tasks: assert_defaults.yaml
vars:
identity: "{{ email_identity }}"
-
+
always:
- name: cleanup email identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: absent
register: result
-
+
- name: assert nothing to clean up since check mode
assert:
that:
@@ -163,35 +163,35 @@
- name: test register domain identity check mode
block:
- name: register domain identity check mode
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: present
register: result
check_mode: True
-
+
- name: assert changed is True
assert:
that:
- result.changed == True
-
+
- import_tasks: assert_defaults.yaml
vars:
identity: "{{ domain_identity }}"
-
+
always:
- name: cleanup domain identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: absent
register: result
-
+
- name: assert nothing to clean up since check mode
assert:
that:
- result.changed == False
# ============================================================
- name: remove non-existent email identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: absent
register: result
@@ -201,7 +201,7 @@
- result.changed == False
# ============================================================
- name: remove non-existent domain identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: absent
register: result
@@ -213,29 +213,29 @@
- name: test remove email identity check mode
block:
- name: register email identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: present
register: result
-
+
- name: remove email identity check mode
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: absent
register: result
check_mode: True
-
+
- name: assert changed is True
assert:
that:
- result.changed == True
always:
- name: cleanup email identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: absent
register: result
-
+
- name: assert something to clean up since remove was check mode
assert:
that:
@@ -244,29 +244,29 @@
- name: test remove domain identity check mode
block:
- name: register domain identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: present
register: result
-
+
- name: remove domain identity check mode
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: absent
register: result
check_mode: True
-
+
- name: assert changed is True
assert:
that:
- result.changed == True
always:
- name: cleanup domain identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: absent
register: result
-
+
- name: assert something to clean up since remove was check mode
assert:
that:
@@ -284,7 +284,7 @@
- complaint
- delivery
- name: register email identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: present
bounce_notifications:
@@ -316,7 +316,7 @@
- complaint
- delivery
- name: cleanup email identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: absent
# ============================================================
@@ -332,11 +332,11 @@
- complaint
- delivery
- name: register email identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: present
- name: set notification topics
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: present
bounce_notifications:
@@ -366,7 +366,67 @@
- complaint
- delivery
- name: cleanup email identity
- aws_ses_identity:
+ ses_identity:
+ identity: "{{ email_identity }}"
+ state: absent
+ # ============================================================
+ - name: test clear notification configuration
+ block:
+ - name: test topic
+ sns_topic:
+ name: "{{ notification_queue_name }}-{{ item }}"
+ state: present
+ register: topic_info
+ with_items:
+ - bounce
+ - complaint
+ - delivery
+ - name: register email identity
+ ses_identity:
+ identity: "{{ email_identity }}"
+ state: present
+ bounce_notifications:
+ topic: "{{ topic_info.results[0].sns_arn }}"
+ complaint_notifications:
+ topic: "{{ topic_info.results[1].sns_arn }}"
+ delivery_notifications:
+ topic: "{{ topic_info.results[2].sns_arn }}"
+ - name: Make no change to identity
+ ses_identity:
+ identity: "{{ email_identity }}"
+ state: present
+ register: result
+ - name: assert no change
+ assert:
+ that:
+ - result.changed == False
+
+ - name: clear notification settings
+ ses_identity:
+ identity: "{{ email_identity }}"
+ state: present
+ bounce_notifications: {}
+ complaint_notifications: {}
+ delivery_notifications: {}
+ register: result
+ - name: assert notification settings
+ assert:
+ that:
+ - result.changed == True
+ - "'bounce_topic' not in result.notification_attributes"
+ - "'delivery_topic' not in result.notification_attributes"
+ - "'complaint_topic' not in result.notification_attributes"
+ always:
+ - name: cleanup topics
+ sns_topic:
+ name: "{{ notification_queue_name }}-{{ item }}"
+ state: absent
+ with_items:
+ - bounce
+ - complaint
+ - delivery
+ - name: cleanup email identity
+ ses_identity:
identity: "{{ email_identity }}"
state: absent
# ============================================================
@@ -381,14 +441,14 @@
- bounce
- complaint
- delivery
-
+
- name: register email identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: present
-
+
- name: set notification settings check mode
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: present
bounce_notifications:
@@ -403,12 +463,12 @@
feedback_forwarding: No
register: result
check_mode: True
-
+
- name: assert changed is True
assert:
that:
- result.changed == True
-
+
- name: assert notification settings
assert:
that:
@@ -419,13 +479,13 @@
- result.notification_attributes.complaint_topic == topic_info.results[1].sns_arn
- result.notification_attributes.headers_in_complaint_notifications_enabled == True
- result.notification_attributes.forwarding_enabled == False
-
+
- name: re-register base email identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: present
register: result
-
+
- name: assert no change since notifications were check mode
assert:
that:
@@ -437,7 +497,6 @@
- "'complaint_topic' not in result.notification_attributes"
- result.notification_attributes.headers_in_complaint_notifications_enabled == False
- result.notification_attributes.forwarding_enabled == True
-
always:
- name: cleanup topics
sns_topic:
@@ -447,16 +506,16 @@
- bounce
- complaint
- delivery
-
+
- name: cleanup email identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: absent
# ============================================================
- name: test include headers on notification queues
block:
- name: register email identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: present
bounce_notifications:
@@ -474,7 +533,7 @@
- result.notification_attributes.headers_in_delivery_notifications_enabled == True
always:
- name: cleanup email identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: absent
# ============================================================
@@ -489,7 +548,7 @@
- bounce
- complaint
- name: register email identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: present
bounce_notifications:
@@ -511,14 +570,14 @@
- bounce
- complaint
- name: cleanup email identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: absent
# ============================================================
- name: test disable feedback forwarding fails if no topics
block:
- name: register identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: present
feedback_forwarding: No
@@ -530,7 +589,7 @@
- '"Invalid Parameter Value" in result.msg'
always:
- name: cleanup identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: absent
# ============================================================
@@ -542,7 +601,7 @@
state: present
register: topic_info
- name: register email identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: present
bounce_notifications:
@@ -560,7 +619,7 @@
name: "{{ notification_queue_name }}-bounce"
state: absent
- name: cleanup identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: absent
# ============================================================
@@ -572,7 +631,7 @@
state: present
register: topic_info
- name: register email identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: present
complaint_notifications:
@@ -590,6 +649,6 @@
name: "{{ notification_queue_name }}-complaint"
state: absent
- name: cleanup identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ email_identity }}"
state: absent
diff --git a/ansible_collections/community/aws/tests/integration/targets/ses_identity_policy/tasks/main.yaml b/ansible_collections/community/aws/tests/integration/targets/ses_identity_policy/tasks/main.yaml
index 5aa3d867b..8fe290b56 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ses_identity_policy/tasks/main.yaml
+++ b/ansible_collections/community/aws/tests/integration/targets/ses_identity_policy/tasks/main.yaml
@@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
@@ -14,13 +14,13 @@
- name: test add identity policy
block:
- name: register identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: present
register: identity_info
- name: register identity policy
- aws_ses_identity_policy:
+ ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
policy: "{{ lookup('template', 'policy.json.j2') }}"
@@ -40,27 +40,27 @@
always:
- name: clean-up identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: absent
# ============================================================
- name: test add duplicate identity policy
block:
- name: register identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: present
register: identity_info
- name: register identity policy
- aws_ses_identity_policy:
+ ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
policy: "{{ lookup('template', 'policy.json.j2') }}"
state: present
- name: register duplicate identity policy
- aws_ses_identity_policy:
+ ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
policy: "{{ lookup('template', 'policy.json.j2') }}"
@@ -80,20 +80,20 @@
always:
- name: clean-up identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: absent
# ============================================================
- name: test add identity policy by identity arn
block:
- name: register identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: present
register: identity_info
- name: register identity policy
- aws_ses_identity_policy:
+ ses_identity_policy:
identity: "{{ identity_info.identity_arn }}"
policy_name: "{{ policy_name }}"
policy: "{{ lookup('template', 'policy.json.j2') }}"
@@ -113,20 +113,20 @@
always:
- name: clean-up identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: absent
# ============================================================
- name: test add multiple identity policies
block:
- name: register identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: present
register: identity_info
- name: register identity policy
- aws_ses_identity_policy:
+ ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}-{{ item }}"
policy: "{{ lookup('template', 'policy.json.j2') }}"
@@ -145,20 +145,20 @@
always:
- name: clean-up identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: absent
# ============================================================
- name: test add inline identity policy
block:
- name: register identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: present
register: identity_info
- name: register identity policy
- aws_ses_identity_policy:
+ ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
policy:
@@ -185,7 +185,7 @@
- result.policies|select('equalto', policy_name)|list|length == 1
- name: register duplicate identity policy
- aws_ses_identity_policy:
+ ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
policy:
@@ -207,27 +207,27 @@
always:
- name: clean-up identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: absent
# ============================================================
- name: test remove identity policy
block:
- name: register identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: present
register: identity_info
- name: register identity policy
- aws_ses_identity_policy:
+ ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
policy: "{{ lookup('template', 'policy.json.j2') }}"
state: present
- name: delete identity policy
- aws_ses_identity_policy:
+ ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
state: absent
@@ -245,20 +245,20 @@
always:
- name: clean-up identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: absent
# ============================================================
- name: test remove missing identity policy
block:
- name: register identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: present
register: identity_info
- name: delete identity policy
- aws_ses_identity_policy:
+ ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
state: absent
@@ -276,20 +276,20 @@
always:
- name: clean-up identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: absent
# ============================================================
- name: test add identity policy with invalid policy
block:
- name: register identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: present
register: identity_info
- name: register identity policy
- aws_ses_identity_policy:
+ ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
policy: '{"noSuchAttribute": 2}'
@@ -304,6 +304,6 @@
always:
- name: clean-up identity
- aws_ses_identity:
+ ses_identity:
identity: "{{ domain_identity }}"
state: absent
diff --git a/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/active-rule-set-tests.yaml b/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/active-rule-set-tests.yaml
index ea79dbbcc..d83cd2f85 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/active-rule-set-tests.yaml
+++ b/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/active-rule-set-tests.yaml
@@ -10,10 +10,10 @@
- name: mark rule set active
block:
- name: create rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
- name: mark rule set active
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
active: True
register: result
@@ -23,7 +23,7 @@
- result.changed == True
- result.active == True
- name: remark rule set active
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
