e970ae102c
* ecs_ecr: Remove registry ID from create repository call [Boto3 documentation][1] specifies 'repositoryName' as the only expected argument. The `**build_kwargs(registry_id)` part also adds 'registryId' which, when executed, fails with: 'Unknown parameter in input: “registryId”, must be one of: repositoryName'. [AWS API documentation][2] also lists only the 'repositoryName' parameter. I.e. this is not a problem with the boto3 library. The default registry ID for the account that's making the request will be used when creating the rpository. This means that if the `registry_id` specified by the user is different from the default registry ID, then the policy changes following the repository creation would fail, because the repository will have been created in one repository but subsequent calls try to modify it in another. Added a safeguard against this scenario. [1]: https://boto3.readthedocs.io/en/latest/reference/services/ecr.html#ECR.Client.create_repository [2]: https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_CreateRepository.html * Fix concurrent ECR integration tests If the `ecr_name` is the same in multiple concurrent test runs, then they can interfere with one another causing both to fail. The `resource_prefix` is guaranteed to be unique for different jobs running in CI an so avoids this issue while also making it easier to identify the test which created the resource.
341 lines
9 KiB
YAML
341 lines
9 KiB
YAML
---
|
|
- set_fact:
|
|
ecr_name: '{{ resource_prefix }}-ecr'
|
|
|
|
- block:
|
|
|
|
- name: When creating with check mode
|
|
ecs_ecr:
|
|
name: '{{ ecr_name }}'
|
|
region: '{{ ec2_region }}'
|
|
ec2_access_key: '{{ec2_access_key}}'
|
|
ec2_secret_key: '{{ec2_secret_key}}'
|
|
security_token: '{{security_token}}'
|
|
register: result
|
|
check_mode: yes
|
|
|
|
- name: it should skip, change and create
|
|
assert:
|
|
that:
|
|
- result is skipped
|
|
- result is changed
|
|
- result.created
|
|
|
|
|
|
- name: When specifying a registry that is inaccessible
|
|
ecs_ecr:
|
|
registry_id: 999999999999
|
|
name: '{{ ecr_name }}'
|
|
region: '{{ ec2_region }}'
|
|
ec2_access_key: '{{ec2_access_key}}'
|
|
ec2_secret_key: '{{ec2_secret_key}}'
|
|
security_token: '{{security_token}}'
|
|
register: result
|
|
ignore_errors: true
|
|
|
|
- name: it should fail with an AccessDeniedException
|
|
assert:
|
|
that:
|
|
- result is failed
|
|
- '"AccessDeniedException" in result.msg'
|
|
|
|
|
|
- name: When creating a repository
|
|
ecs_ecr:
|
|
name: '{{ ecr_name }}'
|
|
region: '{{ ec2_region }}'
|
|
ec2_access_key: '{{ec2_access_key}}'
|
|
ec2_secret_key: '{{ec2_secret_key}}'
|
|
security_token: '{{security_token}}'
|
|
register: result
|
|
|
|
- name: it should change and create
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.created
|
|
|
|
|
|
- name: When creating a repository that already exists in check mode
|
|
ecs_ecr:
|
|
name: '{{ ecr_name }}'
|
|
region: '{{ ec2_region }}'
|
|
ec2_access_key: '{{ec2_access_key}}'
|
|
ec2_secret_key: '{{ec2_secret_key}}'
|
|
security_token: '{{security_token}}'
|
|
register: result
|
|
check_mode: yes
|
|
|
|
- name: it should not skip, should not change
|
|
assert:
|
|
that:
|
|
- result is not skipped
|
|
- result is not changed
|
|
|
|
|
|
- name: When creating a repository that already exists
