From 261ad0aa87fc1607850d96112ccc3437a96a1c41 Mon Sep 17 00:00:00 2001
From: Will Thames <will@thames.id.au>
Date: Thu, 3 May 2018 22:28:23 +1000
Subject: [PATCH] [aws] Improve integration test suite for cloudfront (#37813)

Improve naming of one of the cloudfront tasks

Change test_identifier back to resource_prefix now it's always
lower case.

More tests around using distribution_id and default_root_object
---
 .../cloudfront_distribution/tasks/main.yml    | 98 ++++++++++++-------
 1 file changed, 65 insertions(+), 33 deletions(-)

diff --git a/test/integration/targets/cloudfront_distribution/tasks/main.yml b/test/integration/targets/cloudfront_distribution/tasks/main.yml
index b1ed2663285..02a291c1553 100644
--- a/test/integration/targets/cloudfront_distribution/tasks/main.yml
+++ b/test/integration/targets/cloudfront_distribution/tasks/main.yml
@@ -1,8 +1,4 @@
 - block:
-  - name: make sure resource prefix is lowercase
-    set_fact:
-      test_identifier: "{{ resource_prefix | lower }}"
-
   - name: set yaml anchor
     set_fact:
       aws_connection_info: &aws_connection_info
@@ -37,6 +33,19 @@
       that:
         - not cf_dist_no_update.changed
 
+  - name: re-run cloudfront distribution using distribution id
+    cloudfront_distribution:
+      distribution_id: "{{ cf_dist_no_update.id }}"
+      purge_origins: no
+      state: present
+      <<: *aws_connection_info
+    register: cf_dist_with_id
+
+  - name: ensure distribution was not updated
+    assert:
+      that:
+        - not cf_dist_with_id.changed
+
   - name: update origin http port
     cloudfront_distribution:
       alias: "{{ cloudfront_alias }}"
@@ -92,8 +101,9 @@
     cloudfront_distribution:
       alias: "{{ cloudfront_alias }}"
       origins:
-      - domain_name: "{{ test_identifier }}2.example.com"
-        id: "{{ test_identifier }}2.example.com"
+      - domain_name: "{{ resource_prefix }}2.example.com"
+        id: "{{ resource_prefix }}2.example.com"
+      default_root_object: index.html
       state: present
       wait: yes
       <<: *aws_connection_info
@@ -104,6 +114,7 @@
       that:
         - cf_add_origin.origins.quantity == 2
         - cf_add_origin.changed
+        - "cf_add_origin.default_root_object == 'index.html'"
 
   - name: re-run second origin
     cloudfront_distribution:
@@ -112,7 +123,9 @@
       - domain_name: "{{ cloudfront_hostname }}-origin.example.com"
         custom_origin_config:
           http_port: 8080
+      - domain_name: "{{ resource_prefix }}2.example.com"
       - domain_name: "{{ test_identifier }}2.example.com"
+      default_root_object: index.html
       wait: yes
       state: present
       <<: *aws_connection_info
@@ -128,7 +141,7 @@
     cloudfront_distribution:
       alias: "{{ cloudfront_alias }}"
       origins:
-      - domain_name: "{{ test_identifier }}2.example.com"
+      - domain_name: "{{ resource_prefix }}2.example.com"
       - domain_name: "{{ cloudfront_hostname }}-origin.example.com"
         custom_origin_config:
           http_port: 8080
@@ -147,9 +160,9 @@
     cloudfront_distribution:
       alias: "{{ cloudfront_alias }}"
       origins:
-      - domain_name: "{{ test_identifier }}2.example.com"
+      - domain_name: "{{ resource_prefix }}2.example.com"
       default_cache_behavior:
-        target_origin_id: "{{ test_identifier }}2.example.com"
+        target_origin_id: "{{ resource_prefix }}2.example.com"
       purge_origins: yes
       state: present
       <<: *aws_connection_info
@@ -161,14 +174,31 @@
         - cf_purge_origin.origins.quantity == 1
         - cf_purge_origin.changed
 