active: True
register: result
@@ -33,7 +33,7 @@
- result.changed == False
always:
- name: cleanup rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
state: absent
force: True
@@ -42,7 +42,7 @@
- name: create rule set active
block:
- name: create rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
active: True
register: result
@@ -53,7 +53,7 @@
- result.active == True
- "default_rule_set in result.rule_sets|map(attribute='name')"
- name: remark rule set active
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
active: True
register: result
@@ -63,7 +63,7 @@
- result.changed == False
always:
- name: cleanup rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
state: absent
force: True
@@ -72,11 +72,11 @@
- name: mark rule set inactive
block:
- name: create active rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
active: True
- name: mark rule set inactive
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
active: False
register: result
@@ -86,7 +86,7 @@
- result.changed == True
- result.active == False
- name: remark rule set inactive
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
active: False
register: result
@@ -96,7 +96,7 @@
- result.changed == False
always:
- name: cleanup rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
state: absent
force: True
@@ -105,11 +105,11 @@
- name: Absent active flag does not change active status
block:
- name: create active rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
active: True
- name: recreate rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
register: result
- name: assert not changed and still active
@@ -119,7 +119,7 @@
- result.active == True
always:
- name: cleanup rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
state: absent
force: True
@@ -128,11 +128,11 @@
- name: Cannot Remove Active Rule Set
block:
- name: create active rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
active: True
- name: remove rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
state: absent
register: result
@@ -143,7 +143,7 @@
- "result.error.code == 'CannotDelete'"
always:
- name: cleanup rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
state: absent
force: True
@@ -152,11 +152,11 @@
- name: Remove Active Rule Set with Force
block:
- name: create active rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
active: True
- name: force remove rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
state: absent
force: True
@@ -168,7 +168,7 @@
- "default_rule_set not in result.rule_sets|map(attribute='name')"
always:
- name: cleanup rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
state: absent
force: True
@@ -177,15 +177,15 @@
- name: Force Remove of Inactive Rule Set does Not Affect Active Rule Set
block:
- name: create active rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
active: True
- name: create inactive rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ second_rule_set }}"
active: False
- name: force remove inactiave rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ second_rule_set }}"
state: absent
force: True
@@ -196,7 +196,7 @@
- result.changed == True
- "second_rule_set not in result.rule_sets|map(attribute='name')"
- name: remark active rule set active
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
active: True
register: result
@@ -206,7 +206,7 @@
- result.changed == False
always:
- name: cleanup rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ item }}"
state: absent
force: True
@@ -218,11 +218,11 @@
- name: mark rule set inactive in check mode
block:
- name: create rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
active: True
- name: mark rule set inactive in check mode
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
active: False
register: result
@@ -233,7 +233,7 @@
- result.changed == True
- result.active == False
- name: remark rule set inactive
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
active: False
register: result
@@ -243,7 +243,7 @@
- result.changed == True
always:
- name: cleanup rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
state: absent
force: True
@@ -252,11 +252,11 @@
- name: Cannot Remove Active Rule Set in check mode
block:
- name: create active rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
active: True
- name: remove rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
state: absent
register: result
@@ -268,7 +268,7 @@
- "result.error.code == 'CannotDelete'"
always:
- name: cleanup rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
state: absent
force: True
@@ -277,11 +277,11 @@
- name: Remove Active Rule Set with Force in check mode
block:
- name: create active rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
active: True
- name: force remove rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
state: absent
force: True
@@ -294,7 +294,7 @@
- "default_rule_set not in result.rule_sets|map(attribute='name')"
always:
- name: cleanup rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
state: absent
force: True
diff --git a/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/cleanup-lock.yaml b/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/cleanup-lock.yaml
index 155bf472e..941e0148a 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/cleanup-lock.yaml
+++ b/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/cleanup-lock.yaml
@@ -9,7 +9,7 @@
- cloudwatchlogs_log_group:
log_group_name: "{{ lock_attempt_log_group_name }}"
state: absent
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/inactive-rule-set-tests.yaml b/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/inactive-rule-set-tests.yaml
index 845168c23..92321b3eb 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/inactive-rule-set-tests.yaml
+++ b/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/inactive-rule-set-tests.yaml
@@ -14,7 +14,7 @@
- name: test create rule sets
block:
- name: create rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
register: result
- name: assert changed to exists inactive
@@ -24,7 +24,7 @@
- result.active == False
- "default_rule_set in result.rule_sets|map(attribute='name')"
- name: recreate rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
register: result
- name: assert changed is False
@@ -33,7 +33,7 @@
- result.changed == False
always:
- name: cleanup rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
state: absent
force: True
@@ -41,7 +41,7 @@
- name: Remove No Such Rules Set
block:
- name: remove ruleset
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
state: absent
register: result
@@ -54,10 +54,10 @@
- name: Remove Inactive Rule Set
block:
- name: create rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
- name: remove rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
state: absent
register: result
@@ -68,7 +68,7 @@
- "default_rule_set not in result.rule_sets|map(attribute='name')"
always:
- name: cleanup rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
state: absent
force: True
@@ -76,7 +76,7 @@
- name: test create in check mode
block:
- name: create rule set in check mode
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
register: result
check_mode: True
@@ -88,7 +88,7 @@
- "default_rule_set in result.rule_sets|map(attribute='name')"
always:
- name: cleanup rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
state: absent
force: True
@@ -101,10 +101,10 @@
- name: mark rule set active in check mode
block:
- name: create rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
- name: mark rule set active in check mode
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
active: True
register: result
@@ -118,7 +118,7 @@
# it active again as that way this test can be run in
# parallel
- name: Ensure rule set is inactive
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
active: False
register: result
@@ -128,7 +128,7 @@
- result.changed == False
always:
- name: cleanup rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
state: absent
force: True
@@ -136,10 +136,10 @@
- name: Remove Inactive Rule Set in check mode
block:
- name: create rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
- name: remove rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
state: absent
register: result
@@ -151,7 +151,7 @@
- "default_rule_set not in result.rule_sets|map(attribute='name')"
always:
- name: cleanup rule set
- aws_ses_rule_set:
+ ses_rule_set:
name: "{{ default_rule_set }}"
state: absent
force: True
diff --git a/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/main.yaml b/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/main.yaml
index 4902b5c60..99938b774 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/main.yaml
+++ b/ansible_collections/community/aws/tests/integration/targets/ses_rule_set/tasks/main.yaml
@@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
diff --git a/ansible_collections/community/aws/tests/integration/targets/setup_botocore_pip/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/setup_botocore_pip/defaults/main.yml
index 16ad00270..9745064c9 100644
--- a/ansible_collections/community/aws/tests/integration/targets/setup_botocore_pip/defaults/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/setup_botocore_pip/defaults/main.yml
@@ -1,2 +1,2 @@
-default_botocore_version: '1.21.0'
-default_boto3_version: '1.18.0'
+default_botocore_version: "{{ lookup('amazon.aws.aws_collection_constants', 'MINIMUM_BOTOCORE_VERSION') }}"
+default_boto3_version: "{{ lookup('amazon.aws.aws_collection_constants', 'MINIMUM_BOTO3_VERSION') }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/defaults/main.yml
index ec7cf0ec6..f7ac20eee 100644
--- a/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/defaults/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/defaults/main.yml
@@ -4,7 +4,15 @@ instance_type: t3.micro
ami_details:
fedora:
owner: 125523088429
- name: Fedora-Cloud-Base-34-1.2.x86_64*
+ name: 'Fedora-Cloud-Base-41-1.2.x86_64*'
+ user_data: |
+ #!/bin/sh
+ sudo dnf install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
+ sudo systemctl start amazon-ssm-agent
+ os_type: linux
+ centos:
+ owner: 125523088429
+ name: 'CentOS Stream 9 x86_64*'
user_data: |
#!/bin/sh
sudo dnf install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
@@ -25,6 +33,8 @@ ami_details:
# name: ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server*
user_data: |
#!/bin/sh
+ apt-get update
+ apt-get --yes install acl
# Pre-Installed just needs started
sudo systemctl start amazon-ssm-agent
os_type: linux
diff --git a/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/cleanup.yml b/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/cleanup.yml
index 6171e5eb6..fce828a3c 100644
--- a/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/cleanup.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/cleanup.yml
@@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
@@ -68,11 +68,12 @@
iam_role:
name: "{{ iam_role_name }}"
state: absent
+ delete_instance_profile: True
ignore_errors: yes
when: iam_role_vars_file.stat.exists == true
- name: Delete the KMS key
- aws_kms:
+ kms_key:
state: absent
alias: '{{ kms_key_name }}'
diff --git a/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/connection_args.yml b/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/connection_args.yml
index 727220e49..8d5c4b714 100644
--- a/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/connection_args.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/connection_args.yml
@@ -3,9 +3,9 @@
# As a lookup plugin we don't have access to module_defaults
connection_args:
region: "{{ aws_region }}"
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- aws_security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
connection_env:
AWS_DEFAULT_REGION: "{{ aws_region }}"
AWS_ACCESS_KEY_ID: "{{ aws_access_key }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/encryption.yml b/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/encryption.yml
index 949892d18..1379b0428 100644
--- a/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/encryption.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/encryption.yml
@@ -1,7 +1,7 @@
---
## Task file for setup/teardown AWS resources for aws_ssm integration testing
- name: create a KMS key
- aws_kms:
+ kms_key:
alias: '{{ kms_key_name }}'
grants:
- name: SSM-Agent-Access
diff --git a/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/main.yml
index 830bd5fcc..6c29c4154 100644
--- a/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/setup_connection_aws_ssm/tasks/main.yml
@@ -5,9 +5,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
diff --git a/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/defaults/main.yml
index 6fbe55e83..11a1e561e 100644
--- a/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/defaults/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/defaults/main.yml
@@ -1,6 +1,7 @@
+---
# CentOS Community Platform Engineering (CPE)
-ec2_ami_owner_id: '125523088429'
-#ec2_ami_name: 'Fedora-Cloud-Base-*.x86_64*'
-ec2_ami_name: 'CentOS Stream 9 x86_64*'
-#ec2_ami_ssh_user: 'fedora'
-ec2_ami_ssh_user: 'centos'
+ec2_ami_owner_id: "125523088429"
+# ec2_ami_name: 'Fedora-Cloud-Base-*.x86_64*'
+ec2_ami_name: CentOS Stream 9 x86_64*
+# ec2_ami_ssh_user: 'fedora'
+ec2_ami_ssh_user: centos
diff --git a/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/meta/main.yml
index 32cf5dda7..23d65c7ef 100644
--- a/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/meta/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/meta/main.yml
@@ -1 +1,2 @@
+---
dependencies: []
diff --git a/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/tasks/main.yml
index f41791073..bd059c866 100644
--- a/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/setup_ec2_facts/tasks/main.yml
@@ -8,46 +8,47 @@
# rather than hardcoding the IDs so we're not limited to specific Regions
# - ec2_ami_id
#
-- module_defaults:
+- name: Setup common EC2 related facts.
