From 05dc527a0c78eb30a305443eec1ee6c86a296c66 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Thu, 8 Oct 2020 20:47:10 +0200 Subject: [PATCH] Initial tests for kinesis_stream (#42) * Initial tests for kinesis_stream * Add exceptions for broken check_mode behaviour (idemmpotency) * kinesis_stream requires shards to be defined, update the docs to match * Add tests for tagging and retention period * Yet more tests (and bugs) * Disable Kinesis KMS tests - not supported in CI right now * Apply minor changes from review Co-authored-by: Jill R <4121322+jillr@users.noreply.github.com> Co-authored-by: Jill R <4121322+jillr@users.noreply.github.com> --- plugins/modules/kinesis_stream.py | 2 + .../targets/kinesis_stream/aliases | 2 + .../targets/kinesis_stream/defaults/main.yml | 18 + .../targets/kinesis_stream/meta/main.yml | 3 + .../targets/kinesis_stream/tasks/main.yml | 713 ++++++++++++++++++ .../kinesis_stream/tasks/test_encryption.yml | 262 +++++++ 6 files changed, 1000 insertions(+) create mode 100644 tests/integration/targets/kinesis_stream/aliases create mode 100644 tests/integration/targets/kinesis_stream/defaults/main.yml create mode 100644 tests/integration/targets/kinesis_stream/meta/main.yml create mode 100644 tests/integration/targets/kinesis_stream/tasks/main.yml create mode 100644 tests/integration/targets/kinesis_stream/tasks/test_encryption.yml diff --git a/plugins/modules/kinesis_stream.py b/plugins/modules/kinesis_stream.py index 51ca85ddc94..4183444ebb3 100644 --- a/plugins/modules/kinesis_stream.py +++ b/plugins/modules/kinesis_stream.py @@ -128,6 +128,7 @@ community.aws.kinesis_stream: name: test-stream state: present + shards: 1 encryption_state: enabled encryption_type: KMS key_id: alias/aws/kinesis @@ -140,6 +141,7 @@ community.aws.kinesis_stream: name: test-stream state: present + shards: 1 encryption_state: disabled encryption_type: KMS key_id: alias/aws/kinesis diff --git a/tests/integration/targets/kinesis_stream/aliases b/tests/integration/targets/kinesis_stream/aliases new file mode 100644 index 00000000000..6e3860bee23 --- /dev/null +++ b/tests/integration/targets/kinesis_stream/aliases @@ -0,0 +1,2 @@ +cloud/aws +shippable/aws/group2 diff --git a/tests/integration/targets/kinesis_stream/defaults/main.yml b/tests/integration/targets/kinesis_stream/defaults/main.yml new file mode 100644 index 00000000000..bdaddb348e5 --- /dev/null +++ b/tests/integration/targets/kinesis_stream/defaults/main.yml @@ -0,0 +1,18 @@ +--- +kinesis_stream_name: '{{ resource_prefix }}' + +kms_cmk_alias_1: '{{ resource_prefix }}-1' +kms_cmk_alias_2: '{{ resource_prefix }}-2' + +# A variety of camelCase and PascalCase to test things don't get re-cased +# underneath us +kinesis_stream_tags_1: + tag: value + AnExample: AValue + somethingElse: Another Value + Bleep: bloop +# Adds 2 values, Deletes 2 and keeps a value +kinesis_stream_tags_2: + tag: value + foo: Bar + Baz: quuX diff --git a/tests/integration/targets/kinesis_stream/meta/main.yml b/tests/integration/targets/kinesis_stream/meta/main.yml new file mode 100644 index 00000000000..1f64f1169a9 --- /dev/null +++ b/tests/integration/targets/kinesis_stream/meta/main.yml @@ -0,0 +1,3 @@ +dependencies: + - prepare_tests + - setup_ec2 diff --git a/tests/integration/targets/kinesis_stream/tasks/main.yml b/tests/integration/targets/kinesis_stream/tasks/main.yml new file mode 100644 index 00000000000..c55d16afa8a --- /dev/null +++ b/tests/integration/targets/kinesis_stream/tasks/main.yml @@ -0,0 +1,713 @@ +--- +# ============================================================ +# Known issues: +# +# - (CM) check_mode returns changed (always?) +# - (CM_snake) check_mode returns keys and values that don't directly +# map to those from non-check_mode +# - (Tag_snake) tag keys get snake_cased in return values +# - (Tag_changed) changing tags doesn't return changed +# - (Enc_snake) return values don't get snake_cased when updating encryption +# - (Enc_disable) disabling encryption Requires key and type be set +# - (Enc_idemp) Updating encryption