133 lines
3.9 KiB
YAML
133 lines
3.9 KiB
YAML
|
---
|
||
|
- block:
|
||
|
- name: set up aws connection info
|
||
|
set_fact:
|
||
|
aws_connection_info: &aws_connection_info
|
||
|
aws_access_key: "{{ aws_access_key }}"
|
||
|
aws_secret_key: "{{ aws_secret_key }}"
|
||
|
security_token: "{{ security_token }}"
|
||
|
region: "{{ aws_region }}"
|
||
|
no_log: yes
|
||
|
|
||
|
- name: Create a group with self-referring rule
|
||
|
ec2_group:
|
||
|
name: '{{ec2_group_name}}-auto-create-1'
|
||
|
vpc_id: '{{ vpc_result.vpc.id }}'
|
||
|
description: '{{ec2_group_description}}'
|
||
|
rules:
|
||
|
- proto: "tcp"
|
||
|
from_port: 8000
|
||
|
to_port: 8100
|
||
|
group_name: '{{ec2_group_name}}-auto-create-1'
|
||
|
<<: *aws_connection_info
|
||
|
state: present
|
||
|
register: result
|
||
|
|
||
|
- name: Create a second group rule
|
||
|
ec2_group:
|
||
|
name: '{{ec2_group_name}}-auto-create-2'
|
||
|
vpc_id: '{{ vpc_result.vpc.id }}'
|
||
|
description: '{{ec2_group_description}}'
|
||
|
<<: *aws_connection_info
|
||
|
state: present
|
||
|
|
||
|
- name: Create a series of rules with a recently created group as target
|
||
|
ec2_group:
|
||
|
name: '{{ec2_group_name}}-auto-create-1'
|
||
|
vpc_id: '{{ vpc_result.vpc.id }}'
|
||
|
description: '{{ec2_group_description}}'
|
||
|
purge_rules: false
|
||
|
rules:
|
||
|
- proto: "tcp"
|
||
|
from_port: "{{ item }}"
|
||
|
to_port: "{{ item }}"
|
||
|
group_name: '{{ec2_group_name}}-auto-create-2'
|
||
|
<<: *aws_connection_info
|
||
|
state: present
|
||
|
register: result
|
||
|
with_items:
|
||
|
- 20
|
||
|
- 40
|
||
|
- 60
|
||
|
- 80
|
||
|
|
||
|
- name: Create a group with only the default rule
|
||
|
ec2_group:
|
||
|
name: '{{ec2_group_name}}-auto-create-1'
|
||
|
vpc_id: '{{ vpc_result.vpc.id }}'
|
||
|
description: '{{ec2_group_description}}'
|
||
|
rules:
|
||
|
- proto: "tcp"
|
||
|
from_port: 8182
|
||
|
to_port: 8182
|
||
|
group_name: '{{ec2_group_name}}-auto-create-3'
|
||
|
<<: *aws_connection_info
|
||
|
state: present
|
||
|
register: result
|
||
|
ignore_errors: true
|
||
|
|
||
|
- name: assert you can't create a new group from a rule target with no description
|
||
|
assert:
|
||
|
that:
|
||
|
- result is failed
|
||
|
|
||
|
- name: Create a group with a target of a separate group
|
||
|
ec2_group:
|
||
|
name: '{{ec2_group_name}}-auto-create-1'
|
||
|
vpc_id: '{{ vpc_result.vpc.id }}'
|
||
|
description: '{{ec2_group_description}}'
|
||
|
rules:
|
||
|
- proto: tcp
|
||
|
ports:
|
||
|
- 22
|
||
|
- 80
|
||
|
group_name: '{{ec2_group_name}}-auto-create-3'
|
||
|
group_desc: '{{ec2_group_description}}'
|
||
|
<<: *aws_connection_info
|
||
|
state: present
|
||
|
register: result
|
||
|
|
||
|
- name: Create a 4th group
|
||
|
ec2_group:
|
||
|
name: '{{ec2_group_name}}-auto-create-4'
|
||
|
vpc_id: '{{ vpc_result.vpc.id }}'
|
||
|
description: '{{ec2_group_description}}'
|
||
|
<<: *aws_connection_info
|
||
|
state: present
|
||
|
rules:
|
||
|
- proto: tcp
|
||
|
ports:
|
||
|
- 22
|
||
|
cidr_ip: 0.0.0.0/0
|
||
|
|
||
|
- name: use recently created group in a rule
|
||
|
ec2_group:
|
||
|
name: '{{ec2_group_name}}-auto-create-5'
|
||
|
vpc_id: '{{ vpc_result.vpc.id }}'
|
||
|
description: '{{ec2_group_description}}'
|
||
|
rules:
|
||
|
- proto: tcp
|
||
|
ports:
|
||
|
- 443
|
||
|
group_name: '{{ec2_group_name}}-auto-create-4'
|
||
|
<<: *aws_connection_info
|
||
|
state: present
|
||
|
|
||
|
always:
|
||
|
- name: tidy up egress rule test security group
|
||
|
ec2_group:
|
||
|
name: '{{ec2_group_name}}-auto-create-{{ item }}'
|
||
|
state: absent
|
||
|
vpc_id: '{{ vpc_result.vpc.id }}'
|
||
|
<<: *aws_connection_info
|
||
|
ignore_errors: yes
|
||
|
with_items: [5, 4, 3, 2, 1]
|
||
|
- name: tidy up egress rule test security group
|
||
|
ec2_group:
|
||
|
name: '{{ec2_group_name}}-auto-create-{{ item }}'
|
||
|
state: absent
|
||
|
vpc_id: '{{ vpc_result.vpc.id }}'
|
||
|
<<: *aws_connection_info
|
||
|
ignore_errors: yes
|
||
|
with_items: [1, 2, 3, 4, 5]
|