cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

ec2_instance - update tests related to termination protection (#65035)

Browse source 
* ec2_instance - update tests related to termination protection

* add more test cases for termination protection
This commit is contained in:
Prasad Katti 2020-02-26 08:08:49 -08:00 committed by GitHub
parent a4da73e961
commit a1f26af712
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 172 additions and 89 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

261
test/integration/targets/ec2_instance/roles/ec2_instance/tasks/termination_protection.yml
View file

@ -1,101 +1,184 @@
- block: - block:
- name: "Make termination-protected instance in the testing subnet created in the test VPC"
ec2_instance:
state: running
name: "{{ resource_prefix }}-test-protected-instance-in-vpc"
image_id: "{{ ec2_ami_image }}"
tags:
TestId: "{{ ec2_instance_tag_TestId }}"
security_groups: "{{ sg.group_id }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
termination_protection: true
instance_type: "{{ ec2_instance_type }}"
wait: yes
register: in_test_vpc
- name: "Make termination-protected instance in the testing subnet created in the test VPC(check mode)" - name: Create instance with termination protection (check mode)
ec2_instance: ec2_instance:
state: running name: "{{ resource_prefix }}-termination-protection"
name: "{{ resource_prefix }}-test-protected-instance-in-vpc-checkmode" image_id: "{{ ec2_ami_image }}"
image_id: "{{ ec2_ami_image }}" tags:
tags: TestId: "{{ resource_prefix }}"
TestId: "{{ ec2_instance_tag_TestId }}" security_groups: "{{ sg.group_id }}"
security_groups: "{{ sg.group_id }}" vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}" termination_protection: true
termination_protection: true instance_type: "{{ ec2_instance_type }}"
instance_type: "{{ ec2_instance_type }}" state: running
check_mode: yes wait: yes
check_mode: yes
register: create_instance_check_mode_results
- name: "fact presented ec2 instance" - name: Check the returned value for the earlier task
ec2_instance_info: assert:
filters: that:
"tag:Name": "{{ resource_prefix }}-test-protected-instance-in-vpc" - "{{ create_instance_check_mode_results.changed }}"
"instance-state-name": "running" - "{{ create_instance_check_mode_results.spec.DisableApiTermination }}"
register: presented_instance_fact
- name: "fact checkmode ec2 instance" - name: Create instance with termination protection
ec2_instance_info: ec2_instance:
filters: name: "{{ resource_prefix }}-termination-protection"
"tag:Name": "{{ resource_prefix }}-test-protected-instance-in-vpc-checkmode" image_id: "{{ ec2_ami_image }}"
register: checkmode_instance_fact tags:
TestId: "{{ resource_prefix }}"
security_groups: "{{ sg.group_id }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
termination_protection: true
instance_type: "{{ ec2_instance_type }}"
state: running
wait: yes
register: create_instance_results
- name: "Confirm whether the check mode is working normally." - name: Check return values of the create instance task
assert: assert:
that: that:
- "{{ presented_instance_fact.instances | length }} > 0" - "{{ create_instance_results.instances | length }} > 0"
- "'{{ presented_instance_fact.instances.0.state.name }}' in ['running', 'pending']" - "'{{ create_instance_results.instances.0.state.name }}' == 'running'"
- "{{ checkmode_instance_fact.instances | length }} == 0" - "'{{ create_instance_results.spec.DisableApiTermination }}'"
- name: "Try to terminate the instance" - name: Create instance with termination protection (check mode) (idempotent)
ec2_instance: ec2_instance:
state: absent name: "{{ resource_prefix }}-termination-protection"
name: "{{ resource_prefix }}-test-protected-instance-in-vpc" image_id: "{{ ec2_ami_image }}"
image_id: "{{ ec2_ami_image }}" tags:
tags: TestId: "{{ resource_prefix }}"
TestId: "{{ ec2_instance_tag_TestId }}" security_groups: "{{ sg.group_id }}"
security_groups: "{{ sg.group_id }}" vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}" termination_protection: true
termination_protection: true instance_type: "{{ ec2_instance_type }}"
instance_type: "{{ ec2_instance_type }}" state: running
register: bad_terminate wait: yes
ignore_errors: yes check_mode: yes
register: create_instance_check_mode_results
- name: "Cannot terminate protected instance" - name: Check the returned value for the earlier task
assert: assert:
that: that:
- bad_terminate is failed - "{{ not create_instance_check_mode_results.changed }}"
