ansible/test/integration/targets/ec2_group/tasks/multi_account.yml
Ryan Brown 55eebfc6b7 [aws] ec2_group multi-account and peered VPC bugfix (#45296)
* Add tests to replicate bug #44788 

* Handle when userId is same account due to in-account peering

* Module defaults for main.yml

* Turn off VPC peering tests in CI
2018-09-06 12:43:31 -07:00

124 lines
4.1 KiB
YAML

- block:
- aws_caller_facts:
register: caller_facts
- name: create a VPC
ec2_vpc_net:
name: "{{ resource_prefix }}-vpc-2"
state: present
cidr_block: "10.232.233.128/26"
tags:
Description: "Created by ansible-test"
register: vpc_result_2
- name: Peer the secondary-VPC to the main VPC
ec2_vpc_peer:
vpc_id: '{{ vpc_result_2.vpc.id }}'
peer_vpc_id: '{{ vpc_result.vpc.id }}'
peer_owner_id: '{{ caller_facts.account }}'
peer_region: '{{ aws_region }}'
register: peer_origin
- name: Accept the secondary-VPC peering connection in the main VPC
ec2_vpc_peer:
peer_vpc_id: '{{ vpc_result_2.vpc.id }}'
vpc_id: '{{ vpc_result.vpc.id }}'
state: accept
peering_id: '{{ peer_origin.peering_id }}'
peer_owner_id: '{{ caller_facts.account }}'
peer_region: '{{ aws_region }}'
- name: Create group in second VPC
ec2_group:
name: '{{ ec2_group_name }}-external'
description: '{{ ec2_group_description }}'
vpc_id: '{{ vpc_result_2.vpc.id }}'
state: present
rules:
- proto: "tcp"
cidr_ip: 0.0.0.0/0
ports:
- 80
rule_desc: 'http whoo'
register: external
- name: Create group in internal VPC
ec2_group:
name: '{{ ec2_group_name }}-internal'
description: '{{ ec2_group_description }}'
vpc_id: '{{ vpc_result.vpc.id }}'
state: present
rules:
- proto: "tcp"
group_id: '{{ caller_facts.account }}/{{ external.group_id }}/{{ ec2_group_name }}-external'
ports:
- 80
- name: Re-make same rule, expecting changed=false in internal VPC
ec2_group:
name: '{{ ec2_group_name }}-internal'
description: '{{ ec2_group_description }}'
vpc_id: '{{ vpc_result.vpc.id }}'
state: present
rules:
- proto: "tcp"
group_id: '{{ caller_facts.account }}/{{ external.group_id }}/{{ ec2_group_name }}-external'
ports:
- 80
register: out
- assert:
that:
- out is not changed
- name: Try again with a bad group_id group in internal VPC
ec2_group:
name: '{{ ec2_group_name }}-internal'
description: '{{ ec2_group_description }}'
vpc_id: '{{ vpc_result.vpc.id }}'
state: present
rules:
- proto: "tcp"
group_id: '{{ external.group_id }}/{{ caller_facts.account }}/{{ ec2_group_name }}-external'
ports:
- 80
register: out
ignore_errors: true
- assert:
that:
- out is failed
always:
- pause: seconds=5
- name: Delete secondary-VPC side of peer
ec2_vpc_peer:
vpc_id: '{{ vpc_result_2.vpc.id }}'
peer_vpc_id: '{{ vpc_result.vpc.id }}'
peering_id: '{{ peer_origin.peering_id }}'
state: absent
peer_owner_id: '{{ caller_facts.account }}'
peer_region: '{{ aws_region }}'
ignore_errors: yes
- name: Delete main-VPC side of peer
ec2_vpc_peer:
peer_vpc_id: '{{ vpc_result_2.vpc.id }}'
vpc_id: '{{ vpc_result.vpc.id }}'
state: absent
peering_id: '{{ peer_origin.peering_id }}'
peer_owner_id: '{{ caller_facts.account }}'
peer_region: '{{ aws_region }}'
ignore_errors: yes
- name: Clean up group in second VPC
ec2_group:
name: '{{ ec2_group_name }}-external'
description: '{{ ec2_group_description }}'
state: absent
vpc_id: '{{ vpc_result_2.vpc.id }}'
ignore_errors: yes
- name: Clean up group in second VPC
ec2_group:
name: '{{ ec2_group_name }}-internal'
description: '{{ ec2_group_description }}'
state: absent
vpc_id: '{{ vpc_result.vpc.id }}'
ignore_errors: yes
- name: tidy up VPC
ec2_vpc_net:
name: "{{ resource_prefix }}-vpc-2"
state: absent
cidr_block: "10.232.233.128/26"
ignore_errors: yes
register: removed
retries: 10
until: removed is not failed