* reworked sqs_queue
* Switch default purge_tags behaviour to false.
This matches the behaviour of ec2_tag and ecs_tag.
* Minor lint / review fixups
* Add missing AWS IAM policy for SQS tests
* Move integration tests to using module_defaults: group/aws:...
* add changelog
* Break out the 'compatability' map from our spec definition (gets flagged by the schema validation)
* Tweaks based on review
* add basic examples
* Lint fixups
* Switch out NonExistentQueue logic so it's easier to follow
* Reorder name argument options for consistency
Co-authored-by: Dennis Podkovyrin <dennis.podkovyrin@gmail.com>
* Update AWS policy to enable management of TargetGroups
* elb_target: (integration tests) migrate to using module_defaults
* elb_target: (integration tests) lookup the AMI by name rather than hard coding AMI IDs
* elb_target_info: (integration tests) finish rename of integration test role
* elb_target: (integration tests) rename various resources to consistently use {{ resource_prefix }}
* elb_target_info: (integration tests) Migrate to using module_defaults
* elb_target_info: (integration tests) Lookup AMI by name rather than hard coding AMI IDs
* Apply suggestions from code review
Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com>
* elb_target: (integration tests) Remove the 'unsupported' alias
* Try bumping up the timeout
* Rules don't permit 'shippable' (resource_prefix uses this when run in shippable)
* Try bumping up more timeouts :/
* Avoid double evaluation of target_health assertion
* Simplify target_type usage a little (rather than constantly performing a lookup)
* mark elb_target tests 'unstable' for now, they're slow
Co-authored-by: Jill R <4121322+jillr@users.noreply.github.com>
* add module aws_step_functions_state_machine_execution
* AWS step functions tests - Use module defaults
* Return all attributes from aws api calls as ansible task output
* aws_sfn - make start and stop execution idempotent and fix check mode
* aws sfn - use build_full_result method of the paginator
* aws sfn - remove changes made to help with local debugging
* lightsail - Use AnsibleAWSModule
- Use AnsibleAWSModule
- Refactor the logic for wait into a separate function (Fixes#63869)
- Handle exceptions in find_instance_info and add a fail_if_not_found parameter
- Add a new state `rebooted` as an alias for `restarted`. AWS calls the action Reboot.
- Add required_if clause for when state is present
* lightsail - Use the default keypair if one is not provided
* lightsail - add a required_if for when state=present
* Update short description for lightsail module
* Add integration tests for aws lightsail
* lightsail - use module_defaults instead of aws_connection_info
* lightsail tests - assert instance state on create
* Fix yaml syntax error
Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com>
* [lightsail] create keypair as part of the testsuite
* Fix lightsail actions in compute-policy
* Add ability to delete keypair in lightsail_keypair
* Move EC2 networking objects into network-policy.json
* ec2_vpc_nacl: Add integration tests
* ec2_vpc_nacl: Migrate tests to use module_defaults
* ec2_vpc_nacl: (integration tests) Add missing AWS permissions
* ec2_vpc_nacl: (integration tests) Update tests for ipv6 support
* ec2_vpc_nacl: Migrate to AnsibleAWSModule
* Fix sanity tests for ec2_vpc_nacl and ec2_vpc_nacl_info
* ec2_vpc_nacl_info: Migrate to AnsibleAWSModule
* ec2_vpc_nacl_info: (integration tests) Rename from ec2_vpc_nacl_facts to ec2_vpc_nacl_info and add a test using a filter (by tag)
* Pick availability zones dynamically
Rather than assuming that AZa and AZb always exist (they don't), query to find out which AZs we have available first
* Test that the NACLs we get back are actually the *saml* NACL rather than duplicates/delete remove
* Cleanup IPv6 tests a little.
Note: IPv6 support for ec2_vpc_nacl not complete yet.
This provides the initial framework, and should ensure things don't start exploding when support is added.
* Removing subnets by name from a NACL *is* now supported
* Fix ec2_vpc_nacl return documentation
* add new module: aws_stepfunctions_state_machine
* add integration tests for new module: aws_stepfunctions_state_machine
* fix sanity checks
* use files/ folder instead for integration test
* rename role name in integration test
* attempt further permissions
* iam states prefix
* iam integration test prefix
* add iam policy for running step functions state machine actions
* slightly increase iam permission scope
* rename integration test folder to proper name
* move main() method to end of file
* move contents of integration-policy.json for state machines to compute-policy.json
* make check_mode return proper changed value + add check_mode integration tests
* rename module to aws_step_functions_state_machine
* fix missed rename in integration test variable
* add purge_tags option
* bump to version 2.10
* Update AWS hacking policy to enable ASG Tagging management
* aws_asg: Add tests for ASG Tagging (including idempotency)
* aws_asg: ignore sort order when comparing tags on the ASG (fix idempotency)
* ec2_asg: (integration tests) test for idempotency when managing metrics collection
* ec2_asg: sort list of enabled metrics to ensure clean comparisons.
