diff options
Diffstat (limited to 'ansible_collections/azure/azcollection/tests/integration')
52 files changed, 1157 insertions, 533 deletions
diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_accesstoken_info/aliases b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_accesstoken_info/aliases new file mode 100644 index 000000000..3c63edec5 --- /dev/null +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_accesstoken_info/aliases @@ -0,0 +1,3 @@ +cloud/azure +shippable/azure/group15 +destructive diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_accesstoken_info/meta/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_accesstoken_info/meta/main.yml new file mode 100644 index 000000000..95e1952f9 --- /dev/null +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_accesstoken_info/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - setup_azure diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_accesstoken_info/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_accesstoken_info/tasks/main.yml new file mode 100644 index 000000000..dbe625871 --- /dev/null +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_accesstoken_info/tasks/main.yml @@ -0,0 +1,13 @@ +- name: Get access token for graphql + azure.azcollection.azure_rm_accesstoken_info: + scopes: + - https://graph.microsoft.com/.default + register: result + +- name: Assert the facts + ansible.builtin.assert: + that: + - result is not changed + - result is not failed + - "'access_token' in result" + - "'expires_on' in result" diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_adapplication/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_adapplication/tasks/main.yml index 99813a48d..d19e0b8cd 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_adapplication/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_adapplication/tasks/main.yml @@ -1,12 +1,10 @@ - name: Set variables ansible.builtin.set_fact: - tenant_id: "{{ azure_tenant }}" display_name: "app{{ resource_group | hash('sha1') | truncate(20, True, '') }}" run_once: true - name: Create application azure_rm_adapplication: - tenant: "{{ tenant_id }}" display_name: "{{ display_name }}" register: create_output @@ -16,7 +14,6 @@ - name: Create application again idempotent test azure_rm_adapplication: - tenant: "{{ tenant_id }}" app_id: "{{ create_output.app_id }}" register: output @@ -26,9 +23,8 @@ - name: Create application with more parameter azure_rm_adapplication: - tenant: "{{ tenant_id }}" display_name: "{{ display_name }}-01" - available_to_other_tenants: false + sign_in_audience: AzureADandPersonalMicrosoftAccount credential_description: "for test" end_date: 2021-10-01 start_date: 2021-05-18 @@ -50,25 +46,29 @@ - name: Get ad app info by object id azure_rm_adapplication_info: object_id: "{{ create_output.object_id }}" - tenant: "{{ tenant_id }}" register: output - name: Get ad app info by app id azure_rm_adapplication_info: app_id: "{{ create_output.app_id }}" - tenant: "{{ tenant_id }}" register: output +- name: Get ad app info by display name + azure_rm_adapplication_info: + app_display_name: "{{ create_output.app_display_name }}" + register: display_name_test_output + - name: Assert the application facts ansible.builtin.assert: that: - output.applications[0].app_display_name == "{{ display_name }}" - output.applications | length == 1 + - display_name_test_output.applications[0].app_display_name == "{{ display_name }}" + - display_name_test_output.applications | length == 1 - name: Delete ad app by app id azure_rm_adapplication: app_id: "{{ create_output.app_id }}" - tenant: "{{ tenant_id }}" state: absent register: output @@ -79,7 +79,6 @@ - name: Delete ad app by app id azure_rm_adapplication: app_id: "{{ second_output.app_id }}" - tenant: "{{ tenant_id }}" state: absent register: output @@ -90,7 +89,6 @@ - name: Get ad app info by app id azure_rm_adapplication_info: app_id: "{{ create_output.app_id }}" - tenant: "{{ tenant_id }}" register: output - name: Assert there is no application diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_adgroup/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_adgroup/tasks/main.yml index b10580e65..9415c6ee3 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_adgroup/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_adgroup/tasks/main.yml @@ -1,6 +1,5 @@ - name: Set variables ansible.builtin.set_fact: - tenant_id: "{{ azure_tenant }}" resource_prefix: "{{ 999999999999999999994 | random | to_uuid }}" run_once: true @@ -8,24 +7,23 @@ azure_rm_adgroup_info: attribute_name: "displayName" attribute_value: "{{ resource_prefix }}-Group-Root" - tenant: "{{ tenant_id }}" register: get_nonexistent_group_display_name_shouldfail failed_when: - get_nonexistent_group_display_name_shouldfail.ad_groups != [] - name: Create Group Root azure_rm_adgroup: - tenant: "{{ tenant_id }}" display_name: "{{ resource_prefix }}-Group-Root" mail_nickname: "{{ resource_prefix }}-Group-Root" + description: 'for test' state: 'present' register: group_create_changed_shouldpass - name: Create Group Should Return Not Changed azure_rm_adgroup: - tenant: "{{ tenant_id }}" display_name: "{{ resource_prefix }}-Group-Root" mail_nickname: "{{ resource_prefix }}-Group-Root" + description: 'for test' state: 'present' register: group_create_unchanged_shouldpass @@ -43,17 +41,16 @@ - name: Return previously created group using object_id azure_rm_adgroup_info: object_id: "{{ group_create_unchanged_shouldpass.object_id }}" - tenant: "{{ tenant_id }}" register: get_created_object_id_shouldpass - name: Assert Returns are Equal to Created Group ansible.builtin.assert: that: - get_created_object_id_shouldpass.ad_groups[0].object_id == group_create_unchanged_shouldpass.object_id + - get_created_object_id_shouldpass.ad_groups[0].description == 'for test' - name: Create Group Member 1 azure_rm_adgroup: - tenant: "{{ tenant_id }}" display_name: "{{ resource_prefix }}-Group-Member-1" mail_nickname: "{{ resource_prefix }}-Group-Member-1" state: 'present' @@ -61,7 +58,6 @@ - name: Create Group Member 2 azure_rm_adgroup: - tenant: "{{ tenant_id }}" display_name: "{{ resource_prefix }}-Group-Member-2" mail_nickname: "{{ resource_prefix }}-Group-Member-2" state: 'present' @@ -69,13 +65,12 @@ - name: Ensure member is in group using display_name and mail_nickname azure_rm_adgroup: - tenant: "{{ tenant_id }}" display_name: "{{ resource_prefix }}-Group-Root" mail_nickname: "{{ resource_prefix }}-Group-Root" state: 'present' present_members: - - "https://graph.windows.net/{{ tenant_id }}/directoryObjects/{{ create_pass_first.object_id }}" - - "https://graph.windows.net/{{ tenant_id }}/directoryObjects/{{ create_pass_second.object_id }}" + - "{{ create_pass_first.object_id }}" + - "{{ create_pass_second.object_id }}" register: add_pass - name: Validate members are in the group @@ -86,11 +81,10 @@ - name: Ensure member is in group that is already present using object_id azure_rm_adgroup: - tenant: "{{ tenant_id }}" object_id: "{{ group_create_changed_shouldpass.object_id }}" state: 'present' present_members: - - "https://graph.windows.net/{{ tenant_id }}/directoryObjects/{{ create_pass_first.object_id }}" + - "{{ create_pass_first.object_id }}" register: add_already_present_member_to_group_shouldpass - name: Validate nothing changed from already present member @@ -100,7 +94,6 @@ - name: Ensure member is not in group using object_id azure_rm_adgroup: - tenant: "{{ tenant_id }}" object_id: "{{ group_create_changed_shouldpass.object_id }}" state: 'present' absent_members: @@ -115,7 +108,6 @@ - name: Ensure member is not in group that is already not in group using display_name and mail_nickname azure_rm_adgroup: - tenant: "{{ tenant_id }}" display_name: "{{ resource_prefix }}-Group-Root" mail_nickname: "{{ resource_prefix }}-Group-Root" state: 'present' @@ -131,14 +123,12 @@ - name: Return a specific group using object_id azure_rm_adgroup_info: object_id: "{{ group_create_changed_shouldpass.object_id }}" - tenant: "{{ tenant_id }}" register: object_id_shouldpass - name: Return a specific group using object_id and return_owners azure_rm_adgroup_info: object_id: "{{ group_create_changed_shouldpass.object_id }}" return_owners: true - tenant: "{{ tenant_id }}" register: object_id_return_owners_shouldpass - name: Return a specific group using object_id and return_owners and return_group_members @@ -146,41 +136,35 @@ object_id: "{{ group_create_changed_shouldpass.object_id }}" return_owners: true return_group_members: true - tenant: "{{ tenant_id }}" register: object_id_return_owners_and_group_members_shouldpass - name: Return a specific group using object_id and member_groups azure_rm_adgroup_info: object_id: "{{ group_create_changed_shouldpass.object_id }}" return_member_groups: true - tenant: "{{ tenant_id }}" register: object_id_return_member_groups_shouldpass - name: Return a specific group using object_id and check_membership azure_rm_adgroup_info: object_id: "{{ group_create_changed_shouldpass.object_id }}" check_membership: "{{ create_pass_first.object_id }}" - tenant: "{{ tenant_id }}" register: object_id_return_check_membership_shouldpass - name: Return a specific group using displayName attribute azure_rm_adgroup_info: attribute_name: "displayName" attribute_value: "{{ group_create_changed_shouldpass.display_name }}" - tenant: "{{ tenant_id }}" register: displayname_attribute_shouldpass - name: Return a specific group using mailNickname filter azure_rm_adgroup_info: odata_filter: "mailNickname eq '{{ group_create_changed_shouldpass.mail_nickname }}'" - tenant: "{{ tenant_id }}" register: mailnickname_filter_shouldpass - name: Return a different group using displayName attribute azure_rm_adgroup_info: attribute_name: "displayName" attribute_value: "{{ create_pass_second.display_name }}" - tenant: "{{ tenant_id }}" register: displayname_attribute_different_shouldpass - name: Assert All Returns Are Equal @@ -196,7 +180,6 @@ - name: Delete group Group Root on object_id azure_rm_adgroup: - tenant: "{{ tenant_id }}" object_id: "{{ group_create_unchanged_shouldpass.object_id }}" state: 'absent' register: group_delete_group_root_shouldpass @@ -204,14 +187,12 @@ - name: Try to return now deleted group Group Root using object_id azure_rm_adgroup_info: object_id: "{{ group_create_unchanged_shouldpass.object_id }}" - tenant: "{{ tenant_id }}" register: get_deleted_object_group_root_shouldfail failed_when: - - '"failed to get ad group info Resource" not in get_deleted_object_group_root_shouldfail.msg' + - '"does not exist or one of its queried" not in get_deleted_object_group_root_shouldfail.msg' - name: Delete group Group Member 1 on object_id azure_rm_adgroup: - tenant: "{{ tenant_id }}" object_id: "{{ create_pass_first.object_id }}" state: 'absent' register: group_delete_group_member_1_shouldpass @@ -219,14 +200,12 @@ - name: Try to return now deleted group Group Member 1 using object_id azure_rm_adgroup_info: object_id: "{{ create_pass_first.object_id }}" - tenant: "{{ tenant_id }}" register: get_deleted_object_group_member_1_shouldfail failed_when: - - '"failed to get ad group info Resource" not in get_deleted_object_group_member_1_shouldfail.msg' + - '"does not exist or one of its queried" not in get_deleted_object_group_member_1_shouldfail.msg' - name: Delete group Group Member 2 on object_id azure_rm_adgroup: - tenant: "{{ tenant_id }}" object_id: "{{ create_pass_second.object_id }}" state: 'absent' register: group_delete_group_member_2_shouldpass @@ -234,7 +213,6 @@ - name: Try to return now deleted group Group Member 2 using object_id azure_rm_adgroup_info: object_id: "{{ create_pass_second.object_id }}" - tenant: "{{ tenant_id }}" register: get_deleted_object_group_member_2_shouldfail failed_when: - - '"failed to get ad group info Resource" not in get_deleted_object_group_member_2_shouldfail.msg' + - '"does not exist or one of its queried" not in get_deleted_object_group_member_2_shouldfail.msg' diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_adpassword/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_adpassword/tasks/main.yml index f430af17f..60c78ea80 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_adpassword/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_adpassword/tasks/main.yml @@ -1,14 +1,11 @@ - name: Set variables ansible.builtin.set_fact: app_id: "e0a62513-1d81-480e-a6dc-5c99cdd58d9a" - tenant_id: "72f988bf-86f1-41af-91ab-2d7cd011db47" app_object_id: "b52e8275-a1ee-4c4a-86ff-15992e0920ed" - name: Create first ad password by app_id azure_rm_adpassword: app_id: "{{ app_id }}" - value: "Password@032900001" - tenant: "{{ tenant_id }}" state: present register: ad_fact @@ -19,8 +16,6 @@ - name: Create second ad password by app_object_id azure_rm_adpassword: - value: "Password@032900002" - tenant: "{{ tenant_id }}" app_object_id: "{{ app_object_id }}" state: present register: ad_fact02 @@ -33,12 +28,10 @@ - name: Create ad service principal azure_rm_adserviceprincipal: app_id: "{{ app_id }}" - tenant: "{{ tenant_id }}" state: present - name: Get ad service principal info azure_rm_adserviceprincipal_info: - tenant: "{{ tenant_id }}" app_id: "{{ app_id }}" register: sp_info - name: Print Service principals facts @@ -47,8 +40,6 @@ - name: Create third ad password by service_principal_object_id azure_rm_adpassword: - value: "Password@032900003" - tenant: "{{ tenant_id }}" service_principal_object_id: "{{ sp_info.service_principals[0].object_id }}" state: present register: ad_fact03 @@ -61,8 +52,6 @@ - name: Can't update ad password azure_rm_adpassword: app_id: "{{ app_id }}" - value: "Password@032900003" - tenant: "{{ tenant_id }}" key_id: "{{ ad_fact.key_id }}" app_object_id: "{{ app_object_id }}" state: present @@ -72,7 +61,6 @@ - name: Get ad password info azure_rm_adpassword_info: app_id: "{{ app_id }}" - tenant: "{{ tenant_id }}" key_id: "{{ ad_fact.key_id }}" app_object_id: "{{ app_object_id }}" register: ad_info @@ -87,7 +75,6 @@ azure_rm_adpassword: app_id: "{{ app_id }}" key_id: "{{ ad_fact.key_id }}" - tenant: "{{ tenant_id }}" app_object_id: "{{ app_object_id }}" state: absent register: output @@ -100,7 +87,6 @@ - name: Delete all ad password azure_rm_adpassword: app_id: "{{ app_id }}" - tenant: "{{ tenant_id }}" app_object_id: "{{ app_object_id }}" state: absent register: output diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_adserviceprincipal/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_adserviceprincipal/tasks/main.yml index b138740d6..a861afb7b 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_adserviceprincipal/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_adserviceprincipal/tasks/main.yml @@ -1,18 +1,15 @@ - name: Set variables ansible.builtin.set_fact: app_id: "e0a62513-1d81-480e-a6dc-5c99cdd58d9a" - tenant_id: "72f988bf-86f1-41af-91ab-2d7cd011db47" - name: Delete ad service principal azure_rm_adserviceprincipal: app_id: "{{ app_id }}" - tenant: "{{ tenant_id }}" state: absent - name: Create ad service principal azure_rm_adserviceprincipal: app_id: "{{ app_id }}" - tenant: "{{ tenant_id }}" state: present register: ad_fact @@ -24,7 +21,6 @@ - name: Create ad service principal (idempontent) azure_rm_adserviceprincipal: app_id: "{{ app_id }}" - tenant: "{{ tenant_id }}" state: present register: output @@ -36,7 +32,6 @@ - name: Get ad service principal info by app_id azure_rm_adserviceprincipal_info: app_id: "{{ app_id }}" - tenant: "{{ tenant_id }}" register: ad_info - name: Assert The ad service principals facts @@ -48,14 +43,12 @@ - name: Update ad service principal app_role_assignmentrequired to True azure_rm_adserviceprincipal: app_id: "{{ app_id }}" - tenant: "{{ tenant_id }}" app_role_assignment_required: true state: present register: output - name: Get ad service principal info by object_id azure_rm_adserviceprincipal_info: - tenant: "{{ tenant_id }}" object_id: "{{ ad_info.service_principals[0].object_id }}" register: ad_info @@ -68,7 +61,6 @@ - name: Delete ad service principal azure_rm_adserviceprincipal: app_id: "{{ app_id }}" - tenant: "{{ tenant_id }}" state: absent register: output diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_aduser/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_aduser/tasks/main.yml index e3c9225e6..c02a263bb 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_aduser/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_aduser/tasks/main.yml @@ -1,6 +1,5 @@ - name: Prepare facts ansible.builtin.set_fact: - tenant_id: "{{ azure_tenant }}" user_id: "user{{ 999999999999999999994 | random | to_uuid }}@contoso.com" object_id: "{{ 999999999999999999994 | random | to_uuid }}" user_principal_name: "{{ 999999999999999999994 | random | to_uuid }}" @@ -9,7 +8,6 @@ - name: Create test user azure_rm_aduser: user_principal_name: "{{ user_id }}" - tenant: "{{ tenant_id }}" state: "present" account_enabled: true display_name: "Test_{{ user_principal_name }}_Display_Name" @@ -26,7 +24,6 @@ - name: Try to update existing user - idempotent check azure_rm_aduser: user_principal_name: "{{ user_id }}" - tenant: "{{ tenant_id }}" state: "present" display_name: "Test_{{ user_principal_name }}_Display_Name" mail_nickname: "Test_{{ user_principal_name }}_mail_nickname" @@ -43,7 +40,6 @@ - name: User_principal_name Should Pass azure_rm_aduser_info: user_principal_name: "{{ user_id }}" - tenant: "{{ tenant_id }}" register: get_user_should_pass - name: Assert user was created and account is enabled @@ -55,7 +51,6 @@ - name: Update test user azure_rm_aduser: user_principal_name: "{{ user_id }}" - tenant: "{{ tenant_id }}" state: "present" account_enabled: false register: update_user_should_pass @@ -63,7 +58,6 @@ - name: User_principal_name on updated user Should Pass azure_rm_aduser_info: user_principal_name: "{{ user_id }}" - tenant: "{{ tenant_id }}" register: get_updated_user_should_pass - name: Assert user was updated and account is disabled @@ -75,14 +69,12 @@ - name: Delete test user azure_rm_aduser: user_principal_name: "{{ user_id }}" - tenant: "{{ tenant_id }}" state: "absent" register: delete_user_should_pass - name: User_principal_name Should Fail azure_rm_aduser_info: user_principal_name: "{{ user_id }}" - tenant: "{{ tenant_id }}" register: get_user_should_fail ignore_errors: true @@ -91,21 +83,8 @@ that: - "get_user_should_fail['failed'] == True" -- name: Run with bad tenant Should Fail - azure_rm_aduser_info: - user_principal_name: "{{ user_id }}" - tenant: None - register: missing_tenant - ignore_errors: true - -- name: Assert task failed - ansible.builtin.assert: - that: - - "missing_tenant['failed'] == True" - - name: Missing any identifiers Should Fail azure_rm_aduser_info: - tenant: "{{ tenant_id }}" register: missing_any_identifiers ignore_errors: true @@ -118,7 +97,6 @@ azure_rm_aduser_info: user_principal_name: "{{ user_id }}" object_id: "{{ object_id }}" - tenant: "{{ tenant_id }}" register: too_many_identifiers ignore_errors: true @@ -130,7 +108,6 @@ - name: Missing attribute_value Should Fail azure_rm_aduser_info: attribute_name: proxyAddresses - tenant: "{{ tenant_id }}" register: missing_attribute_value ignore_errors: true @@ -142,7 +119,6 @@ - name: Missing attribute_name Should Fail azure_rm_aduser_info: attribute_value: SMTP:user@contoso.com - tenant: "{{ tenant_id }}" register: missing_attribute_name ignore_errors: true @@ -155,7 +131,6 @@ azure_rm_aduser_info: all: true user_principal_name: "{{ user_id }}" - tenant: "{{ tenant_id }}" register: using_all_with_principal_name ignore_errors: true diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_aksagentpool/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_aksagentpool/tasks/main.yml index 26f71c211..7c255f9ad 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_aksagentpool/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_aksagentpool/tasks/main.yml @@ -33,6 +33,42 @@ outbound_type: loadBalancer register: output +- name: Get managecluster admin credentials + azure_rm_akscredentials_info: + resource_group: "{{ resource_group }}" + cluster_name: "min{{ rpfx }}" + show_admin_credentials: true + register: output + +- name: Verify that the cluster credentials are successfully obtained + ansible.builtin.assert: + that: + - output.cluster_credentials | length == 1 + +- name: Get managecluster user credentials + azure_rm_akscredentials_info: + resource_group: "{{ resource_group }}" + cluster_name: "min{{ rpfx }}" + show_user_credentials: true + register: output + +- name: Verify that the cluster credentials are successfully obtained + ansible.builtin.assert: + that: + - output.cluster_credentials | length == 1 + +- name: Get managecluster monitor user credentials + azure_rm_akscredentials_info: + resource_group: "{{ resource_group }}" + cluster_name: "min{{ rpfx }}" + show_monitor_credentials: true + register: output + +- name: Verify that the cluster credentials are successfully obtained + ansible.builtin.assert: + that: + - output.cluster_credentials | length == 1 + - name: Get cluster's node agent pool info azure_rm_aksagentpool_info: resource_group: "{{ resource_group }}" diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_apimanagement/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_apimanagement/tasks/main.yml index d7d9b5fc5..2ca941b51 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_apimanagement/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_apimanagement/tasks/main.yml @@ -14,7 +14,7 @@ sku_name: Developer sku_capacity: 1 -- name: Pause for 60 mimutes to create api mangement +- name: Pause for 60 minutes to create api management ansible.builtin.pause: minutes: 60 changed_when: true diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_autoscale/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_autoscale/tasks/main.yml index 4a19ee340..a70411975 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_autoscale/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_autoscale/tasks/main.yml @@ -34,6 +34,7 @@ tier: Standard managed_disk_type: Standard_LRS os_disk_caching: ReadWrite + orchestration_mode: Uniform image: offer: 0001-com-ubuntu-server-focal publisher: Canonical diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_bastionhost/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_bastionhost/tasks/main.yml index e38f91eac..ac7340c4b 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_bastionhost/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_bastionhost/tasks/main.yml @@ -50,7 +50,7 @@ id: "{{ publicip_output.publicipaddresses[0].id }}" private_ip_allocation_method: Dynamic sku: - name: Standard + name: Basic enable_tunneling: false enable_shareable_link: false enable_ip_connect: false @@ -74,7 +74,7 @@ id: "{{ publicip_output.publicipaddresses[0].id }}" private_ip_allocation_method: Dynamic sku: - name: Standard + name: Basic enable_tunneling: false enable_shareable_link: false enable_ip_connect: false @@ -102,7 +102,7 @@ id: "{{ publicip_output.publicipaddresses[0].id }}" private_ip_allocation_method: Dynamic sku: - name: Standard + name: Basic enable_tunneling: false enable_shareable_link: false enable_ip_connect: false @@ -118,9 +118,9 @@ that: - not output.changed -- name: Pause for 20 mimutes to Bastion host updating +- name: Pause for 15 mimutes to Bastion host updating ansible.builtin.command: - sleep 1200 + sleep 900 changed_when: true - name: Update bastion host @@ -135,7 +135,7 @@ id: "{{ publicip_output.publicipaddresses[0].id }}" private_ip_allocation_method: Dynamic sku: - name: Basic + name: Standard enable_tunneling: true enable_shareable_link: true enable_ip_connect: true @@ -166,7 +166,12 @@ - output.bastion_host[0].enable_shareable_link == true - output.bastion_host[0].enable_tunneling == true - output.bastion_host[0].scale_units == 8 - - output.bastion_host[0].sku.name == 'Basic' + - output.bastion_host[0].sku.name == 'Standard' + +- name: Pause for 15 mimutes to Bastion host deleting + ansible.builtin.command: + sleep 900 + changed_when: true - name: Delete bastion host azure_rm_bastionhost: diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_cdnprofile/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_cdnprofile/tasks/main.yml index 92012c6f5..a537f1d8b 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_cdnprofile/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_cdnprofile/tasks/main.yml @@ -24,7 +24,8 @@ - name: Check there is no CDN profile created ansible.builtin.assert: - { that: "{{ fact.cdnprofiles | length }} == 0" } + that: + - fact.cdnprofiles | length == 0 - name: Create a CDN profile azure_rm_cdnprofile: diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_datalakestore/aliases b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_datalakestore/aliases