ansible/test/integration/targets/ec2_group/tasks/credential_tests.yml

---
# A Note about ec2 environment variable name preference:
#  - EC2_URL -> AWS_URL
#  - EC2_ACCESS_KEY -> AWS_ACCESS_KEY_ID -> AWS_ACCESS_KEY
#  - EC2_SECRET_KEY -> AWS_SECRET_ACCESS_KEY -> AWX_SECRET_KEY
#  - EC2_REGION -> AWS_REGION
#

# - include: ../../setup_ec2/tasks/common.yml module_name: ec2_group

- block:
    # ============================================================
    - name: test failure with no parameters
      ec2_group:
      register: result
      ignore_errors: true

    - name: assert failure with no parameters
      assert:
        that:
           - 'result.failed'
           - 'result.msg == "one of the following is required: name, group_id"'

    # ============================================================
    - name: test failure with only name
      ec2_group:
        name: '{{ec2_group_name}}'
      register: result
      ignore_errors: true

    - name: assert failure with only name
      assert:
        that:
           - 'result.failed'
           - 'result.msg == "Must provide description when state is present."'

    # ============================================================
    - name: test failure with only description
      ec2_group:
        description: '{{ec2_group_description}}'
      register: result
      ignore_errors: true

    - name: assert failure with only description
      assert:
        that:
           - 'result.failed'
           - 'result.msg == "one of the following is required: name, group_id"'

    # ============================================================
    - name: test failure with empty description (AWS API requires non-empty string desc)
      ec2_group:
        name: '{{ec2_group_name}}'
        description: ''
        region: '{{ec2_region}}'
      register: result
      ignore_errors: true

    - name: assert failure with empty description
      assert:
        that:
           - 'result.failed'
           - 'result.msg == "Must provide description when state is present."'

    # ============================================================
    - name: test valid region parameter
      ec2_group:
        name: '{{ec2_group_name}}'
        description: '{{ec2_group_description}}'
        region: '{{ec2_region}}'
      register: result
      ignore_errors: true

    - name: assert valid region parameter
      assert:
        that:
           - 'result.failed'
           - '"Unable to locate credentials" in result.msg'

    # ============================================================
    - name: test environment variable EC2_REGION
      ec2_group:
        name: '{{ec2_group_name}}'
        description: '{{ec2_group_description}}'
      environment:
        EC2_REGION: '{{ec2_region}}'
      register: result
      ignore_errors: true

    - name: assert environment variable EC2_REGION
      assert:
        that:
           - 'result.failed'
           - '"Unable to locate credentials" in result.msg'

    # ============================================================
    - name: test invalid ec2_url parameter
      ec2_group:
        name: '{{ec2_group_name}}'
        description: '{{ec2_group_description}}'
      environment:
        EC2_URL: bogus.example.com
      register: result
      ignore_errors: true

    - name: assert invalid ec2_url parameter
      assert:
        that:
           - 'result.failed'
           - 'result.msg.startswith("The ec2_group module requires a region")'

    # ============================================================
    - name: test valid ec2_url parameter
      ec2_group:
        name: '{{ec2_group_name}}'
        description: '{{ec2_group_description}}'
      environment:
        EC2_URL: '{{ec2_url}}'
      register: result
      ignore_errors: true

    - name: assert valid ec2_url parameter
      assert:
        that:
           - 'result.failed'
           - 'result.msg.startswith("The ec2_group module requires a region")'

    # ============================================================
    - name: test credentials from environment
      ec2_group:
        name: '{{ec2_group_name}}'
        description: '{{ec2_group_description}}'
      environment:
        EC2_REGION: '{{ec2_region}}'
        EC2_ACCESS_KEY: bogus_access_key
        EC2_SECRET_KEY: bogus_secret_key
      register: result
      ignore_errors: true

    - name: assert ec2_group with valid ec2_url
      assert:
        that:
           - 'result.failed'
           - '"validate the provided access credentials" in result.msg'

    # ============================================================
    - name: test credential parameters
      ec2_group:
        name: '{{ec2_group_name}}'
        description: '{{ec2_group_description}}'
        ec2_region: '{{ec2_region}}'
        ec2_access_key: 'bogus_access_key'
        ec2_secret_key: 'bogus_secret_key'
      register: result
      ignore_errors: true

    - name: assert credential parameters
      assert:
        that:
           - 'result.failed'
           - '"validate the provided access credentials" in result.msg'
EC2_group module refactor (formerly pr/37255) (#38678) * Refactor ec2_group Replace nested for loops with list comprehensions Purge rules before adding new ones in case sg has maximum permitted rules * Add check mode tests for ec2_group * add tests * Remove dead code * Fix integration test assertions for old boto versions * Add waiter for security group that is autocreated * Add support for in-account group rules * Add common util to get AWS account ID Fixes #31383 * Fix protocol number and add separate tests for egress rule handling * Return egress rule treatment to be backwards compatible * Remove functions that were obsoleted by `Rule` namedtuple * IP tests * Move description updates to a function * Fix string formatting missing index * Add tests for auto-creation of the same group in quick succession * Resolve use of brand-new group in a rule without a description * Clean up duplicated get-security-group function * Add reverse cleanup in case of dependency issues * Add crossaccount ELB group support * Deal with non-STS calls to account API * Add filtering of owner IDs that match the current account 6 years ago			`---`
			`# A Note about ec2 environment variable name preference:`
			`# - EC2_URL -> AWS_URL`
			`# - EC2_ACCESS_KEY -> AWS_ACCESS_KEY_ID -> AWS_ACCESS_KEY`
			`# - EC2_SECRET_KEY -> AWS_SECRET_ACCESS_KEY -> AWX_SECRET_KEY`
			`# - EC2_REGION -> AWS_REGION`
			`#`