+ module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
- region: '{{ aws_region }}'
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
+ region: "{{ aws_region }}"
- run_once: True
+ run_once: true
block:
# ============================================================
- - name: Get available AZs
- aws_az_info:
- filters:
- region-name: '{{ aws_region }}'
- register: _az_info
+ - name: Get available AZs
+ amazon.aws.aws_az_info:
+ filters:
+ region-name: "{{ aws_region }}"
+ register: _az_info
- - name: Pick an AZ
- set_fact:
- ec2_availability_zone_names: '{{ _az_info.availability_zones | selectattr("zone_name", "defined") | map(attribute="zone_name") | list }}'
+ - name: Pick an AZ
+ ansible.builtin.set_fact:
+ ec2_availability_zone_names: '{{ _az_info.availability_zones | selectattr("zone_name", "defined") | map(attribute="zone_name") | list }}'
- # ============================================================
+ # ============================================================
- - name: Get a list of images
- ec2_ami_info:
- filters:
- name: '{{ ec2_ami_name }}'
- owner-id: '{{ ec2_ami_owner_id }}'
- architecture: x86_64
- virtualization-type: hvm
- root-device-type: ebs
- register: _images_info
- # Very spammy
- no_log: True
+ - name: Get a list of images
+ amazon.aws.ec2_ami_info:
+ filters:
+ name: "{{ ec2_ami_name }}"
+ owner-id: "{{ ec2_ami_owner_id }}"
+ architecture: x86_64
+ virtualization-type: hvm
+ root-device-type: ebs
+ register: _images_info
+ # Very spammy
+ no_log: true
- - name: Set Fact for latest AMI
- vars:
- latest_image: '{{ _images_info.images | sort(attribute="creation_date") | reverse | first }}'
- set_fact:
- ec2_ami_id: '{{ latest_image.image_id }}'
- ec2_ami_details: '{{ latest_image }}'
- ec2_ami_root_disk: '{{ latest_image.block_device_mappings[0].device_name }}'
- ec2_ami_ssh_user: '{{ ec2_ami_ssh_user }}'
+ - name: Set Fact for latest AMI
+ vars:
+ latest_image: '{{ _images_info.images | sort(attribute="creation_date") | reverse | first }}'
+ ansible.builtin.set_fact:
+ ec2_ami_id: "{{ latest_image.image_id }}"
+ ec2_ami_details: "{{ latest_image }}"
+ ec2_ami_root_disk: "{{ latest_image.block_device_mappings[0].device_name }}"
+ ec2_ami_ssh_user: "{{ ec2_ami_ssh_user }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/setup_sshkey/files/ec2-fingerprint.py b/ansible_collections/community/aws/tests/integration/targets/setup_sshkey/files/ec2-fingerprint.py
index ea2f51b0f..04d2eb1ea 100644
--- a/ansible_collections/community/aws/tests/integration/targets/setup_sshkey/files/ec2-fingerprint.py
+++ b/ansible_collections/community/aws/tests/integration/targets/setup_sshkey/files/ec2-fingerprint.py
@@ -8,24 +8,26 @@ ssh-keygen -f id_rsa.pub -e -m PKCS8 | openssl pkey -pubin -outform DER | openss
(but without needing the OpenSSL CLI)
"""
-from __future__ import absolute_import, division, print_function
-__metaclass__ = type
import hashlib
import sys
-from Crypto.PublicKey import RSA
+
+from cryptography.hazmat.primitives import serialization
if len(sys.argv) == 0:
ssh_public_key = "id_rsa.pub"
else:
ssh_public_key = sys.argv[1]
-with open(ssh_public_key, 'r') as key_fh:
- data = key_fh.read()
-
-# Convert from SSH format to DER format
-public_key = RSA.importKey(data).exportKey('DER')
-md5digest = hashlib.md5(public_key).hexdigest()
+with open(ssh_public_key, "rb") as key_file:
+ public_key = serialization.load_ssh_public_key(
+ key_file.read(),
+ )
+pub_der = public_key.public_bytes(
+ encoding=serialization.Encoding.DER,
+ format=serialization.PublicFormat.SubjectPublicKeyInfo,
+)
+md5digest = hashlib.md5(pub_der).hexdigest()
# Format the md5sum into the normal format
pairs = zip(md5digest[::2], md5digest[1::2])
md5string = ":".join(["".join(pair) for pair in pairs])
diff --git a/ansible_collections/community/aws/tests/integration/targets/sns/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/sns/tasks/main.yml
index 42ef9b190..99be6b218 100644
--- a/ansible_collections/community/aws/tests/integration/targets/sns/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/sns/tasks/main.yml
@@ -1,9 +1,9 @@
- name: set up AWS connection info
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
collections:
- amazon.aws
diff --git a/ansible_collections/community/aws/tests/integration/targets/sns_topic/files/sns_topic_lambda/sns_topic_lambda.py b/ansible_collections/community/aws/tests/integration/targets/sns_topic/files/sns_topic_lambda/sns_topic_lambda.py
index 98f657836..99c6a8105 100644
--- a/ansible_collections/community/aws/tests/integration/targets/sns_topic/files/sns_topic_lambda/sns_topic_lambda.py
+++ b/ansible_collections/community/aws/tests/integration/targets/sns_topic/files/sns_topic_lambda/sns_topic_lambda.py
@@ -1,6 +1,9 @@
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
-from __future__ import (absolute_import, division, print_function)
+from __future__ import absolute_import
+from __future__ import division
+from __future__ import print_function
+
__metaclass__ = type
diff --git a/ansible_collections/community/aws/tests/integration/targets/sns_topic/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/sns_topic/tasks/main.yml
index d5b389e4d..00f3f71d9 100644
--- a/ansible_collections/community/aws/tests/integration/targets/sns_topic/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/sns_topic/tasks/main.yml
@@ -1,8 +1,8 @@
- module_defaults:
group/aws:
- aws_secret_key: '{{ aws_secret_key }}'
- aws_access_key: '{{ aws_access_key }}'
- security_token: '{{ security_token|default(omit) }}'
+ secret_key: '{{ aws_secret_key }}'
+ access_key: '{{ aws_access_key }}'
+ session_token: '{{ security_token|default(omit) }}'
region: '{{ aws_region }}'
block:
@@ -62,7 +62,7 @@
that:
- sns_topic_info is successful
- "'result' in sns_topic_info"
- - sns_topic_info.result["sns_arn"] == "{{ sns_arn }}"
+ - sns_topic_info.result["sns_arn"] == sns_arn
- "'sns_topic' in sns_topic_info.result"
- "'display_name' in sns_topic_info.result['sns_topic']"
- sns_topic_info.result["sns_topic"]["display_name"] == "My topic name"
@@ -79,7 +79,7 @@
that:
- sns_topic_info is successful
- "'result' in sns_topic_info"
- - sns_topic_info.result["sns_arn"] == "{{ sns_arn }}"
+ - sns_topic_info.result["sns_arn"] == sns_arn
- "'sns_topic' in sns_topic_info.result"
- "'display_name' in sns_topic_info.result['sns_topic']"
- sns_topic_info.result["sns_topic"]["display_name"] == "My topic name"
@@ -110,7 +110,7 @@
that:
- sns_fifo_topic.changed
- sns_fifo_topic.sns_topic.topic_type == 'fifo'
- - sns_fifo_topic.sns_topic.name == '{{ sns_topic_topic_name }}-fifo'
+ - sns_fifo_topic.sns_topic.name == sns_topic_topic_name ~ '-fifo'
- name: Run create a FIFO topic again for idempotence test (with .fifo)
sns_topic:
diff --git a/ansible_collections/community/aws/tests/integration/targets/sqs_queue/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/sqs_queue/tasks/main.yml
index bcba06c8f..4c16be313 100644
--- a/ansible_collections/community/aws/tests/integration/targets/sqs_queue/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/sqs_queue/tasks/main.yml
@@ -3,9 +3,9 @@
module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:
@@ -19,7 +19,7 @@
assert:
that:
- create_result.changed
- - create_result.region == "{{ aws_region }}"
+ - create_result.region == aws_region
always:
- name: Test deleting SQS queue
diff --git a/ansible_collections/community/aws/tests/integration/targets/ssm_parameter/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/ssm_parameter/tasks/main.yml
index ac461392a..7c0e27fee 100644
--- a/ansible_collections/community/aws/tests/integration/targets/ssm_parameter/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/ssm_parameter/tasks/main.yml
@@ -3,9 +3,9 @@
# As a lookup plugin we don't have access to module_defaults
connection_args:
region: "{{ aws_region }}"
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- aws_security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
no_log: True
- name: 'aws_ssm lookup plugin integration tests'
@@ -13,9 +13,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
vars:
simple_name: '/{{ ssm_key_prefix }}/Simple'
@@ -87,7 +87,7 @@
# Create
- name: Create key/value pair in aws parameter store (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_name }}'
description: '{{ simple_description }}'
value: '{{ simple_value }}'
@@ -98,7 +98,7 @@
- result is changed
- name: Create key/value pair in aws parameter store
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_name }}'
description: '{{ simple_description }}'
value: '{{ simple_value }}'
@@ -129,7 +129,7 @@
- result.parameter_metadata.type == 'String'
- name: Create key/value pair in aws parameter store - idempotency (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_name }}'
description: '{{ simple_description }}'
value: '{{ simple_value }}'
@@ -140,7 +140,7 @@
- result is not changed
- name: Create key/value pair in aws parameter store - idempotency
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_name }}'
description: '{{ simple_description }}'
value: '{{ simple_value }}'
@@ -174,7 +174,7 @@
# Update description
- name: Update description (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_name }}'
description: '{{ updated_description }}'
register: result
@@ -184,7 +184,7 @@
- result is changed
- name: Update description
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_name }}'
description: '{{ updated_description }}'
register: result
@@ -214,7 +214,7 @@
- result.parameter_metadata.type == 'String'
- name: Update description - idempotency (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_name }}'
description: '{{ updated_description }}'
register: result
@@ -224,7 +224,7 @@
- result is not changed
- name: Update description - idempotency
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_name }}'
description: '{{ updated_description }}'
register: result
@@ -258,7 +258,7 @@
# Update value
- name: Update key/value pair in aws parameter store (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_name }}'
value: '{{ updated_value }}'
register: result
@@ -268,7 +268,7 @@
- result is changed
- name: Update key/value pair in aws parameter store
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_name }}'
value: '{{ updated_value }}'
register: result
@@ -298,7 +298,7 @@
- result.parameter_metadata.type == 'String'
- name: Update key/value pair in aws parameter store - idempotency (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_name }}'
value: '{{ updated_value }}'
register: result
@@ -308,7 +308,7 @@
- result is not changed
- name: Update key/value pair in aws parameter store - idempotency
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_name }}'
value: '{{ updated_value }}'
register: result
@@ -341,7 +341,7 @@
# Complex update
- name: Complex update to key/value pair in aws parameter store (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_name }}'
value: '{{ simple_value }}'
description: '{{ simple_description }}'
@@ -352,7 +352,7 @@
- result is changed
- name: Complex update to key/value pair in aws parameter store
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_name }}'
value: '{{ simple_value }}'
description: '{{ simple_description }}'
@@ -383,7 +383,7 @@
- result.parameter_metadata.type == 'String'
- name: Complex update to key/value pair in aws parameter store - idempotency (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_name }}'
value: '{{ simple_value }}'
description: '{{ simple_description }}'
@@ -394,7 +394,7 @@
- result is not changed
- name: Complex update to key/value pair in aws parameter store - idempotency
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_name }}'
value: '{{ simple_value }}'
description: '{{ simple_description }}'
@@ -428,7 +428,7 @@
# Delete
- name: Delete key/value pair in aws parameter store (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_name }}'
state: absent
register: result
@@ -438,7 +438,7 @@
- result is changed
- name: Delete key/value pair in aws parameter store
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_name }}'
state: absent
register: result
@@ -454,7 +454,7 @@
- info_result is failed
- name: Delete key/value pair in aws parameter store - idempotency (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_name }}'
state: absent
register: result
@@ -464,7 +464,7 @@
- result is not changed
- name: Delete key/value pair in aws parameter store - idempotency
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_name }}'
state: absent
register: result
@@ -474,7 +474,7 @@
- result is not changed
- name: Create key/value pair in aws parameter store with no description
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_name }}'
value: '{{ simple_value }}'
register: result
@@ -485,7 +485,7 @@
- '"description" not in result.parameter_metadata'
- name: Add a description
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_name }}'
value: '{{ simple_value }}'
description: '{{ simple_description }}'
@@ -501,7 +501,7 @@
# Test tags - Create parameter with tags case
- name: Create parameter with tags case - Create parameter (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
