ansible/test/integration/targets/ec2_vpc_nacl/tasks/main.yml
Mark Chappell dbc9444572 ec2_vpc_nacl and ec2_vpc_nacl_info migrate to AnsibleAWSModule and add tests (#63163)
* Move EC2 networking objects into network-policy.json

* ec2_vpc_nacl: Add integration tests

* ec2_vpc_nacl: Migrate tests to use module_defaults

* ec2_vpc_nacl: (integration tests) Add missing AWS permissions

* ec2_vpc_nacl: (integration tests) Update tests for ipv6 support

* ec2_vpc_nacl: Migrate to AnsibleAWSModule

* Fix sanity tests for ec2_vpc_nacl and ec2_vpc_nacl_info

* ec2_vpc_nacl_info: Migrate to AnsibleAWSModule

* ec2_vpc_nacl_info: (integration tests) Rename from ec2_vpc_nacl_facts to ec2_vpc_nacl_info and add a test using a filter (by tag)

* Pick availability zones dynamically

Rather than assuming that AZa and AZb always exist (they don't), query to find out which AZs we have available first

* Test that the NACLs we get back are actually the *saml* NACL rather than duplicates/delete remove

* Cleanup IPv6 tests a little.

Note: IPv6 support for ec2_vpc_nacl not complete yet.

This provides the initial framework, and should ensure things don't start exploding when support is added.

* Removing subnets by name from a NACL *is* now supported

* Fix ec2_vpc_nacl return documentation
2019-10-08 13:27:24 -07:00

170 lines
4.6 KiB
YAML

---
- module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:
# ============================================================
- name: test without any parameters
ec2_vpc_nacl:
register: result
ignore_errors: yes
- name: assert required parameters
assert:
that:
- result.failed
- "result.msg == 'one of the following is required: name, nacl_id'"
- name: get network ACL info without any parameters
ec2_vpc_nacl_info:
register: nacl_facts
- name: assert we don't error
assert:
that:
- nacl_facts is succeeded
- name: get network ACL info with invalid ID
ec2_vpc_nacl_info:
nacl_ids:
- 'acl-000000000000'
register: nacl_facts
ignore_errors: yes
- name: assert message mentions missing ACLs
assert:
that:
- nacl_facts is failed
- '"does not exist" in nacl_facts.msg'
# ============================================================
- name: fetch AZ availability
aws_az_info:
register: az_info
- name: Assert that we have multiple AZs available to us
assert:
that: az_info.availability_zones | length >= 2
- name: pick AZs
set_fact:
az_one: '{{ az_info.availability_zones[0].zone_name }}'
az_two: '{{ az_info.availability_zones[1].zone_name }}'
# ============================================================
- name: create a VPC
ec2_vpc_net:
cidr_block: 10.230.230.0/24
name: "{{ resource_prefix }}"
state: present
register: vpc
- name: create subnets
ec2_vpc_subnet:
cidr: "{{ item.cidr }}"
az: "{{ item.az }}"
vpc_id: "{{ vpc.vpc.id }}"
state: present
tags:
Name: "{{ item.name }}"
with_items:
- cidr: 10.230.230.0/26
az: "{{ az_one }}"
name: "{{ resource_prefix }}-subnet-1"
- cidr: 10.230.230.64/26
az: "{{ az_two }}"
name: "{{ resource_prefix }}-subnet-2"
- cidr: 10.230.230.128/26
az: "{{ az_one }}"
name: "{{ resource_prefix }}-subnet-3"
- cidr: 10.230.230.192/26
az: "{{ az_two }}"
name: "{{ resource_prefix }}-subnet-4"
register: subnets
# ============================================================
- include_tasks: tasks/subnet_ids.yml
vars:
vpc_id: "{{ vpc.vpc.id }}"
subnet_ids: "{{ subnets | json_query('results[*].subnet.id') }}"
- include_tasks: tasks/subnet_names.yml
vars:
vpc_id: "{{ vpc.vpc.id }}"
subnet_names: "{{ subnets | json_query('results[*].subnet.tags.Name') }}"
- include_tasks: tasks/tags.yml
vars:
vpc_id: "{{ vpc.vpc.id }}"
subnet_ids: "{{ subnets | json_query('results[*].subnet.id') }}"
- include_tasks: tasks/ingress_and_egress.yml
vars:
vpc_id: "{{ vpc.vpc.id }}"
subnet_ids: "{{ subnets | json_query('results[*].subnet.id') }}"
- include_tasks: tasks/ipv6.yml
# ============================================================
always:
- name: remove network ACL
ec2_vpc_nacl:
vpc_id: "{{ vpc.vpc.id }}"
name: "{{ resource_prefix }}-acl"
state: absent
register: removed_acl
until: removed_acl is success
retries: 5
delay: 5
ignore_errors: yes
- name: remove subnets
ec2_vpc_subnet:
cidr: "{{ item.cidr }}"
az: "{{ aws_region}}{{ item.az }}"
vpc_id: "{{ vpc.vpc.id }}"
state: absent
tags:
Public: "{{ item.public | string }}"
Name: "{{ item.public | ternary('public', 'private') }}-{{ item.az }}"
with_items:
- cidr: 10.230.230.0/26
az: "a"
public: "True"
- cidr: 10.230.230.64/26
az: "b"
public: "True"
- cidr: 10.230.230.128/26
az: "a"
public: "False"
- cidr: 10.230.230.192/26
az: "b"
public: "False"
ignore_errors: yes
register: removed_subnets
until: removed_subnets is success
retries: 5
delay: 5
- name: remove the VPC
ec2_vpc_net:
cidr_block: 10.230.230.0/24
name: "{{ resource_prefix }}"
state: absent
ignore_errors: yes
register: removed_vpc
until: removed_vpc is success
retries: 5
delay: 5
# ============================================================