021ba057ab
* sns_topic: (integration tests) Move the tests over to using module defaults * sns_topic: (integration tests) Add test for behaviour of changed when using delivery_policy * sns_topic: ensure "changed" behaves properly when managing delivery policies - a delivery_policy isn't an IAM policy, so compare_policies didn't cope with it - AWS automatically adds an additional option when you set an HTTP delivery policy * Parse the delivery policies so we can test the changes properly
360 lines
12 KiB
YAML
360 lines
12 KiB
YAML
- module_defaults:
|
|
group/aws:
|
|
aws_secret_key: "{{ aws_secret_key }}"
|
|
aws_access_key: "{{ aws_access_key }}"
|
|
security_token: "{{ security_token|default(omit) }}"
|
|
region: "{{ aws_region }}"
|
|
block:
|
|
# This should exist, but there's no expectation that the test user should be able to
|
|
# create/update this role, merely validate that it's there.
|
|
# Use ansible -m iam_role -a 'name=ansible_lambda_role
|
|
# assume_role_policy_document={{ lookup("file", "test/integration/targets/sns_topic/files/lambda-trust-policy.json", convert_data=False) }}
|
|
# ' -vvv localhost
|
|
# to create this through more privileged credentials before running this test suite.
|
|
- name: create minimal lambda role
|
|
iam_role:
|
|
name: ansible_lambda_role
|
|
assume_role_policy_document: "{{ lookup('file', 'lambda-trust-policy.json', convert_data=False) }}"
|
|
create_instance_profile: no
|
|
register: iam_role
|
|
|
|
- name: pause if role was created
|
|
pause:
|
|
seconds: 10
|
|
when: iam_role is changed
|
|
|
|
- name: ensure lambda role policy exists
|
|
iam_policy:
|
|
policy_name: "ansible_lambda_role_policy"
|
|
iam_name: ansible_lambda_role
|
|
iam_type: role
|
|
policy_json: "{{ lookup('file', 'lambda-policy.json') }}"
|
|
state: present
|
|
register: iam_policy
|
|
|
|
- name: pause if policy was created
|
|
pause:
|
|
seconds: 10
|
|
when: iam_policy is changed
|
|
|
|
- name: create topic
|
|
sns_topic:
|
|
name: "{{ sns_topic_topic_name }}"
|
|
display_name: "My topic name"
|
|
register: sns_topic_create
|
|
|
|
- name: assert that creation worked
|
|
assert:
|
|
that:
|
|
- sns_topic_create.changed
|
|
|
|
- name: set sns_arn fact
|
|
set_fact:
|
|
sns_arn: "{{ sns_topic_create.sns_arn }}"
|
|
|
|
- name: create topic again (expect changed=False)
|
|
sns_topic:
|
|
name: "{{ sns_topic_topic_name }}"
|
|
display_name: "My topic name"
|
|
register: sns_topic_no_change
|
|
|
|
- name: assert that recreation had no effect
|
|
assert:
|
|
that:
|
|
- not sns_topic_no_change.changed
|
|
- sns_topic_no_change.sns_arn == sns_topic_create.sns_arn
|
|
|
|
- name: update display name
|
|
sns_topic:
|
|
name: "{{ sns_topic_topic_name }}"
|
|
display_name: "My new topic name"
|
|
register: sns_topic_update_name
|
|
|
|
- name: assert that updating name worked
|
|
assert:
|
|
that:
|
|
- sns_topic_update_name.changed
|
|
- 'sns_topic_update_name.sns_topic.display_name == "My new topic name"'
|
|
|
|
- name: add policy
|
|
sns_topic:
|
|
name: "{{ sns_topic_topic_name }}"
|
|
display_name: "My new topic name"
|
|
policy: "{{ lookup('template', 'initial-policy.json') }}"
|
|
register: sns_topic_add_policy
|
|
|
|
- name: assert that adding policy worked
|
|
assert:
|
|
that:
|
|
- sns_topic_add_policy.changed
|
|
|
|
- name: rerun same policy
|
|
sns_topic:
|
|
name: "{{ sns_topic_topic_name }}"
|
|
display_name: "My new topic name"
|
|
policy: "{{ lookup('template', 'initial-policy.json') }}"
|
|
register: sns_topic_rerun_policy
|
|
|
|
- name: assert that rerunning policy had no effect
|
|
assert:
|
|
that:
|
|
- not sns_topic_rerun_policy.changed
|
|
|
|
- name: update policy
|
|
sns_topic:
|
|
name: "{{ sns_topic_topic_name }}"
|
|
display_name: "My new topic name"
|
|
policy: "{{ lookup('template', 'updated-policy.json') }}"
|
|
register: sns_topic_update_policy
|
|
|
|
- name: assert that updating policy worked
|
|
assert:
|
|
that:
|
|
- sns_topic_update_policy.changed
