Skip to content

Commit

Permalink
Move tests to using module_defaults (ansible-collections#368)
Browse files Browse the repository at this point in the history 
* Bulk migration to module_defaults
* Tests for missing creds/region
* Move dms_identifier and dms_sg_identifier into defaults
  • Loading branch information
@tremble
tremble authored Feb 10, 2021
1 parent 334db21 commit 365b6ef
Show file tree
Hide file tree
Showing 69 changed files with 1,417 additions and 2,605 deletions.
26 changes: 7 additions & 19 deletions tests/integration/targets/aws_codebuild/tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,31 +1,23 @@
---
# tasks file for aws_codebuild

- name: Run aws_codebuild integration tests.

- name: 'aws_codebuild integration tests'
collections:
- amazon.aws

module_defaults:
group/aws:
aws_access_key: '{{ aws_access_key }}'
aws_secret_key: '{{ aws_secret_key }}'
security_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:

# ==================== preparations ========================================

- name: set connection information for all tasks
set_fact:
aws_connection_info: &aws_connection_info
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token }}"
region: "{{ aws_region }}"
no_log: yes

- name: create IAM role needed for CodeBuild
iam_role:
name: "{{ iam_role_name }}"
description: Role with permissions for CodeBuild actions.
assume_role_policy_document: "{{ lookup('file', 'codebuild_iam_trust_policy.json') }}"
state: present
<<: *aws_connection_info
register: codebuild_iam_role

- name: Set variable with aws account id
Expand Down Expand Up @@ -58,7 +50,6 @@
tags:
- { key: 'purpose', value: 'ansible-test' }
state: present
<<: *aws_connection_info
register: output
retries: 10
delay: 5
Expand Down Expand Up @@ -93,7 +84,6 @@
tags:
- { key: 'purpose', value: 'ansible-test' }
state: present
<<: *aws_connection_info
register: rerun_test_output

- assert:
Expand All @@ -108,7 +98,6 @@
buildspec: ''
artifacts: {}
state: absent
<<: *aws_connection_info
async: 300

# ============================== cleanup ======================================
Expand All @@ -119,4 +108,3 @@
iam_role:
name: "{{ iam_role_name }}"
state: absent
<<: *aws_connection_info
28 changes: 9 additions & 19 deletions tests/integration/targets/aws_codepipeline/tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,28 +1,23 @@
---
# tasks file for aws_codepipeline

- name: Run aws_codebuild module integration tests

- name: 'aws_codebuild integration tests'
collections:
- amazon.aws
module_defaults:
group/aws:
aws_access_key: '{{ aws_access_key }}'
aws_secret_key: '{{ aws_secret_key }}'
security_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:

# ==================== preparaions ========================================

- name: set connection information for all tasks
set_fact:
aws_connection_info: &aws_connection_info
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token }}"
region: "{{ aws_region }}"
no_log: yes

- name: create IAM role needed for CodePipeline test
iam_role:
name: "{{ codepipeline_service_role_name }}"
description: Role with permissions for CodePipeline actions.
assume_role_policy_document: "{{ lookup('file', 'codepipeline_iam_trust_policy.json') }}"
state: present
<<: *aws_connection_info
register: codepipeline_iam_role

# ================== integration test ==========================================
Expand Down Expand Up @@ -63,7 +58,6 @@
configuration:
ProjectName: foo
state: present
<<: *aws_connection_info
register: output
retries: 10
delay: 5
Expand Down Expand Up @@ -111,7 +105,6 @@
configuration:
ProjectName: foo
state: present
<<: *aws_connection_info
register: rerun_test_output

- assert:
Expand All @@ -126,7 +119,6 @@
artifact_store: {}
stages: []
state: absent
<<: *aws_connection_info
register: absent_test_output

- assert:
Expand All @@ -145,12 +137,10 @@
artifact_store: {}
stages: []
state: absent
<<: *aws_connection_info
ignore_errors: true

- name: Cleanup - delete IAM role needed for CodePipeline test
iam_role:
name: "{{ codepipeline_name }}"
state: absent
<<: *aws_connection_info
ignore_errors: true
47 changes: 10 additions & 37 deletions tests/integration/targets/aws_config/tasks/main.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,21 +1,21 @@
---
- block:
- name: 'aws_config integration tests'
collections:
- amazon.aws
module_defaults:
group/aws:
aws_access_key: '{{ aws_access_key }}'
aws_secret_key: '{{ aws_secret_key }}'
security_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:

# ============================================================
# Prerequisites
# ============================================================
- name: set connection information for all tasks
set_fact:
aws_connection_info: &aws_connection_info
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token }}"
region: "{{ aws_region }}"
no_log: true

- name: ensure IAM role exists
iam_role:
<<: *aws_connection_info
name: '{{ config_role_name }}'
assume_role_policy_document: "{{ lookup('file','config-trust-policy.json') }}"
state: present
Expand All @@ -26,7 +26,6 @@

- name: ensure SNS topic exists
sns_topic:
<<: *aws_connection_info
name: '{{ config_sns_name }}'
state: present
subscriptions:
Expand All @@ -36,12 +35,10 @@

- name: ensure S3 bucket exists
s3_bucket:
<<: *aws_connection_info
name: "{{ config_s3_bucket }}"

- name: ensure S3 access for IAM role
iam_policy:
<<: *aws_connection_info
iam_type: role
iam_name: '{{ config_role_name }}'
policy_name: AwsConfigRecorderTestRoleS3Policy
Expand All @@ -53,7 +50,6 @@
# ============================================================
- name: test rule with no source parameter
aws_config_rule:
<<: *aws_connection_info
name: random_name
state: present
register: output
Expand All @@ -67,7 +63,6 @@

