Split ec2_instance target

tests/integration/targets/ec2_instance/aliases → tests/integration/targets/ec2_instance_1/aliases

@@ -3,3 +3,4 @@ slow
 
 cloud/aws
 ec2_instance_info
+ec2_instance

tests/integration/targets/ec2_instance/inventory → tests/integration/targets/ec2_instance_1/inventory

@@ -1,8 +1,5 @@
 [tests]
-instance_minimal
-instance_multiple
 checkmode_tests
-termination_protection
 ebs_optimized
 block_devices
 cpu_options

tests/integration/targets/ec2_instance/main.yml → tests/integration/targets/ec2_instance_1/main.yml

@@ -20,11 +20,11 @@
       setup_run_once: yes
     block:
     - include_role:
-        name: 'ec2_instance'
+        name: 'ec2_instance_1'
         tasks_from: env_setup.yml
     rescue:
     - include_role:
-        name: 'ec2_instance'
+        name: 'ec2_instance_1'
         tasks_from: env_cleanup.yml
       run_once: yes
     - fail:
@@ -37,4 +37,4 @@
   strategy: free
   serial: 7
   roles:
-    - ec2_instance
+    - ec2_instance_1

tests/integration/targets/ec2_instance_2/aliases

@@ -0,0 +1,6 @@
+# duration: 25
+slow
+
+cloud/aws
+ec2_instance_info
+ec2_instance

tests/integration/targets/ec2_instance_2/inventory

@@ -0,0 +1,8 @@
+[tests]
+instance_minimal
+instance_multiple
+termination_protection
+
+[all:vars]
+ansible_connection=local
+ansible_python_interpreter="{{ ansible_playbook_python }}"

tests/integration/targets/ec2_instance_2/main.yml

@@ -0,0 +1,40 @@
+---
+# Beware: most of our tests here are run in parallel.
+# To add new tests you'll need to add a new host to the inventory and a matching
+# '{{ inventory_hostname }}'.yml file in roles/ec2_instance/tasks/
+
+
+# Prepare the VPC and figure out which AMI to use
+- hosts: all
+  gather_facts: no
+  tasks:
+  - module_defaults:
+      group/aws:
+        aws_access_key: "{{ aws_access_key }}"
+        aws_secret_key: "{{ aws_secret_key }}"
+        security_token: "{{ security_token | default(omit) }}"
+        region: "{{ aws_region }}"
+    vars:
+      # We can't just use "run_once" because the facts don't propagate when
+      # running an 'include' that was run_once
+      setup_run_once: yes
+    block:
+    - include_role:
+        name: 'ec2_instance_2'
+        tasks_from: env_setup.yml
+    rescue:
+    - include_role:
+        name: 'ec2_instance_2'
+        tasks_from: env_cleanup.yml
+      run_once: yes
+    - fail:
+        msg: 'Environment preparation failed'
+      run_once: yes
+
+# VPC should get cleaned up once all hosts have run
+- hosts: all
+  gather_facts: no
+  strategy: free
+  serial: 7
+  roles:
+    - ec2_instance_2

tests/integration/targets/ec2_instance_2/meta/main.yml

@@ -0,0 +1,6 @@
+# this just makes sure they're in the right place
+dependencies:
+- role: setup_ec2_facts
+- role: setup_botocore_pip
+  vars:
+    boto3_version: "1.20.30"

tests/integration/targets/ec2_instance_2/roles/ec2_instance_2/defaults/main.yml

@@ -0,0 +1,21 @@
+---
+# defaults file for ec2_instance
+ec2_instance_owner: 'integration-run-{{ resource_prefix }}'
+ec2_instance_type: 't3.micro'
+ec2_instance_tag_TestId: '{{ resource_prefix }}-{{ inventory_hostname }}'
+
+vpc_name: '{{ resource_prefix }}-vpc'
+vpc_seed: '{{ resource_prefix }}'
+vpc_cidr: '10.{{ 256 | random(seed=vpc_seed) }}.0.0/16'
+
+subnet_a_az: '{{ ec2_availability_zone_names[0] }}'
+subnet_a_cidr: '10.{{ 256 | random(seed=vpc_seed) }}.32.0/24'
+subnet_a_startswith: '10.{{ 256 | random(seed=vpc_seed) }}.32.'
+subnet_b_az: '{{ ec2_availability_zone_names[1] }}'
+subnet_b_cidr: '10.{{ 256 | random(seed=vpc_seed) }}.33.0/24'
+subnet_b_startswith: '10.{{ 256 | random(seed=vpc_seed) }}.33.'
+
+first_iam_role: "ansible-test-sts-{{ resource_prefix | hash('md5') }}-test-policy"
+second_iam_role: "ansible-test-sts-{{ resource_prefix | hash('md5') }}-test-policy-2"
+# Zuul resource prefixes are very long, and IAM roles can only be 64 characters
+unique_id: "{{ resource_prefix | hash('md5') }}"

tests/integration/targets/ec2_instance_2/roles/ec2_instance_2/files/assume-role-policy.json

