Commit graph

30 commits

Author SHA1 Message Date
Mark Chappell
da30e6d2e1
sqs_queue - Move to boto3 and add support for various extra features (#66795)
* reworked sqs_queue

* Switch default purge_tags behaviour to false.

This matches the behaviour of ec2_tag and ecs_tag.

* Minor lint / review fixups

* Add missing AWS IAM policy for SQS tests

* Move integration tests to using module_defaults: group/aws:...

* add changelog

* Break out the 'compatability' map from our spec definition (gets flagged by the schema validation)

* Tweaks based on review

* add basic examples

* Lint fixups

* Switch out NonExistentQueue logic so it's easier to follow

* Reorder name argument options for consistency

Co-authored-by: Dennis Podkovyrin <dennis.podkovyrin@gmail.com>
2020-02-27 15:26:20 -07:00
Mark Chappell
9c6495d4d4
elb_target / elb_target_info : Integration test fixups (#61256)
* Update AWS policy to enable management of TargetGroups

* elb_target: (integration tests) migrate to using module_defaults

* elb_target: (integration tests) lookup the AMI by name rather than hard coding AMI IDs

* elb_target_info: (integration tests) finish rename of integration test role

* elb_target: (integration tests) rename various resources to consistently use {{ resource_prefix }}

* elb_target_info: (integration tests) Migrate to using module_defaults

* elb_target_info: (integration tests) Lookup AMI by name rather than hard coding AMI IDs

* Apply suggestions from code review

Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com>

* elb_target: (integration tests) Remove the 'unsupported' alias

* Try bumping up the timeout

* Rules don't permit 'shippable' (resource_prefix uses this when run in shippable)

* Try bumping up more timeouts :/

* Avoid double evaluation of target_health assertion

* Simplify target_type usage a little (rather than constantly performing a lookup)

* mark elb_target tests 'unstable' for now, they're slow

Co-authored-by: Jill R <4121322+jillr@users.noreply.github.com>
2020-02-20 17:13:09 -07:00
Mark Chappell
b3db41e6d8
Fix hacking policy (#67579) 2020-02-19 12:05:43 -05:00
Prasad Katti
b16525b841 [aws] integration tests for ec2_vol (#66193) 2020-01-23 15:34:06 -07:00
Prasad Katti
056b035c98 add module aws_step_functions_state_machine_execution (#64431)
* add module aws_step_functions_state_machine_execution

* AWS step functions tests - Use module defaults

* Return all attributes from aws api calls as ansible task output

* aws_sfn - make start and stop execution idempotent and fix check mode

* aws sfn - use build_full_result method of the paginator

* aws sfn - remove changes made to help with local debugging
2019-12-10 14:08:49 -05:00
Prasad Katti
37ce55fd79 lightsail - Use AnsibleAWSModule (#65275)
* lightsail - Use AnsibleAWSModule

- Use AnsibleAWSModule
- Refactor the logic for wait into a separate function (Fixes #63869)
- Handle exceptions in find_instance_info and add a fail_if_not_found parameter
- Add a new state `rebooted` as an alias for `restarted`. AWS calls the action Reboot.
- Add required_if clause for when state is present

* lightsail - Use the default keypair if one is not provided

* lightsail - add a required_if for when state=present

* Update short description for lightsail module
2019-12-02 13:12:44 -07:00
Prasad Katti
95bd92da04 Add integration tests for aws lightsail (#63770)
* Add integration tests for aws lightsail

* lightsail - use module_defaults instead of aws_connection_info

* lightsail tests - assert instance state on create

* Fix yaml syntax error

Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com>

* [lightsail] create keypair as part of the testsuite

* Fix lightsail actions in compute-policy

* Add ability to delete keypair in lightsail_keypair
2019-11-21 16:53:36 -07:00
Mark Chappell
dbc9444572 ec2_vpc_nacl and ec2_vpc_nacl_info migrate to AnsibleAWSModule and add tests (#63163)
* Move EC2 networking objects into network-policy.json

* ec2_vpc_nacl: Add integration tests

* ec2_vpc_nacl: Migrate tests to use module_defaults

* ec2_vpc_nacl: (integration tests) Add missing AWS permissions

* ec2_vpc_nacl: (integration tests) Update tests for ipv6 support

* ec2_vpc_nacl: Migrate to AnsibleAWSModule

* Fix sanity tests for ec2_vpc_nacl and ec2_vpc_nacl_info

* ec2_vpc_nacl_info: Migrate to AnsibleAWSModule

* ec2_vpc_nacl_info: (integration tests) Rename from ec2_vpc_nacl_facts to ec2_vpc_nacl_info and add a test using a filter (by tag)

* Pick availability zones dynamically

Rather than assuming that AZa and AZb always exist (they don't), query to find out which AZs we have available first

* Test that the NACLs we get back are actually the *saml* NACL rather than duplicates/delete remove

* Cleanup IPv6 tests a little.

