cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[cloud] Improve ipv6 and EC2 classic support in ec2_group integration tests (#32976)

Browse source 
* ec2_group: fix ipv6 tests to use an explicit VPC

* otherwise would fail on old AWS accounts supporting EC2-classic

* ec2_group: fix tests to use an explicit VPC

* Only run some tests if there is a default vpc associated with the account
This commit is contained in:
Kim Blomqvist 2018-01-31 15:00:54 +02:00 committed by Ryan Brown
parent 19ac188e86
commit 63639abb01
1 changed files with 230 additions and 99 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

329
test/integration/targets/ec2_group/tasks/main.yml
View file

@ -171,6 +171,29 @@
region: "{{ aws_region }}"
no_log: yes
# ============================================================
- name: determine if there is a default VPC
set_fact:
defaultvpc: "{{ lookup('aws_account_attribute',
attribute='default-vpc',
region=aws_region,
aws_access_key=aws_access_key,
aws_secret_key=aws_secret_key,
aws_security_token=security_token) }}"
register: default_vpc
# ============================================================
- name: create a VPC
ec2_vpc_net:
name: "{{ resource_prefix }}-vpc"
state: present
cidr_block: "10.232.232.128/26"
<<: *aws_connection_info
tags:
Name: "{{ resource_prefix }}-vpc"
Description: "Created by ansible-test"
register: vpc_result
# ============================================================
- name: test state=absent
ec2_group:
@ -227,49 +250,158 @@
- 'result.group_id.startswith("sg-")'
# ============================================================
- name: test state=present for ipv6 (expected changed=true)
ec2_group:
name: '{{ec2_group_name}}'
description: '{{ec2_group_description}}'
<<: *aws_connection_info
state: present
rules:
- proto: "tcp"
from_port: 8182
to_port: 8182
cidr_ipv6: "64:ff9b::/96"
register: result
- name: tests IPv6 with the default VPC
block:
- name: assert state=present (expected changed=true)
assert:
that:
- 'result.changed'
- 'result.group_id.startswith("sg-")'
# ============================================================
- name: test state=present for ipv6 (expected changed=true)
ec2_group:
name: '{{ec2_group_name}}'
description: '{{ec2_group_description}}'
<<: *aws_connection_info
state: present
rules:
- proto: "tcp"
from_port: 8182
to_port: 8182
cidr_ipv6: "64:ff9b::/96"
register: result
# ============================================================
- name: test rules_egress state=present for ipv6 (expected changed=true)
ec2_group:
name: '{{ec2_group_name}}'
description: '{{ec2_group_description}}'
<<: *aws_connection_info
state: present
rules:
- proto: "tcp"
from_port: 8182
to_port: 8182
cidr_ipv6: "64:ff9b::/96"
rules_egress:
- proto: "tcp"
from_port: 8181
to_port: 8181
cidr_ipv6: "64:ff9b::/96"
register: result
- name: assert state=present (expected changed=true)
assert:
that:
- 'result.changed'
- 'result.group_id.startswith("sg-")'
- name: assert state=present (expected changed=true)
assert:
that:
- 'result.changed'
- 'result.group_id.startswith("sg-")'
# ============================================================
- name: test rules_egress state=present for ipv6 (expected changed=true)
ec2_group:
name: '{{ec2_group_name}}'
description: '{{ec2_group_description}}'
<<: *aws_connection_info
state: present
rules:
- proto: "tcp"
from_port: 8182
to_port: 8182
cidr_ipv6: "64:ff9b::/96"
rules_egress:
- proto: "tcp"
from_port: 8181
to_port: 8181
cidr_ipv6: "64:ff9b::/96"
register: result
- name: assert state=present (expected changed=true)
assert:
that:
- 'result.changed'
- 'result.group_id.startswith("sg-")'
when: default_vpc
- name: test IPv6 with a specified VPC
block:
# ============================================================
- name: test state=present (expected changed=true)
ec2_group:
name: '{{ ec2_group_name }}-2'
description: '{{ ec2_group_description }}-2'
state: present
vpc_id: '{{ vpc_result.vpc.id }}'
<<: *aws_connection_info
register: result
- name: assert state=present (expected changed=true)
assert:
that:
- 'result.changed'
- 'result.group_id.startswith("sg-")'
# ============================================================
- name: test state=present for ipv6 (expected changed=true)
ec2_group:
name: '{{ ec2_group_name }}-2'
description: '{{ ec2_group_description }}-2'
state: present
vpc_id: '{{ vpc_result.vpc.id }}'
rules:
- proto: "tcp"
from_port: 8182
to_port: 8182
cidr_ipv6: "64:ff9b::/96"
<<: *aws_connection_info
register: result
- name: assert state=present (expected changed=true)
assert:
that:
- 'result.changed'
- 'result.group_id.startswith("sg-")'
# ============================================================
- name: test state=present for ipv6 (expected changed=true)
ec2_group:
name: '{{ ec2_group_name }}-2'
description: '{{ ec2_group_description }}-2'
state: present
vpc_id: '{{ vpc_result.vpc.id }}'
rules:
- proto: "tcp"
from_port: 8182
to_port: 8182
cidr_ipv6: "64:ff9b::/96"
<<: *aws_connection_info
register: result
- name: assert nothing changed
assert:
that:
- 'not result.changed'
# ============================================================
- name: test rules_egress state=present for ipv6 (expected changed=true)
