archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[cloud] Improve ipv6 and EC2 classic support in ec2_group integration tests (#32976)

Browse Source 
* ec2_group: fix ipv6 tests to use an explicit VPC

* otherwise would fail on old AWS accounts supporting EC2-classic

* ec2_group: fix tests to use an explicit VPC

* Only run some tests if there is a default vpc associated with the account
pull/35559/head
Kim Blomqvist 7 years ago committed by Ryan Brown
parent 19ac188e86
commit 63639abb01
1 changed files with 238 additions and 107 deletions
Show Stats Download Patch File Download Diff File

345
test/integration/targets/ec2_group/tasks/main.yml
Unescape Escape View File

@ -171,6 +171,29 @@
region: "{{ aws_region }}" region: "{{ aws_region }}"
no_log: yes no_log: yes
# ============================================================
- name: determine if there is a default VPC
set_fact:
defaultvpc: "{{ lookup('aws_account_attribute',
attribute='default-vpc',
region=aws_region,
aws_access_key=aws_access_key,
aws_secret_key=aws_secret_key,
aws_security_token=security_token) }}"
register: default_vpc
# ============================================================
- name: create a VPC
ec2_vpc_net:
name: "{{ resource_prefix }}-vpc"
state: present
cidr_block: "10.232.232.128/26"
<<: *aws_connection_info
tags:
Name: "{{ resource_prefix }}-vpc"
Description: "Created by ansible-test"
register: vpc_result
# ============================================================ # ============================================================
- name: test state=absent - name: test state=absent
ec2_group: ec2_group:
@ -227,49 +250,158 @@
- 'result.group_id.startswith("sg-")' - 'result.group_id.startswith("sg-")'
# ============================================================ # ============================================================
- name: test state=present for ipv6 (expected changed=true) - name: tests IPv6 with the default VPC
ec2_group: block:
name: '{{ec2_group_name}}'
description: '{{ec2_group_description}}' # ============================================================
<<: *aws_connection_info - name: test state=present for ipv6 (expected changed=true)
state: present ec2_group:
rules: name: '{{ec2_group_name}}'
- proto: "tcp" description: '{{ec2_group_description}}'
from_port: 8182 <<: *aws_connection_info
to_port: 8182 state: present
cidr_ipv6: "64:ff9b::/96" rules:
register: result - proto: "tcp"
from_port: 8182
- name: assert state=present (expected changed=true) to_port: 8182
assert: cidr_ipv6: "64:ff9b::/96"
that: register: result
- 'result.changed'
- 'result.group_id.startswith("sg-")' - name: assert state=present (expected changed=true)
assert:
# ============================================================ that:
- name: test rules_egress state=present for ipv6 (expected changed=true) - 'result.changed'
ec2_group: - 'result.group_id.startswith("sg-")'
name: '{{ec2_group_name}}'
description: '{{ec2_group_description}}' # ============================================================
<<: *aws_connection_info - name: test rules_egress state=present for ipv6 (expected changed=true)
state: present ec2_group:
rules: name: '{{ec2_group_name}}'
- proto: "tcp" description: '{{ec2_group_description}}'
from_port: 8182 <<: *aws_connection_info
to_port: 8182 state: present
cidr_ipv6: "64:ff9b::/96" rules:
rules_egress: - proto: "tcp"
- proto: "tcp" from_port: 8182
from_port: 8181 to_port: 8182
to_port: 8181 cidr_ipv6: "64:ff9b::/96"
cidr_ipv6: "64:ff9b::/96" rules_egress:
register: result - proto: "tcp"
from_port: 8181
- name: assert state=present (expected changed=true) to_port: 8181
assert: cidr_ipv6: "64:ff9b::/96"
that: register: result
- 'result.changed'
- 'result.group_id.startswith("sg-")' - name: assert state=present (expected changed=true)
assert:
that:
- 'result.changed'
- 'result.group_id.startswith("sg-")'
