ac74520b6f
* update integration tests for updated boto exception message * integration tests fail on both "test credential" test cases exception bubbles out of module. instead catch and wrap * ec2_group does not support updating a security group's description AWS security group descriptions are immutable. if ec2_group finds a group that matches by name, but the descriptions do not match, the module does not support this case previously it would check if the group was used, but would not do anything if it was old behavior was erroneous because it could make a user expect that the description change of a group was fine when in fact it did not occur also, it made an expensive check against all ec2 instances for no good reason * comments not doc strings * else must have pass w/o doc-string statement * Catch specific BotoServerException, give context around error when fetching SGs * python3 compatible exception blocks * add traceback to fail_json * two blank lines before first function
277 lines
7.9 KiB
YAML
277 lines
7.9 KiB
YAML
---
|
|
# A Note about ec2 environment variable name preference:
|
|
# - EC2_URL -> AWS_URL
|
|
# - EC2_ACCESS_KEY -> AWS_ACCESS_KEY_ID -> AWS_ACCESS_KEY
|
|
# - EC2_SECRET_KEY -> AWS_SECRET_ACCESS_KEY -> AWX_SECRET_KEY
|
|
# - EC2_REGION -> AWS_REGION
|
|
#
|
|
|
|
# - include: ../../setup_ec2/tasks/common.yml module_name=ec2_group
|
|
|
|
# ============================================================
|
|
- name: test failure with no parameters
|
|
ec2_group:
|
|
register: result
|
|
ignore_errors: true
|
|
|
|
- name: assert failure with no parameters
|
|
assert:
|
|
that:
|
|
- 'result.failed'
|
|
- 'result.msg == "missing required arguments: name"'
|
|
|
|
# ============================================================
|
|
- name: test failure with only name
|
|
ec2_group:
|
|
name='{{ec2_group_name}}'
|
|
register: result
|
|
ignore_errors: true
|
|
|
|
- name: assert failure with only name
|
|
assert:
|
|
that:
|
|
- 'result.failed'
|
|
- 'result.msg == "Must provide description when state is present."'
|
|
|
|
# ============================================================
|
|
- name: test failure with only description
|
|
ec2_group:
|
|
description='{{ec2_group_description}}'
|
|
register: result
|
|
ignore_errors: true
|
|
|
|
- name: assert failure with only description
|
|
assert:
|
|
that:
|
|
- 'result.failed'
|
|
- 'result.msg == "missing required arguments: name"'
|
|
|
|
# ============================================================
|
|
- name: test failure with empty description (AWS API requires non-empty string desc)
|
|
ec2_group:
|
|
name='{{ec2_group_name}}'
|
|
description=''
|
|
region='{{ec2_region}}'
|
|
register: result
|
|
ignore_errors: true
|
|
|
|
- name: assert failure with empty description
|
|
assert:
|
|
that:
|
|
- 'result.failed'
|
|
- 'result.msg == "Must provide description when state is present."'
|
|
|
|
# ============================================================
|
|
- name: test invalid region parameter
|
|
ec2_group:
|
|
name='{{ec2_group_name}}'
|
|
description='{{ec2_group_description}}'
|
|
region='asdf querty 1234'
|
|
register: result
|
|
ignore_errors: true
|
|
|
|
- name: assert invalid region parameter
|
|
assert:
|
|
that:
|
|
- 'result.failed'
|
|
- 'result.msg.startswith("Region asdf querty 1234 does not seem to be available for aws module boto.ec2. If the region definitely exists, you may need to upgrade boto or extend with endpoints_path")'
|
|
|
|
# ============================================================
|
|
- name: test valid region parameter
|
|
ec2_group:
|
|
name='{{ec2_group_name}}'
|
|
description='{{ec2_group_description}}'
|
|
region='{{ec2_region}}'
|
|
register: result
|
|
ignore_errors: true
|
|
|
|
- name: assert valid region parameter
|
|
assert:
|
|
that:
|
|
- 'result.failed'
|
|
- 'result.msg.startswith("No handler was ready to authenticate.")'
|
|
|
|
# ============================================================
|
|
- name: test environment variable EC2_REGION
|
|
ec2_group:
|
|
name='{{ec2_group_name}}'
|
|
description='{{ec2_group_description}}'
|
|
environment:
|
|
EC2_REGION: '{{ec2_region}}'
|
|
register: result
|
|
ignore_errors: true
|
|
|
|
- name: assert environment variable EC2_REGION
|
|
assert:
|
|
that:
|
|
- 'result.failed'
|
|
- 'result.msg.startswith("No handler was ready to authenticate.")'
|
|
|
|
# ============================================================
|
|
- name: test invalid ec2_url parameter
|
|
ec2_group:
|
|
name='{{ec2_group_name}}'
|
|
description='{{ec2_group_description}}'
|
|
environment:
|
|
EC2_URL: bogus.example.com
|
|
register: result
|
|
ignore_errors: true
|
|
|
|
- name: assert invalid ec2_url parameter
|
|
assert:
|
|
that:
|
|
- 'result.failed'
|
|
- 'result.msg.startswith("No handler was ready to authenticate.")'
