@ -171,6 +171,29 @@
region : "{{ aws_region }}"
region : "{{ aws_region }}"
no_log : yes
no_log : yes
# ============================================================
- name : determine if there is a default VPC
set_fact:
defaultvpc : "{{ lookup('aws_account_attribute',
attribute='default-vpc',
region=aws_region,
aws_access_key=aws_access_key,
aws_secret_key=aws_secret_key,
aws_security_token=security_token) }}"
register : default_vpc
# ============================================================
- name : create a VPC
ec2_vpc_net:
name : "{{ resource_prefix }}-vpc"
state : present
cidr_block : "10.232.232.128/26"
<< : *aws_connection_info
tags:
Name : "{{ resource_prefix }}-vpc"
Description : "Created by ansible-test"
register : vpc_result
# ============================================================
# ============================================================
- name : test state=absent
- name : test state=absent
ec2_group:
ec2_group:
@ -227,49 +250,158 @@
- 'result.group_id.startswith("sg-")'
- 'result.group_id.startswith("sg-")'
# ============================================================
# ============================================================
- name : test state=present for ipv6 (expected changed=true)
- name : tests IPv6 with the default VPC
ec2_group:
block:
name : '{{ec2_group_name}}'
description : '{{ec2_group_description}}'
# ============================================================
<< : *aws_connection_info
- name : test state=present for ipv6 (expected changed=true)
state : present
ec2_group:
rules:
name : '{{ec2_group_name}}'
- proto : "tcp"
description : '{{ec2_group_description}}'
from_port : 8182
<< : *aws_connection_info
to_port : 8182
state : present
cidr_ipv6 : "64:ff9b::/96"
rules:
register : result
- proto : "tcp"
from_port : 8182
- name : assert state=present (expected changed=true)
to_port : 8182
assert:
cidr_ipv6 : "64:ff9b::/96"
that:
register : result
- 'result.changed'
- 'result.group_id.startswith("sg-")'
- name : assert state=present (expected changed=true)
assert:
# ============================================================
that:
- name : test rules_egress state=present for ipv6 (expected changed=true)
- 'result.changed'
ec2_group:
- 'result.group_id.startswith("sg-")'
name : '{{ec2_group_name}}'
description : '{{ec2_group_description}}'
# ============================================================
<< : *aws_connection_info
- name : test rules_egress state=present for ipv6 (expected changed=true)
state : present
ec2_group:
rules:
name : '{{ec2_group_name}}'
- proto : "tcp"
description : '{{ec2_group_description}}'
from_port : 8182
<< : *aws_connection_info
to_port : 8182
state : present
cidr_ipv6 : "64:ff9b::/96"
rules:
rules_egress:
- proto : "tcp"
- proto : "tcp"
from_port : 8182
from_port : 8181
to_port : 8182
to_port : 8181
cidr_ipv6 : "64:ff9b::/96"
cidr_ipv6 : "64:ff9b::/96"
rules_egress:
register : result
- proto : "tcp"
from_port : 8181
- name : assert state=present (expected changed=true)
to_port : 8181
assert:
cidr_ipv6 : "64:ff9b::/96"
that:
register : result
- 'result.changed'
- 'result.group_id.startswith("sg-")'
- name : assert state=present (expected changed=true)
assert:
that:
- 'result.changed'
- 'result.group_id.startswith("sg-")'
when : default_vpc
- name : test IPv6 with a specified VPC
block:
# ============================================================
- name : test state=present (expected changed=true)
ec2_group:
name : '{{ ec2_group_name }}-2'
description : '{{ ec2_group_description }}-2'
state : present
vpc_id : '{{ vpc_result.vpc.id }}'
<< : *aws_connection_info
register : result
- name : assert state=present (expected changed=true)
assert:
that:
- 'result.changed'
