diff --git a/test/integration/targets/ec2_group/tasks/main.yml b/test/integration/targets/ec2_group/tasks/main.yml index 7505eb26533..ac1887d913b 100644 --- a/test/integration/targets/ec2_group/tasks/main.yml +++ b/test/integration/targets/ec2_group/tasks/main.yml @@ -171,6 +171,29 @@ region: "{{ aws_region }}" no_log: yes + # ============================================================ + - name: determine if there is a default VPC + set_fact: + defaultvpc: "{{ lookup('aws_account_attribute', + attribute='default-vpc', + region=aws_region, + aws_access_key=aws_access_key, + aws_secret_key=aws_secret_key, + aws_security_token=security_token) }}" + register: default_vpc + + # ============================================================ + - name: create a VPC + ec2_vpc_net: + name: "{{ resource_prefix }}-vpc" + state: present + cidr_block: "10.232.232.128/26" + <<: *aws_connection_info + tags: + Name: "{{ resource_prefix }}-vpc" + Description: "Created by ansible-test" + register: vpc_result + # ============================================================ - name: test state=absent ec2_group: @@ -227,49 +250,158 @@ - 'result.group_id.startswith("sg-")' # ============================================================ - - name: test state=present for ipv6 (expected changed=true) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ipv6: "64:ff9b::/96" - register: result + - name: tests IPv6 with the default VPC + block: - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - 'result.group_id.startswith("sg-")' + # ============================================================ + - name: test state=present for ipv6 (expected changed=true) + ec2_group: + name: '{{ec2_group_name}}' + description: '{{ec2_group_description}}' + <<: *aws_connection_info + state: present + rules: + - proto: "tcp" + from_port: 8182 + to_port: 8182 + cidr_ipv6: "64:ff9b::/96" + register: result - # ============================================================ - - name: test rules_egress state=present for ipv6 (expected changed=true) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - rules: - - proto: "tcp" - from_port: 8182 - to_port: 8182 - cidr_ipv6: "64:ff9b::/96" - rules_egress: - - proto: "tcp" - from_port: 8181 - to_port: 8181 - cidr_ipv6: "64:ff9b::/96" - register: result + - name: assert state=present (expected changed=true) + assert: + that: + - 'result.changed' + - 'result.group_id.startswith("sg-")' - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - 'result.group_id.startswith("sg-")' + # ============================================================ + - name: test rules_egress state=present for ipv6 (expected changed=true) + ec2_group: + name: '{{ec2_group_name}}' + description: '{{ec2_group_description}}' + <<: *aws_connection_info + state: present + rules: + - proto: "tcp" + from_port: 8182 + to_port: 8182 + cidr_ipv6: "64:ff9b::/96" + rules_egress: + - proto: "tcp" + from_port: 8181 + to_port: 8181 + cidr_ipv6: "64:ff9b::/96" + register: result + + - name: assert state=present (expected changed=true) + assert: + that: + - 'result.changed' + - 'result.group_id.startswith("sg-")' + + when: default_vpc + + - name: test IPv6 with a specified VPC + block: + + # ============================================================ + - name: test state=present (expected changed=true) + ec2_group: + name: '{{ ec2_group_name }}-2' + description: '{{ ec2_group_description }}-2' + state: present + vpc_id: '{{ vpc_result.vpc.id }}' + <<: *aws_connection_info + register: result + + - name: assert state=present (expected changed=true) + assert: + that: + - 'result.changed' + - 'result.group_id.startswith("sg-")' + + # ============================================================ + - name: test state=present for ipv6 (expected changed=true) + ec2_group: + name: '{{ ec2_group_name }}-2' + description: '{{ ec2_group_description }}-2' + state: present + vpc_id: '{{ vpc_result.vpc.id }}' + rules: + - proto: "tcp" + from_port: 8182 + to_port: 8182 + cidr_ipv6: "64:ff9b::/96" + <<: *aws_connection_info + register: result + + - name: assert state=present (expected changed=true) + assert: + that: + - 'result.changed' + - 'result.group_id.startswith("sg-")' + + # ============================================================ + + - name: test state=present for ipv6 (expected changed=true) + ec2_group: + name: '{{ ec2_group_name }}-2' + description: '{{ ec2_group_description }}-2' + state: present + vpc_id: '{{ vpc_result.vpc.id }}' + rules: + - proto: "tcp" + from_port: 8182 + to_port: 8182 + cidr_ipv6: "64:ff9b::/96" + <<: *aws_connection_info + register: result + + - name: assert nothing changed + assert: + that: + - 'not result.changed' + + # ============================================================ + - name: test rules_egress state=present for ipv6 (expected changed=true) + ec2_group: + name: '{{ ec2_group_name }}-2' + description: '{{ ec2_group_description }}-2' + state: present + vpc_id: '{{ vpc_result.vpc.id }}' + rules: + - proto: "tcp" + from_port: 8182 + to_port: 8182 + cidr_ipv6: "64:ff9b::/96" + rules_egress: + - proto: "tcp" + from_port: 8181 + to_port: 8181 + cidr_ipv6: "64:ff9b::/96" + <<: *aws_connection_info + register: result + + - name: assert state=present (expected changed=true) + assert: + that: + - 'result.changed' + - 'result.group_id.startswith("sg-")' + + # ============================================================ + + - name: test state=absent (expected changed=true) + ec2_group: + name: '{{ ec2_group_name }}-2' + description: '{{ ec2_group_description }}-2' + state: absent + vpc_id: '{{ vpc_result.vpc.id }}' + <<: *aws_connection_info + register: result + + - name: assert group was removed + assert: + that: + - 'result.changed' # ============================================================ - name: test state=present for ipv4 (expected changed=true) @@ -344,12 +476,12 @@ - proto: "tcp" from_port: "8183" to_port: "8183" - cidr_ipv6: "64:ff9b::/96" + cidr_ip: "1.1.1.1/32" rules_egress: - proto: "tcp" from_port: "8184" to_port: "8184" - cidr_ipv6: "64:ff9b::/96" + cidr_ip: "1.1.1.1/32" register: result - name: assert state=present (expected changed=true) @@ -374,7 +506,6 @@ - proto: "tcp" from_port: "8186" to_port: "8186" - cidr_ipv6: "64:ff9b::/96" group_id: "{{result.group_id}}" register: result @@ -457,54 +588,58 @@ - 'result.group_id.startswith("sg-")' # ============================================================ + - name: test using the default VPC + block: - - name: test adding a rule with a IPv6 CIDR with host bits set (expected changed=true) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - ec2_region: '{{ec2_region}}' - ec2_access_key: '{{ec2_access_key}}' - ec2_secret_key: '{{ec2_secret_key}}' - security_token: '{{security_token}}' - state: present - # set purge_rules to false so we don't get a false positive from previously added rules - purge_rules: false - rules: - - proto: "tcp" - ports: - - 8196 - cidr_ipv6: '2001:db00::1/24' - register: result + - name: test adding a rule with a IPv6 CIDR with host bits set (expected changed=true) + ec2_group: + name: '{{ec2_group_name}}' + description: '{{ec2_group_description}}' + ec2_region: '{{ec2_region}}' + ec2_access_key: '{{ec2_access_key}}' + ec2_secret_key: '{{ec2_secret_key}}' + security_token: '{{security_token}}' + state: present + # set purge_rules to false so we don't get a false positive from previously added rules + purge_rules: false + rules: + - proto: "tcp" + ports: + - 8196 + cidr_ipv6: '2001:db00::1/24' + register: result - - name: assert state=present (expected changed=true) - assert: - that: - - 'result.changed' - - 'result.group_id.startswith("sg-")' + - name: assert state=present (expected changed=true) + assert: + that: + - 'result.changed' + - 'result.group_id.startswith("sg-")' - # ============================================================ + # ============================================================ - - name: test adding a rule again with a IPv6 CIDR with host bits set (expected changed=false and a warning) - ec2_group: - name: '{{ec2_group_name}}' - description: '{{ec2_group_description}}' - <<: *aws_connection_info - state: present - # set purge_rules to false so we don't get a false positive from previously added rules - purge_rules: false - rules: - - proto: "tcp" - ports: - - 8196 - cidr_ipv6: '2001:db00::1/24' - register: result + - name: test adding a rule again with a IPv6 CIDR with host bits set (expected changed=false and a warning) + ec2_group: + name: '{{ec2_group_name}}' + description: '{{ec2_group_description}}' + <<: *aws_connection_info + state: present + # set purge_rules to false so we don't get a false positive from previously added rules + purge_rules: false + rules: + - proto: "tcp" + ports: + - 8196 + cidr_ipv6: '2001:db00::1/24' + register: result - - name: assert state=present (expected changed=false and a warning) - assert: - that: - # No way to assert for warnings? - - 'not result.changed' - - 'result.group_id.startswith("sg-")' + - name: assert state=present (expected changed=false and a warning) + assert: + that: + # No way to assert for warnings? + - 'not result.changed' + - 'result.group_id.startswith("sg-")' + + when: default_vpc # ============================================================ - name: test state=absent (expected changed=true) @@ -520,17 +655,6 @@ - 'result.changed' - 'not result.group_id' - - name: create a VPC - ec2_vpc_net: - name: "{{ resource_prefix }}-vpc" - state: present - cidr_block: "10.232.232.128/26" - <<: *aws_connection_info - tags: - Name: "{{ resource_prefix }}-vpc" - Description: "Created by ansible-test" - register: vpc_result - - name: create security group in the VPC ec2_group: name: '{{ec2_group_name}}' @@ -771,8 +895,8 @@ - proto: "tcp" ports: - 8281 - cidr_ipv6: 1001:d00::/24 - rule_desc: ipv6 rule desc 2 + cidr_ip: 1.1.1.1/24 + rule_desc: ipv4 rule desc rules_egress: - proto: "tcp" ports: @@ -899,6 +1023,13 @@ <<: *aws_connection_info ignore_errors: yes + - name: tidy up security group for IPv6 EC2-Classic tests + ec2_group: + name: '{{ ec2_group_name }}-2' + state: absent + <<: *aws_connection_info + ignore_errors: yes + - name: tidy up default VPC security group ec2_group: name: '{{ec2_group_name}}-default-vpc'