--- - module_defaults: group/aws: aws_access_key: "{{ aws_access_key }}" aws_secret_key: "{{ aws_secret_key }}" security_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" block: - name: list available AZs aws_az_info: register: region_azs - name: pick an AZ for testing set_fact: subnet_az: "{{ region_azs.availability_zones[0].zone_name }}" # ============================================================ - name: create a VPC ec2_vpc_net: name: "{{ resource_prefix }}-vpc" state: present cidr_block: "10.232.232.128/26" tags: Name: "{{ resource_prefix }}-vpc" Description: "Created by ansible-test" register: vpc_result # ============================================================ - name: create subnet (expected changed=true) (CHECK MODE) ec2_vpc_subnet: cidr: "10.232.232.128/28" az: "{{ subnet_az }}" vpc_id: "{{ vpc_result.vpc.id }}" tags: Name: '{{ec2_vpc_subnet_name}}' Description: '{{ec2_vpc_subnet_description}}' state: present check_mode: true register: vpc_subnet_create - name: assert creation would happen assert: that: - vpc_subnet_create is changed - name: create subnet (expected changed=true) ec2_vpc_subnet: cidr: "10.232.232.128/28" az: "{{ subnet_az }}" vpc_id: "{{ vpc_result.vpc.id }}" tags: Name: '{{ec2_vpc_subnet_name}}' Description: '{{ec2_vpc_subnet_description}}' state: present register: vpc_subnet_create - name: assert creation happened (expected changed=true) assert: that: - 'vpc_subnet_create' - 'vpc_subnet_create.subnet.id.startswith("subnet-")' - '"Name" in vpc_subnet_create.subnet.tags and vpc_subnet_create.subnet.tags["Name"] == ec2_vpc_subnet_name' - '"Description" in vpc_subnet_create.subnet.tags and vpc_subnet_create.subnet.tags["Description"] == ec2_vpc_subnet_description' # ============================================================ - name: recreate subnet (expected changed=false) (CHECK MODE) ec2_vpc_subnet: cidr: "10.232.232.128/28" az: "{{ subnet_az }}" vpc_id: "{{ vpc_result.vpc.id }}" tags: Name: '{{ec2_vpc_subnet_name}}' Description: '{{ec2_vpc_subnet_description}}' state: present check_mode: true register: vpc_subnet_recreate - name: assert recreation changed nothing (expected changed=false) assert: that: - vpc_subnet_recreate is not changed - name: recreate subnet (expected changed=false) ec2_vpc_subnet: cidr: "10.232.232.128/28" az: "{{ subnet_az }}" vpc_id: "{{ vpc_result.vpc.id }}" tags: Name: '{{ec2_vpc_subnet_name}}' Description: '{{ec2_vpc_subnet_description}}' state: present register: vpc_subnet_recreate - name: assert recreation changed nothing (expected changed=false) assert: that: - vpc_subnet_recreate is not changed - 'vpc_subnet_recreate.subnet == vpc_subnet_create.subnet' # ============================================================ - name: update subnet so instances launched in it are assigned an IP (CHECK MODE) ec2_vpc_subnet: cidr: "10.232.232.128/28" az: "{{ subnet_az }}" vpc_id: "{{ vpc_result.vpc.id }}" tags: Name: '{{ec2_vpc_subnet_name}}' Description: '{{ec2_vpc_subnet_description}}' state: present map_public: true check_mode: true register: vpc_subnet_modify - name: assert subnet changed assert: that: - vpc_subnet_modify is changed - name: update subnet so instances launched in it are assigned an IP ec2_vpc_subnet: cidr: "10.232.232.128/28" az: "{{ subnet_az }}" vpc_id: "{{ vpc_result.vpc.id }}" tags: Name: '{{ec2_vpc_subnet_name}}' Description: '{{ec2_vpc_subnet_description}}' state: present map_public: true register: vpc_subnet_modify - name: assert subnet changed assert: that: - vpc_subnet_modify is changed - vpc_subnet_modify.subnet.map_public_ip_on_launch # ============================================================ - name: add invalid ipv6 block to subnet (expected failed) ec2_vpc_subnet: cidr: "10.232.232.128/28" az: "{{ subnet_az }}" vpc_id: "{{ vpc_result.vpc.id }}" ipv6_cidr: 2001:db8::/64 tags: Name: '{{ec2_vpc_subnet_name}}' Description: '{{ec2_vpc_subnet_description}}' state: present register: vpc_subnet_ipv6_failed ignore_errors: yes - name: assert failure happened (expected failed) assert: that: - vpc_subnet_ipv6_failed is failed - "'Couldn\\'t associate ipv6 cidr' in vpc_subnet_ipv6_failed.msg" # ============================================================ - name: add a tag (expected changed=true) (CHECK MODE) ec2_vpc_subnet: cidr: "10.232.232.128/28" az: "{{ subnet_az }}" vpc_id: "{{ vpc_result.vpc.id }}" tags: Name: '{{ec2_vpc_subnet_name}}' Description: '{{ec2_vpc_subnet_description}}' AnotherTag: SomeValue state: present check_mode: true register: vpc_subnet_add_a_tag - name: assert tag addition happened (expected changed=true) assert: that: - vpc_subnet_add_a_tag is changed - name: add a tag (expected changed=true) ec2_vpc_subnet: cidr: "10.232.232.128/28" az: "{{ subnet_az }}" vpc_id: "{{ vpc_result.vpc.id }}" tags: Name: '{{ec2_vpc_subnet_name}}' Description: '{{ec2_vpc_subnet_description}}' AnotherTag: SomeValue state: present register: vpc_subnet_add_a_tag - name: assert tag addition happened (expected changed=true) assert: that: - vpc_subnet_add_a_tag is changed - '"Name" in vpc_subnet_add_a_tag.subnet.tags and vpc_subnet_add_a_tag.subnet.tags["Name"] == ec2_vpc_subnet_name' - '"Description" in vpc_subnet_add_a_tag.subnet.tags and vpc_subnet_add_a_tag.subnet.tags["Description"] == ec2_vpc_subnet_description' - '"AnotherTag" in vpc_subnet_add_a_tag.subnet.tags and vpc_subnet_add_a_tag.subnet.tags["AnotherTag"] == "SomeValue"' # ============================================================ - name: remove tags with default purge_tags=true (expected changed=true) (CHECK MODE) ec2_vpc_subnet: cidr: "10.232.232.128/28" az: "{{ subnet_az }}" vpc_id: "{{ vpc_result.vpc.id }}" tags: AnotherTag: SomeValue state: present check_mode: true register: vpc_subnet_remove_tags - name: assert tag removal happened (expected changed=true) assert: that: - vpc_subnet_remove_tags is changed - name: remove tags with default purge_tags=true (expected changed=true) ec2_vpc_subnet: cidr: "10.232.232.128/28" az: "{{ subnet_az }}" vpc_id: "{{ vpc_result.vpc.id }}" tags: AnotherTag: SomeValue state: present register: vpc_subnet_remove_tags - name: assert tag removal happened (expected changed=true) assert: that: - vpc_subnet_remove_tags is changed - '"Name" not in vpc_subnet_remove_tags.subnet.tags' - '"Description" not in vpc_subnet_remove_tags.subnet.tags' - '"AnotherTag" in vpc_subnet_remove_tags.subnet.tags and vpc_subnet_remove_tags.subnet.tags["AnotherTag"] == "SomeValue"' # ============================================================ - name: change tags with purge_tags=false (expected changed=true) (CHECK MODE) ec2_vpc_subnet: cidr: "10.232.232.128/28" az: "{{ subnet_az }}" vpc_id: "{{ vpc_result.vpc.id }}" tags: Name: '{{ec2_vpc_subnet_name}}' Description: '{{ec2_vpc_subnet_description}}' state: present purge_tags: false check_mode: true register: vpc_subnet_change_tags - name: assert tag addition happened (expected changed=true) assert: that: - vpc_subnet_change_tags is changed - name: change tags with purge_tags=false (expected changed=true) ec2_vpc_subnet: cidr: "10.232.232.128/28" az: "{{ subnet_az }}" vpc_id: "{{ vpc_result.vpc.id }}" tags: Name: '{{ec2_vpc_subnet_name}}' Description: '{{ec2_vpc_subnet_description}}' state: present purge_tags: false