- 'result.group_id.startswith("sg-")'
# ============================================================
- name : test state=present for ipv6 (expected changed=true)
ec2_group:
name : '{{ ec2_group_name }}-2'
description : '{{ ec2_group_description }}-2'
state : present
vpc_id : '{{ vpc_result.vpc.id }}'
rules:
- proto : "tcp"
from_port : 8182
to_port : 8182
cidr_ipv6 : "64:ff9b::/96"
<< : *aws_connection_info
register : result
- name : assert state=present (expected changed=true)
assert:
that:
- 'result.changed'
- 'result.group_id.startswith("sg-")'
# ============================================================
- name : test state=present for ipv6 (expected changed=true)
ec2_group:
name : '{{ ec2_group_name }}-2'
description : '{{ ec2_group_description }}-2'
state : present
vpc_id : '{{ vpc_result.vpc.id }}'
rules:
- proto : "tcp"
from_port : 8182
to_port : 8182
cidr_ipv6 : "64:ff9b::/96"
<< : *aws_connection_info
register : result
- name : assert nothing changed
assert:
that:
- 'not result.changed'
# ============================================================
- name : test rules_egress state=present for ipv6 (expected changed=true)
ec2_group:
name : '{{ ec2_group_name }}-2'
description : '{{ ec2_group_description }}-2'
state : present
vpc_id : '{{ vpc_result.vpc.id }}'
rules:
- proto : "tcp"
from_port : 8182
to_port : 8182
cidr_ipv6 : "64:ff9b::/96"
rules_egress:
- proto : "tcp"
from_port : 8181
to_port : 8181
cidr_ipv6 : "64:ff9b::/96"
<< : *aws_connection_info
register : result
- name : assert state=present (expected changed=true)
assert:
that:
- 'result.changed'
- 'result.group_id.startswith("sg-")'
# ============================================================
- name : test state=absent (expected changed=true)
ec2_group:
name : '{{ ec2_group_name }}-2'
description : '{{ ec2_group_description }}-2'
state : absent
vpc_id : '{{ vpc_result.vpc.id }}'
<< : *aws_connection_info
register : result
- name : assert group was removed
assert:
that:
- 'result.changed'
# ============================================================
# ============================================================
- name : test state=present for ipv4 (expected changed=true)
- name : test state=present for ipv4 (expected changed=true)
@ -344,12 +476,12 @@
- proto : "tcp"
- proto : "tcp"
from_port : "8183"
from_port : "8183"
to_port : "8183"
to_port : "8183"
cidr_ip v6: "64:ff9b::/96 "
cidr_ip : "1.1.1.1/32 "
rules_egress:
rules_egress:
- proto : "tcp"
- proto : "tcp"
from_port : "8184"
from_port : "8184"
to_port : "8184"
to_port : "8184"
cidr_ip v6: "64:ff9b::/96 "
cidr_ip : "1.1.1.1/32 "
register : result
register : result
- name : assert state=present (expected changed=true)
- name : assert state=present (expected changed=true)
@ -374,7 +506,6 @@
- proto : "tcp"
- proto : "tcp"
from_port : "8186"
from_port : "8186"
to_port : "8186"
to_port : "8186"
cidr_ipv6 : "64:ff9b::/96"
group_id : "{{result.group_id}}"
group_id : "{{result.group_id}}"
register : result
register : result
@ -457,54 +588,58 @@
- 'result.group_id.startswith("sg-")'
- 'result.group_id.startswith("sg-")'
# ============================================================
# ============================================================
- name : test using the default VPC
- name : test adding a rule with a IPv6 CIDR with host bits set (expected changed=true)
block:
ec2_group:
name : '{{ec2_group_name}}'
- name : test adding a rule with a IPv6 CIDR with host bits set (expected changed=true)
description : '{{ec2_group_description}}'
ec2_group:
ec2_region : '{{ec2_region}}'
name : '{{ec2_group_name}}'
ec2_access_key : '{{ec2_access_key}}'
description : '{{ec2_group_description}}'
