From a1f26af712ddb55872ff3454196c2aca35327db3 Mon Sep 17 00:00:00 2001 From: Prasad Katti Date: Wed, 26 Feb 2020 08:08:49 -0800 Subject: [PATCH] ec2_instance - update tests related to termination protection (#65035) * ec2_instance - update tests related to termination protection * add more test cases for termination protection --- .../tasks/termination_protection.yml | 261 ++++++++++++------ 1 file changed, 172 insertions(+), 89 deletions(-) diff --git a/test/integration/targets/ec2_instance/roles/ec2_instance/tasks/termination_protection.yml b/test/integration/targets/ec2_instance/roles/ec2_instance/tasks/termination_protection.yml index e2d3728f483..418e3c398dc 100644 --- a/test/integration/targets/ec2_instance/roles/ec2_instance/tasks/termination_protection.yml +++ b/test/integration/targets/ec2_instance/roles/ec2_instance/tasks/termination_protection.yml @@ -1,101 +1,184 @@ - block: - - name: "Make termination-protected instance in the testing subnet created in the test VPC" - ec2_instance: - state: running - name: "{{ resource_prefix }}-test-protected-instance-in-vpc" - image_id: "{{ ec2_ami_image }}" - tags: - TestId: "{{ ec2_instance_tag_TestId }}" - security_groups: "{{ sg.group_id }}" - vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}" - termination_protection: true - instance_type: "{{ ec2_instance_type }}" - wait: yes - register: in_test_vpc - - name: "Make termination-protected instance in the testing subnet created in the test VPC(check mode)" - ec2_instance: - state: running - name: "{{ resource_prefix }}-test-protected-instance-in-vpc-checkmode" - image_id: "{{ ec2_ami_image }}" - tags: - TestId: "{{ ec2_instance_tag_TestId }}" - security_groups: "{{ sg.group_id }}" - vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}" - termination_protection: true - instance_type: "{{ ec2_instance_type }}" - check_mode: yes + - name: Create instance with termination protection (check mode) + ec2_instance: + name: "{{ resource_prefix }}-termination-protection" + image_id: "{{ ec2_ami_image }}" + tags: + TestId: "{{ resource_prefix }}" + security_groups: "{{ sg.group_id }}" + vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}" + termination_protection: true + instance_type: "{{ ec2_instance_type }}" + state: running + wait: yes + check_mode: yes + register: create_instance_check_mode_results - - name: "fact presented ec2 instance" - ec2_instance_info: - filters: - "tag:Name": "{{ resource_prefix }}-test-protected-instance-in-vpc" - "instance-state-name": "running" - register: presented_instance_fact + - name: Check the returned value for the earlier task + assert: + that: + - "{{ create_instance_check_mode_results.changed }}" + - "{{ create_instance_check_mode_results.spec.DisableApiTermination }}" - - name: "fact checkmode ec2 instance" - ec2_instance_info: - filters: - "tag:Name": "{{ resource_prefix }}-test-protected-instance-in-vpc-checkmode" - register: checkmode_instance_fact + - name: Create instance with termination protection + ec2_instance: + name: "{{ resource_prefix }}-termination-protection" + image_id: "{{ ec2_ami_image }}" + tags: + TestId: "{{ resource_prefix }}" + security_groups: "{{ sg.group_id }}" + vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}" + termination_protection: true + instance_type: "{{ ec2_instance_type }}" + state: running + wait: yes + register: create_instance_results - - name: "Confirm whether the check mode is working normally." - assert: - that: - - "{{ presented_instance_fact.instances | length }} > 0" - - "'{{ presented_instance_fact.instances.0.state.name }}' in ['running', 'pending']" - - "{{ checkmode_instance_fact.instances | length }} == 0" + - name: Check return values of the create instance task + assert: + that: + - "{{ create_instance_results.instances | length }} > 0" + - "'{{ create_instance_results.instances.0.state.name }}' == 'running'" + - "'{{ create_instance_results.spec.DisableApiTermination }}'" - - name: "Try to terminate the instance" - ec2_instance: - state: absent - name: "{{ resource_prefix }}-test-protected-instance-in-vpc" - image_id: "{{ ec2_ami_image }}" - tags: - TestId: "{{ ec2_instance_tag_TestId }}" - security_groups: "{{ sg.group_id }}" - vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}" - termination_protection: true - instance_type: "{{ ec2_instance_type }}" - register: bad_terminate - ignore_errors: yes + - name: Create instance with termination protection (check mode) (idempotent) + ec2_instance: + name: "{{ resource_prefix }}-termination-protection" + image_id: "{{ ec2_ami_image }}" + tags: + TestId: "{{ resource_prefix }}" + security_groups: "{{ sg.group_id }}" + vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}" + termination_protection: true + instance_type: "{{ ec2_instance_type }}" + state: running + wait: yes + check_mode: yes + register: create_instance_check_mode_results - - name: "Cannot terminate protected instance" - assert: - that: - - bad_terminate is