@ -1,15 +1,15 @@
- block:
- name : set yaml anchor
set_fact:
aws_connection_info : &aws_connection_info
- module_defaults:
group/aws:
aws_access_key : "{{ aws_access_key }}"
aws_secret_key : "{{ aws_secret_key }}"
security_token : "{{ security_token }}"
no_log : yes
security_token : "{{ security_token | default(omit) }}"
cloudfront_distribution:
alias : "{{ cloudfront_alias | default(omit) }}"
viewer_certificate : "{{ cloudfront_viewer_cert | default(omit) }}"
block:
- name : create cloudfront distribution using defaults
cloudfront_distribution:
alias : "{{ cloudfront_alias }}"
origins:
- domain_name : "{{ cloudfront_hostname }}-origin.example.com"
id : "{{ cloudfront_hostname }}-origin.example.com"
@ -17,15 +17,17 @@
target_origin_id : "{{ cloudfront_hostname }}-origin.example.com"
state : present
purge_origins : yes
<< : *aws_connection_info
register : cf_distribution
- set_fact:
distribution_id : '{{ cf_distribution.id }}'
- name : re-run cloudfront distribution with same defaults
cloudfront_distribution:
alias: "{{ cloudfront_alias }}"
distribution_id: "{{ distribution_id }}"
origins:
- domain_name : "{{ cloudfront_hostname }}-origin.example.com"
state : present
<< : *aws_connection_info
register : cf_dist_no_update
- name : ensure distribution was not updated
@ -35,10 +37,9 @@
- name : re-run cloudfront distribution using distribution id
cloudfront_distribution:
distribution_id : "{{ cf_dist_no_update. id }}"
distribution_id : "{{ distribution_ id }}"
purge_origins : no
state : present
<< : *aws_connection_info
register : cf_dist_with_id
- name : ensure distribution was not updated
@ -48,13 +49,12 @@
- name : update origin http port
cloudfront_distribution:
alias: "{{ cloudfront_alias }}"
distribution_id: "{{ distribution_id }}"
origins:
- domain_name : "{{ cloudfront_hostname }}-origin.example.com"
custom_origin_config:
http_port : 8080
state : present
<< : *aws_connection_info
register : update_origin_http_port
- name : ensure http port was updated
@ -64,14 +64,13 @@
- name : update restrictions
cloudfront_distribution:
alias: "{{ cloudfront_alias }}"
distribution_id: "{{ distribution_id }}"
restrictions:
geo_restriction:
restriction_type : "whitelist"
items:
- "US"
state : present
<< : *aws_connection_info
register : update_restrictions
- name : ensure restrictions was updated
@ -85,10 +84,9 @@
- name : update comment
cloudfront_distribution:
alias: "{{ cloudfront_alias }}"
distribution_id: "{{ distribution_id }}"
comment : "{{ comment }}"
state : present
<< : *aws_connection_info
register : cf_comment
- name : ensure comment was updated
@ -99,14 +97,13 @@
- name : create second origin
cloudfront_distribution:
alias: "{{ cloudfront_alias }}"
distribution_id: "{{ distribution_id }}"
origins:
- domain_name : "{{ resource_prefix }}2.example.com"
id : "{{ resource_prefix }}2.example.com"
default_root_object : index.html
state : present
wait : yes
<< : *aws_connection_info
register : cf_add_origin
- name : ensure origin was added
@ -118,7 +115,7 @@
- name : re-run second origin
cloudfront_distribution:
alias: "{{ cloudfront_alias }}"
distribution_id: "{{ distribution_id }}"
origins:
- domain_name : "{{ cloudfront_hostname }}-origin.example.com"
custom_origin_config:
@ -127,7 +124,6 @@
default_root_object : index.html
wait : yes
state : present
<< : *aws_connection_info
register : cf_rerun_second_origin
- name : ensure nothing changed after re-run
@ -138,14 +134,13 @@
- name : run with origins in reverse order
cloudfront_distribution:
alias: "{{ cloudfront_alias }}"
distribution_id: "{{ distribution_id }}"
origins:
- domain_name : "{{ resource_prefix }}2.example.com"
- domain_name : "{{ cloudfront_hostname }}-origin.example.com"
