Commit graph

492 commits

Author SHA1 Message Date
Mark Chappell
b5f484dcc3 ec2_eip Don't throw an exception when re-releasing an EIP (idempotency) (#62332)
* ec2_eip: (integration tests) move to using module_defaults

* ec2_eip: (integration tests) expand integration tests

Also clean up a little
- Delete EIPs when we finish testing them (reduce the chance of hitting limits)
- Rejig deletion so that it works when runs fail
- Add tests for ec2_eip_info

* ec2_eip: Minor doc tweaks

* ec2_eip: Don't throw an exception when we try to disassociate an already disassociated EIP

* ec2_eip: Add missing IAM policy (manage IGWs)

* ec2_eip: (integration tests) Use the VPC as a crude lock to avoid running parallel tests

We test that untagged EIPs come and go as we expect, if multiple tests are
running in parallel this confuses things

* Fix ec2_eip association
2019-11-13 13:27:35 -07:00
Matthew Davis
4ee9f40e62 Add aws_acm module (#60552)
* convert aws_acm_facts to AnsibleAWSModule

* factor aws_acm_facts into module_utils

* add more filtering options for aws_acm_info

* add aws_acm module and tests

* uncomment aws_acm test

* fix linting for aws_acm

* fix __future__ linting for aws_acm

* fix linting for aws_acm

* fix linting for aws_acm

* fix linting for aws_acm

* fix linting for aws_acm

* fix aws_acm_info arg type

* remove test for old module name aws_acm_facts

* simplify AWS ACM client creation

* fix indent typo in aws_acm test

* catch BotoCoreError in aws_acm

* fix indent typo in aws_acm test

* tighten AWS ACM test policy resource

* move aws acm int test to venv

* remove errant file

* fix AWS ACM int test perms

* undo copyright addition to wrong file

* fix invalid log message in aws_acm

Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com>

* rephrase aws_acm_info doc from facts to information

Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com>

* rename aws_facts var to aws_info

* remove case insensitivity for aws_acm pem compare

* add no_log for aws_acm credential setting

* add per-test prefix to aws_acm test resource names

* make aws_acm use crypto module_util

* clarify copyright for aws_acm

* make aws_acm int test clearer

* add explicit crypto dependency to aws_acm

* change requests for aws_acm pr

* fix wrong copyright owner aws_acm test

* fix wrong copyright owner aws_acm test

* rewrite aws_acm cert chain compare with regex, no dependency

* fix linting for aws_acm unit test

* fix linting for aws_acm unit test

* fix linting and duplicate ignore

* fix failed cert chain split in aws_acm, add more tests

* remove errant file

* more linting fixes for aws_acm

* fix sanity ignore

* rewrite cert compare in aws_acm to use base64 decode

* improve regex for pem cert chain split in aws_acm

* undo changes to crypto module util for aws_acm

* increment ansible version for new aws_acm module

* convert aws_acm return(x) to return x

* increment version added for aws_acm_info new features

* fix linting

* fix bugs with AWS ACM

* fix bad rebase

* disable AWS ACM integration test, due to AWS account limit issue

* remove aws acm integration test from shippable group
2019-11-05 11:57:08 -07:00
Sandra McCann
c63ef6d911 update too old version to 2.4 (#64167) 2019-10-31 19:44:53 -05:00
Mark Chappell
ef7d060a3f AWS module_utils: Clear out Sanity Test issues (#63991) 2019-10-28 09:21:40 +00:00
Matt Martz
553767ef50
Reword the ticket stub for collections (#63917) 2019-10-24 12:39:08 -05:00
Mark Chappell
4d72b69035 rds_subnet_group : Sanity Check fixes (docs) and Integration tests (#63214)
* rds_subnet_group: Fixup sanity test issues