register: vpc_subnet_change_tags - name: assert tag addition happened (expected changed=true) assert: that: - vpc_subnet_change_tags is changed - '"Name" in vpc_subnet_change_tags.subnet.tags and vpc_subnet_change_tags.subnet.tags["Name"] == ec2_vpc_subnet_name' - '"Description" in vpc_subnet_change_tags.subnet.tags and vpc_subnet_change_tags.subnet.tags["Description"] == ec2_vpc_subnet_description' - '"AnotherTag" in vpc_subnet_change_tags.subnet.tags and vpc_subnet_change_tags.subnet.tags["AnotherTag"] == "SomeValue"' # ============================================================ - name: test state=absent (expected changed=true) (CHECK MODE) ec2_vpc_subnet: cidr: "10.232.232.128/28" vpc_id: "{{ vpc_result.vpc.id }}" state: absent check_mode: true register: result - name: assert state=absent (expected changed=true) assert: that: - result is changed - name: test state=absent (expected changed=true) ec2_vpc_subnet: cidr: "10.232.232.128/28" vpc_id: "{{ vpc_result.vpc.id }}" state: absent register: result - name: assert state=absent (expected changed=true) assert: that: - result is changed # ============================================================ - name: test state=absent (expected changed=false) (CHECK MODE) ec2_vpc_subnet: cidr: "10.232.232.128/28" vpc_id: "{{ vpc_result.vpc.id }}" state: absent check_mode: true register: result - name: assert state=absent (expected changed=false) assert: that: - result is not changed - name: test state=absent (expected changed=false) ec2_vpc_subnet: cidr: "10.232.232.128/28" vpc_id: "{{ vpc_result.vpc.id }}" state: absent register: result - name: assert state=absent (expected changed=false) assert: that: - result is not changed # ============================================================ - name: create subnet without AZ (CHECK MODE) ec2_vpc_subnet: cidr: "10.232.232.128/28" vpc_id: "{{ vpc_result.vpc.id }}" state: present check_mode: true register: subnet_without_az - name: check that subnet without AZ works fine assert: that: - subnet_without_az is changed - name: create subnet without AZ ec2_vpc_subnet: cidr: "10.232.232.128/28" vpc_id: "{{ vpc_result.vpc.id }}" state: present register: subnet_without_az - name: check that subnet without AZ works fine assert: that: - subnet_without_az is changed # ============================================================ - name: remove subnet without AZ (CHECK MODE) ec2_vpc_subnet: cidr: "10.232.232.128/28" vpc_id: "{{ vpc_result.vpc.id }}" state: absent check_mode: true register: result - name: assert state=absent (expected changed=true) assert: that: - result is changed - name: remove subnet without AZ ec2_vpc_subnet: cidr: "10.232.232.128/28" vpc_id: "{{ vpc_result.vpc.id }}" state: absent register: result - name: assert state=absent (expected changed=true) assert: that: - result is changed # ============================================================ # FIXME - Replace by creating IPv6 enabled VPC once ec2_vpc_net module supports it. # See Also https://github.com/ansible/ansible/pull/60983 - name: set_fact: aws_connection_env: AWS_ACCESS_KEY_ID: "{{ aws_access_key }}" AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}" AWS_SESSION_TOKEN: "{{ security_token | default(omit) }}" AWS_DEFAULT_REGION: "{{ aws_region }}" no_log: yes - name: install aws cli - FIXME temporary this should go for a lighterweight solution command: pip install awscli - name: Assign an Amazon provided IPv6 CIDR block to the VPC command: aws ec2 associate-vpc-cidr-block --amazon-provided-ipv6-cidr-block --vpc-id '{{ vpc_result.vpc.id }}' environment: '{{ aws_connection_env }}' - name: wait for the IPv6 CIDR to