cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Ensure block device instance creation outputs instances

Browse source 
Not waiting outputs results in a format that will never
be matched by the tests

Ensure instances get tidied up

Allow ec2:ReportInstanceStatus

ec2_instance: Improve test cleanup on failing tests

Improve describe/modify attribute error handling

Address feedback on PR
This commit is contained in:
Will Thames 2019-06-28 20:28:47 +10:00 committed by Sloane Hertel
parent da1a621bd9
commit a6d757e074
10 changed files with 558 additions and 518 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
hacking/aws_config/testing_policies/compute-policy.json
View file

@ -86,7 +86,8 @@
"ec2:ModifyVpcAttribute",
"ec2:RegisterImage",
"ec2:ReleaseAddress",
"ec2:ReplaceRouteTableAssociation"
"ec2:ReplaceRouteTableAssociation",
"ec2:ReportInstanceStatus"
],
"Resource": "*"
},

4
lib/ansible/modules/cloud/amazon/ec2_instance.py
View file

@ -1243,7 +1243,7 @@ def diff_instance_and_params(instance, params, ec2=None, skip=None):
for mapping in param_mappings:
if params.get(mapping.param_key) is not None and mapping.instance_key not in skip:
value = ec2.describe_instance_attribute(Attribute=mapping.attribute_name, InstanceId=id_)
value = AWSRetry.jittered_backoff()(ec2.describe_instance_attribute)(Attribute=mapping.attribute_name, InstanceId=id_)
if params.get(mapping.param_key) is not None and value[mapping.instance_key]['Value'] != params.get(mapping.param_key):
arguments = dict(
InstanceId=instance['InstanceId'],
@ -1496,7 +1496,7 @@ def handle_existing(existing_matches, changed, ec2, state):
)
changes = diff_instance_and_params(existing_matches[0], module.params)
for c in changes:
ec2.modify_instance_attribute(**c)
AWSRetry.jittered_backoff()(ec2.modify_instance_attribute)(**c)
changed |= bool(changes)
changed |= add_or_update_instance_profile(existing_matches[0], module.params.get('instance_role'))
changed |= change_network_attachments(existing_matches[0], module.params, ec2)

4
lib/ansible/modules/cloud/amazon/iam_managed_policy.py
View file

@ -195,8 +195,8 @@ def get_or_create_policy_version(module, iam, policy, policy_document):
try:
version = iam.create_policy_version(PolicyArn=policy['Arn'], PolicyDocument=policy_document)['PolicyVersion']
return version, True
except botocore.exceptions.ClientError as e:
pass
except botocore.exceptions.ClientError as second_e:
e = second_e
# Handle both when the exception isn't LimitExceeded or
# the second attempt still failed
module.fail_json(msg="Couldn't create policy version: %s" % str(e),

8
test/integration/targets/ec2_instance/tasks/block_devices.yml
View file

@ -6,6 +6,7 @@
security_token: "{{ security_token }}"
region: "{{ aws_region }}"
no_log: true
- name: New instance with an extra block device
ec2_instance:
name: "{{ resource_prefix }}-test-ebs-vols"
@ -20,12 +21,12 @@
tags:
TestId: "{{ resource_prefix }}"
instance_type: t2.micro
wait: false
wait: true
<<: *aws_connection_info
register: in_test_vpc
- name: Gather instance facts
ec2_instance_facts:
- name: Gather instance info
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-ebs-vols"
<<: *aws_connection_info
@ -60,6 +61,7 @@
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-ebs-vols"
"instance-state-name": "running"
<<: *aws_connection_info
register: presented_instance_fact