index 5d29c6c4d..6feba04aa 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_datalakestore/aliases +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_datalakestore/aliases @@ -1,3 +1,4 @@ cloud/azure shippable/azure/group10 destructive +disabled diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_datalakestore/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_datalakestore/tasks/main.yml index c72dfc2ce..8dc08f8b7 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_datalakestore/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_datalakestore/tasks/main.yml @@ -71,7 +71,7 @@ - output.changed - output.state.virtual_network_rules | length == 1 - output.state.virtual_network_rules[0].name == "vnet_rule_1" - - output.state.virtual_network_rules[0].subnet_id == "{{ subnet_output.state.id }}" + - output.state.virtual_network_rules[0].subnet_id == subnet_output.state.id - name: Update data lake store to change encryption state that must fail azure_rm_datalakestore: @@ -154,7 +154,7 @@ - output.state.trusted_id_provider_state == "Disabled" - output.state.virtual_network_rules | length == 1 - output.state.virtual_network_rules[0].name == "vnet_rule_1" - - output.state.virtual_network_rules[0].subnet_id == "{{ subnet_output.state.id }}" + - output.state.virtual_network_rules[0].subnet_id == subnet_output.state.id - name: Create new data lake store (Idempotence) azure_rm_datalakestore: diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_diskencryptionset/lookup_plugins/azure_service_principal_attribute.py b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_diskencryptionset/lookup_plugins/azure_service_principal_attribute.py deleted file mode 100644 index c6f488f13..000000000 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_diskencryptionset/lookup_plugins/azure_service_principal_attribute.py +++ /dev/null @@ -1,92 +0,0 @@ -# (c) 2018 Yunge Zhu, <yungez@microsoft.com> -# (c) 2017 Ansible Project -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -DOCUMENTATION = """ -lookup: azure_service_principal_attribute - -requirements: - - azure-graphrbac - -author: - - Yunge Zhu <yungez@microsoft.com> - -version_added: "2.7" - -short_description: Look up Azure service principal attributes. - -description: - - Describes object id of your Azure service principal account. -options: - azure_client_id: - description: azure service principal client id. - azure_secret: - description: azure service principal secret - azure_tenant: - description: azure tenant - azure_cloud_environment: - description: azure cloud environment -""" - -EXAMPLES = """ -set_fact: - object_id: "{{ lookup('azure_service_principal_attribute', - azure_client_id=azure_client_id, - azure_secret=azure_secret, - azure_tenant=azure_secret) }}" -""" - -RETURN = """ -_raw: - description: - Returns object id of service principal. -""" - -from ansible.errors import AnsibleError -from ansible.plugins.lookup import LookupBase -from ansible.module_utils._text import to_native - -try: - from azure.common.credentials import ServicePrincipalCredentials - from azure.graphrbac import GraphRbacManagementClient - from azure.cli.core import cloud as azure_cloud -except ImportError: - raise AnsibleError( - "The lookup azure_service_principal_attribute requires azure.graphrbac, msrest") - - -class LookupModule(LookupBase): - def run(self, terms, variables, **kwargs): - - self.set_options(direct=kwargs) - - credentials = {} - credentials['azure_client_id'] = self.get_option('azure_client_id', None) - credentials['azure_secret'] = self.get_option('azure_secret', None) - credentials['azure_tenant'] = self.get_option('azure_tenant', 'common') - - if credentials['azure_client_id'] is None or credentials['azure_secret'] is None: - raise AnsibleError("Must specify azure_client_id and azure_secret") - - _cloud_environment = azure_cloud.AZURE_PUBLIC_CLOUD - if self.get_option('azure_cloud_environment', None) is not None: - cloud_environment = azure_cloud.get_cloud_from_metadata_endpoint(credentials['azure_cloud_environment']) - - try: - azure_credentials = ServicePrincipalCredentials(client_id=credentials['azure_client_id'], - secret=credentials['azure_secret'], - tenant=credentials['azure_tenant'], - resource=_cloud_environment.endpoints.active_directory_graph_resource_id) - - client = GraphRbacManagementClient(azure_credentials, credentials['azure_tenant'], - base_url=_cloud_environment.endpoints.active_directory_graph_resource_id) - - response = list(client.service_principals.list(filter="appId eq '{0}'".format(credentials['azure_client_id']))) - sp = response[0] - - return sp.object_id.split(',') - except Exception as ex: - raise AnsibleError("Failed to get service principal object id: %s" % to_native(ex)) - return False diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_diskencryptionset/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_diskencryptionset/tasks/main.yml index 0d805598e..ea767ed63 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_diskencryptionset/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_diskencryptionset/tasks/main.yml @@ -7,7 +7,7 @@ - name: Lookup service principal object id ansible.builtin.set_fact: - object_id: "{{ lookup('azure_service_principal_attribute', + object_id: "{{ lookup('azure.azcollection.azure_service_principal_attribute', azure_client_id=azure_client_id, azure_secret=azure_secret, azure_tenant=tenant_id) }}" diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_gallery/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_gallery/tasks/main.yml index b9705dc34..8270b04ce 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_gallery/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_gallery/tasks/main.yml @@ -3,6 +3,64 @@ rpfx: "{{ resource_group | hash('md5') | truncate(7, True, '') }}{{ 1000 | random }}" run_once: true +- name: Lookup service principal object id + ansible.builtin.set_fact: + object_id: "{{ lookup('azure.azcollection.azure_service_principal_attribute', + azure_client_id=azure_client_id, + azure_secret=azure_secret, + azure_tenant=azure_tenant) }}" + register: object_id_facts + +- name: Create a key vault + azure_rm_keyvault: + resource_group: "{{ resource_group }}" + vault_name: "myvault{{ rpfx }}" + enabled_for_disk_encryption: true + vault_tenant: "{{ azure_tenant }}" + sku: + name: standard + family: A + access_policies: + - tenant_id: "{{ azure_tenant }}" + object_id: "{{ object_id }}" + keys: + - get + - list + - wrapkey + - unwrapkey + - create + - update + - import + - delete + - backup + - restore + - recover + - purge + +- name: Create a key in key vault + azure_rm_keyvaultkey: + key_name: testkey + keyvault_uri: https://myvault{{ rpfx }}.vault.azure.net + +- name: Get latest version of key + azure_rm_keyvaultkey_info: + vault_uri: https://myvault{{ rpfx }}.vault.azure.net + name: testkey + register: results + +- name: Assert the key vault facts + ansible.builtin.set_fact: + key_url: "{{ results['keys'][0]['kid'] }}" + +- name: Create disk encryption set + azure_rm_diskencryptionset: + resource_group: "{{ resource_group }}" + name: "des{{ rpfx }}" + source_vault: "myvault{{ rpfx }}" + key_url: "{{ key_url }}" + state: present + register: des_results + - name: Create virtual network azure_rm_virtualnetwork: resource_group: "{{ resource_group }}" @@ -53,11 +111,6 @@ name: "vmforimage{{ rpfx }}" register: output -- name: Pause for 10 mimutes to VM updating - ansible.builtin.command: - sleep 600 - changed_when: true - - name: Create a snapshot by importing an unmanaged blob from the same subscription. azure_rm_snapshot: resource_group: "{{ resource_group }}" @@ -151,7 +204,7 @@ name: myGallery{{ rpfx }} register: output -- name: Assedrt the gallery facts +- name: Assert the gallery facts ansible.builtin.assert: that: - not output.changed @@ -174,6 +227,10 @@ offer: myOfferName sku: mySkuName description: Image Description + hypervgeneration: V2 + features: + - name: SecurityType + value: TrustedLaunch register: output - name: Assert the gallery image created @@ -194,6 +251,10 @@ offer: myOfferName sku: mySkuName description: Image Description + hypervgeneration: V2 + features: + - name: SecurityType + value: TrustedLaunch register: output - name: Assert the gallery image idempotent result @@ -214,6 +275,10 @@ offer: myOfferName sku: mySkuName description: Image Description XXXs + hypervgeneration: V2 + features: + - name: SecurityType + value: TrustedLaunch register: output - name: Assert the gallery image updated @@ -254,10 +319,21 @@ target_regions: - name: eastus regional_replica_count: 1 + encryption: + data_disk_images: + - disk_encryption_set_id: "{{ des_results.state.id }}" + os_disk_image: + disk_encryption_set_id: "{{ des_results.state.id }}" - name: westus regional_replica_count: 2 + encryption: + data_disk_images: + - disk_encryption_set_id: "{{ des_results.state.id }}" + os_disk_image: + disk_encryption_set_id: "{{ des_results.state.id }}" storage_account_type: Standard_ZRS - managed_image: + storage_profile: + source_image: name: testimagea resource_group: "{{ resource_group }}" register: output @@ -282,10 +358,21 @@ target_regions: - name: eastus regional_replica_count: 1 + encryption: + data_disk_images: + - disk_encryption_set_id: "{{ des_results.state.id }}" + os_disk_image: + disk_encryption_set_id: "{{ des_results.state.id }}" - name: westus regional_replica_count: 2 + encryption: + data_disk_images: + - disk_encryption_set_id: "{{ des_results.state.id }}" + os_disk_image: + disk_encryption_set_id: "{{ des_results.state.id }}" storage_account_type: Standard_ZRS - managed_image: + storage_profile: + source_image: name: testimagea resource_group: "{{ resource_group }}" register: output @@ -310,10 +397,21 @@ target_regions: - name: eastus regional_replica_count: 1 + encryption: + data_disk_images: + - disk_encryption_set_id: "{{ des_results.state.id }}" + os_disk_image: + disk_encryption_set_id: "{{ des_results.state.id }}" - name: westus regional_replica_count: 2 + encryption: + data_disk_images: + - disk_encryption_set_id: "{{ des_results.state.id }}" + os_disk_image: + disk_encryption_set_id: "{{ des_results.state.id }}" storage_account_type: Standard_ZRS - managed_image: + storage_profile: + source_image: name: testimagea resource_group: "{{ resource_group }}" register: output diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_keyvault/lookup_plugins/azure_service_principal_attribute.py b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_keyvault/lookup_plugins/azure_service_principal_attribute.py deleted file mode 100644 index c6f488f13..000000000 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_keyvault/lookup_plugins/azure_service_principal_attribute.py +++ /dev/null @@ -1,92 +0,0 @@ -# (c) 2018 Yunge Zhu, <yungez@microsoft.com> -# (c) 2017 Ansible Project -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -DOCUMENTATION = """ -lookup: azure_service_principal_attribute - -requirements: - - azure-graphrbac - -author: - - Yunge Zhu <yungez@microsoft.com> - -version_added: "2.7" - -short_description: Look up Azure service principal attributes. - -description: - - Describes object id of your Azure service principal account. -options: - azure_client_id: - description: azure service principal client id. - azure_secret: - description: azure service principal secret - azure_tenant: - description: azure tenant - azure_cloud_environment: - description: azure cloud environment -""" - -EXAMPLES = """ -set_fact: - object_id: "{{ lookup('azure_service_principal_attribute', - azure_client_id=azure_client_id, - azure_secret=azure_secret, - azure_tenant=azure_secret) }}" -""" - -RETURN = """ -_raw: - description: - Returns object id of service principal. -""" - -from ansible.errors import AnsibleError -from ansible.plugins.lookup import LookupBase -from ansible.module_utils._text import to_native - -try: - from azure.common.credentials import ServicePrincipalCredentials - from azure.graphrbac import GraphRbacManagementClient - from azure.cli.core import cloud as azure_cloud -except ImportError: - raise AnsibleError( - "The lookup azure_service_principal_attribute requires azure.graphrbac, msrest") - - -class LookupModule(LookupBase): - def run(self, terms, variables, **kwargs): - - self.set_options(direct=kwargs) - - credentials = {} - credentials['azure_client_id'] = self.get_option('azure_client_id', None) - credentials['azure_secret'] = self.get_option('azure_secret', None) - credentials['azure_tenant'] = self.get_option('azure_tenant', 'common') - - if credentials['azure_client_id'] is None or credentials['azure_secret'] is None: - raise AnsibleError("Must specify azure_client_id and azure_secret") - - _cloud_environment = azure_cloud.AZURE_PUBLIC_CLOUD - if self.get_option('azure_cloud_environment', None) is not None: - cloud_environment = azure_cloud.get_cloud_from_metadata_endpoint(credentials['azure_cloud_environment']) - - try: - azure_credentials = ServicePrincipalCredentials(client_id=credentials['azure_client_id'], - secret=credentials['azure_secret'], - tenant=credentials['azure_tenant'], - resource=_cloud_environment.endpoints.active_directory_graph_resource_id) - - client = GraphRbacManagementClient(azure_credentials, credentials['azure_tenant'], - base_url=_cloud_environment.endpoints.active_directory_graph_resource_id) - - response = list(client.service_principals.list(filter="appId eq '{0}'".format(credentials['azure_client_id']))) - sp = response[0] - - return sp.object_id.split(',') - except Exception as ex: - raise AnsibleError("Failed to get service principal object id: %s" % to_native(ex)) - return False diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_keyvault/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_keyvault/tasks/main.yml index 07f324d22..ef6b53a4d 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_keyvault/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_keyvault/tasks/main.yml @@ -6,7 +6,7 @@ - name: Lookup service principal object id ansible.builtin.set_fact: - object_id: "{{ lookup('azure_service_principal_attribute', + object_id: "{{ lookup('azure.azcollection.azure_service_principal_attribute', azure_client_id=azure_client_id, azure_secret=azure_secret, azure_tenant=tenant_id) }}" diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_keyvaultkey/lookup_plugins/azure_service_principal_attribute.py b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_keyvaultkey/lookup_plugins/azure_service_principal_attribute.py deleted file mode 100644 index c6f488f13..000000000 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_keyvaultkey/lookup_plugins/azure_service_principal_attribute.py +++ /dev/null @@ -1,92 +0,0 @@ -# (c) 2018 Yunge Zhu, <yungez@microsoft.com> -# (c) 2017 Ansible Project -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -DOCUMENTATION = """ -lookup: azure_service_principal_attribute - -requirements: - - azure-graphrbac - -author: - - Yunge Zhu <yungez@microsoft.com> - -version_added: "2.7" - -short_description: Look up Azure service principal attributes. - -description: - - Describes object id of your Azure service principal account. -options: - azure_client_id: - description: azure service principal client id. - azure_secret: - description: azure service principal secret - azure_tenant: - description: azure tenant - azure_cloud_environment: - description: azure cloud environment -""" - -EXAMPLES = """ -set_fact: - object_id: "{{ lookup('azure_service_principal_attribute', - azure_client_id=azure_client_id, - azure_secret=azure_secret, - azure_tenant=azure_secret) }}" -""" - -RETURN = """ -_raw: - description: - Returns object id of service principal. -""" - -from ansible.errors import AnsibleError -from ansible.plugins.lookup import LookupBase -from ansible.module_utils._text import to_native - -try: - from azure.common.credentials import ServicePrincipalCredentials - from azure.graphrbac import GraphRbacManagementClient - from azure.cli.core import cloud as azure_cloud -except ImportError: - raise AnsibleError( - "The lookup azure_service_principal_attribute requires azure.graphrbac, msrest") - - -class LookupModule(LookupBase): - def run(self, terms, variables, **kwargs): - - self.set_options(direct=kwargs) - - credentials = {} - credentials['azure_client_id'] = self.get_option('azure_client_id', None) - credentials['azure_secret'] = self.get_option('azure_secret', None) - credentials['azure_tenant'] = self.get_option('azure_tenant', 'common') - - if credentials['azure_client_id'] is None or credentials['azure_secret'] is None: - raise AnsibleError("Must specify azure_client_id and azure_secret") - - _cloud_environment = azure_cloud.AZURE_PUBLIC_CLOUD - if self.get_option('azure_cloud_environment', None) is not None: - cloud_environment = azure_cloud.get_cloud_from_metadata_endpoint(credentials['azure_cloud_environment']) - - try: - azure_credentials = ServicePrincipalCredentials(client_id=credentials['azure_client_id'], - secret=credentials['azure_secret'], - tenant=credentials['azure_tenant'], - resource=_cloud_environment.endpoints.active_directory_graph_resource_id) - - client = GraphRbacManagementClient(azure_credentials, credentials['azure_tenant'], - base_url=_cloud_environment.endpoints.active_directory_graph_resource_id) - - response = list(client.service_principals.list(filter="appId eq '{0}'".format(credentials['azure_client_id']))) - sp = response[0] - - return sp.object_id.split(',') - except Exception as ex: - raise AnsibleError("Failed to get service principal object id: %s" % to_native(ex)) - return False diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_keyvaultkey/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_keyvaultkey/tasks/main.yml index 869cb7257..4eb819546 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_keyvaultkey/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_keyvaultkey/tasks/main.yml @@ -6,7 +6,7 @@ - name: Lookup service principal object id ansible.builtin.set_fact: - object_id: "{{ lookup('azure_service_principal_attribute', + object_id: "{{ lookup('azure.azcollection.azure_service_principal_attribute', azure_client_id=azure_client_id, azure_secret=azure_secret, azure_tenant=tenant_id) }}" diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_keyvaultsecret/lookup_plugins/azure_service_principal_attribute.py b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_keyvaultsecret/lookup_plugins/azure_service_principal_attribute.py deleted file mode 100644 index c6f488f13..000000000 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_keyvaultsecret/lookup_plugins/azure_service_principal_attribute.py +++ /dev/null @@ -1,92 +0,0 @@ -# (c) 2018 Yunge Zhu, <yungez@microsoft.com> -# (c) 2017 Ansible Project -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -DOCUMENTATION = """ -lookup: azure_service_principal_attribute - -requirements: - - azure-graphrbac - -author: - - Yunge Zhu <yungez@microsoft.com> - -version_added: "2.7" - -short_description: Look up Azure service principal attributes. - -description: - - Describes object id of your Azure service principal account. -options: - azure_client_id: - description: azure service principal client id. - azure_secret: - description: azure service principal secret - azure_tenant: - description: azure tenant - azure_cloud_environment: - description: azure cloud environment -""" - -EXAMPLES = """ -set_fact: - object_id: "{{ lookup('azure_service_principal_attribute', - azure_client_id=azure_client_id, - azure_secret=azure_secret, - azure_tenant=azure_secret) }}" -""" - -RETURN = """ -_raw: - description: - Returns object id of service principal. -""" - -from ansible.errors import AnsibleError -from ansible.plugins.lookup import LookupBase -from ansible.module_utils._text import to_native - -try: - from azure.common.credentials import ServicePrincipalCredentials - from azure.graphrbac import GraphRbacManagementClient - from azure.cli.core import cloud as azure_cloud -except ImportError: - raise AnsibleError( - "The lookup azure_service_principal_attribute requires azure.graphrbac, msrest") - - -class LookupModule(LookupBase): - def run(self, terms, variables, **kwargs): - - self.set_options(direct=kwargs) - - credentials = {} - credentials['azure_client_id'] = self.get_option('azure_client_id', None) - credentials['azure_secret'] = self.get_option('azure_secret', None) - credentials['azure_tenant'] = self.get_option('azure_tenant', 'common') - - if credentials['azure_client_id'] is None or credentials['azure_secret'] is None: - raise AnsibleError("Must specify azure_client_id and azure_secret") - - _cloud_environment = azure_cloud.AZURE_PUBLIC_CLOUD - if self.get_option('azure_cloud_environment', None) is not None: - cloud_environment = azure_cloud.get_cloud_from_metadata_endpoint(credentials['azure_cloud_environment']) - - try: - azure_credentials = ServicePrincipalCredentials(client_id=credentials['azure_client_id'], - secret=credentials['azure_secret'], - tenant=credentials['azure_tenant'], - resource=_cloud_environment.endpoints.active_directory_graph_resource_id) - - client = GraphRbacManagementClient(azure_credentials, credentials['azure_tenant'], - base_url=_cloud_environment.endpoints.active_directory_graph_resource_id) - - response = list(client.service_principals.list(filter="appId eq '{0}'".format(credentials['azure_client_id']))) - sp = response[0] - - return sp.object_id.split(',') - except Exception as ex: - raise AnsibleError("Failed to get service principal object id: %s" % to_native(ex)) - return False diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_keyvaultsecret/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_keyvaultsecret/tasks/main.yml index d91641d80..cc228c2d7 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_keyvaultsecret/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_keyvaultsecret/tasks/main.yml @@ -6,7 +6,7 @@ - name: Lookup service principal object id ansible.builtin.set_fact: - object_id: "{{ lookup('azure_service_principal_attribute', + object_id: "{{ lookup('azure.azcollection.azure_service_principal_attribute', azure_client_id=azure_client_id, azure_secret=azure_secret, azure_tenant=tenant_id) }}" diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_openshiftmanagedcluster/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_openshiftmanagedcluster/tasks/main.yml index 969347b8d..3dd784e8a 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_openshiftmanagedcluster/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_openshiftmanagedcluster/tasks/main.yml @@ -114,6 +114,50 @@ ansible.builtin.assert: that: output['clusters'] | length >= 1 +- name: Fetch kubeconfig file to register + azure_rm_openshiftmanagedclusterkubeconfig_info: + name: "{{ cluster_name }}" + resource_group: "{{ resource_group }}" + register: kubeconfig_reg + +- name: Assert the kubeconfig file facts + ansible.builtin.assert: + that: kubeconfig_reg['kubeconfig'] | length >= 1 + +- name: Fetch kubeconfig file with specific name + azure_rm_openshiftmanagedclusterkubeconfig_info: + name: "{{ cluster_name }}" + resource_group: "{{ resource_group }}" + path: "/home/testuser/{{ cluster_name }}" + +- name: Check for created named kubeconfig file + ansible.builtin.stat: + path: "/home/testuser/{{ cluster_name }}" + register: named_kubeconf_file + +- name: Assert kubeconfig file creation with specific name + ansible.builtin.assert: + that: + - named_kubeconf_file.stat.exists + - named_kubeconf_file.stat.size != 0 + +- name: Fetch kubeconfig file with default name (kubeconfig) + azure_rm_openshiftmanagedclusterkubeconfig_info: + name: "{{ cluster_name }}" + resource_group: "{{ resource_group }}" + path: "/home/testuser/" + +- name: Check for created default kubeconfig file + ansible.builtin.stat: + path: "/home/testuser/kubeconfig" + register: default_kubeconf_file + +- name: Assert kubeconfig file creation with default name + ansible.builtin.assert: + that: + - default_kubeconf_file.stat.exists + - default_kubeconf_file.stat.size != 0 + - name: Delete openshift cluster azure_rm_openshiftmanagedcluster: resource_group: "{{ resource_group }}" diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_postgresqlflexibleserver/aliases b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_postgresqlflexibleserver/aliases new file mode 100644 index 000000000..5d29c6c4d --- /dev/null +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_postgresqlflexibleserver/aliases @@ -0,0 +1,3 @@ +cloud/azure +shippable/azure/group10 +destructive diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_postgresqlflexibleserver/meta/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_postgresqlflexibleserver/meta/main.yml