* rds_subnet_group: Add integration tests

* rds_subnet_group: Add testing policy
2019-10-23 08:27:07 -04:00
Sam Doran
4de516d35f Do not set ANSIBLE_LIBRARY in env-setup.fish (#63688)
Setting this env var was removed from env-setup back in 2014. Not sure why it is in this setup script and it interferes with the defult search path
2019-10-18 10:56:19 -04:00
Mark Chappell
8d0737edf0 Integration tests for s3_logging (#63257)
* s3_logging: (integration tests) updated AWS policy

* s3_logging: fix sanity test issues

* s3_logging: Integration tests

* Add pauses to cope with evenual consistency

* Mark s3_logging tests as 'unsupported' for now due to testing instability
2019-10-17 11:33:55 -07:00
Mark Chappell
dbc9444572 ec2_vpc_nacl and ec2_vpc_nacl_info migrate to AnsibleAWSModule and add tests (#63163)
* Move EC2 networking objects into network-policy.json

* ec2_vpc_nacl: Add integration tests

* ec2_vpc_nacl: Migrate tests to use module_defaults

* ec2_vpc_nacl: (integration tests) Add missing AWS permissions

* ec2_vpc_nacl: (integration tests) Update tests for ipv6 support

* ec2_vpc_nacl: Migrate to AnsibleAWSModule

* Fix sanity tests for ec2_vpc_nacl and ec2_vpc_nacl_info

* ec2_vpc_nacl_info: Migrate to AnsibleAWSModule

* ec2_vpc_nacl_info: (integration tests) Rename from ec2_vpc_nacl_facts to ec2_vpc_nacl_info and add a test using a filter (by tag)

* Pick availability zones dynamically

Rather than assuming that AZa and AZb always exist (they don't), query to find out which AZs we have available first

* Test that the NACLs we get back are actually the *saml* NACL rather than duplicates/delete remove

* Cleanup IPv6 tests a little.

Note: IPv6 support for ec2_vpc_nacl not complete yet.

This provides the initial framework, and should ensure things don't start exploding when support is added.

* Removing subnets by name from a NACL *is* now supported

* Fix ec2_vpc_nacl return documentation
2019-10-08 13:27:24 -07:00
Mark Chappell
0239f70648 cloudtrail: Initial integration tests (#61919) 2019-09-20 18:46:37 -07:00
Mark Chappell
40660e7f6e iam_role : support managing max session duration and deleting the instance profile it creates (#62014)
* iam_role: Add support for managing MaxSessionDuration

* iam_role: Add support for deleting the IAM Instance Profiles we created

* iam_role: migrate all boto failures to fail_json_aws for consistency

* iam_role: test validity of path so we can throw a more understandable error

* iam_role: (integration tests) Split iam_role integration tests from sts_assume_role tests

- Make the iam_role tests more comprehensive
- Add tests for iam_role_info

* iam_role: (integration tests) Make some of our pauses optional

If the tests appear to be flakey we may need to enable standard_pauses
2019-09-20 13:26:29 -07:00
Felix Fontein
4393940a41 Docs formatting: recursively preprocess suboptions (#61900)
* Simplify code, move option massaging code into own function.
* Process suboptions recursively.
2019-09-11 19:08:52 -05:00
Toshio Kuratomi
b437a19f6d
create-deprecated-issues script can now add to a specified project (#61901)
* create-deprecated-issues script can now add to a specified project

* Migrate the create deprecated issues script into a subcommand of build-ansible

* Remove deprecated-issue script from ignore list
2019-09-09 17:28:52 -07:00
Mark Chappell
e0ebc8c9b4 Fixup aws_secret integration tests (#61241)
* aws_secret: (integration tests) Move tests to using module_defaults

* Update hacking aws security policy to enable management of secrets

* aws_secret: (integration tests) Fixup integration tests
- Update tests to use resource_prefix as a prefix rather than a suffix
- Pause after role creation to cope with AWS being slow (and returning before the role it ready)
2019-09-09 15:23:19 -07:00
Tom De Keyser
6f74fca238 New module for AWS Step Functions state machines (#59116)
* add new module: aws_stepfunctions_state_machine

