You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible/test/integration/targets/ec2_key/tasks/main.yml

351 lines
11 KiB
YAML

---
# A Note about ec2 environment variable name preference:
# - EC2_URL -> AWS_URL
# - EC2_ACCESS_KEY -> AWS_ACCESS_KEY_ID -> AWS_ACCESS_KEY
# - EC2_SECRET_KEY -> AWS_SECRET_ACCESS_KEY -> AWX_SECRET_KEY
# - EC2_REGION -> AWS_REGION
#
# TODO - name: test 'region' parameter
# TODO - name: test 'state=absent' parameter for existing key
# TODO - name: test 'state=absent' parameter for missing key
# TODO - name: test 'validate_certs' parameter
# ============================================================
# - include: ../../setup_ec2/tasks/common.yml module_name=ec2_key
- block:
# ============================================================
- name: test with no parameters
ec2_key:
register: result
ignore_errors: true
- name: assert failure when called with no parameters
assert:
that:
- 'result.failed'
- 'result.msg == "missing required arguments: name"'
# ============================================================
- name: test with only name
ec2_key:
name={{ec2_key_name}}
register: result
ignore_errors: true
- name: assert failure when called with only 'name'
assert:
that:
- 'result.failed'
- 'result.msg == "Either region or ec2_url must be specified"'
# ============================================================
- name: test invalid region parameter
ec2_key:
name={{ec2_key_name}}
region='asdf querty 1234'
register: result
ignore_errors: true
- name: assert invalid region parameter
assert:
that:
- 'result.failed'
- 'result.msg.startswith("Region asdf querty 1234 does not seem to be available ")'
# ============================================================
- name: test valid region parameter
ec2_key:
name={{ec2_key_name}}
region={{ec2_region}}
register: result
ignore_errors: true
- name: assert valid region parameter
assert:
that:
- 'result.failed'
- 'result.msg.startswith("No handler was ready to authenticate.")'
# ============================================================
- name: test environment variable EC2_REGION
ec2_key:
name={{ec2_key_name}}
environment:
EC2_REGION: '{{ec2_region}}'
register: result
ignore_errors: true
- name: assert environment variable EC2_REGION
assert:
that:
- 'result.failed'
- 'result.msg.startswith("No handler was ready to authenticate.")'
# ============================================================
- name: test invalid ec2_url parameter
ec2_key:
name={{ec2_key_name}}
environment:
EC2_URL: bogus.example.com
register: result
ignore_errors: true
- name: assert invalid ec2_url parameter
assert:
that:
- 'result.failed'
- 'result.msg.startswith("No handler was ready to authenticate.")'
# ============================================================
- name: test valid ec2_url parameter
ec2_key:
name={{ec2_key_name}}
environment:
EC2_URL: '{{ec2_url}}'
register: result
ignore_errors: true
- name: assert valid ec2_url parameter
assert:
that:
- 'result.failed'
- 'result.msg.startswith("No handler was ready to authenticate.")'
# ============================================================
- name: test credentials from environment
ec2_key:
name={{ec2_key_name}}
environment:
EC2_REGION: '{{ec2_region}}'
EC2_ACCESS_KEY: bogus_access_key
EC2_SECRET_KEY: bogus_secret_key
register: result
ignore_errors: true
- name: assert ec2_key with valid ec2_url
assert:
that:
- 'result.failed'
- '"EC2ResponseError: 401 Unauthorized" in result.module_stderr'
# ============================================================
- name: test credential parameters
ec2_key:
name={{ec2_key_name}}
ec2_region={{ec2_region}}
ec2_access_key=bogus_access_key
ec2_secret_key=bogus_secret_key
register: result
ignore_errors: true
- name: assert credential parameters
assert:
that:
- 'result.failed'
- '"EC2ResponseError: 401 Unauthorized" in result.module_stderr'
# ============================================================
- name: test state=absent with key_material
ec2_key:
name='{{ec2_key_name}}'
ec2_region={{ec2_region}}
ec2_access_key={{ec2_access_key}}
ec2_secret_key={{ec2_secret_key}}
security_token={{security_token}}
state=absent
register: result
- name: assert state=absent with key_material
assert:
that:
- '"failed" not in result'
# ============================================================
- name: test state=present without key_material
ec2_key:
name='{{ec2_key_name}}'
ec2_region={{ec2_region}}
ec2_access_key={{ec2_access_key}}
ec2_secret_key={{ec2_secret_key}}
security_token={{security_token}}
state=present
register: result
- name: assert state=present without key_material
assert:
that:
- 'result.changed'
- '"failed" not in result'
- '"key" in result'
- '"name" in result.key'
- '"fingerprint" in result.key'
- '"private_key" in result.key'
- 'result.key.name == "{{ec2_key_name}}"'
# ============================================================
- name: test state=absent without key_material
ec2_key:
name='{{ec2_key_name}}'
state=absent
environment:
EC2_REGION: '{{ec2_region}}'
EC2_ACCESS_KEY: '{{ec2_access_key}}'
EC2_SECRET_KEY: '{{ec2_secret_key}}'
EC2_SECURITY_TOKEN: '{{security_token|default("")}}'
register: result
- name: assert state=absent without key_material
assert:
that:
- 'result.changed'
- '"failed" not in result'
- '"key" in result'
- 'result.key == None'
# ============================================================
- name: test state=present with key_material
ec2_key:
name='{{ec2_key_name}}'
key_material='{{key_material}}'
state=present
environment:
EC2_REGION: '{{ec2_region}}'
EC2_ACCESS_KEY: '{{ec2_access_key}}'
EC2_SECRET_KEY: '{{ec2_secret_key}}'
EC2_SECURITY_TOKEN: '{{security_token|default("")}}'
register: result
- name: assert state=present with key_material
assert:
that:
- '"failed" not in result'
- 'result.changed == True'
- '"key" in result'
- '"name" in result.key'
- 'result.key.name == "{{ec2_key_name}}"'
- '"fingerprint" in result.key'
- '"private_key" not in result.key'