Note: IPv6 support for ec2_vpc_nacl not complete yet.

This provides the initial framework, and should ensure things don't start exploding when support is added.

* Removing subnets by name from a NACL *is* now supported

* Fix ec2_vpc_nacl return documentation
2019-10-08 13:27:24 -07:00
Tom De Keyser
6f74fca238 New module for AWS Step Functions state machines (#59116)
* add new module: aws_stepfunctions_state_machine

* add integration tests for new module: aws_stepfunctions_state_machine

* fix sanity checks

* use files/ folder instead for integration test

* rename role name in integration test

* attempt further permissions

* iam states prefix

* iam integration test prefix

* add iam policy for running step functions state machine actions

* slightly increase iam permission scope

* rename integration test folder to proper name

* move main() method to end of file

* move contents of integration-policy.json for state machines to compute-policy.json

* make check_mode return proper changed value + add check_mode integration tests

* rename module to aws_step_functions_state_machine

* fix missed rename in integration test variable

* add purge_tags option

* bump to version 2.10
2019-09-09 10:08:21 -07:00
Mark Chappell
b8650c0a50 aws_asg: Fix idempotency when using tags and metrics (#61284)
* Update AWS hacking policy to enable ASG Tagging management

* aws_asg: Add tests for ASG Tagging (including idempotency)

* aws_asg: ignore sort order when comparing tags on the ASG (fix idempotency)

* ec2_asg: (integration tests) test for idempotency when managing metrics collection

* ec2_asg: sort list of enabled metrics to ensure clean comparisons.
2019-09-06 12:48:40 -07:00
Mark Chappell
adfaefb732 ec2_launch_template: Fix integration tests (#61260)
* ec2_launch_template: (integration tests) make sure security_token is optional

* ec2_launch_template: (integration tests) add dependencies at the top level so they're pulled into the docker containers

* Update Hacking Compute Policies for Launch Templates
2019-09-04 15:33:01 -04:00
Mark Chappell
1f733e2d55 ec2_asg: fix the integration tests (#61212) 2019-08-23 14:53:47 -04:00
Jesse Evers
e410dcbfed Add logic to handle multiple actions in an ALB listener rule, Fixes #41861 (#41975)
* added logic to handle multiple actions in an ALB listener rule (#41861)

* fix linting and pep8 issues

* added test for multiple actions using OIDC authentication

* added error messages related to old versions of botocore and multiple actions

* fix action validation error checks (need to check the exception string)

* added logic to make oidc configs idempotent (remove clientsecret for check)

* modified TargetGroupName to TargetGroupArn substitution to account for multiple rule actions

* refactored tests so that it can be run against different versions of botocore

* fix runme.sh to refelct changes to cloud testsuite

* add UseExistingClientSecret to oidc config (AWS api change)

* remove tests for OIDC auth action; add tests for redirect and fixed-response

* add in fixes from markuman and mjmayer

* remove documentation for cognito integration (not sure how to test); added example config for fixed-response and redirect actions

* renamed oidc/multiple action tests; leaving commented due to some AWS API changes

* pep8 fix

* more pep8 fixes

* Restructure elb_application_lb test suite

Move from runme.sh to virtualenv based roles

Update policies to fix tests

Don't log temp dir deletion, so many files in the diff!
2019-08-02 10:40:53 +10:00
Will Thames
60fb9fc208 Fix EC2 test suite to work with testing policies (#44387)
* Update testing policies to ensure all required permissions are present
* Tidy up security policies to reduce duplicate permissions
* Make roles static so that they can be present before CI is run,
  meaning that role creation permission is not required by the CI
  itself, only by someone setting up the roles prior to testing
* Move contents to cloudfront policy to network policy to ensure policy
  count (maximum of 10) stays low
* Maintain compute policy below 6144 bytes
2019-07-04 15:25:19 -04:00
Will Thames
a6d757e074 Ensure block device instance creation outputs instances
Not waiting outputs results in a format that will never
be matched by the tests

Ensure instances get tidied up

Allow ec2:ReportInstanceStatus

ec2_instance: Improve test cleanup on failing tests

Improve describe/modify attribute error handling

Address feedback on PR
2019-07-02 17:48:07 -04:00
Andrea Tartaglia
5c6b16edc3 Fix ec2_instance eventual consistency when wait: false (#51885)
* Do not return 'instances' when wait is false

* Added integration tests for wait: false

* Added changelog fragment

* Fix test suite to work with ec2_instance

* Additional permissions
* Enforce boto3 version
* Fix broken tests
* Improve error messages

* fix linter issues
2019-03-06 22:46:37 +10:00
Ed Costello
b70d5d9aee [AWS] ses rule set module for inbound email processing (#42781)
* Add module ses_rule_set for Amazon SES

* Update behaviours and naming to be consistent with other aws_ses_ modules.