-  - name: add tags to existing distribution
+  - name: update default_root_object of existing distribution
     cloudfront_distribution:
       alias: "{{ cloudfront_alias }}"
       origins:
       - domain_name: "{{ test_identifier }}2.example.com"
+      default_root_object: index.php
+      state: present
+      <<: *aws_connection_info
+    register: cf_update_default_root_object
+
+  - name: ensure origin was updated
+    assert:
+      that:
+        - "cf_update_default_root_object.default_root_object == 'index.php'"
+        - cf_update_default_root_object.changed
+
+  - name: add tags to existing distribution
+    cloudfront_distribution:
+      alias: "{{ cloudfront_alias }}"
+      origins:
+      - domain_name: "{{ resource_prefix }}2.example.com"
       tags:
         Name: "{{ cloudfront_alias }}"
         Another: tag
+      default_root_object: index.php
       state: present
       <<: *aws_connection_info
     register: cf_add_tags
@@ -191,8 +221,8 @@
     cloudfront_distribution:
       alias: "{{ cloudfront_alias }}"
       origins:
-      - domain_name: "{{ test_identifier }}2.example.com"
-        id: "{{ test_identifier }}2.example.com"
+      - domain_name: "{{ resource_prefix }}2.example.com"
+        id: "{{ resource_prefix }}2.example.com"
       tags:
         Name: "{{ cloudfront_alias }}"
         Another: tag
@@ -211,8 +241,8 @@
     cloudfront_distribution:
       alias: "{{ cloudfront_alias }}"
       origins:
-      - domain_name: "{{ test_identifier }}2.example.com"
-        id: "{{ test_identifier }}2.example.com"
+      - domain_name: "{{ resource_prefix }}2.example.com"
+        id: "{{ resource_prefix }}2.example.com"
       tags:
         Name: "{{ cloudfront_alias }}"
         Another: tag
@@ -230,7 +260,7 @@
     cloudfront_distribution:
       alias: "{{ cloudfront_alias }}"
       origins:
-      - domain_name: "{{ test_identifier }}2.example.com"
+      - domain_name: "{{ resource_prefix }}2.example.com"
       tags:
         Third: thing
       purge_tags: no
@@ -249,7 +279,7 @@
     cloudfront_distribution:
       alias: "{{ cloudfront_alias }}"
       origins:
-      - domain_name: "{{ test_identifier }}2.example.com"
+      - domain_name: "{{ resource_prefix }}2.example.com"
       cache_behaviors: "{{ cloudfront_test_cache_behaviors }}"
       state: present
       <<: *aws_connection_info
@@ -259,7 +289,7 @@
     cloudfront_distribution:
       alias: "{{ cloudfront_alias }}"
       origins:
-      - domain_name: "{{ test_identifier }}2.example.com"
+      - domain_name: "{{ resource_prefix }}2.example.com"
       cache_behaviors: "{{ cloudfront_test_cache_behaviors|reverse|list }}"
       state: present
       <<: *aws_connection_info
@@ -275,7 +305,7 @@
     cloudfront_distribution:
       alias: "{{ cloudfront_alias }}"
       origins:
-      - domain_name: "{{ test_identifier }}2.example.com"
+      - domain_name: "{{ resource_prefix }}2.example.com"
       cache_behaviors: "{{ cloudfront_test_cache_behaviors|reverse|list }}"
       purge_cache_behaviors: yes
       state: present
@@ -292,8 +322,8 @@
     cloudfront_distribution:
       alias: "{{ cloudfront_alias }}"
       origins:
-      - domain_name: "{{ test_identifier }}3.example.com"
-        id: "{{ test_identifier }}3.example.com"
+      - domain_name: "{{ resource_prefix }}3.example.com"
+        id: "{{ resource_prefix }}3.example.com"
       purge_origins: yes
       state: present
       <<: *aws_connection_info
@@ -311,13 +341,13 @@
   #  cloudfront_distribution:
   #    alias: "{{ cloudfront_alias }}"
   #    origins:
-  #    - domain_name: "{{ test_identifier }}3.example.com"
-  #      id: "{{ test_identifier }}3.example.com"
+  #    - domain_name: "{{ resource_prefix }}3.example.com"
+  #      id: "{{ resource_prefix }}3.example.com"
   #    cache_behaviors:
   #      - path_pattern: /test/path
-  #        target_origin_id: "{{ test_identifier }}3.example.com"
+  #        target_origin_id: "{{ resource_prefix }}3.example.com"
   #      - path_pattern: /another/path
-  #        target_origin_id: "{{ test_identifier }}3.example.com"
+  #        target_origin_id: "{{ resource_prefix }}3.example.com"
   #    state: present
   #    aws_access_key: "{{ aws_access_key|default(omit) }}"
   #    aws_secret_key: "{{ aws_secret_key|default(omit) }}"
@@ -326,8 +356,10 @@
   #  register: update_cache_behaviors in use
 
   - name: create an s3 bucket for next test
+    # note that although public-read allows reads that we want to stop with origin_access_identity,
+    # we also need to test without origin_access_identity and it's hard to change bucket perms later
     aws_s3:
-      bucket: "{{ test_identifier }}-bucket"
+      bucket: "{{ resource_prefix }}-bucket"
       mode: create
       <<: *aws_connection_info
 
@@ -335,8 +367,8 @@
     cloudfront_distribution:
       alias: "{{ cloudfront_alias }}"
       origins:
-      - domain_name: "{{ test_identifier }}-bucket.{{ aws_region }}.s3.amazonaws.com"
-        id: "{{ test_identifier }}3.example.com"
+      - domain_name: "{{ resource_prefix }}-bucket.s3.amazonaws.com"
+        id: "{{ resource_prefix }}3.example.com"
         s3_origin_access_identity_enabled: yes
       state: present
       <<: *aws_connection_info
@@ -353,8 +385,8 @@
     cloudfront_distribution:
       alias: "{{ cloudfront_alias }}"
       origins:
-      - domain_name: "{{ test_identifier }}-bucket.{{ aws_region }}.s3.amazonaws.com"
-        id: "{{ test_identifier }}3.example.com"
+      - domain_name: "{{ resource_prefix }}-bucket.s3.amazonaws.com"
+        id: "{{ resource_prefix }}3.example.com"
         s3_origin_access_identity_enabled: no
       state: present
       <<: *aws_connection_info
@@ -369,16 +401,16 @@
 
   - name: delete the s3 bucket
     aws_s3:
-      bucket: "{{ test_identifier }}-bucket"
+      bucket: "{{ resource_prefix }}-bucket"
       mode: delete
       <<: *aws_connection_info
 
-  - name: update origin to remove s3 origin access identity
+  - name: check that custom_origin_config can't be used with origin_access_identity enabled
     cloudfront_distribution:
       alias: "{{ cloudfront_alias }}"
       origins:
-      - domain_name: "{{ test_identifier }}-bucket.{{ aws_region }}.s3.amazonaws.com"
-        id: "{{ test_identifier }}3.example.com"
+      - domain_name: "{{ resource_prefix }}-bucket.s3.amazonaws.com"
+        id: "{{ resource_prefix }}3.example.com"
         s3_origin_access_identity_enabled: yes
         custom_origin_config:
           origin_protocol_policy: 'http-only'