@@ -0,0 +1,13 @@
+{
+  "Version": "2008-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}

tests/integration/targets/ec2_instance_2/roles/ec2_instance_2/meta/main.yml

@@ -0,0 +1,7 @@
+dependencies:
+- role: setup_ec2_facts
+- role: setup_botocore_pip
+  vars:
+    boto3_version: "1.20.30"
+collections:
+- amazon.aws

tests/integration/targets/ec2_instance_2/roles/ec2_instance_2/tasks/env_cleanup.yml

@@ -0,0 +1,79 @@
+- name: "remove Instances"
+  ec2_instance:
+    state: absent
+    filters:
+      vpc-id: "{{ testing_vpc.vpc.id }}"
+    wait: yes
+  ignore_errors: yes
+  retries: 10
+
+- name: "remove ENIs"
+  ec2_eni_info:
+    filters:
+      vpc-id: "{{ testing_vpc.vpc.id }}"
+  register: enis
+
+- name: "delete all ENIs"
+  ec2_eni:
+    state: absent
+    eni_id: "{{ item.id }}"
+  register: removed
+  until: removed is not failed
+  with_items: "{{ enis.network_interfaces }}"
+  ignore_errors: yes
+  retries: 10
+
+- name: "remove the security group"
+  ec2_group:
+    state: absent
+    name: "{{ resource_prefix }}-sg"
+    description: a security group for ansible tests
+    vpc_id: "{{ testing_vpc.vpc.id }}"
+  register: removed
+  until: removed is not failed
+  ignore_errors: yes
+  retries: 10
+
+- name: "remove the second security group"
+  ec2_group:
+    name: "{{ resource_prefix }}-sg-2"
+    description: a security group for ansible tests
+    vpc_id: "{{ testing_vpc.vpc.id }}"
+    state: absent
+  register: removed
+  until: removed is not failed
+  ignore_errors: yes
+  retries: 10
+
+- name: "remove subnet A"
+  ec2_vpc_subnet:
+    state: absent
+    vpc_id: "{{ testing_vpc.vpc.id }}"
+    cidr: "{{ subnet_a_cidr }}"
+  register: removed
+  until: removed is not failed
+  ignore_errors: yes
+  retries: 10
+
+- name: "remove subnet B"
+  ec2_vpc_subnet:
+    state: absent
+    vpc_id: "{{ testing_vpc.vpc.id }}"
+    cidr: "{{ subnet_b_cidr }}"
+  register: removed
+  until: removed is not failed
+  ignore_errors: yes
+  retries: 10
+
+- name: "remove the VPC"
+  ec2_vpc_net:
+    state: absent
+    name: "{{ vpc_name }}"
+    cidr_block: "{{ vpc_cidr }}"
+    tags:
+      Name: Ansible Testing VPC
+    tenancy: default
+  register: removed
+  until: removed is not failed
+  ignore_errors: yes
+  retries: 10

tests/integration/targets/ec2_instance_2/roles/ec2_instance_2/tasks/env_setup.yml