new file mode 100644 index 000000000..95e1952f9 --- /dev/null +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_postgresqlflexibleserver/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - setup_azure diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_postgresqlflexibleserver/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_postgresqlflexibleserver/tasks/main.yml new file mode 100644 index 000000000..2add54e1e --- /dev/null +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_postgresqlflexibleserver/tasks/main.yml @@ -0,0 +1,356 @@ +- name: Prepare random number + ansible.builtin.set_fact: + rpfx: "{{ resource_group | hash('md5') | truncate(8, True, '') }}" + new_resource_group: "{{ resource_group }}-02" + run_once: true + +- name: Create a new resource group + azure_rm_resourcegroup: + name: "{{ new_resource_group }}" + location: southeastasia + +- name: Create post gresql flexible server (check mode) + azure_rm_postgresqlflexibleserver: + resource_group: "{{ new_resource_group }}" + name: postflexible{{ rpfx }} + sku: + name: Standard_B1ms + tier: Burstable + administrator_login: azureuser + administrator_login_password: Fred@0329 + version: 12 + storage: + storage_size_gb: 128 + fully_qualified_domain_name: st-private-dns-zone.postgres.database.azure.com + backup: + backup_retention_days: 7 + geo_redundant_backup: Disabled + network: + public_network_access: Disabled + maintenance_window: + custom_window: Enabled + start_hour: 8 + start_minute: 4 + day_of_week: 3 + availability_zone: 2 + create_mode: Create + check_mode: true + +- name: Create post gresql flexible server + azure_rm_postgresqlflexibleserver: + resource_group: "{{ new_resource_group }}" + name: postflexible{{ rpfx }} + sku: + name: Standard_B1ms + tier: Burstable + administrator_login: azureuser + administrator_login_password: Fred@0329 + version: 12 + storage: + storage_size_gb: 128 + fully_qualified_domain_name: st-private-dns-zone.postgres.database.azure.com + backup: + backup_retention_days: 7 + geo_redundant_backup: Disabled + network: + public_network_access: Disabled + maintenance_window: + custom_window: Enabled + start_hour: 8 + start_minute: 4 + day_of_week: 3 + availability_zone: 2 + create_mode: Create + register: output + +- name: Assert the post grep sql server create success + ansible.builtin.assert: + that: + - output.changed + +- name: Create post gresql flexible server (Idempotent Test) + azure_rm_postgresqlflexibleserver: + resource_group: "{{ new_resource_group }}" + name: postflexible{{ rpfx }} + sku: + name: Standard_B1ms + tier: Burstable + administrator_login: azureuser + administrator_login_password: Fred@0329 + version: 12 + storage: + storage_size_gb: 128 + fully_qualified_domain_name: st-private-dns-zone.postgres.database.azure.com + backup: + backup_retention_days: 7 + geo_redundant_backup: Disabled + network: + public_network_access: Disabled + maintenance_window: + custom_window: Enabled + start_hour: 8 + start_minute: 4 + day_of_week: 3 + availability_zone: 2 + create_mode: Create + register: output + +- name: Assert the post grep sql server create success + ansible.builtin.assert: + that: + - not output.changed + +- name: Update post gresql flexible server with multiple parameters + azure_rm_postgresqlflexibleserver: + resource_group: "{{ new_resource_group }}" + name: postflexible{{ rpfx }} + sku: + name: Standard_B1ms + tier: Burstable + administrator_login: azureuser + administrator_login_password: Fred@0329 + version: 12 + storage: + storage_size_gb: 256 + fully_qualified_domain_name: st-private-dns-zone.postgres.database.azure.com + backup: + backup_retention_days: 7 + geo_redundant_backup: Disabled + network: + public_network_access: Disabled + maintenance_window: + custom_window: Enabled + start_hour: 10 + start_minute: 6 + day_of_week: 6 + availability_zone: 2 + create_mode: Create + tags: + key1: value1 + key2: value2 + register: output + +- name: Assert the post grep sql server update success + ansible.builtin.assert: + that: + - output.changed + +- name: Gather facts postgresql flexible Server + azure_rm_postgresqlflexibleserver_info: + resource_group: "{{ new_resource_group }}" + name: postflexible{{ rpfx }} + register: output + +- name: Assert the post gresql server is well created + ansible.builtin.assert: + that: + - output.servers[0].tags | length == 2 + - output.servers[0].storage.storage_size_gb == 256 + - output.servers[0].maintenance_window.custom_window == 'Enabled' + - output.servers[0].maintenance_window.day_of_week == 6 + - output.servers[0].maintenance_window.start_hour == 10 + - output.servers[0].maintenance_window.start_minute == 6 + +- name: Create a post gresql flexible database(check mode) + azure_rm_postgresqlflexibledatabase: + resource_group: "{{ new_resource_group }}" + server_name: postflexible{{ rpfx }} + name: database{{ rpfx }} + collation: en_US.utf8 + charset: UTF8 + check_mode: true + +- name: Create a post gresql flexible database + azure_rm_postgresqlflexibledatabase: + resource_group: "{{ new_resource_group }}" + server_name: postflexible{{ rpfx }} + name: database{{ rpfx }} + collation: en_US.utf8 + charset: UTF8 + register: output + +- name: Assert the post gresql flexible database created success + ansible.builtin.assert: + that: + - output.changed + +- name: Create a post gresql flexible database(Idempotent test) + azure_rm_postgresqlflexibledatabase: + resource_group: "{{ new_resource_group }}" + server_name: postflexible{{ rpfx }} + name: database{{ rpfx }} + collation: en_US.utf8 + charset: UTF8 + register: output + +- name: Assert the post gresql flexible database no changed + ansible.builtin.assert: + that: + - not output.changed + +- name: Get the post gresql flexibe database facts + azure_rm_postgresqlflexibledatabase_info: + resource_group: "{{ new_resource_group }}" + server_name: postflexible{{ rpfx }} + name: database{{ rpfx }} + register: output + +- name: Assert the post gresql flexible database facts + ansible.builtin.assert: + that: + - output.databases[0].collation == 'en_US.utf8' + - output.databases[0].charset == 'UTF8' + +- name: Delete the post gresql flexibe database + azure_rm_postgresqlflexibledatabase: + resource_group: "{{ new_resource_group }}" + server_name: postflexible{{ rpfx }} + name: database{{ rpfx }} + state: absent + register: output + +- name: Assert the post gresql flexible database deleted + ansible.builtin.assert: + that: + - output.changed + +- name: Create a post gresql flexible firwall rule (Check mode) + azure_rm_postgresqlflexiblefirewallrule: + resource_group: "{{ new_resource_group }}" + server_name: postflexible{{ rpfx }} + name: firewall{{ rpfx }} + start_ip_address: 10.0.0.15 + end_ip_address: 10.0.0.20 + check_mode: true + +- name: Create the post gresql flexible firwall rule + azure_rm_postgresqlflexiblefirewallrule: + resource_group: "{{ new_resource_group }}" + server_name: postflexible{{ rpfx }} + name: firewall{{ rpfx }} + start_ip_address: 10.0.0.15 + end_ip_address: 10.0.0.20 + register: output + +- name: Assert the post grepsql flexible firewall rule created well + ansible.builtin.assert: + that: + - output.changed + +- name: Create the post gresql flexible firwall rule (Idempotent test) + azure_rm_postgresqlflexiblefirewallrule: + resource_group: "{{ new_resource_group }}" + server_name: postflexible{{ rpfx }} + name: firewall{{ rpfx }} + start_ip_address: 10.0.0.15 + end_ip_address: 10.0.0.20 + register: output + +- name: Assert the post grepsql flexible firewall rule support idempotent test + ansible.builtin.assert: + that: + - not output.changed + +- name: Update the post gresql flexible firwall rule + azure_rm_postgresqlflexiblefirewallrule: + resource_group: "{{ new_resource_group }}" + server_name: postflexible{{ rpfx }} + name: firewall{{ rpfx }} + start_ip_address: 10.0.0.16 + end_ip_address: 10.0.0.18 + register: output + +- name: Assert the post grepsql flexible server update well + ansible.builtin.assert: + that: + - output.changed + +- name: Get the post gresql flexible firwall rule facts + azure_rm_postgresqlflexiblefirewallrule_info: + resource_group: "{{ new_resource_group }}" + server_name: postflexible{{ rpfx }} + name: firewall{{ rpfx }} + register: output + +- name: Assert the post gresql flexible firewall rule facts + ansible.builtin.assert: + that: + - output.firewall_rules[0].start_ip_address == '10.0.0.16' + - output.firewall_rules[0].end_ip_address == '10.0.0.18' + +- name: Delete the post gresql flexible firwall rule + azure_rm_postgresqlflexiblefirewallrule: + resource_group: "{{ new_resource_group }}" + server_name: postflexible{{ rpfx }} + name: firewall{{ rpfx }} + state: absent + register: output + +- name: Assert the post grepsql flexible server delete well + ansible.builtin.assert: + that: + - output.changed + +- name: List the post gresql flexible config facts + azure_rm_postgresqlflexibleconfiguration_info: + resource_group: "{{ new_resource_group }}" + server_name: postflexible{{ rpfx }} + register: output + +- name: Assert the post gresql flexible server configuration + ansible.builtin.assert: + that: + - output.settings | length > 0 + +- name: Stop the post gresql flexible server + azure_rm_postgresqlflexibleserver: + resource_group: "{{ new_resource_group }}" + name: postflexible{{ rpfx }} + is_stop: true + register: output + +- name: Assert the post grep sql server stop success + ansible.builtin.assert: + that: + - output.changed + +- name: Pause for 10 mimutes + ansible.builtin.pause: + minutes: 10 + changed_when: true + +- name: Restart post gresql flexible server + azure_rm_postgresqlflexibleserver: + resource_group: "{{ new_resource_group }}" + name: postflexible{{ rpfx }} + is_restart: true + register: output + +- name: Assert the post grep sql server restart success + ansible.builtin.assert: + that: + - output.changed + +- name: Delete post gresql flexible server + azure_rm_postgresqlflexibleserver: + resource_group: "{{ new_resource_group }}" + name: postflexible{{ rpfx }} + state: absent + register: output + +- name: Assert the post gresql server is well deleted + ansible.builtin.assert: + that: + - output.changed + +- name: Delete the new resource group + azure_rm_resourcegroup: + name: "{{ new_resource_group }}" + force_delete_nonempty: true + state: absent + register: output + +- name: Assert the resource group is well deleted + ansible.builtin.assert: + that: + - output.changed diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_privateendpointdnszonegroup/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_privateendpointdnszonegroup/tasks/main.yml index b5fc3e1f1..7b41ba31a 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_privateendpointdnszonegroup/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_privateendpointdnszonegroup/tasks/main.yml @@ -118,7 +118,7 @@ - output.state.private_dns_zone_configs[0].record_sets | length == 1 - output.state.private_dns_zone_configs[0].record_sets[0].fqdn == 'postgresqlsrv-{{ rpfx }}.privatelink.postgres.database.azure.com' - output.state.private_dns_zone_configs[0].record_sets[0].ip_addresses | length == 1 - - output.state.private_dns_zone_configs[0].record_sets[0].ip_addresses[0] is match('^10.1.*') + - output.state.private_dns_zone_configs[0].record_sets[0].ip_addresses[0] is match('10.1.*') - output.state.private_dns_zone_configs[0].record_sets[0].provisioning_state == 'Succeeded' - output.state.private_dns_zone_configs[0].record_sets[0].record_set_name == 'postgresqlsrv-{{ rpfx }}' - output.state.private_dns_zone_configs[0].record_sets[0].record_type == 'A' @@ -158,7 +158,7 @@ - output.groups[0].private_dns_zone_configs[0].record_sets | length == 1 - output.groups[0].private_dns_zone_configs[0].record_sets[0].fqdn == 'postgresqlsrv-{{ rpfx }}.privatelink.postgres.database.azure.com' - output.groups[0].private_dns_zone_configs[0].record_sets[0].ip_addresses | length == 1 - - output.groups[0].private_dns_zone_configs[0].record_sets[0].ip_addresses[0] is match('^10.1.*') + - output.groups[0].private_dns_zone_configs[0].record_sets[0].ip_addresses[0] is match('10.1.