diff options
| author | Matt Clay <matt@mystile.com> | 2017-05-03 08:20:39 +0800 |
|---|---|---|
| committer | Matt Clay <matt@mystile.com> | 2017-05-03 22:40:08 +0800 |
| commit | 00f8e3d360220a151d0fe4142d8c4f12f23bf744 (patch) | |
| tree | e1026982c7dc6427a5f6db2f2ea0a5d3a600d804 | |
| parent | a42b892f707215e092aa2cce6dff26ec8bc7669a (diff) | |
| download | ansible-00f8e3d360220a151d0fe4142d8c4f12f23bf744.tar.gz | |
Fixes for EC2 module integration tests.
| -rw-r--r-- | test/integration/credentials.template | 1 | ||||
| -rw-r--r-- | test/integration/roles/ec2_provision_instances/meta/main.yml | 1 | ||||
| -rw-r--r-- | test/integration/roles/setup_sshkey/tasks/main.yml (renamed from test/integration/roles/setup_ec2/tasks/main.yml) | 12 | ||||
| -rw-r--r-- | test/integration/roles/test_ec2_elb_lb/tasks/main.yml | 779 | ||||
| -rw-r--r-- | test/integration/roles/test_ec2_group/tasks/main.yml | 544 | ||||
| -rw-r--r-- | test/integration/roles/test_ec2_key/meta/main.yml | 1 | ||||
| -rw-r--r-- | test/integration/roles/test_ec2_key/tasks/main.yml | 657 | ||||
| -rw-r--r-- | test/integration/roles/test_ecs_ecr/meta/main.yml | 3 | ||||
| -rw-r--r-- | test/integration/roles/test_ecs_ecr/tasks/main.yml | 108 |
9 files changed, 1116 insertions, 990 deletions
diff --git a/test/integration/credentials.template b/test/integration/credentials.template index 4e2d3afcd6..61d5d6e38f 100644 --- a/test/integration/credentials.template +++ b/test/integration/credentials.template @@ -7,6 +7,7 @@ rackspace_region: # AWS Credentials ec2_access_key: ec2_secret_key: +security_token: # GCE Credentials gce_service_account_email: diff --git a/test/integration/roles/ec2_provision_instances/meta/main.yml b/test/integration/roles/ec2_provision_instances/meta/main.yml index 1f64f1169a..45f0cedf8e 100644 --- a/test/integration/roles/ec2_provision_instances/meta/main.yml +++ b/test/integration/roles/ec2_provision_instances/meta/main.yml @@ -1,3 +1,4 @@ dependencies: - prepare_tests + - setup_sshkey - setup_ec2 diff --git a/test/integration/roles/setup_ec2/tasks/main.yml b/test/integration/roles/setup_sshkey/tasks/main.yml index 0f71677753..afea833198 100644 --- a/test/integration/roles/setup_ec2/tasks/main.yml +++ b/test/integration/roles/setup_sshkey/tasks/main.yml @@ -1,4 +1,3 @@ -# common setup tasks for ec2 module tests # (c) 2014, James Laska <jlaska@ansible.com> # This file is part of Ansible @@ -16,12 +15,6 @@ # You should have received a copy of the GNU General Public License # along with Ansible. If not, see <http://www.gnu.org/licenses/>. -- name: generate random string - command: '{{ ansible_python.executable }} -c "import string,random; print str().join(random.choice(string.ascii_lowercase) for _ in range(8));"' - register: random_string - tags: - - prepare - - name: create random file shell: mktemp /tmp/id_rsa.XXXXXX register: sshkey @@ -40,16 +33,15 @@ - prepare - name: record fingerprint - shell: ssh-keygen -lf {{sshkey.stdout}}.pub | awk '{print $2}' + shell: ssh-keygen -lf {{sshkey.stdout}}.pub register: fingerprint tags: - prepare - name: set facts for future roles set_fact: - random_string: '{{random_string.stdout}}' sshkey: '{{sshkey.stdout}}' key_material: '{{key_material.stdout}}' - fingerprint: '{{fingerprint.stdout}}' + fingerprint: '{{fingerprint.stdout.split()[1]}}' tags: - prepare diff --git a/test/integration/roles/test_ec2_elb_lb/tasks/main.yml b/test/integration/roles/test_ec2_elb_lb/tasks/main.yml index 4d48c9d393..b18d6b4f6c 100644 --- a/test/integration/roles/test_ec2_elb_lb/tasks/main.yml +++ b/test/integration/roles/test_ec2_elb_lb/tasks/main.yml @@ -24,384 +24,401 @@ # test credentials from environment # test credential parameters -# ============================================================ -# create test elb with listeners, certificate, and health check - -- name: Create ELB - ec2_elb_lb: - name: "{{ tag_prefix }}" - region: "{{ ec2_region }}" - ec2_access_key: "{{ ec2_access_key }}" - ec2_secret_key: "{{ ec2_secret_key }}" - state: present - zones: - - us-east-1c - - us-east-1d - listeners: - - protocol: http - load_balancer_port: 80 - instance_port: 80 - - protocol: http - load_balancer_port: 8080 - instance_port: 8080 - health_check: - ping_protocol: http - ping_port: 80 - ping_path: "/index.html" - response_timeout: 5 - interval: 30 - unhealthy_threshold: 2 - healthy_threshold: 10 - register: info - -- assert: - that: - - 'info.changed' - - '"failed" not in info' - - 'info.elb.status == "created"' - - '"us-east-1c" in info.elb.zones' - - '"us-east-1d" in info.elb.zones' - - 'info.elb.health_check.healthy_threshold == 10' - - 'info.elb.health_check.interval == 30' - - 'info.elb.health_check.target == "HTTP:80/index.html"' - - 'info.elb.health_check.timeout == 5' - - 'info.elb.health_check.unhealthy_threshold == 2' - - '[80, 80, "HTTP", "HTTP"] in info.elb.listeners' - - '[8080, 8080, "HTTP", "HTTP"] in info.elb.listeners' - -# ============================================================ - -# check ports, would be cool, but we are at the mercy of AWS -# to start things in a timely manner - -#- name: check to make sure 80 is listening -# wait_for: host={{ info.elb.dns_name }} port=80 timeout=600 -# register: result - -#- name: assert can connect to port# -# assert: 'result.state == "started"' - -#- name: check to make sure 443 is listening -# wait_for: host={{ info.elb.dns_name }} port=443 timeout=600 -# register: result - -#- name: assert can connect to port# -# assert: 'result.state == "started"' - -# ============================================================ - -# Change AZ's - -- name: Change AZ's - ec2_elb_lb: - name: "{{ tag_prefix }}" - region: "{{ ec2_region }}" - ec2_access_key: "{{ ec2_access_key }}" - ec2_secret_key: "{{ ec2_secret_key }}" - state: present - zones: - - us-east-1b - listeners: - - protocol: http - load_balancer_port: 80 - instance_port: 80 - purge_zones: yes - health_check: - ping_protocol: http - ping_port: 80 - ping_path: "/index.html" - response_timeout: 5 - interval: 30 - unhealthy_threshold: 2 - healthy_threshold: 10 - register: info - - - -- assert: - that: - - '"failed" not in info' - - 'info.elb.status == "ok"' - - 'info.changed' - - 'info.elb.zones[0] == "us-east-1b"' - -# ============================================================ - -# Update AZ's - -- name: Update AZ's - ec2_elb_lb: - name: "{{ tag_prefix }}" - region: "{{ ec2_region }}" - ec2_access_key: "{{ ec2_access_key }}" - ec2_secret_key: "{{ ec2_secret_key }}" - state: present - zones: - - us-east-1b - - us-east-1c - - us-east-1d - listeners: - - protocol: http - load_balancer_port: 80 - instance_port: 80 - purge_zones: yes - register: info - -- assert: - that: - - '"failed" not in info' - - 'info.changed' - - 'info.elb.status == "ok"' - - '"us-east-1b" in info.elb.zones' - - '"us-east-1c" in info.elb.zones' - - '"us-east-1d" in info.elb.zones' - - -# ============================================================ - -# Purge Listeners - -- name: Purge Listeners - ec2_elb_lb: - name: "{{ tag_prefix }}" - region: "{{ ec2_region }}" - ec2_access_key: "{{ ec2_access_key }}" - ec2_secret_key: "{{ ec2_secret_key }}" - state: present - zones: - - us-east-1b - - us-east-1c - - us-east-1d - listeners: - - protocol: http - load_balancer_port: 80 - instance_port: 81 - purge_listeners: yes - register: info - -- assert: - that: - - '"failed" not in info' - - 'info.elb.status == "ok"' - - 'info.changed' - - '[80, 81, "HTTP", "HTTP"] in info.elb.listeners' - - 'info.elb.listeners|length == 1' - - - -# ============================================================ - -# add Listeners - -- name: Add Listeners - ec2_elb_lb: - name: "{{ tag_prefix }}" - region: "{{ ec2_region }}" - ec2_access_key: "{{ ec2_access_key }}" - ec2_secret_key: "{{ ec2_secret_key }}" - state: present - zones: - - us-east-1b - - us-east-1c - - us-east-1d - listeners: - - protocol: http - load_balancer_port: 