- name: test resource_type delivery_channel with no s3_bucket parameter
aws_config_delivery_channel:
<<: *aws_connection_info
name: random_name
state: present
register: output
Expand All @@ -81,7 +76,6 @@

- name: test resource_type configuration_recorder with no role_arn parameter
aws_config_recorder:
<<: *aws_connection_info
name: random_name
state: present
register: output
Expand All @@ -95,7 +89,6 @@

- name: test resource_type configuration_recorder with no recording_group parameter
aws_config_recorder:
<<: *aws_connection_info
name: random_name
state: present
role_arn: 'arn:aws:iam::123456789012:role/AwsConfigRecorder'
Expand All @@ -111,7 +104,6 @@
- name: test resource_type aggregation_authorization with no authorized_account_id parameter
aws_config_aggregation_authorization:
state: present
<<: *aws_connection_info
register: output
ignore_errors: true

Expand All @@ -123,7 +115,6 @@

- name: test resource_type aggregation_authorization with no authorized_aws_region parameter
aws_config_aggregation_authorization:
<<: *aws_connection_info
state: present
authorized_account_id: '123456789012'
register: output
Expand All @@ -137,7 +128,6 @@

- name: test resource_type configuration_aggregator with no account_sources parameter
aws_config_aggregator:
<<: *aws_connection_info
name: random_name
state: present
register: output
Expand All @@ -151,7 +141,6 @@

- name: test resource_type configuration_aggregator with no organization_source parameter
aws_config_aggregator:
<<: *aws_connection_info
name: random_name
state: present
account_sources: []
Expand All @@ -169,7 +158,6 @@
# ============================================================
- name: Create Configuration Recorder for AWS Config
aws_config_recorder:
<<: *aws_connection_info
name: test_configuration_recorder
state: present
role_arn: "{{ config_iam_role.arn }}"
Expand All @@ -184,7 +172,6 @@

- name: Create Delivery Channel for AWS Config
aws_config_delivery_channel:
<<: *aws_connection_info
name: test_delivery_channel
state: present
s3_bucket: "{{ config_s3_bucket }}"
Expand All @@ -199,7 +186,6 @@

- name: Create Config Rule for AWS Config
aws_config_rule:
<<: *aws_connection_info
name: test_config_rule
state: present
description: 'This AWS Config rule checks for public write access on S3 buckets'
Expand All @@ -220,7 +206,6 @@
# ============================================================
- name: Update Configuration Recorder
aws_config_recorder:
<<: *aws_connection_info
name: test_configuration_recorder
state: present
role_arn: "{{ config_iam_role.arn }}"
Expand All @@ -237,7 +222,6 @@

- name: Update Delivery Channel
aws_config_delivery_channel:
<<: *aws_connection_info
name: test_delivery_channel
state: present
s3_bucket: "{{ config_s3_bucket }}"
Expand All @@ -251,7 +235,6 @@

- name: Update Config Rule
aws_config_rule:
<<: *aws_connection_info
name: test_config_rule
state: present
description: 'This AWS Config rule checks for public write access on S3 buckets'
Expand All @@ -272,7 +255,6 @@
# ============================================================
- name: Don't update Configuration Recorder
aws_config_recorder:
<<: *aws_connection_info
name: test_configuration_recorder
state: present
role_arn: "{{ config_iam_role.arn }}"
Expand All @@ -289,7 +271,6 @@

- name: Don't update Delivery Channel
aws_config_delivery_channel:
<<: *aws_connection_info
name: test_delivery_channel
state: present
s3_bucket: "{{ config_s3_bucket }}"
Expand All @@ -303,7 +284,6 @@

- name: Don't update Config Rule
aws_config_rule:
<<: *aws_connection_info
name: test_config_rule
state: present
description: 'This AWS Config rule checks for public write access on S3 buckets'
Expand All @@ -325,7 +305,6 @@
# ============================================================
- name: Destroy Configuration Recorder
aws_config_recorder:
<<: *aws_connection_info
name: test_configuration_recorder
state: absent
register: output
Expand All @@ -337,7 +316,6 @@

- name: Destroy Delivery Channel
aws_config_delivery_channel:
<<: *aws_connection_info
name: test_delivery_channel
state: absent
s3_bucket: "{{ config_s3_bucket }}"
Expand All @@ -352,7 +330,6 @@

- name: Destroy Config Rule
aws_config_rule:
<<: *aws_connection_info
name: test_config_rule
state: absent
description: 'This AWS Config rule checks for public write access on S3 buckets'
Expand All @@ -374,7 +351,6 @@
# ============================================================
- name: remove S3 access from IAM role
iam_policy:
<<: *aws_connection_info
iam_type: role
iam_name: '{{ config_role_name }}'
policy_name: AwsConfigRecorderTestRoleS3Policy
Expand All @@ -384,21 +360,18 @@

- name: remove IAM role
iam_role:
<<: *aws_connection_info
name: '{{ config_role_name }}'
state: absent
ignore_errors: yes

- name: remove SNS topic
sns_topic:
<<: *aws_connection_info
name: '{{ config_sns_name }}'
state: absent
ignore_errors: yes

- name: remove S3 bucket
s3_bucket:
<<: *aws_connection_info
name: "{{ config_s3_bucket }}"
state: absent
force: yes
Expand Down
Loading

0 comments on commit 365b6ef

Please sign in to comment.