Integration tests for s3_logging (#63257)
* s3_logging: (integration tests) updated AWS policy * s3_logging: fix sanity test issues * s3_logging: Integration tests * Add pauses to cope with evenual consistency * Mark s3_logging tests as 'unsupported' for now due to testing instability
This commit is contained in:
parent
1a384a61fb
commit
8d0737edf0
6 changed files with 221 additions and 4 deletions
|
@ -6,24 +6,27 @@
|
||||||
"Action": [
|
"Action": [
|
||||||
"s3:CreateBucket",
|
"s3:CreateBucket",
|
||||||
"s3:Delete*",
|
"s3:Delete*",
|
||||||
|
"s3:GetBucketAcl",
|
||||||
|
"s3:GetBucketLogging",
|
||||||
|
"s3:GetBucketNotification",
|
||||||
"s3:GetBucketPolicy",
|
"s3:GetBucketPolicy",
|
||||||
"s3:GetBucketRequestPayment",
|
"s3:GetBucketRequestPayment",
|
||||||
"s3:GetBucketTagging",
|
"s3:GetBucketTagging",
|
||||||
"s3:GetBucketVersioning",
|
"s3:GetBucketVersioning",
|
||||||
"s3:GetEncryptionConfiguration",
|
"s3:GetEncryptionConfiguration",
|
||||||
"s3:GetObject",
|
"s3:GetObject",
|
||||||
"s3:GetBucketNotification",
|
|
||||||
"s3:HeadBucket",
|
"s3:HeadBucket",
|
||||||
"s3:List*",
|
"s3:List*",
|
||||||
"s3:PutBucketAcl",
|
"s3:PutBucketAcl",
|
||||||
|
"s3:PutBucketLogging",
|
||||||
|
"s3:PutBucketNotification",
|
||||||
"s3:PutBucketPolicy",
|
"s3:PutBucketPolicy",
|
||||||
"s3:PutBucketRequestPayment",
|
"s3:PutBucketRequestPayment",
|
||||||
"s3:PutBucketTagging",
|
"s3:PutBucketTagging",
|
||||||
"s3:PutBucketVersioning",
|
"s3:PutBucketVersioning",
|
||||||
"s3:PutEncryptionConfiguration",
|
"s3:PutEncryptionConfiguration",
|
||||||
"s3:PutObject",
|
"s3:PutObject",
|
||||||
"s3:PutObjectAcl",
|
"s3:PutObjectAcl"
|
||||||
"s3:PutBucketNotification"
|
|
||||||
],
|
],
|
||||||
"Effect": "Allow",
|
"Effect": "Allow",
|
||||||
"Resource": [
|
"Resource": [
|
||||||
|
|
|
@ -24,18 +24,22 @@ options:
|
||||||
description:
|
description:
|
||||||
- "Name of the s3 bucket."
|
- "Name of the s3 bucket."
|
||||||
required: true
|
required: true
|
||||||
|
type: str
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- "Enable or disable logging."
|
- "Enable or disable logging."
|
||||||
default: present
|
default: present
|
||||||
choices: [ 'present', 'absent' ]
|
choices: [ 'present', 'absent' ]
|
||||||
|
type: str
|
||||||
target_bucket:
|
target_bucket:
|
||||||
description:
|
description:
|
||||||
- "The bucket to log to. Required when state=present."
|
- "The bucket to log to. Required when state=present."
|
||||||
|
type: str
|
||||||
target_prefix:
|
target_prefix:
|
||||||
description:
|
description:
|
||||||
- "The prefix that should be prepended to the generated log files written to the target_bucket."
|
- "The prefix that should be prepended to the generated log files written to the target_bucket."