description: '{{ simple_tag_param_description }}'
value: '{{ simple_tag_param_value }}'
@@ -513,7 +513,7 @@
- result is changed
- name: Create parameter with tags case - Create parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
description: '{{ simple_tag_param_description }}'
value: '{{ simple_tag_param_value }}'
@@ -523,7 +523,7 @@
- name: Create parameter with tags case - Ensure tags is correct
assert:
that:
- - result.parameter_metadata.tags['{{ item.key }}'] == simple_tags_orig['{{ item.key }}']
+ - result.parameter_metadata.tags[item.key] == simple_tags_orig[item.key]
loop: "{{ simple_tags_orig | dict2items }}"
- name: Create parameter with tags case - Ensure no missing or additional tags
@@ -560,7 +560,7 @@
# Test tags - Update description only case
- name: Update description only case - Update parameter (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
description: '{{ simple_tag_param_updated_description }}'
register: result
@@ -570,7 +570,7 @@
- result is changed
- name: Update description only case - Update parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
description: '{{ simple_tag_param_updated_description }}'
register: result
@@ -578,7 +578,7 @@
- name: Update description only case - Ensure expected tags is correct
assert:
that:
- - result.parameter_metadata.tags['{{ item.key }}'] == simple_tags_orig['{{ item.key }}']
+ - result.parameter_metadata.tags[item.key] == simple_tags_orig[item.key]
loop: "{{ simple_tags_orig | dict2items }}"
- name: Update description only case - Ensure no missing or additional tags
@@ -615,7 +615,7 @@
# Test tags - Add tag to existing parameter case
- name: Add tag to existing parameter case - Update parameter (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: '{{ simple_tags_add_owner }}'
register: result
@@ -625,7 +625,7 @@
- result is changed
- name: Add tag to existing parameter case - Update parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: '{{ simple_tags_add_owner }}'
register: result
@@ -633,7 +633,7 @@
- name: Add tag to existing parameter case - Ensure tags correct
assert:
that:
- - result.parameter_metadata.tags['{{ item.key }}'] == simple_tags_add_owner['{{ item.key }}']
+ - result.parameter_metadata.tags[item.key] == simple_tags_add_owner[item.key]
loop: "{{ simple_tags_add_owner | dict2items }}"
- name: Add tag to existing parameter case - Ensure no missing or additional tags
@@ -667,7 +667,7 @@
- result.parameter_metadata.type == 'String'
- name: Add tag to existing parameter case - Delete parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: "{{item}}"
state: absent
ignore_errors: True
@@ -678,7 +678,7 @@
# Test tags - update tags only - change tag
- name: Change single tag case - Create parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
description: '{{ simple_tag_param_description }}'
value: '{{ simple_tag_param_value }}'
@@ -686,7 +686,7 @@
register: result
- name: Change single tag case - Update tag (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: '{{ simple_tags_change_environment }}'
register: result
@@ -696,7 +696,7 @@
- result is changed
- name: Change single tag case - Update tag
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: '{{ simple_tags_change_environment }}'
register: result
@@ -704,7 +704,7 @@
- name: Change single tag case - Ensure expected tags is correct
assert:
that:
- - result.parameter_metadata.tags['{{ item.key }}'] == simple_tags_change_environment['{{ item.key }}']
+ - result.parameter_metadata.tags[item.key] == simple_tags_change_environment[item.key]
loop: "{{ simple_tags_change_environment | dict2items }}"
- name: Change single tag case - Ensure no missing or additional tags
@@ -738,7 +738,7 @@
- result.parameter_metadata.type == 'String'
- name: Change single tag case - Delete parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: "{{item}}"
state: absent
ignore_errors: True
@@ -749,7 +749,7 @@
# Test tags - delete tag case
- name: Delete single tag case - Create parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
description: '{{ simple_tag_param_description }}'
value: '{{ simple_tag_param_value }}'
@@ -757,7 +757,7 @@
register: result
- name: Delete single tag case - Update tag (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: '{{ simple_tags_delete_version }}'
register: result
@@ -767,7 +767,7 @@
- result is changed
- name: Delete single tag case - Update tag
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: '{{ simple_tags_delete_version }}'
register: result
@@ -775,7 +775,7 @@
- name: Delete single tag case - Ensure expected tags is correct
assert:
that:
- - result.parameter_metadata.tags['{{ item.key }}'] == simple_tags_delete_version['{{ item.key }}']
+ - result.parameter_metadata.tags[item.key] == simple_tags_delete_version[item.key]
loop: "{{ simple_tags_delete_version | dict2items }}"
- name: Delete single tag case - Ensure no missing or additional tags
@@ -809,7 +809,7 @@
- result.parameter_metadata.type == 'String'
- name: Delete single tag case - Delete parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: "{{item}}"
state: absent
ignore_errors: True
@@ -820,7 +820,7 @@
# Test tags - delete tag w/ spaces case
- name: Delete single tag w/ spaces case - Create parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
description: '{{ simple_tag_param_description }}'
value: '{{ simple_tag_param_value }}'
@@ -828,7 +828,7 @@
register: result
- name: Delete single tag w/ spaces case - Update tag (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: '{{ simple_tags_delete_tag_with_space }}'
register: result
@@ -838,7 +838,7 @@
- result is changed
- name: Delete single tag w/ spaces case - Update tag
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: '{{ simple_tags_delete_tag_with_space }}'
register: result
@@ -846,7 +846,7 @@
- name: Delete single tag w/ spaces case - Ensure expected tags is correct
assert:
that:
- - result.parameter_metadata.tags['{{ item.key }}'] == simple_tags_delete_tag_with_space['{{ item.key }}']
+ - result.parameter_metadata.tags[item.key] == simple_tags_delete_tag_with_space[item.key]
loop: "{{ simple_tags_delete_tag_with_space | dict2items }}"
- name: Delete single tag w/ spaces case - Ensure no missing or additional tags
@@ -880,7 +880,7 @@
- result.parameter_metadata.type == 'String'
- name: Delete single tag w/ spaces case - Delete parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: "{{item}}"
state: absent
ignore_errors: True
@@ -891,7 +891,7 @@
# Test tags - Add/delete/change tags case
- name: Add/delete/change tags case - Create parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
description: '{{ simple_tag_param_description }}'
value: '{{ simple_tag_param_value }}'
@@ -899,7 +899,7 @@
register: result
- name: Add/delete/change tags case - Update tag (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: '{{ simple_tags_add_delete_change }}'
register: result
@@ -909,7 +909,7 @@
- result is changed
- name: Add/delete/change tags case - Update tag
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: '{{ simple_tags_add_delete_change }}'
register: result
@@ -917,7 +917,7 @@
- name: Add/delete/change tags case - Ensure expected tags is correct
assert:
that:
- - result.parameter_metadata.tags['{{ item.key }}'] == simple_tags_add_delete_change['{{ item.key }}']
+ - result.parameter_metadata.tags[item.key] == simple_tags_add_delete_change[item.key]
loop: "{{ simple_tags_add_delete_change | dict2items }}"
- name: Add/delete/change tags case - Ensure no missing or additional tags
@@ -951,7 +951,7 @@
- result.parameter_metadata.type == 'String'
- name: Add/delete/change tags case - Delete parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: "{{item}}"
state: absent
ignore_errors: True
@@ -962,7 +962,7 @@
# Test tags - Delete all tags case
- name: Delete all tags case - Create parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
description: '{{ simple_tag_param_description }}'
value: '{{ simple_tag_param_value }}'
@@ -970,7 +970,7 @@
register: result
- name: Delete all tags case - Update tag (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: '{{ simple_tags_delete_all_tags }}'
register: result
@@ -980,7 +980,7 @@
- result is changed
- name: Delete all tags case - Update tag
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: '{{ simple_tags_delete_all_tags }}'
register: result
@@ -988,7 +988,7 @@
- name: Delete all tags case - Ensure expected tags is correct
assert:
that:
- - result.parameter_metadata.tags['{{ item.key }}'] == simple_tags_delete_all_tags['{{ item.key }}']
+ - result.parameter_metadata.tags[item.key] == simple_tags_delete_all_tags[item.key]
loop: "{{ simple_tags_delete_all_tags | dict2items }}"
- name: Delete all tags case - Ensure no missing or additional tags
@@ -1022,7 +1022,7 @@
- result.parameter_metadata.type == 'String'
- name: Delete all tags case - Delete parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: "{{item}}"
state: absent
ignore_errors: True
@@ -1033,7 +1033,7 @@
# Test tags - Add tag case (purge_tags=false)
- name: Add tag case (purge_tags=false) - Create parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
description: '{{ simple_tag_param_description }}'
value: '{{ simple_tag_param_value }}'
@@ -1041,7 +1041,7 @@
register: result
- name: Add tag case (purge_tags=false) - Add tag (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: '{{ simple_tags_purge_false_add_owner }}'
purge_tags: False
@@ -1052,7 +1052,7 @@
- result is changed
- name: Add tag case (purge_tags=false) - Add tag
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: '{{ simple_tags_purge_false_add_owner }}'
purge_tags: False
@@ -1062,8 +1062,8 @@
assert:
that:
- >
- result.parameter_metadata.tags['{{ item.key }}'] ==
- (simple_tags_orig | combine(simple_tags_purge_false_add_owner))['{{ item.key }}']
+ result.parameter_metadata.tags[item.key] ==
+ (simple_tags_orig | combine(simple_tags_purge_false_add_owner))[item.key]
loop: >
{{ simple_tags_orig | combine(simple_tags_purge_false_add_owner) | dict2items }}
@@ -1071,8 +1071,8 @@
assert:
that:
- >
- result.parameter_metadata.tags | length == {{ simple_tags_orig |
- combine(simple_tags_purge_false_add_owner) | dict2items }} | length
+ result.parameter_metadata.tags | length == simple_tags_orig |
+ combine(simple_tags_purge_false_add_owner) | dict2items | length
- name: Add tag case (purge_tags=false) - Lookup a tagged parameter
set_fact:
@@ -1100,7 +1100,7 @@
- result.parameter_metadata.type == 'String'
- name: Add tag case (purge_tags=false) - Delete parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: "{{item}}"
state: absent
ignore_errors: True
@@ -1111,7 +1111,7 @@
# Test tags - Add multiple tags case (purge_tags=false)
- name: Add multiple tags case (purge_tags=false) - Create parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
description: '{{ simple_tag_param_description }}'
value: '{{ simple_tag_param_value }}'
@@ -1119,7 +1119,7 @@
register: result
- name: Add multiple tags case (purge_tags=false) - Add tag (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: '{{ simple_tags_purge_false_add_multiple }}'
purge_tags: False
@@ -1130,7 +1130,7 @@
- result is changed
- name: Add multiple tags case (purge_tags=false) - Add tag
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: '{{ simple_tags_purge_false_add_multiple }}'
purge_tags: False
@@ -1140,8 +1140,8 @@
assert:
that:
- >
- result.parameter_metadata.tags['{{ item.key }}'] ==
- (simple_tags_orig | combine(simple_tags_purge_false_add_multiple))['{{ item.key }}']
+ result.parameter_metadata.tags[item.key] ==
+ (simple_tags_orig | combine(simple_tags_purge_false_add_multiple))[item.key]
loop: >
{{ simple_tags_orig | combine(simple_tags_purge_false_add_multiple) | dict2items }}
@@ -1149,8 +1149,8 @@
assert:
that:
- >
- result.parameter_metadata.tags | length == {{ simple_tags_orig |
- combine(simple_tags_purge_false_add_multiple) | dict2items }} | length
+ result.parameter_metadata.tags | length == simple_tags_orig |
+ combine(simple_tags_purge_false_add_multiple) | dict2items | length
- name: Add multiple tags case (purge_tags=false) - Lookup a tagged parameter
set_fact:
@@ -1178,7 +1178,7 @@
- result.parameter_metadata.type == 'String'
- name: Add multiple tags case (purge_tags=false) - Delete parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: "{{item}}"
state: absent
ignore_errors: True
@@ -1189,7 +1189,7 @@
# Test tags - Change tag case (purge_tags=false)
- name: Change tag case (purge_tags=false) - Create parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
description: '{{ simple_tag_param_description }}'
value: '{{ simple_tag_param_value }}'
@@ -1197,7 +1197,7 @@
register: result
- name: Change tag case (purge_tags=false) - Change tag (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: '{{ simple_tags_purge_false_change_environment}}'
purge_tags: False
@@ -1208,7 +1208,7 @@
- result is changed
- name: Change tag case (purge_tags=false) - Change tag
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: '{{ simple_tags_purge_false_change_environment }}'
purge_tags: False
@@ -1218,8 +1218,8 @@
assert:
that:
- >
- result.parameter_metadata.tags['{{ item.key }}'] ==