174
test/integration/targets/ec2_instance/tasks/cpu_options.yml
View file

@ -1,89 +1,101 @@
- name: set connection information for all tasks
set_fact:
aws_connection_info: &aws_connection_info
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token }}"
region: "{{ aws_region }}"
no_log: true
- block:
- name: set connection information for all tasks
set_fact:
aws_connection_info: &aws_connection_info
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token }}"
region: "{{ aws_region }}"
no_log: true
- name: create t3.nano instance with cpu_options
ec2_instance:
name: "{{ resource_prefix }}-test-t3nano-1-threads-per-core"
image_id: "{{ ec2_ami_image[aws_region] }}"
tags:
TestId: "{{ resource_prefix }}"
vpc_subnet_id: "{{ testing_subnet_a.subnet.id }}"
instance_type: t3.nano
cpu_options:
core_count: 1
threads_per_core: 1
wait: false
<<: *aws_connection_info
register: instance_creation
- name: create t3.nano instance with cpu_options
ec2_instance:
name: "{{ resource_prefix }}-test-t3nano-1-threads-per-core"
image_id: "{{ ec2_ami_image[aws_region] }}"
tags:
TestId: "{{ resource_prefix }}"
vpc_subnet_id: "{{ testing_subnet_a.subnet.id }}"
instance_type: t3.nano
cpu_options:
core_count: 1
threads_per_core: 1
wait: false
<<: *aws_connection_info
register: instance_creation
- name: instance with cpu_options created with the right options
assert:
that:
- instance_creation is success
- instance_creation is changed
- name: instance with cpu_options created with the right options
assert:
that:
- instance_creation is success
- instance_creation is changed
- name: modify cpu_options on existing instance (warning displayed)
ec2_instance:
state: present
name: "{{ resource_prefix }}-test-t3nano-1-threads-per-core"
image_id: "{{ ec2_ami_image[aws_region] }}"
tags:
TestId: "{{ resource_prefix }}"
vpc_subnet_id: "{{ testing_subnet_a.subnet.id }}"
instance_type: t3.nano
cpu_options:
core_count: 1
threads_per_core: 2
wait: false
<<: *aws_connection_info
register: cpu_options_update
ignore_errors: yes
- name: modify cpu_options on existing instance (warning displayed)
ec2_instance:
state: present
name: "{{ resource_prefix }}-test-t3nano-1-threads-per-core"
image_id: "{{ ec2_ami_image[aws_region] }}"
tags:
TestId: "{{ resource_prefix }}"
vpc_subnet_id: "{{ testing_subnet_a.subnet.id }}"
instance_type: t3.nano
cpu_options:
core_count: 1
threads_per_core: 2
wait: false
<<: *aws_connection_info
register: cpu_options_update
ignore_errors: yes
- name: modify cpu_options has no effect on existing instance
assert:
that:
- cpu_options_update is success
- cpu_options_update is not changed
- name: modify cpu_options has no effect on existing instance
assert:
that:
- cpu_options_update is success
- cpu_options_update is not changed
- name: create t3.nano instance with cpu_options(check mode)
ec2_instance:
name: "{{ resource_prefix }}-test-t3nano-1-threads-per-core-checkmode"
image_id: "{{ ec2_ami_image[aws_region] }}"
tags:
TestId: "{{ resource_prefix }}"
vpc_subnet_id: "{{ testing_subnet_a.subnet.id }}"
instance_type: t3.nano
cpu_options:
core_count: 1
threads_per_core: 1
<<: *aws_connection_info
check_mode: yes
- name: create t3.nano instance with cpu_options(check mode)
ec2_instance:
name: "{{ resource_prefix }}-test-t3nano-1-threads-per-core-checkmode"
image_id: "{{ ec2_ami_image[aws_region] }}"
tags:
TestId: "{{ resource_prefix }}"
vpc_subnet_id: "{{ testing_subnet_a.subnet.id }}"
instance_type: t3.nano
cpu_options:
core_count: 1
threads_per_core: 1
<<: *aws_connection_info
check_mode: yes
- name: "fact presented ec2 instance"
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-t3nano-1-threads-per-core"
<<: *aws_connection_info
register: presented_instance_fact
- name: "fact presented ec2 instance"
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-t3nano-1-threads-per-core"
<<: *aws_connection_info
register: presented_instance_fact
- name: "fact checkmode ec2 instance"
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-t3nano-1-threads-per-core-checkmode"
<<: *aws_connection_info
register: checkmode_instance_fact
- name: "fact checkmode ec2 instance"
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-t3nano-1-threads-per-core-checkmode"
<<: *aws_connection_info
register: checkmode_instance_fact
- name: "Confirm existence of instance id."
assert:
that:
- "{{ presented_instance_fact.instances | length }} > 0"
- "'{{ presented_instance_fact.instances.0.state.name }}' in ['running','pending']"
- "{{ checkmode_instance_fact.instances | length }} == 0"
- "{{ presented_instance_fact.instances.0.cpu_options.core_count }} == 1"
- "{{ presented_instance_fact.instances.0.cpu_options.threads_per_core }} == 1"
- name: "Confirm existence of instance id."
assert:
that:
- "{{ presented_instance_fact.instances | length }} > 0"
- "'{{ presented_instance_fact.instances.0.state.name }}' in ['running','pending']"
- "{{ checkmode_instance_fact.instances | length }} == 0"
- "{{ presented_instance_fact.instances.0.cpu_options.core_count }} == 1"
- "{{ presented_instance_fact.instances.0.cpu_options.threads_per_core }} == 1"
always:
- name: Terminate instances
ec2_instance:
filters:
tag:TestId: "{{ resource_prefix }}"
state: absent
wait: false
<<: *aws_connection_info
register: result
ignore_errors: yes