ec2_secret_key : '{{ec2_secret_key}}'
ec2_region : '{{ec2_region}}'
security_token : '{{security_token}}'
ec2_access_key : '{{ec2_access_key}}'
state : present
ec2_secret_key : '{{ec2_secret_key}}'
# set purge_rules to false so we don't get a false positive from previously added rules
security_token : '{{security_token}}'
purge_rules : false
state : present
rules:
# set purge_rules to false so we don't get a false positive from previously added rules
- proto : "tcp"
purge_rules : false
ports:
rules:
- 8196
- proto : "tcp"
cidr_ipv6 : '2001:db00::1/24'
ports:
register : result
- 8196
cidr_ipv6 : '2001:db00::1/24'
- name : assert state=present (expected changed=true)
register : result
assert:
that:
- name : assert state=present (expected changed=true)
- 'result.changed'
assert:
- 'result.group_id.startswith("sg-")'
that:
- 'result.changed'
# ============================================================
- 'result.group_id.startswith("sg-")'
- name : test adding a rule again with a IPv6 CIDR with host bits set (expected changed=false and a warning)
# ============================================================
ec2_group:
name : '{{ec2_group_name}}'
- name : test adding a rule again with a IPv6 CIDR with host bits set (expected changed=false and a warning)
description : '{{ec2_group_description}}'
ec2_group:
<< : *aws_connection_info
name : '{{ec2_group_name}}'
state : present
description : '{{ec2_group_description}}'
# set purge_rules to false so we don't get a false positive from previously added rules
<< : *aws_connection_info
purge_rules : false
state : present
rules:
# set purge_rules to false so we don't get a false positive from previously added rules
- proto : "tcp"
purge_rules : false
ports:
rules:
- 8196
- proto : "tcp"
cidr_ipv6 : '2001:db00::1/24'
ports:
register : result
- 8196
cidr_ipv6 : '2001:db00::1/24'
- name : assert state=present (expected changed=false and a warning)
register : result
assert:
that:
- name : assert state=present (expected changed=false and a warning)
# No way to assert for warnings?
assert:
- 'not result.changed'
that:
- 'result.group_id.startswith("sg-")'
# No way to assert for warnings?
- 'not result.changed'
- 'result.group_id.startswith("sg-")'
when : default_vpc
# ============================================================
# ============================================================
- name : test state=absent (expected changed=true)
- name : test state=absent (expected changed=true)
@ -520,17 +655,6 @@
- 'result.changed'
- 'result.changed'
- 'not result.group_id'
- 'not result.group_id'
- name : create a VPC
ec2_vpc_net:
name : "{{ resource_prefix }}-vpc"
state : present
cidr_block : "10.232.232.128/26"
<< : *aws_connection_info
tags:
Name : "{{ resource_prefix }}-vpc"
Description : "Created by ansible-test"
register : vpc_result
- name : create security group in the VPC
- name : create security group in the VPC
ec2_group:
ec2_group:
name : '{{ec2_group_name}}'
name : '{{ec2_group_name}}'
@ -771,8 +895,8 @@
- proto : "tcp"
- proto : "tcp"
ports:
ports:
- 8281
- 8281
cidr_ip v6: 1001 : d00:: /24
cidr_ip : 1.1 .1 .1 /24
rule_desc : ipv 6 rule desc 2
rule_desc : ipv 4 rule desc
rules_egress:
rules_egress:
- proto : "tcp"
- proto : "tcp"
ports:
ports:
@ -899,6 +1023,13 @@
<< : *aws_connection_info
<< : *aws_connection_info
ignore_errors : yes
ignore_errors : yes
- name : tidy up security group for IPv6 EC2-Classic tests
ec2_group:
name : '{{ ec2_group_name }}-2'
state : absent
<< : *aws_connection_info
ignore_errors : yes
- name : tidy up default VPC security group
- name : tidy up default VPC security group
ec2_group:
ec2_group:
name : '{{ec2_group_name}}-default-vpc'
name : '{{ec2_group_name}}-default-vpc'