[cloud] Improve ipv6 and EC2 classic support in ec2_group integration tests (#32976)

* ec2_group: fix ipv6 tests to use an explicit VPC

* otherwise would fail on old AWS accounts supporting EC2-classic

* ec2_group: fix tests to use an explicit VPC

* Only run some tests if there is a default vpc associated with the account

test/integration/targets/ec2_group/tasks/main.yml

@@ -171,6 +171,29 @@
           region: "{{ aws_region }}"
       no_log: yes
 
+    # ============================================================
+    - name: determine if there is a default VPC
+      set_fact:
+        defaultvpc: "{{ lookup('aws_account_attribute',
+                               attribute='default-vpc',
+                               region=aws_region,
+                               aws_access_key=aws_access_key,
+                               aws_secret_key=aws_secret_key,
+                               aws_security_token=security_token) }}"
+      register: default_vpc
+
+    # ============================================================
+    - name: create a VPC
+      ec2_vpc_net:
+        name: "{{ resource_prefix }}-vpc"
+        state: present
+        cidr_block: "10.232.232.128/26"
+        <<: *aws_connection_info
+        tags:
+          Name: "{{ resource_prefix }}-vpc"
+          Description: "Created by ansible-test"
+      register: vpc_result
+
     # ============================================================
     - name: test state=absent
       ec2_group:
@@ -226,6 +249,10 @@
            - 'not result.changed'
            - 'result.group_id.startswith("sg-")'
 
+    # ============================================================
+    - name: tests IPv6 with the default VPC
+      block:
+
         # ============================================================
         - name: test state=present for ipv6 (expected changed=true)
           ec2_group:
@@ -271,6 +298,111 @@
                - 'result.changed'
                - 'result.group_id.startswith("sg-")'
 
+      when: default_vpc
+
+    - name: test IPv6 with a specified VPC
+      block:
+
+        # ============================================================
+        - name: test state=present (expected changed=true)
+          ec2_group:
+            name: '{{ ec2_group_name }}-2'
+            description: '{{ ec2_group_description }}-2'
+            state: present
+            vpc_id: '{{ vpc_result.vpc.id }}'
+            <<: *aws_connection_info
+          register: result
+
+        - name: assert state=present (expected changed=true)
+          assert:
+            that:
+               - 'result.changed'
+               - 'result.group_id.startswith("sg-")'
+
+        # ============================================================
+        - name: test state=present for ipv6 (expected changed=true)
+          ec2_group:
+            name: '{{ ec2_group_name }}-2'
+            description: '{{ ec2_group_description }}-2'
+            state: present
+            vpc_id: '{{ vpc_result.vpc.id }}'
+            rules:
+            - proto: "tcp"
+              from_port: 8182
+              to_port: 8182
+              cidr_ipv6: "64:ff9b::/96"
+            <<: *aws_connection_info
+          register: result
+
+        - name: assert state=present (expected changed=true)
+          assert:
+            that:
+               - 'result.changed'
+               - 'result.group_id.startswith("sg-")'
+
+        # ============================================================
+
+        - name: test state=present for ipv6 (expected changed=true)
+          ec2_group:
+            name: '{{ ec2_group_name }}-2'
+            description: '{{ ec2_group_description }}-2'
+            state: present
+            vpc_id: '{{ vpc_result.vpc.id }}'
+            rules:
+            - proto: "tcp"
+              from_port: 8182
+              to_port: 8182
+              cidr_ipv6: "64:ff9b::/96"
+            <<: *aws_connection_info
+          register: result
+
+        - name: assert nothing changed
+          assert:
+            that:
+              - 'not result.changed'
+
+        # ============================================================
+        - name: test rules_egress state=present for ipv6 (expected changed=true)
+          ec2_group:
+            name: '{{ ec2_group_name }}-2'
+            description: '{{ ec2_group_description }}-2'
+            state: present
+            vpc_id: '{{ vpc_result.vpc.id }}'
+            rules:
+            - proto: "tcp"
+              from_port: 8182
+              to_port: 8182
+              cidr_ipv6: "64:ff9b::/96"
+            rules_egress:
+            - proto: "tcp"
+              from_port: 8181
+              to_port: 8181
+              cidr_ipv6: "64:ff9b::/96"
+            <<: *aws_connection_info
+          register: result
+
+        - name: assert state=present (expected changed=true)
+          assert:
+            that:
+               - 'result.changed'
+               - 'result.group_id.startswith("sg-")'
+
+        # ============================================================
+
+        - name: test state=absent (expected changed=true)
+          ec2_group:
+            name: '{{ ec2_group_name }}-2'
+            description: '{{ ec2_group_description }}-2'
+            state: absent
+            vpc_id: '{{ vpc_result.vpc.id }}'
+            <<: *aws_connection_info
+          register: result
+
+        - name: assert group was removed
+          assert:
+            that:
+              - 'result.changed'
+
     # ============================================================
     - name: test state=present for ipv4 (expected changed=true)
       ec2_group:
@@ -344,12 +476,12 @@
         - proto: "tcp"
           from_port: "8183"
           to_port: "8183"
-          cidr_ipv6: "64:ff9b::/96"
+          cidr_ip: "1.1.1.1/32"
         rules_egress:
         - proto: "tcp"
           from_port: "8184"
           to_port: "8184"
-          cidr_ipv6: "64:ff9b::/96"
+          cidr_ip: "1.1.1.1/32"
       register: result
 
     - name: assert state=present (expected changed=true)
@@ -374,7 +506,6 @@
         - proto: "tcp"
           from_port: "8186"
           to_port: "8186"
-          cidr_ipv6: "64:ff9b::/96"
           group_id: "{{result.group_id}}"
       register: result
 
@@ -457,6 +588,8 @@
           - 'result.group_id.startswith("sg-")'
 
     # ============================================================
+    - name: test using the default VPC
+      block:
 
         - name: test adding a rule with a IPv6 CIDR with host bits set (expected changed=true)
           ec2_group:
@@ -506,6 +639,8 @@
               - 'not result.changed'
               - 'result.group_id.startswith("sg-")'
 
+      when: default_vpc
+
     # ============================================================
     - name: test state=absent (expected changed=true)
       ec2_group:
@@ -520,17 +655,6 @@
            - 'result.changed'
            - 'not result.group_id'
 
-    - name: create a VPC
-      ec2_vpc_net:
-        name: "{{ resource_prefix }}-vpc"
-        state: present
-        cidr_block: "10.232.232.128/26"
-        <<: *aws_connection_info
-        tags:
-          Name: "{{ resource_prefix }}-vpc"
-          Description: "Created by ansible-test"
-      register: vpc_result
-
     - name: create security group in the VPC
       ec2_group:
         name: '{{ec2_group_name}}'
@@ -771,8 +895,8 @@
         - proto: "tcp"
           ports:
           - 8281
-          cidr_ipv6: 1001:d00::/24
+          cidr_ip: 1.1.1.1/24
-          rule_desc: ipv6 rule desc 2
+          rule_desc: ipv4 rule desc
         rules_egress:
         - proto: "tcp"
           ports:
@@ -899,6 +1023,13 @@
         <<: *aws_connection_info
       ignore_errors: yes
 
+    - name: tidy up security group for IPv6 EC2-Classic tests
+      ec2_group:
+        name: '{{ ec2_group_name }}-2'
+        state: absent
+        <<: *aws_connection_info
+      ignore_errors: yes
+
     - name: tidy up default VPC security group
       ec2_group:
         name: '{{ec2_group_name}}-default-vpc'