diff --git a/hacking/aws_config/testing_policies/compute-policy.json b/hacking/aws_config/testing_policies/compute-policy.json index 5e2b2afc2f..40f0778867 100644 --- a/hacking/aws_config/testing_policies/compute-policy.json +++ b/hacking/aws_config/testing_policies/compute-policy.json @@ -37,10 +37,12 @@ "Action": [ "ec2:AllocateAddress", "ec2:AssociateAddress", + "ec2:AssociateDhcpOptions", "ec2:AssociateRouteTable", "ec2:AssociateVpcCidrBlock", "ec2:AssociateSubnetCidrBlock", "ec2:AttachInternetGateway", + "ec2:CreateDhcpOptions", "ec2:CreateImage", "ec2:CreateInternetGateway", "ec2:CreateKeyPair", @@ -52,6 +54,7 @@ "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVpc", + "ec2:DeleteDhcpOptions", "ec2:DeleteInternetGateway", "ec2:DeleteKeyPair", "ec2:DeleteNatGateway", diff --git a/test/integration/targets/ec2_vpc_net/aliases b/test/integration/targets/ec2_vpc_net/aliases new file mode 100644 index 0000000000..ebdf4aa572 --- /dev/null +++ b/test/integration/targets/ec2_vpc_net/aliases @@ -0,0 +1,2 @@ +cloud/aws +posix/ci/cloud/group1/aws diff --git a/test/integration/targets/ec2_vpc_net/defaults/main.yml b/test/integration/targets/ec2_vpc_net/defaults/main.yml new file mode 100644 index 0000000000..16079778d8 --- /dev/null +++ b/test/integration/targets/ec2_vpc_net/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for ec2_vpc_net diff --git a/test/integration/targets/ec2_vpc_net/meta/main.yml b/test/integration/targets/ec2_vpc_net/meta/main.yml new file mode 100644 index 0000000000..1f64f1169a --- /dev/null +++ b/test/integration/targets/ec2_vpc_net/meta/main.yml @@ -0,0 +1,3 @@ +dependencies: + - prepare_tests + - setup_ec2 diff --git a/test/integration/targets/ec2_vpc_net/tasks/main.yml b/test/integration/targets/ec2_vpc_net/tasks/main.yml new file mode 100644 index 0000000000..4f0ca6b177 --- /dev/null +++ b/test/integration/targets/ec2_vpc_net/tasks/main.yml @@ -0,0 +1,295 @@ +--- +- block: + + # ============================================================ + + - name: run the module without parameters + ec2_vpc_net: + ignore_errors: yes + register: result + + - name: assert failure + assert: + that: + - 'result | failed' + - 'result.msg.startswith("missing required arguments")' + + # ============================================================ + + - name: attempt to create a VPC without providing connnection information + ec2_vpc_net: + cidr_block: 20.0.0.0/24 + name: "{{ resource_prefix }}" + state: present + region: us-east-1 + ignore_errors: yes + register: result + + - name: assert connection failure + assert: + that: + - 'result | failed' + - 'result.msg.startswith("No handler was ready to authenticate")' + + # ============================================================ + + - name: set connection information for subsequent tasks + set_fact: + aws_connection_info: &aws_connection_info + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + security_token: "{{ security_token }}" + region: "{{ aws_region }}" + no_log: yes + + # ============================================================ + + - name: test check mode creating a VPC + ec2_vpc_net: + cidr_block: 20.0.0.0/24 + name: "{{ resource_prefix }}" + state: present + <<: *aws_connection_info + check_mode: true + register: result + + - name: check for a change + assert: + that: + - 'result.changed' + + # ============================================================ + + - name: create a VPC + ec2_vpc_net: + cidr_block: 20.0.0.0/24 + name: "{{ resource_prefix }}" + state: present + <<: *aws_connection_info + register: result + + - name: assert the VPC was created successfully + assert: + that: + - 'result | success' + - 'result.changed' + + - name: assert the output + assert: + that: + - '"cidr_block" in result.vpc' + - '"classic_link_enabled" in result.vpc' + - '"dhcp_options_id" in result.vpc' + - '"id" in result.vpc' + - '"instance_tenancy" in result.vpc' + - '"is_default" in result.vpc' + - '"state" in result.vpc' + - '"tags" in result.vpc' + + - name: set the first VPC as a fact for comparison and cleanup + set_fact: + vpc_1: "{{ result.vpc.id }}" + + - name: save default dhcp_options_id for later comparison + set_fact: + default_dhcp_options_id: "{{ result.vpc.dhcp_options_id }}" + + # ============================================================ + + - name: test check mode creating an identical VPC + ec2_vpc_net: + cidr_block: 20.0.0.0/24 + name: "{{ resource_prefix }}" + state: present + multi_ok: yes + <<: *aws_connection_info + check_mode: true + register: result + + - name: assert a