* add integration tests for new module: aws_stepfunctions_state_machine

* fix sanity checks

* use files/ folder instead for integration test

* rename role name in integration test

* attempt further permissions

* iam states prefix

* iam integration test prefix

* add iam policy for running step functions state machine actions

* slightly increase iam permission scope

* rename integration test folder to proper name

* move main() method to end of file

* move contents of integration-policy.json for state machines to compute-policy.json

* make check_mode return proper changed value + add check_mode integration tests

* rename module to aws_step_functions_state_machine

* fix missed rename in integration test variable

* add purge_tags option

* bump to version 2.10
2019-09-09 10:08:21 -07:00
Matt Martz
4e2c70c13e
Include version_added in report.py (#61857) 2019-09-09 11:40:38 -05:00
Matt Martz
02c7f2f518
Add collections ticket stub (#62001)
* Add collections ticket stub

* typo

Co-Authored-By: John R Barker <john@johnrbarker.com>
2019-09-09 10:47:47 -05:00
Mark Chappell
b8650c0a50 aws_asg: Fix idempotency when using tags and metrics (#61284)
* Update AWS hacking policy to enable ASG Tagging management

* aws_asg: Add tests for ASG Tagging (including idempotency)

* aws_asg: ignore sort order when comparing tags on the ASG (fix idempotency)

* ec2_asg: (integration tests) test for idempotency when managing metrics collection

* ec2_asg: sort list of enabled metrics to ensure clean comparisons.
2019-09-06 12:48:40 -07:00
Mark Chappell
832e03d932 Fixup iam_group integration tests and return value documentation (#61243)
* iam_group: (integration tests) migrate tests to module_defaults

* iam_group: (integration tests) migrate to using temporary user and group with {{ resource_prefix }}

* iam_group: (integration tests) fix test, checking the return values

* iam_group: (integration tests) Add some more tests around the behaviour of 'changed'

* iam_group: (docs) Update documentation of iam_group return value

* Update AWS testing policies to enable group/user management
2019-09-05 19:25:36 -04:00
Mark Chappell
adfaefb732 ec2_launch_template: Fix integration tests (#61260)
* ec2_launch_template: (integration tests) make sure security_token is optional

* ec2_launch_template: (integration tests) add dependencies at the top level so they're pulled into the docker containers

* Update Hacking Compute Policies for Launch Templates
2019-09-04 15:33:01 -04:00
Mark Chappell
35359959de aws_codecommit: Fix integration tests and Add support for updating the description (#61263)
* Update DevOps AWS policy
- Fix typos in permission names
- While AWS claims you can use 'arn:aws:codecommit:*' it errors unless you use '*'

* aws_codecommit: (integration tests) Migrate to module_defaults

* aws_codecommit: (integration tests) Fix integration tests

* aws_codecommit: (integration tests) Add tests for updating the description

* aws_codecommit: Add support for updating the description and rename "comment" option to "description"
2019-08-30 11:25:37 -07:00
Toshio Kuratomi
8f6dbb732a
[WIP] Cleanups and version bumping for 2.10 (#61572)
* Cleanups and version bumping for 2.10

* Fix changelog url now that stable has been branched

* Fix the lenth of the porting guide title now that the version is two digits
2019-08-30 09:54:12 -07:00
Matt Clay
f510d59943
Support relative imports in AnsiballZ. (#61196) 2019-08-27 18:11:21 -07:00
Mark Chappell
1f733e2d55 ec2_asg: fix the integration tests (#61212) 2019-08-23 14:53:47 -04:00
Mark Chappell
77e4371460 aws_kms: Update policy on existing keys (when passed) (#60059)
* aws_kms: (integration tests) Use module_defaults to reduce the copy and paste

* aws_kms: (integration tests) make sure policy option functions.

* aws_kms: (integration tests) Move iam_role creation to start of playbook.

iam_roles aren't fully created when iam_role completes, there's a delay on the Amazon side before they're fully recognised.