# FIXME - why don't the fingerprints match?
# - 'result.key.fingerprint == "{{fingerprint}}"'
# ============================================================
- name: test state=absent with key_material
ec2_key:
name='{{ec2_key_name}}'
key_material='{{key_material}}'
ec2_region='{{ec2_region}}'
ec2_access_key='{{ec2_access_key}}'
ec2_secret_key='{{ec2_secret_key}}'
security_token='{{security_token}}'
state=absent
register: result
- name: assert state=absent with key_material
assert:
that:
- 'result.changed'
- '"failed" not in result'
- '"key" in result'
- 'result.key == None'
# ============================================================
- name: test state=present with key_material with_files (expect changed=true)
ec2_key:
name='{{ec2_key_name}}'
state=present
key_material='{{ item }}'
with_file: '{{sshkey}}.pub'
environment:
EC2_REGION: '{{ec2_region}}'
EC2_ACCESS_KEY: '{{ec2_access_key}}'
EC2_SECRET_KEY: '{{ec2_secret_key}}'
EC2_SECURITY_TOKEN: '{{security_token|default("")}}'
register: result
- name: assert state=present with key_material with_files (expect changed=true)
assert:
that:
- 'result.msg == "All items completed"'
- 'result.changed == True'
- '"results" in result'
- '"item" in result.results[0]'
- '"key" in result.results[0]'
- '"name" in result.results[0].key'
- 'result.results[0].key.name == "{{ec2_key_name}}"'
- '"fingerprint" in result.results[0].key'
- '"private_key" not in result.results[0].key'
# FIXME - why doesn't result.key.fingerprint == {{fingerprint}}
# - 'result.key.fingerprint == "{{fingerprint}}"'
# ============================================================
- name: test state=present with key_material with_files (expect changed=false)
ec2_key:
name='{{ec2_key_name}}'
state=present
key_material='{{ item }}'
with_file: '{{sshkey}}.pub'
environment:
EC2_REGION: '{{ec2_region}}'
EC2_ACCESS_KEY: '{{ec2_access_key}}'
EC2_SECRET_KEY: '{{ec2_secret_key}}'
EC2_SECURITY_TOKEN: '{{security_token|default("")}}'
register: result
- name: assert state=present with key_material with_files (expect changed=false)
assert:
that:
- 'result.msg == "All items completed"'
- 'not result.changed'
- '"results" in result'
- '"item" in result.results[0]'
- '"key" in result.results[0]'
- '"name" in result.results[0].key'
- 'result.results[0].key.name == "{{ec2_key_name}}"'
- '"fingerprint" in result.results[0].key'
- '"private_key" not in result.results[0].key'
# FIXME - why doesn't result.key.fingerprint == {{fingerprint}}
# - 'result.key.fingerprint == "{{fingerprint}}"'
# ============================================================
- name: test state=absent with key_material (expect changed=true)
ec2_key:
name='{{ec2_key_name}}'
ec2_region='{{ec2_region}}'
ec2_access_key='{{ec2_access_key}}'
ec2_secret_key='{{ec2_secret_key}}'
security_token='{{security_token}}'
key_material='{{key_material}}'
state=absent
register: result
- name: assert state=absent with key_material (expect changed=true)
assert:
that:
- 'result.changed'
- '"failed" not in result'
- '"key" in result'
- 'result.key == None'
always:
# ============================================================
- name: test state=absent (expect changed=false)
ec2_key:
name='{{ec2_key_name}}'
ec2_region='{{ec2_region}}'
ec2_access_key='{{ec2_access_key}}'
ec2_secret_key='{{ec2_secret_key}}'
security_token='{{security_token}}'
state=absent
register: result
- name: assert state=absent with key_material (expect changed=false)
assert:
that:
- 'not result.changed'
- '"failed" not in result'
- '"key" in result'
- 'result.key == None'