Skip to content

Commit

Permalink
Merge branch 'main' of https://github.com/chirag1603/amazon.aws into …
Browse files Browse the repository at this point in the history
…main
  • Loading branch information
Chirag Choudha committed Jun 22, 2022
2 parents e2ff278 + 1c8a770 commit 92218d3
Show file tree
Hide file tree
Showing 11 changed files with 332 additions and 10 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
cloud/aws
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
[tests]
localhost

[all:vars]
ansible_connection=local
ansible_python_interpreter="{{ ansible_playbook_python }}"
35 changes: 35 additions & 0 deletions tests/integration/targets/callback_aws_resource_actions/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
- hosts: localhost
gather_facts: no
collections:
- amazon.aws
module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
tasks:
- ec2_instance_info:
register: ec2_info

- assert:
that:
- '"resource_actions" in ec2_info'
- '"ec2:DescribeInstances" in ec2_info.resource_actions'

- aws_az_info:
register: az_info

- assert:
that:
- '"resource_actions" in az_info'
- '"ec2:DescribeAvailabilityZones" in az_info.resource_actions'

- aws_caller_info:
register: caller_info

- assert:
that:
- '"resource_actions" in caller_info'
- '"sts:GetCallerIdentity" in caller_info.resource_actions'
- '"iam:ListAccountAliases" in caller_info.resource_actions'
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
dependencies: []
19 changes: 19 additions & 0 deletions tests/integration/targets/callback_aws_resource_actions/runme.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
#!/usr/bin/env bash

set -eux

export ANSIBLE_CALLBACK_WHITELIST="aws_resource_actions"

OUTFILE="callback_aws_resource_actions.out"
trap 'rm -rvf "${OUTFILE}" "${OUTFILE}.actions"' EXIT

# Tests that the resource_actions are added to each task
ansible-playbook main.yml -i localhost "$@" | tee "${OUTFILE}"

# There should be a summary at the end of the run with the actions performed:
# AWS ACTIONS: ['ec2:DescribeAvailabilityZones', 'ec2:DescribeInstances', 'iam:ListAccountAliases', 'sts:GetCallerIdentity']
grep -E "AWS ACTIONS: \[" "${OUTFILE}" > "${OUTFILE}.actions"
for action in 'ec2:DescribeAvailabilityZones' 'ec2:DescribeInstances' 'iam:ListAccountAliases' 'sts:GetCallerIdentity'
do
grep "${action}" "${OUTFILE}.actions"
done
6 changes: 0 additions & 6 deletions tests/integration/targets/legacy_missing_tests/aliases
Original file line number Diff line number Diff line change
@@ -1,7 +1 @@
disabled

# Lookup plugins
aws_ssm

# Callback plugin
aws_resource_actions
28 changes: 24 additions & 4 deletions tests/integration/targets/lookup_aws_secret/tasks/main.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,22 @@
set_fact:
secret_name: "ansible-test-{{ tiny_prefix }}-secret"
secret_value: "{{ lookup('password', '/dev/null chars=ascii_lowercase,digits,punctuation length=16') }}"
on_missing_secret: "skip"
on_deleted_secret: "skip"
skip: "skip"
warn: "warn"

- name: lookup missing secret (skip)
set_fact:
missing_secret: "{{ lookup('amazon.aws.aws_secret', secret_name, on_missing=on_missing_secret, on_deleted=on_deleted_secret, **connection_args) }}"
missing_secret: "{{ lookup('amazon.aws.aws_secret', secret_name, on_missing=skip, **connection_args) }}"

- name: assert that missing_secret is defined
assert:
that:
- missing_secret is defined
- missing_secret | list | length == 0

- name: lookup missing secret (warn)
set_fact:
missing_secret: "{{ lookup('amazon.aws.aws_secret', secret_name, on_missing=warn, **connection_args) }}"

- name: assert that missing_secret is defined
assert:
Expand Down Expand Up @@ -70,7 +80,17 @@

- name: lookup deleted secret (skip)
set_fact:
deleted_secret: "{{ lookup('amazon.aws.aws_secret', secret_name, on_missing=on_missing_secret, on_deleted=on_deleted_secret, **connection_args) }}"
deleted_secret: "{{ lookup('amazon.aws.aws_secret', secret_name, on_deleted=skip, **connection_args) }}"

- name: assert that deleted_secret is defined
assert:
that:
- deleted_secret is defined
- deleted_secret | list | length == 0

- name: lookup deleted secret (warn)
set_fact:
deleted_secret: "{{ lookup('amazon.aws.aws_secret', secret_name, on_deleted=warn, **connection_args) }}"

