diff --git a/changelogs/fragments/20221013-reenable-ec2_vpc_endpoint-tests.yml b/changelogs/fragments/20221013-reenable-ec2_vpc_endpoint-tests.yml new file mode 100644 index 00000000000..93b7d341392 --- /dev/null +++ b/changelogs/fragments/20221013-reenable-ec2_vpc_endpoint-tests.yml @@ -0,0 +1,2 @@ +trivial: +- ec2_vpc_endpoint - Re-enable ec2_vpc_endpoint tests diff --git a/tests/integration/targets/ec2_vpc_endpoint/aliases b/tests/integration/targets/ec2_vpc_endpoint/aliases index 506820fc14b..1689113f1c5 100644 --- a/tests/integration/targets/ec2_vpc_endpoint/aliases +++ b/tests/integration/targets/ec2_vpc_endpoint/aliases @@ -1,3 +1,5 @@ +time=7m + cloud/aws -disabled + ec2_vpc_endpoint_info diff --git a/tests/integration/targets/ec2_vpc_endpoint/meta/main.yml b/tests/integration/targets/ec2_vpc_endpoint/meta/main.yml index 32cf5dda7ed..f5eb8a097a5 100644 --- a/tests/integration/targets/ec2_vpc_endpoint/meta/main.yml +++ b/tests/integration/targets/ec2_vpc_endpoint/meta/main.yml @@ -1 +1,2 @@ -dependencies: [] +dependencies: +- role: setup_ec2_vpc diff --git a/tests/integration/targets/ec2_vpc_endpoint/tasks/main.yml b/tests/integration/targets/ec2_vpc_endpoint/tasks/main.yml index 514912d3ae7..2120fc97f3c 100644 --- a/tests/integration/targets/ec2_vpc_endpoint/tasks/main.yml +++ b/tests/integration/targets/ec2_vpc_endpoint/tasks/main.yml @@ -643,6 +643,7 @@ service: '{{ endpoint_service_a }}' route_table_ids: - '{{ rtb_igw_id }}' + purge_tags: false tags: new_tag: ANewTag register: add_tag_vpc_endpoint @@ -767,7 +768,7 @@ name: securitygroup-prodext description: "security group for Ansible interface endpoint" state: present - vpc_id: "{{ vpc.vpc.id }}" + vpc_id: "{{ vpc_id }}" rules: - proto: tcp from_port: 1 @@ -779,10 +780,11 @@ ec2_vpc_endpoint: state: present vpc_id: '{{ vpc_id }}' - service: '{{ endpoint_service_a }}' + service: '{{ endpoint_service_b }}' vpc_endpoint_type: Interface - vpc_endpoint_subnets: "{{ interface_endpoint_create_subnet_check.subnet.id') }}" + vpc_endpoint_subnets: "{{ interface_endpoint_create_subnet_check.subnet.id }}" vpc_endpoint_security_groups: "{{ interface_endpoint_create_sg_check.group_id }}" + wait: true register: create_interface_endpoint_with_sg_subnets - name: Check that the interface endpoint was created properly assert: @@ -794,6 +796,7 @@ ec2_vpc_endpoint: state: absent vpc_endpoint_id: "{{ create_interface_endpoint_with_sg_subnets.result.vpc_endpoint_id }}" + wait: true register: create_interface_endpoint_with_sg_subnets_delete_check - assert: that: @@ -802,62 +805,30 @@ # ============================================================ # BEGIN POST-TEST CLEANUP always: - # Delete the routes first - you can't delete an endpoint with a route - # attached. - - name: Delete minimal route table (no routes) - ec2_vpc_route_table: - state: absent - lookup: id - route_table_id: '{{ rtb_creation_empty.route_table.id }}' - ignore_errors: true - - - name: Delete minimal route table (IGW route) - ec2_vpc_route_table: - state: absent - lookup: id - route_table_id: '{{ rtb_creation_igw.route_table.id }}' - ignore_errors: true - - - name: Delete endpoint - ec2_vpc_endpoint: - state: absent - vpc_endpoint_id: '{{ create_endpoint.result.vpc_endpoint_id }}' - ignore_errors: true - - - name: Delete endpoint - ec2_vpc_endpoint: - state: absent - vpc_endpoint_id: '{{ create_rtb_endpoint.result.vpc_endpoint_id }}' - ignore_errors: true - - - name: Query any remain endpoints we created (idempotency work is ongoing) # FIXME + - name: Query any remain endpoints we created ec2_vpc_endpoint_info: query: endpoints filters: vpc-id: - '{{ vpc_id }}' - register: test_endpoints + register: remaining_endpoints - name: Delete all endpoints ec2_vpc_endpoint: state: absent vpc_endpoint_id: '{{ item.vpc_endpoint_id }}' - with_items: '{{ test_endpoints.vpc_endpoints }}' - ignore_errors: true - - - name: Remove IGW - ec2_vpc_igw: - state: absent - vpc_id: '{{ vpc_id }}' - register: igw_deletion - retries: 10 - delay: 5 - until: igw_deletion is success - ignore_errors: yes - - - name: Remove VPC - ec2_vpc_net: - state: absent - name: '{{ vpc_name }}' - cidr_block: '{{ vpc_cidr }}' + wait: true + loop: '{{ remaining_endpoints.vpc_endpoints }}' ignore_errors: true + register: endpoints_removed + until: + - endpoints_removed is not failed + - endpoints_removed is not changed + retries: 20 + delay: 10 + + - include_role: + name: 'setup_ec2_vpc' + tasks_from: 'cleanup.yml' + vars: + vpc_id: '{{ vpc_creation.vpc.id }}' diff --git a/tests/integration/targets/setup_ec2_vpc/aliases