settings isn't idempotent +# +# ============================================================ +- name: 'Setup AWS Module Defaults' + module_defaults: + group/aws: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token | default(omit) }}' + region: '{{ aws_region }}' + kinesis_stream: + # Number of shards is mandatory when state=present + shards: 1 + + block: + # ============================================================ + # Set up some additional resources for later user + + - name: 'KMS test preperation - only run when explicitly enabled' + when: + - run_kms_tests | default(False) | bool + block: + # KMS Keys + # Note: Because we're not a producer / consumer we don't actually need + # access to the keys + - name: 'Create KMS key 1' + aws_kms: + alias: '{{ kms_cmk_alias_1 }}' + state: present + enabled: yes + register: create_kms_1 + - name: 'Create KMS key 2' + aws_kms: + alias: '{{ kms_cmk_alias_2 }}' + state: present + enabled: yes + register: create_kms_2 + - name: 'Assert that we sucessfully created our keys' + assert: + that: + - create_kms_1 is success + - create_kms_2 is success + - name: 'Store the Key IDs for later' + set_fact: + kms_cmk_id_1: '{{ create_kms_1.key_id }}' + kms_cmk_arn_1: '{{ create_kms_1.key_arn }}' + kms_cmk_id_2: '{{ create_kms_2.key_id }}' + kms_cmk_arn_2: '{{ create_kms_2.key_arn }}' + # All of the valid ways to describe the CMK + kms_cmk_1: + - '{{ create_kms_1.key_id }}' + - 'alias/{{ kms_cmk_alias_1 }}' + - '{{ create_kms_1.key_arn }}' + kms_cmk_2: + - '{{ create_kms_2.key_id }}' + - 'alias/{{ kms_cmk_alias_2 }}' + - '{{ create_kms_2.key_arn }}' + + # ============================================================ + # Basic creation + - name: 'Create a basic Kinesis stream (CHECK_MODE)' + check_mode: yes + kinesis_stream: + name: '{{ kinesis_stream_name }}' + register: result + - name: 'Assert state is changed when first creating a stream (CHECK_MODE)' + assert: + that: + - result is success + - result is changed + + - name: 'Create a basic Kinesis stream' + kinesis_stream: + name: '{{ kinesis_stream_name }}' + register: result + - name: 'Assert state is changed when first creating a stream' + assert: + that: + - result is success + - result is changed + - result.encryption_type == 'NONE' + - result.open_shards_count == 1 + - result.retention_period_hours == 24 + - result.stream_arn.startswith('arn:aws:kinesis:') + - result.stream_arn.endswith(':stream/' + kinesis_stream_name) + - result.stream_name == kinesis_stream_name + - result.stream_status == 'ACTIVE' + - result.tags == {} + + # We've run tests that the ARN matches the pattern we expect, we can just test + # it doesn't change. + - name: 'Save Stream ARN for later comparison' + set_fact: + kinesis_stream_arn: '{{ result.stream_arn }}' + + - name: 'Create a basic Kinesis stream - Idempotency (CHECK_MODE)' + check_mode: yes + kinesis_stream: + name: '{{ kinesis_stream_name }}' + register: result + - name: 'Assert state is not changed when re-running the create (CHECK_MODE)' + assert: + that: + - result is success + - result is not changed + # XXX BUG (CM) + ignore_errors: yes + + - name: 'Create a basic Kinesis stream - Idempotency' + kinesis_stream: + name: '{{ kinesis_stream_name }}' + register: result + - name: 'Assert state is not changed when re-running the create' + assert: + that: + - result is success + - result is not changed + - result.encryption_type == 'NONE' + - result.open_shards_count == 1 + - result.retention_period_hours == 24 + - result.stream_arn == kinesis_stream_arn + - result.stream_name == kinesis_stream_name + - result.stream_status == 'ACTIVE' + - result.tags == {} + + # ============================================================ + # Retention Period + # + - name: 'Increase the retention period (CHECK_MODE)' + check_mode: yes + kinesis_stream: + name: '{{ kinesis_stream_name }}' + retention_period: 72 + register: result + - name: 'Assert state is changed when changing the retention period (CHECK_MODE)' + assert: + that: + - result is success + - result is changed + + - name: 