ansible/test/integration/targets/ec2_vpc_nacl/tasks/subnet_ids.yml

# ============================================================

- name: create ingress and egress rules using subnet IDs
  ec2_vpc_nacl:
    vpc_id: "{{ vpc_id }}"
    name: "{{ resource_prefix }}-acl"
    subnets: "{{ subnet_ids }}"
    tags:
      Created_by: "Ansible test {{ resource_prefix }}"
    ingress:
      - [100, 'tcp', 'allow', '0.0.0.0/0', null, null, 22, 22]
      - [200, 'tcp', 'allow', '0.0.0.0/0', null, null, 80, 80]
      - [300, 'icmp', 'allow', '0.0.0.0/0', 0, 8]
    egress:
      - [100, 'all', 'allow', '0.0.0.0/0', null, null, null, null]
    state: 'present'
  register: nacl

- set_fact:
    nacl_id: "{{ nacl.nacl_id }}"

- name: assert the network acl was created
  assert:
    that:
      - nacl.changed
      - nacl.nacl_id.startswith('acl-')

- name: get network ACL facts
  ec2_vpc_nacl_info:
    nacl_ids:
      - "{{ nacl_id }}"
  register: nacl_facts

- name: assert the nacl has the correct attributes
  assert:
    that:
      - nacl_facts.nacls | length == 1
      - nacl_facts.nacls[0].nacl_id == nacl_id
      - nacl_facts.nacls[0].subnets | length == 4
      - nacl_facts.nacls[0].subnets | sort == subnet_ids | sort
      - nacl_facts.nacls[0].ingress | length == 3
      - nacl_facts.nacls[0].egress | length == 1
      - "'{{ nacl_facts.nacls[0].tags.Name }}' == '{{ resource_prefix }}-acl'"

# ============================================================

- name: test idempotence
  ec2_vpc_nacl:
    vpc_id: "{{ vpc_id }}"
    name: "{{ resource_prefix }}-acl"
    subnets: "{{ subnet_ids }}"
    tags:
      Created_by: "Ansible test {{ resource_prefix }}"
    ingress:
      - [100, 'tcp', 'allow', '0.0.0.0/0', null, null, 22, 22]
      - [200, 'tcp', 'allow', '0.0.0.0/0', null, null, 80, 80]
      - [300, 'icmp', 'allow', '0.0.0.0/0', 0, 8]
    egress:
      - [100, 'all', 'allow', '0.0.0.0/0', null, null, null, null]
    state: 'present'
  register: nacl

- name: assert the network acl already existed
  assert:
    that:
      - not nacl.changed
      - nacl.nacl_id == nacl_id
      - nacl.nacl_id.startswith('acl-')

- name: get network ACL facts
  ec2_vpc_nacl_info:
    nacl_ids:
      - "{{ nacl.nacl_id }}"
  register: nacl_facts_idem

- name: assert the facts are the same as before
  assert:
    that:
      - nacl_facts_idem == nacl_facts

# ============================================================

- name: remove a subnet from the network ACL
  ec2_vpc_nacl:
    vpc_id: "{{ vpc_id }}"
    name: "{{ resource_prefix }}-acl"
    subnets:
      - "{{ subnet_ids[0] }}"
      - "{{ subnet_ids[1] }}"
      - "{{ subnet_ids[2] }}"
    tags:
      Created_by: "Ansible test {{ resource_prefix }}"
    ingress:
      - [100, 'tcp', 'allow', '0.0.0.0/0', null, null, 22, 22]
      - [200, 'tcp', 'allow', '0.0.0.0/0', null, null, 80, 80]
      - [300, 'icmp', 'allow', '0.0.0.0/0', 0, 8]
    egress:
      - [100, 'all', 'allow', '0.0.0.0/0', null, null, null, null]
    state: 'present'
  register: nacl

- name: assert the network ACL changed
  assert:
    that:
      - nacl.changed
      - nacl.nacl_id.startswith('acl-')
      - nacl.nacl_id == nacl_id

- name: get network ACL facts
  ec2_vpc_nacl_info:
    nacl_id:
      - "{{ nacl.nacl_id }}"
  register: nacl_facts

- name: assert the nacl has the correct attributes
  assert:
    that:
      - nacl_facts.nacls | length == 1
      - nacl_facts.nacls[0].nacl_id == nacl_id
      - nacl_facts.nacls[0].subnets | length == 3
      - subnet_ids[3] not in nacl_facts.nacls[0].subnets
      - nacl_facts.nacls[0].ingress | length == 3
      - nacl_facts.nacls[0].egress | length == 1
      - "'{{ nacl_facts.nacls[0].tags.Name }}' == '{{ resource_prefix }}-acl'"

# ============================================================

- name: remove the network ACL
  ec2_vpc_nacl:
    vpc_id: "{{ vpc_id }}"
    name: "{{ resource_prefix }}-acl"
    state: absent
  register: nacl
  until: nacl is success
  ignore_errors: yes
  retries: 5
  delay: 5

- name: assert nacl was removed
  assert:
    that:
      - nacl.changed