@@ -0,0 +1,64 @@
+- run_once: '{{ setup_run_once | default("no") | bool }}'
+  block:
+  - name: "Create VPC for use in testing"
+    ec2_vpc_net:
+      state: present
+      name: "{{ vpc_name }}"
+      cidr_block: "{{ vpc_cidr }}"
+      tags:
+        Name: Ansible ec2_instance Testing VPC
+      tenancy: default
+    register: testing_vpc
+
+  - name: "Create default subnet in zone A"
+    ec2_vpc_subnet:
+      state: present
+      vpc_id: "{{ testing_vpc.vpc.id }}"
+      cidr: "{{ subnet_a_cidr }}"
+      az: "{{ subnet_a_az }}"
+      resource_tags:
+        Name: "{{ resource_prefix }}-subnet-a"
+    register: testing_subnet_a
+
+  - name: "Create secondary subnet in zone B"
+    ec2_vpc_subnet:
+      state: present
+      vpc_id: "{{ testing_vpc.vpc.id }}"
+      cidr: "{{ subnet_b_cidr }}"
+      az: "{{ subnet_b_az }}"
+      resource_tags:
+        Name: "{{ resource_prefix }}-subnet-b"
+    register: testing_subnet_b
+
+  - name: "create a security group with the vpc"
+    ec2_group:
+      state: present
+      name: "{{ resource_prefix }}-sg"
+      description: a security group for ansible tests
+      vpc_id: "{{ testing_vpc.vpc.id }}"
+      rules:
+        - proto: tcp
+          from_port: 22
+          to_port: 22
+          cidr_ip: 0.0.0.0/0
+        - proto: tcp
+          from_port: 80
+          to_port: 80
+          cidr_ip: 0.0.0.0/0
+    register: sg
+
+  - name: "create secondary security group with the vpc"
+    ec2_group:
+      name: "{{ resource_prefix }}-sg-2"
+      description: a secondary security group for ansible tests
+      vpc_id: "{{ testing_vpc.vpc.id }}"
+      rules:
+        - proto: tcp
+          from_port: 22
+          to_port: 22
+          cidr_ip: 0.0.0.0/0
+        - proto: tcp
+          from_port: 80
+          to_port: 80
+          cidr_ip: 0.0.0.0/0
+    register: sg2

tests/integration/targets/ec2_instance_2/roles/ec2_instance_2/tasks/main.yml

@@ -0,0 +1,56 @@
+---
+# Beware: most of our tests here are run in parallel.
+# To add new tests you'll need to add a new host to the inventory and a matching
+# '{{ inventory_hostname }}'.yml file in roles/ec2_instance/tasks/
+#
+#  Please make sure you tag your instances with
+#     tags:
+#       "tag:TestId": "{{ ec2_instance_tag_TestId }}"
+#  And delete them based off that tag at the end of your specific set of tests
+#
+# ###############################################################################
+#
+# A Note about ec2 environment variable name preference:
+#  - EC2_URL -> AWS_URL
+#  - EC2_ACCESS_KEY -> AWS_ACCESS_KEY_ID -> AWS_ACCESS_KEY
+#  - EC2_SECRET_KEY -> AWS_SECRET_ACCESS_KEY -> AWX_SECRET_KEY
+#  - EC2_REGION -> AWS_REGION
+#
+
+- name: "Wrap up all tests and setup AWS credentials"
+  module_defaults:
+    group/aws:
+      aws_access_key: "{{ aws_access_key }}"
+      aws_secret_key: "{{ aws_secret_key }}"
+      security_token: "{{ security_token | default(omit) }}"
+      region: "{{ aws_region }}"
+      aws_config:
+        retries:
+          # Unfortunately AWSRetry doesn't support paginators and boto3's paginators
+          # don't support any configuration of the delay between retries.
+          max_attempts: 20
+  collections:
+    - amazon.aws
+    - community.aws
+  block:
+    - debug:
+        msg: "{{ inventory_hostname }} start: {{ lookup('pipe','date') }}"
+    - include_tasks: '{{ inventory_hostname }}.yml'
+    - debug:
+        msg: "{{ inventory_hostname }} finish: {{ lookup('pipe','date') }}"
+
+  always:
+    - set_fact:
+        _role_complete: True
+    - vars:
+        completed_hosts: '{{ ansible_play_hosts_all | map("extract", hostvars, "_role_complete") | list | select("defined") | list | length }}'
+        hosts_in_play: '{{ ansible_play_hosts_all | length }}'
+      debug:
+        msg: "{{ completed_hosts }} of {{ hosts_in_play }} complete"
+    - include_tasks: env_cleanup.yml
+      vars:
+        completed_hosts: '{{ ansible_play_hosts_all | map("extract", hostvars, "_role_complete") | list | select("defined") | list | length }}'
+        hosts_in_play: '{{ ansible_play_hosts_all | length }}'
+      when:
+      - aws_cleanup
+      - completed_hosts == hosts_in_play

tests/integration/targets/ec2_instance_2/runme.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+#
+# Beware: most of our tests here are run in parallel.
+# To add new tests you'll need to add a new host to the inventory and a matching
+# '{{ inventory_hostname }}'.yml file in roles/ec2_instance/tasks/
+
+
+set -eux
+
+export ANSIBLE_ROLES_PATH=../
+
+ansible-playbook main.yml -i inventory "$@"