* Add global lock around tests using active rule sets to prevent intermittent test failures.

* Fix deletion of rule sets so that we don't inactivate the active rule set
when force deleting an inactive rule set.
2018-11-14 12:15:24 -05:00
Will Thames
60e3af42d5 sns_topic boto3 port (#39292)
* Port sns_topic to boto3 and add tests
2018-08-23 21:04:18 -04:00
flowerysong
a08668cf00 Port ec2_tag to boto3 (#39712)
* Add volume manipulation to EC2 integration test policy

* Port ec2_tag to boto3
2018-07-27 15:45:18 -04:00
Calvin Wu
7e42e88cc1 ecs_taskdefinition can absent without containers argument (#41398)
* ecs_taskdefinition can absent without containers argument

* add regression test for absent with arn

* Add PassRole privilege for ecs_cluster to pass
2018-07-12 23:16:41 +10:00
Will Thames
b235cb8734 aws_eks_cluster: New module for managing AWS EKS (#41183)
* aws_eks: New module for managing AWS EKS

aws_eks module is used for creating and removing EKS clusters.

Includes full test suite and updates to IAM policies to enable it.

* Clean up all security groups

* appease shippable

* Rename aws_eks module to aws_eks_cluster
2018-06-07 08:44:04 -04:00
Will Thames
a60fe1946c Remove ECS policies from AWS compute policy
The compute policy was exceeding maximum size and contained
policies that already exist in ecs-policy.

Look up suitable AMIs rather than hardcode

We don't want to maintain multiple image IDs for multiple regions
so use ec2_ami_facts to set a suitable image ID

Improve exception handling
2018-06-06 20:51:50 +10:00
Will Thames
809c7404ab Add two missing VPC permissions (#37896)
Remove VPC permissions from network-policy.json as they mostly duplicate
compute-policy.json permissions - separating the VPC and compute permissions
would likely lead to further confusion.
2018-05-25 06:31:54 -04:00
Madhura-CSI
b85970b2b0 New Module: ec2_vpc_vpn_facts (#35983)
* New module: ec2_vpc_vpn_facts

* Add integration tests for ec2_vpc_vpn_facts and the IAM permissions

* Add retry to VPC removal

* Use unique name for VGW

* Always clean up after tests and add retries
2018-05-15 12:13:46 -04:00
Will Thames
29770a297a Fail with nice error message if elb target_type=ip not supported (#38313)
* Add helpful failure message if target_type=ip is not supported

Create test case for target_type=ip not supported

* Update elb_target_group module to latest standards

Use AnsibleAWSModule
Improve exception handling
Improve connection handling
2018-05-03 08:36:52 -04:00
Ed Costello
0d31d1cd24 [cloud]Add aws_ses_identity_policy module for managing SES sending policies (#36623)
* Add aws_ses_identity_policy module for managing SES sending policies

* Add option to AnsibleAWSModule for applying a retry decorator to all calls.

* Add per-callsite opt in to retry behaviours in AnsibleAWSModule

* Update aws_ses_identity_policy module to opt in to retries at all callsites.

* Add test for aws_ses_identity_policy module with inline policy.

* Remove implicit retrys on boto resources since they're not working yet.
2018-04-05 15:11:12 -04:00
Ed Costello
d16bc1c3f4 New aws_ses_identity module to manage AWS Simple Email Service Identity (#31140)
* Add aws_ses_identity module

* Update CI alias, add BotoCoreError exception handling.

* Add SES and SNS permissions to hacking/aws_config to run aws_ses_identity integration tests
2018-01-29 15:35:49 -05:00
Will Thames
866d7fdce9 [cloud] Create ECS integration test suite (#33757)
Tests for:
* ecs_cluster
* ecs_service
* ecs_service_facts
* ecs_taskdefinition
* ecs_taskdefinition_facts

* Add idempotency testing

Test ecs_cluster, ecs_service and ecs_taskdefinition for trivial
idempotency. Add FIXMEs to the tests because the latter two fail.

Remove unused dependencies
2017-12-15 08:15:01 -05:00
Sloane Hertel
f5471b3dcb [cloud] ec2_vpc_net integration tests (#33111)
* Add some integration tests for ec2_vpc_net module

* Add a couple tests for check mode

fix typo

ensure the DHCP option set is cleaned up

* Add permissions to test policy
2017-12-05 16:41:16 -05:00
Will Thames
1ca0c0e7f7 Consolidate IAM policies into fewer, larger policies (#33122)
Due to IAM limits allowing at most 10 policies per group,
need to reduce the number of total policies in use.
2017-11-21 17:15:31 -05:00