- (simple_tags_orig | combine(simple_tags_purge_false_change_environment))['{{ item.key }}']
+ result.parameter_metadata.tags[item.key] ==
+ (simple_tags_orig | combine(simple_tags_purge_false_change_environment))[item.key]
loop: >
{{ simple_tags_orig | combine(simple_tags_purge_false_change_environment) | dict2items }}
loop_control:
@@ -1230,8 +1230,8 @@
assert:
that:
- >
- result.parameter_metadata.tags | length == {{ simple_tags_orig |
- combine(simple_tags_purge_false_change_environment) | dict2items }} | length
+ result.parameter_metadata.tags | length == simple_tags_orig |
+ combine(simple_tags_purge_false_change_environment) | dict2items | length
- name: Change tag case (purge_tags=false) - Lookup a tagged parameter
set_fact:
@@ -1259,7 +1259,7 @@
- result.parameter_metadata.type == 'String'
- name: Change tag case (purge_tags=false) - Delete parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: "{{item}}"
state: absent
ignore_errors: True
@@ -1270,7 +1270,7 @@
# Test tags - Change multiple tags case (purge_tags=false)
- name: Change multiple tags (purge_tags=false) - Create parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
description: '{{ simple_tag_param_description }}'
value: '{{ simple_tag_param_value }}'
@@ -1278,7 +1278,7 @@
register: result
- name: Change multiple tags (purge_tags=false) - Change tag (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: '{{ simple_tags_purge_false_change_multiple}}'
purge_tags: False
@@ -1289,7 +1289,7 @@
- result is changed
- name: Change multiple tags (purge_tags=false) - Change tag
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: '{{ simple_tags_purge_false_change_multiple }}'
purge_tags: False
@@ -1299,8 +1299,8 @@
assert:
that:
- >
- result.parameter_metadata.tags['{{ item.key }}'] ==
- (simple_tags_orig | combine(simple_tags_purge_false_change_multiple))['{{ item.key }}']
+ result.parameter_metadata.tags[item.key] ==
+ (simple_tags_orig | combine(simple_tags_purge_false_change_multiple))[item.key]
loop: >
{{ simple_tags_orig | combine(simple_tags_purge_false_change_multiple) | dict2items }}
loop_control:
@@ -1311,8 +1311,8 @@
assert:
that:
- >
- result.parameter_metadata.tags | length == {{ simple_tags_orig |
- combine(simple_tags_purge_false_change_multiple) | dict2items }} | length
+ result.parameter_metadata.tags | length == simple_tags_orig |
+ combine(simple_tags_purge_false_change_multiple) | dict2items | length
- name: Change multiple tags (purge_tags=false) - Lookup a tagged parameter
set_fact:
@@ -1340,7 +1340,7 @@
- result.parameter_metadata.type == 'String'
- name: Change multiple tags (purge_tags=false) - Delete parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: "{{item}}"
state: absent
ignore_errors: True
@@ -1351,7 +1351,7 @@
# Test tags - Add/Change multiple tags case (purge_tags=false)
- name: Add/Change multiple tags (purge_tags=false) - Create parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
description: '{{ simple_tag_param_description }}'
value: '{{ simple_tag_param_value }}'
@@ -1359,7 +1359,7 @@
register: result
- name: Add/Change multiple tags (purge_tags=false) - Change tag (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: '{{ simple_tags_purge_false_add_and_change}}'
purge_tags: False
@@ -1370,7 +1370,7 @@
- result is changed
- name: Add/Change multiple tags (purge_tags=false) - Change tag
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: '{{ simple_tags_purge_false_add_and_change }}'
purge_tags: False
@@ -1380,8 +1380,8 @@
assert:
that:
- >
- result.parameter_metadata.tags['{{ item.key }}'] ==
- (simple_tags_orig | combine(simple_tags_purge_false_add_and_change))['{{ item.key }}']
+ result.parameter_metadata.tags[item.key] ==
+ (simple_tags_orig | combine(simple_tags_purge_false_add_and_change))[item.key]
loop: >
{{ simple_tags_orig | combine(simple_tags_purge_false_add_and_change) | dict2items }}
loop_control:
@@ -1392,8 +1392,8 @@
assert:
that:
- >
- result.parameter_metadata.tags | length == {{ simple_tags_orig |
- combine(simple_tags_purge_false_add_and_change) | dict2items }} | length
+ result.parameter_metadata.tags | length == simple_tags_orig |
+ combine(simple_tags_purge_false_add_and_change) | dict2items | length
- name: Add/Change multiple tags (purge_tags=false) - Lookup a tagged parameter
set_fact:
@@ -1421,7 +1421,7 @@
- result.parameter_metadata.type == 'String'
- name: Add/Change multiple tags (purge_tags=false) - Delete parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: "{{item}}"
state: absent
ignore_errors: True
@@ -1432,7 +1432,7 @@
# Test tags - Empty tags dict case (purge_tags=false) # should be no change
- name: Empty tags dict (purge_tags=false) - Create parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
description: '{{ simple_tag_param_description }}'
value: '{{ simple_tag_param_value }}'
@@ -1440,7 +1440,7 @@
register: result
- name: Empty tags dict (purge_tags=false) - Change tag (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: {}
purge_tags: False
@@ -1451,7 +1451,7 @@
- result != 'changed'
- name: Empty tags dict (purge_tags=false) - Change tag
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
tags: {}
purge_tags: False
@@ -1461,7 +1461,7 @@
assert:
that:
- >
- result.parameter_metadata.tags['{{ item.key }}'] == simple_tags_orig['{{ item.key }}']
+ result.parameter_metadata.tags[item.key] == simple_tags_orig[item.key]
loop: >
{{ simple_tags_orig | dict2items }}
loop_control:
@@ -1472,7 +1472,7 @@
that:
- >
result.parameter_metadata.tags | length
- == {{ simple_tags_orig | dict2items }} | length
+ == simple_tags_orig | dict2items | length
- name: Empty tags dict (purge_tags=false) - Lookup a tagged parameter
set_fact:
@@ -1500,7 +1500,7 @@
- result.parameter_metadata.type == 'String'
- name: Empty tags dict (purge_tags=false) - Delete parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: "{{item}}"
state: absent
ignore_errors: True
@@ -1511,7 +1511,7 @@
# Test tags - No tags parameter (purge_tags=true) case # should be no change
- name: No tags parameter (purge_tags=true) - Create parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
description: '{{ simple_tag_param_description }}'
value: '{{ simple_tag_param_value }}'
@@ -1519,7 +1519,7 @@
register: result
- name: No tags parameter (purge_tags=true) - Change tag (CHECK)
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
description: '{{ simple_tag_param_updated_description }}'
register: result
@@ -1529,7 +1529,7 @@
- result is changed
- name: No tags parameter (purge_tags=true) - Change tag
- aws_ssm_parameter_store:
+ ssm_parameter:
name: '{{ simple_tag_param_name }}'
description: '{{ simple_tag_param_updated_description }}'
register: result
@@ -1538,8 +1538,8 @@
assert:
that:
- >
- result.parameter_metadata.tags['{{ item.key }}']
- == simple_tags_orig['{{ item.key }}']
+ result.parameter_metadata.tags[item.key]
+ == simple_tags_orig[item.key]
loop: >
{{ simple_tags_orig | dict2items }}
loop_control:
@@ -1550,7 +1550,7 @@
that:
- >
result.parameter_metadata.tags | length
- == {{ simple_tags_orig | dict2items }} | length
+ == simple_tags_orig | dict2items | length
- name: No tags parameter (purge_tags=true) - Lookup a tagged parameter
set_fact:
@@ -1578,7 +1578,7 @@
- result.parameter_metadata.type == 'String'
- name: No tags parameter (purge_tags=true) - Delete parameter
- aws_ssm_parameter_store:
+ ssm_parameter:
name: "{{item}}"
state: absent
ignore_errors: true
@@ -1588,7 +1588,7 @@
always:
# ============================================================
- name: Delete remaining key/value pairs in aws parameter store
- aws_ssm_parameter_store:
+ ssm_parameter:
name: "{{item}}"
state: absent
ignore_errors: True
diff --git a/ansible_collections/community/aws/tests/integration/targets/stepfunctions_state_machine/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/stepfunctions_state_machine/tasks/main.yml
index 8c4bbec71..061acb2c3 100644
--- a/ansible_collections/community/aws/tests/integration/targets/stepfunctions_state_machine/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/stepfunctions_state_machine/tasks/main.yml
@@ -3,9 +3,9 @@
- name: Integration test for AWS Step Function state machine module
module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
collections:
- amazon.aws
@@ -33,7 +33,7 @@
# ==== Tests ===================================================
- name: Create a new state machine -- check_mode
- aws_step_functions_state_machine:
+ stepfunctions_state_machine:
name: "{{ state_machine_name }}"
definition: "{{ lookup('file','state_machine.json') }}"
role_arn: "{{ step_functions_role.iam_role.arn }}"
@@ -49,7 +49,7 @@
- creation_check.output == 'State machine would be created.'
- name: Create a new state machine
- aws_step_functions_state_machine:
+ stepfunctions_state_machine:
name: "{{ state_machine_name }}"
definition: "{{ lookup('file','state_machine.json') }}"
role_arn: "{{ step_functions_role.iam_role.arn }}"
@@ -68,7 +68,7 @@
seconds: 5
- name: Idempotent rerun of same state function -- check_mode
- aws_step_functions_state_machine:
+ stepfunctions_state_machine:
name: "{{ state_machine_name }}"
definition: "{{ lookup('file','state_machine.json') }}"
role_arn: "{{ step_functions_role.iam_role.arn }}"
@@ -84,7 +84,7 @@
- result.output == 'State is up-to-date.'
- name: Idempotent rerun of same state function
- aws_step_functions_state_machine:
+ stepfunctions_state_machine:
name: "{{ state_machine_name }}"
definition: "{{ lookup('file','state_machine.json') }}"
role_arn: "{{ step_functions_role.iam_role.arn }}"
@@ -99,7 +99,7 @@
- result.state_machine_arn == creation_output.state_machine_arn
- name: Update an existing state machine -- check_mode
- aws_step_functions_state_machine:
+ stepfunctions_state_machine:
name: "{{ state_machine_name }}"
definition: "{{ lookup('file','alternative_state_machine.json') }}"
role_arn: "{{ step_functions_role.iam_role.arn }}"
@@ -112,10 +112,10 @@
- assert:
that:
- update_check.changed == True
- - "update_check.output == 'State machine would be updated: {{ creation_output.state_machine_arn }}'"
+ - "update_check.output == 'State machine would be updated: ' ~ creation_output.state_machine_arn"
- name: Update an existing state machine
- aws_step_functions_state_machine:
+ stepfunctions_state_machine:
name: "{{ state_machine_name }}"
definition: "{{ lookup('file','alternative_state_machine.json') }}"
role_arn: "{{ step_functions_role.iam_role.arn }}"
@@ -130,7 +130,7 @@
- update_output.state_machine_arn == creation_output.state_machine_arn
- name: Start execution of state machine -- check_mode
- aws_step_functions_state_machine_execution:
+ stepfunctions_state_machine_execution:
name: "{{ execution_name }}"
execution_input: "{}"
state_machine_arn: "{{ creation_output.state_machine_arn }}"
@@ -143,7 +143,7 @@
- "start_execution_output.output == 'State machine execution would be started.'"
- name: Start execution of state machine
- aws_step_functions_state_machine_execution:
+ stepfunctions_state_machine_execution:
name: "{{ execution_name }}"
execution_input: "{}"
state_machine_arn: "{{ creation_output.state_machine_arn }}"
@@ -156,7 +156,7 @@
- "'start_date' in start_execution_output"
- name: Start execution of state machine (check for idempotency) (check mode)
- aws_step_functions_state_machine_execution:
+ stepfunctions_state_machine_execution:
name: "{{ execution_name }}"
execution_input: "{}"
state_machine_arn: "{{ creation_output.state_machine_arn }}"
@@ -169,7 +169,7 @@
- "start_execution_output_idem_check.output == 'State machine execution already exists.'"
- name: Start execution of state machine (check for idempotency)
- aws_step_functions_state_machine_execution:
+ stepfunctions_state_machine_execution:
name: "{{ execution_name }}"
execution_input: "{}"
state_machine_arn: "{{ creation_output.state_machine_arn }}"
@@ -180,7 +180,7 @@
- not start_execution_output_idem.changed
- name: Stop execution of state machine -- check_mode
- aws_step_functions_state_machine_execution:
+ stepfunctions_state_machine_execution:
action: stop
execution_arn: "{{ start_execution_output.execution_arn }}"
cause: "cause of the failure"
@@ -194,7 +194,7 @@
- "stop_execution_output.output == 'State machine execution would be stopped.'"
- name: Stop execution of state machine
- aws_step_functions_state_machine_execution:
+ stepfunctions_state_machine_execution:
action: stop
execution_arn: "{{ start_execution_output.execution_arn }}"
cause: "cause of the failure"
@@ -207,7 +207,7 @@
- "'stop_date' in stop_execution_output"
- name: Stop execution of state machine (check for idempotency)
- aws_step_functions_state_machine_execution:
+ stepfunctions_state_machine_execution:
action: stop
execution_arn: "{{ start_execution_output.execution_arn }}"
cause: "cause of the failure"
@@ -219,7 +219,7 @@
- not stop_execution_output.changed
- name: Try stopping a non-running execution -- check_mode
- aws_step_functions_state_machine_execution:
+ stepfunctions_state_machine_execution:
action: stop
execution_arn: "{{ start_execution_output.execution_arn }}"
cause: "cause of the failure"
@@ -233,7 +233,7 @@
- "stop_execution_output.output == 'State machine execution is not running.'"