8081 - instance_port: 8081 - purge_listeners: no - register: info - -- assert: - that: - - '"failed" not in info' - - 'info.elb.status == "ok"' - - 'info.changed' - - '[80, 81, "HTTP", "HTTP"] in info.elb.listeners' - - '[8081, 8081, "HTTP", "HTTP"] in info.elb.listeners' - - 'info.elb.listeners|length == 2' - - -# ============================================================ - -- name: test with no parameters - ec2_elb_lb: - register: result - ignore_errors: true - -- name: assert failure when called with no parameters - assert: - that: - - 'result.failed' - - 'result.msg == "missing required arguments: name,state"' - - - -# ============================================================ -- name: test with only name - ec2_elb_lb: - name="{{ tag_prefix }}" - register: result - ignore_errors: true - -- name: assert failure when called with only name - assert: - that: - - 'result.failed' - - 'result.msg == "missing required arguments: state"' - - -# ============================================================ -- name: test invalid region parameter - ec2_elb_lb: - name="{{ tag_prefix }}" - region='asdf querty 1234' - state=present - register: result - ignore_errors: true - -- name: assert invalid region parameter - assert: - that: - - 'result.failed' - - 'result.msg.startswith("value of region must be one of:")' - - -# ============================================================ -- name: test valid region parameter - ec2_elb_lb: - name: "{{ tag_prefix }}" - region: "{{ ec2_region }}" - state: present - zones: - - us-east-1a - - us-east-1d - listeners: - - protocol: http - load_balancer_port: 80 - instance_port: 80 - - register: result - ignore_errors: true - -- name: assert valid region parameter - assert: - that: - - 'result.failed' - - 'result.msg.startswith("No handler was ready to authenticate.")' - - -# ============================================================ - -- name: test invalid ec2_url parameter - ec2_elb_lb: - name: "{{ tag_prefix }}" - region: "{{ ec2_region }}" - state: present - zones: - - us-east-1a - - us-east-1d - listeners: - - protocol: http - load_balancer_port: 80 - instance_port: 80 - environment: - EC2_URL: bogus.example.com - register: result - ignore_errors: true - -- name: assert invalid ec2_url parameter - assert: - that: - - 'result.failed' - - 'result.msg.startswith("No handler was ready to authenticate.")' - - -# ============================================================ -- name: test valid ec2_url parameter - ec2_elb_lb: - name: "{{ tag_prefix }}" - region: "{{ ec2_region }}" - state: present - zones: - - us-east-1a - - us-east-1d - listeners: - - protocol: http - load_balancer_port: 80 - instance_port: 80 - environment: - EC2_URL: '{{ec2_url}}' - register: result - ignore_errors: true - -- name: assert valid ec2_url parameter - assert: - that: - - 'result.failed' - - 'result.msg.startswith("No handler was ready to authenticate.")' - - -# ============================================================ -- name: test credentials from environment - ec2_elb_lb: - name: "{{ tag_prefix }}" - region: "{{ ec2_region }}" - state: present - zones: - - us-east-1a - - us-east-1d - listeners: - - protocol: http - load_balancer_port: 80 - instance_port: 80 - environment: - EC2_ACCESS_KEY: bogus_access_key - EC2_SECRET_KEY: bogus_secret_key - register: result - ignore_errors: true - -- name: assert credentials from environment - assert: - that: - - 'result.failed' - - '"InvalidClientTokenId" in result.msg' - - -# ============================================================ -- name: test credential parameters - ec2_elb_lb: - name: "{{ tag_prefix }}" - region: "{{ ec2_region }}" - state: present - zones: - - us-east-1a - - us-east-1d - listeners: - - protocol: http - load_balancer_port: 80 - instance_port: 80 - register: result - ignore_errors: true - -- name: assert credential parameters - assert: - that: - - 'result.failed' - - '"No handler was ready to authenticate. 1 handlers were checked." in result.msg' - -# ============================================================ -- name: remove the test load balancer completely - ec2_elb_lb: - name: "{{ tag_prefix }}" - region: "{{ ec2_region }}" - state: absent - ec2_access_key: "{{ ec2_access_key }}" - ec2_secret_key: "{{ ec2_secret_key }}" - register: result - -- name: assert the load balancer was removed - assert: - that: - - 'result.changed' - - 'result.elb.name == "{{tag_prefix}}"' - - 'result.elb.status == "deleted"' +- block: + + # ============================================================ + # create test elb with listeners, certificate, and health check + + - name: Create ELB + ec2_elb_lb: + name: "{{ tag_prefix }}" + region: "{{ ec2_region }}" + ec2_access_key: "{{ ec2_access_key }}" + ec2_secret_key: "{{ ec2_secret_key }}" + security_token: "{{ security_token }}" + state: present + zones: + - us-east-1c + - us-east-1d + listeners: + - protocol: http + load_balancer_port: 80 + instance_port: 80 + - protocol: http + load_balancer_port: 8080 + instance_port: 8080 + health_check: + ping_protocol: http + ping_port: 80 + ping_path: "/index.html" + response_timeout: 5 + interval: 30 + unhealthy_threshold: 2 + healthy_threshold: 10 + register: info + + - assert: + that: + - 'info.changed' + - '"failed" not in info' + - 'info.elb.status == "created"' + - '"us-east-1c" in info.elb.zones' + - '"us-east-1d" in info.elb.zones' + - 'info.elb.health_check.healthy_threshold == 10' + - 'info.elb.health_check.interval == 30' + - 'info.elb.health_check.target == "HTTP:80/index.html"' + - 'info.elb.health_check.timeout == 5' + - 'info.elb.health_check.unhealthy_threshold == 2' + - '[80, 80, "HTTP", "HTTP"] in info.elb.listeners' + - '[8080, 8080, "HTTP", "HTTP"] in info.elb.listeners' + + # ============================================================ + + # check ports, would be cool, but we are at the mercy of AWS + # to start things in a timely manner + + #- name: check to make sure 80 is listening + # wait_for: host={{ info.elb.dns_name }} port=80 timeout=600 + # register: result + + #- name: assert can connect to port# + # assert: 'result.state == "started"' + + #- name: check to make sure 443 is listening + # wait_for: host={{ info.elb.dns_name }} port=443 timeout=600 + # register: result + + #- name: assert can connect to port# + # assert: 'result.state == "started"' + + # ============================================================ + + # Change AZ's + + - name: Change AZ's + ec2_elb_lb: + name: "{{ tag_prefix }}" + region: "{{ ec2_region }}" + ec2_access_key: "{{ ec2_access_key }}" + ec2_secret_key: "{{ ec2_secret_key }}" + security_token: "{{ security_token }}" + state: present + zones: + - us-east-1b + listeners: + - protocol: http + load_balancer_port: 80 + instance_port: 80 + purge_zones: yes + health_check: + ping_protocol: http + ping_port: 80 + ping_path: "/index.html" + response_timeout: 5 + interval: 30 + unhealthy_threshold: 2 + healthy_threshold: 10 + register: info + + + + - assert: + that: + - '"failed" not in info' + - 'info.elb.status == "ok"' + - 'info.changed' + - 'info.elb.zones[0] == "us-east-1b"' + + # ============================================================ + + # Update AZ's + + - name: Update AZ's + ec2_elb_lb: + name: "{{ tag_prefix }}" + region: "{{ ec2_region }}" + ec2_access_key: "{{ ec2_access_key }}" + ec2_secret_key: "{{ ec2_secret_key }}" + security_token: "{{ security_token }}" + state: present + zones: + - us-east-1b + - us-east-1c + - us-east-1d + listeners: + - protocol: http + load_balancer_port: 80 + instance_port: 80 + purge_zones: yes + register: info + + - assert: + that: + - '"failed" not in info' + - 'info.changed' + - 'info.elb.status == "ok"' + - '"us-east-1b" in info.elb.zones' + - '"us-east-1c" in info.elb.zones' + - '"us-east-1d" in info.elb.zones' + + + # ============================================================ + + # Purge Listeners + + - name: Purge Listeners + ec2_elb_lb: + name: "{{ tag_prefix }}" + region: "{{ ec2_region }}" + ec2_access_key: "{{ ec2_access_key }}" + ec2_secret_key: "{{ ec2_secret_key }}" + security_token: "{{ security_token }}" + state: present + zones: + - us-east-1b + - us-east-1c + - us-east-1d + listeners: + - protocol: http + load_balancer_port: 80 + instance_port: 81 + purge_listeners: yes + register: info + + - assert: + that: + - '"failed" not in info' + - 'info.elb.status == "ok"' + - 'info.changed' + - '[80, 81, "HTTP", "HTTP"] in info.elb.listeners' + - 'info.elb.listeners|length == 1' + + + + # ============================================================ + + # add Listeners + + - name: Add Listeners + ec2_elb_lb: + name: "{{ tag_prefix }}" + region: "{{ ec2_region }}" + ec2_access_key: "{{ ec2_access_key }}" + ec2_secret_key: "{{ ec2_secret_key }}" + security_token: "{{ security_token }}" + state: present + zones: + - us-east-1b + - us-east-1c + - us-east-1d + listeners: + - protocol: http + load_balancer_port: 8081 + instance_port: 8081 + purge_listeners: no + register: info + + - assert: + that: + - '"failed" not in info' + - 'info.elb.status == "ok"' + - 'info.changed' + - '[80, 81, "HTTP", "HTTP"] in info.elb.listeners' + - '[8081, 8081, "HTTP", "HTTP"] in info.elb.listeners' + - 'info.elb.listeners|length == 2' + + + # ============================================================ + + - name: test with no parameters + ec2_elb_lb: + register: result + ignore_errors: true + + - name: assert failure when called with no parameters + assert: + that: + - 'result.failed' + - 'result.msg == "missing required arguments: name,state"' + + + + # ============================================================ + - name: test with only name + ec2_elb_lb: + name="{{ tag_prefix }}" + register: result + ignore_errors: true + + - name: assert failure when called with only name + assert: + that: + - 'result.failed' + - 'result.msg == "missing required arguments: state"' + + + # ============================================================ + - name: test invalid region parameter + ec2_elb_lb: + name: "{{ tag_prefix }}" + region: 'asdf querty 1234' + state: present + listeners: + - protocol: http + load_balancer_port: 80 + instance_port: 80 + zones: + - us-east-1c + - us-east-1d + register: result + ignore_errors: true + + - name: assert invalid region parameter + assert: + that: + - 'result.failed' + - 'result.msg.startswith("Region asdf querty 1234 does not seem to be available ")' + + + # ============================================================ + - name: test valid region parameter + ec2_elb_lb: + name: "{{ tag_prefix }}" + region: "{{ ec2_region }}" + state: present + zones: + - us-east-1a + - us-east-1d + listeners: + - protocol: http + load_balancer_port: 80 + instance_port: 80 + + register: result + ignore_errors: true + + - name: assert valid region parameter + assert: + that: + - 'result.failed' + - 'result.msg.startswith("No handler was ready to authenticate.")' + + + # ============================================================ + + - name: test invalid ec2_url parameter + ec2_elb_lb: + name: "{{ tag_prefix }}" + region: "{{ ec2_region }}" + state: present + zones: + - us-east-1a + - us-east-1d + listeners: + - protocol: http + load_balancer_port: 80 + instance_port: 80 + environment: + EC2_URL: bogus.example.com + register: result + ignore_errors: true + + - name: assert invalid ec2_url parameter + assert: + that: + - 'result.failed' + - 'result.msg.startswith("No handler was ready to authenticate.")' + + + # ============================================================ + - name: test valid ec2_url parameter + ec2_elb_lb: + name: "{{ tag_prefix }}" + region: "{{ ec2_region }}" + state: present + zones: + - us-east-1a + - us-east-1d + listeners: + - protocol: http + load_balancer_port: 80 + instance_port: 80 + environment: + EC2_URL: '{{ec2_url}}' + register: result + ignore_errors: true + + - name: assert valid ec2_url parameter + assert: + that: + - 'result.failed' + - 'result.msg.startswith("No handler was ready to authenticate.")' + + + # ============================================================ + - name: test credentials from environment + ec2_elb_lb: + name: "{{ tag_prefix }}" + region: "{{ ec2_region }}" + state: present + zones: + - us-east-1a + - us-east-1d + listeners: + - protocol: http + load_balancer_port: 80 + instance_port: 80 + environment: + EC2_ACCESS_KEY: bogus_access_key + EC2_SECRET_KEY: bogus_secret_key + register: result + ignore_errors: true + + - name: assert credentials from environment + assert: + that: + - 'result.failed' + - '"InvalidClientTokenId" in result.exception' + + + # ============================================================ + - name: test credential parameters + ec2_elb_lb: + name: "{{ tag_prefix }}" + region: "{{ ec2_region }}" + state: present + zones: + - us-east-1a + - us-east-1d + listeners: + - protocol: http + load_balancer_port: 80 + instance_port: 80 + register: result + ignore_errors: true + + - name: assert credential parameters + assert: + that: + - 'result.failed' + - '"No handler was ready to authenticate. 1 handlers were checked." in result.msg' + + always: + + # ============================================================ + - name: remove the test load balancer completely + ec2_elb_lb: + name: "{{ tag_prefix }}" + region: "{{ ec2_region }}" + state: absent + ec2_access_key: "{{ ec2_access_key }}" + ec2_secret_key: "{{ ec2_secret_key }}" + security_token: "{{ security_token }}" + register: result + + - name: assert the load balancer was removed + assert: + that: + - 'result.changed' + - 'result.elb.name == "{{tag_prefix}}"' + - 'result.elb.status == "deleted"' diff --git a/test/integration/roles/test_ec2_group/tasks/main.yml b/test/integration/roles/test_ec2_group/tasks/main.yml index cc27967cb8..4e5ae3f991 100644 --- a/test/integration/roles/test_ec2_group/tasks/main.yml +++ b/test/integration/roles/test_ec2_group/tasks/main.yml @@ -8,270 +8,280 @@ # - include: ../../setup_ec2/tasks/common.yml module_name=ec2_group -# ============================================================ -- name: test failure with no parameters - ec2_group: - register: result - ignore_errors: true - -- name: assert failure with no parameters - assert: - that: - - 'result.failed' - - 'result.msg == "missing required arguments: name"' - -# ============================================================ -- name: test failure with only name - ec2_group: - name='{{ec2_group_name}}' - register: result - ignore_errors: true - -- name: assert failure with only name - assert: - that: - - 'result.failed' - - 'result.msg == "Must provide description when state is present."' - -# ============================================================ -- name: test failure with only description - ec2_group: - description='{{ec2_group_description}}' - register: result - ignore_errors: true - -- name: assert failure with only description - assert: - that: - - 'result.failed' - - 'result.msg == "missing required arguments: name"' - -# ============================================================ -- name: test failure with empty description (AWS API requires non-empty string desc) - ec2_group: - name='{{ec2_group_name}}' - description='' - region='{{ec2_region}}' - register: result - ignore_errors: true - -- name: assert failure with empty description - assert: - that: - - 'result.failed' - - 'result.msg == "Must provide description when state is present."' - -# ============================================================ -- name: test invalid region parameter - ec2_group: - name='{{ec2_group_name}}' - description='{{ec2_group_description}}' - region='asdf querty 1234' - register: result - ignore_errors: true - -- name: assert invalid region parameter - assert: - that: - - 'result.failed' - - 'result.msg.startswith("Region asdf querty 1234 does not seem to be