- name: assert that deleted_secret is defined
assert:
Expand Down
1 change: 1 addition & 0 deletions tests/integration/targets/lookup_aws_ssm/aliases
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
cloud/aws
2 changes: 2 additions & 0 deletions tests/integration/targets/lookup_aws_ssm/defaults/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
---
ssm_key_prefix: '{{ resource_prefix }}'
1 change: 1 addition & 0 deletions tests/integration/targets/lookup_aws_ssm/meta/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
dependencies: []
242 changes: 242 additions & 0 deletions tests/integration/targets/lookup_aws_ssm/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,242 @@
---
- set_fact:
# As a lookup plugin we don't have access to module_defaults
connection_args:
region: "{{ aws_region }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
aws_security_token: "{{ security_token | default(omit) }}"
no_log: True

- name: 'aws_ssm lookup plugin integration tests'
collections:
- amazon.aws
module_defaults:
group/aws:
aws_access_key: '{{ aws_access_key }}'
aws_secret_key: '{{ aws_secret_key }}'
security_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
vars:
skip: 'skip'
warn: 'warn'
simple_name: '/{{ ssm_key_prefix }}/Simple'
simple_description: 'This is a simple example'
simple_value: 'A simple VALue'
path_name: '/{{ ssm_key_prefix }}/path'
path_name_a: '{{ path_name }}/key_one'
path_shortname_a: 'key_one'
path_name_b: '{{ path_name }}/keyTwo'
path_shortname_b: 'keyTwo'
path_name_c: '{{ path_name }}/Nested/Key'
path_shortname_c: 'Key'
path_description: 'This is somewhere to store a set of keys'
path_value_a: 'value_one'
path_value_b: 'valueTwo'
path_value_c: 'Value Three'
missing_name: '{{ path_name }}/IDoNotExist'
block:

# ============================================================
# Simple key/value
- name: lookup a missing key (error)
set_fact:
lookup_value: "{{ lookup('amazon.aws.aws_ssm', simple_name, **connection_args) }}"
ignore_errors: true
register: lookup_missing
- assert:
that:
- lookup_missing is failed

- name: lookup a missing key (warn)
set_fact:
lookup_value: "{{ lookup('amazon.aws.aws_ssm', simple_name, on_missing=warn, **connection_args) }}"
register: lookup_missing
- assert:
that:
- lookup_value | list | length == 0

- name: lookup a single missing key (skip)
set_fact:
lookup_value: "{{ lookup('amazon.aws.aws_ssm', simple_name, on_missing=skip, **connection_args) }}"
register: lookup_missing
- assert:
that:
- lookup_value | list | length == 0

- name: Create key/value pair in aws parameter store
aws_ssm_parameter_store:
name: '{{ simple_name }}'
description: '{{ simple_description }}'
value: '{{ simple_value }}'

- name: Lookup a single key
set_fact:
lookup_value: "{{ lookup('amazon.aws.aws_ssm', simple_name, **connection_args) }}"
- assert:
that:
- lookup_value == simple_value

# ============================================================

- name: Create nested key/value pair in aws parameter store (1)
aws_ssm_parameter_store:
name: '{{ path_name_a }}'
description: '{{ path_description }}'
value: '{{ path_value_a }}'

- name: Create nested key/value pair in aws parameter store (2)
aws_ssm_parameter_store:
name: '{{ path_name_b }}'
description: '{{ path_description }}'
value: '{{ path_value_b }}'

- name: Create nested key/value pair in aws parameter store (3)
aws_ssm_parameter_store:
name: '{{ path_name_c }}'
description: '{{ path_description }}'
value: '{{ path_value_c }}'

# ============================================================
- name: Lookup a keys using bypath
set_fact:
lookup_value: "{{ lookup('amazon.aws.aws_ssm', path_name, bypath=True, wantlist=True, **connection_args ) | first }}"
- assert:
that:
- path_name_a in lookup_value
- lookup_value[path_name_a] == path_value_a
- path_name_b in lookup_value
- lookup_value[path_name_b] == path_value_b
- lookup_value | length == 2

- name: Lookup a keys using bypath and recursive
set_fact:
lookup_value: "{{ lookup('amazon.aws.aws_ssm', path_name, bypath=True, recursive=True, wantlist=True, **connection_args ) | first }}"
- assert:
that:
- path_name_a in lookup_value
- lookup_value[path_name_a] == path_value_a
- path_name_b in lookup_value
- lookup_value[path_name_b] == path_value_b
- path_name_c in lookup_value
- lookup_value[path_name_c] == path_value_c
- lookup_value | length == 3