'Increase the retention period' + kinesis_stream: + name: '{{ kinesis_stream_name }}' + retention_period: 72 + register: result + - name: 'Assert state is changed when changing the retention period' + assert: + that: + - result is success + - result is changed + - result.encryption_type == 'NONE' + - result.open_shards_count == 1 + - result.retention_period_hours == 72 + - result.stream_arn == kinesis_stream_arn + - result.stream_name == kinesis_stream_name + - result.stream_status == 'ACTIVE' + - result.tags == {} + + - name: 'Increase the retention period - Idempotency (CHECK_MODE)' + check_mode: yes + kinesis_stream: + name: '{{ kinesis_stream_name }}' + retention_period: 72 + register: result + - name: 'Assert state is not changed when not changing the retention period (CHECK_MODE)' + assert: + that: + - result is success + - result is not changed + # XXX BUG (CM) + ignore_errors: yes + + - name: 'Increase the retention period - Idempotency' + kinesis_stream: + name: '{{ kinesis_stream_name }}' + retention_period: 72 + register: result + - name: 'Assert state is not changed when not changing the retention period' + assert: + that: + - result is success + - result is not changed + - result.encryption_type == 'NONE' + - result.open_shards_count == 1 + - result.retention_period_hours == 72 + - result.stream_arn == kinesis_stream_arn + - result.stream_name == kinesis_stream_name + - result.stream_status == 'ACTIVE' + - result.tags == {} + + - name: 'Decrease the retention period (CHECK_MODE)' + check_mode: yes + kinesis_stream: + name: '{{ kinesis_stream_name }}' + retention_period: 48 + register: result + - name: 'Assert state is changed when changing the retention period (CHECK_MODE)' + assert: + that: + - result is success + - result is changed + + - name: 'Decrease the retention period' + kinesis_stream: + name: '{{ kinesis_stream_name }}' + retention_period: 48 + register: result + - name: 'Assert state is changed when changing the retention period' + assert: + that: + - result is success + - result is changed + - result.encryption_type == 'NONE' + - result.open_shards_count == 1 + - result.retention_period_hours == 48 + - result.stream_arn == kinesis_stream_arn + - result.stream_name == kinesis_stream_name + - result.stream_status == 'ACTIVE' + - result.tags == {} + + - name: 'Decrease the retention period - Idempotency (CHECK_MODE)' + check_mode: yes + kinesis_stream: + name: '{{ kinesis_stream_name }}' + retention_period: 48 + register: result + - name: 'Assert state is not changed when not changing the retention period (CHECK_MODE)' + assert: + that: + - result is success + - result is not changed + # XXX BUG (CM) + ignore_errors: yes + + - name: 'Decrease the retention period - Idempotency' + kinesis_stream: + name: '{{ kinesis_stream_name }}' + retention_period: 48 + register: result + - name: 'Assert state is not changed when not changing the retention period' + assert: + that: + - result is success + - result is not changed + - result.encryption_type == 'NONE' + - result.open_shards_count == 1 + - result.retention_period_hours == 48 + + # ============================================================ + # Basic tagging + + - name: 'Set some tags (CHECK_MODE)' + check_mode: yes + kinesis_stream: + name: '{{ kinesis_stream_name }}' + tags: '{{ kinesis_stream_tags_1 }}' + register: result + - name: 'Assert state is changed when adding tags (CHECK_MODE)' + assert: + that: + - result is success + - result is changed + + - name: 'Set some tags' + kinesis_stream: + name: '{{ kinesis_stream_name }}' + tags: '{{ kinesis_stream_tags_1 }}' + register: result + - name: 'Assert state is changed when adding tags' + assert: + that: + - result is success + - result.encryption_type == 'NONE' + - result.open_shards_count == 1 + - result.retention_period_hours == 48 + - result.stream_arn == kinesis_stream_arn + - result.stream_name == kinesis_stream_name + - result.stream_status == 'ACTIVE' + - name: 'Assert tags return as expected' + assert: + that: + - result is changed + - result.tags == kinesis_stream_tags_1 + # XXX BUG (CM) + ignore_errors: yes + + - name: 'Set some tags - Idempotency (CHECK_MODE)' + check_mode: yes + kinesis_stream: + name: '{{ kinesis_stream_name }}' + tags: '{{ kinesis_stream_tags_1 }}' + register: result + - name: 'Assert state is not changed when not changing the tags (CHECK_MODE)' + assert: + that: + - result is success + - result is not changed + # XXX BUG (CM) + ignore_errors: yes + + - name: 'Set some tags - Idempotency' + kinesis_stream: + name: '{{ kinesis_stream_name }}' + tags: '{{ kinesis_stream_tags_1 }}' + register: result + - name: 'Assert state is not changed when not changing the tags' + assert: + that: + - result is success + - result is not changed + - result.encryption_type == 'NONE' + - result.open_shards_count == 1 + - result.retention_period_hours == 48 + - result.stream_arn == kinesis_stream_arn + - result.stream_name == kinesis_stream_name + - result.stream_status == 'ACTIVE' + # Merge this into the main assertion when the return values are no longer + # snake_cased + - name: 'Assert tags return as expected' + assert: + that: + - result.tags == kinesis_stream_tags_1 + # XXX BUG (Tag_snake) + ignore_errors: yes + + - name: 'Change some tags (CHECK_MODE)' + check_mode: yes + kinesis_stream: + name: '{{ kinesis_stream_name }}' + tags: '{{ kinesis_stream_tags_2 }}' + register: result + - name: 'Assert state is changed when changing tags (CHECK_MODE)' + assert: + that: + - result is success + - result is changed + + - name: 'Change some tags' + kinesis_stream: + name: '{{ kinesis_stream_name }}' + tags: '{{ kinesis_stream_tags_2 }}' + register: result + - name: 'Assert state is changed when changing tags' + assert: + that: + - result is success + - result.encryption_type == 'NONE' + - result.open_shards_count == 1 + - result.retention_period_hours == 48 + - result.stream_arn == kinesis_stream_arn + - result.stream_name == kinesis_stream_name + - result.stream_status == 'ACTIVE' + # Merge this into the main assertion when the return values are no longer + # snake_cased + - name: 'Assert tags return as expected (tags2)' + assert: + that: + - result is changed + - result.tags == kinesis_stream_tags_2 + # XXX BUG (Tag_changed) (Tag_snake) + ignore_errors: yes + + - name: 'Change some tags - Idempotency (CHECK_MODE)' + check_mode: yes + kinesis_stream: + name: '{{ kinesis_stream_name }}' + tags: '{{ kinesis_stream_tags_2 }}' + register: result + - name: 'Assert state is not changed when not changing the tags (CHECK_MODE)' + assert: + that: + - result is success + - result is not changed + # XXX BUG (CM) + ignore_errors: yes + + - name: 'Change some tags - Idempotency' + kinesis_stream: + name: '{{ kinesis_stream_name }}' + tags: '{{ kinesis_stream_tags_2 }}' + register: result + - name: 'Assert state is not changed when not changing the tags' + assert: + that: + - result is success + - result is not changed + - result.encryption_type == 'NONE' + - result.open_shards_count == 1 + - result.retention_period_hours == 48 + - result.stream_arn == kinesis_stream_arn + - result.stream_name == kinesis_stream_name + - result.stream_status == 'ACTIVE' + # Merge this into the main assertion when the return values are no longer + # snake_cased + - name: 'Assert tags return as expected (tags2)' + assert: + that: + - result.tags == kinesis_stream_tags_2 + # XXX BUG (Tag_snake) + ignore_errors: yes + + # ============================================================ + # Number of shards + # + - name: 'Change the number of shards (CHECK_MODE)' + check_mode: yes + kinesis_stream: + name: '{{ kinesis_stream_name }}' + shards: 2 + register: result + - name: 'Assert state is changed when changing the number of shards (CHECK_MODE)' + assert: + that: + - result is success + - result is changed + + - name: 'Change the number of shards' + kinesis_stream: + name: '{{ kinesis_stream_name }}' + shards: 2 + register: result + - name: 'Assert state is changed when changing the number of shards' + assert: + that: + - result is success + - result is changed + - result.encryption_type == 'NONE' + - result.open_shards_count == 2 + - result.retention_period_hours == 48 + - result.stream_arn == kinesis_stream_arn + - result.stream_name == kinesis_stream_name + - result.stream_status == 'ACTIVE' + #- result.tags == kinesis_stream_tags_2 + # Merge this into the main assertion when the tag keys are no longer + # snake_cased + - name: 'Assert tags return as expected (tags2)' + assert: + that: + - result.tags == kinesis_stream_tags_2 + # XXX BUG (Tag_snake) + ignore_errors: yes + + - name: 'Change the number of shards - Idempotency (CHECK_MODE)' + check_mode: yes + kinesis_stream: + name: '{{ kinesis_stream_name }}' + shards: 2 + register: result + - name: 'Assert state is not changed when not changing the number of shards (CHECK_MODE)' + assert: + that: + - result is success + - result is not changed + # XXX BUG (CM) + ignore_errors: yes + + - name: 'Change the number of shards - Idempotency' + kinesis_stream: + name: '{{ kinesis_stream_name }}' + shards: 2 + register: result + - name: 'Assert state is not changed when not changing the number of shards' + assert: + that: + - result is success + - result is not changed + - result.encryption_type == 'NONE' + - result.open_shards_count == 2 + - result.retention_period_hours == 48 + - result.stream_arn == kinesis_stream_arn + - result.stream_name == kinesis_stream_name + - result.stream_status == 'ACTIVE' + #- result.tags == kinesis_stream_tags_2 + # Merge this into the main assertion when the tag keys are no longer + # snake_cased + - name: 'Assert tags return as expected (tags2)' + assert: + that: + - result.tags == kinesis_stream_tags_2 + # XXX BUG (Tag_snake) + ignore_errors: yes + + # ============================================================ + # Shards has to be passed we can't test that it's not updated when we're not + # setting it. Let's reset it to the value we set in the module_defaults + + - name: 'Reset the number of shards' + kinesis_stream: + name: '{{ kinesis_stream_name }}' + register: result + - name: 'Assert the change was successful' + assert: + that: + - result is success + - result is changed + - result.open_shards_count == 1 + + # DISABLED BY DEFAULT - KMS key creation/deletion not supported in CI at this time + - name: 'KMS tests - only run when explicitly enabled' + when: + - run_kms_tests | default(False) | bool + block: + # ============================================================ + # Encryption + - name: 'Test encryption' + vars: + key_type: '{{ item.type }}' + kinesis_key: '{{ item.key }}' + kinesis_key_id: '{{ kms_cmk_id_1 }}' + kinesis_key_alias: 'alias/{{ kms_cmk_alias_1 }}' + kinesis_key_arn: '{{ kms_cmk_arn_1 }}' + include_tasks: 'test_encryption.yml' + # Loop through and test the management and idempotency when using the + # various combinations of ID, alias and ARN of a CMK + loop: + - type: 'ID' + key: '{{ kms_cmk_id_1 }}' + - type: 'Alias' + key: 'alias/{{ kms_cmk_alias_1 }}' + - type: 'ARN' + key: '{{ kms_cmk_arn_1 }}' + + - name: 'Disable encryption - Idempotency (CHECK_MODE)' + kinesis_stream: + name: '{{ kinesis_stream_name }}' + encryption_state: 'disabled' + - name: 'Assert state is not changed when encryption_state not changed (CHECK_MODE)' + ignore_errors: yes + assert: + that: + - result is success + - result is not changed + # XXX BUG (Enc_idemp) + + - name: 'Disable encryption - Idempotency' + kinesis_stream: + name: '{{ kinesis_stream_name }}' + encryption_state: 'disabled' + - name: 'Assert state is not changed when encryption_state not changed (CHECK_MODE)' + assert: + that: + - result is success + - result is not changed + # XXX BUG (Enc_idemp) + ignore_errors: yes + # Merge this into the main assertion when the main return keys are + # snake_cased + - name: 'Assert expected return values' + assert: + that: + - result.encryption_type == 'NONE' + - result.open_shards_count == 1 + - result.retention_period_hours == 48 + - result.stream_arn == kinesis_stream_arn + - result.stream_name == kinesis_stream_name + - result.stream_status == 'ACTIVE' + #- result.tags == kinesis_stream_tags_2 + # XXX BUG (Enc_snake) + ignore_errors: yes + # Merge this into the main assertion when the tag keys are no longer + # snake_cased + - name: 'Assert tags return as expected (tags2)' + assert: + that: + - result.tags == kinesis_stream_tags_2 + # XXX BUG (Tag_snake) + ignore_errors: yes + + - name: 'Enable encryption' + kinesis_stream: + name: '{{ kinesis_stream_name }}' + encryption_state: 'enabled' + encryption_type: 'KMS' + key_id: '{{ kms_cmk_id_1 }}' + - name: 'Assert that state is changed when enabling encryption' + assert: + that: + - result is success + - result is changed + + - name: 'Test encryption changed state when updating key (CHECK_MODE)' + check_mode: yes + kinesis_stream: + name: '{{ kinesis_stream_name }}' + encryption_state: 'enabled' + encryption_type: 'KMS' + key_id: '{{ kms_cmk_id_2 }}' + - name: 'Assert state is changed when stream encryption key is changed (CHECK_MODE)' + assert: + that: + - result is success + - result is changed + + - name: 'Test encryption changed state when updating key' + kinesis_stream: + name: '{{ kinesis_stream_name }}' + encryption_state: 'enabled' + encryption_type: 'KMS' + key_id: '{{ kms_cmk_id_2 }}' + - name: 'Assert state is changed when stream encryption key is changed' + assert: + that: + - result is success + - result is changed + # Merge this into the main assertion when the main return keys are + # snake_cased + - name: 'Assert expected return values' + assert: + that: + - result.encryption_type == 'KMS' + - result.key_id in kms_cmk_2 + - result.open_shards_count == 1 + - result.retention_period_hours == 48 + - result.stream_arn == kinesis_stream_arn + - result.stream_name == kinesis_stream_name + - result.stream_status == 'ACTIVE' + #- result.tags == kinesis_stream_tags_2 + # XXX BUG (Enc_snake) + ignore_errors: yes + # Merge this into the main assertion when the tag keys are no longer + # snake_cased + - name: 'Assert tags return as expected (tags2)' + assert: + that: + - result.tags == kinesis_stream_tags_2 + # XXX BUG (Tag_snake) + ignore_errors: yes + + # ============================================================ + + - name: 'Delete stream (CHECK_MODE)' + check_mode: yes + module_defaults: { kinesis_stream: {} } + kinesis_stream: + name: '{{ kinesis_stream_name }}' + state: absent + register: result + - name: 'Assert state is changed when deleting a stream (CHECK_MODE)' + assert: + that: + - result is success + - result is changed + + - name: 'Delete stream' + module_defaults: { kinesis_stream: {} } + kinesis_stream: + name: '{{ kinesis_stream_name }}' + state: absent + register: result + - name: 'Assert state is changed when deleting a stream' + assert: + that: + - result is success + - result is changed + + - name: 'Delete stream - Idempotency (CHECK_MODE)' + check_mode: yes + module_defaults: { kinesis_stream: {} } + kinesis_stream: + name: '{{ kinesis_stream_name }}' + state: absent + register: result + - name: 'Assert state is not changed when deleting a stream that was previously deleted (CHECK_MODE)' + assert: + that: + - result is success + - result is not changed + # XXX BUG (CM) + ignore_errors: yes + + - name: 'Delete stream - Idempotency' + module_defaults: { kinesis_stream: {} } + kinesis_stream: + name: '{{ kinesis_stream_name }}' + state: absent + register: result + - name: 'Assert state is not changed when deleting a stream that was previously deleted' + assert: + that: + - result is success + - result is not changed + + always: + # ============================================================ + - name: 'Ensure Kinesis stream is gone' + ignore_errors: yes + kinesis_stream: + name: '{{ kinesis_stream_name }}' + state: absent + + - name: 'KMS test preperation - only run when explicitly enabled' + when: + - run_kms_tests | default(False) | bool + block: + - name: 'Delete the KMS keys' + ignore_errors: yes + aws_kms: + state: absent + alias: '{{ item }}' + loop: + - '{{ kms_cmk_alias_1 }}' + - '{{ kms_cmk_alias_2 }}' diff --git a/tests/integration/targets/kinesis_stream/tasks/test_encryption.yml