- name: Try stopping a non-running execution
- aws_step_functions_state_machine_execution:
+ stepfunctions_state_machine_execution:
action: stop
execution_arn: "{{ start_execution_output.execution_arn }}"
cause: "cause of the failure"
@@ -246,7 +246,7 @@
- not stop_execution_output.changed
- name: Start execution of state machine with the same execution name
- aws_step_functions_state_machine_execution:
+ stepfunctions_state_machine_execution:
name: "{{ execution_name }}"
state_machine_arn: "{{ creation_output.state_machine_arn }}"
register: start_execution_output_again
@@ -256,7 +256,7 @@
- not start_execution_output_again.changed
- name: Remove state machine -- check_mode
- aws_step_functions_state_machine:
+ stepfunctions_state_machine:
name: "{{ state_machine_name }}"
state: absent
register: deletion_check
@@ -265,10 +265,10 @@
- assert:
that:
- deletion_check.changed == True
- - "deletion_check.output == 'State machine would be deleted: {{ creation_output.state_machine_arn }}'"
+ - "deletion_check.output == 'State machine would be deleted: ' ~ creation_output.state_machine_arn"
- name: Remove state machine
- aws_step_functions_state_machine:
+ stepfunctions_state_machine:
name: "{{ state_machine_name }}"
state: absent
register: deletion_output
@@ -279,7 +279,7 @@
- deletion_output.state_machine_arn == creation_output.state_machine_arn
- name: Non-existent state machine is absent
- aws_step_functions_state_machine:
+ stepfunctions_state_machine:
name: "non_existing_state_machine"
state: absent
register: result
@@ -293,7 +293,7 @@
always:
- name: Cleanup - delete state machine
- aws_step_functions_state_machine:
+ stepfunctions_state_machine:
name: "{{ state_machine_name }}"
state: absent
ignore_errors: true
diff --git a/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/defaults/main.yml b/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/defaults/main.yml
deleted file mode 100644
index 17072d6a4..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/defaults/main.yml
+++ /dev/null
@@ -1 +0,0 @@
-iam_role_name: "ansible-test-{{ tiny_prefix }}"
diff --git a/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/meta/main.yml b/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/meta/main.yml
deleted file mode 100644
index 32cf5dda7..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/meta/main.yml
+++ /dev/null
@@ -1 +0,0 @@
-dependencies: []
diff --git a/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/tasks/main.yml
deleted file mode 100644
index be684dcea..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/tasks/main.yml
+++ /dev/null
@@ -1,332 +0,0 @@
----
-# tasks file for sts_assume_role
-
-- module_defaults:
- group/aws:
- region: "{{ aws_region }}"
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
- collections:
- - amazon.aws
- block:
- # Get some information about who we are before starting our tests
- # we'll need this as soon as we start working on the policies
- - name: get ARN of calling user
- aws_caller_info:
- register: aws_caller_info
-
- - name: register account id
- set_fact:
- aws_account: "{{ aws_caller_info.account }}"
-
- # ============================================================
- - name: create test iam role
- iam_role:
- name: "{{ iam_role_name }}"
- assume_role_policy_document: "{{ lookup('template','policy.json.j2') }}"
- create_instance_profile: False
- managed_policy:
- - arn:aws:iam::aws:policy/IAMReadOnlyAccess
- state: present
- register: test_role
-
- # ============================================================
- - name: pause to ensure role exists before using
- pause:
- seconds: 30
-
- # ============================================================
- - name: test with no parameters
- sts_assume_role:
- aws_access_key: '{{ omit }}'
- aws_secret_key: '{{ omit }}'
- security_token: '{{ omit }}'
- register: result
- ignore_errors: true
-
- - name: assert with no parameters
- assert:
- that:
- - 'result.failed'
- - "'missing required arguments:' in result.msg"
-
- # ============================================================
- - name: test with empty parameters
- sts_assume_role:
- role_arn:
- role_session_name:
- policy:
- duration_seconds:
- external_id:
- mfa_token:
- mfa_serial_number:
- register: result
- ignore_errors: true
-
- - name: assert with empty parameters
- assert:
- that:
- - 'result.failed'
- - "'Missing required parameter in input:' in result.msg"
- when: result.module_stderr is not defined
-
- - name: assert with empty parameters
- assert:
- that:
- - 'result.failed'
- - "'Member must have length greater than or equal to 20' in result.module_stderr"
- when: result.module_stderr is defined
-
- # ============================================================
- - name: test with only 'role_arn' parameter
- sts_assume_role:
- role_arn: "{{ test_role.iam_role.arn }}"
- register: result
- ignore_errors: true
-
- - name: assert with only 'role_arn' parameter
- assert:
- that:
- - 'result.failed'
- - "'missing required arguments: role_session_name' in result.msg"
-
- # ============================================================
- - name: test with only 'role_session_name' parameter
- sts_assume_role:
- role_session_name: "AnsibleTest"
- register: result
- ignore_errors: true
-
- - name: assert with only 'role_session_name' parameter
- assert:
- that:
- - 'result.failed'
- - "'missing required arguments: role_arn' in result.msg"
-
- # ============================================================
- - name: test assume role with invalid policy
- sts_assume_role:
- role_arn: "{{ test_role.iam_role.arn }}"
- role_session_name: "AnsibleTest"
- policy: "invalid policy"
- register: result
- ignore_errors: true
-
- - name: assert assume role with invalid policy
- assert:
- that:
- - 'result.failed'
- - "'The policy is not in the valid JSON format.' in result.msg"
- when: result.module_stderr is not defined
-
- - name: assert assume role with invalid policy
- assert:
- that:
- - 'result.failed'
- - "'The policy is not in the valid JSON format.' in result.module_stderr"
- when: result.module_stderr is defined
-
- # ============================================================
- - name: test assume role with invalid duration seconds
- sts_assume_role:
- role_arn: "{{ test_role.iam_role.arn }}"
- role_session_name: AnsibleTest
- duration_seconds: invalid duration
- register: result
- ignore_errors: true
-
- - name: assert assume role with invalid duration seconds
- assert:
- that:
- - result is failed
- - "'duration_seconds' in result.msg"
- - "'cannot be converted to an int' in result.msg"
-
- # ============================================================
- - name: test assume role with invalid external id
- sts_assume_role:
- role_arn: "{{ test_role.iam_role.arn }}"
- role_session_name: AnsibleTest
- external_id: invalid external id
- register: result
- ignore_errors: true
-
- - name: assert assume role with invalid external id
- assert:
- that:
- - 'result.failed'
- - "'Member must satisfy regular expression pattern:' in result.msg"
- when: result.module_stderr is not defined
-
- - name: assert assume role with invalid external id
- assert:
- that:
- - 'result.failed'
- - "'Member must satisfy regular expression pattern:' in result.module_stderr"
- when: result.module_stderr is defined
-
- # ============================================================
- - name: test assume role with invalid mfa serial number
- sts_assume_role:
- role_arn: "{{ test_role.iam_role.arn }}"
- role_session_name: AnsibleTest
- mfa_serial_number: invalid serial number
- register: result
- ignore_errors: true
-
- - name: assert assume role with invalid mfa serial number
- assert:
- that:
- - 'result.failed'
- - "'Member must satisfy regular expression pattern:' in result.msg"
- when: result.module_stderr is not defined
-
- - name: assert assume role with invalid mfa serial number
- assert:
- that:
- - 'result.failed'
- - "'Member must satisfy regular expression pattern:' in result.module_stderr"
- when: result.module_stderr is defined
-
- # ============================================================
- - name: test assume role with invalid mfa token code
- sts_assume_role:
- role_arn: "{{ test_role.iam_role.arn }}"
- role_session_name: AnsibleTest
- mfa_token: invalid token code
- register: result
- ignore_errors: true
-
- - name: assert assume role with invalid mfa token code
- assert:
- that:
- - 'result.failed'
- - "'Member must satisfy regular expression pattern:' in result.msg"
- when: result.module_stderr is not defined
-
- - name: assert assume role with invalid mfa token code
- assert:
- that:
- - 'result.failed'
- - "'Member must satisfy regular expression pattern:' in result.module_stderr"
- when: result.module_stderr is defined
-
- # ============================================================
- - name: test assume role with invalid role_arn
- sts_assume_role:
- role_arn: invalid role arn
- role_session_name: AnsibleTest
- register: result
- ignore_errors: true
-
- - name: assert assume role with invalid role_arn
- assert:
- that:
- - result.failed
- - "'Invalid length for parameter RoleArn' in result.msg"
- when: result.module_stderr is not defined
-
- - name: assert assume role with invalid role_arn
- assert:
- that:
- - 'result.failed'
- - "'Member must have length greater than or equal to 20' in result.module_stderr"
- when: result.module_stderr is defined
-
- # ============================================================
- - name: test assume not existing sts role
- sts_assume_role:
- role_arn: "arn:aws:iam::123456789:role/non-existing-role"
- role_session_name: "AnsibleTest"
- register: result
- ignore_errors: true
-
- - name: assert assume not existing sts role
- assert:
- that:
- - 'result.failed'
- - "'is not authorized to perform: sts:AssumeRole' in result.msg"
- when: result.module_stderr is not defined
-
- - name: assert assume not existing sts role
- assert:
- that:
- - 'result.failed'
- - "'is not authorized to perform: sts:AssumeRole' in result.msg"
- when: result.module_stderr is defined
-
- # ============================================================
- - name: test assume role
- sts_assume_role:
- role_arn: "{{ test_role.iam_role.arn }}"
- role_session_name: AnsibleTest
- register: assumed_role
-
- - name: assert assume role
- assert:
- that:
- - 'not assumed_role.failed'
- - "'sts_creds' in assumed_role"
- - "'access_key' in assumed_role.sts_creds"
- - "'secret_key' in assumed_role.sts_creds"
- - "'session_token' in assumed_role.sts_creds"
-
- # ============================================================
- - name: test that assumed credentials have IAM read-only access
- iam_role:
- aws_access_key: "{{ assumed_role.sts_creds.access_key }}"
- aws_secret_key: "{{ assumed_role.sts_creds.secret_key }}"
- security_token: "{{ assumed_role.sts_creds.session_token }}"
- name: "{{ iam_role_name }}"
- assume_role_policy_document: "{{ lookup('template','policy.json.j2') }}"
- create_instance_profile: False
- state: present
- register: result
-
- - name: assert assumed role with privileged action (expect changed=false)
- assert:
- that:
- - 'not result.failed'
- - 'not result.changed'
- - "'iam_role' in result"
-
- # ============================================================
- - name: test assumed role with unprivileged action
- iam_role:
- aws_access_key: "{{ assumed_role.sts_creds.access_key }}"
- aws_secret_key: "{{ assumed_role.sts_creds.secret_key }}"
- security_token: "{{ assumed_role.sts_creds.session_token }}"
- name: "{{ iam_role_name }}-new"
- assume_role_policy_document: "{{ lookup('template','policy.json.j2') }}"
- state: present
- register: result
- ignore_errors: true
-
- - name: assert assumed role with unprivileged action (expect changed=false)
- assert:
- that:
- - 'result.failed'
- - "'is not authorized to perform: iam:CreateRole' in result.msg"
- # runs on Python2
- when: result.module_stderr is not defined
-
- - name: assert assumed role with unprivileged action (expect changed=false)
- assert:
- that:
- - 'result.failed'
- - "'is not authorized to perform: iam:CreateRole' in result.module_stderr"
- # runs on Python3
- when: result.module_stderr is defined
-
- # ============================================================
