cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
ansible/test/integration/targets/ec2_instance/tasks/iam_instance_role.yml
Andrea Tartaglia da1a621bd9 Removed nested role for ec2_instance tests 
Also moved environment setup and environment cleanup to separate task
files

Added CI group

Updated c4.large instances to t3.nano, use ENA enabled AMI

Updated AMIs with Amazon Linux AMI

Updated us-east-1 AMI id

Specify EBS size

typo, volume_size

Removed 'state: running', updated AMI with amz ami

Also added several wait: false to speed things up

Check for instance state, correctly

Accept pending as valid state

tags_and_vpc_settings do not wait for instance to complete

wait for termination protected instance

Updated IAM role name to match with policy

Skip env cleanup when in CI

Do not wait instance in external_resource_attach

ENI remove is done in env_cleanup/CI

wait some time for instance_profile instnace to be up

Updated ebs_optimized_images

Corrected task name

Added aws_cleanup var in cloud-config-aws

typo in runme

default aws_cleanup to true
2019-07-02 17:48:07 -04:00

120 lines
4.2 KiB
YAML
Raw Blame History

- name: set connection information for all tasks
set_fact:
aws_connection_info: &aws_connection_info
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token }}"
region: "{{ aws_region }}"
no_log: true
- block:
- name: Create IAM role for test
iam_role:
name: "ansible-test-sts-{{ resource_prefix }}-test-policy"
assume_role_policy_document: "{{ lookup('file','assume-role-policy.json') }}"
state: present
create_instance_profile: yes
managed_policy:
- AmazonEC2ContainerServiceRole
<<: *aws_connection_info
register: iam_role
- name: Create second IAM role for test
iam_role:
name: "ansible-test-sts-{{ resource_prefix }}-test-policy-2"
assume_role_policy_document: "{{ lookup('file','assume-role-policy.json') }}"
state: present
create_instance_profile: yes
managed_policy:
- AmazonEC2ContainerServiceRole
<<: *aws_connection_info
register: iam_role_2
- name: Make instance with an instance_role
ec2_instance:
name: "{{ resource_prefix }}-test-instance-role"
image_id: "{{ ec2_ami_image[aws_region] }}"
security_groups: "{{ sg.group_id }}"
instance_type: t2.micro
instance_role: "ansible-test-sts-{{ resource_prefix }}-test-policy"
<<: *aws_connection_info
register: instance_with_role
- assert:
that:
- 'instance_with_role.instances[0].iam_instance_profile.arn == iam_role.arn.replace(":role/", ":instance-profile/")'
- name: Make instance with an instance_role(check mode)
ec2_instance:
name: "{{ resource_prefix }}-test-instance-role-checkmode"
image_id: "{{ ec2_ami_image[aws_region] }}"
security_groups: "{{ sg.group_id }}"
instance_type: t2.micro
instance_role: "ansible-test-sts-{{ resource_prefix }}-test-policy"
<<: *aws_connection_info
check_mode: yes
- name: "fact presented ec2 instance"
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-instance-role"
<<: *aws_connection_info
register: presented_instance_fact
- name: "fact checkmode ec2 instance"
ec2_instance_info:
filters:
"tag:Name": "{{ resource_prefix }}-test-instance-role-checkmode"
<<: *aws_connection_info
register: checkmode_instance_fact
- name: "Confirm whether the check mode is working normally."
assert:
that:
- "{{ presented_instance_fact.instances | length }} > 0"
- "{{ checkmode_instance_fact.instances | length }} == 0"
- name: Update instance with new instance_role
ec2_instance:
name: "{{ resource_prefix }}-test-instance-role"
image_id: "{{ ec2_ami_image[aws_region] }}"
security_groups: "{{ sg.group_id }}"
instance_type: t2.micro
instance_role: "ansible-test-sts-{{ resource_prefix }}-test-policy-2"
<<: *aws_connection_info
register: instance_with_updated_role
until: instance_with_updated_role is not failed
retries: 10
- assert:
that:
- 'instance_with_updated_role.instances[0].iam_instance_profile.arn == iam_role_2.arn.replace(":role/", ":instance-profile/")'
- 'instance_with_updated_role.instances[0].instance_id == instance_with_role.instances[0].instance_id'
always:
- name: Terminate instance
ec2:
instance_ids: "{{ instance_with_role.instance_ids }}"
state: absent
<<: *aws_connection_info
register: removed
until: removed is not failed
ignore_errors: yes
retries: 10
- name: Delete IAM role for test
iam_role:
name: "{{ item }}"
assume_role_policy_document: "{{ lookup('file','assume-role-policy.json') }}"
state: absent
create_instance_profile: yes
managed_policy:
- AmazonEC2ContainerServiceRole
<<: *aws_connection_info
loop:
- "ansible-test-sts-{{ resource_prefix }}-test-policy"
- "ansible-test-sts-{{ resource_prefix }}-test-policy-2"
register: removed
until: removed is not failed
ignore_errors: yes
retries: 10
Reference in a new issue View git blame Copy permalink