Commit Graph

29 Commits (516ed4d7bc5d26a655d453e46f7bacbd5619cecb)

Author SHA1 Message Date
Julien Vey 9edd51928f efs_facts: improve performance by reducing the number of api calls (#36520)
* efs_facts: improve performance by reducing the number of api calls

* Remove efs_facts tests from running in CI
(cherry picked from commit 0f612d1b76)
6 years ago
Will Thames 809c7404ab Add two missing VPC permissions (#37896)
Remove VPC permissions from network-policy.json as they mostly duplicate
compute-policy.json permissions - separating the VPC and compute permissions
would likely lead to further confusion.
7 years ago
Madhura-CSI b85970b2b0 New Module: ec2_vpc_vpn_facts (#35983)
* New module: ec2_vpc_vpn_facts

* Add integration tests for ec2_vpc_vpn_facts and the IAM permissions

* Add retry to VPC removal

* Use unique name for VGW

* Always clean up after tests and add retries
7 years ago
Will Thames 29770a297a Fail with nice error message if elb target_type=ip not supported (#38313)
* Add helpful failure message if target_type=ip is not supported

Create test case for target_type=ip not supported

* Update elb_target_group module to latest standards

Use AnsibleAWSModule
Improve exception handling
Improve connection handling
7 years ago
Will Thames 12f2b9506d [aws]Add VPC configuration to ECS modules (#34381)
Enable awsvpc network mode for ECS services and tasks and
their underlying task definitions

Improve test suite to thoroughly test the changes

Use runme.sh technique to run old and new versions of botocore to
ensure that the modules work with older botocore and older network modes
and fail gracefully if awsvpc network mode is used with older botocore
7 years ago
Ed Costello 0d31d1cd24 [cloud]Add aws_ses_identity_policy module for managing SES sending policies (#36623)
* Add aws_ses_identity_policy module for managing SES sending policies

* Add option to AnsibleAWSModule for applying a retry decorator to all calls.

* Add per-callsite opt in to retry behaviours in AnsibleAWSModule

* Update aws_ses_identity_policy module to opt in to retries at all callsites.

* Add test for aws_ses_identity_policy module with inline policy.

* Remove implicit retrys on boto resources since they're not working yet.
7 years ago
Will Thames a1d3cf488d [cloud][test]Add missing IAM policy for cloudfront (#38248)
Cloudfront needs CreateOriginAccessIdentity

Add profile parameter to setup-iam.yml. Could arguably just use
AWS_PROFILE but given that other tasks are using profile, should
be consistent.
7 years ago
Julien Vey 7c07877b1b s3_bucket: add integration tests (#36941)
Also update testing-policies/storage
7 years ago
Julien Vey 51d491f8f0 route53_zone: move to boto3, and enable comment update (#36641) 7 years ago
Ed Costello 645952c139 Add aws_caller_facts module and use it in setup-iam.yml (#36683)
* Add aws_caller_facts module and use it in setup-iam.yml

This removes the dependency on having the command line AWS tools
installed.
7 years ago
Will Thames b5a1643e3d Add new aws_waf_condition module (#33110) 7 years ago
Ed Costello d16bc1c3f4 New aws_ses_identity module to manage AWS Simple Email Service Identity (#31140)
* Add aws_ses_identity module

* Update CI alias, add BotoCoreError exception handling.

* Add SES and SNS permissions to hacking/aws_config to run aws_ses_identity integration tests
7 years ago
Marek 5fa29201a7 Port sts_assume_role to boto3 (#32569)
* Ported sts_assume_role to boto3

* Added integration tests
7 years ago
Will Thames 4d58d16793 Add aws_s3 action plugin to find source files as expected (#35028)
People expect to be able to upload files to s3 using standard
locations for files.

Providing an action plugin that effectively rewrites the `src`
key to the result of finding such a file is a great help.

Tests added, and IAM permissions corrected
7 years ago
Will Thames 8d733dbdf0 [cloud] New module cloudfront_distribution (#31284)
* added cloudfont.py, modified cloudfront_facts.py class name and fixed a minor bug

* Improvements to cloudfront_distribution

* Reduce the scope of the cloudfront_distribution module
    * Remove presigning
    * Remove streaming distribution functionality
* Add full test suite for cloudfront distribution
* Meet Ansible AWS guidelines

* Make requested changes

Fix tests

Use built-in waiter

Update copyright
7 years ago
Will Thames 866d7fdce9 [cloud] Create ECS integration test suite (#33757)
Tests for:
* ecs_cluster
* ecs_service
* ecs_service_facts
* ecs_taskdefinition
* ecs_taskdefinition_facts

* Add idempotency testing

Test ecs_cluster, ecs_service and ecs_taskdefinition for trivial
idempotency. Add FIXMEs to the tests because the latter two fail.