- always:
-
- - name: delete test iam role
- iam_role:
- name: "{{ iam_role_name }}"
- assume_role_policy_document: "{{ lookup('template','policy.json.j2') }}"
- delete_instance_profile: True
- managed_policy:
- - arn:aws:iam::aws:policy/IAMReadOnlyAccess
- state: absent
diff --git a/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/templates/policy.json.j2 b/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/templates/policy.json.j2
deleted file mode 100644
index 559562fd9..000000000
--- a/ansible_collections/community/aws/tests/integration/targets/sts_assume_role/templates/policy.json.j2
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Principal": {
- "AWS": "arn:aws:iam::{{ aws_account }}:root"
- },
- "Action": "sts:AssumeRole"
- }
- ]
-} \ No newline at end of file
diff --git a/ansible_collections/community/aws/tests/integration/targets/sts_session_token/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/sts_session_token/tasks/main.yml
index 6231119ec..c814cfd5f 100644
--- a/ansible_collections/community/aws/tests/integration/targets/sts_session_token/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/sts_session_token/tasks/main.yml
@@ -3,9 +3,9 @@
- module_defaults:
group/aws:
region: "{{ aws_region }}"
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
collections:
- amazon.aws
block:
@@ -54,9 +54,9 @@
- name: Get ARN of user when running with generated token
aws_caller_info:
- aws_access_key: "{{ token_details.sts_creds.access_key }}"
- aws_secret_key: "{{ token_details.sts_creds.secret_key }}"
- security_token: "{{ token_details.sts_creds.session_token }}"
+ access_key: "{{ token_details.sts_creds.access_key }}"
+ secret_key: "{{ token_details.sts_creds.secret_key }}"
+ session_token: "{{ token_details.sts_creds.session_token }}"
register: token_aws_caller_info
- assert:
diff --git a/ansible_collections/community/aws/tests/integration/targets/waf_web_acl/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/waf_web_acl/tasks/main.yml
index c176e7def..acbf1f29c 100644
--- a/ansible_collections/community/aws/tests/integration/targets/waf_web_acl/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/waf_web_acl/tasks/main.yml
@@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token | default(omit) }}'
+ access_key: '{{ aws_access_key }}'
+ secret_key: '{{ aws_secret_key }}'
+ session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
@@ -15,7 +15,7 @@
##################################################
- name: create WAF IP condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_ip_condition"
filters:
- ip_address: "10.0.0.0/8"
@@ -23,7 +23,7 @@
register: create_waf_ip_condition
- name: add an IP address to WAF condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_ip_condition"
filters:
- ip_address: "10.0.0.0/8"
@@ -37,7 +37,7 @@
- add_ip_address_to_waf_condition.condition.ip_set_descriptors|length == 2
- name: add an IP address to WAF condition (rely on purge_filters defaulting to false)
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_ip_condition"
filters:
- ip_address: "192.168.10.0/24"
@@ -51,7 +51,7 @@
- add_ip_address_to_waf_condition_no_purge.changed
- name: add an IP address to WAF condition (set purge_filters)
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_ip_condition"
filters:
- ip_address: "192.168.20.0/24"
@@ -66,7 +66,7 @@
- add_ip_address_to_waf_condition_purge.changed
- name: create WAF byte condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_byte_condition"
filters:
- field_to_match: header
@@ -77,7 +77,7 @@
register: create_waf_byte_condition
- name: recreate WAF byte condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_byte_condition"
filters:
- field_to_match: header
@@ -93,7 +93,7 @@
- not recreate_waf_byte_condition.changed
- name: create WAF geo condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_geo_condition"
filters:
- country: US
@@ -103,7 +103,7 @@
register: create_waf_geo_condition
- name: create WAF size condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_size_condition"
filters:
- field_to_match: query_string
@@ -113,7 +113,7 @@
register: create_waf_size_condition
- name: create WAF sql condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_sql_condition"
filters:
- field_to_match: query_string
@@ -122,7 +122,7 @@
register: create_waf_sql_condition
- name: create WAF xss condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_xss_condition"
filters:
- field_to_match: query_string
@@ -131,7 +131,7 @@
register: create_waf_xss_condition
- name: create WAF regex condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_regex_condition"
filters:
- field_to_match: query_string
@@ -145,7 +145,7 @@
register: create_waf_regex_condition
- name: create a second WAF regex condition with the same regex
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_regex_condition_part_2"
filters:
- field_to_match: header
@@ -169,7 +169,7 @@
- name: delete first WAF regex condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_regex_condition"
filters:
- field_to_match: query_string
@@ -184,7 +184,7 @@
register: delete_waf_regex_condition
- name: delete second WAF regex condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_regex_condition_part_2"
filters:
- field_to_match: header
@@ -200,7 +200,7 @@
register: delete_second_waf_regex_condition
- name: create WAF regex condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_regex_condition"
filters:
- field_to_match: query_string
@@ -221,7 +221,7 @@
create_waf_regex_condition.condition.regex_match_tuples[0].regex_pattern_set_id
- name: create WAF Regional IP condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_ip_condition"
filters:
- ip_address: "10.0.0.0/8"
@@ -231,7 +231,7 @@
register: create_waf_regional_ip_condition
- name: add an IP address to WAF Regional condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_ip_condition"
filters:
- ip_address: "10.0.0.0/8"
@@ -247,7 +247,7 @@
- add_ip_address_to_waf_regional_condition.condition.ip_set_descriptors|length == 2
- name: add an IP address to WAF Regional condition (rely on purge_filters defaulting to false)
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_ip_condition"
filters:
- ip_address: "192.168.10.0/24"
@@ -263,7 +263,7 @@
- add_ip_address_to_waf_regional_condition_no_purge.changed
- name: add an IP address to WAF Regional condition (set purge_filters)
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_ip_condition"
filters:
- ip_address: "192.168.20.0/24"
@@ -280,7 +280,7 @@
- add_ip_address_to_waf_regional_condition_purge.changed
- name: create WAF Regional byte condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_byte_condition"
filters:
- field_to_match: header
@@ -293,7 +293,7 @@
register: create_waf_regional_byte_condition
- name: recreate WAF Regional byte condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_byte_condition"
filters:
- field_to_match: header
@@ -311,7 +311,7 @@
- not recreate_waf_regional_byte_condition.changed
- name: create WAF Regional geo condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_geo_condition"
filters:
- country: US
@@ -323,7 +323,7 @@
register: create_waf_regional_geo_condition
- name: create WAF Regional size condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_size_condition"
filters:
- field_to_match: query_string
@@ -335,7 +335,7 @@
register: create_waf_regional_size_condition
- name: create WAF Regional sql condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_sql_condition"
filters:
- field_to_match: query_string
@@ -346,7 +346,7 @@
register: create_waf_regional_sql_condition
- name: create WAF Regional xss condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_xss_condition"
filters:
- field_to_match: query_string
@@ -357,7 +357,7 @@
register: create_waf_regional_xss_condition
- name: create WAF Regional regex condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_regex_condition"
filters:
- field_to_match: query_string
@@ -373,7 +373,7 @@
register: create_waf_regional_regex_condition
- name: create a second WAF Regional regex condition with the same regex
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_regex_condition_part_2"
filters:
- field_to_match: header
@@ -399,7 +399,7 @@
- name: delete first WAF Regional regex condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_regex_condition"
filters:
- field_to_match: query_string
@@ -416,7 +416,7 @@
register: delete_waf_regional_regex_condition
- name: delete second WAF Regional regex condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_regex_condition_part_2"
filters:
- field_to_match: header
@@ -434,7 +434,7 @@
register: delete_second_waf_regional_regex_condition
- name: create WAF Regional regex condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_regex_condition"
filters:
- field_to_match: query_string
@@ -461,7 +461,7 @@
##################################################
- name: create WAF rule
- aws_waf_rule:
+ waf_rule:
name: "{{ resource_prefix }}_rule"
conditions:
- name: "{{ resource_prefix }}_regex_condition"
@@ -483,7 +483,7 @@
- create_aws_waf_rule.rule.predicates|length == 3
- name: recreate WAF rule
- aws_waf_rule:
+ waf_rule:
name: "{{ resource_prefix }}_rule"
conditions:
- name: "{{ resource_prefix }}_regex_condition"
@@ -504,7 +504,7 @@
- create_aws_waf_rule.rule.predicates|length == 3
- name: add further WAF rules relying on purge_conditions defaulting to false
- aws_waf_rule:
+ waf_rule:
name: "{{ resource_prefix }}_rule"
conditions:
- name: "{{ resource_prefix }}_ip_condition"
@@ -525,7 +525,7 @@
- add_conditions_to_aws_waf_rule.rule.predicates|length == 6
- name: remove some rules through purging conditions
- aws_waf_rule:
+ waf_rule:
name: "{{ resource_prefix }}_rule"
conditions:
- name: "{{ resource_prefix }}_ip_condition"
@@ -550,7 +550,7 @@
- add_and_remove_waf_rule_conditions.rule.predicates|length == 4
- name: attempt to remove an in use condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_size_condition"
type: size
state: absent
@@ -561,10 +561,10 @@
assert:
that:
- remove_in_use_condition.failed
- - "'Condition {{ resource_prefix }}_size_condition is in use' in remove_in_use_condition.msg"
+ - "'Condition ' ~ resource_prefix ~ '_size_condition is in use' in remove_in_use_condition.msg"
- name: create WAF Regional rule
- aws_waf_rule:
+ waf_rule:
name: "{{ resource_prefix }}_rule"
conditions:
- name: "{{ resource_prefix }}_regex_condition"
@@ -588,7 +588,7 @@
- create_aws_waf_regional_rule.rule.predicates|length == 3
- name: recreate WAF Regional rule
- aws_waf_rule:
+ waf_rule:
name: "{{ resource_prefix }}_rule"
conditions:
- name: "{{ resource_prefix }}_regex_condition"
@@ -611,7 +611,7 @@
- create_aws_waf_regional_rule.rule.predicates|length == 3
- name: add further WAF Regional rules relying on purge_conditions defaulting to false
- aws_waf_rule:
+ waf_rule:
name: "{{ resource_prefix }}_rule"
conditions:
- name: "{{ resource_prefix }}_ip_condition"
@@ -634,7 +634,7 @@
- add_conditions_to_aws_waf_regional_rule.rule.predicates|length == 6
- name: remove some rules through purging conditions
- aws_waf_rule:
+ waf_rule:
name: "{{ resource_prefix }}_rule"
conditions:
- name: "{{ resource_prefix }}_ip_condition"
@@ -661,7 +661,7 @@
- add_and_remove_waf_regional_rule_conditions.rule.predicates|length == 4
- name: attempt to remove an WAF Regional in use condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_size_condition"
type: size
state: absent
@@ -674,14 +674,14 @@
assert:
that:
- remove_in_use_condition.failed
- - "'Condition {{ resource_prefix }}_size_condition is in use' in remove_in_use_condition.msg"
+ - "'Condition ' ~ resource_prefix ~ '_size_condition is in use' in remove_in_use_condition.msg"
##################################################
# aws_waf_web_acl tests
##################################################
- name: create web ACL
- aws_waf_web_acl:
+ waf_web_acl:
name: "{{ resource_prefix }}_web_acl"
rules:
- name: "{{ resource_prefix }}_rule"
@@ -693,7 +693,7 @@
register: create_web_acl
- name: recreate web acl
- aws_waf_web_acl:
+ waf_web_acl:
name: "{{ resource_prefix }}_web_acl"
rules:
- name: "{{ resource_prefix }}_rule"
@@ -710,7 +710,7 @@
- recreate_web_acl.web_acl.rules|length == 1