112
test/integration/targets/ec2_instance/tasks/default_vpc_tests.yml
View file

@ -1,56 +1,66 @@
- name: set connection information for all tasks
set_fact:
aws_connection_info: &aws_connection_info
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token }}"
region: "{{ aws_region }}"
no_log: true
- name: Make instance in a default subnet of the VPC
ec2_instance:
name: "{{ resource_prefix }}-test-default-vpc"
image_id: "{{ ec2_ami_image[aws_region] }}"
tags:
TestId: "{{ resource_prefix }}"
security_groups: "{{ sg.group_id }}"
instance_type: t2.micro
wait: false
<<: *aws_connection_info
register: in_default_vpc
- block:
- name: set connection information for all tasks
set_fact:
aws_connection_info: &aws_connection_info
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token }}"
region: "{{ aws_region }}"
no_log: true
- name: Make instance in a default subnet of the VPC
ec2_instance:
name: "{{ resource_prefix }}-test-default-vpc"
image_id: "{{ ec2_ami_image[aws_region] }}"
tags:
TestId: "{{ resource_prefix }}"
security_groups: "{{ sg.group_id }}"
instance_type: t2.micro
wait: false
<<: *aws_connection_info
register: in_default_vpc
- name: Make instance in a default subnet of the VPC(check mode)
ec2_instance:
name: "{{ resource_prefix }}-test-default-vpc-checkmode"
image_id: "{{ ec2_ami_image[aws_region] }}"
tags:
TestId: "{{ resource_prefix }}"
security_groups: "{{ sg.group_id }}"
instance_type: t2.micro
<<: *aws_connection_info
check_mode: yes
- name: Make instance in a default subnet of the VPC(check mode)
ec2_instance:
name: "{{ resource_prefix }}-test-default-vpc-checkmode"
image_id: "{{ ec2_ami_image[aws_region] }}"
tags:
TestId: "{{ resource_prefix }}"
security_groups: "{{ sg.group_id }}"
instance_type: t2.micro
<<: *aws_connection_info
check_mode: yes
- name: "fact presented ec2 instance"
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-default-vpc"
<<: *aws_connection_info
register: presented_instance_fact
- name: "fact presented ec2 instance"
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-default-vpc"
<<: *aws_connection_info
register: presented_instance_fact
- name: "fact checkmode ec2 instance"
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-default-vpc-checkmode"
<<: *aws_connection_info
register: checkmode_instance_fact
- name: "fact checkmode ec2 instance"
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-default-vpc-checkmode"
<<: *aws_connection_info
register: checkmode_instance_fact
- name: "Confirm whether the check mode is working normally."
assert:
that:
- "{{ presented_instance_fact.instances | length }} > 0"
- "{{ checkmode_instance_fact.instances | length }} == 0"
- name: "Confirm whether the check mode is working normally."
assert:
that:
- "{{ presented_instance_fact.instances | length }} > 0"
- "{{ checkmode_instance_fact.instances | length }} == 0"
- name: Terminate instance
ec2:
instance_ids: "{{ in_default_vpc.instance_ids }}"
state: absent
<<: *aws_connection_info
- name: Terminate instance
ec2:
instance_ids: "{{ in_default_vpc.instance_ids }}"
state: absent
<<: *aws_connection_info
always:
- name: Terminate test-default-vpc instance
ec2:
filters:
"tag:Name": "{{ resource_prefix }}-test-default-vpc"
state: absent
<<: *aws_connection_info
ignore_errors: yes

258
test/integration/targets/ec2_instance/tasks/external_resource_attach.yml
View file