* aws_kms: Update policy on existing keys (when passed)
2019-08-23 20:38:38 +10:00
Mark Chappell
70777020c4 Fix iam_password_policy integration tests (#60930)
* iam_password_policy: (integration tests) Use module defaults for AWS connection details

* iam_password_policy: (integration tests) Ensure the policy is removed when tests fail

* iam_password_policy: (integration tests) Add regression test for #59102

* iam_password_policy: Only return changed when the policy changes.

* iam_password_policy: PasswordReusePrevention must be omitted to remove/set to 0

* #60930 add changelog

* Update hacking AWS security policy to allow testing of Password Policy Management
2019-08-22 23:25:25 +10:00
Toshio Kuratomi
d9b3af523b Galaxy meta docs table (#60171)
* Use an rst table instead of a raw html table

* Rst is easier to read so we want to use it wherever possible
* Fix the jinja2 filters which create links so that they do not include
  extraneous whitespace in the URL

* Normalize description data before sending them to the templates
2019-08-13 15:00:13 -05:00
Matt Clay
d651bda123
Relocate ansible-test code. (#60147)
* Initial move of `test/runner/` content.

`test/runner/lib/` -> `test/lib/ansible_test/_internal/`
`test/runner/`     -> `test/lib/ansible_test/_internal/data/`

* Initial move of `test/sanity/` content.

`test/sanity/` -> `test/lib/ansible_test/_internal/data/sanity/` (except `test/sanity/ignore.txt`)

* Initial move of `test/units/pytest/` content.

`test/units/pytest/` -> `test/lib/ansible_test/_internal/data/pytest/`

* Follow-up move of `test/runner/unit/` content.

`test/lib/ansible_test/_internal/data/unit/` -> `test/lib/ansible_test/tests/unit/`

* Initial move of `ansible.cfg` content.

`test/units/ansible.cfg` -> `test/lib/ansible_test/_internal/data/units/ansible.cfg`
`test/env/ansible.cfg` -> `test/lib/ansible_test/_internal/data/env/ansible.cfg`

* Follow-up move of `data` directory.

`test/lib/ansible_test/_internal/data/` -> `test/lib/ansible_test/_data/`

* Update import statements.

* Add missing __init__.py for unit tests.

* Fix path references and miscellaneous issues.
2019-08-06 14:43:29 -07:00
Jesse Evers
e410dcbfed Add logic to handle multiple actions in an ALB listener rule, Fixes #41861 (#41975)
* added logic to handle multiple actions in an ALB listener rule (#41861)

* fix linting and pep8 issues

* added test for multiple actions using OIDC authentication

* added error messages related to old versions of botocore and multiple actions

* fix action validation error checks (need to check the exception string)

* added logic to make oidc configs idempotent (remove clientsecret for check)

* modified TargetGroupName to TargetGroupArn substitution to account for multiple rule actions

* refactored tests so that it can be run against different versions of botocore

* fix runme.sh to refelct changes to cloud testsuite

* add UseExistingClientSecret to oidc config (AWS api change)

* remove tests for OIDC auth action; add tests for redirect and fixed-response

* add in fixes from markuman and mjmayer

* remove documentation for cognito integration (not sure how to test); added example config for fixed-response and redirect actions

* renamed oidc/multiple action tests; leaving commented due to some AWS API changes

* pep8 fix

* more pep8 fixes

* Restructure elb_application_lb test suite

Move from runme.sh to virtualenv based roles

Update policies to fix tests

Don't log temp dir deletion, so many files in the diff!
2019-08-02 10:40:53 +10:00
Toshio Kuratomi
0e9f002073 Fix build-ansible.py release-announcement
* When the release scripts were changed, this file to implement release
  announcements was left out