be assigned command: sleep 5 - name: Get the assigned IPv6 CIDR command: aws ec2 describe-vpcs --vpc-ids '{{ vpc_result.vpc.id }}' environment: '{{ aws_connection_env }}' register: vpc_ipv6 - set_fact: vpc_ipv6_cidr: "{{ vpc_ipv6.stdout | from_json | json_query('Vpcs[0].Ipv6CidrBlockAssociationSet[0].Ipv6CidrBlock') }}" # ============================================================ - name: create subnet with IPv6 (expected changed=true) (CHECK MODE) ec2_vpc_subnet: cidr: "10.232.232.128/28" vpc_id: "{{ vpc_result.vpc.id }}" ipv6_cidr: "{{ vpc_ipv6_cidr | regex_replace('::/56', '::/64') }}" assign_instances_ipv6: true state: present tags: Name: '{{ec2_vpc_subnet_name}}' Description: '{{ec2_vpc_subnet_description}}' check_mode: true register: vpc_subnet_ipv6_create - name: assert creation with IPv6 happened (expected changed=true) assert: that: - vpc_subnet_ipv6_create is changed - name: create subnet with IPv6 (expected changed=true) ec2_vpc_subnet: cidr: "10.232.232.128/28" vpc_id: "{{ vpc_result.vpc.id }}" ipv6_cidr: "{{ vpc_ipv6_cidr | regex_replace('::/56', '::/64') }}" assign_instances_ipv6: true state: present tags: Name: '{{ec2_vpc_subnet_name}}' Description: '{{ec2_vpc_subnet_description}}' register: vpc_subnet_ipv6_create - name: assert creation with IPv6 happened (expected changed=true) assert: that: - vpc_subnet_ipv6_create is changed - 'vpc_subnet_ipv6_create.subnet.id.startswith("subnet-")' - "vpc_subnet_ipv6_create.subnet.ipv6_cidr_block == '{{ vpc_ipv6_cidr | regex_replace('::/56', '::/64') }}'" - '"Name" in vpc_subnet_ipv6_create.subnet.tags and vpc_subnet_ipv6_create.subnet.tags["Name"] == ec2_vpc_subnet_name' - '"Description" in vpc_subnet_ipv6_create.subnet.tags and vpc_subnet_ipv6_create.subnet.tags["Description"] == ec2_vpc_subnet_description' - 'vpc_subnet_ipv6_create.subnet.assign_ipv6_address_on_creation' # ============================================================ - name: recreate subnet (expected changed=false) (CHECK MODE) ec2_vpc_subnet: cidr: "10.232.232.128/28" vpc_id: "{{ vpc_result.vpc.id }}" ipv6_cidr: "{{ vpc_ipv6_cidr | regex_replace('::/56', '::/64') }}" assign_instances_ipv6: true state: present tags: Name: '{{ec2_vpc_subnet_name}}' Description: '{{ec2_vpc_subnet_description}}' check_mode: true register: vpc_subnet_ipv6_recreate - name: assert recreation changed nothing (expected changed=false) assert: that: - vpc_subnet_ipv6_recreate is not changed - name: recreate subnet (expected changed=false) ec2_vpc_subnet: cidr: "10.232.232.128/28" vpc_id: "{{ vpc_result.vpc.id }}" ipv6_cidr: "{{ vpc_ipv6_cidr | regex_replace('::/56', '::/64') }}" assign_instances_ipv6: true state: present tags: Name: '{{ec2_vpc_subnet_name}}' Description: '{{ec2_vpc_subnet_description}}' register: vpc_subnet_ipv6_recreate - name: assert recreation changed nothing (expected changed=false) assert: that: - vpc_subnet_ipv6_recreate is not changed - 'vpc_subnet_ipv6_recreate.subnet == vpc_subnet_ipv6_create.subnet' # ============================================================ - name: change subnet ipv6 attribute (expected changed=true) (CHECK MODE) ec2_vpc_subnet: cidr: "10.232.232.128/28" vpc_id: "{{ vpc_result.vpc.id }}" ipv6_cidr: "{{ vpc_ipv6_cidr | regex_replace('::/56', '::/64') }}" assign_instances_ipv6: false state: present purge_tags: false check_mode: true register: vpc_change_attribute - name: assert assign_instances_ipv6 attribute changed (expected changed=true) assert: that: - vpc_change_attribute is changed - name: change subnet ipv6 attribute (expected changed=true) ec2_vpc_subnet: cidr: "10.232.232.128/28" vpc_id: "{{ vpc_result.vpc.id }}" ipv6_cidr: "{{ vpc_ipv6_cidr | regex_replace('::/56', '::/64') }}" assign_instances_ipv6: false state: present purge_tags: false register: vpc_change_attribute - name: assert assign_instances_ipv6 attribute changed (expected changed=true) assert: that: - vpc_change_attribute is changed - 'not vpc_change_attribute.subnet.assign_ipv6_address_on_creation' # ============================================================ - name: add second subnet with duplicate ipv6 cidr (expected failure) ec2_vpc_subnet: cidr: "10.232.232.144/28" vpc_id: "{{ vpc_result.vpc.id }}" ipv6_cidr: "{{ vpc_ipv6_cidr | regex_replace('::/56', '::/64') }}" state: present purge_tags: false register: vpc_add_duplicate_ipv6 ignore_errors: true - name: assert graceful failure (expected failed) assert: that: - vpc_add_duplicate_ipv6 is failed - "'The IPv6 CIDR \\'{{ vpc_ipv6_cidr | regex_replace('::/56', '::/64') }}\\' conflicts with another subnet' in vpc_add_duplicate_ipv6.msg" # ============================================================ - name: remove subnet ipv6 cidr (expected changed=true) (CHECK MODE) ec2_vpc_subnet: cidr: "10.232.232.128/28" vpc_id: "{{ vpc_result.vpc.id }}" state: present purge_tags: false check_mode: true register: vpc_remove_ipv6_cidr - name: assert subnet ipv6 cidr removed (expected changed=true) assert: that: - vpc_remove_ipv6_cidr is changed - name: remove subnet ipv6 cidr (expected changed=true) ec2_vpc_subnet: cidr: "10.232.232.128/28" vpc_id: "{{ vpc_result.vpc.id }}" state: present purge_tags: false register: vpc_remove_ipv6_cidr - name: assert subnet ipv6 cidr removed (expected changed=true) assert: that: - vpc_remove_ipv6_cidr is changed - "vpc_remove_ipv6_cidr.subnet.ipv6_cidr_block == ''" - 'not vpc_remove_ipv6_cidr.subnet.assign_ipv6_address_on_creation' # ============================================================ - name: test adding a tag that looks like a boolean to the subnet (CHECK MODE) ec2_vpc_subnet: cidr: "10.232.232.128/28" vpc_id: "{{ vpc_result.vpc.id }}" state: present purge_tags: false tags: looks_like_boolean: true check_mode: true register: vpc_subnet_info - name: assert a tag was added assert: that: - vpc_subnet_info is changed - name: test adding a tag that looks like a boolean to the subnet ec2_vpc_subnet: cidr: "10.232.232.128/28" vpc_id: "{{ vpc_result.vpc.id }}" state: present purge_tags: false tags: looks_like_boolean: true register: vpc_subnet_info - name: assert a tag was added assert: that: - vpc_subnet_info is changed - 'vpc_subnet_info.subnet.tags.looks_like_boolean == "True"' # ============================================================ - name: test idempotence adding a tag that looks like a boolean (CHECK MODE) ec2_vpc_subnet: cidr: "10.232.232.128/28" vpc_id: "{{ vpc_result.vpc.id }}" state: present purge_tags: false tags: looks_like_boolean: true check_mode: true register: vpc_subnet_info - name: assert tags haven't changed assert: that: - vpc_subnet_info is not changed - name: test idempotence adding a tag that looks like a boolean ec2_vpc_subnet: cidr: "10.232.232.128/28" vpc_id: "{{ vpc_result.vpc.id }}" state: present purge_tags: false tags: looks_like_boolean: true register: vpc_subnet_info - name: assert tags haven't changed assert: that: - vpc_subnet_info is not changed always: ################################################ # TEARDOWN STARTS HERE ################################################ - name: tidy up subnet ec2_vpc_subnet: cidr: "10.232.232.128/28" vpc_id: "{{ vpc_result.vpc.id }}" state: absent - name: tidy up VPC ec2_vpc_net: name: "{{ resource_prefix }}-vpc" state: absent cidr_block: "10.232.232.128/26"