b/tests/integration/targets/setup_ec2_vpc/aliases new file mode 100644 index 00000000000..7a68b11da8b --- /dev/null +++ b/tests/integration/targets/setup_ec2_vpc/aliases @@ -0,0 +1 @@ +disabled diff --git a/tests/integration/targets/setup_ec2_vpc/defaults/main.yml b/tests/integration/targets/setup_ec2_vpc/defaults/main.yml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/tests/integration/targets/setup_ec2_vpc/meta/main.yml b/tests/integration/targets/setup_ec2_vpc/meta/main.yml new file mode 100644 index 00000000000..32cf5dda7ed --- /dev/null +++ b/tests/integration/targets/setup_ec2_vpc/meta/main.yml @@ -0,0 +1 @@ +dependencies: [] diff --git a/tests/integration/targets/setup_ec2_vpc/tasks/cleanup.yml b/tests/integration/targets/setup_ec2_vpc/tasks/cleanup.yml new file mode 100644 index 00000000000..e7fea53112f --- /dev/null +++ b/tests/integration/targets/setup_ec2_vpc/tasks/cleanup.yml @@ -0,0 +1,126 @@ +# ============================================================ +- name: Run all tests + module_defaults: + group/aws: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token | default(omit)}}' + region: '{{ aws_region }}' + block: + + # ============================================================ + # Describe state of remaining resources + + - name: '(VPC Cleanup) Find all remaining ENIs' + ec2_eni_info: + filters: + vpc-id: '{{ vpc_id }}' + register: remaining_enis + + - name: '(VPC Cleanup) Retrieve security group info based on VPC ID' + ec2_group_info: + filters: + vpc-id: '{{ vpc_id }}' + register: remaining_groups + + - name: '(VPC Cleanup) Retrieve subnet info based on VPC ID' + ec2_vpc_subnet_info: + filters: + vpc-id: '{{ vpc_id }}' + register: remaining_subnets + + - name: '(VPC Cleanup) Retrieve route table info based on VPC ID' + ec2_vpc_route_table_info: + filters: + vpc-id: '{{ vpc_id }}' + register: remaining_rtbs + + - name: '(VPC Cleanup) Retrieve VPC info based on VPC ID' + ec2_vpc_net_info: + vpc_ids: + - '{{ vpc_id }}' + register: remaining_vpc + + # ============================================================ + + - name: '(Cleanup) Delete all ENIs' + ec2_eni: + state: absent + eni_id: '{{ item.id }}' + register: eni_removed + until: eni_removed is not failed + loop: '{{ remaining_enis.network_interfaces }}' + ignore_errors: yes + retries: 10 + + # ============================================================ + # Delete all remaining SGs + + # Cross-dependencies between rules in the SGs can cause us problems if we don't clear the rules + # first + - name: '(VPC Cleanup) Delete rules from remaining SGs' + ec2_group: + name: '{{ item.group_name }}' + group_id: '{{ item.group_id }}' + description: '{{ item.description }}' + rules: [] + rules_egress: [] + loop: '{{ remaining_groups.security_groups }}' + ignore_errors: yes + + - name: '(VPC Cleanup) Delete remaining SGs' + ec2_group: + state: absent + group_id: '{{ item.group_id }}' + loop: '{{ remaining_groups.security_groups }}' + ignore_errors: yes + + # ============================================================ + + - name: '(VPC Cleanup) Delete remaining subnets' + ec2_vpc_subnet: + state: absent + vpc_id: '{{ vpc_id }}' + cidr: '{{ item.cidr_block }}' + register: subnets_removed + loop: '{{ remaining_subnets.subnets }}' + until: subnets_removed is not failed + when: + - item.name != 'default' + ignore_errors: yes + retries: 10 + + # ============================================================ + + - name: '(VPC Cleanup) Delete IGW' + ec2_vpc_igw: + state: absent + vpc_id: '{{ vpc_id }}' + register: igw_deletion + retries: 10 + delay: 5 + until: igw_deletion is success + ignore_errors: yes + + # ============================================================ + + - name: '(VPC Cleanup) Delete remaining route tables' + ec2_vpc_route_table: + state: absent + vpc_id: '{{ vpc_id }}' + route_table_id: '{{ item.id }}' + lookup: 'id' + register: rtbs_removed + loop: '{{ remaining_rtbs.route_tables }}' + ignore_errors: yes + + # ============================================================ + + - name: '(VPC Cleanup) Remove the VPC' + ec2_vpc_net: + state: absent + vpc_id: '{{ vpc_id }}' + register: vpc_removed + until: vpc_removed is not failed + ignore_errors: yes + retries: 10 diff --git a/tests/integration/targets/setup_ec2_vpc/tasks/main.yml b/tests/integration/targets/setup_ec2_vpc/tasks/main.yml new file mode 100644 index 00000000000..eae6be27bed --- /dev/null +++ b/tests/integration/targets/setup_ec2_vpc/tasks/main.yml @@ -0,0 +1,2 @@ +- debug: + msg: 'VPC Cleanup module loaded'