change would be made + assert: + that: + - 'result.changed' + + # ============================================================ + + - name: create a VPC with a dedicated tenancy using the same CIDR and name + ec2_vpc_net: + cidr_block: 20.0.0.0/24 + name: "{{ resource_prefix }}" + tenancy: dedicated + state: present + multi_ok: yes + <<: *aws_connection_info + register: result + + - name: assert a new VPC was created + assert: + that: + - 'result | success' + - 'result.changed' + - 'result.vpc.instance_tenancy == "dedicated"' + - result.vpc.id != vpc_1 + + # ============================================================ + + - name: attempt to create another VPC with the same CIDR and name without multi_ok + ec2_vpc_net: + cidr_block: 20.0.0.0/24 + name: "{{ resource_prefix }}" + state: present + multi_ok: no + <<: *aws_connection_info + register: result + ignore_errors: yes + + - name: assert failure + assert: + that: + - 'result | failed' + - '"If you would like to create the VPC anyway please pass True to the multi_ok param" in result.msg' + + # ============================================================ + + # FIXME: right now if there are multiple matching VPCs they cannot be removed, + # as there is no vpc_id option for idempotence. A workaround is to retag the VPC. + - name: remove Name tag on vpc_1 + ec2_tag: + resource: "{{ vpc_1 }}" + state: absent + tags: + Name: "{{ resource_prefix }}" + <<: *aws_connection_info + + - name: add a unique name tag + ec2_tag: + resource: "{{ vpc_1 }}" + state: present + tags: + Name: "{{ resource_prefix }}-changed" + <<: *aws_connection_info + + - name: delete one of the VPCs + ec2_vpc_net: + cidr_block: 20.0.0.0/24 + name: "{{ resource_prefix }}-changed" + state: absent + <<: *aws_connection_info + register: result + + - name: assert success + assert: + that: + - 'result.changed' + - 'not result.vpc' + + # ============================================================ + + - name: attempt to delete a VPC that doesn't exist + ec2_vpc_net: + cidr_block: 20.0.0.0/24 + name: "{{ resource_prefix }}-changed" + state: absent + <<: *aws_connection_info + register: result + + - name: assert no changes were made + assert: + that: + - 'not result.changed' + - 'not result.vpc' + + # ============================================================ + + - name: create a DHCP option set to use in next test + ec2_vpc_dhcp_option: + dns_servers: + - 4.4.4.4 + - 8.8.8.8 + tags: + Name: "{{ resource_prefix }}" + <<: *aws_connection_info + register: new_dhcp + + - name: modify the DHCP options set for a VPC + ec2_vpc_net: + cidr_block: 20.0.0.0/24 + name: "{{ resource_prefix }}" + state: present + multi_ok: no + dhcp_opts_id: "{{ new_dhcp.dhcp_options_id }}" + <<: *aws_connection_info + register: result + + - name: assert the DHCP option set changed + assert: + that: + - 'result.changed' + - default_dhcp_options_id != result.vpc.dhcp_options_id + + # ============================================================ + + - name: modify classic_link_enabled + ec2_vpc_net: + cidr_block: 20.0.0.0/24 + name: "{{ resource_prefix }}" + dns_support: True + dns_hostnames: True + state: present + multi_ok: no + <<: *aws_connection_info + register: result + + - name: assert a change was made + assert: + that: + - 'result | success' + # FIXME The module currently doesn't note changed for VPC attributes. + # Once this is fixed a test should be added for check mode as well. + # - 'result.changed' + + # ============================================================ + + - name: test check mode to delete a VPC + ec2_vpc_net: + cidr_block: 20.0.0.0/24 + name: "{{ resource_prefix }}" + state: absent + <<: *aws_connection_info + check_mode: true + register: result + + - name: assert that a change would have been made + assert: + that: + - 'result.changed' + + # ============================================================ + + always: + + - name: replace the DHCP options set so the new one can be deleted + ec2_vpc_net: + cidr_block: 20.0.0.0/24 + name: "{{ resource_prefix }}" + state: present + multi_ok: no + dhcp_opts_id: "{{ default_dhcp_options_id }}" + <<: *aws_connection_info + ignore_errors: true + + - name: remove the DHCP option set + ec2_vpc_dhcp_option: + dhcp_options_id: "{{ new_dhcp.dhcp_options_id }}" + state: absent + <<: *aws_connection_info + ignore_errors: true + + - name: remove the VPC + ec2_vpc_net: + cidr_block: 20.0.0.0/24 + name: "{{ resource_prefix }}" + state: absent + <<: *aws_connection_info + + # ============================================================