Remove unused dependencies
7 years ago
Sloane Hertel f5471b3dcb [cloud] ec2_vpc_net integration tests (#33111)
* Add some integration tests for ec2_vpc_net module

* Add a couple tests for check mode

fix typo

ensure the DHCP option set is cleaned up

* Add permissions to test policy
7 years ago
Will Thames 1ca0c0e7f7 Consolidate IAM policies into fewer, larger policies (#33122)
Due to IAM limits allowing at most 10 policies per group,
need to reduce the number of total policies in use.
7 years ago
Will Thames 0b128e2e29 Add tests for ec2_vpc_route_table (#32036)
* Add tests for ec2_vpc_route_table

Initial tests for ec2_vpc_route_table ready for boto3 porting

* Turn AWS connection information into a YAML block
7 years ago
Daniel Shepherd cfbe9c8aee [cloud] Add IPv6 support for ec2_vpc_subnet module(#30444)
* Add integration test suite for ec2_vpc_subnet

* wrap boto3 connection in try/except

update module documentation and add RETURN docs

add IPv6 support to VPC subnet module

rename ipv6cidr to ipv6_cidr, use required_if for parameter testing, update some failure messages to be more descriptive

DryRun mode was removed from this function a while ago but exception handling was still checking for it, removed

add wait and timeout for subnet creation process

fixup the ipv6 cidr disassociation logic a bit per review

update RETURN values per review

added module parameter check

removed DryRun parameter from boto3 call since it would always be false here

fix subnet wait loop

add a purge_tags parameter, fix the ensure_tags function, update to use compare_aws_tags func

fix tags type error per review

remove **kwargs use in create_subnet function per review

* rebased on #31870, fixed merge conflicts, and updated error messages

* fixes to pass tests

* add test for failure on invalid ipv6 block and update tags test for purge_tags=true function

* fix pylint issue

* fix exception handling error when run with python3

* add ipv6 tests and fix module code

* Add permissions to hacking/aws_config/testing_policies/ec2-policy.json for adding IPv6 cidr blocks to VPC and subnets

* fix type in tests and update assert conditional to check entire returned value

* add AWS_SESSION_TOKEN into environment for aws cli commands to work in CI

* remove key and value options from call to boto3_tag_list_to_ansible_dict

* remove wait loop and use boto3 EC2 waiter

* remove unused register: result vars

* revert az argument default value to original setting default=None
7 years ago
Will Thames 46c4f6311a [cloud] Add retries/backoff to ec2_vpc_subnet module (#31870)
* Allow backoff for describe_subnets

Improve exception handling to latest standards

* Add integration test suite for ec2_vpc_subnet

* Add test for creating subnet without AZ

Fix bug identified by test

Fixes #31905
7 years ago
Sloane Hertel 1dd55acbc2 ec2_group: add rule description support - fixes #29040 (#30273)
* ec2_group: add support for rule descriptions.

* Document rule description feature and add an example using it.

* Fix removing rule descriptions.

* Add integration tests to verify adding/modifying/removing rule descriptions works as expected.

* Add permissions to hacking/aws_config/testing_policies/ec2-policy.json for updating ingress and egress rule descriptions.

* ec2_group: add backwards compatibility with older versions of botocore for rule descriptions.

* Add compatibility with older version of botocore for ec2_group integration tests.

* ec2_group: move HAS_RULE_DESCRIPTION to be checked first.

* Make requested change

* Pass around a variable instead of client

* Make sure has_rule_description defaults to None

* Fail if rule_desc is in any ingress/egress rules and the the botocore version < 1.7.2

* Remove unnecessary variable

* Fix indentation for changed=True when updating rule descriptions.