|
|
|
|
- name: add delivery policy
|
|
sns_topic:
|
|
name: "{{ sns_topic_topic_name }}"
|
|
display_name: "My new topic name"
|
|
delivery_policy:
|
|
http:
|
|
defaultHealthyRetryPolicy:
|
|
minDelayTarget: 20
|
|
maxDelayTarget: 20
|
|
numRetries: 3
|
|
numMaxDelayRetries: 0
|
|
numNoDelayRetries: 0
|
|
numMinDelayRetries: 0
|
|
backoffFunction: 'linear'
|
|
register: sns_topic_add_delivery_policy
|
|
|
|
- name: assert that adding delivery policy worked
|
|
vars:
|
|
delivery_policy: '{{ sns_topic_add_delivery_policy.sns_topic.delivery_policy | from_json }}'
|
|
assert:
|
|
that:
|
|
- sns_topic_add_delivery_policy.changed
|
|
- delivery_policy.http.defaultHealthyRetryPolicy.minDelayTarget == 20
|
|
- delivery_policy.http.defaultHealthyRetryPolicy.maxDelayTarget == 20
|
|
- delivery_policy.http.defaultHealthyRetryPolicy.numRetries == 3
|
|
|
|
- name: rerun same delivery policy
|
|
sns_topic:
|
|
name: "{{ sns_topic_topic_name }}"
|
|
display_name: "My new topic name"
|
|
delivery_policy:
|
|
http:
|
|
defaultHealthyRetryPolicy:
|
|
minDelayTarget: 20
|
|
maxDelayTarget: 20
|
|
numRetries: 3
|
|
numMaxDelayRetries: 0
|
|
numNoDelayRetries: 0
|
|
numMinDelayRetries: 0
|
|
backoffFunction: 'linear'
|
|
register: sns_topic_rerun_delivery_policy
|
|
|
|
- name: assert that rerunning delivery_policy had no effect
|
|
vars:
|
|
delivery_policy: '{{ sns_topic_rerun_delivery_policy.sns_topic.delivery_policy | from_json }}'
|
|
assert:
|
|
that:
|
|
- not sns_topic_rerun_delivery_policy.changed
|
|
- delivery_policy.http.defaultHealthyRetryPolicy.minDelayTarget == 20
|
|
- delivery_policy.http.defaultHealthyRetryPolicy.maxDelayTarget == 20
|
|
- delivery_policy.http.defaultHealthyRetryPolicy.numRetries == 3
|
|
|
|
- name: rerun a slightly different delivery policy
|
|
sns_topic:
|
|
name: "{{ sns_topic_topic_name }}"
|
|
display_name: "My new topic name"
|
|
delivery_policy:
|
|
http:
|
|
defaultHealthyRetryPolicy:
|
|
minDelayTarget: 40
|
|
maxDelayTarget: 40
|
|
numRetries: 6
|
|
numMaxDelayRetries: 0
|
|
numNoDelayRetries: 0
|
|
numMinDelayRetries: 0
|
|
backoffFunction: 'linear'
|
|
register: sns_topic_rerun_delivery_policy
|
|
|
|
- name: assert that rerunning delivery_policy worked
|
|
vars:
|
|
delivery_policy: '{{ sns_topic_rerun_delivery_policy.sns_topic.delivery_policy | from_json }}'
|
|
assert:
|
|
that:
|
|
- sns_topic_rerun_delivery_policy.changed
|
|
- delivery_policy.http.defaultHealthyRetryPolicy.minDelayTarget == 40
|
|
- delivery_policy.http.defaultHealthyRetryPolicy.maxDelayTarget == 40
|
|
- delivery_policy.http.defaultHealthyRetryPolicy.numRetries == 6
|
|
|
|
- name: create temp dir
|
|
tempfile:
|
|
state: directory
|
|
register: tempdir
|
|
|
|
- name: ensure zip file exists
|
|
archive:
|
|
path: "{{ lookup('first_found', sns_topic_lambda_function) }}"
|
|
dest: "{{ tempdir.path }}/{{ sns_topic_lambda_function }}.zip"
|
|
format: zip
|
|
|
|
- name: create lambda for subscribing (only auto-subscribing target available)
|
|
lambda:
|
|
name: '{{ sns_topic_lambda_name }}'
|
|
state: present
|
|
zip_file: '{{ tempdir.path }}/{{ sns_topic_lambda_function }}.zip'
|
|
runtime: 'python2.7'
|
|
role: ansible_lambda_role
|
|
handler: '{{ sns_topic_lambda_function }}.handler'
|
|
register: lambda_result
|
|
|
|
- set_fact:
|
|
sns_topic_subscriber_arn: "{{ lambda_result.configuration.function_arn }}"
|
|
|
|
- name: subscribe to topic
|
|
sns_topic:
|
|
name: "{{ sns_topic_topic_name }}"
|
|
display_name: "My new topic name"
|
|
purge_subscriptions: no
|
|
subscriptions: "{{ sns_topic_subscriptions }}"
|
|
register: sns_topic_subscribe
|
|
|
|
- name: assert that subscribing worked
|
|
assert:
|
|
that:
|
|
- sns_topic_subscribe.changed
|
|
- sns_topic_subscribe.sns_topic.subscriptions|length == 1
|
|
|
|
- name: run again with purge_subscriptions set to false
|
|
sns_topic:
|
|
name: "{{ sns_topic_topic_name }}"
|
|
display_name: "My new topic name"
|
|
purge_subscriptions: no