|
|
ecs_ecr:
|
|
name: '{{ ecr_name }}'
|
|
region: '{{ ec2_region }}'
|
|
ec2_access_key: '{{ec2_access_key}}'
|
|
ec2_secret_key: '{{ec2_secret_key}}'
|
|
security_token: '{{security_token}}'
|
|
register: result
|
|
|
|
- name: it should not change
|
|
assert:
|
|
that:
|
|
- result is not changed
|
|
|
|
|
|
- name: When in check mode, and deleting a policy that does not exists
|
|
ecs_ecr:
|
|
region: '{{ ec2_region }}'
|
|
name: '{{ ecr_name }}'
|
|
ec2_access_key: '{{ec2_access_key}}'
|
|
ec2_secret_key: '{{ec2_secret_key}}'
|
|
security_token: '{{security_token}}'
|
|
delete_policy: yes
|
|
register: result
|
|
check_mode: yes
|
|
|
|
- name: it should not skip and not change
|
|
assert:
|
|
that:
|
|
- result is not skipped
|
|
- result is not changed
|
|
|
|
|
|
- name: When in check mode, setting policy on a repository that has no policy
|
|
ecs_ecr:
|
|
region: '{{ ec2_region }}'
|
|
name: '{{ ecr_name }}'
|
|
policy: '{{ policy }}'
|
|
ec2_access_key: '{{ec2_access_key}}'
|
|
ec2_secret_key: '{{ec2_secret_key}}'
|
|
security_token: '{{security_token}}'
|
|
register: result
|
|
check_mode: yes
|
|
|
|
- name: it should skip, change and not create
|
|
assert:
|
|
that:
|
|
- result is skipped
|
|
- result is changed
|
|
- not result.created
|
|
|
|
|
|
- name: When setting policy on a repository that has no policy
|
|
ecs_ecr:
|
|
region: '{{ ec2_region }}'
|
|
name: '{{ ecr_name }}'
|
|
policy: '{{ policy }}'
|
|
ec2_access_key: '{{ec2_access_key}}'
|
|
ec2_secret_key: '{{ec2_secret_key}}'
|
|
security_token: '{{security_token}}'
|
|
register: result
|
|
|
|
- name: it should change and not create
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- not result.created
|
|
|
|
|
|
- name: When in check mode, and deleting a policy that exists
|
|
ecs_ecr:
|
|
region: '{{ ec2_region }}'
|
|
name: '{{ ecr_name }}'
|
|
delete_policy: yes
|
|
ec2_access_key: '{{ec2_access_key}}'
|
|
ec2_secret_key: '{{ec2_secret_key}}'
|
|
security_token: '{{security_token}}'
|
|
register: result
|
|
check_mode: yes
|
|
|
|
- name: it should skip, change but not create
|
|
assert:
|
|
that:
|
|
- result is skipped
|
|
- result is changed
|
|
- not result.created
|
|
|
|
|
|
- name: When deleting a policy that exists
|
|
ecs_ecr:
|
|
region: '{{ ec2_region }}'
|
|
name: '{{ ecr_name }}'
|
|
delete_policy: yes
|
|
ec2_access_key: '{{ec2_access_key}}'
|
|
ec2_secret_key: '{{ec2_secret_key}}'
|
|
security_token: '{{security_token}}'
|
|
register: result
|
|
|
|
- name: it should change and not create
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- not result.created
|
|
|
|
|
|
- name: When setting a policy as a string
|
|
ecs_ecr:
|
|
region: '{{ ec2_region }}'
|
|
name: '{{ ecr_name }}'
|
|
policy: '{{ policy | to_json }}'
|
|
ec2_access_key: '{{ec2_access_key}}'
|
|
ec2_secret_key: '{{ec2_secret_key}}'
|
|
security_token: '{{security_token}}'
|
|
register: result
|
|
|
|
- name: it should change and not create
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- not result.created
|
|
|
|
|
|
- name: When setting a policy to its current value
|
|
ecs_ecr:
|
|
region: '{{ ec2_region }}'
|
|
name: '{{ ecr_name }}'
|
|
policy: '{{ policy }}'
|
|
ec2_access_key: '{{ec2_access_key}}'
|
|
ec2_secret_key: '{{ec2_secret_key}}'
|
|