when: default_vpc
- name: test IPv6 with a specified VPC
block:
# ============================================================
- name: test state=present (expected changed=true)
ec2_group:
name: '{{ ec2_group_name }}-2'
description: '{{ ec2_group_description }}-2'
state: present
vpc_id: '{{ vpc_result.vpc.id }}'
<<: *aws_connection_info
register: result
- name: assert state=present (expected changed=true)
assert:
that:
- 'result.changed'
- 'result.group_id.startswith("sg-")'
# ============================================================
- name: test state=present for ipv6 (expected changed=true)
ec2_group:
name: '{{ ec2_group_name }}-2'
description: '{{ ec2_group_description }}-2'
state: present
vpc_id: '{{ vpc_result.vpc.id }}'
rules:
- proto: "tcp"
from_port: 8182
to_port: 8182
cidr_ipv6: "64:ff9b::/96"
<<: *aws_connection_info
register: result
- name: assert state=present (expected changed=true)
assert:
that:
- 'result.changed'
- 'result.group_id.startswith("sg-")'
# ============================================================
- name: test state=present for ipv6 (expected changed=true)
ec2_group:
name: '{{ ec2_group_name }}-2'
description: '{{ ec2_group_description }}-2'
state: present
vpc_id: '{{ vpc_result.vpc.id }}'
rules:
- proto: "tcp"
from_port: 8182
to_port: 8182
cidr_ipv6: "64:ff9b::/96"
<<: *aws_connection_info
register: result
- name: assert nothing changed
assert:
that:
- 'not result.changed'
# ============================================================
- name: test rules_egress state=present for ipv6 (expected changed=true)
ec2_group:
name: '{{ ec2_group_name }}-2'
description: '{{ ec2_group_description }}-2'
state: present
vpc_id: '{{ vpc_result.vpc.id }}'
rules:
- proto: "tcp"
from_port: 8182
to_port: 8182
cidr_ipv6: "64:ff9b::/96"
rules_egress:
- proto: "tcp"
from_port: 8181
to_port: 8181
cidr_ipv6: "64:ff9b::/96"
<<: *aws_connection_info
register: result
- name: assert state=present (expected changed=true)
assert:
that:
- 'result.changed'
- 'result.group_id.startswith("sg-")'
# ============================================================
- name: test state=absent (expected changed=true)
ec2_group:
name: '{{ ec2_group_name }}-2'
description: '{{ ec2_group_description }}-2'
state: absent
vpc_id: '{{ vpc_result.vpc.id }}'
<<: *aws_connection_info
register: result
- name: assert group was removed
assert:
that:
- 'result.changed'
# ============================================================ # ============================================================
- name: test state=present for ipv4 (expected changed=true) - name: test state=present for ipv4 (expected changed=true)
@ -344,12 +476,12 @@
- proto: "tcp" - proto: "tcp"
from_port: "8183" from_port: "8183"
to_port: "8183" to_port: "8183"
cidr_ipv6: "64:ff9b::/96" cidr_ip: "1.1.1.1/32"
rules_egress: rules_egress:
- proto: "tcp" - proto: "tcp"
from_port: "8184" from_port: "8184"
to_port: "8184" to_port: "8184"
cidr_ipv6: "64:ff9b::/96" cidr_ip: "1.1.1.1/32"
register: result register: result
- name: assert state=present (expected changed=true) - name: assert state=present (expected changed=true)
@ -374,7 +506,6 @@
- proto: "tcp" - proto: "tcp"
from_port: "8186" from_port: "8186"
to_port: "8186" to_port: "8186"
cidr_ipv6: "64:ff9b::/96"
group_id: "{{result.group_id}}" group_id: "{{result.group_id}}"
register: result register: result
@ -457,54 +588,58 @@
- 'result.group_id.startswith("sg-")' - 'result.group_id.startswith("sg-")'
# ============================================================ # ============================================================
- name: test using the default VPC
- name: test adding a rule with a IPv6 CIDR with host bits set (expected changed=true) block:
ec2_group:
name: '{{ec2_group_name}}' - name: test adding a rule with a IPv6 CIDR with host bits set (expected changed=true)
