--- # A Note about ec2 environment variable name preference: # - EC2_URL -> AWS_URL # - EC2_ACCESS_KEY -> AWS_ACCESS_KEY_ID -> AWS_ACCESS_KEY # - EC2_SECRET_KEY -> AWS_SECRET_ACCESS_KEY -> AWX_SECRET_KEY # - EC2_REGION -> AWS_REGION # # TODO - name: test 'region' parameter # TODO - name: test 'state=absent' parameter for existing key # TODO - name: test 'state=absent' parameter for missing key # TODO - name: test 'validate_certs' parameter # ============================================================ # - include: ../../setup_ec2/tasks/common.yml module_name=ec2_key - block: # ============================================================ - name: test with no parameters ec2_key: register: result ignore_errors: true - name: assert failure when called with no parameters assert: that: - 'result.failed' - 'result.msg == "missing required arguments: name"' # ============================================================ - name: test with only name ec2_key: name={{ec2_key_name}} register: result ignore_errors: true - name: assert failure when called with only 'name' assert: that: - 'result.failed' - 'result.msg == "Either region or ec2_url must be specified"' # ============================================================ - name: test invalid region parameter ec2_key: name={{ec2_key_name}} region='asdf querty 1234' register: result ignore_errors: true - name: assert invalid region parameter assert: that: - 'result.failed' - 'result.msg.startswith("Region asdf querty 1234 does not seem to be available ")' # ============================================================ - name: test valid region parameter ec2_key: name={{ec2_key_name}} region={{ec2_region}} register: result ignore_errors: true - name: assert valid region parameter assert: that: - 'result.failed' - 'result.msg.startswith("No handler was ready to authenticate.")' # ============================================================ - name: test environment variable EC2_REGION ec2_key: name={{ec2_key_name}} environment: EC2_REGION: '{{ec2_region}}' register: result ignore_errors: true - name: assert environment variable EC2_REGION assert: that: - 'result.failed' - 'result.msg.startswith("No handler was ready to authenticate.")' # ============================================================ - name: test invalid ec2_url parameter ec2_key: name={{ec2_key_name}} environment: EC2_URL: bogus.example.com register: result ignore_errors: true - name: assert invalid ec2_url parameter assert: that: - 'result.failed' - 'result.msg.startswith("No handler was ready to authenticate.")' # ============================================================ - name: test valid ec2_url parameter ec2_key: name={{ec2_key_name}} environment: EC2_URL: '{{ec2_url}}' register: result ignore_errors: true - name: assert valid ec2_url parameter assert: that: - 'result.failed' - 'result.msg.startswith("No handler was ready to authenticate.")' # ============================================================ - name: test credentials from environment ec2_key: name={{ec2_key_name}} environment: EC2_REGION: '{{ec2_region}}' EC2_ACCESS_KEY: bogus_access_key EC2_SECRET_KEY: bogus_secret_key register: result ignore_errors: true - name: assert ec2_key with valid ec2_url assert: that: - 'result.failed' - '"EC2ResponseError: 401 Unauthorized" in result.module_stderr' # ============================================================ - name: test credential parameters ec2_key: name={{ec2_key_name}} ec2_region={{ec2_region}} ec2_access_key=bogus_access_key ec2_secret_key=bogus_secret_key register: result ignore_errors: true - name: assert credential parameters assert: that: - 'result.failed' - '"EC2ResponseError: 401 Unauthorized" in result.module_stderr' # ============================================================ - name: test state=absent with key_material ec2_key: name='{{ec2_key_name}}' ec2_region={{ec2_region}} ec2_access_key={{ec2_access_key}} ec2_secret_key={{ec2_secret_key}} security_token={{security_token}} state=absent register: result - name: assert state=absent with key_material assert: that: - '"failed" not in result' # ============================================================ - name: test state=present without key_material ec2_key: name='{{ec2_key_name}}' ec2_region={{ec2_region}} ec2_access_key={{ec2_access_key}} ec2_secret_key={{ec2_secret_key}} security_token={{security_token}} state=present register: result - name: assert state=present without key_material assert: that: - 'result.changed' - '"failed" not in result' - '"key" in result' - '"name" in result.key' - '"fingerprint" in result.key' - '"private_key" in result.key' - 'result.key.name == "{{ec2_key_name}}"' # ============================================================ - name: test state=absent without key_material ec2_key: name='{{ec2_key_name}}' state=absent environment: EC2_REGION: '{{ec2_region}}' EC2_ACCESS_KEY: '{{ec2_access_key}}' EC2_SECRET_KEY: '{{ec2_secret_key}}' EC2_SECURITY_TOKEN: '{{security_token|default("")}}' register: result - name: assert state=absent without key_material assert: that: - 'result.changed' - '"failed" not in result' - '"key" in result' - 'result.key == None' # ============================================================ - name: test state=present with key_material ec2_key: name='{{ec2_key_name}}' key_material='{{key_material}}' state=present environment: EC2_REGION: '{{ec2_region}}' EC2_ACCESS_KEY: '{{ec2_access_key}}' EC2_SECRET_KEY: '{{ec2_secret_key}}' EC2_SECURITY_TOKEN: '{{security_token|default("")}}' register: result - name: assert state=present with key_material assert: that: - '"failed" not in result' - 'result.changed == True' - '"key" in result' - '"name" in result.key' - 'result.key.name == "{{ec2_key_name}}"' - '"fingerprint" in result.key' - '"private_key" not in result.key' # FIXME - why don't the fingerprints match? # - 'result.key.fingerprint == "{{fingerprint}}"' # ============================================================ - name: test state=absent with key_material ec2_key: name='{{ec2_key_name}}' key_material='{{key_material}}' ec2_region='{{ec2_region}}' ec2_access_key='{{ec2_access_key}}' ec2_secret_key='{{ec2_secret_key}}' security_token='{{security_token}}' state=absent register: result - name: assert state=absent with key_material assert: that: - 'result.changed' - '"failed" not in result' - '"key" in result' - 'result.key == None' # ============================================================ - name: test state=present with key_material with_files (expect changed=true) ec2_key: name='{{ec2_key_name}}' state=present key_material='{{ item }}' with_file: '{{sshkey}}.pub' environment: EC2_REGION: '{{ec2_region}}' EC2_ACCESS_KEY: '{{ec2_access_key}}' EC2_SECRET_KEY: '{{ec2_secret_key}}' EC2_SECURITY_TOKEN: '{{security_token|default("")}}' register: result - name: assert state=present with key_material with_files (expect changed=true) assert: that: - 'result.msg == "All items completed"' - 'result.changed == True' - '"results" in result' - '"item" in result.results[0]' - '"key" in result.results[0]' - '"name" in result.results[0].key' - 'result.results[0].key.name == "{{ec2_key_name}}"' - '"fingerprint" in result.results[0].key' - '"private_key" not in result.results[0].key' # FIXME - why doesn't result.key.fingerprint == {{fingerprint}} # - 'result.key.fingerprint == "{{fingerprint}}"' # ============================================================ - name: test state=present with key_material with_files (expect changed=false) ec2_key: name='{{ec2_key_name}}' state=present key_material='{{ item }}' with_file: '{{sshkey}}.pub' environment: EC2_REGION: '{{ec2_region}}' EC2_ACCESS_KEY: '{{ec2_access_key}}' EC2_SECRET_KEY: '{{ec2_secret_key}}' EC2_SECURITY_TOKEN: '{{security_token|default("")}}' register: result - name: assert state=present with key_material with_files (expect changed=false) assert: that: - 'result.msg == "All items completed"' - 'not result.changed' - '"results" in result' - '"item" in result.results[0]' - '"key" in result.results[0]' - '"name" in result.results[0].key' - 'result.results[0].key.name == "{{ec2_key_name}}"' - '"fingerprint" in result.results[0].key' - '"private_key" not in result.results[0].key' # FIXME - why doesn't result.key.fingerprint == {{fingerprint}} # - 'result.key.fingerprint == "{{fingerprint}}"' # ============================================================ - name: test state=absent with key_material (expect changed=true) ec2_key: name='{{ec2_key_name}}' ec2_region='{{ec2_region}}' ec2_access_key='{{ec2_access_key}}' ec2_secret_key='{{ec2_secret_key}}' security_token='{{security_token}}' key_material='{{key_material}}' state=absent register: result - name: assert state=absent with key_material (expect changed=true) assert: that: - 'result.changed' - '"failed" not in result' - '"key" in result' - 'result.key == None' always: # ============================================================ - name: test state=absent (expect changed=false) ec2_key: name='{{ec2_key_name}}' ec2_region='{{ec2_region}}' ec2_access_key='{{ec2_access_key}}' ec2_secret_key='{{ec2_secret_key}}' security_token='{{security_token}}' state=absent register: result - name: assert state=absent with key_material (expect changed=false) assert: that: - 'not result.changed' - '"failed" not in result' - '"key" in result' - 'result.key == None'