|
||||||
default: ""
|
default: ""
|
||||||
|
type: str
|
||||||
extends_documentation_fragment:
|
extends_documentation_fragment:
|
||||||
- aws
|
- aws
|
||||||
- ec2
|
- ec2
|
||||||
|
|
4
test/integration/targets/s3_logging/aliases
Normal file
4
test/integration/targets/s3_logging/aliases
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
cloud/aws
|
||||||
|
#shippable/aws/group1
|
||||||
|
# when running tests we saw an ~20% failure rate
|
||||||
|
unsupported
|
4
test/integration/targets/s3_logging/defaults/main.yml
Normal file
4
test/integration/targets/s3_logging/defaults/main.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
test_bucket: '{{ resource_prefix }}-testbucket'
|
||||||
|
log_bucket_1: '{{ resource_prefix }}-logs-1'
|
||||||
|
log_bucket_2: '{{ resource_prefix }}-logs-2'
|
203
test/integration/targets/s3_logging/tasks/main.yml
Normal file
203
test/integration/targets/s3_logging/tasks/main.yml
Normal file
|
@ -0,0 +1,203 @@
|
||||||
|
---
|
||||||
|
# Integration tests for s3_logging
|
||||||
|
#
|
||||||
|
# Notes:
|
||||||
|
# - s3_logging doesn't support check_mode and the only output is 'changed'
|
||||||
|
# - During initial testing we hit issues with boto reporting
|
||||||
|
# "You must give the log-delivery group WRITE and READ_ACP permissions
|
||||||
|
# to the target bucket"
|
||||||
|
# a long term solution might be to port s3_logging to AnsibleAWSModule
|
||||||
|
# so we can add retries
|
||||||
|
#
|
||||||
|
- module_defaults:
|
||||||
|
group/aws:
|
||||||
|
aws_access_key: '{{ aws_access_key | default(omit) }}'
|
||||||
|
aws_secret_key: '{{ aws_secret_key | default(omit) }}'
|
||||||
|
security_token: '{{ security_token | default(omit) }}'
|
||||||
|
region: '{{ aws_region | default(omit) }}'
|
||||||
|
block:
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
|
||||||
|
- name: Try to enable logging without providing target_bucket
|
||||||
|
s3_logging:
|
||||||
|
state: present
|
||||||
|
name: '{{ test_bucket }}'
|
||||||
|
register: result
|
||||||
|
ignore_errors: yes
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- result is failed
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
- name: Create simple s3_bucket to be logged
|
||||||
|
s3_bucket:
|
||||||
|
state: present
|
||||||
|
name: '{{ test_bucket }}'
|
||||||
|
register: output
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- output is changed
|
||||||
|
- output.name == test_bucket
|
||||||
|
|
||||||
|
- name: Create simple s3_bucket as target for logs
|
||||||
|
s3_bucket:
|
||||||
|
state: present
|
||||||
|
name: '{{ log_bucket_1 }}'
|
||||||
|
register: output
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- output is changed
|
||||||
|
- output.name == log_bucket_1
|
||||||
|
|
||||||
|
- name: Create simple s3_bucket as second target for logs
|
||||||
|
s3_bucket:
|
||||||
|
state: present
|
||||||
|
name: '{{ log_bucket_2 }}'
|
||||||
|
register: output
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- output is changed
|
||||||
|
- output.name == log_bucket_2
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
|
||||||
|
- name: Enable logging
|
||||||
|
s3_logging:
|
||||||
|
state: present
|
||||||
|
name: '{{ test_bucket }}'
|
||||||
|
target_bucket: '{{ log_bucket_1 }}'
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- result is changed
|
||||||
|
|
||||||
|
- name: Enable logging idempotency
|
||||||
|
s3_logging:
|
||||||
|
state: present
|
||||||
|
name: '{{ test_bucket }}'
|
||||||
|
target_bucket: '{{ log_bucket_1 }}'
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- result is not changed
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
|
||||||
|
- name: Change logging bucket
|
||||||
|
s3_logging:
|
||||||
|
state: present
|
||||||
|
name: '{{ test_bucket }}'
|
||||||
|
target_bucket: '{{ log_bucket_2 }}'