ec2_group:
name: '{{ ec2_group_name }}-2'
description: '{{ ec2_group_description }}-2'
state: present
vpc_id: '{{ vpc_result.vpc.id }}'
rules:
- proto: "tcp"
from_port: 8182
to_port: 8182
cidr_ipv6: "64:ff9b::/96"
rules_egress:
- proto: "tcp"
from_port: 8181
to_port: 8181
cidr_ipv6: "64:ff9b::/96"
<<: *aws_connection_info
register: result
- name: assert state=present (expected changed=true)
assert:
that:
- 'result.changed'
- 'result.group_id.startswith("sg-")'
# ============================================================
- name: test state=absent (expected changed=true)
ec2_group:
name: '{{ ec2_group_name }}-2'
description: '{{ ec2_group_description }}-2'
state: absent
vpc_id: '{{ vpc_result.vpc.id }}'
<<: *aws_connection_info
register: result
- name: assert group was removed
assert:
that:
- 'result.changed'
# ============================================================
- name: test state=present for ipv4 (expected changed=true)
@ -344,12 +476,12 @@
- proto: "tcp"
from_port: "8183"
to_port: "8183"
cidr_ipv6: "64:ff9b::/96"
cidr_ip: "1.1.1.1/32"
rules_egress:
- proto: "tcp"
from_port: "8184"
to_port: "8184"
cidr_ipv6: "64:ff9b::/96"
cidr_ip: "1.1.1.1/32"
register: result
- name: assert state=present (expected changed=true)
@ -374,7 +506,6 @@
- proto: "tcp"
from_port: "8186"
to_port: "8186"
cidr_ipv6: "64:ff9b::/96"
group_id: "{{result.group_id}}"
register: result
@ -457,54 +588,58 @@
- 'result.group_id.startswith("sg-")'
# ============================================================
- name: test using the default VPC
block:
- name: test adding a rule with a IPv6 CIDR with host bits set (expected changed=true)
ec2_group:
name: '{{ec2_group_name}}'
description: '{{ec2_group_description}}'
ec2_region: '{{ec2_region}}'
ec2_access_key: '{{ec2_access_key}}'
ec2_secret_key: '{{ec2_secret_key}}'
security_token: '{{security_token}}'
state: present
# set purge_rules to false so we don't get a false positive from previously added rules
purge_rules: false
rules:
- proto: "tcp"
ports:
- 8196
cidr_ipv6: '2001:db00::1/24'
register: result
- name: test adding a rule with a IPv6 CIDR with host bits set (expected changed=true)
ec2_group:
name: '{{ec2_group_name}}'
description: '{{ec2_group_description}}'
ec2_region: '{{ec2_region}}'
ec2_access_key: '{{ec2_access_key}}'
ec2_secret_key: '{{ec2_secret_key}}'
security_token: '{{security_token}}'
state: present
# set purge_rules to false so we don't get a false positive from previously added rules
purge_rules: false
rules:
- proto: "tcp"
ports:
- 8196
cidr_ipv6: '2001:db00::1/24'
register: result
- name: assert state=present (expected changed=true)
assert:
that:
- 'result.changed'
- 'result.group_id.startswith("sg-")'
- name: assert state=present (expected changed=true)
assert:
that:
- 'result.changed'
- 'result.group_id.startswith("sg-")'
# ============================================================
# ============================================================
- name: test adding a rule again with a IPv6 CIDR with host bits set (expected changed=false and a warning)
ec2_group:
name: '{{ec2_group_name}}'
description: '{{ec2_group_description}}'
<<: *aws_connection_info
state: present
# set purge_rules to false so we don't get a false positive from previously added rules
purge_rules: false
rules:
- proto: "tcp"
ports:
- 8196
cidr_ipv6: '2001:db00::1/24'
register: result
- name: test adding a rule again with a IPv6 CIDR with host bits set (expected changed=false and a warning)
ec2_group:
name: '{{ec2_group_name}}'
description: '{{ec2_group_description}}'
<<: *aws_connection_info
state: present
# set purge_rules to false so we don't get a false positive from previously added rules
purge_rules: false
rules:
- proto: "tcp"
ports:
- 8196
cidr_ipv6: '2001:db00::1/24'
register: result
- name: assert state=present (expected changed=false and a warning)
assert:
that:
# No way to assert for warnings?
- 'not result.changed'
- 'result.group_id.startswith("sg-")'
- name: assert state=present (expected changed=false and a warning)
assert:
that:
# No way to assert for warnings?
- 'not result.changed'
- 'result.group_id.startswith("sg-")'
when: default_vpc
# ============================================================
- name: test state=absent (expected changed=true)
@ -520,17 +655,6 @@
- 'result.changed'
- 'not result.group_id'
- name: create a VPC
ec2_vpc_net:
name: "{{ resource_prefix }}-vpc"
state: present
cidr_block: "10.232.232.128/26"
<<: *aws_connection_info
tags:
Name: "{{ resource_prefix }}-vpc"
Description: "Created by ansible-test"
register: vpc_result
- name: create security group in the VPC
ec2_group:
name: '{{ec2_group_name}}'
@ -771,8 +895,8 @@
- proto: "tcp"
ports:
- 8281
cidr_ipv6: 1001:d00::/24
rule_desc: ipv6 rule desc 2
cidr_ip: 1.1.1.1/24
rule_desc: ipv4 rule desc
rules_egress:
- proto: "tcp"
ports:
@ -899,6 +1023,13 @@
<<: *aws_connection_info
ignore_errors: yes
- name: tidy up security group for IPv6 EC2-Classic tests
ec2_group:
name: '{{ ec2_group_name }}-2'
state: absent
<<: *aws_connection_info
ignore_errors: yes
- name: tidy up default VPC security group
ec2_group:
name: '{{ec2_group_name}}-default-vpc'