security_token: '{{security_token}}'
|
|
register: result
|
|
|
|
- name: it should not change
|
|
assert:
|
|
that:
|
|
- result is not changed
|
|
|
|
|
|
- name: When omitting policy on a repository that has a policy
|
|
ecs_ecr:
|
|
region: '{{ ec2_region }}'
|
|
name: '{{ ecr_name }}'
|
|
ec2_access_key: '{{ec2_access_key}}'
|
|
ec2_secret_key: '{{ec2_secret_key}}'
|
|
security_token: '{{security_token}}'
|
|
register: result
|
|
|
|
- name: it should not change
|
|
assert:
|
|
that:
|
|
- result is not changed
|
|
|
|
|
|
- name: When specifying both policy and delete_policy
|
|
ecs_ecr:
|
|
region: '{{ ec2_region }}'
|
|
name: '{{ ecr_name }}'
|
|
policy: '{{ policy }}'
|
|
delete_policy: yes
|
|
ec2_access_key: '{{ec2_access_key}}'
|
|
ec2_secret_key: '{{ec2_secret_key}}'
|
|
security_token: '{{security_token}}'
|
|
register: result
|
|
ignore_errors: true
|
|
|
|
- name: it should fail
|
|
assert:
|
|
that:
|
|
- result is failed
|
|
|
|
|
|
- name: When specifying invalid JSON for policy
|
|
ecs_ecr:
|
|
region: '{{ ec2_region }}'
|
|
name: '{{ ecr_name }}'
|
|
policy_text: "Ceci n'est pas une JSON"
|
|
ec2_access_key: '{{ec2_access_key}}'
|
|
ec2_secret_key: '{{ec2_secret_key}}'
|
|
security_token: '{{security_token}}'
|
|
register: result
|
|
ignore_errors: true
|
|
|
|
- name: it should fail
|
|
assert:
|
|
that:
|
|
- result is failed
|
|
|
|
|
|
- name: When in check mode, deleting a policy that exists
|
|
ecs_ecr:
|
|
name: '{{ ecr_name }}'
|
|
region: '{{ ec2_region }}'
|
|
state: absent
|
|
ec2_access_key: '{{ec2_access_key}}'
|
|
ec2_secret_key: '{{ec2_secret_key}}'
|
|
security_token: '{{security_token}}'
|
|
register: result
|
|
check_mode: yes
|
|
|
|
- name: it should skip, change and not create
|
|
assert:
|
|
that:
|
|
- result is skipped
|
|
- result is changed
|
|
- not result.created
|
|
|
|
|
|
- name: When deleting a policy that exists
|
|
ecs_ecr:
|
|
name: '{{ ecr_name }}'
|
|
region: '{{ ec2_region }}'
|
|
state: absent
|
|
ec2_access_key: '{{ec2_access_key}}'
|
|
ec2_secret_key: '{{ec2_secret_key}}'
|
|
security_token: '{{security_token}}'
|
|
register: result
|
|
|
|
- name: it should change
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
|
|
|
|
- name: When in check mode, deleting a policy that does not exist
|
|
ecs_ecr:
|
|
name: '{{ ecr_name }}'
|
|
region: '{{ ec2_region }}'
|
|
state: absent
|
|
ec2_access_key: '{{ec2_access_key}}'
|
|
ec2_secret_key: '{{ec2_secret_key}}'
|
|
security_token: '{{security_token}}'
|
|
register: result
|
|
check_mode: yes
|
|
|
|
- name: it should not change
|
|
assert:
|
|
that:
|
|
- result is not skipped
|
|
- result is not changed
|
|
|
|
|
|
- name: When deleting a policy that does not exist
|
|
ecs_ecr:
|
|
name: '{{ ecr_name }}'
|
|
region: '{{ ec2_region }}'
|
|
state: absent
|
|
ec2_access_key: '{{ec2_access_key}}'
|
|
ec2_secret_key: '{{ec2_secret_key}}'
|
|
security_token: '{{security_token}}'
|
|
register: result
|
|
|
|
- name: it should not change
|
|
assert:
|
|
that:
|
|
- result is not changed
|
|
|
|
always:
|
|
|
|
- name: Delete lingering ECR repository
|
|
ecs_ecr:
|
|
name: '{{ ecr_name }}'
|
|
region: '{{ ec2_region }}'
|
|
state: absent
|
|
ec2_access_key: '{{ec2_access_key}}'
|
|
ec2_secret_key: '{{ec2_secret_key}}'
|
|
security_token: '{{security_token}}'
|