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- result is changed
|
||||||
|
|
||||||
|
- name: Change logging bucket idempotency
|
||||||
|
s3_logging:
|
||||||
|
state: present
|
||||||
|
name: '{{ test_bucket }}'
|
||||||
|
target_bucket: '{{ log_bucket_2 }}'
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- result is not changed
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
|
||||||
|
- name: Change logging prefix
|
||||||
|
s3_logging:
|
||||||
|
state: present
|
||||||
|
name: '{{ test_bucket }}'
|
||||||
|
target_bucket: '{{ log_bucket_2 }}'
|
||||||
|
target_prefix: '/{{ resource_prefix }}/'
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- result is changed
|
||||||
|
|
||||||
|
- name: Change logging prefix idempotency
|
||||||
|
s3_logging:
|
||||||
|
state: present
|
||||||
|
name: '{{ test_bucket }}'
|
||||||
|
target_bucket: '{{ log_bucket_2 }}'
|
||||||
|
target_prefix: '/{{ resource_prefix }}/'
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- result is not changed
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
|
||||||
|
- name: Remove logging prefix
|
||||||
|
s3_logging:
|
||||||
|
state: present
|
||||||
|
name: '{{ test_bucket }}'
|
||||||
|
target_bucket: '{{ log_bucket_2 }}'
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- result is changed
|
||||||
|
|
||||||
|
- name: Remove logging prefix idempotency
|
||||||
|
s3_logging:
|
||||||
|
state: present
|
||||||
|
name: '{{ test_bucket }}'
|
||||||
|
target_bucket: '{{ log_bucket_2 }}'
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- result is not changed
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
|
||||||
|
- name: Disable logging
|
||||||
|
s3_logging:
|
||||||
|
state: absent
|
||||||
|
name: '{{ test_bucket }}'
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- result is changed
|
||||||
|
|
||||||
|
- name: Disable logging idempotency
|
||||||
|
s3_logging:
|
||||||
|
state: absent
|
||||||
|
name: '{{ test_bucket }}'
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- result is not changed
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
always:
|
||||||
|
- name: Delete bucket being logged
|
||||||
|
s3_bucket:
|
||||||
|
name: '{{ test_bucket }}'
|
||||||
|
state: absent
|
||||||
|
ignore_errors: yes
|
||||||
|
- name: Delete first bucket containing logs
|
||||||
|
s3_bucket:
|
||||||
|
name: '{{ log_bucket_1 }}'
|
||||||
|
state: absent
|
||||||
|
ignore_errors: yes
|
||||||
|
- name: Delete second bucket containing logs
|
||||||
|
s3_bucket:
|
||||||
|
name: '{{ log_bucket_2 }}'
|
||||||
|
state: absent
|
||||||
|
ignore_errors: yes
|
|
@ -1051,7 +1051,6 @@ lib/ansible/modules/cloud/amazon/s3_bucket.py validate-modules:doc-missing-type
|
||||||
lib/ansible/modules/cloud/amazon/s3_lifecycle.py validate-modules:undocumented-parameter
|
lib/ansible/modules/cloud/amazon/s3_lifecycle.py validate-modules:undocumented-parameter
|
||||||
lib/ansible/modules/cloud/amazon/s3_lifecycle.py validate-modules:parameter-type-not-in-doc
|
lib/ansible/modules/cloud/amazon/s3_lifecycle.py validate-modules:parameter-type-not-in-doc
|
||||||
lib/ansible/modules/cloud/amazon/s3_lifecycle.py validate-modules:doc-missing-type
|
lib/ansible/modules/cloud/amazon/s3_lifecycle.py validate-modules:doc-missing-type
|
||||||
lib/ansible/modules/cloud/amazon/s3_logging.py validate-modules:doc-missing-type
|
|
||||||
lib/ansible/modules/cloud/amazon/s3_sync.py future-import-boilerplate
|
lib/ansible/modules/cloud/amazon/s3_sync.py future-import-boilerplate
|
||||||
lib/ansible/modules/cloud/amazon/s3_sync.py metaclass-boilerplate
|
lib/ansible/modules/cloud/amazon/s3_sync.py metaclass-boilerplate
|
||||||
lib/ansible/modules/cloud/amazon/s3_sync.py pylint:blacklisted-name
|
lib/ansible/modules/cloud/amazon/s3_sync.py pylint:blacklisted-name
|
||||||
|
|
Loading…
Reference in a new issue