@ -1,141 +1,141 @@
- name: set connection information for all tasks
set_fact:
aws_connection_info: &aws_connection_info
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token }}"
region: "{{ aws_region }}"
no_log: true
# Make custom ENIs and attach via the `network` parameter
- ec2_eni:
delete_on_termination: true
subnet_id: "{{ testing_subnet_b.subnet.id }}"
security_groups:
- "{{ sg.group_id }}"
<<: *aws_connection_info
register: eni_a
- ec2_eni:
delete_on_termination: true
subnet_id: "{{ testing_subnet_b.subnet.id }}"
security_groups:
- "{{ sg.group_id }}"
<<: *aws_connection_info
register: eni_b
- ec2_eni:
delete_on_termination: true
subnet_id: "{{ testing_subnet_b.subnet.id }}"
security_groups:
- "{{ sg.group_id }}"
<<: *aws_connection_info
register: eni_c
- block:
- name: set connection information for all tasks
set_fact:
aws_connection_info: &aws_connection_info
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token }}"
region: "{{ aws_region }}"
no_log: true
# Make custom ENIs and attach via the `network` parameter
- ec2_eni:
delete_on_termination: true
subnet_id: "{{ testing_subnet_b.subnet.id }}"
security_groups:
- "{{ sg.group_id }}"
<<: *aws_connection_info
register: eni_a
- ec2_eni:
delete_on_termination: true
subnet_id: "{{ testing_subnet_b.subnet.id }}"
security_groups:
- "{{ sg.group_id }}"
<<: *aws_connection_info
register: eni_b
- ec2_eni:
delete_on_termination: true
subnet_id: "{{ testing_subnet_b.subnet.id }}"
security_groups:
- "{{ sg.group_id }}"
<<: *aws_connection_info
register: eni_c
- ec2_key:
name: "{{ resource_prefix }}_test_key"
<<: *aws_connection_info
- ec2_key:
name: "{{ resource_prefix }}_test_key"
<<: *aws_connection_info
- name: Make instance in the testing subnet created in the test VPC
ec2_instance:
name: "{{ resource_prefix }}-test-eni-vpc"
key_name: "{{ resource_prefix }}_test_key"
network:
interfaces:
- id: "{{ eni_a.interface.id }}"
image_id: "{{ ec2_ami_image[aws_region] }}"
availability_zone: '{{ aws_region }}b'
tags:
TestId: "{{ resource_prefix }}"
instance_type: t2.micro
wait: false
<<: *aws_connection_info
register: in_test_vpc
- name: Make instance in the testing subnet created in the test VPC
ec2_instance:
name: "{{ resource_prefix }}-test-eni-vpc"
key_name: "{{ resource_prefix }}_test_key"
network:
interfaces:
- id: "{{ eni_a.interface.id }}"
image_id: "{{ ec2_ami_image[aws_region] }}"
availability_zone: '{{ aws_region }}b'
tags:
TestId: "{{ resource_prefix }}"
instance_type: t2.micro
wait: false
<<: *aws_connection_info
register: in_test_vpc
- name: "Gather {{ resource_prefix }}-test-eni-vpc facts"
ec2_instance_facts:
filters:
"tag:Name": '{{ resource_prefix }}-test-eni-vpc'
<<: *aws_connection_info
register: in_test_vpc_instance
- name: "Gather {{ resource_prefix }}-test-eni-vpc info"
ec2_instance_info:
filters:
"tag:Name": '{{ resource_prefix }}-test-eni-vpc'
<<: *aws_connection_info
register: in_test_vpc_instance
- assert:
that:
- 'in_test_vpc_instance.instances.0.key_name == "{{ resource_prefix }}_test_key"'
- '(in_test_vpc_instance.instances.0.network_interfaces | length) == 1'
- assert:
that:
- 'in_test_vpc_instance.instances.0.key_name == "{{ resource_prefix }}_test_key"'
- '(in_test_vpc_instance.instances.0.network_interfaces | length) == 1'
- name: Add a second interface
ec2_instance:
name: "{{ resource_prefix }}-test-eni-vpc"
network:
interfaces:
- id: "{{ eni_a.interface.id }}"
- id: "{{ eni_b.interface.id }}"
