From 3a7f74b43551d525ddf903f6d2a2c0641918220b Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Fri, 17 Jun 2022 12:00:29 +0200 Subject: [PATCH 1/2] Add integration tests for aws_resource_actions (#876) Add integration tests for aws_resource_actions SUMMARY Add some minimal integration tests for the aws_resource_actions callback plugin. ISSUE TYPE Feature Pull Request COMPONENT NAME plugins/callback/aws_resource_actions.py ADDITIONAL INFORMATION Combined with #873 we've got a full set... Reviewed-by: Alina Buzachis --- .../callback_aws_resource_actions/aliases | 1 + .../callback_aws_resource_actions/inventory | 6 ++++ .../callback_aws_resource_actions/main.yml | 35 +++++++++++++++++++ .../meta/main.yml | 1 + .../callback_aws_resource_actions/runme.sh | 19 ++++++++++ .../targets/legacy_missing_tests/aliases | 3 -- 6 files changed, 62 insertions(+), 3 deletions(-) create mode 100644 tests/integration/targets/callback_aws_resource_actions/aliases create mode 100644 tests/integration/targets/callback_aws_resource_actions/inventory create mode 100644 tests/integration/targets/callback_aws_resource_actions/main.yml create mode 100644 tests/integration/targets/callback_aws_resource_actions/meta/main.yml create mode 100755 tests/integration/targets/callback_aws_resource_actions/runme.sh diff --git a/tests/integration/targets/callback_aws_resource_actions/aliases b/tests/integration/targets/callback_aws_resource_actions/aliases new file mode 100644 index 00000000000..4ef4b2067d0 --- /dev/null +++ b/tests/integration/targets/callback_aws_resource_actions/aliases @@ -0,0 +1 @@ +cloud/aws diff --git a/tests/integration/targets/callback_aws_resource_actions/inventory b/tests/integration/targets/callback_aws_resource_actions/inventory new file mode 100644 index 00000000000..5093e8582bc --- /dev/null +++ b/tests/integration/targets/callback_aws_resource_actions/inventory @@ -0,0 +1,6 @@ +[tests] +localhost + +[all:vars] +ansible_connection=local +ansible_python_interpreter="{{ ansible_playbook_python }}" diff --git a/tests/integration/targets/callback_aws_resource_actions/main.yml b/tests/integration/targets/callback_aws_resource_actions/main.yml new file mode 100644 index 00000000000..b3c3fa155c4 --- /dev/null +++ b/tests/integration/targets/callback_aws_resource_actions/main.yml @@ -0,0 +1,35 @@ +- hosts: localhost + gather_facts: no + collections: + - amazon.aws + module_defaults: + group/aws: + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + security_token: "{{ security_token | default(omit) }}" + region: "{{ aws_region }}" + tasks: + - ec2_instance_info: + register: ec2_info + + - assert: + that: + - '"resource_actions" in ec2_info' + - '"ec2:DescribeInstances" in ec2_info.resource_actions' + + - aws_az_info: + register: az_info + + - assert: + that: + - '"resource_actions" in az_info' + - '"ec2:DescribeAvailabilityZones" in az_info.resource_actions' + + - aws_caller_info: + register: caller_info + + - assert: + that: + - '"resource_actions" in caller_info' + - '"sts:GetCallerIdentity" in caller_info.resource_actions' + - '"iam:ListAccountAliases" in caller_info.resource_actions' diff --git a/tests/integration/targets/callback_aws_resource_actions/meta/main.yml b/tests/integration/targets/callback_aws_resource_actions/meta/main.yml new file mode 100644 index 00000000000..32cf5dda7ed --- /dev/null +++ b/tests/integration/targets/callback_aws_resource_actions/meta/main.yml @@ -0,0 +1 @@ +dependencies: [] diff --git a/tests/integration/targets/callback_aws_resource_actions/runme.sh b/tests/integration/targets/callback_aws_resource_actions/runme.sh new file mode 100755 index 00000000000..a2c41e1f57f --- /dev/null +++ b/tests/integration/targets/callback_aws_resource_actions/runme.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash + +set -eux + +export ANSIBLE_CALLBACK_WHITELIST="aws_resource_actions" + +OUTFILE="callback_aws_resource_actions.out" +trap 'rm -rvf "${OUTFILE}" "${OUTFILE}.actions"' EXIT + +# Tests that the resource_actions are added to each task +ansible-playbook main.yml -i localhost "$@" | tee "${OUTFILE}" + +# There should be a summary at the end of the run with the actions performed: +# AWS ACTIONS: ['ec2:DescribeAvailabilityZones', 'ec2:DescribeInstances', 'iam:ListAccountAliases', 'sts:GetCallerIdentity'] +grep -E "AWS ACTIONS: \[" "${OUTFILE}" > "${OUTFILE}.actions" +for action in 'ec2:DescribeAvailabilityZones' 'ec2:DescribeInstances' 