b/tests/integration/targets/kinesis_stream/tasks/test_encryption.yml new file mode 100644 index 00000000000..1ce2436930c --- /dev/null +++ b/tests/integration/targets/kinesis_stream/tasks/test_encryption.yml @@ -0,0 +1,262 @@ +--- +# Run through the different ways we can enable/change encryption +# Enable (check_mode) +# Enable +# Idempotency - compared to ID (idempotency) +# Idempotency - compared to ID +# Idempotency - compared to Alias (idempotency) +# Idempotency - compared to Alias +# Idempotency - compared to ARN (idempotency) +# Idempotency - compared to ARN +# Disable (check_mode) +# Disable +# +- name: 'Enable encryption using {{ key_type }} (CHECK_MODE)' + check_mode: yes + kinesis_stream: + name: '{{ kinesis_stream_name }}' + encryption_state: 'enabled' + encryption_type: 'KMS' + key_id: '{{ kinesis_key }}' +- name: 'Assert state is changed when enabling encryption (CHECK_MODE)' + assert: + that: + - result is success + - result is changed + +- name: 'Enable encryption using {{ key_type }}' + kinesis_stream: + name: '{{ kinesis_stream_name }}' + encryption_state: 'enabled' + encryption_type: 'KMS' + key_id: '{{ kinesis_key }}' +- name: 'Assert that state is changed when enabling encryption' + assert: + that: + - result is success + - result is changed +# Merge this into the main assertion when the main return keys are +# snake_cased +- name: 'Assert expected return values' + assert: + that: + - result.encryption_type == 'KMS' + - result.key_id in kms_cmk_1 + - result.open_shards_count == 1 + - result.retention_period_hours == 48 + - result.stream_arn == kinesis_stream_arn + - result.stream_name == kinesis_stream_name + - result.stream_status == 'ACTIVE' + #- result.tags == kinesis_stream_tags_2 + # XXX BUG (Enc_snake) + ignore_errors: yes +# Merge this into the main assertion when the tag keys are no longer +# snake_cased +- name: 'Assert tags return as expected (tags2)' + assert: + that: + - result.tags == kinesis_stream_tags_2 + # XXX BUG (Tag_snake) + ignore_errors: yes + +- name: 'Test encryption idempotency comparing {{ key_type }} and ID (CHECK_MODE)' + check_mode: yes + kinesis_stream: + name: '{{ kinesis_stream_name }}' + encryption_state: 'enabled' + encryption_type: 'KMS' + key_id: '{{ kinesis_key_id }}' +- name: 'Assert state is changed when enabling encryption (CHECK_MODE)' + assert: + that: + - result is success + - result is not changed + # XXX BUG (Enc_Idemp) + ignore_errors: yes + +- name: 'Test encryption idempotency comparing {{ key_type }} and ID' + kinesis_stream: + name: '{{ kinesis_stream_name }}' + encryption_state: 'enabled' + encryption_type: 'KMS' + key_id: '{{ kinesis_key_id }}' +- name: 'Assert that state is changed when enabling encryption' + assert: + that: + - result is success + - result is not changed + # XXX BUG (Enc_Idemp) + ignore_errors: yes +# Merge this into the main assertion when the main return keys are +# snake_cased +- name: 'Assert expected return values' + assert: + that: + - result.encryption_type == 'KMS' + - result.key_id in kms_cmk_1 + - result.open_shards_count == 1 + - result.retention_period_hours == 48 + - result.stream_arn == kinesis_stream_arn + - result.stream_name == kinesis_stream_name + - result.stream_status == 'ACTIVE' + #- result.tags == kinesis_stream_tags_2 + # XXX BUG (Enc_snake) + ignore_errors: yes +# Merge this into the main assertion when the tag keys are no longer +# snake_cased +- name: 'Assert tags return as expected (tags2)' + assert: + that: + - result.tags == kinesis_stream_tags_2 + # XXX BUG (Tag_snake) + ignore_errors: yes + + +- name: 'Test encryption idempotency comparing {{ key_type }} and Alias (CHECK_MODE)' + check_mode: yes + kinesis_stream: + name: '{{ kinesis_stream_name }}' + encryption_state: 'enabled' + encryption_type: 'KMS' + key_id: '{{ kinesis_key_alias }}' +- name: 'Assert state is changed when enabling encryption (CHECK_MODE)' + assert: + that: + - result is success + - result is not changed + # XXX BUG (Enc_Idemp) + ignore_errors: yes + +- name: 'Test