From 37736ee87e3b288b4607ace190cc63bfd662853d Mon Sep 17 00:00:00 2001 From: Will Thames Date: Wed, 20 Sep 2017 15:53:15 +1000 Subject: [PATCH] Allow AWS image and snapshot creation/deletion Provide all necessary permissions for AMI tests Allow tests to run in us-east-2 Ensure `always` section gets used Update tests to ensure that cleanup works better, and add deletion idempotency test --- .../testing_policies/ec2-policy.json | 9 +++ .../targets/ec2_ami/defaults/main.yml | 4 + .../targets/ec2_ami/tasks/main.yml | 74 ++++++++++++++++--- 3 files changed, 77 insertions(+), 10 deletions(-) diff --git a/hacking/aws_config/testing_policies/ec2-policy.json b/hacking/aws_config/testing_policies/ec2-policy.json index 813157debf..1396c3b4e4 100644 --- a/hacking/aws_config/testing_policies/ec2-policy.json +++ b/hacking/aws_config/testing_policies/ec2-policy.json @@ -10,22 +10,30 @@ "ec2:AllocateAddress", "ec2:AssociateAddress", "ec2:AssociateRouteTable", + "ec2:CreateImage", "ec2:AttachInternetGateway", "ec2:CreateInternetGateway", "ec2:CreateKeyPair", "ec2:CreateNatGateway", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", + "ec2:CreateSnapshot", "ec2:CreateSubnet", + "ec2:CreateTags", "ec2:CreateVpc", "ec2:DeleteKeyPair", "ec2:DeleteNatGateway", + "ec2:DeleteSnapshot", + "ec2:DeleteSubnet", "ec2:DeleteVpc", + "ec2:DeregisterImage", "ec2:Describe*", "ec2:DisassociateAddress", "ec2:DisassociateRouteTable", "ec2:ImportKeyPair", + "ec2:ModifyImageAttribute", "ec2:ModifyVpcAttribute", + "ec2:RegisterImage", "ec2:ReleaseAddress", "ec2:ReplaceRouteTableAssociation" ], @@ -46,6 +54,7 @@ "ec2:TerminateInstances" ], "Resource": [ + "arn:aws:ec2:{{aws_region}}::image/*", "arn:aws:ec2:{{aws_region}}:{{aws_account}}:*" ] } diff --git a/test/integration/targets/ec2_ami/defaults/main.yml b/test/integration/targets/ec2_ami/defaults/main.yml index 590a8ea456..86665321a2 100644 --- a/test/integration/targets/ec2_ami/defaults/main.yml +++ b/test/integration/targets/ec2_ami/defaults/main.yml @@ -2,3 +2,7 @@ # defaults file for test_ec2_ami ec2_ami_name: '{{resource_prefix}}' ec2_ami_description: 'Created by ansible integration tests' +# image for Amazon Linux AMI 2017.03.1 (HVM), SSD Volume Type +ec2_ami_image: + us-east-1: ami-4fffc834 + us-east-2: ami-ea87a78f diff --git a/test/integration/targets/ec2_ami/tasks/main.yml b/test/integration/targets/ec2_ami/tasks/main.yml index 60e9fd331f..b7a665e013 100644 --- a/test/integration/targets/ec2_ami/tasks/main.yml +++ b/test/integration/targets/ec2_ami/tasks/main.yml @@ -36,7 +36,7 @@ ec2_access_key: '{{ ec2_access_key }}' ec2_secret_key: '{{ ec2_secret_key }}' security_token: '{{ security_token }}' - az: us-east-1a + az: '{{ ec2_region }}a' tags: '{{ ec2_ami_name }}_setup' vpc_id: '{{ setup_vpc.vpc.id }}' cidr: 10.0.0.0/24 @@ -66,8 +66,7 @@ key_name: '{{ setup_key.key.name }}' instance_type: t2.micro state: present - # us-east-1 image for Amazon Linux AMI 2017.03.1 (HVM), SSD Volume Type - image: ami-4fffc834 + image: '{{ ec2_ami_image[ec2_region] }}' wait: yes instance_tags: '{{ec2_ami_name}}_instance_setup': 'integration_tests' @@ -113,6 +112,10 @@ # FIXME: tags are not currently shown in the results #- "result.tags == '{Name: {{ ec2_ami_name }}_ami}'" + - name: set image id fact for deletion later + set_fact: + ec2_ami_image_id: "{{ result.image_id }}" + # ============================================================ - name: delete the image @@ -123,6 +126,7 @@ security_token: '{{security_token}}' instance_id: '{{ setup_instance.instance_ids[0] }}' state: absent + delete_snapshot: yes name: '{{ ec2_ami_name }}_ami' description: '{{ ec2_ami_description }}' image_id: '{{ result.image_id }}' @@ -185,6 +189,11 @@ - "result.changed" - "result.image_id.startswith('ami-')" + - name: set image id fact