From 7e42e88cc128ad24f6ada460fd0277fd2e68bed2 Mon Sep 17 00:00:00 2001 From: Calvin Wu Date: Thu, 12 Jul 2018 21:16:41 +0800 Subject: [PATCH] ecs_taskdefinition can absent without containers argument (#41398) * ecs_taskdefinition can absent without containers argument * add regression test for absent with arn * Add PassRole privilege for ecs_cluster to pass --- .../testing_policies/compute-policy.json | 3 ++- .../cloud/amazon/ecs_taskdefinition.py | 7 +++--- .../roles/ecs_cluster/tasks/main.yml | 23 +++++++++++++++++++ 3 files changed, 29 insertions(+), 4 deletions(-) diff --git a/hacking/aws_config/testing_policies/compute-policy.json b/hacking/aws_config/testing_policies/compute-policy.json index 1e7171ce53..be5b69af85 100644 --- a/hacking/aws_config/testing_policies/compute-policy.json +++ b/hacking/aws_config/testing_policies/compute-policy.json @@ -213,7 +213,8 @@ "arn:aws:iam::{{aws_account}}:role/ansible_lambda_role", "arn:aws:iam::{{aws_account}}:role/ecsInstanceRole", "arn:aws:iam::{{aws_account}}:role/ecsServiceRole", - "arn:aws:iam::{{aws_account}}:role/aws_eks_cluster_role" + "arn:aws:iam::{{aws_account}}:role/aws_eks_cluster_role", + "arn:aws:iam::{{aws_account}}:role/ecsTaskExecutionRole" ] }, { diff --git a/lib/ansible/modules/cloud/amazon/ecs_taskdefinition.py b/lib/ansible/modules/cloud/amazon/ecs_taskdefinition.py index 37aacf681a..4a150634f9 100644 --- a/lib/ansible/modules/cloud/amazon/ecs_taskdefinition.py +++ b/lib/ansible/modules/cloud/amazon/ecs_taskdefinition.py @@ -325,9 +325,10 @@ def main(): if not module.botocore_at_least('1.10.44'): module.fail_json(msg='botocore needs to be version 1.10.44 or higher to use execution_role_arn') - for container in module.params.get('containers', []): - for environment in container.get('environment', []): - environment['value'] = to_text(environment['value']) + if module.params['containers']: + for container in module.params['containers']: + for environment in container.get('environment', []): + environment['value'] = to_text(environment['value']) if module.params['state'] == 'present': if 'containers' not in module.params or not module.params['containers']: diff --git a/test/integration/targets/ecs_cluster/playbooks/roles/ecs_cluster/tasks/main.yml b/test/integration/targets/ecs_cluster/playbooks/roles/ecs_cluster/tasks/main.yml index 9a19e1503c..342253db25 100644 --- a/test/integration/targets/ecs_cluster/playbooks/roles/ecs_cluster/tasks/main.yml +++ b/test/integration/targets/ecs_cluster/playbooks/roles/ecs_cluster/tasks/main.yml @@ -654,6 +654,20 @@ # ============================================================ # End tests for Fargate + - name: create task definition for absent with arn regression test + ecs_taskdefinition: + containers: "{{ ecs_task_containers }}" + family: "{{ ecs_task_name }}-absent" + state: present + <<: *aws_connection_info + register: ecs_task_definition_absent_with_arn + + - name: absent task definition by arn + ecs_taskdefinition: + arn: "{{ ecs_task_definition_absent_with_arn.taskdefinition.taskDefinitionArn }}" + state: absent + <<: *aws_connection_info + always: # TEAR DOWN: snapshot, ec2 instance, ec2 key pair, security group, vpc - name: Announce teardown start @@ -795,6 +809,15 @@ <<: *aws_connection_info ignore_errors: yes + - name: remove ecs task definition for absent with arn + ecs_taskdefinition: + containers: "{{ ecs_task_containers }}" + family: "{{ ecs_task_name }}-absent" + revision: "{{ ecs_task_definition_absent_with_arn.taskdefinition.revision }}" + state: absent + <<: *aws_connection_info + ignore_errors: yes + - name: remove load balancer elb_application_lb: name: "{{ ecs_load_balancer_name }}"