image_id: "{{ ec2_ami_image[aws_region] }}"
tags:
TestId: "{{ resource_prefix }}"
instance_type: t2.micro
wait: false
<<: *aws_connection_info
register: add_interface
until: add_interface is not failed
ignore_errors: yes
retries: 10
- name: Add a second interface
ec2_instance:
name: "{{ resource_prefix }}-test-eni-vpc"
network:
interfaces:
- id: "{{ eni_a.interface.id }}"
- id: "{{ eni_b.interface.id }}"
image_id: "{{ ec2_ami_image[aws_region] }}"
tags:
TestId: "{{ resource_prefix }}"
instance_type: t2.micro
wait: false
<<: *aws_connection_info
register: add_interface
until: add_interface is not failed
ignore_errors: yes
retries: 10
- name: Make instance in the testing subnet created in the test VPC(check mode)
ec2_instance:
name: "{{ resource_prefix }}-test-eni-vpc-checkmode"
key_name: "{{ resource_prefix }}_test_key"
network:
interfaces:
- id: "{{ eni_c.interface.id }}"
image_id: "{{ ec2_ami_image[aws_region] }}"
availability_zone: '{{ aws_region }}b'
tags:
TestId: "{{ resource_prefix }}"
instance_type: t2.micro
<<: *aws_connection_info
check_mode: yes
- name: Make instance in the testing subnet created in the test VPC(check mode)
ec2_instance:
name: "{{ resource_prefix }}-test-eni-vpc-checkmode"
key_name: "{{ resource_prefix }}_test_key"
network:
interfaces:
- id: "{{ eni_c.interface.id }}"
image_id: "{{ ec2_ami_image[aws_region] }}"
availability_zone: '{{ aws_region }}b'
tags:
TestId: "{{ resource_prefix }}"
instance_type: t2.micro
<<: *aws_connection_info
check_mode: yes
- name: "fact presented ec2 instance"
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-eni-vpc"
<<: *aws_connection_info
register: presented_instance_fact
- name: "fact presented ec2 instance"
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-eni-vpc"
<<: *aws_connection_info
register: presented_instance_fact
- name: "fact checkmode ec2 instance"
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-eni-vpc-checkmode"
<<: *aws_connection_info
register: checkmode_instance_fact
- name: "fact checkmode ec2 instance"
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-eni-vpc-checkmode"
<<: *aws_connection_info
register: checkmode_instance_fact
- name: "Confirm existence of instance id."
assert:
that:
- "{{ presented_instance_fact.instances | length }} > 0"
- "{{ checkmode_instance_fact.instances | length }} == 0"
- name: "Confirm existence of instance id."
assert:
that:
- "{{ presented_instance_fact.instances | length }} > 0"
- "{{ checkmode_instance_fact.instances | length }} == 0"
- name: Terminate instance
ec2_instance:
filters:
tag:TestId: "{{ resource_prefix }}"
state: absent
wait: false
<<: *aws_connection_info
register: result
- assert:
that: result.changed
- name: Terminate instance
ec2_instance:
filters:
tag:TestId: "{{ resource_prefix }}"
state: absent
wait: false
<<: *aws_connection_info
register: result
- name: Terminate instance
ec2_instance:
instance_ids: "{{ in_test_vpc.instance_ids }}"
state: absent
wait: false
<<: *aws_connection_info
register: result
- assert:
that: not result.changed
always:
- name: Terminate instance
ec2_instance:
instance_ids: "{{ in_test_vpc.instance_ids }}"
state: absent
wait: false
<<: *aws_connection_info
register: result
ignore_errors: yes
- ec2_key:
name: "{{ resource_prefix }}_test_key"
state: absent
<<: *aws_connection_info
- ec2_key:
name: "{{ resource_prefix }}_test_key"
state: absent
<<: *aws_connection_info
ignore_errors: yes