|
|
register: sns_topic_no_purge
|
|
|
|
- name: assert that not purging subscriptions had no effect
|
|
assert:
|
|
that:
|
|
- not sns_topic_no_purge.changed
|
|
- sns_topic_no_purge.sns_topic.subscriptions|length == 1
|
|
|
|
- name: run again with purge_subscriptions set to true
|
|
sns_topic:
|
|
name: "{{ sns_topic_topic_name }}"
|
|
display_name: "My new topic name"
|
|
purge_subscriptions: yes
|
|
register: sns_topic_purge
|
|
|
|
- name: assert that purging subscriptions worked
|
|
assert:
|
|
that:
|
|
- sns_topic_purge.changed
|
|
- sns_topic_purge.sns_topic.subscriptions|length == 0
|
|
|
|
- name: delete topic
|
|
sns_topic:
|
|
name: "{{ sns_topic_topic_name }}"
|
|
state: absent
|
|
|
|
- name: no-op with third party topic (effectively get existing subscriptions)
|
|
sns_topic:
|
|
name: "{{ sns_topic_third_party_topic_arn }}"
|
|
region: "{{ sns_topic_third_party_region }}"
|
|
register: third_party_topic
|
|
|
|
- name: subscribe to third party topic
|
|
sns_topic:
|
|
name: "{{ sns_topic_third_party_topic_arn }}"
|
|
subscriptions: "{{ sns_topic_subscriptions }}"
|
|
region: "{{ sns_topic_third_party_region }}"
|
|
register: third_party_topic_subscribe
|
|
|
|
- name: assert that subscribing worked
|
|
assert:
|
|
that:
|
|
- third_party_topic_subscribe is changed
|
|
- (third_party_topic_subscribe.sns_topic.subscriptions|length) - (third_party_topic.sns_topic.subscriptions|length) == 1
|
|
|
|
- name: attempt to change name of third party topic
|
|
sns_topic:
|
|
name: "{{ sns_topic_third_party_topic_arn }}"
|
|
display_name: "This should not work"
|
|
subscriptions: "{{ sns_topic_subscriptions }}"
|
|
region: "{{ sns_topic_third_party_region }}"
|
|
ignore_errors: yes
|
|
register: third_party_name_change
|
|
|
|
- name: assert that attempting to change display name does not work
|
|
assert:
|
|
that:
|
|
- third_party_name_change is failed
|
|
|
|
- name: unsubscribe from third party topic (purge_subscription defaults to true)
|
|
sns_topic:
|
|
name: "{{ sns_topic_third_party_topic_arn }}"
|
|
subscriptions: "{{ third_party_topic.sns_topic.subscriptions }}"
|
|
region: "{{ sns_topic_third_party_region }}"
|
|
register: third_party_unsubscribe
|
|
|
|
- name: assert that unsubscribing from third party topic works
|
|
assert:
|
|
that:
|
|
- third_party_unsubscribe.changed
|
|
- third_party_topic.sns_topic.subscriptions|length == third_party_unsubscribe.sns_topic.subscriptions|length
|
|
|
|
- name: attempt to delete third party topic
|
|
sns_topic:
|
|
name: "{{ sns_topic_third_party_topic_arn }}"
|
|
state: absent
|
|
subscriptions: "{{ subscriptions }}"
|
|
region: "{{ sns_topic_third_party_region }}"
|
|
ignore_errors: yes
|
|
register: third_party_deletion
|
|
|
|
- name: no-op after third party deletion
|
|
sns_topic:
|
|
name: "{{ sns_topic_third_party_topic_arn }}"
|
|
region: "{{ sns_topic_third_party_region }}"
|
|
register: third_party_deletion_facts
|
|
|
|
- name: assert that attempting to delete third party topic does not work and preser
|
|
assert:
|
|
that:
|
|
- third_party_deletion is failed
|
|
- third_party_topic.sns_topic.subscriptions|length == third_party_deletion_facts.sns_topic.subscriptions|length
|
|
|
|
always:
|
|
|
|
- name: announce teardown start
|
|
debug:
|
|
msg: "************** TEARDOWN STARTS HERE *******************"
|
|
|
|
- name: remove topic
|
|
sns_topic:
|
|
name: "{{ sns_topic_topic_name }}"
|
|
state: absent
|
|
ignore_errors: yes
|
|
|
|
- name: unsubscribe from third party topic
|
|
sns_topic:
|
|
name: "{{ sns_topic_third_party_topic_arn }}"
|
|
subscriptions: []
|
|
purge_subscriptions: yes
|
|
region: "{{ sns_topic_third_party_region }}"
|
|
ignore_errors: yes
|
|
|
|
- name: remove lambda
|
|
lambda:
|
|
name: '{{ sns_topic_lambda_name }}'
|
|
state: absent
|
|
ignore_errors: yes
|
|
|
|
- name: remove tempdir
|
|
file:
|
|
path: "{{ tempdir.path }}"
|
|
state: absent
|
|
when: tempdir is defined
|
|
ignore_errors: yes
|