for deletion later + set_fact: + ec2_ami_image_id: "{{ result.image_id }}" + ec2_ami_snapshot: "{{ result.block_device_mapping['/dev/xvda'].snapshot_id }}" + # ============================================================ # FIXME: this only works if launch permissions are specified and if they are not an empty list @@ -315,7 +324,7 @@ # ============================================================ - - name: delete ami without deleting the snapshot + - name: delete ami without deleting the snapshot (default is not to delete) ec2_ami: ec2_region: '{{ec2_region}}' ec2_access_key: '{{ec2_access_key}}' @@ -324,8 +333,7 @@ instance_id: '{{ setup_instance.instance_ids[0] }}' state: absent name: '{{ ec2_ami_name }}_ami' - image_id: '{{ result.image_id }}' - delete_snapshot: false + image_id: '{{ ec2_ami_image_id }}' tags: Name: '{{ ec2_ami_name }}_ami' wait: yes @@ -342,25 +350,65 @@ # - name: ensure the snapshot still exists # ec2_snapshot_facts: # snapshot_ids: -# - '{{ setup_snapshot.snapshot_id }}' +# - '{{ ec2_ami_snapshot }}' # ec2_region: '{{ec2_region}}' # ec2_access_key: '{{ec2_access_key}}' # ec2_secret_key: '{{ec2_secret_key}}' # security_token: '{{security_token}}' # register: snapshot_result -# + # - name: assert the snapshot wasn't deleted # assert: # that: -# - "snapshot_result.snapshot_id == {{ setup_snapshot.snapshot_id}}" +# - "snapshot_result.snapshots[0].snapshot_id == ec2_ami_snapshot" + + - name: delete ami for a second time + ec2_ami: + ec2_region: '{{ec2_region}}' + ec2_access_key: '{{ec2_access_key}}' + ec2_secret_key: '{{ec2_secret_key}}' + security_token: '{{security_token}}' + instance_id: '{{ setup_instance.instance_ids[0] }}' + state: absent + name: '{{ ec2_ami_name }}_ami' + image_id: '{{ ec2_ami_image_id }}' + tags: + Name: '{{ ec2_ami_name }}_ami' + wait: yes + ignore_errors: true + register: result + +# FIXME: currently deleting an already deleted image fails +# It should succeed, with changed: false +# - name: assert that image does not exist +# assert: +# that: +# - not result.changed +# - not result.failed + # ============================================================ -- always: + always: # ============================================================ # TEAR DOWN: snapshot, ec2 instance, ec2 key pair, security group, vpc + - name: Announce teardown start + debug: + msg: "***** TESTING COMPLETE. COMMENCE TEARDOWN *****" + + - name: delete ami + ec2_ami: + ec2_region: '{{ec2_region}}' + ec2_access_key: '{{ec2_access_key}}' + ec2_secret_key: '{{ec2_secret_key}}' + security_token: '{{security_token}}' + state: absent + image_id: "{{ ec2_ami_image_id }}" + name: '{{ ec2_ami_name }}_ami' + wait: yes + ignore_errors: yes - name: remove setup snapshot of ec2 instance ec2_snapshot: @@ -370,6 +418,7 @@ security_token: '{{security_token}}' state: absent snapshot_id: '{{ setup_snapshot.snapshot_id }}' + ignore_errors: yes - name: remove setup ec2 instance ec2: @@ -385,6 +434,7 @@ '{{ec2_ami_name}}_instance_setup': 'integration_tests' group_id: '{{ setup_sg.group_id }}' vpc_subnet_id: '{{ setup_subnet.subnet.id }}' + ignore_errors: yes - name: remove setup keypair ec2_key: @@ -394,6 +444,7 @@ ec2_access_key: '{{ec2_access_key}}' ec2_secret_key: '{{ec2_secret_key}}' security_token: '{{security_token}}' + ignore_errors: yes - name: remove setup security group ec2_group: @@ -405,6 +456,7 @@ description: 'created by Ansible integration tests' state: absent vpc_id: '{{ setup_vpc.vpc.id }}' + ignore_errors: yes - name: remove setup subnet ec2_vpc_subnet: @@ -419,6 +471,7 @@ state: absent resource_tags: Name: '{{ ec2_ami_name }}_setup' + ignore_errors: yes - name: remove setup VPC ec2_vpc_net: @@ -431,3 +484,4 @@ name: '{{ ec2_ami_name }}_setup' resource_tags: Name: '{{ ec2_ami_name }}_setup' + ignore_errors: yes