4
test/integration/targets/ec2_instance/tasks/iam_instance_role.yml
View file

@ -50,7 +50,7 @@
image_id: "{{ ec2_ami_image[aws_region] }}"
security_groups: "{{ sg.group_id }}"
instance_type: t2.micro
instance_role: "ansible-test-sts-{{ resource_prefix }}-test-policy"
instance_role: "{{ iam_role.arn }}"
<<: *aws_connection_info
check_mode: yes
@ -80,7 +80,7 @@
image_id: "{{ ec2_ami_image[aws_region] }}"
security_groups: "{{ sg.group_id }}"
instance_type: t2.micro
instance_role: "ansible-test-sts-{{ resource_prefix }}-test-policy-2"
instance_role: "{{ iam_role_2.arn }}"
<<: *aws_connection_info
register: instance_with_updated_role
until: instance_with_updated_role is not failed

318
test/integration/targets/ec2_instance/tasks/tags_and_vpc_settings.yml
View file

@ -1,171 +1,173 @@
- name: set connection information for all tasks
set_fact:
aws_connection_info: &aws_connection_info
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token }}"
region: "{{ aws_region }}"
no_log: true
- name: Make instance in the testing subnet created in the test VPC
ec2_instance:
name: "{{ resource_prefix }}-test-basic-vpc-create"
image_id: "{{ ec2_ami_image[aws_region] }}"
user_data: |
#cloud-config
package_upgrade: true
package_update: true
tags:
TestId: "{{ resource_prefix }}"
Something: else
security_groups: "{{ sg.group_id }}"
network:
source_dest_check: false
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
instance_type: t2.micro
wait: false
<<: *aws_connection_info
register: in_test_vpc
- block:
- name: set connection information for all tasks
set_fact:
aws_connection_info: &aws_connection_info
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token }}"
region: "{{ aws_region }}"
no_log: true
- name: Make instance in the testing subnet created in the test VPC
ec2_instance:
name: "{{ resource_prefix }}-test-basic-vpc-create"
image_id: "{{ ec2_ami_image[aws_region] }}"
user_data: |
#cloud-config
package_upgrade: true
package_update: true
tags:
TestId: "{{ resource_prefix }}"
Something: else
security_groups: "{{ sg.group_id }}"
network:
source_dest_check: false
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
instance_type: t2.micro
wait: false
<<: *aws_connection_info
register: in_test_vpc
- name: Make instance in the testing subnet created in the test VPC(check mode)
ec2_instance:
name: "{{ resource_prefix }}-test-basic-vpc-create-checkmode"
image_id: "{{ ec2_ami_image[aws_region] }}"
user_data: |
#cloud-config
package_upgrade: true
package_update: true
tags:
TestId: "{{ resource_prefix }}"
Something: else
security_groups: "{{ sg.group_id }}"
network:
source_dest_check: false
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
instance_type: t2.micro
<<: *aws_connection_info
check_mode: yes
- name: Make instance in the testing subnet created in the test VPC(check mode)
ec2_instance:
name: "{{ resource_prefix }}-test-basic-vpc-create-checkmode"
image_id: "{{ ec2_ami_image[aws_region] }}"
user_data: |
#cloud-config
package_upgrade: true
package_update: true
tags:
TestId: "{{ resource_prefix }}"
Something: else
security_groups: "{{ sg.group_id }}"
network:
source_dest_check: false
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
instance_type: t2.micro
<<: *aws_connection_info
check_mode: yes
- name: Try to re-make the instance, hopefully this shows changed=False
ec2_instance:
name: "{{ resource_prefix }}-test-basic-vpc-create"
image_id: "{{ ec2_ami_image[aws_region] }}"
user_data: |
#cloud-config
package_upgrade: true
package_update: true
tags:
TestId: "{{ resource_prefix }}"
Something: else
security_groups: "{{ sg.group_id }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
instance_type: t2.micro
<<: *aws_connection_info
register: remake_in_test_vpc
- name: "Remaking the same instance resulted in no changes"
assert:
that: not remake_in_test_vpc.changed
- name: check that instance IDs match anyway
assert:
that: 'remake_in_test_vpc.instance_ids[0] == in_test_vpc.instance_ids[0]'
- name: check that source_dest_check was set to false
assert:
that: 'not remake_in_test_vpc.instances[0].source_dest_check'
- name: Try to re-make the instance, hopefully this shows changed=False
ec2_instance:
name: "{{ resource_prefix }}-test-basic-vpc-create"
image_id: "{{ ec2_ami_image[aws_region] }}"
user_data: |
#cloud-config
package_upgrade: true
package_update: true
tags:
TestId: "{{ resource_prefix }}"
Something: else
security_groups: "{{ sg.group_id }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
instance_type: t2.micro
<<: *aws_connection_info
register: remake_in_test_vpc
- name: "Remaking the same instance resulted in no changes"
assert:
that: not remake_in_test_vpc.changed
- name: check that instance IDs match anyway
assert:
that: 'remake_in_test_vpc.instance_ids[0] == in_test_vpc.instance_ids[0]'
- name: check that source_dest_check was set to false
assert:
that: 'not remake_in_test_vpc.instances[0].source_dest_check'
- name: "fact presented ec2 instance"
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-basic-vpc-create"
<<: *aws_connection_info
