main.yml - A Note about ec2 environment variable name prefe…

/test/integration/roles/test_ec2_key/tasks/main.yml

https://github.com/ajanthanm/ansible · YAML · 337 lines · 264 code · 37 blank · 36 comment · 0 complexity · 95bbd7ce85187dd0d9cd36af02fad19b MD5 · raw file

---
# A Note about ec2 environment variable name preference:
#  - EC2_URL -> AWS_URL
#  - EC2_ACCESS_KEY -> AWS_ACCESS_KEY_ID -> AWS_ACCESS_KEY
#  - EC2_SECRET_KEY -> AWS_SECRET_ACCESS_KEY -> AWX_SECRET_KEY
#  - EC2_REGION -> AWS_REGION
#
# TODO - name: test 'region' parameter
# TODO - name: test 'state=absent' parameter for existing key
# TODO - name: test 'state=absent' parameter for missing key
# TODO - name: test 'validate_certs' parameter

# ============================================================
# - include: ../../setup_ec2/tasks/common.yml module_name=ec2_key

# ============================================================
- name: test with no parameters
  ec2_key:
  register: result
  ignore_errors: true

- name: assert failure when called with no parameters
  assert:
    that:
       - 'result.failed'
       - 'result.msg == "missing required arguments: name"'

# ============================================================
- name: test with only name
  ec2_key:
    name={{ec2_key_name}}
  register: result
  ignore_errors: true

- name: assert failure when called with only 'name'
  assert:
    that:
       - 'result.failed'
       - 'result.msg == "Either region or ec2_url must be specified"'

# ============================================================
- name: test invalid region parameter
  ec2_key:
    name={{ec2_key_name}}
    region='asdf querty 1234'
  register: result
  ignore_errors: true

- name: assert invalid region parameter
  assert:
    that:
       - 'result.failed'
       - 'result.msg.startswith("value of region must be one of:")'

# ============================================================
- name: test valid region parameter
  ec2_key:
    name={{ec2_key_name}}
    region={{ec2_region}}
  register: result
  ignore_errors: true

- name: assert valid region parameter
  assert:
    that:
       - 'result.failed'
       - 'result.msg.startswith("No handler was ready to authenticate.")'

# ============================================================
- name: test environment variable EC2_REGION
  ec2_key:
    name={{ec2_key_name}}
  environment:
    EC2_REGION: '{{ec2_region}}'
  register: result
  ignore_errors: true

- name: assert environment variable EC2_REGION
  assert:
    that:
       - 'result.failed'
       - 'result.msg.startswith("No handler was ready to authenticate.")'

# ============================================================
- name: test invalid ec2_url parameter
  ec2_key:
    name={{ec2_key_name}}
  environment:
    EC2_URL: bogus.example.com
  register: result
  ignore_errors: true

- name: assert invalid ec2_url parameter
  assert:
    that:
       - 'result.failed'
       - 'result.msg.startswith("No handler was ready to authenticate.")'

# ============================================================
- name: test valid ec2_url parameter
  ec2_key:
    name={{ec2_key_name}}
  environment:
    EC2_URL: '{{ec2_url}}'
  register: result
  ignore_errors: true

- name: assert valid ec2_url parameter
  assert:
    that:
       - 'result.failed'
       - 'result.msg.startswith("No handler was ready to authenticate.")'

# ============================================================
- name: test credentials from environment
  ec2_key:
    name={{ec2_key_name}}
  environment:
    EC2_REGION: '{{ec2_region}}'
    EC2_ACCESS_KEY: bogus_access_key
    EC2_SECRET_KEY: bogus_secret_key
  register: result
  ignore_errors: true

- name: assert ec2_key with valid ec2_url
  assert:
    that:
       - 'result.failed'
       - '"EC2ResponseError: 401 Unauthorized" in result.msg'

# ============================================================
- name: test credential parameters
  ec2_key:
    name={{ec2_key_name}}
    ec2_region={{ec2_region}}
    ec2_access_key=bogus_access_key
    ec2_secret_key=bogus_secret_key
  register: result
  ignore_errors: true

- name: assert credential parameters
  assert:
    that:
       - 'result.failed'
       - '"EC2ResponseError: 401 Unauthorized" in result.msg'

# ============================================================
- name: test state=absent with key_material
  ec2_key:
    name='{{ec2_key_name}}'
    ec2_region={{ec2_region}}
    ec2_access_key={{ec2_access_key}}
    ec2_secret_key={{ec2_secret_key}}
    state=absent
  register: result

- name: assert state=absent with key_material
  assert:
    that:
       - '"failed" not in result'

# ============================================================
- name: test state=present without key_material
  ec2_key:
    name='{{ec2_key_name}}'
    ec2_region={{ec2_region}}
    ec2_access_key={{ec2_access_key}}
    ec2_secret_key={{ec2_secret_key}}
    state=present
  register: result

- name: assert state=present without key_material
  assert:
    that:
       - 'result.changed'
       - '"failed" not in result'
       - '"key" in result'
       - '"name" in result.key'
       - '"fingerprint" in result.key'
       - '"private_key" in result.key'
       - 'result.key.name == "{{ec2_key_name}}"'

# ============================================================
- name: test state=absent without key_material
  ec2_key:
    name='{{ec2_key_name}}'
    state=absent
  environment:
    EC2_REGION: '{{ec2_region}}'
    EC2_ACCESS_KEY: '{{ec2_access_key}}'
    EC2_SECRET_KEY: '{{ec2_secret_key}}'
  register: result

- name: assert state=absent without key_material
  assert:
    that:
       - 'result.changed'
       - '"failed" not in result'
       - '"key" in result'
       - 'result.key == None'

# ============================================================
- name: test state=present with key_material
  ec2_key:
    name='{{ec2_key_name}}'
    key_material='{{key_material}}'
    state=present
  environment:
    EC2_REGION: '{{ec2_region}}'
    EC2_ACCESS_KEY: '{{ec2_access_key}}'
    EC2_SECRET_KEY: '{{ec2_secret_key}}'
  register: result

- name: assert state=present with key_material
  assert:
    that:
       - '"failed" not in result'
       - 'result.changed == True'
       - '"key" in result'
       - '"name" in result.key'
       - 'result.key.name == "{{ec2_key_name}}"'
       - '"fingerprint" in result.key'
       - '"private_key" not in result.key'
       # FIXME - why don't the fingerprints match?
       # - 'result.key.fingerprint == "{{fingerprint}}"'

# ============================================================
- name: test state=absent with key_material
  ec2_key:
    name='{{ec2_key_name}}'
    key_material='{{key_material}}'
    ec2_region='{{ec2_region}}'
    ec2_access_key='{{ec2_access_key}}'
    ec2_secret_key='{{ec2_secret_key}}'
    state=absent
  register: result

- name: assert state=absent with key_material
  assert:
    that:
       - 'result.changed'
       - '"failed" not in result'
       - '"key" in result'
       - 'result.key == None'

# ============================================================
- name: test state=present with key_material with_files (expect changed=true)
  ec2_key:
    name='{{ec2_key_name}}'
    state=present
    key_material='{{ item }}'
  with_file: sshkey ~ '.pub'
  environment:
    EC2_REGION: '{{ec2_region}}'
    EC2_ACCESS_KEY: '{{ec2_access_key}}'
    EC2_SECRET_KEY: '{{ec2_secret_key}}'
  register: result

- name: assert state=present with key_material with_files (expect changed=true)
  assert:
    that:
       - 'result.msg == "All items completed"'
       - 'result.changed == True'
       - '"results" in result'
       - '"item" in result.results[0]'
       - '"key" in result.results[0]'
       - '"name" in result.results[0].key'
       - 'result.results[0].key.name == "{{ec2_key_name}}"'
       - '"fingerprint" in result.results[0].key'
       - '"private_key" not in result.results[0].key'
       # FIXME - why doesn't result.key.fingerprint == {{fingerprint}}
       # - 'result.key.fingerprint == "{{fingerprint}}"'

# ============================================================
- name: test state=present with key_material with_files (expect changed=false)
  ec2_key:
    name='{{ec2_key_name}}'
    state=present
    key_material='{{ item }}'
  with_file: sshkey ~ '.pub'
  environment:
    EC2_REGION: '{{ec2_region}}'
    EC2_ACCESS_KEY: '{{ec2_access_key}}'
    EC2_SECRET_KEY: '{{ec2_secret_key}}'
  register: result

- name: assert state=present with key_material with_files (expect changed=false)
  assert:
    that:
       - 'result.msg == "All items completed"'
       - 'not result.changed'
       - '"results" in result'
       - '"item" in result.results[0]'
       - '"key" in result.results[0]'
       - '"name" in result.results[0].key'
       - 'result.results[0].key.name == "{{ec2_key_name}}"'
       - '"fingerprint" in result.results[0].key'
       - '"private_key" not in result.results[0].key'
       # FIXME - why doesn't result.key.fingerprint == {{fingerprint}}
       # - 'result.key.fingerprint == "{{fingerprint}}"'

# ============================================================
- name: test state=absent with key_material (expect changed=true)
  ec2_key:
    name='{{ec2_key_name}}'
    ec2_region='{{ec2_region}}'
    ec2_access_key='{{ec2_access_key}}'
    ec2_secret_key='{{ec2_secret_key}}'
    key_material='{{key_material}}'
    state=absent
  register: result

- name: assert state=absent with key_material (expect changed=true)
  assert:
    that:
       - 'result.changed'
       - '"failed" not in result'
       - '"key" in result'
       - 'result.key == None'

# ============================================================
- name: test state=absent (expect changed=false)
  ec2_key:
    name='{{ec2_key_name}}'
    ec2_region='{{ec2_region}}'
    ec2_access_key='{{ec2_access_key}}'
    ec2_secret_key='{{ec2_secret_key}}'
    state=absent
  register: result

- name: assert state=absent with key_material (expect changed=false)
  assert:
    that:
       - 'not result.changed'
       - '"failed" not in result'
       - '"key" in result'
       - 'result.key == None'