available for aws module boto.ec2. If the region definitely exists, you may need to upgrade boto or extend with endpoints_path")' - -# ============================================================ -- name: test valid region parameter - ec2_group: - name='{{ec2_group_name}}' - description='{{ec2_group_description}}' - region='{{ec2_region}}' - register: result - ignore_errors: true - -- name: assert valid region parameter - assert: - that: - - 'result.failed' - - 'result.msg.startswith("No handler was ready to authenticate.")' - -# ============================================================ -- name: test environment variable EC2_REGION - ec2_group: - name='{{ec2_group_name}}' - description='{{ec2_group_description}}' - environment: - EC2_REGION: '{{ec2_region}}' - register: result - ignore_errors: true - -- name: assert environment variable EC2_REGION - assert: - that: - - 'result.failed' - - 'result.msg.startswith("No handler was ready to authenticate.")' - -# ============================================================ -- name: test invalid ec2_url parameter - ec2_group: - name='{{ec2_group_name}}' - description='{{ec2_group_description}}' - environment: - EC2_URL: bogus.example.com - register: result - ignore_errors: true - -- name: assert invalid ec2_url parameter - assert: - that: - - 'result.failed' - - 'result.msg.startswith("No handler was ready to authenticate.")' - -# ============================================================ -- name: test valid ec2_url parameter - ec2_group: - name='{{ec2_group_name}}' - description='{{ec2_group_description}}' - environment: - EC2_URL: '{{ec2_url}}' - register: result - ignore_errors: true - -- name: assert valid ec2_url parameter - assert: - that: - - 'result.failed' - - 'result.msg.startswith("No handler was ready to authenticate.")' - -# ============================================================ -- name: test credentials from environment - ec2_group: - name='{{ec2_group_name}}' - description='{{ec2_group_description}}' - environment: - EC2_REGION: '{{ec2_region}}' - EC2_ACCESS_KEY: bogus_access_key - EC2_SECRET_KEY: bogus_secret_key - register: result - ignore_errors: true - -- name: assert ec2_group with valid ec2_url - assert: - that: - - 'result.failed' - - '"Error in get_all_security_groups: AWS was not able to validate the provided access credentials" in result.msg' - -# ============================================================ -- name: test credential parameters - ec2_group: - name='{{ec2_group_name}}' - description='{{ec2_group_description}}' - ec2_region='{{ec2_region}}' - ec2_access_key='bogus_access_key' - ec2_secret_key='bogus_secret_key' - register: result - ignore_errors: true - -- name: assert credential parameters - assert: - that: - - 'result.failed' - - '"Error in get_all_security_groups: AWS was not able to validate the provided access credentials" in result.msg' - -# ============================================================ -- name: test state=absent - ec2_group: - name='{{ec2_group_name}}' - description='{{ec2_group_description}}' - ec2_region='{{ec2_region}}' - ec2_access_key='{{ec2_access_key}}' - ec2_secret_key='{{ec2_secret_key}}' - state=absent - register: result - -- name: assert state=absent - assert: - that: - - '"failed" not in result' - -# ============================================================ -- name: test state=present (expected changed=true) - ec2_group: - name='{{ec2_group_name}}' - description='{{ec2_group_description}}' - ec2_region='{{ec2_region}}' - ec2_access_key='{{ec2_access_key}}' - ec2_secret_key='{{ec2_secret_key}}' - state=present - register: result - -- name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - 'result.group_id.startswith("sg-")' - -# ============================================================ -- name: test state=present different description raises error - ec2_group: - name='{{ec2_group_name}}' - description='{{ec2_group_description}}CHANGED' - ec2_region='{{ec2_region}}' - ec2_access_key='{{ec2_access_key}}' - ec2_secret_key='{{ec2_secret_key}}' - state=present - ignore_errors: true - register: result - -- name: assert matching group with non-matching description raises error - assert: - that: - - 'result.failed' - - '"Group description does not match existing group. ec2_group does not support this case." in result.msg' - -# ============================================================ -- name: test state=present (expected changed=false) - ec2_group: - name='{{ec2_group_name}}' - description='{{ec2_group_description}}' - ec2_region='{{ec2_region}}' - ec2_access_key='{{ec2_access_key}}' - ec2_secret_key='{{ec2_secret_key}}' - state=present - register: result - -- name: assert state=present (expected changed=false) - assert: - that: - - 'not result.changed' - - 'result.group_id.startswith("sg-")' - -# ============================================================ -- name: test state=absent (expected changed=true) - ec2_group: - name='{{ec2_group_name}}' - state=absent - environment: - EC2_REGION: '{{ec2_region}}' - EC2_ACCESS_KEY: '{{ec2_access_key}}' - EC2_SECRET_KEY: '{{ec2_secret_key}}' - register: result - -- name: assert state=absent (expected changed=true) - assert: - that: - - 'result.changed' - - 'not result.group_id' - -# ============================================================ -- name: test state=absent (expected changed=false) - ec2_group: - name='{{ec2_group_name}}' - state=absent - environment: - EC2_REGION: '{{ec2_region}}' - EC2_ACCESS_KEY: '{{ec2_access_key}}' - EC2_SECRET_KEY: '{{ec2_secret_key}}' - register: result - -- name: assert state=absent (expected changed=false) - assert: - that: - - 'not result.changed' - - 'not result.group_id' +- block: + + # ============================================================ + - name: test failure with no parameters + ec2_group: + register: result + ignore_errors: true + + - name: assert failure with no parameters + assert: + that: + - 'result.failed' + - 'result.msg == "missing required arguments: name"' + + # ============================================================ + - name: test failure with only name + ec2_group: + name='{{ec2_group_name}}' + register: result + ignore_errors: true + + - name: assert failure with only name + assert: + that: + - 'result.failed' + - 'result.msg == "Must provide description when state is present."' + + # ============================================================ + - name: test failure with only description + ec2_group: + description='{{ec2_group_description}}' + register: result + ignore_errors: true + + - name: assert failure with only description + assert: + that: + - 'result.failed' + - 'result.msg == "missing required arguments: name"' + + # ============================================================ + - name: test failure with empty description (AWS API requires non-empty string desc) + ec2_group: + name='{{ec2_group_name}}' + description='' + region='{{ec2_region}}' + register: result + ignore_errors: true + + - name: assert failure with empty description + assert: + that: + - 'result.failed' + - 'result.msg == "Must provide description when state is present."' + + # ============================================================ + - name: test invalid region parameter + ec2_group: + name='{{ec2_group_name}}' + description='{{ec2_group_description}}' + region='asdf querty 1234' + register: result + ignore_errors: true + + - name: assert invalid region parameter + assert: + that: + - 'result.failed' + - 'result.msg.startswith("Region asdf querty 1234 does not seem to be available for aws module boto.ec2. If the region definitely exists, you may need to upgrade boto or extend with endpoints_path")' + + # ============================================================ + - name: test valid region parameter + ec2_group: + name='{{ec2_group_name}}' + description='{{ec2_group_description}}' + region='{{ec2_region}}' + register: result + ignore_errors: true + + - name: assert valid region parameter + assert: + that: + - 'result.failed' + - 'result.msg.startswith("No handler was ready to authenticate.")' + + # ============================================================ + - name: test environment variable EC2_REGION + ec2_group: + name='{{ec2_group_name}}' + description='{{ec2_group_description}}' + environment: + EC2_REGION: '{{ec2_region}}' + register: result + ignore_errors: true + + - name: assert environment variable EC2_REGION + assert: + that: + - 'result.failed' + - 'result.msg.startswith("No handler was ready to authenticate.")' + + # ============================================================ + - name: test invalid ec2_url parameter + ec2_group: + name='{{ec2_group_name}}' + description='{{ec2_group_description}}' + environment: + EC2_URL: bogus.example.com + register: result + ignore_errors: true + + - name: assert invalid ec2_url parameter + assert: + that: + - 'result.failed' + - 'result.msg.startswith("No handler was ready to authenticate.")' + + # ============================================================ + - name: test valid ec2_url parameter + ec2_group: + name='{{ec2_group_name}}' + description='{{ec2_group_description}}' + environment: + EC2_URL: '{{ec2_url}}' + register: result + ignore_errors: true + + - name: assert valid ec2_url parameter + assert: + that: + - 'result.failed' + - 'result.msg.startswith("No handler was ready to authenticate.")' + + # ============================================================ + - name: test credentials from environment + ec2_group: + name='{{ec2_group_name}}' + description='{{ec2_group_description}}' + environment: + EC2_REGION: '{{ec2_region}}' + EC2_ACCESS_KEY: bogus_access_key + EC2_SECRET_KEY: bogus_secret_key + register: result + ignore_errors: true + + - name: assert ec2_group with valid ec2_url + assert: + that: + - 'result.failed' + - '"Error in get_all_security_groups: AWS was not able to validate the provided access credentials" in result.msg' + + # ============================================================ + - name: test credential parameters + ec2_group: + name='{{ec2_group_name}}' + description='{{ec2_group_description}}' + ec2_region='{{ec2_region}}' + ec2_access_key='bogus_access_key' + ec2_secret_key='bogus_secret_key' + register: result + ignore_errors: true + + - name: assert credential parameters + assert: + that: + - 'result.failed' + - '"Error in get_all_security_groups: AWS was not able to validate the provided access credentials" in result.msg' + + # ============================================================ + - name: test state=absent + ec2_group: + name='{{ec2_group_name}}' + description='{{ec2_group_description}}' + ec2_region='{{ec2_region}}' + ec2_access_key='{{ec2_access_key}}' + ec2_secret_key='{{ec2_secret_key}}' + security_token='{{security_token}}' + state=absent + register: result + + - name: assert state=absent + assert: + that: + - '"failed" not in result' + + # ============================================================ + - name: test state=present (expected changed=true) + ec2_group: + name='{{ec2_group_name}}' + description='{{ec2_group_description}}' + ec2_region='{{ec2_region}}' + ec2_access_key='{{ec2_access_key}}' + ec2_secret_key='{{ec2_secret_key}}' + security_token='{{security_token}}' + state=present + register: result + + - name: assert state=present (expected changed=true) + assert: + that: + - 'result.changed' + - 'result.group_id.startswith("sg-")' + + # ============================================================ + - name: test state=present different description raises error + ec2_group: + name='{{ec2_group_name}}' + description='{{ec2_group_description}}CHANGED' + ec2_region='{{ec2_region}}' + ec2_access_key='{{ec2_access_key}}' + ec2_secret_key='{{ec2_secret_key}}' + security_token='{{security_token}}' + state=present + ignore_errors: true + register: result + + - name: assert matching group with non-matching description raises error + assert: + that: + - 'result.failed' + - '"Group description does not match existing group. ec2_group does not support this case." in result.msg' + + # ============================================================ + - name: test state=present (expected changed=false) + ec2_group: + name='{{ec2_group_name}}' + description='{{ec2_group_description}}' + ec2_region='{{ec2_region}}' + ec2_access_key='{{ec2_access_key}}' + ec2_secret_key='{{ec2_secret_key}}' + security_token='{{security_token}}' + state=present + register: result + + - name: assert state=present (expected changed=false) + assert: + that: + - 'not result.changed' + - 'result.group_id.startswith("sg-")' + + # ============================================================ + - name: test state=absent (expected changed=true) + ec2_group: + name='{{ec2_group_name}}' + state=absent + environment: + EC2_REGION: '{{ec2_region}}' + EC2_ACCESS_KEY: '{{ec2_access_key}}' + EC2_SECRET_KEY: '{{ec2_secret_key}}' + EC2_SECURITY_TOKEN: '{{security_token|default("")}}' + register: result + + - name: assert state=absent (expected changed=true) + assert: + that: + - 'result.changed' + - 'not result.group_id' + + always: + + # ============================================================ + - name: test state=absent (expected changed=false) + ec2_group: + name='{{ec2_group_name}}' + state=absent + environment: + EC2_REGION: '{{ec2_region}}' + EC2_ACCESS_KEY: '{{ec2_access_key}}' + EC2_SECRET_KEY: '{{ec2_secret_key}}' + EC2_SECURITY_TOKEN: '{{security_token|default("")}}' + register: result + + - name: assert state=absent (expected changed=false) + assert: + that: + - 'not result.changed' + - 'not result.group_id' diff --git a/test/integration/roles/test_ec2_key/meta/main.yml b/test/integration/roles/test_ec2_key/meta/main.yml index 1f64f1169a..45f0cedf8e 100644 --- a/test/integration/roles/test_ec2_key/meta/main.yml +++ b/test/integration/roles/test_ec2_key/meta/main.yml @@ -1,3 +1,4 @@ dependencies: - prepare_tests + - setup_sshkey - setup_ec2 diff --git a/test/integration/roles/test_ec2_key/tasks/main.yml b/test/integration/roles/test_ec2_key/tasks/main.yml index f8f05d1853..637d67ab0e 100644 --- a/test/integration/roles/test_ec2_key/tasks/main.yml +++ b/test/integration/roles/test_ec2_key/tasks/main.yml @@ -13,325 +13,338 @@ # ============================================================ # - include: ../../setup_ec2/tasks/common.yml module_name=ec2_key -# ============================================================ -- name: test with no parameters - ec2_key: - register: result - ignore_errors: true - -- name: assert failure when called with no parameters - assert: - that: - - 'result.failed' - - 'result.msg == "missing required arguments: name"' - -# ============================================================ -- name: test with only name - ec2_key: - name={{ec2_key_name}} - register: result - ignore_errors: true - -- name: assert failure when called with only 'name' - assert: - that: - - 'result.failed' - - 'result.msg == "Either region or ec2_url must be specified"' - -# ============================================================ -- name: test invalid region parameter - ec2_key: - name={{ec2_key_name}} - region='asdf querty 1234' - register: result - ignore_errors: true - -- name: assert invalid region parameter - assert: - that: - - 'result.failed' - - 'result.msg.startswith("value of region must be one of:")' - -# ============================================================ -- name: test valid region parameter - ec2_key: - name={{ec2_key_name}} - region={{ec2_region}} - register: result - ignore_errors: true - -- name: assert valid region parameter - assert: - that: - - 'result.failed' - - 'result.msg.startswith("No handler was ready to authenticate.")' - -# ============================================================ -- name: test environment variable EC2_REGION - ec2_key: - name={{ec2_key_name}} - environment: - EC2_REGION: '{{ec2_region}}' - register: result - ignore_errors: true - -- name: assert environment variable EC2_REGION - assert: - that: - - 'result.failed' - - 'result.msg.startswith("No handler was ready to authenticate.")' - -# ============================================================ -- name: test invalid ec2_url parameter - ec2_key: - name={{ec2_key_name}} - environment: - EC2_URL: bogus.example.com - register: result - ignore_errors: true - -- name: assert invalid ec2_url parameter - assert: - that: - - 'result.failed' - - 'result.msg.startswith("No handler was ready to authenticate.")' - -# ============================================================ -- name: test valid ec2_url parameter - ec2_key: - name={{ec2_key_name}} - environment: - EC2_URL: '{{ec2_url}}' - register: result - ignore_errors: true - -- name: assert valid ec2_url parameter - assert: - that: - - 'result.failed' - - 'result.msg.startswith("No handler was ready to authenticate.")' - -# ============================================================ -- name: test credentials from environment - ec2_key: - name={{ec2_key_name}} - environment: - EC2_REGION: '{{ec2_region}}' - EC2_ACCESS_KEY: bogus_access_key - EC2_SECRET_KEY: bogus_secret_key - register: result - ignore_errors: true - -- name: assert ec2_key with valid ec2_url - assert: - that: - - 'result.failed' - - '"EC2ResponseError: 401 Unauthorized" in result.msg' - -# ============================================================ -- name: test credential parameters - ec2_key: - name={{ec2_key_name}} - ec2_region={{ec2_region}} - ec2_access_key=bogus_access_key - ec2_secret_key=bogus_secret_key - register: result - ignore_errors: true - -- name: assert credential parameters - assert: - that: - - 'result.failed' - - '"EC2ResponseError: 401 Unauthorized" in result.msg' - -# ============================================================ -- name: test state=absent with key_material - ec2_key: - name='{{ec2_key_name}}' - ec2_region={{ec2_region}} - ec2_access_key={{ec2_access_key}} - ec2_secret_key={{ec2_secret_key}} - state=absent - register: result - -- name: assert state=absent with key_material - assert: - that: - - '"failed" not in result' - -# ============================================================ -- name: test state=present without key_material - ec2_key: - name='{{ec2_key_name}}' - ec2_region={{ec2_region}} - ec2_access_key={{ec2_access_key}} - ec2_secret_key={{ec2_secret_key}} - state=present - register: result - -- name: assert state=present without key_material - assert: - that: - - 'result.changed' - - '"failed" not in result' - - '"key" in result' - - '"name" in result.key' - - '"fingerprint" in result.key' - - '"private_key" in result.key' - - 'result.key.name == "{{ec2_key_name}}"' - -# ============================================================ -- name: test state=absent without key_material - ec2_key: - name='{{ec2_key_name}}' - state=absent - environment: - EC2_REGION: '{{ec2_region}}' - EC2_ACCESS_KEY: '{{ec2_access_key}}' - EC2_SECRET_KEY: '{{ec2_secret_key}}' - register: result - -- name: assert state=absent without key_material - assert: - that: - - 'result.changed' - - '"failed" not in result' - - '"key" in result' - - 'result.key == None' - -# ============================================================ -- name: test state=present with key_material - ec2_key: - name='{{ec2_key_name}}' - key_material='{{key_material}}' - state=present - environment: - EC2_REGION: '{{ec2_region}}' - EC2_ACCESS_KEY: '{{ec2_access_key}}' - EC2_SECRET_KEY: '{{ec2_secret_key}}' - register: result - -- name: assert state=present with key_material - assert: - that: - - '"failed" not in result' - - 'result.changed == True' - - '"key" in result' - - '"name" in result.key' - - 'result.key.name == "{{ec2_key_name}}"' - - '"fingerprint" in result.key' - - '"private_key" not in result.key' - # FIXME - why don't the fingerprints match? - # - 'result.key.fingerprint == "{{fingerprint}}"' - -# ============================================================ -- name: test state=absent with key_material - ec2_key: - name='{{ec2_key_name}}' - key_material='{{key_material}}' - ec2_region='{{ec2_region}}' - ec2_access_key='{{ec2_access_key}}' - ec2_secret_key='{{ec2_secret_key}}' - state=absent - register: result - -- name: assert state=absent with key_material - assert: - that: - - 'result.changed' - - '"failed" not in result' - - '"key" in result' - - 'result.key == None' - -# ============================================================ -- name: test state=present with key_material with_files (expect changed=true) - ec2_key: - name='{{ec2_key_name}}' - state=present - key_material='{{ item }}' - with_file: sshkey ~ '.pub' - environment: - EC2_REGION: '{{ec2_region}}' - EC2_ACCESS_KEY: '{{ec2_access_key}}' - EC2_SECRET_KEY: '{{ec2_secret_key}}' - register: result - -- name: assert state=present with key_material with_files (expect changed=true) - assert: - that: - - 'result.msg == "All items completed"' - - 'result.changed == True' - - '"results" in result' - - '"item" in result.results[0]' - - '"key" in result.results[0]' - - '"name" in result.results[0].key' - - 'result.results[0].key.name == "{{ec2_key_name}}"' - - '"fingerprint" in result.results[0].key' - - '"private_key" not in result.results[0].key' - # FIXME - why doesn't result.key.fingerprint == {{fingerprint}} - # - 'result.key.fingerprint == "{{fingerprint}}"' - -# ============================================================ -- name: test state=present with key_material with_files (expect changed=false) - ec2_key: - name='{{ec2_key_name}}' - state=present - key_material='{{ item }}' - with_file: sshkey ~ '.pub' - environment: - EC2_REGION: '{{ec2_region}}' - EC2_ACCESS_KEY: '{{ec2_access_key}}' - EC2_SECRET_KEY: '{{ec2_secret_key}}' - register: result - -- name: assert state=present with key_material with_files (expect changed=false) - assert: - that: - - 'result.msg == "All items completed"' - - 'not result.changed' - - '"results" in result' - - '"item" in result.results[0]' - - '"key" in result.results[0]' - - '"name" in result.results[0].key' - - 'result.results[0].key.name == "{{ec2_key_name}}"' - - '"fingerprint" in result.results[0].key' - - '"private_key" not in result.results[0].key' - # FIXME - why doesn't result.key.fingerprint == {{fingerprint}} - # - 'result.key.fingerprint == "{{fingerprint}}"' - -# ============================================================ -- name: test state=absent with key_material (expect changed=true) - ec2_key: - name='{{ec2_key_name}}' - ec2_region='{{ec2_region}}' - ec2_access_key='{{ec2_access_key}}' - ec2_secret_key='{{ec2_secret_key}}' - key_material='{{key_material}}' - state=absent - register: result - -- name: assert state=absent with key_material (expect changed=true) - assert: - that: - - 'result.changed' - - '"failed" not in result' - - '"key" in result' - - 'result.key == None' - -# ============================================================ -- name: test state=absent (expect changed=false) - ec2_key: - name='{{ec2_key_name}}' - ec2_region='{{ec2_region}}' - ec2_access_key='{{ec2_access_key}}' - ec2_secret_key='{{ec2_secret_key}}' - state=absent - register: result - -- name: assert state=absent with key_material (expect changed=false) - assert: - that: - - 'not result.changed' - - '"failed" not in result' - - '"key" in result' - - 'result.key == None' +- block: + + # ============================================================ + - name: test with no parameters + ec2_key: + register: result + ignore_errors: true + + - name: assert failure when called with no parameters + assert: + that: + - 'result.failed' + - 'result.msg == "missing required arguments: name"' + + # ============================================================ + - name: test with only name + ec2_key: + name={{ec2_key_name}} + register: result + ignore_errors: true + + - name: assert failure when called with only 'name' + assert: + that: + - 'result.failed' + - 'result.msg == "Either region or ec2_url must be specified"' + + # ============================================================ + - name: test invalid region parameter + ec2_key: + name={{ec2_key_name}} + region='asdf querty 1234' + register: result + ignore_errors: true + + - name: assert invalid region parameter + assert: + that: + - 'result.failed' + - 'result.msg.startswith("Region asdf querty 1234 does not seem to be available ")' + + # ============================================================ + - name: test valid region parameter + ec2_key: + name={{ec2_key_name}} + region={{ec2_region}} + register: result + ignore_errors: true + + - name: assert valid region parameter + assert: + that: + - 'result.failed' + - 'result.msg.startswith("No handler was ready to authenticate.")' + + # ============================================================ + - name: test environment variable EC2_REGION + ec2_key: + name={{ec2_key_name}} + environment: + EC2_REGION: '{{ec2_region}}' + register: result + ignore_errors: true + + - name: assert environment variable EC2_REGION + assert: + that: + - 'result.failed' + - 'result.msg.startswith("No handler was ready to authenticate.")' + + # ============================================================ + - name: test invalid ec2_url parameter + ec2_key: + name={{ec2_key_name}} + environment: + EC2_URL: bogus.example.com + register: result + ignore_errors: true + + - name: assert invalid ec2_url parameter + assert: + that: + - 'result.failed' + - 'result.msg.startswith("No handler was ready to authenticate.")' + + # ============================================================ + - name: test valid ec2_url parameter + ec2_key: + name={{ec2_key_name}} + environment: + EC2_URL: '{{ec2_url}}' + register: result + ignore_errors: true + + - name: assert valid ec2_url parameter + assert: + that: + - 'result.failed' + - 'result.msg.startswith("No handler was ready to authenticate.")' + + # ============================================================ + - name: test credentials from environment + ec2_key: + name={{ec2_key_name}} + environment: + EC2_REGION: '{{ec2_region}}' + EC2_ACCESS_KEY: bogus_access_key + EC2_SECRET_KEY: bogus_secret_key + register: result + ignore_errors: true + + - name: assert ec2_key with valid ec2_url + assert: + that: + - 'result.failed' + - '"EC2ResponseError: 401 Unauthorized" in result.module_stderr' + + # ============================================================ + - name: test credential parameters + ec2_key: + name={{ec2_key_name}} + ec2_region={{ec2_region}} + ec2_access_key=bogus_access_key + ec2_secret_key=bogus_secret_key + register: result + ignore_errors: true + + - name: assert credential parameters + assert: + that: + - 'result.failed' + - '"EC2ResponseError: 401 Unauthorized" in result.module_stderr' + + # ============================================================ + - name: test state=absent with key_material + ec2_key: + name='{{ec2_key_name}}' + ec2_region={{ec2_region}} + ec2_access_key={{ec2_access_key}} + ec2_secret_key={{ec2_secret_key}} + security_token={{security_token}} + state=absent + register: result + + - name: assert state=absent with key_material + assert: + that: + - '"failed" not in result' + + # ============================================================ + - name: test state=present without key_material + ec2_key: + name='{{ec2_key_name}}' + ec2_region={{ec2_region}} + ec2_access_key={{ec2_access_key}} + ec2_secret_key={{ec2_secret_key}} + security_token={{security_token}} + state=present + register: result + + - name: assert state=present without key_material + assert: + that: + - 'result.changed' + - '"failed" not in result' + - '"key" in result' + - '"name" in result.key' + - '"fingerprint" in result.key' + - '"private_key" in result.key' + - 'result.key.name == "{{ec2_key_name}}"' + + # ============================================================ + - name: test state=absent without key_material + ec2_key: + name='{{ec2_key_name}}' + state=absent + environment: + EC2_REGION: '{{ec2_region}}' + EC2_ACCESS_KEY: '{{ec2_access_key}}' + EC2_SECRET_KEY: '{{ec2_secret_key}}' + EC2_SECURITY_TOKEN: '{{security_token|default("")}}' + register: result + + - name: assert state=absent without key_material + assert: + that: + - 'result.changed' + - '"failed" not in result' + - '"key" in result' + - 'result.key == None' + + # ============================================================ + - name: test state=present with key_material + ec2_key: + name='{{ec2_key_name}}' + key_material='{{key_material}}' + state=present + environment: + EC2_REGION: '{{ec2_region}}' + EC2_ACCESS_KEY: '{{ec2_access_key}}' + EC2_SECRET_KEY: '{{ec2_secret_key}}' + EC2_SECURITY_TOKEN: '{{security_token|default("")}}' + register: result + + - name: assert state=present with key_material + assert: + that: + - '"failed" not in result' + - 'result.changed == True' + - '"key" in result' + - '"name" in result.key' + - 'result.key.name == "{{ec2_key_name}}"' + - '"fingerprint" in result.key' + - '"private_key" not in result.key' + # FIXME - why don't the fingerprints match? + # - 'result.key.fingerprint == "{{fingerprint}}"' + + # ============================================================ + - name: test state=absent with key_material + ec2_key: + name='{{ec2_key_name}}' + key_material='{{key_material}}' + ec2_region='{{ec2_region}}' + ec2_access_key='{{ec2_access_key}}' + ec2_secret_key='{{ec2_secret_key}}' + security_token='{{security_token}}' + state=absent + register: result + + - name: assert state=absent with key_material + assert: + that: + - 'result.changed' + - '"failed" not in result' + - '"key" in result' + - 'result.key == None' + + # ============================================================ + - name: test state=present with key_material with_files (expect changed=true) + ec2_key: + name='{{ec2_key_name}}' + state=present + key_material='{{ item }}' + with_file: '{{sshkey}}.pub' + environment: + EC2_REGION: '{{ec2_region}}' + EC2_ACCESS_KEY: '{{ec2_access_key}}' + EC2_SECRET_KEY: '{{ec2_secret_key}}' + EC2_SECURITY_TOKEN: '{{security_token|default("")}}' + register: result + + - name: assert state=present with key_material with_files (expect changed=true) + assert: + that: + - 'result.msg == "All items completed"' + - 'result.changed == True' + - '"results" in result' + - '"item" in result.results[0]' + - '"key" in result.results[0]' + - '"name" in result.results[0].key' + - 'result.results[0].key.name == "{{ec2_key_name}}"' + - '"fingerprint" in result.results[0].key' + - '"private_key" not in result.results[0].key' + # FIXME - why doesn't result.key.fingerprint == {{fingerprint}} + # - 'result.key.fingerprint == "{{fingerprint}}"' + + # ============================================================ + - name: test state=present with key_material with_files (expect changed=false) + ec2_key: + name='{{ec2_key_name}}' + state=present + key_material='{{ item }}' + with_file: '{{sshkey}}.pub' + environment: + EC2_REGION: '{{ec2_region}}' + EC2_ACCESS_KEY: '{{ec2_access_key}}' + EC2_SECRET_KEY: '{{ec2_secret_key}}' + EC2_SECURITY_TOKEN: '{{security_token|default("")}}' + register: result + + - name: assert state=present with key_material with_files (expect changed=false) + assert: + that: + - 'result.msg == "All items completed"' + - 'not result.changed' + - '"results" in result' + - '"item" in result.results[0]' + - '"key" in result.results[0]' + - '"name" in result.results[0].key' + - 'result.results[0].key.name == "{{ec2_key_name}}"' + - '"fingerprint" in result.results[0].key' + - '"private_key" not in result.results[0].key' + # FIXME - why doesn't result.key.fingerprint == {{fingerprint}} + # - 'result.key.fingerprint == "{{fingerprint}}"' + + # ============================================================ + - name: test state=absent with key_material (expect changed=true) + ec2_key: + name='{{ec2_key_name}}' + ec2_region='{{ec2_region}}' + ec2_access_key='{{ec2_access_key}}' + ec2_secret_key='{{ec2_secret_key}}' + security_token='{{security_token}}' + key_material='{{key_material}}' + state=absent + register: result + + - name: assert state=absent with key_material (expect changed=true) + assert: + that: + - 'result.changed' + - '"failed" not in result' + - '"key" in result' + - 'result.key == None' + + always: + + # ============================================================ + - name: test state=absent (expect changed=false) + ec2_key: + name='{{ec2_key_name}}' + ec2_region='{{ec2_region}}' + ec2_access_key='{{ec2_access_key}}' + ec2_secret_key='{{ec2_secret_key}}' + security_token='{{security_token}}' + state=absent + register: result + + - name: assert state=absent with key_material (expect changed=false) + assert: + that: + - 'not result.changed' + - '"failed" not in result' + - '"key" in result' + - 'result.key == None' diff --git a/test/integration/roles/test_ecs_ecr/meta/main.yml b/test/integration/roles/test_ecs_ecr/meta/main.yml new file mode 100644 index 0000000000..1f64f1169a --- /dev/null +++ b/test/integration/roles/test_ecs_ecr/meta/main.yml @@ -0,0 +1,3 @@ +dependencies: + - prepare_tests + - setup_ec2 diff --git a/test/integration/roles/test_ecs_ecr/tasks/main.yml b/test/integration/roles/test_ecs_ecr/tasks/main.yml index cce6ac6d50..f8b7c73ed0 100644 --- a/test/integration/roles/test_ecs_ecr/tasks/main.yml +++ b/test/integration/roles/test_ecs_ecr/tasks/main.yml @@ -3,8 +3,14 @@ ecr_name: 'ecr-test-{{ ansible_date_time.epoch }}' - block: + - name: When creating with check mode - ecs_ecr: name='{{ ecr_name }}' region='{{ ec2_region }}' + ecs_ecr: + name: '{{ ecr_name }}' + region: '{{ ec2_region }}' + ec2_access_key: '{{ec2_access_key}}' + ec2_secret_key: '{{ec2_secret_key}}' + security_token: '{{security_token}}' register: result check_mode: yes @@ -17,7 +23,13 @@ - name: When specifying a registry that is inaccessible - ecs_ecr: registry_id=999999999999 name='{{ ecr_name }}' region='{{ ec2_region }}' + ecs_ecr: + registry_id: 999999999999 + name: '{{ ecr_name }}' + region: '{{ ec2_region }}' + ec2_access_key: '{{ec2_access_key}}' + ec2_secret_key: '{{ec2_secret_key}}' + security_token: '{{security_token}}' register: result ignore_errors: true @@ -29,7 +41,12 @@ - name: When creating a repository - ecs_ecr: name='{{ ecr_name }}' region='{{ ec2_region }}' + ecs_ecr: + name: '{{ ecr_name }}' + region: '{{ ec2_region }}' + ec2_access_key: '{{ec2_access_key}}' + ec2_secret_key: '{{ec2_secret_key}}' + security_token: '{{security_token}}' register: result - name: it should change and create @@ -40,7 +57,12 @@ - name: When creating a repository that already exists in check mode - ecs_ecr: name='{{ ecr_name }}' region='{{ ec2_region }}' + ecs_ecr: + name: '{{ ecr_name }}' + region: '{{ ec2_region }}' + ec2_access_key: '{{ec2_access_key}}' + ec2_secret_key: '{{ec2_secret_key}}' + security_token: '{{security_token}}' register: result check_mode: yes @@ -52,7 +74,12 @@ - name: When creating a repository that already exists - ecs_ecr: name='{{ ecr_name }}' region='{{ ec2_region }}' + ecs_ecr: + name: '{{ ecr_name }}' + region: '{{ ec2_region }}' + ec2_access_key: '{{ec2_access_key}}' + ec2_secret_key: '{{ec2_secret_key}}' + security_token: '{{security_token}}' register: result - name: it should not change @@ -65,6 +92,9 @@ ecs_ecr: region: '{{ ec2_region }}' name: '{{ ecr_name }}' + ec2_access_key: '{{ec2_access_key}}' + ec2_secret_key: '{{ec2_secret_key}}' + security_token: '{{security_token}}' delete_policy: yes register: result check_mode: yes @@ -81,6 +111,9 @@ region: '{{ ec2_region }}' name: '{{ ecr_name }}' policy: '{{ policy }}' + ec2_access_key: '{{ec2_access_key}}' + ec2_secret_key: '{{ec2_secret_key}}' + security_token: '{{security_token}}' register: result check_mode: yes @@ -97,6 +130,9 @@ region: '{{ ec2_region }}' name: '{{ ecr_name }}' policy: '{{ policy }}' + ec2_access_key: '{{ec2_access_key}}' + ec2_secret_key: '{{ec2_secret_key}}' + security_token: '{{security_token}}' register: result - name: it should change and not create @@ -111,6 +147,9 @@ region: '{{ ec2_region }}' name: '{{ ecr_name }}' delete_policy: yes + ec2_access_key: '{{ec2_access_key}}' + ec2_secret_key: '{{ec2_secret_key}}' + security_token: '{{security_token}}' register: result check_mode: yes @@ -127,6 +166,9 @@ region: '{{ ec2_region }}' name: '{{ ecr_name }}' delete_policy: yes + ec2_access_key: '{{ec2_access_key}}' + ec2_secret_key: '{{ec2_secret_key}}' + security_token: '{{security_token}}' register: result - name: it should change and not create @@ -141,6 +183,9 @@ region: '{{ ec2_region }}' name: '{{ ecr_name }}' policy: '{{ policy | to_json }}' + ec2_access_key: '{{ec2_access_key}}' + ec2_secret_key: '{{ec2_secret_key}}' + security_token: '{{security_token}}' register: result - name: it should change and not create @@ -155,6 +200,9 @@ region: '{{ ec2_region }}' name: '{{ ecr_name }}' policy: '{{ policy }}' + ec2_access_key: '{{ec2_access_key}}' + ec2_secret_key: '{{ec2_secret_key}}' + security_token: '{{security_token}}' register: result - name: it should not change @@ -167,6 +215,9 @@ ecs_ecr: region: '{{ ec2_region }}' name: '{{ ecr_name }}' + ec2_access_key: '{{ec2_access_key}}' + ec2_secret_key: '{{ec2_secret_key}}' + security_token: '{{security_token}}' register: result - name: it should not change @@ -181,6 +232,9 @@ name: '{{ ecr_name }}' policy: '{{ policy }}' delete_policy: yes + ec2_access_key: '{{ec2_access_key}}' + ec2_secret_key: '{{ec2_secret_key}}' + security_token: '{{security_token}}' register: result ignore_errors: true @@ -195,6 +249,9 @@ region: '{{ ec2_region }}' name: '{{ ecr_name }}' policy_text: "Ceci n'est pas une JSON" + ec2_access_key: '{{ec2_access_key}}' + ec2_secret_key: '{{ec2_secret_key}}' + security_token: '{{security_token}}' register: result ignore_errors: true @@ -205,7 +262,13 @@ - name: When in check mode, deleting a policy that exists - ecs_ecr: name='{{ ecr_name }}' region='{{ ec2_region }}' state=absent + ecs_ecr: + name: '{{ ecr_name }}' + region: '{{ ec2_region }}' + state: absent + ec2_access_key: '{{ec2_access_key}}' + ec2_secret_key: '{{ec2_secret_key}}' + security_token: '{{security_token}}' register: result check_mode: yes @@ -218,7 +281,13 @@ - name: When deleting a policy that exists - ecs_ecr: name='{{ ecr_name }}' region='{{ ec2_region }}' state=absent + ecs_ecr: + name: '{{ ecr_name }}' + region: '{{ ec2_region }}' + state: absent + ec2_access_key: '{{ec2_access_key}}' + ec2_secret_key: '{{ec2_secret_key}}' + security_token: '{{security_token}}' register: result - name: it should change @@ -228,7 +297,13 @@ - name: When in check mode, deleting a policy that does not exist - ecs_ecr: name='{{ ecr_name }}' region='{{ ec2_region }}' state=absent + ecs_ecr: + name: '{{ ecr_name }}' + region: '{{ ec2_region }}' + state: absent + ec2_access_key: '{{ec2_access_key}}' + ec2_secret_key: '{{ec2_secret_key}}' + security_token: '{{security_token}}' register: result check_mode: yes @@ -240,7 +315,13 @@ - name: When deleting a policy that does not exist - ecs_ecr: name='{{ ecr_name }}' region='{{ ec2_region }}' state=absent + ecs_ecr: + name: '{{ ecr_name }}' + region: '{{ ec2_region }}' + state: absent + ec2_access_key: '{{ec2_access_key}}' + ec2_secret_key: '{{ec2_secret_key}}' + security_token: '{{security_token}}' register: result - name: it should not change @@ -249,5 +330,12 @@ - not result|changed always: + - name: Delete lingering ECR repository - ecs_ecr: name='{{ ecr_name }}' region='{{ ec2_region }}' state=absent + ecs_ecr: + name: '{{ ecr_name }}' + region: '{{ ec2_region }}' + state: absent + ec2_access_key: '{{ec2_access_key}}' + ec2_secret_key: '{{ec2_secret_key}}' + security_token: '{{security_token}}' |