register: presented_instance_fact
- name: "fact presented ec2 instance"
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-basic-vpc-create"
<<: *aws_connection_info
register: presented_instance_fact
- name: "fact checkmode ec2 instance"
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-basic-vpc-create-checkmode"
<<: *aws_connection_info
register: checkmode_instance_fact
- name: "fact checkmode ec2 instance"
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-basic-vpc-create-checkmode"
<<: *aws_connection_info
register: checkmode_instance_fact
- name: "Confirm whether the check mode is working normally."
assert:
that:
- "{{ presented_instance_fact.instances | length }} > 0"
- "{{ checkmode_instance_fact.instances | length }} == 0"
- name: "Confirm whether the check mode is working normally."
assert:
that:
- "{{ presented_instance_fact.instances | length }} > 0"
- "{{ checkmode_instance_fact.instances | length }} == 0"
- name: Alter it by adding tags
ec2_instance:
name: "{{ resource_prefix }}-test-basic-vpc-create"
image_id: "{{ ec2_ami_image[aws_region] }}"
tags:
TestId: "{{ resource_prefix }}"
Another: thing
security_groups: "{{ sg.group_id }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
instance_type: t2.micro
<<: *aws_connection_info
register: add_another_tag
- name: Alter it by adding tags
ec2_instance:
name: "{{ resource_prefix }}-test-basic-vpc-create"
image_id: "{{ ec2_ami_image[aws_region] }}"
tags:
TestId: "{{ resource_prefix }}"
Another: thing
security_groups: "{{ sg.group_id }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
instance_type: t2.micro
<<: *aws_connection_info
register: add_another_tag
- ec2_instance_info:
instance_ids: "{{ add_another_tag.instance_ids }}"
<<: *aws_connection_info
register: check_tags
- name: "Remaking the same instance resulted in no changes"
assert:
that:
- check_tags.instances[0].tags.Another == 'thing'
- check_tags.instances[0].tags.Something == 'else'
- ec2_instance_info:
instance_ids: "{{ add_another_tag.instance_ids }}"
<<: *aws_connection_info
register: check_tags
- name: "Remaking the same instance resulted in no changes"
assert:
that:
- check_tags.instances[0].tags.Another == 'thing'
- check_tags.instances[0].tags.Something == 'else'
- name: Purge a tag
ec2_instance:
name: "{{ resource_prefix }}-test-basic-vpc-create"
image_id: "{{ ec2_ami_image[aws_region] }}"
purge_tags: true
tags:
TestId: "{{ resource_prefix }}"
Another: thing
security_groups: "{{ sg.group_id }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
instance_type: t2.micro
<<: *aws_connection_info
- name: Purge a tag
ec2_instance:
name: "{{ resource_prefix }}-test-basic-vpc-create"
image_id: "{{ ec2_ami_image[aws_region] }}"
purge_tags: true
tags:
TestId: "{{ resource_prefix }}"
Another: thing
security_groups: "{{ sg.group_id }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
instance_type: t2.micro
<<: *aws_connection_info
- ec2_instance_info:
instance_ids: "{{ add_another_tag.instance_ids }}"
<<: *aws_connection_info
register: check_tags
- ec2_instance_info:
instance_ids: "{{ add_another_tag.instance_ids }}"
<<: *aws_connection_info
register: check_tags
- name: "Remaking the same instance resulted in no changes"
assert:
that:
- "'Something' not in check_tags.instances[0].tags"
- name: "Remaking the same instance resulted in no changes"
assert:
that:
- "'Something' not in check_tags.instances[0].tags"
- name: Terminate instance
ec2_instance:
filters:
tag:TestId: "{{ resource_prefix }}"
state: absent
wait: false
<<: *aws_connection_info
register: result
- assert:
that: result.changed
- name: check that subnet-default public IP rule was followed
assert:
that:
- check_tags.instances[0].public_dns_name == ""
- check_tags.instances[0].private_ip_address.startswith("10.22.33")
- check_tags.instances[0].subnet_id == testing_subnet_b.subnet.id
- name: check that tags were applied
assert:
that:
- check_tags.instances[0].tags.Name.startswith(resource_prefix)
- "'{{ check_tags.instances[0].state.name }}' in ['pending', 'running']"
- name: Terminate instance
ec2_instance:
instance_ids: "{{ add_another_tag.instance_ids }}"
state: absent
wait: false
<<: *aws_connection_info
register: result
- assert:
that: not result.changed
- name: Terminate instance
ec2_instance:
filters:
tag:TestId: "{{ resource_prefix }}"
state: absent
wait: false
<<: *aws_connection_info
register: result
- assert:
that: result.changed
- name: check that subnet-default public IP rule was followed
assert:
that:
- check_tags.instances[0].public_dns_name == ""
- check_tags.instances[0].private_ip_address.startswith("10.22.33")
- check_tags.instances[0].subnet_id == testing_subnet_b.subnet.id
- name: check that tags were applied
assert:
that:
- check_tags.instances[0].tags.Name.startswith(resource_prefix)
- "'{{ check_tags.instances[0].state.name }}' in ['pending', 'running']"
always:
- name: Terminate instance
ec2_instance:
filters:
tag:TestId: "{{ resource_prefix }}"
state: absent
wait: false
<<: *aws_connection_info
register: result
ignore_errors: yes