*') - output.groups[0].private_dns_zone_configs[0].record_sets[0].provisioning_state == 'Succeeded' - output.groups[0].private_dns_zone_configs[0].record_sets[0].record_set_name == 'postgresqlsrv-{{ rpfx }}' - output.groups[0].private_dns_zone_configs[0].record_sets[0].record_type == 'A' @@ -183,7 +183,7 @@ - output.groups[0].private_dns_zone_configs[0].record_sets | length == 1 - output.groups[0].private_dns_zone_configs[0].record_sets[0].fqdn == 'postgresqlsrv-{{ rpfx }}.privatelink.postgres.database.azure.com' - output.groups[0].private_dns_zone_configs[0].record_sets[0].ip_addresses | length == 1 - - output.groups[0].private_dns_zone_configs[0].record_sets[0].ip_addresses[0] is match('^10.1.*') + - output.groups[0].private_dns_zone_configs[0].record_sets[0].ip_addresses[0] is match('10.1.*') - output.groups[0].private_dns_zone_configs[0].record_sets[0].provisioning_state == 'Succeeded' - output.groups[0].private_dns_zone_configs[0].record_sets[0].record_set_name == 'postgresqlsrv-{{ rpfx }}' - output.groups[0].private_dns_zone_configs[0].record_sets[0].record_type == 'A' @@ -211,7 +211,7 @@ - output.state.private_dns_zone_configs[0].record_sets | length == 1 - output.state.private_dns_zone_configs[0].record_sets[0].fqdn == 'postgresqlsrv-{{ rpfx }}.privatelink.postgres.database.azure.com' - output.state.private_dns_zone_configs[0].record_sets[0].ip_addresses | length == 1 - - output.state.private_dns_zone_configs[0].record_sets[0].ip_addresses[0] is match('^10.1.*') + - output.state.private_dns_zone_configs[0].record_sets[0].ip_addresses[0] is match('10.1.*') - output.state.private_dns_zone_configs[0].record_sets[0].provisioning_state == 'Succeeded' - output.state.private_dns_zone_configs[0].record_sets[0].record_set_name == 'postgresqlsrv-{{ rpfx }}' - output.state.private_dns_zone_configs[0].record_sets[0].record_type == 'A' diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_publicipprefix/aliases b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_publicipprefix/aliases new file mode 100644 index 000000000..aa77c071a --- /dev/null +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_publicipprefix/aliases @@ -0,0 +1,3 @@ +cloud/azure +shippable/azure/group2 +destructive diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_publicipprefix/meta/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_publicipprefix/meta/main.yml new file mode 100644 index 000000000..95e1952f9 --- /dev/null +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_publicipprefix/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - setup_azure diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_publicipprefix/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_publicipprefix/tasks/main.yml new file mode 100644 index 000000000..d229bc68b --- /dev/null +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_publicipprefix/tasks/main.yml @@ -0,0 +1,102 @@ +- name: Create random variable + ansible.builtin.set_fact: + rpfx: "{{ resource_group | hash('md5') | truncate(7, True, '') }}{{ 1000 | random }}" + +- name: Create public ip prefix (Check mode) + azure_rm_publicipprefix: + resource_group: "{{ resource_group }}" + name: "pipprefix{{ rpfx }}" + zones: + - 1 + public_ip_address_version: IPV4 + prefix_length: 29 + sku: + name: Standard + tier: Regional + tags: + testing: testing + check_mode: true + +- name: Create public ip prefix + azure_rm_publicipprefix: + resource_group: "{{ resource_group }}" + name: "pipprefix{{ rpfx }}" + zones: + - 1 + public_ip_address_version: IPV4 + prefix_length: 29 + sku: + name: Standard + tier: Regional + tags: + testing: testing + register: output + +- name: Assert the public IP prefix is well created + ansible.builtin.assert: + that: + - output.changed + +- name: Create public ip prefix (Idempotent test) + azure_rm_publicipprefix: + resource_group: "{{ resource_group }}" + name: "pipprefix{{ rpfx }}" + zones: + - 1 + public_ip_address_version: IPV4 + prefix_length: 29 + sku: + name: Standard + tier: Regional + tags: + testing: testing + register: output + +- name: Assert the public IP prefix no change + ansible.builtin.assert: + that: + - not output.changed + +- name: Update public ip prefix (Update tags) + azure_rm_publicipprefix: + resource_group: "{{ resource_group }}" + name: "pipprefix{{ rpfx }}" + zones: + - 1 + public_ip_address_version: IPV4 + prefix_length: 29 + sku: + name: Standard + tier: Regional + tags: + testing2: testing2 + register: output + +- name: Assert the public IP prefix change + ansible.builtin.assert: + that: + - output.changed + +- name: Gather facts for a public ip prefix + azure_rm_publicipprefix_info: + resource_group: "{{ resource_group }}" + name: "pipprefix{{ rpfx }}" + register: output + +- name: Assert the public IP prefix facts + ansible.builtin.assert: + that: + - output.publicipprefixes[0].tags | length == 2 + - output.publicipprefixes[0].prefix_length == 29 + +- name: Delete the public IP prefix + azure_rm_publicipprefix: + resource_group: "{{ resource_group }}" + name: "pipprefix{{ rpfx }}" + state: absent + register: output + +- name: Assert the public IP prefix deleted + ansible.builtin.assert: + that: + - output.changed diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_registrationassignment/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_registrationassignment/tasks/main.yml index 05cc5d552..f1b2adca7 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_registrationassignment/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_registrationassignment/tasks/main.yml @@ -64,7 +64,7 @@ - name: Assert the registration assignment facts ansible.builtin.assert: that: - - output.registration_assignments[0].properties.registration_definition_id == "{{ output1.state.id }}" + - output.registration_assignments[0].properties.registration_definition_id == output1.state.id - name: Get all RegistrationAssignment azure_rm_registrationassignment_info: diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_registrationdefinition/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_registrationdefinition/tasks/main.yml index 3a5d58143..60093bc9f 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_registrationdefinition/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_registrationdefinition/tasks/main.yml @@ -100,7 +100,7 @@ - name: Assert the registration definition info ansible.builtin.assert: that: - - output.registration_definitions[0].name == "{{ output1.state.name }}" + - output.registration_definitions[0].name == output1.state.name - output.registration_definitions[0].properties.authorizations[0].principal_id == "{{ principal_id }}" - output.registration_definitions[0].properties.authorizations[0].role_definition_id == "{{ role_definition_id }}" - output.registration_definitions[0].properties.provisioning_state == "Succeeded" diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_roleassignment/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_roleassignment/tasks/main.yml index e918bdc19..00cf42cf9 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_roleassignment/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_roleassignment/tasks/main.yml @@ -1,6 +1,6 @@ - name: Setup basic facts ansible.builtin.set_fact: - uuid: bb21a88b-30e1-42b5-84e8-1d3f322de033 + uuid: "{{ (2**128) | random | to_uuid }}" # Disk Backup Reader, unlikely to be already assigned in ansible-test resource groups. az_role_definition_guid: '3e5e47e6-65f7-47ef-90b5-e5dd4d455f24' diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_securitygroup/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_securitygroup/tasks/main.yml index 6dc584a6f..af71a3046 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_securitygroup/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_securitygroup/tasks/main.yml @@ -33,7 +33,8 @@ register: output - name: Assert resource created ansible.builtin.assert: - that: "{{ output.state.rules | length }} == 2" + that: + - output.state.rules | length == 2 - name: Gather facts by tags azure_rm_securitygroup_info: @@ -80,7 +81,7 @@ - name: Assert resource updated ansible.builtin.assert: that: - - "{{ output.state.rules | length }} == 4" + - output.state.rules | length== 4 - output.state.rules[0].source_address_prefix == '174.108.158.0/24' - name: Gather facts after update @@ -197,8 +198,8 @@ - name: Assert resource created ansible.builtin.assert: that: - - "{{ output.state.rules | length }} == 1" - - "{{ output.state.rules[0].source_address_prefixes | length }} == 3" + - output.state.rules | length == 1 + - output.state.rules[0].source_address_prefixes | length == 3 - not output.state.rules[0].source_address_prefix - name: Create security group with source_address_prefixes(idempotent) @@ -248,7 +249,7 @@ ansible.builtin.assert: that: - output.changed - - "{{ output.state.rules | length }} == 2" + - output.state.rules | length == 2 # Use azure_rm_resource module to create with uppercase protocol name - name: Create security group with uppercase protocol name diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_sshpublickey/aliases b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_sshpublickey/aliases new file mode 100644 index 000000000..5d29c6c4d --- /dev/null +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_sshpublickey/aliases @@ -0,0 +1,3 @@ +cloud/azure +shippable/azure/group10 +destructive diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_sshpublickey/meta/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_sshpublickey/meta/main.yml new file mode 100644 index 000000000..95e1952f9 --- /dev/null +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_sshpublickey/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - setup_azure diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_sshpublickey/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_sshpublickey/tasks/main.yml new file mode 100644 index 000000000..fa7981b52 --- /dev/null +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_sshpublickey/tasks/main.yml @@ -0,0 +1,70 @@ +- name: Prepare random number + ansible.builtin.set_fact: + rpfx: "{{ resource_group | hash('md5') | truncate(7, True, '') }}{{ 1000 | random }}" + +- name: Create a new SSH Public Key + azure_rm_sshpublickey: + resource_group: "{{ resource_group }}" + name: sshpublic{{ rpfx }} + public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCoit3vZKD1Nf6ZZQImq5sRiv0r986/oz+zBezfXPWVKiCgy1TIyX+kGuMNhXcS9rTelXmIo2g3hvw2P/elSilaNkmuDE9otszATeOjPORoIrTcEd2N7vZUpwP7Ekmp+OZ/4ROG4dEuD2PVygmajYvNAayU8Ghdk/sAqLSOJ5FoPa3DO/1JUX81VzFQyfwtcstCsUouIft0GQ0QbSrXEMmtqylU/TstQZdupdWLxaLLRyTb57X43FUWM28lC/HczCPE3TX8gxZAzPTwA7yWp8Mum+QLC7IiKEAMbyVotzbtkcWU6BJd8uOGEQaHbJqoXOhmPKFMdHyhmT43fckS2mh6dSU0z8WiNC/CyCtsavZy0LSXEyPWL1bTDouHePygPXd1sN1GhCtk65tPYncbZavFuI7PcN0yxpjZWATdP79TU5cPYwZl2SZMhtBrR/ll/HLP88CgXIqZ1wsLM+ek76WqHLlhA5UK7KSE8z2qOdnsmH8uTRe4MrqmM9C5VCgjS18= test@test.com" + tags: + key1: value1 + key2: value2 + register: output + +- name: Assert the SSH Public Key created + ansible.builtin.assert: + that: + - output.changed + +- name: Create a new SSH Public Key (Idempotent test) + azure_rm_sshpublickey: + resource_group: "{{ resource_group }}" + name: sshpublic{{ rpfx }} + public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCoit3vZKD1Nf6ZZQImq5sRiv0r986/oz+zBezfXPWVKiCgy1TIyX+kGuMNhXcS9rTelXmIo2g3hvw2P/elSilaNkmuDE9otszATeOjPORoIrTcEd2N7vZUpwP7Ekmp+OZ/4ROG4dEuD2PVygmajYvNAayU8Ghdk/sAqLSOJ5FoPa3DO/1JUX81VzFQyfwtcstCsUouIft0GQ0QbSrXEMmtqylU/TstQZdupdWLxaLLRyTb57X43FUWM28lC/HczCPE3TX8gxZAzPTwA7yWp8Mum+QLC7IiKEAMbyVotzbtkcWU6BJd8uOGEQaHbJqoXOhmPKFMdHyhmT43fckS2mh6dSU0z8WiNC/CyCtsavZy0LSXEyPWL1bTDouHePygPXd1sN1GhCtk65tPYncbZavFuI7PcN0yxpjZWATdP79TU5cPYwZl2SZMhtBrR/ll/HLP88CgXIqZ1wsLM+ek76WqHLlhA5UK7KSE8z2qOdnsmH8uTRe4MrqmM9C5VCgjS18= test@test.com" + tags: + key1: value1 + key2: value2 + register: output + +- name: Assert the SSH Public key no changed + ansible.builtin.assert: + that: + - not output.changed + +- name: Update SSH Public Key with tags and public key + azure_rm_sshpublickey: + resource_group: "{{ resource_group }}" + name: sshpublic{{ rpfx }} + public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCoit3vZKD1Nf6ZZQImq5sRiv0r986/oz+zBezfXPWVKiCgy1TIyX+kGuMNhXcS9rTelXmIo2g3hvw2P/elSilaNkmuDE9otszATeOjPORoIrTcEd2N7vZUpwP7Ekmp+OZ/4ROG4dEuD2PVygmajYvNAayU8Ghdk/sAqLSOJ5FoPa3DO/1JUX81VzFQyfwtcstCsUouIft0GQ0QbSrXEMmtqylU/TstQZdupdWLxaLLRyTb57X43FUWM28lC/HczCPE3TX8gxZAzPTwA7yWp8Mum+QLC7IiKEAMbyVotzbtkcWU6BJd8uOGEQaHbJqoXOhmPKFMdHyhmT43fckS2mh6dSU0z8WiNC/CyCtsavZy0LSXEyPWL1bTDouHePygPXd1sN1GhCtk65tPYncbZavFuI7PcN0yxpjZWATdP79TU5cPYwZl2SZMhtBrR/ll/HLP88CgXIqZ1wsLM+ek76WqHLlhA5UK7KSE8z2qOdnsmH8uTRe4MrqmM9C5VCgjS18= test@test.com" + tags: + key3: value3 + register: output + +- name: Assert the SSH Public key Updated + ansible.builtin.assert: + that: + - output.changed + +- name: Get ssh public keys by name + azure_rm_sshpublickey_info: + resource_group: "{{ resource_group }}" + name: sshpublic{{ rpfx }} + register: output + +- name: Assert the SSH Public Kyes facts + ansible.builtin.assert: + that: + - output.ssh_keys[0].tags | length == 3 + +- name: Delete a new SSH Public Key + azure_rm_sshpublickey: + resource_group: "{{ resource_group }}" + name: sshpublic{{ rpfx }} + state: absent + register: output + +- name: Assert the SSH Public Key deleted + ansible.builtin.assert: + that: + - output.changed diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_storageaccount/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_storageaccount/tasks/main.yml index dfeabed07..942d4888a 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_storageaccount/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_storageaccount/tasks/main.yml @@ -139,6 +139,7 @@ resource_group: "{{ resource_group }}" name: "{{ storage_account_name_default }}06" account_type: Standard_LRS + large_file_shares_state: Enabled kind: StorageV2 is_hns_enabled: true register: output @@ -146,6 +147,7 @@ ansible.builtin.assert: that: - output.changed + - output.state.large_file_shares_state == 'Enabled' - name: Gather facts of storage account azure_rm_storageaccount_info: @@ -157,6 +159,7 @@ that: - "output.storageaccounts | length == 1" - output.storageaccounts[0].is_hns_enabled == true + - output.storageaccounts[0].large_file_shares_state == 'Enabled' - name: Create storage account with static website enabled azure_rm_storageaccount: @@ -598,3 +601,4 @@ - "{{ storage_account_name_default }}03" - "{{ storage_account_name_default }}04" - "{{ storage_account_name_default }}05" + - "{{ storage_account_name_default }}06" diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_storageblob/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_storageblob/tasks/main.yml index 307d52d27..98cd3dc38 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_storageblob/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_storageblob/tasks/main.yml @@ -11,12 +11,14 @@ - name: Create container azure_rm_storageblob: + auth_mode: login resource_group: "{{ resource_group }}" account_name: "{{ storage_account }}" container_name: my-blobs - name: Force upload blob azure_rm_storageblob: + auth_mode: login resource_group: "{{ resource_group }}" account_name: "{{ storage_account }}" container_name: my-blobs diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_trafficmanagerprofile/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_trafficmanagerprofile/tasks/main.yml index 6e2a7f342..e1b93935d 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_trafficmanagerprofile/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_trafficmanagerprofile/tasks/main.yml @@ -33,7 +33,9 @@ register: fact - name: Check there is no Traffic Manager profile created - ansible.builtin.assert: { that: "{{ fact.tms | length }} == 0" } + ansible.builtin.assert: + that: + - fact.tms | length == 0 - name: Create a Traffic Manager profile azure_rm_trafficmanagerprofile: @@ -69,7 +71,7 @@ - name: Assert fact returns the created one ansible.builtin.assert: that: - - "fact.tms | length == 1" + - fact.tms | length == 1 - fact.tms[0].id == tm.id - fact.tms[0].endpoints | length == 0 @@ -261,7 +263,7 @@ - name: Assert the traffic manager profile is still there ansible.builtin.assert: that: - - "fact.tms | length == 1" + - fact.tms | length == 1 - fact.tms[0].id == tm.id - fact.tms[0].endpoints | length == 1 @@ -286,4 +288,4 @@ - name: Assert fact returns empty ansible.builtin.assert: that: - - "fact.tms | length == 0" + - fact.tms | length == 0 diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/inventory.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/inventory.yml index 88172852a..63ba77727 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/inventory.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/inventory.yml @@ -40,6 +40,10 @@ all: network: 10.42.7.0/24 subnet: 10.42.7.0/28 + azure_test_encrypted: + network: 10.42.8.0/24 + subnet: 10.42.8.0/28 + vars: ansible_connection: local ansible_python_interpreter: "{{ ansible_playbook_python }}" @@ -55,6 +59,7 @@ all: security_group: "{{ 'sg' ~ uid_short }}" public_ip_name: "{{ 'ip' ~ uid_short }}" interface_name: "{{ 'int' ~ uid_short }}" + des_name: "{{ 'des' ~ uid_short }}" ssh_keys: - path: '/home/chouseknecht/.ssh/authorized_keys' diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/tasks/azure_test_deallocate.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/tasks/azure_test_deallocate.yml index 09bb56e9c..e1ba515d7 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/tasks/azure_test_deallocate.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/tasks/azure_test_deallocate.yml @@ -25,10 +25,6 @@ name: "{{ vm_name }}" register: vm_state -- name: Pause for 10 mimutes to VM updating - ansible.builtin.command: sleep 600 - changed_when: true - - name: Restart the virtual machine azure_rm_virtualmachine: resource_group: "{{ resource_group }}" diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/tasks/azure_test_dual_nic.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/tasks/azure_test_dual_nic.yml index f6865b2e7..c2802868e 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/tasks/azure_test_dual_nic.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/tasks/azure_test_dual_nic.yml @@ -118,10 +118,6 @@ name: "{{ vm_name }}" register: vm_state -- name: Pause for 10 mimutes to VM updating - ansible.builtin.command: sleep 600 - changed_when: true - - name: Generalize VM azure_rm_virtualmachine: resource_group: "{{ resource_group }}" # Should this be resource_group_secondary? diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/tasks/azure_test_encrypted.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/tasks/azure_test_encrypted.yml new file mode 100644 index 000000000..c43d09a61 --- /dev/null +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/tasks/azure_test_encrypted.yml @@ -0,0 +1,107 @@ +- name: Set variables + ansible.builtin.include_tasks: setup.yml + +- name: Set up disk encryption sets + ansible.builtin.include_tasks: setup_des.yml + +- name: Create VM with encrypted disks + azure_rm_virtualmachine: + resource_group: "{{ resource_group }}" + name: "{{ vm_name }}" + admin_username: "testuser" + ssh_password_enabled: false + ssh_public_keys: + - path: /home/testuser/.ssh/authorized_keys + key_data: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfoYlIV4lTPZTv7hXaVwQQuqBgGs4yeNRX0SPo2+HQt9u4X7IGwrtXc0nEUm6LfaCikMH58bOL8f20NTGz285kxdFHZRcBXtqmnMz2rXwhK9gwq5h1khc+GzHtdcJXsGA4y0xuaNcidcg04jxAlN/06fwb/VYwwWTVbypNC0gpGEpWckCNm8vlDlA55sU5et0SZ+J0RKVvEaweUOeNbFZqckGPA384imfeYlADppK/7eAxqfBVadVvZG8IJk4yvATgaIENIFj2cXxqu2mQ/Bp5Wr45uApvJsFXmi+v/nkiOEV1QpLOnEwAZo6EfFS4CCQtsymxJCl1PxdJ5LD4ZOtP xiuxi.sun@qq.com" + vm_size: Standard_B1ms + virtual_network: "{{ network_name }}" + os_disk_encryption_set: "{{ des_results.state.id }}" + managed_disk_type: Standard_LRS + image: + offer: 0001-com-ubuntu-server-focal + publisher: Canonical + sku: 20_04-lts + version: latest + register: vm_output + +- name: Query auto created security group before deleting + azure_rm_securitygroup_info: + resource_group: "{{ resource_group }}" + name: "{{ vm_name }}01" + register: nsg_result + +- name: Assert that security group were exist before deleting + ansible.builtin.assert: + that: + - nsg_result.securitygroups | length == 1 + - nsg_result.securitygroups[0].network_interfaces | length == 1 + +- name: Delete VM + azure_rm_virtualmachine: + resource_group: "{{ resource_group }}" + name: "{{ vm_name }}" + remove_on_absent: all_autocreated + state: absent + +- name: Destroy encrypted OS disk + azure_rm_manageddisk: + resource_group: "{{ resource_group }}" + name: "{{ vm_name }}" + state: absent + +- name: Destroy auto created NIC + azure_rm_networkinterface: + resource_group: "{{ resource_group }}" + name: "{{ vm_name }}01" + state: absent + register: nic_result + +- name: Destroy security group + azure_rm_securitygroup: + resource_group: "{{ resource_group }}" + name: "{{ vm_name }}01" + state: absent + +- name: Destroy auto created public IP + azure_rm_publicipaddress: + resource_group: "{{ resource_group }}" + name: "{{ vm_name }}01" + state: absent + +- name: Destroy subnet + azure_rm_subnet: + resource_group: "{{ resource_group }}" + virtual_network: "{{ network_name }}" + name: "{{ subnet_name }}" + state: absent + +- name: Destroy virtual network + azure_rm_virtualnetwork: + resource_group: "{{ resource_group }}" + name: "{{ network_name }}" + state: absent + +- name: Destroy availability set + azure_rm_availabilityset: + resource_group: "{{ resource_group }}" + name: "{{ availability_set }}" + state: absent + +- name: Destroy storage account + azure_rm_storageaccount: + resource_group: "{{ resource_group }}" + name: "{{ storage_account }}" + force_delete_nonempty: true + state: absent + +- name: Destroy disk encryption set + azure_rm_diskencryptionset: + resource_group: "{{ resource_group }}" + name: "{{ des_name }}" + state: absent + +- name: Destroy key vault + azure_rm_keyvault: + vault_name: "{{ vault_name }}" + resource_group: "{{ resource_group }}" + state: absent diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/tasks/azure_test_ephemeral_os.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/tasks/azure_test_ephemeral_os.yml index 1b18c71ef..cbb184ef3 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/tasks/azure_test_ephemeral_os.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/tasks/azure_test_ephemeral_os.yml @@ -32,10 +32,6 @@ name: "{{ vm_name }}" register: vm_state -- name: Pause for 10 mimutes to VM updating - ansible.builtin.command: sleep 600 - changed_when: true - - name: Generalize VM azure_rm_virtualmachine: resource_group: "{{ resource_group }}" diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/tasks/azure_test_public_ip.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/tasks/azure_test_public_ip.yml index 2ee786b34..f24be88e2 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/tasks/azure_test_public_ip.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/tasks/azure_test_public_ip.yml @@ -92,10 +92,6 @@ name: "{{ vm_name }}" register: vm_state -- name: Pause for 10 mimutes to VM updating - ansible.builtin.command: sleep 600 - changed_when: true - - name: Enable boot diagnostics on an existing VM for the first time without specifying a storage account azure_rm_virtualmachine: resource_group: "{{ resource_group }}" diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/tasks/setup_des.