failed + - name: Check the returned value for the earlier task + assert: + that: + - "{{ not create_instance_check_mode_results.changed }}" - - name: "Alter termination protection setting" - ec2_instance: - state: present - name: "{{ resource_prefix }}-test-protected-instance-in-vpc" - image_id: "{{ ec2_ami_image }}" - vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}" - termination_protection: false - instance_type: "{{ ec2_instance_type }}" - tags: - TestId: "{{ ec2_instance_tag_TestId }}" + - name: Create instance with termination protection (idempotent) + ec2_instance: + name: "{{ resource_prefix }}-termination-protection" + image_id: "{{ ec2_ami_image }}" + tags: + TestId: "{{ resource_prefix }}" + security_groups: "{{ sg.group_id }}" + vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}" + termination_protection: true + instance_type: "{{ ec2_instance_type }}" + state: running + wait: yes + register: create_instance_results - - name: "Try to terminate the instance again (should work)" - ec2_instance: - state: absent - name: "{{ resource_prefix }}-test-protected-instance-in-vpc" - image_id: "{{ ec2_ami_image }}" - vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}" - instance_type: "{{ ec2_instance_type }}" - wait: false - tags: - TestId: "{{ ec2_instance_tag_TestId }}" - register: terminate_results + - name: Check return values of the create instance task + assert: + that: + - "{{ not create_instance_results.changed }}" + - "{{ create_instance_results.instances | length }} > 0" - - assert: - that: terminate_results is not failed + - name: Try to terminate the instance (expected to fail) + ec2_instance: + filters: + tag:Name: "{{ resource_prefix }}-termination-protection" + state: absent + failed_when: "'Unable to terminate instances' not in terminate_instance_results.msg" + register: terminate_instance_results + + # https://github.com/ansible/ansible/issues/67716 + # Updates to termination protection in check mode has a bug (listed above) + + - name: Set termination protection to false + ec2_instance: + name: "{{ resource_prefix }}-termination-protection" + image_id: "{{ ec2_ami_image }}" + termination_protection: false + instance_type: "{{ ec2_instance_type }}" + vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}" + register: set_termination_protection_results + + - name: Check return value + assert: + that: + - "{{ set_termination_protection_results.changed }}" + - "{{ not set_termination_protection_results.changes[0].DisableApiTermination.Value }}" + + - name: Set termination protection to false (idempotent) + ec2_instance: + name: "{{ resource_prefix }}-termination-protection" + image_id: "{{ ec2_ami_image }}" + termination_protection: false + instance_type: "{{ ec2_instance_type }}" + vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}" + register: set_termination_protection_results + + - name: Check return value + assert: + that: + - "{{ not set_termination_protection_results.changed }}" + + - name: Set termination protection to true + ec2_instance: + name: "{{ resource_prefix }}-termination-protection" + image_id: "{{ ec2_ami_image }}" + termination_protection: true + instance_type: "{{ ec2_instance_type }}" + vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}" + register: set_termination_protection_results + + - name: Check return value + assert: + that: + - "{{ set_termination_protection_results.changed }}" + - "{{ set_termination_protection_results.changes[0].DisableApiTermination.Value }}" + + - name: Set termination protection to true (idempotent) + ec2_instance: + name: "{{ resource_prefix }}-termination-protection" + image_id: "{{ ec2_ami_image }}" + termination_protection: true + instance_type: "{{ ec2_instance_type }}" + vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}" + register: set_termination_protection_results + + - name: Check return value + assert: + that: + - "{{ not set_termination_protection_results.changed }}" + + - name: Set termination protection to false (so we can terminate instance) + ec2_instance: + name: "{{ resource_prefix }}-termination-protection" + image_id: "{{ ec2_ami_image }}" + termination_protection: false + instance_type: "{{ ec2_instance_type }}" + vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}" + register: set_termination_protection_results + + - name: Terminate the instance + ec2_instance: + filters: + tag:TestId: "{{ resource_prefix }}" + state: absent always: - - name: "Terminate termination_protection instances" - ec2_instance: - state: absent - filters: - "tag:TestId": "{{ ec2_instance_tag_TestId }}" - wait: yes - ignore_errors: yes + + - name: Set termination protection to false (so we can terminate instance) (cleanup) + ec2_instance: + filters: + tag:TestId: "{{ resource_prefix }}" + termination_protection: false + ignore_errors: yes + + - name: Terminate instance + ec2_instance: + filters: + tag:TestId: "{{ resource_prefix }}" + state: absent + wait: false + ignore_errors: yes