191
test/integration/targets/ec2_instance/tasks/termination_protection.yml
View file

@ -1,94 +1,107 @@
- name: set connection information for all tasks
set_fact:
aws_connection_info: &aws_connection_info
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token }}"
region: "{{ aws_region }}"
no_log: true
- name: Make termination-protected instance in the testing subnet created in the test VPC
ec2_instance:
name: "{{ resource_prefix }}-test-protected-instance-in-vpc"
image_id: "{{ ec2_ami_image[aws_region] }}"
tags:
TestId: "{{ resource_prefix }}"
security_groups: "{{ sg.group_id }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
termination_protection: true
instance_type: t2.micro
state: running
<<: *aws_connection_info
register: in_test_vpc
- block:
- name: set connection information for all tasks
set_fact:
aws_connection_info: &aws_connection_info
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token }}"
region: "{{ aws_region }}"
no_log: true
- name: Make termination-protected instance in the testing subnet created in the test VPC(check mode)
ec2_instance:
name: "{{ resource_prefix }}-test-protected-instance-in-vpc-checkmode"
image_id: "{{ ec2_ami_image[aws_region] }}"
tags:
TestId: "{{ resource_prefix }}"
security_groups: "{{ sg.group_id }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
termination_protection: true
instance_type: t2.micro
<<: *aws_connection_info
check_mode: yes
- name: Make termination-protected instance in the testing subnet created in the test VPC
ec2_instance:
name: "{{ resource_prefix }}-test-protected-instance-in-vpc"
image_id: "{{ ec2_ami_image[aws_region] }}"
tags:
TestId: "{{ resource_prefix }}"
security_groups: "{{ sg.group_id }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
termination_protection: true
instance_type: t2.micro
state: running
<<: *aws_connection_info
register: in_test_vpc
- name: "fact presented ec2 instance"
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-protected-instance-in-vpc"
<<: *aws_connection_info
register: presented_instance_fact
- name: Make termination-protected instance in the testing subnet created in the test VPC(check mode)
ec2_instance:
name: "{{ resource_prefix }}-test-protected-instance-in-vpc-checkmode"
image_id: "{{ ec2_ami_image[aws_region] }}"
tags:
TestId: "{{ resource_prefix }}"
security_groups: "{{ sg.group_id }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
termination_protection: true
instance_type: t2.micro
<<: *aws_connection_info
check_mode: yes
- name: "fact checkmode ec2 instance"
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-protected-instance-in-vpc-checkmode"
<<: *aws_connection_info
register: checkmode_instance_fact
- name: "fact presented ec2 instance"
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-protected-instance-in-vpc"
<<: *aws_connection_info
register: presented_instance_fact
- name: "Confirm whether the check mode is working normally."
assert:
that:
- "{{ presented_instance_fact.instances | length }} > 0"
- "'{{ presented_instance_fact.instances.0.state.name }}' in ['running', 'pending']"
- "{{ checkmode_instance_fact.instances | length }} == 0"
- name: "fact checkmode ec2 instance"
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-protected-instance-in-vpc-checkmode"
<<: *aws_connection_info
register: checkmode_instance_fact
- name: Try to terminate the instance
ec2_instance:
state: absent
name: "{{ resource_prefix }}-test-protected-instance-in-vpc"
image_id: "{{ ec2_ami_image[aws_region] }}"
tags:
TestId: "{{ resource_prefix }}"
security_groups: "{{ sg.group_id }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
termination_protection: true
instance_type: t2.micro
<<: *aws_connection_info
register: bad_terminate
ignore_errors: yes
- name: Cannot terminate protected instance
assert:
that:
- bad_terminate is failed
- name: Alter termination protection setting
ec2_instance:
name: "{{ resource_prefix }}-test-protected-instance-in-vpc"
image_id: "{{ ec2_ami_image[aws_region] }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
termination_protection: false
instance_type: t2.micro
<<: *aws_connection_info
- name: Try to terminate the instance again (should work)
ec2_instance:
name: "{{ resource_prefix }}-test-protected-instance-in-vpc"
image_id: "{{ ec2_ami_image[aws_region] }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
instance_type: t2.micro
state: absent
wait: false
<<: *aws_connection_info
register: terminate_results
- assert:
that: terminate_results is not failed
- name: "Confirm whether the check mode is working normally."
assert:
that:
- "{{ presented_instance_fact.instances | length }} > 0"
- "'{{ presented_instance_fact.instances.0.state.name }}' in ['running', 'pending']"
- "{{ checkmode_instance_fact.instances | length }} == 0"
- name: Try to terminate the instance
ec2_instance:
state: absent
name: "{{ resource_prefix }}-test-protected-instance-in-vpc"
image_id: "{{ ec2_ami_image[aws_region] }}"
tags:
TestId: "{{ resource_prefix }}"
security_groups: "{{ sg.group_id }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
termination_protection: true
instance_type: t2.micro
<<: *aws_connection_info
register: bad_terminate
ignore_errors: yes
- name: Cannot terminate protected instance
assert:
that:
- bad_terminate is failed
- name: Alter termination protection setting
ec2_instance:
name: "{{ resource_prefix }}-test-protected-instance-in-vpc"
image_id: "{{ ec2_ami_image[aws_region] }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
termination_protection: false
instance_type: t2.micro
<<: *aws_connection_info
- name: Try to terminate the instance again (should work)
ec2_instance:
name: "{{ resource_prefix }}-test-protected-instance-in-vpc"
image_id: "{{ ec2_ami_image[aws_region] }}"
vpc_subnet_id: "{{ testing_subnet_b.subnet.id }}"
instance_type: t2.micro
state: absent
wait: false
<<: *aws_connection_info
register: terminate_results
- assert:
that: terminate_results is not failed
always:
- name: Terminate instance
ec2_instance:
filters:
tag:TestId: "{{ resource_prefix }}"
state: absent
wait: false
<<: *aws_connection_info
register: result
ignore_errors: yes