* Add announce.py to the compile skip lists as only the release engineers
  run this during package build.
2019-07-26 16:39:56 -07:00
Will Thames
60c76be03c rds_instance: add point-in-time instance restore test (#59411) 2019-07-25 09:49:08 -04:00
Jordan Borean
65049620ee
Generate galaxy.yml based on single source of truth (#59170)
* Generate galaxy.yml based on single source of truth

* Fix up tests and align file names

* Minor Makefile tweak

* Remove link in galaxy.yml file and make it a template file

* Moved collections docs to dev_guide

* change Makefile clean path

* Added readme to example meta file

* review fixes

* Use newer style for doc generation script

* Fix mistake in dev_guide index

* removed uneeded file, fixed links and added preview banner

* Moved banner for sanity test
2019-07-23 06:50:46 +10:00
Aljaž Košir
42073b6331 Add lambda_bucket_event module (#58059) 2019-07-18 10:54:01 -07:00
Toshio Kuratomi
5392d8697d
Docs scripts cleanup (#59169)
* Fix dump_keywords to require attribute docs

* Change the documentation commands to make definition files positional

Since the definition files are mandatory, make them positional
parameters instead of options.
2019-07-17 12:01:07 -07:00
Toshio Kuratomi
019d078a5a
Move common build code from _build_helpers (#55986)
We have some common code used by several docs scripts.  Migrate that
into the build-only shared code repository.

* Move lib/ansible/utils/_build_helpers.py to the directory for common
  build code
* Migrate docs/bin/dump_config.py to a build-ansible subcommand
* Migrate dump_keywords to the build-ansible framework
  * Make the script more maintainable by using functions and good
    variable names
  * Port to Python3 idioms
  * Fix bug so that private attributes will be undocumented
* Move generate_man to a build-ansible subcommand
* Port plugin_formatter to a build-ansible subcommand
* Rework command_plugins so that docs scripts can target Python-3.4+ and
  releng-only subcommands can use more recent versions of Python.
  The architecture is now that command_plugins/* need to be importable
  on Python-3.4.  The init_parsers() method needs to run on Python-3.4.
  But the main() method can utilize features of more recent Python as
  long as it fits within those parameters.
* Update docs build requirements

Port the plugin_formatter to build-ansible framework
2019-07-16 12:19:01 -07:00
Toshio Kuratomi
33d2728879 Rename python files in hacking/ directory to have .py suffix
ansible-test only passes files which have the .py suffix for sanity
tests on python files.  This change will allow sanity tests to run on
the Python files in hacking/

* Rename test-module to test-module.py
* Symlink test-module for backwards compat since end users may be using
  test-module
* Fix test-module sanity errors that are now triggered
* Rename ansible_profile to ansible-profile.py
* Rename build-ansible
2019-07-10 22:17:35 -07:00
Will Thames
60fb9fc208 Fix EC2 test suite to work with testing policies (#44387)
* Update testing policies to ensure all required permissions are present
* Tidy up security policies to reduce duplicate permissions
* Make roles static so that they can be present before CI is run,
  meaning that role creation permission is not required by the CI
  itself, only by someone setting up the roles prior to testing
* Move contents to cloudfront policy to network policy to ensure policy
  count (maximum of 10) stays low
* Maintain compute policy below 6144 bytes
2019-07-04 15:25:19 -04:00
Will Thames
a6d757e074 Ensure block device instance creation outputs instances
Not waiting outputs results in a format that will never
be matched by the tests