encryption idempotency comparing {{ key_type }} and Alias' + kinesis_stream: + name: '{{ kinesis_stream_name }}' + encryption_state: 'enabled' + encryption_type: 'KMS' + key_id: '{{ kinesis_key_alias }}' +- name: 'Assert that state is changed when enabling encryption' + assert: + that: + - result is success + - result is not changed + # XXX BUG (Enc_Idemp) + ignore_errors: yes +# Merge this into the main assertion when the main return keys are +# snake_cased +- name: 'Assert expected return values' + assert: + that: + - result.encryption_type == 'KMS' + - result.key_id in kms_cmk_1 + - result.open_shards_count == 1 + - result.retention_period_hours == 48 + - result.stream_arn == kinesis_stream_arn + - result.stream_name == kinesis_stream_name + - result.stream_status == 'ACTIVE' + #- result.tags == kinesis_stream_tags_2 + # XXX BUG (Enc_snake) + ignore_errors: yes +# Merge this into the main assertion when the tag keys are no longer +# snake_cased +- name: 'Assert tags return as expected (tags2)' + assert: + that: + - result.tags == kinesis_stream_tags_2 + # XXX BUG (Tag_snake) + ignore_errors: yes + +- name: 'Test encryption idempotency comparing {{ key_type }} and ARN (CHECK_MODE)' + check_mode: yes + kinesis_stream: + name: '{{ kinesis_stream_name }}' + encryption_state: 'enabled' + encryption_type: 'KMS' + key_id: '{{ kinesis_key_arn }}' +- name: 'Assert state is changed when enabling encryption (CHECK_MODE)' + assert: + that: + - result is success + - result is not changed + # XXX BUG (Enc_Idemp) + ignore_errors: yes + +- name: 'Test encryption idempotency comparing {{ key_type }} and ARN' + kinesis_stream: + name: '{{ kinesis_stream_name }}' + encryption_state: 'enabled' + encryption_type: 'KMS' + key_id: '{{ kinesis_key_arn }}' +- name: 'Assert that state is changed when enabling encryption' + assert: + that: + - result is success + - result is not changed + # XXX BUG (Enc_Idemp) + ignore_errors: yes +# Merge this into the main assertion when the main return keys are +# snake_cased +- name: 'Assert expected return values' + assert: + that: + - result.encryption_type == 'KMS' + - result.key_id in kms_cmk_1 + - result.open_shards_count == 1 + - result.retention_period_hours == 48 + - result.stream_arn == kinesis_stream_arn + - result.stream_name == kinesis_stream_name + - result.stream_status == 'ACTIVE' + #- result.tags == kinesis_stream_tags_2 + # XXX BUG (Enc_snake) + ignore_errors: yes +# Merge this into the main assertion when the tag keys are no longer +# snake_cased +- name: 'Assert tags return as expected (tags2)' + assert: + that: + - result.tags == kinesis_stream_tags_2 + # XXX BUG (Tag_snake) + ignore_errors: yes + +- name: 'Disable encryption (CHECK_MODE)' + kinesis_stream: + name: '{{ kinesis_stream_name }}' + encryption_state: 'disabled' + # XXX BUG (Enc_Disable) + encryption_type: 'KMS' + # XXX Oddity of Kinesis - This needs to match the existing setting + key_id: '{{ kinesis_key_arn }}' +- name: 'Assert state is changed when disabling encryption (CHECK_MODE)' + # XXX BUG (CM) + ignore_errors: yes + assert: + that: + - result is success + - result is changed + +- name: 'Disable encryption' + kinesis_stream: + name: '{{ kinesis_stream_name }}' + encryption_state: 'disabled' + # XXX BUG (Enc_Disable) + encryption_type: 'KMS' + # XXX Oddity of Kinesis - This needs to match the existing setting + key_id: '{{ kinesis_key_arn }}' +- name: 'Assert state is not changed when disabling encryption (CHECK_MODE)' + assert: + that: + - result is success + - result is changed + - result.encryption_type == 'NONE' + - result.open_shards_count == 1 + - result.retention_period_hours == 48 + - result.stream_arn == kinesis_stream_arn + - result.stream_name == kinesis_stream_name + - result.stream_status == 'ACTIVE' + #- result.tags == kinesis_stream_tags_2 +# Merge this into the main assertion when the tag keys are no longer +# snake_cased +- name: 'Assert tags return as expected (tags2)' + assert: + that: + - result.tags == kinesis_stream_tags_2 + # XXX BUG (Tag_snake) + ignore_errors: yes