- name: Lookup a keys using bypath and shortname
set_fact:
lookup_value: "{{ lookup('amazon.aws.aws_ssm', path_name, bypath=True, shortnames=True, wantlist=True, **connection_args ) | first }}"
- assert:
that:
- path_shortname_a in lookup_value
- lookup_value[path_shortname_a] == path_value_a
- path_shortname_b in lookup_value
- lookup_value[path_shortname_b] == path_value_b
- lookup_value | length == 2

- name: Lookup a keys using bypath and recursive and shortname
set_fact:
lookup_value: "{{ lookup('amazon.aws.aws_ssm', path_name, bypath=True, recursive=True, shortnames=True, wantlist=True, **connection_args ) | first }}"
- assert:
that:
- path_shortname_a in lookup_value
- lookup_value[path_shortname_a] == path_value_a
- path_shortname_b in lookup_value
- lookup_value[path_shortname_b] == path_value_b
- path_shortname_c in lookup_value
- lookup_value[path_shortname_c] == path_value_c
- lookup_value | length == 3

# ============================================================

- name: Explicitly lookup two keys
set_fact:
lookup_value: "{{ lookup('amazon.aws.aws_ssm', simple_name, path_name_a, wantlist=True, **connection_args) }}"
- assert:
that:
- lookup_value | list | length == 2
- lookup_value[0] == simple_value
- lookup_value[1] == path_value_a

###

- name: Explicitly lookup two keys - one missing
set_fact:
lookup_value: "{{ lookup('amazon.aws.aws_ssm', simple_name, missing_name, wantlist=True, **connection_args) }}"
ignore_errors: True
register: lookup_missing
- assert:
that:
- lookup_missing is failed

- name: Explicitly lookup two keys - one missing (skip)
set_fact:
lookup_value: "{{ lookup('amazon.aws.aws_ssm', simple_name, missing_name, on_missing=skip, wantlist=True, **connection_args) }}"
- assert:
that:
- lookup_value | list | length == 2
- lookup_value[0] == simple_value
- lookup_value | bool == False

###

- name: Explicitly lookup two paths - one missing
set_fact:
lookup_value: "{{ lookup('amazon.aws.aws_ssm', path_name, missing_name, bypath=True, wantlist=True, **connection_args) }}"
ignore_errors: True
register: lookup_missing
- assert:
that:
- lookup_missing is failed

- name: Explicitly lookup two paths - one missing (skip)
set_fact:
lookup_value: "{{ lookup('amazon.aws.aws_ssm', path_name, missing_name, on_missing=skip, bypath=True, wantlist=True, **connection_args) }}"
- assert:
that:
- lookup_value | list | length == 2
- lookup_value[1] | bool == False
- path_name_a in lookup_value[0]
- lookup_value[0][path_name_a] == path_value_a
- path_name_b in lookup_value[0]
- lookup_value[0][path_name_b] == path_value_b
- lookup_value[0] | length == 2

###

- name: Explicitly lookup two paths with recurse - one missing
set_fact:
lookup_value: "{{ lookup('amazon.aws.aws_ssm', path_name, missing_name, bypath=True, recursive=True, wantlist=True, **connection_args) }}"
ignore_errors: True
register: lookup_missing
- assert:
that:
- lookup_missing is failed

- name: Explicitly lookup two paths with recurse - one missing (skip)
set_fact:
lookup_value: "{{ lookup('amazon.aws.aws_ssm', path_name, missing_name, on_missing=skip, bypath=True, recursive=True, wantlist=True, **connection_args) }}"
- assert:
that:
- lookup_value | list | length == 2
- lookup_value[1] | bool == False
- path_name_a in lookup_value[0]
- lookup_value[0][path_name_a] == path_value_a
- path_name_b in lookup_value[0]
- lookup_value[0][path_name_b] == path_value_b
- path_name_c in lookup_value[0]
- lookup_value[0][path_name_c] == path_value_c
- lookup_value[0] | length == 3

always:
# ============================================================
- name: Delete remaining key/value pairs in aws parameter store
aws_ssm_parameter_store:
name: "{{item}}"
state: absent
ignore_errors: True
with_items:
- '{{ path_name_c }}'
- '{{ path_name_b }}'
- '{{ path_name_c }}'
- '{{ path_name }}'
- '{{ simple_name }}'

0 comments on commit 92218d3

Please sign in to comment.