Ensure instances get tidied up

Allow ec2:ReportInstanceStatus

ec2_instance: Improve test cleanup on failing tests

Improve describe/modify attribute error handling

Address feedback on PR
2019-07-02 17:48:07 -04:00
Sam Doran
ab6a9ef130
Get minor version number for CentOS and Debian (#57814)
* Get the most detailed version number from distro.version() for CentOS and Debian
* Update tests and fixtures
* Update fixture generation script to gather distro info and work with Python 3
* Update LinuxMint fixtures
* Cleanup fixture formatting
* Improvements based on feedback from abadger:
    - use unicode since that is what distro returns
    - use frozenset with a tuple
    - include link Debian to bug
2019-06-28 19:21:35 -04:00
Elijah Lynn
19c6448459 Fix "no matches for wildcard" error in env-setup.fish script. (#58345)
See https://github.com/ansible/ansible/pull/58345#discussion_r297288979
2019-06-27 18:15:11 -04:00
Will Thames
eda5dd826f Add rds_snapshot module (#39994)
* new module uses modern ansible AWS standards
* adds additional tests for snapshots
* Update return_skeleton_generator for python3 - should
  set type to `str`, not `string`.
2019-06-26 16:27:11 -07:00
Will Thames
a09aa205e1 Fix RDS test suite and minor bugs revealed (#57940)
* Update testing policy to be correct for RDS test suite
* Create read replica in same region to avoid more permissions being
  required
* Ensure modifying DB doesn't try to downgrade engine version
* Add tags to main test suite to limit number of tests run for problem
  solving
2019-06-25 09:54:03 -04:00
Kohei Asano
ddf6d096c5 Support the new TLS termination on NLBs (#51327) (#58031) 2019-06-20 17:03:04 -07:00
Will Thames
924352a051 ecs_cluster test suite refactor (#57716)
* Combine testing policies

Because of the maximum of 10 policies per group, need to
consolidate testing policies as best we can.

* Tidy put-account-setting tasks and add permission

Using `environment` and `command` rather than `shell` avoids the
need for `no_log` and means that people can fix the problem

* refactor ecs_cluster test suite

move from runme.sh technique to virtualenv

use ec2_instance rather than ec2 module to
avoid need for boto
2019-06-17 11:41:20 -07:00
Stefan Horning
77ec0549b0 New module for AWS CodeBuild (#47187)
* New AWS module for the CodeBuild service, called aws_codebuild

* Integration test for new aws_codebuild module
2019-06-12 10:25:53 -04:00
Ed Costello
2013d4abc4 Update setup-iam playbook to use aws_caller_info rather than deprecated (#57675)
aws_caller_facts
2019-06-11 09:23:56 -04:00
Stefan Horning
ddfaa83ccf s3_bucket: add encryption capabilities to the module (#55985)
* s3_bucket: add encryption capabilities to the module
2019-06-03 11:25:09 -07:00
mjmayer
c8e179fbf1 Aws waf region (#48953)
* Add waiter for AWSRegional

* Add support for WAF Regional

* Add support for regional waf web acl

* Remove set_trace, pep formatting

* Add paginator for regional_waf

* Change name of param for waf_regional

This is more in line with how AWS refers to the service. Additional
 changes made to how client is called. Used ternary to reduce if
 statements

* Change parameter name to waf_regional

* Add support for removal waf regional condition

* Change parameter from cloudfront to waf_regional

* Added state: absent waf rule

* Remove set_trace

* Add integration tests for waf regional

* WIP: adding region parameter to tests

* Add support for waf facts module

* Add region to waf regional integration tests

* Update security policy for waf regional testing

* Add type to documentation for waf_regional param
2019-05-17 10:36:14 +10:00
Toshio Kuratomi
3161a91d7e
Implement a framework for having common code for release scripts (#55893)
* Implement a framework for having common code for release scripts

* Release scripts will go through hacking/build-ansible.  build-ansible is
  a pluggable script which will set a directory that has common code for
  non-enduser scripts.  It will then invoke the plugin which implements
  that subcommand.  Uses straight.plugin for loading each sub-command.

* We're going to add tools which are needed to test ansible (the changelog
  generation, for instance) so we need to include the pieces relevant to
  that in the tarball.

* Add straight.plugin to the sanity test requirements for the same
  reason

* Skip compile test just for build-ansible plugins which won't be run as
  part of sanity tests.
2019-05-01 13:57:03 -05:00
Matt Martz
65dcb4242a
Fix deprecated issue creator (#55327) 2019-04-15 15:28:25 -05:00