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/tasks/setup_des.yml new file mode 100644 index 000000000..afdde8440 --- /dev/null +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachine/tasks/setup_des.yml @@ -0,0 +1,94 @@ +- name: Set vault name + ansible.builtin.set_fact: + vault_name: "kv{{ uid_short }}{{ '%m%d%H%M%S' | strftime }}" + +- name: Lookup service principal object id + ansible.builtin.set_fact: + object_id: "{{ lookup('azure.azcollection.azure_service_principal_attribute', + azure_client_id=azure_client_id, + azure_secret=azure_secret, + azure_tenant=azure_tenant) }}" + register: object_id_facts + +- name: Create a key vault + azure_rm_keyvault: + resource_group: "{{ resource_group }}" + vault_name: "{{ vault_name }}" + enabled_for_disk_encryption: true + enable_purge_protection: true + vault_tenant: "{{ azure_tenant }}" + sku: + name: standard + family: A + access_policies: + - tenant_id: "{{ azure_tenant }}" + object_id: "{{ object_id }}" + keys: + - get + - list + - wrapkey + - unwrapkey + - create + - update + - import + - delete + - backup + - restore + - recover + - purge + +- name: Create a key in key vault + azure_rm_keyvaultkey: + key_name: testkey + keyvault_uri: https://{{ vault_name }}.vault.azure.net + +- name: Get latest version of key + azure_rm_keyvaultkey_info: + vault_uri: https://{{ vault_name }}.vault.azure.net + name: testkey + register: results + +- name: Assert the key vault facts + ansible.builtin.set_fact: + key_url: "{{ results['keys'][0]['kid'] }}" + +- name: Create disk encryption set + azure_rm_diskencryptionset: + resource_group: "{{ resource_group }}" + name: "{{ des_name }}" + source_vault: "{{ vault_name }}" + key_url: "{{ key_url }}" + state: present + register: des_results + +- name: Grant DES access to key vault + azure_rm_keyvault: + resource_group: "{{ resource_group }}" + vault_name: "{{ vault_name }}" + enabled_for_disk_encryption: true + enable_purge_protection: true + vault_tenant: "{{ azure_tenant }}" + sku: + name: standard + family: A + access_policies: + - tenant_id: "{{ azure_tenant }}" + object_id: "{{ object_id }}" + keys: + - get + - list + - wrapkey + - unwrapkey + - create + - update + - import + - delete + - backup + - restore + - recover + - purge + - object_id: "{{ des_results.state.identity.principal_id }}" + keys: + - get + - wrapkey + - unwrapkey diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachinescaleset/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachinescaleset/tasks/main.yml index 98f51ee9f..c3c5336ae 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachinescaleset/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_virtualmachinescaleset/tasks/main.yml @@ -21,24 +21,28 @@ resource_group: "{{ resource_group }}" allocation_method: Static name: testPublicIP + sku: Standard - name: Create load balancer azure_rm_loadbalancer: resource_group: "{{ resource_group }}" name: testLB public_ip_address_name: testPublicIP + sku: Standard - name: Create public IP address 1 azure_rm_publicipaddress: resource_group: "{{ resource_group }}" allocation_method: Static name: testPublicIP1 + sku: Standard - name: Create load balancer 1 azure_rm_loadbalancer: resource_group: "{{ resource_group }}" name: testLB1 public_ip_address_name: testPublicIP1 + sku: Standard - name: Create network security group within same resource group of VMSS. azure_rm_securitygroup: @@ -78,9 +82,6 @@ resource_group: "{{ resource_group }}" name: "vmforimage{{ rpfx }}" register: vm_state -- name: Pause for 10 mimutes to VM updating - ansible.builtin.command: sleep 600 - changed_when: true - name: Generalize VM azure_rm_virtualmachine: resource_group: "{{ resource_group }}" @@ -196,6 +197,7 @@ priority: Spot eviction_policy: Deallocate single_placement_group: true + orchestration_mode: Uniform ssh_password_enabled: false ssh_public_keys: - path: /home/testuser/.ssh/authorized_keys @@ -253,6 +255,7 @@ managed_disk_type: Standard_LRS os_disk_caching: ReadWrite single_placement_group: true + orchestration_mode: Uniform image: offer: 0001-com-ubuntu-server-focal publisher: Canonical @@ -297,6 +300,7 @@ managed_disk_type: Standard_LRS os_disk_caching: ReadWrite single_placement_group: true + orchestration_mode: Uniform image: offer: 0001-com-ubuntu-server-focal publisher: Canonical @@ -346,6 +350,7 @@ os_disk_caching: ReadWrite custom_data: "#cloud-config" single_placement_group: true + orchestration_mode: Uniform image: offer: 0001-com-ubuntu-server-focal publisher: Canonical @@ -383,6 +388,7 @@ os_disk_caching: ReadWrite custom_data: "#cloud-config" single_placement_group: true + orchestration_mode: Uniform image: offer: 0001-com-ubuntu-server-focal publisher: Canonical @@ -455,6 +461,7 @@ data_disks: "{{ body.data_disks }}" overprovision: "{{ body.overprovision }}" single_placement_group: true + orchestration_mode: Uniform register: results - name: Assert that nothing was changed @@ -608,6 +615,7 @@ security_group: testNetworkSecurityGroup enable_accelerated_networking: true single_placement_group: true + orchestration_mode: Uniform register: results check_mode: true @@ -635,6 +643,7 @@ security_group: testNetworkSecurityGroup enable_accelerated_networking: true single_placement_group: true + orchestration_mode: Uniform register: results - name: Assert that VMSS ran @@ -664,6 +673,7 @@ security_group: testNetworkSecurityGroup enable_accelerated_networking: true single_placement_group: true + orchestration_mode: Uniform register: results - name: Assert that nothing has changed @@ -691,6 +701,7 @@ security_group: testNetworkSecurityGroup enable_accelerated_networking: true single_placement_group: true + orchestration_mode: Uniform register: results - name: Assert that something has changed @@ -719,6 +730,7 @@ name: testNetworkSecurityGroup2 resource_group: "{{ resource_group_secondary }}" single_placement_group: true + orchestration_mode: Uniform register: results # disable for now @@ -756,6 +768,7 @@ name: testNetworkSecurityGroup2 resource_group: "{{ resource_group_secondary }}" single_placement_group: true + orchestration_mode: Uniform register: results - name: Assert vmss created @@ -786,6 +799,7 @@ name: testNetworkSecurityGroup2 resource_group: "{{ resource_group_secondary }}" single_placement_group: true + orchestration_mode: Uniform ignore_errors: true register: ignore_errors_register @@ -815,6 +829,7 @@ upgrade_policy: Manual enable_accelerated_networking: true single_placement_group: true + orchestration_mode: Uniform register: results ignore_errors: true diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_webapp/tasks/main.yml b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_webapp/tasks/main.yml index 42a3abe3c..6b8128eb3 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_webapp/tasks/main.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/azure_rm_webapp/tasks/main.yml @@ -83,7 +83,7 @@ plan: "{{ win_plan_name }}" frameworks: - name: "java" - version: "1.8" + version: "17" settings: java_container: "Tomcat" java_container_version: "8.0" @@ -115,7 +115,7 @@ plan: "{{ win_plan_name }}" frameworks: - name: "java" - version: "1.7" + version: "17" settings: java_container: "Tomcat" java_container_version: "8.5" @@ -230,7 +230,7 @@ name: "{{ linux_plan_name }}" frameworks: - name: node - version: "6.6" + version: "18" register: output - name: Should be idempotent with linux web app created @@ -242,7 +242,7 @@ name: "{{ linux_plan_name }}" frameworks: - name: node - version: "6.6" + version: "18" register: output - name: Assert idempotent @@ -258,7 +258,7 @@ name: "{{ linux_plan_name }}" frameworks: - name: node - version: "6.9" + version: "20" register: output - name: Assert the web app was created @@ -300,9 +300,9 @@ plan: "{{ win_plan_name }}" frameworks: - name: "python" - version: "2.7" + version: "3.11" - name: "java" - version: "1.8" + version: "17" register: fail_win_java_version_mutual_exclusive failed_when: 'fail_win_java_version_mutual_exclusive.msg != "Java is mutually exclusive with other frameworks."' @@ -315,9 +315,9 @@ name: "{{ linux_plan_name }}" frameworks: - name: "python" - version: "2.7" + version: "3.11" - name: "node" - version: "6.6" + version: "18" register: fail_linux_one_framework_only failed_when: fail_linux_one_framework_only.msg != "Can specify one framework only for Linux web app." @@ -354,7 +354,7 @@ - name: Create a web app with various site config params azure_rm_webapp: - resource_group: "{{ resource_group }}" + resource_group: "{{ linux_app_plan_resource_group }}" name: "{{ linux_app_name }}-siteconfig" plan: resource_group: "{{ linux_app_plan_resource_group }}" @@ -379,7 +379,7 @@ - name: Create a web app with various site config params - idempotent azure_rm_webapp: - resource_group: "{{ resource_group }}" + resource_group: "{{ linux_app_plan_resource_group }}" name: "{{ linux_app_name }}-siteconfig" plan: resource_group: "{{ linux_app_plan_resource_group }}" @@ -404,7 +404,7 @@ - name: Get facts for site config params azure_rm_webapp_info: - resource_group: "{{ resource_group }}" + resource_group: "{{ linux_app_plan_resource_group }}" name: "{{ linux_app_name }}-siteconfig" register: facts - name: Assert site config params meet expectations @@ -413,10 +413,11 @@ - facts.webapps[0].always_on - facts.webapps[0].min_tls_version == '1.2' - facts.webapps[0].ftps_state == 'Disabled' + - not facts.webapps[0].http20_enabled - name: Update web app with various site config params - single change azure_rm_webapp: - resource_group: "{{ resource_group }}" + resource_group: "{{ linux_app_plan_resource_group }}" name: "{{ linux_app_name }}-siteconfig" plan: resource_group: "{{ linux_app_plan_resource_group }}" @@ -441,7 +442,7 @@ - name: Get facts for site config params azure_rm_webapp_info: - resource_group: "{{ resource_group }}" + resource_group: "{{ linux_app_plan_resource_group }}" name: "{{ linux_app_name }}-siteconfig" register: facts - name: Assert site config params meet expectations @@ -450,6 +451,111 @@ - facts.webapps[0].always_on - facts.webapps[0].min_tls_version == '1.2' - facts.webapps[0].ftps_state == 'FtpsOnly' + - not facts.webapps[0].http20_enabled + +- name: Create a web app with HTTP 2.0 + azure_rm_webapp: + resource_group: "{{ linux_app_plan_resource_group }}" + name: "{{ linux_app_name }}-http20" + plan: + resource_group: "{{ linux_app_plan_resource_group }}" + name: "{{ linux_app_name }}-http20-plan" + is_linux: true + sku: S1 + frameworks: + - name: java + version: "8" + settings: + java_container: "tomcat" + java_container_version: "8.5" + client_affinity_enabled: false + https_only: true + always_on: true + min_tls_version: "1.2" + ftps_state: "Disabled" + http20_enabled: true + register: output +- name: Assert the web app was created + ansible.builtin.assert: + that: output.changed + +- name: Create a web app with HTTP 2.0 - idempotent + azure_rm_webapp: + resource_group: "{{ linux_app_plan_resource_group }}" + name: "{{ linux_app_name }}-http20" + plan: + resource_group: "{{ linux_app_plan_resource_group }}" + name: "{{ linux_app_name }}-http20-plan" + is_linux: true + sku: S1 + frameworks: + - name: java + version: "8" + settings: + java_container: "tomcat" + java_container_version: "8.5" + client_affinity_enabled: false + https_only: true + always_on: true + min_tls_version: "1.2" + ftps_state: "Disabled" + http20_enabled: true + register: output +- name: Assert the web app not changed + ansible.builtin.assert: + that: not output.changed + +- name: Get facts for HTTP 2.0 appp + azure_rm_webapp_info: + resource_group: "{{ linux_app_plan_resource_group }}" + name: "{{ linux_app_name }}-http20" + register: facts +- name: Assert site config params meet expectations + ansible.builtin.assert: + that: + - facts.webapps[0].always_on + - facts.webapps[0].min_tls_version == '1.2' + - facts.webapps[0].ftps_state == 'Disabled' + - facts.webapps[0].http20_enabled + +- name: Update web app to disable HTTP 2.0 + azure_rm_webapp: + resource_group: "{{ linux_app_plan_resource_group }}" + name: "{{ linux_app_name }}-http20" + plan: + resource_group: "{{ linux_app_plan_resource_group }}" + name: "{{ linux_app_name }}-http20-plan" + is_linux: true + sku: S1 + frameworks: + - name: java + version: "8" + settings: + java_container: "tomcat" + java_container_version: "8.5" + client_affinity_enabled: false + https_only: true + always_on: true + min_tls_version: "1.2" + ftps_state: "Disabled" + http20_enabled: false + register: output +- name: Assert the web app was updated + ansible.builtin.assert: + that: output.changed + +- name: Get facts for HTTP 2.0 appp + azure_rm_webapp_info: + resource_group: "{{ linux_app_plan_resource_group }}" + name: "{{ linux_app_name }}-http20" + register: facts +- name: Assert site config params meet expectations + ansible.builtin.assert: + that: + - facts.webapps[0].always_on + - facts.webapps[0].min_tls_version == '1.2' + - facts.webapps[0].ftps_state == 'Disabled' + - not facts.webapps[0].http20_enabled - name: Create a webapp slot (Check mode) azure_rm_webappslot: diff --git a/ansible_collections/azure/azcollection/tests/integration/targets/inventory_azure/playbooks/test_inventory.yml b/ansible_collections/azure/azcollection/tests/integration/targets/inventory_azure/playbooks/test_inventory.yml index b00e48247..acfed0606 100644 --- a/ansible_collections/azure/azcollection/tests/integration/targets/inventory_azure/playbooks/test_inventory.yml +++ b/ansible_collections/azure/azcollection/tests/integration/targets/inventory_azure/playbooks/test_inventory.yml @@ -7,10 +7,6 @@ - name: Set facts ansible.builtin.include_vars: vars.yml - - name: Pause for 10 mimutes for updating - ansible.builtin.command: sleep 600 - changed_when: false - - name: Refresh inventory ansible.builtin.meta: refresh_inventory |