2018-09-06 21:06:03 +02:00
|
|
|
- block:
|
2019-06-10 15:52:49 +02:00
|
|
|
- aws_caller_info:
|
2018-09-06 21:06:03 +02:00
|
|
|
register: caller_facts
|
|
|
|
- name: create a VPC
|
|
|
|
ec2_vpc_net:
|
|
|
|
name: "{{ resource_prefix }}-vpc-2"
|
|
|
|
state: present
|
|
|
|
cidr_block: "10.232.233.128/26"
|
|
|
|
tags:
|
|
|
|
Description: "Created by ansible-test"
|
|
|
|
register: vpc_result_2
|
|
|
|
- name: Peer the secondary-VPC to the main VPC
|
|
|
|
ec2_vpc_peer:
|
|
|
|
vpc_id: '{{ vpc_result_2.vpc.id }}'
|
|
|
|
peer_vpc_id: '{{ vpc_result.vpc.id }}'
|
|
|
|
peer_owner_id: '{{ caller_facts.account }}'
|
|
|
|
peer_region: '{{ aws_region }}'
|
|
|
|
register: peer_origin
|
|
|
|
- name: Accept the secondary-VPC peering connection in the main VPC
|
|
|
|
ec2_vpc_peer:
|
|
|
|
peer_vpc_id: '{{ vpc_result_2.vpc.id }}'
|
|
|
|
vpc_id: '{{ vpc_result.vpc.id }}'
|
|
|
|
state: accept
|
|
|
|
peering_id: '{{ peer_origin.peering_id }}'
|
|
|
|
peer_owner_id: '{{ caller_facts.account }}'
|
|
|
|
peer_region: '{{ aws_region }}'
|
|
|
|
- name: Create group in second VPC
|
|
|
|
ec2_group:
|
|
|
|
name: '{{ ec2_group_name }}-external'
|
|
|
|
description: '{{ ec2_group_description }}'
|
|
|
|
vpc_id: '{{ vpc_result_2.vpc.id }}'
|
|
|
|
state: present
|
|
|
|
rules:
|
|
|
|
- proto: "tcp"
|
|
|
|
cidr_ip: 0.0.0.0/0
|
|
|
|
ports:
|
|
|
|
- 80
|
|
|
|
rule_desc: 'http whoo'
|
|
|
|
register: external
|
|
|
|
- name: Create group in internal VPC
|
|
|
|
ec2_group:
|
|
|
|
name: '{{ ec2_group_name }}-internal'
|
|
|
|
description: '{{ ec2_group_description }}'
|
|
|
|
vpc_id: '{{ vpc_result.vpc.id }}'
|
|
|
|
state: present
|
|
|
|
rules:
|
|
|
|
- proto: "tcp"
|
|
|
|
group_id: '{{ caller_facts.account }}/{{ external.group_id }}/{{ ec2_group_name }}-external'
|
|
|
|
ports:
|
|
|
|
- 80
|
|
|
|
- name: Re-make same rule, expecting changed=false in internal VPC
|
|
|
|
ec2_group:
|
|
|
|
name: '{{ ec2_group_name }}-internal'
|
|
|
|
description: '{{ ec2_group_description }}'
|
|
|
|
vpc_id: '{{ vpc_result.vpc.id }}'
|
|
|
|
state: present
|
|
|
|
rules:
|
|
|
|
- proto: "tcp"
|
|
|
|
group_id: '{{ caller_facts.account }}/{{ external.group_id }}/{{ ec2_group_name }}-external'
|
|
|
|
ports:
|
|
|
|
- 80
|
|
|
|
register: out
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- out is not changed
|
|
|
|
- name: Try again with a bad group_id group in internal VPC
|
|
|
|
ec2_group:
|
|
|
|
name: '{{ ec2_group_name }}-internal'
|
|
|
|
description: '{{ ec2_group_description }}'
|
|
|
|
vpc_id: '{{ vpc_result.vpc.id }}'
|
|
|
|
state: present
|
|
|
|
rules:
|
|
|
|
- proto: "tcp"
|
|
|
|
group_id: '{{ external.group_id }}/{{ caller_facts.account }}/{{ ec2_group_name }}-external'
|
|
|
|
ports:
|
|
|
|
- 80
|
|
|
|
register: out
|
|
|
|
ignore_errors: true
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- out is failed
|
|
|
|
always:
|
|
|
|
- pause: seconds=5
|
|
|
|
- name: Delete secondary-VPC side of peer
|
|
|
|
ec2_vpc_peer:
|
|
|
|
vpc_id: '{{ vpc_result_2.vpc.id }}'
|
|
|
|
peer_vpc_id: '{{ vpc_result.vpc.id }}'
|
|
|
|
peering_id: '{{ peer_origin.peering_id }}'
|
|
|
|
state: absent
|
|
|
|
peer_owner_id: '{{ caller_facts.account }}'
|
|
|
|
peer_region: '{{ aws_region }}'
|
|
|
|
ignore_errors: yes
|
|
|
|
- name: Delete main-VPC side of peer
|
|
|
|
ec2_vpc_peer:
|
|
|
|
peer_vpc_id: '{{ vpc_result_2.vpc.id }}'
|
|
|
|
vpc_id: '{{ vpc_result.vpc.id }}'
|
|
|
|
state: absent
|
|
|
|
peering_id: '{{ peer_origin.peering_id }}'
|
|
|
|
peer_owner_id: '{{ caller_facts.account }}'
|
|
|
|
peer_region: '{{ aws_region }}'
|
|
|
|
ignore_errors: yes
|
|
|
|
- name: Clean up group in second VPC
|
|
|
|
ec2_group:
|
|
|
|
name: '{{ ec2_group_name }}-external'
|
|
|
|
description: '{{ ec2_group_description }}'
|
|
|
|
state: absent
|
|
|
|
vpc_id: '{{ vpc_result_2.vpc.id }}'
|
|
|
|
ignore_errors: yes
|
|
|
|
- name: Clean up group in second VPC
|
|
|
|
ec2_group:
|
|
|
|
name: '{{ ec2_group_name }}-internal'
|
|
|
|
description: '{{ ec2_group_description }}'
|
|
|
|
state: absent
|
|
|
|
vpc_id: '{{ vpc_result.vpc.id }}'
|
|
|
|
ignore_errors: yes
|
|
|
|
- name: tidy up VPC
|
|
|
|
ec2_vpc_net:
|
|
|
|
name: "{{ resource_prefix }}-vpc-2"
|
|
|
|
state: absent
|
|
|
|
cidr_block: "10.232.233.128/26"
|
|
|
|
ignore_errors: yes
|
|
|
|
register: removed
|
|
|
|
retries: 10
|
|
|
|
until: removed is not failed
|