|
|
|
|
# ============================================================
|
|
- name: test valid ec2_url parameter
|
|
ec2_group:
|
|
name='{{ec2_group_name}}'
|
|
description='{{ec2_group_description}}'
|
|
environment:
|
|
EC2_URL: '{{ec2_url}}'
|
|
register: result
|
|
ignore_errors: true
|
|
|
|
- name: assert valid ec2_url parameter
|
|
assert:
|
|
that:
|
|
- 'result.failed'
|
|
- 'result.msg.startswith("No handler was ready to authenticate.")'
|
|
|
|
# ============================================================
|
|
- name: test credentials from environment
|
|
ec2_group:
|
|
name='{{ec2_group_name}}'
|
|
description='{{ec2_group_description}}'
|
|
environment:
|
|
EC2_REGION: '{{ec2_region}}'
|
|
EC2_ACCESS_KEY: bogus_access_key
|
|
EC2_SECRET_KEY: bogus_secret_key
|
|
register: result
|
|
ignore_errors: true
|
|
|
|
- name: assert ec2_group with valid ec2_url
|
|
assert:
|
|
that:
|
|
- 'result.failed'
|
|
- '"Error in get_all_security_groups: AWS was not able to validate the provided access credentials" in result.msg'
|
|
|
|
# ============================================================
|
|
- name: test credential parameters
|
|
ec2_group:
|
|
name='{{ec2_group_name}}'
|
|
description='{{ec2_group_description}}'
|
|
ec2_region='{{ec2_region}}'
|
|
ec2_access_key='bogus_access_key'
|
|
ec2_secret_key='bogus_secret_key'
|
|
register: result
|
|
ignore_errors: true
|
|
|
|
- name: assert credential parameters
|
|
assert:
|
|
that:
|
|
- 'result.failed'
|
|
- '"Error in get_all_security_groups: AWS was not able to validate the provided access credentials" in result.msg'
|
|
|
|
# ============================================================
|
|
- name: test state=absent
|
|
ec2_group:
|
|
name='{{ec2_group_name}}'
|
|
description='{{ec2_group_description}}'
|
|
ec2_region='{{ec2_region}}'
|
|
ec2_access_key='{{ec2_access_key}}'
|
|
ec2_secret_key='{{ec2_secret_key}}'
|
|
state=absent
|
|
register: result
|
|
|
|
- name: assert state=absent
|
|
assert:
|
|
that:
|
|
- '"failed" not in result'
|
|
|
|
# ============================================================
|
|
- name: test state=present (expected changed=true)
|
|
ec2_group:
|
|
name='{{ec2_group_name}}'
|
|
description='{{ec2_group_description}}'
|
|
ec2_region='{{ec2_region}}'
|
|
ec2_access_key='{{ec2_access_key}}'
|
|
ec2_secret_key='{{ec2_secret_key}}'
|
|
state=present
|
|
register: result
|
|
|
|
- name: assert state=present (expected changed=true)
|
|
assert:
|
|
that:
|
|
- 'result.changed'
|
|
- 'result.group_id.startswith("sg-")'
|
|
|
|
# ============================================================
|
|
- name: test state=present different description raises error
|
|
ec2_group:
|
|
name='{{ec2_group_name}}'
|
|
description='{{ec2_group_description}}CHANGED'
|
|
ec2_region='{{ec2_region}}'
|
|
ec2_access_key='{{ec2_access_key}}'
|
|
ec2_secret_key='{{ec2_secret_key}}'
|
|
state=present
|
|
ignore_errors: true
|
|
register: result
|
|
|
|
- name: assert matching group with non-matching description raises error
|
|
assert:
|
|
that:
|
|
- 'result.failed'
|
|
- '"Group description does not match existing group. ec2_group does not support this case." in result.msg'
|
|
|
|
# ============================================================
|
|
- name: test state=present (expected changed=false)
|
|
ec2_group:
|
|
name='{{ec2_group_name}}'
|
|
description='{{ec2_group_description}}'
|
|
ec2_region='{{ec2_region}}'
|
|
ec2_access_key='{{ec2_access_key}}'
|
|
ec2_secret_key='{{ec2_secret_key}}'
|
|
state=present
|
|
register: result
|
|
|
|
- name: assert state=present (expected changed=false)
|
|
assert:
|
|
that:
|
|
- 'not result.changed'
|
|
- 'result.group_id.startswith("sg-")'
|
|
|
|
# ============================================================
|
|
- name: test state=absent (expected changed=true)
|
|
ec2_group:
|
|
name='{{ec2_group_name}}'
|
|
state=absent
|
|
environment:
|
|
EC2_REGION: '{{ec2_region}}'
|
|
EC2_ACCESS_KEY: '{{ec2_access_key}}'
|
|
EC2_SECRET_KEY: '{{ec2_secret_key}}'
|
|
register: result
|
|
|
|
- name: assert state=absent (expected changed=true)
|
|
assert:
|
|
that:
|
|
- 'result.changed'
|
|
- 'not result.group_id'
|
|
|
|
# ============================================================
|
|
- name: test state=absent (expected changed=false)
|
|
ec2_group:
|
|
name='{{ec2_group_name}}'
|
|
state=absent
|
|
environment:
|
|
EC2_REGION: '{{ec2_region}}'
|
|
EC2_ACCESS_KEY: '{{ec2_access_key}}'
|
|
EC2_SECRET_KEY: '{{ec2_secret_key}}'
|
|
register: result
|
|
|
|
- name: assert state=absent (expected changed=false)
|
|
assert:
|
|
that:
|
|
- 'not result.changed'
|
|
- 'not result.group_id'
|