- name: "Alter termination protection setting" - name: Create instance with termination protection (idempotent)
ec2_instance: ec2_instance:
state: present name: "{{ resource_prefix }}-termination-protection"
name: "{{ resource_prefix }}-test-protected-instance-in-vpc" image_id: "{{ ec2_ami_image }}"
image_id: "{{ ec2_ami_image }}" tags:
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}" TestId: "{{ resource_prefix }}"
termination_protection: false security_groups: "{{ sg.group_id }}"
instance_type: "{{ ec2_instance_type }}" vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
tags: termination_protection: true
TestId: "{{ ec2_instance_tag_TestId }}" instance_type: "{{ ec2_instance_type }}"
state: running
wait: yes
register: create_instance_results
- name: "Try to terminate the instance again (should work)" - name: Check return values of the create instance task
ec2_instance: assert:
state: absent that:
name: "{{ resource_prefix }}-test-protected-instance-in-vpc" - "{{ not create_instance_results.changed }}"
image_id: "{{ ec2_ami_image }}" - "{{ create_instance_results.instances | length }} > 0"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
instance_type: "{{ ec2_instance_type }}"
wait: false
tags:
TestId: "{{ ec2_instance_tag_TestId }}"
register: terminate_results
- assert: - name: Try to terminate the instance (expected to fail)
that: terminate_results is not failed ec2_instance:
filters:
tag:Name: "{{ resource_prefix }}-termination-protection"
state: absent
failed_when: "'Unable to terminate instances' not in terminate_instance_results.msg"
register: terminate_instance_results
# https://github.com/ansible/ansible/issues/67716
# Updates to termination protection in check mode has a bug (listed above)
- name: Set termination protection to false
ec2_instance:
name: "{{ resource_prefix }}-termination-protection"
image_id: "{{ ec2_ami_image }}"
termination_protection: false
instance_type: "{{ ec2_instance_type }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
register: set_termination_protection_results
- name: Check return value
assert:
that:
- "{{ set_termination_protection_results.changed }}"
- "{{ not set_termination_protection_results.changes[0].DisableApiTermination.Value }}"
- name: Set termination protection to false (idempotent)
ec2_instance:
name: "{{ resource_prefix }}-termination-protection"
image_id: "{{ ec2_ami_image }}"
termination_protection: false
instance_type: "{{ ec2_instance_type }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
register: set_termination_protection_results
- name: Check return value
assert:
that:
- "{{ not set_termination_protection_results.changed }}"
- name: Set termination protection to true
ec2_instance:
name: "{{ resource_prefix }}-termination-protection"
image_id: "{{ ec2_ami_image }}"
termination_protection: true
instance_type: "{{ ec2_instance_type }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
register: set_termination_protection_results
- name: Check return value
assert:
that:
- "{{ set_termination_protection_results.changed }}"
- "{{ set_termination_protection_results.changes[0].DisableApiTermination.Value }}"
- name: Set termination protection to true (idempotent)
ec2_instance:
name: "{{ resource_prefix }}-termination-protection"
image_id: "{{ ec2_ami_image }}"
termination_protection: true
instance_type: "{{ ec2_instance_type }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
register: set_termination_protection_results
- name: Check return value
assert:
that:
- "{{ not set_termination_protection_results.changed }}"
- name: Set termination protection to false (so we can terminate instance)
ec2_instance:
name: "{{ resource_prefix }}-termination-protection"
image_id: "{{ ec2_ami_image }}"
termination_protection: false
instance_type: "{{ ec2_instance_type }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
register: set_termination_protection_results
- name: Terminate the instance
ec2_instance:
filters:
tag:TestId: "{{ resource_prefix }}"
state: absent
always: always:
- name: "Terminate termination_protection instances"
ec2_instance: - name: Set termination protection to false (so we can terminate instance) (cleanup)
state: absent ec2_instance:
filters: filters:
"tag:TestId": "{{ ec2_instance_tag_TestId }}" tag:TestId: "{{ resource_prefix }}"
wait: yes termination_protection: false
ignore_errors: yes ignore_errors: yes
- name: Terminate instance
ec2_instance:
filters:
tag:TestId: "{{ resource_prefix }}"
state: absent
wait: false
ignore_errors: yes