custom_origin_config:
http_port : 8080
state : present
<< : *aws_connection_info
register : cf_rerun_second_origin_reversed
- name : ensure nothing changed after reversed re-run
@ -157,14 +152,13 @@
- name : purge first origin
cloudfront_distribution:
alias: "{{ cloudfront_alias }}"
distribution_id: "{{ distribution_id }}"
origins:
- domain_name : "{{ resource_prefix }}2.example.com"
default_cache_behavior:
target_origin_id : "{{ resource_prefix }}2.example.com"
purge_origins : yes
state : present
<< : *aws_connection_info
register : cf_purge_origin
- name : ensure origin was removed
@ -175,12 +169,11 @@
- name : update default_root_object of existing distribution
cloudfront_distribution:
alias: "{{ cloudfront_alias }}"
distribution_id: "{{ distribution_id }}"
origins:
- domain_name : "{{ resource_prefix }}2.example.com"
default_root_object : index.php
state : present
<< : *aws_connection_info
register : cf_update_default_root_object
- name : ensure origin was updated
@ -191,15 +184,14 @@
- name : add tags to existing distribution
cloudfront_distribution:
alias: "{{ cloudfront_alias }}"
distribution_id: "{{ distribution_id }}"
origins:
- domain_name : "{{ resource_prefix }}2.example.com"
tags:
Name: "{{ cloudfront_alias }}"
ATag: tag1
Another : tag
default_root_object : index.php
state : present
<< : *aws_connection_info
register : cf_add_tags
- name : ensure tags were added
@ -210,61 +202,61 @@
- name : delete distribution
cloudfront_distribution:
alias: "{{ cloudfront_alias }}"
distribution_id: "{{ distribution_id }}"
enabled : no
wait : yes
state : absent
<< : *aws_connection_info
- name : create distribution with tags
cloudfront_distribution:
alias : "{{ cloudfront_alias }}"
origins:
- domain_name : "{{ resource_prefix }}2.example.com"
id : "{{ resource_prefix }}2.example.com"
tags:
Name: "{{ cloudfront_alias }}"
ATag: tag1
Another : tag
state : present
<< : *aws_connection_info
register : cf_second_distribution
- set_fact:
distribution_id : '{{ cf_second_distribution.id }}'
- name : ensure tags were set on creation
assert:
that:
- cf_second_distribution.changed
- cf_second_distribution.tags|length == 2
- "'Name' in cf_second_distribution.tags"
- "'ATag' in cf_second_distribution.tags"
- "'Another' in cf_second_distribution.tags"
- name : re-run create distribution with same tags and purge_tags
cloudfront_distribution:
alias: "{{ cloudfront_alias }}"
distribution_id: "{{ distribution_id }}"
origins:
- domain_name : "{{ resource_prefix }}2.example.com"
id : "{{ resource_prefix }}2.example.com"
tags:
Name: "{{ cloudfront_alias }}"
ATag: tag1
Another : tag
purge_tags : yes
state : present
<< : *aws_connection_info
register : rerun_with_purge_tags
- name : ensure that re-running didn't change
assert:
that:
- not rerun_with_purge_tags.changed
- rerun_with_purge_tags.tags|length == 2
- name : add new tag to distribution
cloudfront_distribution:
alias: "{{ cloudfront_alias }}"
distribution_id: "{{ distribution_id }}"
origins:
- domain_name : "{{ resource_prefix }}2.example.com"
tags:
Third : thing
purge_tags : no
state : present
<< : *aws_connection_info
register : update_with_new_tag
- name : ensure tags are correct
@ -273,25 +265,25 @@
- update_with_new_tag.changed
- "'Third' in update_with_new_tag.tags"
- "'Another' in update_with_new_tag.tags"
- "'Atag' in update_with_new_tag.tags"
- update_with_new_tag.tags|length == 3
- name : create some cache behaviors
cloudfront_distribution:
alias: "{{ cloudfront_alias }}"
distribution_id: "{{ distribution_id }}"
origins:
- domain_name : "{{ resource_prefix }}2.example.com"
cache_behaviors : "{{ cloudfront_test_cache_behaviors }}"
state : present
<< : *aws_connection_info
register : add_cache_behaviors
