ansible/test/integration/targets/ec2_group/tasks/rule_group_create.yml
Ryan Brown 858a1b09bb EC2_group module refactor (formerly pr/37255) ()
* Refactor ec2_group

Replace nested for loops with list comprehensions

Purge rules before adding new ones in case sg has maximum permitted rules

* Add check mode tests for ec2_group

* add tests

* Remove dead code

* Fix integration test assertions for old boto versions

* Add waiter for security group that is autocreated

* Add support for in-account group rules

* Add common util to get AWS account ID

Fixes 

* Fix protocol number and add separate tests for egress rule handling

* Return egress rule treatment to be backwards compatible

* Remove functions that were obsoleted by `Rule` namedtuple

* IP tests

* Move description updates to a function

* Fix string formatting missing index

* Add tests for auto-creation of the same group in quick succession

* Resolve use of brand-new group in a rule without a description

* Clean up duplicated get-security-group function

* Add reverse cleanup in case of dependency issues

* Add crossaccount ELB group support

* Deal with non-STS calls to account API

* Add filtering of owner IDs that match the current account
2018-05-24 11:53:21 -04:00

132 lines
3.9 KiB
YAML

---
- block:
- name: set up aws connection info
set_fact:
aws_connection_info: &aws_connection_info
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token }}"
region: "{{ aws_region }}"
no_log: yes
- name: Create a group with self-referring rule
ec2_group:
name: '{{ec2_group_name}}-auto-create-1'
vpc_id: '{{ vpc_result.vpc.id }}'
description: '{{ec2_group_description}}'
rules:
- proto: "tcp"
from_port: 8000
to_port: 8100
group_name: '{{ec2_group_name}}-auto-create-1'
<<: *aws_connection_info
state: present
register: result
- name: Create a second group rule
ec2_group:
name: '{{ec2_group_name}}-auto-create-2'
vpc_id: '{{ vpc_result.vpc.id }}'
description: '{{ec2_group_description}}'
<<: *aws_connection_info
state: present
- name: Create a series of rules with a recently created group as target
ec2_group:
name: '{{ec2_group_name}}-auto-create-1'
vpc_id: '{{ vpc_result.vpc.id }}'
description: '{{ec2_group_description}}'
purge_rules: false
rules:
- proto: "tcp"
from_port: "{{ item }}"
to_port: "{{ item }}"
group_name: '{{ec2_group_name}}-auto-create-2'
<<: *aws_connection_info
state: present
register: result
with_items:
- 20
- 40
- 60
- 80
- name: Create a group with only the default rule
ec2_group:
name: '{{ec2_group_name}}-auto-create-1'
vpc_id: '{{ vpc_result.vpc.id }}'
description: '{{ec2_group_description}}'
rules:
- proto: "tcp"
from_port: 8182
to_port: 8182
group_name: '{{ec2_group_name}}-auto-create-3'
<<: *aws_connection_info
state: present
register: result
ignore_errors: true
- name: assert you can't create a new group from a rule target with no description
assert:
that:
- result is failed
- name: Create a group with a target of a separate group
ec2_group:
name: '{{ec2_group_name}}-auto-create-1'
vpc_id: '{{ vpc_result.vpc.id }}'
description: '{{ec2_group_description}}'
rules:
- proto: tcp
ports:
- 22
- 80
group_name: '{{ec2_group_name}}-auto-create-3'
group_desc: '{{ec2_group_description}}'
<<: *aws_connection_info
state: present
register: result
- name: Create a 4th group
ec2_group:
name: '{{ec2_group_name}}-auto-create-4'
vpc_id: '{{ vpc_result.vpc.id }}'
description: '{{ec2_group_description}}'
<<: *aws_connection_info
state: present
rules:
- proto: tcp
ports:
- 22
cidr_ip: 0.0.0.0/0
- name: use recently created group in a rule
ec2_group:
name: '{{ec2_group_name}}-auto-create-5'
vpc_id: '{{ vpc_result.vpc.id }}'
description: '{{ec2_group_description}}'
rules:
- proto: tcp
ports:
- 443
group_name: '{{ec2_group_name}}-auto-create-4'
<<: *aws_connection_info
state: present
always:
- name: tidy up egress rule test security group
ec2_group:
name: '{{ec2_group_name}}-auto-create-{{ item }}'
state: absent
vpc_id: '{{ vpc_result.vpc.id }}'
<<: *aws_connection_info
ignore_errors: yes
with_items: [5, 4, 3, 2, 1]
- name: tidy up egress rule test security group
ec2_group:
name: '{{ec2_group_name}}-auto-create-{{ item }}'
state: absent
vpc_id: '{{ vpc_result.vpc.id }}'
<<: *aws_connection_info
ignore_errors: yes
with_items: [1, 2, 3, 4, 5]