* ec2_launch_template: (integration tests) make sure security_token is optional
* ec2_launch_template: (integration tests) add dependencies at the top level so they're pulled into the docker containers
* Update Hacking Compute Policies for Launch Templates
* added logic to handle multiple actions in an ALB listener rule (#41861)
* fix linting and pep8 issues
* added test for multiple actions using OIDC authentication
* added error messages related to old versions of botocore and multiple actions
* fix action validation error checks (need to check the exception string)
* added logic to make oidc configs idempotent (remove clientsecret for check)
* modified TargetGroupName to TargetGroupArn substitution to account for multiple rule actions
* refactored tests so that it can be run against different versions of botocore
* fix runme.sh to refelct changes to cloud testsuite
* add UseExistingClientSecret to oidc config (AWS api change)
* remove tests for OIDC auth action; add tests for redirect and fixed-response
* add in fixes from markuman and mjmayer
* remove documentation for cognito integration (not sure how to test); added example config for fixed-response and redirect actions
* renamed oidc/multiple action tests; leaving commented due to some AWS API changes
* pep8 fix
* more pep8 fixes
* Restructure elb_application_lb test suite
Move from runme.sh to virtualenv based roles
Update policies to fix tests
Don't log temp dir deletion, so many files in the diff!
* Update testing policies to ensure all required permissions are present
* Tidy up security policies to reduce duplicate permissions
* Make roles static so that they can be present before CI is run,
meaning that role creation permission is not required by the CI
itself, only by someone setting up the roles prior to testing
* Move contents to cloudfront policy to network policy to ensure policy
count (maximum of 10) stays low
* Maintain compute policy below 6144 bytes
Not waiting outputs results in a format that will never
be matched by the tests
Ensure instances get tidied up
Allow ec2:ReportInstanceStatus
ec2_instance: Improve test cleanup on failing tests
Improve describe/modify attribute error handling
Address feedback on PR
* Do not return 'instances' when wait is false
* Added integration tests for wait: false
* Added changelog fragment
* Fix test suite to work with ec2_instance
* Additional permissions
* Enforce boto3 version
* Fix broken tests
* Improve error messages
* fix linter issues
* Add module ses_rule_set for Amazon SES
* Update behaviours and naming to be consistent with other aws_ses_ modules.
* Add global lock around tests using active rule sets to prevent intermittent test failures.
* Fix deletion of rule sets so that we don't inactivate the active rule set
when force deleting an inactive rule set.
* aws_eks: New module for managing AWS EKS
aws_eks module is used for creating and removing EKS clusters.
Includes full test suite and updates to IAM policies to enable it.
* Clean up all security groups
* appease shippable
* Rename aws_eks module to aws_eks_cluster
The compute policy was exceeding maximum size and contained
policies that already exist in ecs-policy.
Look up suitable AMIs rather than hardcode
We don't want to maintain multiple image IDs for multiple regions
so use ec2_ami_facts to set a suitable image ID
Improve exception handling
Remove VPC permissions from network-policy.json as they mostly duplicate
compute-policy.json permissions - separating the VPC and compute permissions
would likely lead to further confusion.
* New module: ec2_vpc_vpn_facts
* Add integration tests for ec2_vpc_vpn_facts and the IAM permissions
* Add retry to VPC removal
* Use unique name for VGW
* Always clean up after tests and add retries
* Add helpful failure message if target_type=ip is not supported
Create test case for target_type=ip not supported
* Update elb_target_group module to latest standards
Use AnsibleAWSModule
Improve exception handling
Improve connection handling
* Add aws_ses_identity_policy module for managing SES sending policies
* Add option to AnsibleAWSModule for applying a retry decorator to all calls.
* Add per-callsite opt in to retry behaviours in AnsibleAWSModule
* Update aws_ses_identity_policy module to opt in to retries at all callsites.
* Add test for aws_ses_identity_policy module with inline policy.
* Remove implicit retrys on boto resources since they're not working yet.
* Add aws_ses_identity module
* Update CI alias, add BotoCoreError exception handling.
* Add SES and SNS permissions to hacking/aws_config to run aws_ses_identity integration tests
Tests for:
* ecs_cluster
* ecs_service
* ecs_service_facts
* ecs_taskdefinition
* ecs_taskdefinition_facts
* Add idempotency testing
Test ecs_cluster, ecs_service and ecs_taskdefinition for trivial
idempotency. Add FIXMEs to the tests because the latter two fail.
Remove unused dependencies
* Add some integration tests for ec2_vpc_net module
* Add a couple tests for check mode
fix typo
ensure the DHCP option set is cleaned up
* Add permissions to test policy
Mark Chappell