@ -171,6 +171,29 @@
region : "{{ aws_region }}"
no_log : yes
# ============================================================
- name : determine if there is a default VPC
set_fact:
defaultvpc : "{{ lookup('aws_account_attribute',
attribute='default-vpc',
region=aws_region,
aws_access_key=aws_access_key,
aws_secret_key=aws_secret_key,
aws_security_token=security_token) }}"
register : default_vpc
# ============================================================
- name : create a VPC
ec2_vpc_net:
name : "{{ resource_prefix }}-vpc"
state : present
cidr_block : "10.232.232.128/26"
<< : *aws_connection_info
tags:
Name : "{{ resource_prefix }}-vpc"
Description : "Created by ansible-test"
register : vpc_result
# ============================================================
- name : test state=absent
ec2_group:
@ -226,6 +249,10 @@
- 'not result.changed'
- 'result.group_id.startswith("sg-")'
# ============================================================
- name : tests IPv6 with the default VPC
block:
# ============================================================
- name : test state=present for ipv6 (expected changed=true)
ec2_group:
@ -271,6 +298,111 @@
- 'result.changed'
- 'result.group_id.startswith("sg-")'
when : default_vpc
- name : test IPv6 with a specified VPC
block:
# ============================================================
- name : test state=present (expected changed=true)
ec2_group:
name : '{{ ec2_group_name }}-2'
description : '{{ ec2_group_description }}-2'
state : present
vpc_id : '{{ vpc_result.vpc.id }}'
<< : *aws_connection_info
register : result
- name : assert state=present (expected changed=true)
assert:
that:
- 'result.changed'
- 'result.group_id.startswith("sg-")'
# ============================================================
- name : test state=present for ipv6 (expected changed=true)
ec2_group:
name : '{{ ec2_group_name }}-2'
description : '{{ ec2_group_description }}-2'
state : present
vpc_id : '{{ vpc_result.vpc.id }}'
rules:
- proto : "tcp"
from_port : 8182
to_port : 8182
cidr_ipv6 : "64:ff9b::/96"
<< : *aws_connection_info
register : result
- name : assert state=present (expected changed=true)
assert:
that:
- 'result.changed'
- 'result.group_id.startswith("sg-")'
# ============================================================
- name : test state=present for ipv6 (expected changed=true)
ec2_group:
name : '{{ ec2_group_name }}-2'
description : '{{ ec2_group_description }}-2'
state : present
vpc_id : '{{ vpc_result.vpc.id }}'
rules:
- proto : "tcp"
from_port : 8182
to_port : 8182
cidr_ipv6 : "64:ff9b::/96"
<< : *aws_connection_info
register : result
- name : assert nothing changed
assert:
that:
- 'not result.changed'
# ============================================================
- name : test rules_egress state=present for ipv6 (expected changed=true)
ec2_group:
name : '{{ ec2_group_name }}-2'
description : '{{ ec2_group_description }}-2'
state : present
vpc_id : '{{ vpc_result.vpc.id }}'
rules:
- proto : "tcp"
from_port : 8182
to_port : 8182
cidr_ipv6 : "64:ff9b::/96"
rules_egress:
- proto : "tcp"
from_port : 8181
to_port : 8181
cidr_ipv6 : "64:ff9b::/96"
<< : *aws_connection_info
register : result
- name : assert state=present (expected changed=true)
assert:
that:
- 'result.changed'
- 'result.group_id.startswith("sg-")'
# ============================================================
- name : test state=absent (expected changed=true)
ec2_group:
name : '{{ ec2_group_name }}-2'
description : '{{ ec2_group_description }}-2'
state : absent
vpc_id : '{{ vpc_result.vpc.id }}'
<< : *aws_connection_info
register : result
- name : assert group was removed
assert:
that:
- 'result.changed'
# ============================================================
- name : test state=present for ipv4 (expected changed=true)
ec2_group:
@ -344,12 +476,12 @@
- proto : "tcp"
from_port : "8183"
to_port : "8183"
cidr_ip v6: "64:ff9b::/96 "
cidr_ip : "1.1.1.1/32 "
rules_egress:
- proto : "tcp"
from_port : "8184"
to_port : "8184"
cidr_ip v6: "64:ff9b::/96 "
cidr_ip : "1.1.1.1/32 "
register : result
- name : assert state=present (expected changed=true)
@ -374,7 +506,6 @@
- proto : "tcp"
from_port : "8186"
to_port : "8186"
cidr_ipv6 : "64:ff9b::/96"
group_id : "{{result.group_id}}"
register : result
@ -457,6 +588,8 @@
- 'result.group_id.startswith("sg-")'
# ============================================================
- name : test using the default VPC
block:
- name : test adding a rule with a IPv6 CIDR with host bits set (expected changed=true)
ec2_group:
@ -506,6 +639,8 @@
- 'not result.changed'
- 'result.group_id.startswith("sg-")'
when : default_vpc
# ============================================================
- name : test state=absent (expected changed=true)
ec2_group:
@ -520,17 +655,6 @@
- 'result.changed'
- 'not result.group_id'
- name : create a VPC
ec2_vpc_net:
name : "{{ resource_prefix }}-vpc"
state : present
cidr_block : "10.232.232.128/26"
<< : *aws_connection_info
tags:
Name : "{{ resource_prefix }}-vpc"
Description : "Created by ansible-test"
register : vpc_result
- name : create security group in the VPC
ec2_group:
name : '{{ec2_group_name}}'
@ -771,8 +895,8 @@
- proto : "tcp"
ports:
- 8281
cidr_ip v6: 1001 : d00:: /24
rule_desc : ipv 6 rule desc 2
cidr_ip : 1.1 .1 .1 /24
rule_desc : ipv 4 rule desc
rules_egress:
- proto : "tcp"
ports:
@ -899,6 +1023,13 @@
<< : *aws_connection_info
ignore_errors : yes
- name : tidy up security group for IPv6 EC2-Classic tests
ec2_group:
name : '{{ ec2_group_name }}-2'
state : absent
<< : *aws_connection_info
ignore_errors : yes
- name : tidy up default VPC security group
ec2_group:
name : '{{ec2_group_name}}-default-vpc'