			`# - include: ../../setup_ec2/tasks/common.yml module_name: ec2_group`

			`- block:`
			`# ============================================================`
			`- name: test failure with no parameters`
			`ec2_group:`
			`register: result`
			`ignore_errors: true`

			`- name: assert failure with no parameters`
			`assert:`
			`that:`
			`- 'result.failed'`
			`- 'result.msg == "one of the following is required: name, group_id"'`

			`# ============================================================`
			`- name: test failure with only name`
			`ec2_group:`
			`name: '{{ec2_group_name}}'`
			`register: result`
			`ignore_errors: true`

			`- name: assert failure with only name`
			`assert:`
			`that:`
			`- 'result.failed'`
			`- 'result.msg == "Must provide description when state is present."'`

			`# ============================================================`
			`- name: test failure with only description`
			`ec2_group:`
			`description: '{{ec2_group_description}}'`
			`register: result`
			`ignore_errors: true`

			`- name: assert failure with only description`
			`assert:`
			`that:`
			`- 'result.failed'`
			`- 'result.msg == "one of the following is required: name, group_id"'`

			`# ============================================================`
			`- name: test failure with empty description (AWS API requires non-empty string desc)`
			`ec2_group:`
			`name: '{{ec2_group_name}}'`
			`description: ''`
			`region: '{{ec2_region}}'`
			`register: result`
			`ignore_errors: true`

			`- name: assert failure with empty description`
			`assert:`
			`that:`
			`- 'result.failed'`
			`- 'result.msg == "Must provide description when state is present."'`

			`# ============================================================`
			`- name: test valid region parameter`
			`ec2_group:`
			`name: '{{ec2_group_name}}'`
			`description: '{{ec2_group_description}}'`
			`region: '{{ec2_region}}'`
			`register: result`
			`ignore_errors: true`

			`- name: assert valid region parameter`
			`assert:`
			`that:`
			`- 'result.failed'`
			`- '"Unable to locate credentials" in result.msg'`

			`# ============================================================`
			`- name: test environment variable EC2_REGION`
			`ec2_group:`
			`name: '{{ec2_group_name}}'`
			`description: '{{ec2_group_description}}'`
			`environment:`
			`EC2_REGION: '{{ec2_region}}'`
			`register: result`
			`ignore_errors: true`

			`- name: assert environment variable EC2_REGION`
			`assert:`
			`that:`
			`- 'result.failed'`
			`- '"Unable to locate credentials" in result.msg'`

			`# ============================================================`
			`- name: test invalid ec2_url parameter`
			`ec2_group:`
			`name: '{{ec2_group_name}}'`
			`description: '{{ec2_group_description}}'`
			`environment:`
			`EC2_URL: bogus.example.com`
			`register: result`
			`ignore_errors: true`

			`- name: assert invalid ec2_url parameter`
			`assert:`
			`that:`
			`- 'result.failed'`
			`- 'result.msg.startswith("The ec2_group module requires a region")'`

			`# ============================================================`
			`- name: test valid ec2_url parameter`
			`ec2_group:`
			`name: '{{ec2_group_name}}'`
			`description: '{{ec2_group_description}}'`
			`environment:`
			`EC2_URL: '{{ec2_url}}'`
			`register: result`
			`ignore_errors: true`

			`- name: assert valid ec2_url parameter`
			`assert:`
			`that:`
			`- 'result.failed'`
			`- 'result.msg.startswith("The ec2_group module requires a region")'`

			`# ============================================================`
			`- name: test credentials from environment`
			`ec2_group:`
			`name: '{{ec2_group_name}}'`
			`description: '{{ec2_group_description}}'`
			`environment:`
			`EC2_REGION: '{{ec2_region}}'`
			`EC2_ACCESS_KEY: bogus_access_key`
			`EC2_SECRET_KEY: bogus_secret_key`
			`register: result`
			`ignore_errors: true`

			`- name: assert ec2_group with valid ec2_url`
			`assert:`
			`that:`
			`- 'result.failed'`
			`- '"validate the provided access credentials" in result.msg'`

			`# ============================================================`
			`- name: test credential parameters`
			`ec2_group:`
			`name: '{{ec2_group_name}}'`
			`description: '{{ec2_group_description}}'`
			`ec2_region: '{{ec2_region}}'`
			`ec2_access_key: 'bogus_access_key'`
			`ec2_secret_key: 'bogus_secret_key'`
			`register: result`
			`ignore_errors: true`

			`- name: assert credential parameters`
			`assert:`
			`that:`
			`- 'result.failed'`
			`- '"validate the provided access credentials" in result.msg'`