145b79ef0e
* ec2_instance/ec2_instance_info : Fixup sanity test errors * Move ec2_instance integration tests to use aws_defaults * Search for the AMI instead of hardcoding an AMI * Make our VPC CIDR variable * Remove AZ assumptions - no guarantees about specific AZs being available * Make sure we terminate instances when we're done with them. * Add a 10 second pause for IAM roles to become available before using them * Wait on instance changes by default * Switch out t2 instances for t3 they're cheaper and have more CPU available * Pull t3.nano instance info a little earlier * rework vpc_name and vpc_cidr a little * Mark ec2_instance tests unsupported for now, they take too long
116 lines
4 KiB
YAML
116 lines
4 KiB
YAML
- block:
|
|
- name: Create IAM role for test
|
|
iam_role:
|
|
name: "ansible-test-sts-{{ resource_prefix }}-test-policy"
|
|
assume_role_policy_document: "{{ lookup('file','assume-role-policy.json') }}"
|
|
state: present
|
|
create_instance_profile: yes
|
|
managed_policy:
|
|
- AmazonEC2ContainerServiceRole
|
|
register: iam_role
|
|
|
|
- name: Create second IAM role for test
|
|
iam_role:
|
|
name: "ansible-test-sts-{{ resource_prefix }}-test-policy-2"
|
|
assume_role_policy_document: "{{ lookup('file','assume-role-policy.json') }}"
|
|
state: present
|
|
create_instance_profile: yes
|
|
managed_policy:
|
|
- AmazonEC2ContainerServiceRole
|
|
register: iam_role_2
|
|
|
|
- name: wait 10 seconds for roles to become available
|
|
pause:
|
|
seconds: 10
|
|
|
|
- name: Make instance with an instance_role
|
|
ec2_instance:
|
|
name: "{{ resource_prefix }}-test-instance-role"
|
|
image_id: "{{ ec2_ami_image }}"
|
|
security_groups: "{{ sg.group_id }}"
|
|
instance_type: "{{ ec2_instance_type }}"
|
|
instance_role: "ansible-test-sts-{{ resource_prefix }}-test-policy"
|
|
register: instance_with_role
|
|
|
|
- assert:
|
|
that:
|
|
- 'instance_with_role.instances[0].iam_instance_profile.arn == iam_role.arn.replace(":role/", ":instance-profile/")'
|
|
|
|
- name: Make instance with an instance_role(check mode)
|
|
ec2_instance:
|
|
name: "{{ resource_prefix }}-test-instance-role-checkmode"
|
|
image_id: "{{ ec2_ami_image }}"
|
|
security_groups: "{{ sg.group_id }}"
|
|
instance_type: "{{ ec2_instance_type }}"
|
|
instance_role: "{{ iam_role.arn.replace(':role/', ':instance-profile/') }}"
|
|
check_mode: yes
|
|
|
|
- name: "fact presented ec2 instance"
|
|
ec2_instance_info:
|
|
filters:
|
|
"tag:Name": "{{ resource_prefix }}-test-instance-role"
|
|
register: presented_instance_fact
|
|
|
|
- name: "fact checkmode ec2 instance"
|
|
ec2_instance_info:
|
|
filters:
|
|
"tag:Name": "{{ resource_prefix }}-test-instance-role-checkmode"
|
|
register: checkmode_instance_fact
|
|
|
|
- name: "Confirm whether the check mode is working normally."
|
|
assert:
|
|
that:
|
|
- "{{ presented_instance_fact.instances | length }} > 0"
|
|
- "{{ checkmode_instance_fact.instances | length }} == 0"
|
|
|
|
- name: Update instance with new instance_role
|
|
ec2_instance:
|
|
name: "{{ resource_prefix }}-test-instance-role"
|
|
image_id: "{{ ec2_ami_image }}"
|
|
security_groups: "{{ sg.group_id }}"
|
|
instance_type: "{{ ec2_instance_type }}"
|
|
instance_role: "{{ iam_role_2.arn.replace(':role/', ':instance-profile/') }}"
|
|
register: instance_with_updated_role
|
|
|
|
# XXX We shouldn't need this
|
|
- name: wait 10 seconds for role update to complete
|
|
pause:
|
|
seconds: 10
|
|
|
|
- name: "fact checkmode ec2 instance"
|
|
ec2_instance_info:
|
|
filters:
|
|
"tag:Name": "{{ resource_prefix }}-test-instance-role"
|
|
register: updates_instance_info
|
|
|
|
- assert:
|
|
that:
|
|
- 'updates_instance_info.instances[0].iam_instance_profile.arn == iam_role_2.arn.replace(":role/", ":instance-profile/")'
|
|
- 'updates_instance_info.instances[0].instance_id == instance_with_role.instances[0].instance_id'
|
|
|
|
always:
|
|
- name: Terminate instance
|
|
ec2:
|
|
instance_ids: "{{ instance_with_role.instance_ids }}"
|
|
state: absent
|
|
wait: no
|
|
register: removed
|
|
until: removed is not failed
|
|
ignore_errors: yes
|
|
retries: 10
|
|
|
|
- name: Delete IAM role for test
|
|
iam_role:
|
|
name: "{{ item }}"
|
|
assume_role_policy_document: "{{ lookup('file','assume-role-policy.json') }}"
|
|
state: absent
|
|
create_instance_profile: yes
|
|
managed_policy:
|
|
- AmazonEC2ContainerServiceRole
|
|
loop:
|
|
- "ansible-test-sts-{{ resource_prefix }}-test-policy"
|
|
- "ansible-test-sts-{{ resource_prefix }}-test-policy-2"
|
|
register: removed
|
|
until: removed is not failed
|
|
ignore_errors: yes
|
|
retries: 10
|