- name: create a second WAF rule
- aws_waf_rule:
+ waf_rule:
name: "{{ resource_prefix }}_rule_2"
conditions:
- name: "{{ resource_prefix }}_ip_condition"
@@ -724,7 +724,7 @@
negated: no
- name: add a new rule to the web acl
- aws_waf_web_acl:
+ waf_web_acl:
name: "{{ resource_prefix }}_web_acl"
rules:
- name: "{{ resource_prefix }}_rule_2"
@@ -741,7 +741,7 @@
- web_acl_add_rule.web_acl.rules|length == 2
- name: use purge rules to remove the first rule
- aws_waf_web_acl:
+ waf_web_acl:
name: "{{ resource_prefix }}_web_acl"
rules:
- name: "{{ resource_prefix }}_rule_2"
@@ -759,7 +759,7 @@
- web_acl_add_rule.web_acl.rules|length == 1
- name: swap two rules of same priority
- aws_waf_web_acl:
+ waf_web_acl:
name: "{{ resource_prefix }}_web_acl"
rules:
- name: "{{ resource_prefix }}_rule"
@@ -771,7 +771,7 @@
register: web_acl_swap_rule
- name: attempt to delete the inuse first rule
- aws_waf_rule:
+ waf_rule:
name: "{{ resource_prefix }}_rule"
state: absent
ignore_errors: yes
@@ -783,7 +783,7 @@
- remove_inuse_rule.failed
- name: delete the web acl
- aws_waf_web_acl:
+ waf_web_acl:
name: "{{ resource_prefix }}_web_acl"
state: absent
register: delete_web_acl
@@ -795,12 +795,12 @@
- not delete_web_acl.web_acl
- name: delete the no longer in use first rule
- aws_waf_rule:
+ waf_rule:
name: "{{ resource_prefix }}_rule"
state: absent
- name: create WAF Regional web ACL
- aws_waf_web_acl:
+ waf_web_acl:
name: "{{ resource_prefix }}_web_acl"
rules:
- name: "{{ resource_prefix }}_rule"
@@ -814,7 +814,7 @@
register: create_waf_regional_web_acl
- name: recreate WAF Regional web acl
- aws_waf_web_acl:
+ waf_web_acl:
name: "{{ resource_prefix }}_web_acl"
rules:
- name: "{{ resource_prefix }}_rule"
@@ -833,7 +833,7 @@
- recreate_waf_regional_web_acl.web_acl.rules|length == 1
- name: create a second WAF Regional rule
- aws_waf_rule:
+ waf_rule:
name: "{{ resource_prefix }}_rule_2"
conditions:
- name: "{{ resource_prefix }}_ip_condition"
@@ -849,7 +849,7 @@
waf_regional: true
- name: add a new rule to the WAF Regional web acl
- aws_waf_web_acl:
+ waf_web_acl:
name: "{{ resource_prefix }}_web_acl"
rules:
- name: "{{ resource_prefix }}_rule_2"
@@ -868,7 +868,7 @@
- waf_regional_web_acl_add_rule.web_acl.rules|length == 2
- name: use purge rules to remove the WAF Regional first rule
- aws_waf_web_acl:
+ waf_web_acl:
name: "{{ resource_prefix }}_web_acl"
rules:
- name: "{{ resource_prefix }}_rule_2"
@@ -888,7 +888,7 @@
- waf_regional_web_acl_add_rule.web_acl.rules|length == 1
- name: swap two WAF Regional rules of same priority
- aws_waf_web_acl:
+ waf_web_acl:
name: "{{ resource_prefix }}_web_acl"
rules:
- name: "{{ resource_prefix }}_rule"
@@ -902,7 +902,7 @@
register: waf_regional_web_acl_swap_rule
- name: attempt to delete the WAF Regional inuse first rule
- aws_waf_rule:
+ waf_rule:
name: "{{ resource_prefix }}_rule"
state: absent
region: "{{ aws_region }}"
@@ -916,7 +916,7 @@
- remove_waf_regional_inuse_rule.failed
- name: delete the WAF Regional web acl
- aws_waf_web_acl:
+ waf_web_acl:
name: "{{ resource_prefix }}_web_acl"
state: absent
region: "{{ aws_region }}"
@@ -930,7 +930,7 @@
- not delete_waf_regional_web_acl.web_acl
- name: delete the no longer in use WAF Regional first rule
- aws_waf_rule:
+ waf_rule:
name: "{{ resource_prefix }}_rule"
state: absent
region: "{{ aws_region }}"
@@ -945,84 +945,84 @@
msg: "****** TEARDOWN STARTS HERE ******"
- name: delete the web acl
- aws_waf_web_acl:
+ waf_web_acl:
name: "{{ resource_prefix }}_web_acl"
state: absent
purge_rules: yes
ignore_errors: yes
- name: remove second WAF rule
- aws_waf_rule:
+ waf_rule:
name: "{{ resource_prefix }}_rule_2"
state: absent
purge_conditions: yes
ignore_errors: yes
- name: remove WAF rule
- aws_waf_rule:
+ waf_rule:
name: "{{ resource_prefix }}_rule"
state: absent
purge_conditions: yes
ignore_errors: yes
- name: remove XSS condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_xss_condition"
type: xss
state: absent
ignore_errors: yes
- name: remove SQL condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_sql_condition"
type: sql
state: absent
ignore_errors: yes
- name: remove size condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_size_condition"
type: size
state: absent
ignore_errors: yes
- name: remove geo condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_geo_condition"
type: geo
state: absent
ignore_errors: yes
- name: remove byte condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_byte_condition"
type: byte
state: absent
ignore_errors: yes
- name: remove ip address condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_ip_condition"
type: ip
state: absent
ignore_errors: yes
- name: remove regex part 2 condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_regex_condition_part_2"
type: regex
state: absent
ignore_errors: yes
- name: remove first regex condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_regex_condition"
type: regex
state: absent
ignore_errors: yes
- name: delete the WAF Regional web acl
- aws_waf_web_acl:
+ waf_web_acl:
name: "{{ resource_prefix }}_web_acl"
state: absent
purge_rules: yes
@@ -1031,7 +1031,7 @@
ignore_errors: yes
- name: remove second WAF Regional rule
- aws_waf_rule:
+ waf_rule:
name: "{{ resource_prefix }}_rule_2"
state: absent
purge_conditions: yes
@@ -1040,7 +1040,7 @@
ignore_errors: yes
- name: remove WAF Regional rule
- aws_waf_rule:
+ waf_rule:
name: "{{ resource_prefix }}_rule"
state: absent
purge_conditions: yes
@@ -1049,7 +1049,7 @@
ignore_errors: yes
- name: remove WAF Regional XSS condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_xss_condition"
type: xss
state: absent
@@ -1058,7 +1058,7 @@
ignore_errors: yes
- name: remove WAF Regional SQL condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_sql_condition"
type: sql
state: absent
@@ -1067,7 +1067,7 @@
ignore_errors: yes
- name: remove WAF Regional size condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_size_condition"
type: size
state: absent
@@ -1076,7 +1076,7 @@
ignore_errors: yes
- name: remove WAF Regional geo condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_geo_condition"
type: geo
state: absent
@@ -1085,7 +1085,7 @@
ignore_errors: yes
- name: remove WAF Regional byte condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_byte_condition"
type: byte
state: absent
@@ -1094,7 +1094,7 @@
ignore_errors: yes
- name: remove WAF Regional ip address condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_ip_condition"
type: ip
state: absent
@@ -1103,7 +1103,7 @@
ignore_errors: yes
- name: remove WAF Regional regex part 2 condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_regex_condition_part_2"
type: regex
state: absent
@@ -1112,7 +1112,7 @@
ignore_errors: yes
- name: remove first WAF Regional regex condition
- aws_waf_condition:
+ waf_condition:
name: "{{ resource_prefix }}_regex_condition"
type: regex
state: absent
diff --git a/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/alb.yml b/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/alb.yml
index 32aeb376a..c56ad6d46 100644
--- a/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/alb.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/alb.yml
@@ -63,7 +63,7 @@
gateway_id: '{{ igw.gateway_id }}'
register: route_table
-- ec2_group:
+- ec2_security_group:
name: '{{ resource_prefix }}'
description: security group for Ansible ALB integration tests
state: present
diff --git a/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/main.yml
index 547c4c151..a536cf405 100644
--- a/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/main.yml
@@ -1,9 +1,9 @@
---
- module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:
@@ -103,10 +103,6 @@
#########################
- name: destroy ALB
elb_application_lb:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token }}'
- region: '{{ aws_region }}'
name: '{{ alb_name }}'
state: absent
wait: true
@@ -115,10 +111,6 @@
- name: destroy target group if it was created
elb_target_group:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token }}'
- region: '{{ aws_region }}'
name: '{{ tg_name }}'
protocol: http
port: 80
@@ -134,11 +126,7 @@
ignore_errors: true
- name: destroy sec group
- ec2_group:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token }}'
- region: '{{ aws_region }}'
+ ec2_security_group:
name: '{{ sec_group.group_name }}'
description: security group for Ansible ALB integration tests
state: absent
@@ -151,10 +139,6 @@
- name: remove route table
ec2_vpc_route_table:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token }}'
- region: '{{ aws_region }}'
vpc_id: '{{ vpc.vpc.id }}'
route_table_id: '{{ route_table.route_table.route_table_id }}'
lookup: id
@@ -167,10 +151,6 @@
- name: destroy subnets
ec2_vpc_subnet:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token }}'
- region: '{{ aws_region }}'
cidr: '{{ item.cidr }}'
vpc_id: '{{ vpc.vpc.id }}'
state: absent
@@ -187,10 +167,6 @@
- name: destroy internet gateway
ec2_vpc_igw:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token }}'
- region: '{{ aws_region }}'
vpc_id: '{{ vpc.vpc.id }}'
tags:
Name: '{{ resource_prefix }}'
@@ -203,10 +179,6 @@
- name: destroy VPC
ec2_vpc_net:
- aws_access_key: '{{ aws_access_key }}'
- aws_secret_key: '{{ aws_secret_key }}'
- security_token: '{{ security_token }}'
- region: '{{ aws_region }}'
cidr_block: 10.228.228.0/22
name: '{{ resource_prefix }}_vpc'
state: absent
diff --git a/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/rule_group.yml b/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/rule_group.yml
index 6ec46f5dd..7648504be 100644
--- a/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/rule_group.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/wafv2/tasks/rule_group.yml
@@ -79,7 +79,6 @@
- name: rule group info
wafv2_rule_group_info:
name: "{{ rule_group_name }}"
- state: present
scope: REGIONAL
register: out
@@ -554,7 +553,6 @@
- name: rule group info
wafv2_rule_group_info:
name: "{{ rule_group_name }}"
- state: present
scope: REGIONAL
register: out
@@ -671,7 +669,6 @@
- name: rule group info
wafv2_rule_group_info:
name: "{{ rule_group_name }}"
- state: present
scope: REGIONAL
register: out
diff --git a/ansible_collections/community/aws/tests/integration/targets/wafv2_ip_set/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/wafv2_ip_set/tasks/main.yml
index f7afc5b93..6fcf4438c 100644
--- a/ansible_collections/community/aws/tests/integration/targets/wafv2_ip_set/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/wafv2_ip_set/tasks/main.yml
@@ -1,9 +1,9 @@
---
- module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:
- name: check_mode create ip set
diff --git a/ansible_collections/community/aws/tests/integration/targets/wafv2_rule_group/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/wafv2_rule_group/tasks/main.yml
index 630d5de29..b2a2fcd8c 100644
--- a/ansible_collections/community/aws/tests/integration/targets/wafv2_rule_group/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/wafv2_rule_group/tasks/main.yml
@@ -1,9 +1,9 @@
---
- module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:
####################################
@@ -87,7 +87,6 @@
- name: rule group info
wafv2_rule_group_info:
name: "{{ rule_group_name }}"
- state: present
scope: REGIONAL
register: out
@@ -562,7 +561,6 @@
- name: rule group info
wafv2_rule_group_info:
name: "{{ rule_group_name }}"
- state: present
scope: REGIONAL
register: out
@@ -679,7 +677,6 @@
- name: rule group info
wafv2_rule_group_info:
name: "{{ rule_group_name }}"
- state: present
scope: REGIONAL
register: out
diff --git a/ansible_collections/community/aws/tests/integration/targets/wafv2_web_acl/tasks/main.yml b/ansible_collections/community/aws/tests/integration/targets/wafv2_web_acl/tasks/main.yml
index 9d44e2b77..64544fd50 100644
--- a/ansible_collections/community/aws/tests/integration/targets/wafv2_web_acl/tasks/main.yml
+++ b/ansible_collections/community/aws/tests/integration/targets/wafv2_web_acl/tasks/main.yml
@@ -1,9 +1,9 @@
---
- module_defaults:
group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
+ access_key: "{{ aws_access_key }}"
+ secret_key: "{{ aws_secret_key }}"
+ session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block: