mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
[cloud] Improve ipv6 and EC2 classic support in ec2_group integration tests (#32976)
* ec2_group: fix ipv6 tests to use an explicit VPC * otherwise would fail on old AWS accounts supporting EC2-classic * ec2_group: fix tests to use an explicit VPC * Only run some tests if there is a default vpc associated with the account
This commit is contained in:
parent
19ac188e86
commit
63639abb01
1 changed files with 230 additions and 99 deletions
|
@ -171,6 +171,29 @@
|
||||||
region: "{{ aws_region }}"
|
region: "{{ aws_region }}"
|
||||||
no_log: yes
|
no_log: yes
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
- name: determine if there is a default VPC
|
||||||
|
set_fact:
|
||||||
|
defaultvpc: "{{ lookup('aws_account_attribute',
|
||||||
|
attribute='default-vpc',
|
||||||
|
region=aws_region,
|
||||||
|
aws_access_key=aws_access_key,
|
||||||
|
aws_secret_key=aws_secret_key,
|
||||||
|
aws_security_token=security_token) }}"
|
||||||
|
register: default_vpc
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
- name: create a VPC
|
||||||
|
ec2_vpc_net:
|
||||||
|
name: "{{ resource_prefix }}-vpc"
|
||||||
|
state: present
|
||||||
|
cidr_block: "10.232.232.128/26"
|
||||||
|
<<: *aws_connection_info
|
||||||
|
tags:
|
||||||
|
Name: "{{ resource_prefix }}-vpc"
|
||||||
|
Description: "Created by ansible-test"
|
||||||
|
register: vpc_result
|
||||||
|
|
||||||
# ============================================================
|
# ============================================================
|
||||||
- name: test state=absent
|
- name: test state=absent
|
||||||
ec2_group:
|
ec2_group:
|
||||||
|
@ -227,49 +250,158 @@
|
||||||
- 'result.group_id.startswith("sg-")'
|
- 'result.group_id.startswith("sg-")'
|
||||||
|
|
||||||
# ============================================================
|
# ============================================================
|
||||||
- name: test state=present for ipv6 (expected changed=true)
|
- name: tests IPv6 with the default VPC
|
||||||
ec2_group:
|
block:
|
||||||
name: '{{ec2_group_name}}'
|
|
||||||
description: '{{ec2_group_description}}'
|
|
||||||
<<: *aws_connection_info
|
|
||||||
state: present
|
|
||||||
rules:
|
|
||||||
- proto: "tcp"
|
|
||||||
from_port: 8182
|
|
||||||
to_port: 8182
|
|
||||||
cidr_ipv6: "64:ff9b::/96"
|
|
||||||
register: result
|
|
||||||
|
|
||||||
- name: assert state=present (expected changed=true)
|
# ============================================================
|
||||||
assert:
|
- name: test state=present for ipv6 (expected changed=true)
|
||||||
that:
|
ec2_group:
|
||||||
- 'result.changed'
|
name: '{{ec2_group_name}}'
|
||||||
- 'result.group_id.startswith("sg-")'
|
description: '{{ec2_group_description}}'
|
||||||
|
<<: *aws_connection_info
|
||||||
|
state: present
|
||||||
|
rules:
|
||||||
|
- proto: "tcp"
|
||||||
|
from_port: 8182
|
||||||
|
to_port: 8182
|
||||||
|
cidr_ipv6: "64:ff9b::/96"
|
||||||
|
register: result
|
||||||
|
|
||||||
# ============================================================
|
- name: assert state=present (expected changed=true)
|
||||||
- name: test rules_egress state=present for ipv6 (expected changed=true)
|
assert:
|
||||||
ec2_group:
|
that:
|
||||||
name: '{{ec2_group_name}}'
|
- 'result.changed'
|
||||||
description: '{{ec2_group_description}}'
|
- 'result.group_id.startswith("sg-")'
|
||||||
<<: *aws_connection_info
|
|
||||||
state: present
|
|
||||||
rules:
|
|
||||||
- proto: "tcp"
|
|
||||||
from_port: 8182
|
|
||||||
to_port: 8182
|
|
||||||
cidr_ipv6: "64:ff9b::/96"
|
|
||||||
rules_egress:
|
|
||||||
- proto: "tcp"
|
|
||||||
from_port: 8181
|
|
||||||
to_port: 8181
|
|
||||||
cidr_ipv6: "64:ff9b::/96"
|
|
||||||
register: result
|
|
||||||
|
|
||||||
- name: assert state=present (expected changed=true)
|
# ============================================================
|
||||||
assert:
|
- name: test rules_egress state=present for ipv6 (expected changed=true)
|
||||||
that:
|
ec2_group:
|
||||||
- 'result.changed'
|
name: '{{ec2_group_name}}'
|
||||||
- 'result.group_id.startswith("sg-")'
|
description: '{{ec2_group_description}}'
|
||||||
|
<<: *aws_connection_info
|
||||||
|
state: present
|
||||||
|
rules:
|
||||||
|
- proto: "tcp"
|
||||||
|
from_port: 8182
|
||||||
|
to_port: 8182
|
||||||
|
cidr_ipv6: "64:ff9b::/96"
|
||||||
|
rules_egress:
|
||||||
|
- proto: "tcp"
|
||||||
|
from_port: 8181
|
||||||
|
to_port: 8181
|
||||||
|
cidr_ipv6: "64:ff9b::/96"
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- name: assert state=present (expected changed=true)
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- 'result.changed'
|
||||||
|
- 'result.group_id.startswith("sg-")'
|
||||||
|
|
||||||
|
when: default_vpc
|
||||||
|
|
||||||
|
- name: test IPv6 with a specified VPC
|
||||||
|
block:
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
- name: test state=present (expected changed=true)
|
||||||
|
ec2_group:
|
||||||
|
name: '{{ ec2_group_name }}-2'
|
||||||
|
description: '{{ ec2_group_description }}-2'
|
||||||
|
state: present
|
||||||
|
vpc_id: '{{ vpc_result.vpc.id }}'
|
||||||
|
<<: *aws_connection_info
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- name: assert state=present (expected changed=true)
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- 'result.changed'
|
||||||
|
- 'result.group_id.startswith("sg-")'
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
- name: test state=present for ipv6 (expected changed=true)
|
||||||
|
ec2_group:
|
||||||
|
name: '{{ ec2_group_name }}-2'
|
||||||
|
description: '{{ ec2_group_description }}-2'
|
||||||
|
state: present
|
||||||
|
vpc_id: '{{ vpc_result.vpc.id }}'
|
||||||
|
rules:
|
||||||
|
- proto: "tcp"
|
||||||
|
from_port: 8182
|
||||||
|
to_port: 8182
|
||||||
|
cidr_ipv6: "64:ff9b::/96"
|
||||||
|
<<: *aws_connection_info
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- name: assert state=present (expected changed=true)
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- 'result.changed'
|
||||||
|
- 'result.group_id.startswith("sg-")'
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
|
||||||
|
- name: test state=present for ipv6 (expected changed=true)
|
||||||
|
ec2_group:
|
||||||
|
name: '{{ ec2_group_name }}-2'
|
||||||
|
description: '{{ ec2_group_description }}-2'
|
||||||
|
state: present
|
||||||
|
vpc_id: '{{ vpc_result.vpc.id }}'
|
||||||
|
rules:
|
||||||
|
- proto: "tcp"
|
||||||
|
from_port: 8182
|
||||||
|
to_port: 8182
|
||||||
|
cidr_ipv6: "64:ff9b::/96"
|
||||||
|
<<: *aws_connection_info
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- name: assert nothing changed
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- 'not result.changed'
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
- name: test rules_egress state=present for ipv6 (expected changed=true)
|
||||||
|
ec2_group:
|
||||||
|
name: '{{ ec2_group_name }}-2'
|
||||||
|
description: '{{ ec2_group_description }}-2'
|
||||||
|
state: present
|
||||||
|
vpc_id: '{{ vpc_result.vpc.id }}'
|
||||||
|
rules:
|
||||||
|
- proto: "tcp"
|
||||||
|
from_port: 8182
|
||||||
|
to_port: 8182
|
||||||
|
cidr_ipv6: "64:ff9b::/96"
|
||||||
|
rules_egress:
|
||||||
|
- proto: "tcp"
|
||||||
|
from_port: 8181
|
||||||
|
to_port: 8181
|
||||||
|
cidr_ipv6: "64:ff9b::/96"
|
||||||
|
<<: *aws_connection_info
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- name: assert state=present (expected changed=true)
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- 'result.changed'
|
||||||
|
- 'result.group_id.startswith("sg-")'
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
|
||||||
|
- name: test state=absent (expected changed=true)
|
||||||
|
ec2_group:
|
||||||
|
name: '{{ ec2_group_name }}-2'
|
||||||
|
description: '{{ ec2_group_description }}-2'
|
||||||
|
state: absent
|
||||||
|
vpc_id: '{{ vpc_result.vpc.id }}'
|
||||||
|
<<: *aws_connection_info
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- name: assert group was removed
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- 'result.changed'
|
||||||
|
|
||||||
# ============================================================
|
# ============================================================
|
||||||
- name: test state=present for ipv4 (expected changed=true)
|
- name: test state=present for ipv4 (expected changed=true)
|
||||||
|
@ -344,12 +476,12 @@
|
||||||
- proto: "tcp"
|
- proto: "tcp"
|
||||||
from_port: "8183"
|
from_port: "8183"
|
||||||
to_port: "8183"
|
to_port: "8183"
|
||||||
cidr_ipv6: "64:ff9b::/96"
|
cidr_ip: "1.1.1.1/32"
|
||||||
rules_egress:
|
rules_egress:
|
||||||
- proto: "tcp"
|
- proto: "tcp"
|
||||||
from_port: "8184"
|
from_port: "8184"
|
||||||
to_port: "8184"
|
to_port: "8184"
|
||||||
cidr_ipv6: "64:ff9b::/96"
|
cidr_ip: "1.1.1.1/32"
|
||||||
register: result
|
register: result
|
||||||
|
|
||||||
- name: assert state=present (expected changed=true)
|
- name: assert state=present (expected changed=true)
|
||||||
|
@ -374,7 +506,6 @@
|
||||||
- proto: "tcp"
|
- proto: "tcp"
|
||||||
from_port: "8186"
|
from_port: "8186"
|
||||||
to_port: "8186"
|
to_port: "8186"
|
||||||
cidr_ipv6: "64:ff9b::/96"
|
|
||||||
group_id: "{{result.group_id}}"
|
group_id: "{{result.group_id}}"
|
||||||
register: result
|
register: result
|
||||||
|
|
||||||
|
@ -457,54 +588,58 @@
|
||||||
- 'result.group_id.startswith("sg-")'
|
- 'result.group_id.startswith("sg-")'
|
||||||
|
|
||||||
# ============================================================
|
# ============================================================
|
||||||
|
- name: test using the default VPC
|
||||||
|
block:
|
||||||
|
|
||||||
- name: test adding a rule with a IPv6 CIDR with host bits set (expected changed=true)
|
- name: test adding a rule with a IPv6 CIDR with host bits set (expected changed=true)
|
||||||
ec2_group:
|
ec2_group:
|
||||||
name: '{{ec2_group_name}}'
|
name: '{{ec2_group_name}}'
|
||||||
description: '{{ec2_group_description}}'
|
description: '{{ec2_group_description}}'
|
||||||
ec2_region: '{{ec2_region}}'
|
ec2_region: '{{ec2_region}}'
|
||||||
ec2_access_key: '{{ec2_access_key}}'
|
ec2_access_key: '{{ec2_access_key}}'
|
||||||
ec2_secret_key: '{{ec2_secret_key}}'
|
ec2_secret_key: '{{ec2_secret_key}}'
|
||||||
security_token: '{{security_token}}'
|
security_token: '{{security_token}}'
|
||||||
state: present
|
state: present
|
||||||
# set purge_rules to false so we don't get a false positive from previously added rules
|
# set purge_rules to false so we don't get a false positive from previously added rules
|
||||||
purge_rules: false
|
purge_rules: false
|
||||||
rules:
|
rules:
|
||||||
- proto: "tcp"
|
- proto: "tcp"
|
||||||
ports:
|
ports:
|
||||||
- 8196
|
- 8196
|
||||||
cidr_ipv6: '2001:db00::1/24'
|
cidr_ipv6: '2001:db00::1/24'
|
||||||
register: result
|
register: result
|
||||||
|
|
||||||
- name: assert state=present (expected changed=true)
|
- name: assert state=present (expected changed=true)
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- 'result.changed'
|
- 'result.changed'
|
||||||
- 'result.group_id.startswith("sg-")'
|
- 'result.group_id.startswith("sg-")'
|
||||||
|
|
||||||
# ============================================================
|
# ============================================================
|
||||||
|
|
||||||
- name: test adding a rule again with a IPv6 CIDR with host bits set (expected changed=false and a warning)
|
- name: test adding a rule again with a IPv6 CIDR with host bits set (expected changed=false and a warning)
|
||||||
ec2_group:
|
ec2_group:
|
||||||
name: '{{ec2_group_name}}'
|
name: '{{ec2_group_name}}'
|
||||||
description: '{{ec2_group_description}}'
|
description: '{{ec2_group_description}}'
|
||||||
<<: *aws_connection_info
|
<<: *aws_connection_info
|
||||||
state: present
|
state: present
|
||||||
# set purge_rules to false so we don't get a false positive from previously added rules
|
# set purge_rules to false so we don't get a false positive from previously added rules
|
||||||
purge_rules: false
|
purge_rules: false
|
||||||
rules:
|
rules:
|
||||||
- proto: "tcp"
|
- proto: "tcp"
|
||||||
ports:
|
ports:
|
||||||
- 8196
|
- 8196
|
||||||
cidr_ipv6: '2001:db00::1/24'
|
cidr_ipv6: '2001:db00::1/24'
|
||||||
register: result
|
register: result
|
||||||
|
|
||||||
- name: assert state=present (expected changed=false and a warning)
|
- name: assert state=present (expected changed=false and a warning)
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
# No way to assert for warnings?
|
# No way to assert for warnings?
|
||||||
- 'not result.changed'
|
- 'not result.changed'
|
||||||
- 'result.group_id.startswith("sg-")'
|
- 'result.group_id.startswith("sg-")'
|
||||||
|
|
||||||
|
when: default_vpc
|
||||||
|
|
||||||
# ============================================================
|
# ============================================================
|
||||||
- name: test state=absent (expected changed=true)
|
- name: test state=absent (expected changed=true)
|
||||||
|
@ -520,17 +655,6 @@
|
||||||
- 'result.changed'
|
- 'result.changed'
|
||||||
- 'not result.group_id'
|
- 'not result.group_id'
|
||||||
|
|
||||||
- name: create a VPC
|
|
||||||
ec2_vpc_net:
|
|
||||||
name: "{{ resource_prefix }}-vpc"
|
|
||||||
state: present
|
|
||||||
cidr_block: "10.232.232.128/26"
|
|
||||||
<<: *aws_connection_info
|
|
||||||
tags:
|
|
||||||
Name: "{{ resource_prefix }}-vpc"
|
|
||||||
Description: "Created by ansible-test"
|
|
||||||
register: vpc_result
|
|
||||||
|
|
||||||
- name: create security group in the VPC
|
- name: create security group in the VPC
|
||||||
ec2_group:
|
ec2_group:
|
||||||
name: '{{ec2_group_name}}'
|
name: '{{ec2_group_name}}'
|
||||||
|
@ -771,8 +895,8 @@
|
||||||
- proto: "tcp"
|
- proto: "tcp"
|
||||||
ports:
|
ports:
|
||||||
- 8281
|
- 8281
|
||||||
cidr_ipv6: 1001:d00::/24
|
cidr_ip: 1.1.1.1/24
|
||||||
rule_desc: ipv6 rule desc 2
|
rule_desc: ipv4 rule desc
|
||||||
rules_egress:
|
rules_egress:
|
||||||
- proto: "tcp"
|
- proto: "tcp"
|
||||||
ports:
|
ports:
|
||||||
|
@ -899,6 +1023,13 @@
|
||||||
<<: *aws_connection_info
|
<<: *aws_connection_info
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
|
|
||||||
|
- name: tidy up security group for IPv6 EC2-Classic tests
|
||||||
|
ec2_group:
|
||||||
|
name: '{{ ec2_group_name }}-2'
|
||||||
|
state: absent
|
||||||
|
<<: *aws_connection_info
|
||||||
|
ignore_errors: yes
|
||||||
|
|
||||||
- name: tidy up default VPC security group
|
- name: tidy up default VPC security group
|
||||||
ec2_group:
|
ec2_group:
|
||||||
name: '{{ec2_group_name}}-default-vpc'
|
name: '{{ec2_group_name}}-default-vpc'
|
||||||
|
|
Loading…
Reference in a new issue