- name : reverse some cache behaviors
cloudfront_distribution:
alias: "{{ cloudfront_alias }}"
distribution_id: "{{ distribution_id }}"
origins:
- domain_name : "{{ resource_prefix }}2.example.com"
cache_behaviors : "{{ cloudfront_test_cache_behaviors|reverse|list }}"
state : present
<< : *aws_connection_info
register : reverse_cache_behaviors
- name : check that reversing cache behaviors changes nothing when purge_cache_behaviors unset
@ -302,13 +294,12 @@
- name : reverse some cache behaviors properly
cloudfront_distribution:
alias: "{{ cloudfront_alias }}"
distribution_id: "{{ distribution_id }}"
origins:
- domain_name : "{{ resource_prefix }}2.example.com"
cache_behaviors : "{{ cloudfront_test_cache_behaviors|reverse|list }}"
purge_cache_behaviors : yes
state : present
<< : *aws_connection_info
register : reverse_cache_behaviors_with_purge
- name : check that reversing cache behaviors changes nothing when purge_cache_behaviors unset
@ -319,13 +310,12 @@
- name : update origin that changes target id (failure expected)
cloudfront_distribution:
alias: "{{ cloudfront_alias }}"
distribution_id: "{{ distribution_id }}"
origins:
- domain_name : "{{ resource_prefix }}3.example.com"
id : "{{ resource_prefix }}3.example.com"
purge_origins : yes
state : present
<< : *aws_connection_info
register : remove_origin_in_use
ignore_errors : yes
@ -338,7 +328,6 @@
# not clear whether to hope they fix or prevent this issue from happening
#- name: update origin and update cache behavior to point to new origin
# cloudfront_distribution:
# alias: "{{ cloudfront_alias }}"
# origins:
# - domain_name: "{{ resource_prefix }}3.example.com"
# id: "{{ resource_prefix }}3.example.com"
@ -360,17 +349,15 @@
aws_s3:
bucket : "{{ resource_prefix }}-bucket"
mode : create
<< : *aws_connection_info
- name : update origin to point to the s3 bucket
cloudfront_distribution:
alias: "{{ cloudfront_alias }}"
distribution_id: "{{ distribution_id }}"
origins:
- domain_name : "{{ resource_prefix }}-bucket.s3.amazonaws.com"
id : "{{ resource_prefix }}3.example.com"
s3_origin_access_identity_enabled : yes
state : present
<< : *aws_connection_info
register : update_origin_to_s3
- name : check that s3 origin access is in result
@ -382,13 +369,12 @@
- name : update origin to remove s3 origin access identity
cloudfront_distribution:
alias: "{{ cloudfront_alias }}"
distribution_id: "{{ distribution_id }}"
origins:
- domain_name : "{{ resource_prefix }}-bucket.s3.amazonaws.com"
id : "{{ resource_prefix }}3.example.com"
s3_origin_access_identity_enabled : no
state : present
<< : *aws_connection_info
register : update_origin_to_s3_without_origin_access
- name : check that s3 origin access is not in result
@ -402,11 +388,10 @@
aws_s3:
bucket : "{{ resource_prefix }}-bucket"
mode : delete
<< : *aws_connection_info
- name : check that custom_origin_config can't be used with origin_access_identity enabled
cloudfront_distribution:
alias: "{{ cloudfront_alias }}"
distribution_id: "{{ distribution_id }}"
origins:
- domain_name : "{{ resource_prefix }}-bucket.s3.amazonaws.com"
id : "{{ resource_prefix }}3.example.com"
@ -414,7 +399,6 @@
custom_origin_config:
origin_protocol_policy : 'http-only'
state : present
<< : *aws_connection_info
register : update_origin_to_s3_with_origin_access_and_with_custom_origin_config
ignore_errors : True
@ -425,10 +409,14 @@
always:
# TEARDOWN STARTS HERE
- name : delete the s3 bucket
aws_s3:
bucket : "{{ resource_prefix }}-bucket"
mode : delete
- name : clean up cloudfront distribution
cloudfront_distribution:
alias : "{{ cloudfront_alias }}"
distribution_id: "{{ distribution_id }}"
enabled : no
wait : yes
state : absent
<< : *aws_connection_info