* minor refactor to remove duplicate code

* add missing parameter

* Fix pep8

* Update test policy.
7 years ago
Will Thames 37736ee87e Allow AWS image and snapshot creation/deletion
Provide all necessary permissions for AMI tests
Allow tests to run in us-east-2
Ensure `always` section gets used
Update tests to ensure that cleanup works better, and add
deletion idempotency test
7 years ago
Will Thames 63df0adc17 [cloud] Update RDS parameter group for boto3 (#25345)
* Update RDS parameter group for boto3

* Update to boto3
* Update to latest ansible standards
* Remove choices list for valid engines (See #19221 for context)
* Allow tagging
* Return some useful information, and document that information

* Add tests for rds_param_group

* Improve testing of rds_param_group

* Add purge_tags option for rds_param_group

* Fix remaining broken rds_param_group tests

* Ensure the group name is lowercased. Fixes integration tests when run on OSX
7 years ago
Will Thames f972994662 [cloud] fix VPC behavior for ec2_group module, improve integration tests (#27038)
* Add tests for group in a VPC

* Improve ec2_group output and documentation

Update ec2_group to provide full security group information
Add RETURN documentation to match

* Fix ec2_group creation within a VPC

Ensure VPC ID gets passed when creating security group

* Add test for auto creating SG

* Fix ec2_group auto group creation

* Add backoff to describe_security_groups

Getting LimitExceeded from describe_security_groups is definitely
possible (source: me) so add backoff to increase likelihood of
success.

To ensure that all `describe_security_group` calls are backed off,
remove implicit ones that use `ec2.SecurityGroup`. From there,
the decision to remove the `ec2` boto3 resource and rely on the client
alone makes good sense.

* Tidy up auto created security group

Add resource_prefix to auto created security group and delete
it in the `always` section.
Use YAML argument form for all module parameters
7 years ago
Will Thames f3bc8b84b6 [cloud] Fix setup_iam to use policy_name, not PolicyName (#26880)
Update setup_iam.yml to work with latest iam_managed_policies
module, which correctly snakifies the results
7 years ago
sramakr b980a5c02a Use Boto3 for ec2_group Fixes #23507 (#25340)
* Use Boto3 for ec2_group

Currently boto doesn't support ipv6. To support ipv6 in ec2_group, we need boto3.
boto3 has significant API changes, which caused more re-factoring for ec2_group module.
Added additional integration test to test_ec2_group role.

* Follow the standard for boto3 ansible

Fixed imports. Use boto3 ansible exception with camel_dict_to_snake_dict.
Refactored the call to authorize/revoke  ingress and egress.

* Removed dependancy with module ipaddress

Added new parameter called cidr_ipv6 for specifying
ipv6 addresses inline with how boto3 handles ipv6 addresses.

* Updated integration test

* Added ipv6 integration test for ec2_group

* Set purge_rules to false for integration test

* Fixed import statements

Added example for ipv6.
Removed defining HAS_BOTO3 variable and import HAS_BOTO3 from ec2.
Cleaned up import statements.

* Fixed exception handling

* Add IAM permissions for ec2_group tests

Missing AuthorizeSecurityGroupEgress necessary for latest tests

* Wrapped botocore import in try/except block

Import just botocore to be more similar to other modules
7 years ago
Will Thames 0ed1c3ba9c Split up testing IAM policies and automate creating them (#26223)
* Split up testing IAM policies and automate creating them

Move to managed policies to avoid the 5KB limit on policies
for an IAM entity.

The policy file is templated, so need to make sure that there
is an easy mechanism to populate the templates and push the
new policies.

* Update IAM policies for ec2_scaling_policy tests

* Fix RouteTable policies

DescribeRouteTable should be plural
ModifyRouteTable does not exist, but ReplaceRouteTableAssociation
does.

* Some IAM policies do not allow specified Resources

Various IAM policies do not allow Resources
to be specified and should just use `*`. This differs
per service

* [Autoscaling](http://docs.aws.amazon.com/autoscaling/latest/userguide/control-access-using-iam.html#policy-auto-scaling-resources)
* [EC2](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/ec2-api-permissions.html#ec2-api-unsupported-resource-permissions)
* [ECR](http://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr-supported-iam-actions-resources.html)
* [ELB](http://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/load-balancer-authentication-access-control.html)

* Finish fixing AWS IAM resource specifications for testing

Update Lambda and RDS policies
7 years ago
Michael De La Rue e9e661ebbb aws integration tests - provide an IAM policy for running (#24725)
* aws integration tests - provide an IAM policy that can be used for running them

* move documentation of aws policies into main integration testing documentation + some updates there

* Update testing_integration.rst

Edits
8 years ago