description: '{{ec2_group_description}}' ec2_group:
ec2_region: '{{ec2_region}}' name: '{{ec2_group_name}}'
ec2_access_key: '{{ec2_access_key}}' description: '{{ec2_group_description}}'
ec2_secret_key: '{{ec2_secret_key}}' ec2_region: '{{ec2_region}}'
security_token: '{{security_token}}' ec2_access_key: '{{ec2_access_key}}'
state: present ec2_secret_key: '{{ec2_secret_key}}'
# set purge_rules to false so we don't get a false positive from previously added rules security_token: '{{security_token}}'
purge_rules: false state: present
rules: # set purge_rules to false so we don't get a false positive from previously added rules
- proto: "tcp" purge_rules: false
ports: rules:
- 8196 - proto: "tcp"
cidr_ipv6: '2001:db00::1/24' ports:
register: result - 8196
cidr_ipv6: '2001:db00::1/24'
- name: assert state=present (expected changed=true) register: result
assert:
that: - name: assert state=present (expected changed=true)
- 'result.changed' assert:
- 'result.group_id.startswith("sg-")' that:
- 'result.changed'
# ============================================================ - 'result.group_id.startswith("sg-")'
- name: test adding a rule again with a IPv6 CIDR with host bits set (expected changed=false and a warning) # ============================================================
ec2_group:
name: '{{ec2_group_name}}' - name: test adding a rule again with a IPv6 CIDR with host bits set (expected changed=false and a warning)
description: '{{ec2_group_description}}' ec2_group:
<<: *aws_connection_info name: '{{ec2_group_name}}'
state: present description: '{{ec2_group_description}}'
# set purge_rules to false so we don't get a false positive from previously added rules <<: *aws_connection_info
purge_rules: false state: present
rules: # set purge_rules to false so we don't get a false positive from previously added rules
- proto: "tcp" purge_rules: false
ports: rules:
- 8196 - proto: "tcp"
cidr_ipv6: '2001:db00::1/24' ports:
register: result - 8196
cidr_ipv6: '2001:db00::1/24'
- name: assert state=present (expected changed=false and a warning) register: result
assert:
that: - name: assert state=present (expected changed=false and a warning)
# No way to assert for warnings? assert:
- 'not result.changed' that:
- 'result.group_id.startswith("sg-")' # No way to assert for warnings?
- 'not result.changed'
- 'result.group_id.startswith("sg-")'
when: default_vpc
# ============================================================ # ============================================================
- name: test state=absent (expected changed=true) - name: test state=absent (expected changed=true)
@ -520,17 +655,6 @@
- 'result.changed' - 'result.changed'
- 'not result.group_id' - 'not result.group_id'
- name: create a VPC
ec2_vpc_net:
name: "{{ resource_prefix }}-vpc"
state: present
cidr_block: "10.232.232.128/26"
<<: *aws_connection_info
tags:
Name: "{{ resource_prefix }}-vpc"
Description: "Created by ansible-test"
register: vpc_result
- name: create security group in the VPC - name: create security group in the VPC
ec2_group: ec2_group:
name: '{{ec2_group_name}}' name: '{{ec2_group_name}}'
@ -771,8 +895,8 @@
- proto: "tcp" - proto: "tcp"
ports: ports:
- 8281 - 8281
cidr_ipv6: 1001:d00::/24 cidr_ip: 1.1.1.1/24
rule_desc: ipv6 rule desc 2 rule_desc: ipv4 rule desc
rules_egress: rules_egress:
- proto: "tcp" - proto: "tcp"
ports: ports:
@ -899,6 +1023,13 @@
<<: *aws_connection_info <<: *aws_connection_info
ignore_errors: yes ignore_errors: yes
- name: tidy up security group for IPv6 EC2-Classic tests
ec2_group:
name: '{{ ec2_group_name }}-2'
state: absent
<<: *aws_connection_info
ignore_errors: yes
- name: tidy up default VPC security group - name: tidy up default VPC security group
ec2_group: ec2_group:
name: '{{ec2_group_name}}-default-vpc' name: '{{ec2_group_name}}-default-vpc'

Write Preview
Loading…
Cancel
Save