'iam:ListAccountAliases' 'sts:GetCallerIdentity' +do + grep "${action}" "${OUTFILE}.actions" +done diff --git a/tests/integration/targets/legacy_missing_tests/aliases b/tests/integration/targets/legacy_missing_tests/aliases index 02e88264bfa..062390abc10 100644 --- a/tests/integration/targets/legacy_missing_tests/aliases +++ b/tests/integration/targets/legacy_missing_tests/aliases @@ -2,6 +2,3 @@ disabled # Lookup plugins aws_ssm - -# Callback plugin -aws_resource_actions From 31e6c5aa1d534998f53c4827bbb573be5aa330df Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Fri, 17 Jun 2022 14:08:12 +0200 Subject: [PATCH 2/2] Add Integration tests for lookup_aws_ssm (#873) Add Integration tests for lookup_aws_ssm SUMMARY Loosely based on the (disabled) aws_ssm_parameter_store tests ISSUE TYPE Feature Pull Request COMPONENT NAME plugins/lookup/aws_ssm.py ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis --- .../targets/legacy_missing_tests/aliases | 3 - .../targets/lookup_aws_secret/tasks/main.yaml | 28 +- .../targets/lookup_aws_ssm/aliases | 1 + .../targets/lookup_aws_ssm/defaults/main.yml | 2 + .../targets/lookup_aws_ssm/meta/main.yml | 1 + .../targets/lookup_aws_ssm/tasks/main.yml | 242 ++++++++++++++++++ 6 files changed, 270 insertions(+), 7 deletions(-) create mode 100644 tests/integration/targets/lookup_aws_ssm/aliases create mode 100644 tests/integration/targets/lookup_aws_ssm/defaults/main.yml create mode 100644 tests/integration/targets/lookup_aws_ssm/meta/main.yml create mode 100644 tests/integration/targets/lookup_aws_ssm/tasks/main.yml diff --git a/tests/integration/targets/legacy_missing_tests/aliases b/tests/integration/targets/legacy_missing_tests/aliases index 062390abc10..7a68b11da8b 100644 --- a/tests/integration/targets/legacy_missing_tests/aliases +++ b/tests/integration/targets/legacy_missing_tests/aliases @@ -1,4 +1 @@ disabled - -# Lookup plugins -aws_ssm diff --git a/tests/integration/targets/lookup_aws_secret/tasks/main.yaml b/tests/integration/targets/lookup_aws_secret/tasks/main.yaml index 47f5e86326f..a22580e3b36 100644 --- a/tests/integration/targets/lookup_aws_secret/tasks/main.yaml +++ b/tests/integration/targets/lookup_aws_secret/tasks/main.yaml @@ -21,12 +21,22 @@ set_fact: secret_name: "ansible-test-{{ tiny_prefix }}-secret" secret_value: "{{ lookup('password', '/dev/null chars=ascii_lowercase,digits,punctuation length=16') }}" - on_missing_secret: "skip" - on_deleted_secret: "skip" + skip: "skip" + warn: "warn" - name: lookup missing secret (skip) set_fact: - missing_secret: "{{ lookup('amazon.aws.aws_secret', secret_name, on_missing=on_missing_secret, on_deleted=on_deleted_secret, **connection_args) }}" + missing_secret: "{{ lookup('amazon.aws.aws_secret', secret_name, on_missing=skip, **connection_args) }}" + + - name: assert that missing_secret is defined + assert: + that: + - missing_secret is defined + - missing_secret | list | length == 0 + + - name: lookup missing secret (warn) + set_fact: + missing_secret: "{{ lookup('amazon.aws.aws_secret', secret_name, on_missing=warn, **connection_args) }}" - name: assert that missing_secret is defined assert: @@ -70,7 +80,17 @@ - name: lookup deleted secret (skip) set_fact: - deleted_secret: "{{ lookup('amazon.aws.aws_secret', secret_name, on_missing=on_missing_secret, on_deleted=on_deleted_secret, **connection_args) }}" + deleted_secret: "{{ lookup('amazon.aws.aws_secret', secret_name, on_deleted=skip, **connection_args) }}" + + - name: assert that deleted_secret is defined + assert: + that: + - deleted_secret is defined + - deleted_secret | list | length == 0 + + - name: lookup deleted secret (warn) + set_fact: + deleted_secret: "{{ lookup('amazon.aws.aws_secret', secret_name, on_deleted=warn, **connection_args) }}" - name: assert that deleted_secret is defined assert: diff --git a/tests/integration/targets/lookup_aws_ssm/aliases b/tests/integration/targets/lookup_aws_ssm/aliases new file mode 100644 index 00000000000..4ef4b2067d0 --- /dev/null +++ b/tests/integration/targets/lookup_aws_ssm/aliases @@ -0,0 +1 @@ +cloud/aws diff --git a/tests/integration/targets/lookup_aws_ssm/defaults/main.yml b/tests/integration/targets/lookup_aws_ssm/defaults/main.yml new file mode 100644 index 00000000000..218afac1c30 --- /dev/null +++ b/tests/integration/targets/lookup_aws_ssm/defaults/main.yml @@ -0,0 +1,2 @@ +--- +ssm_key_prefix: '{{ resource_prefix }}' diff --git a/tests/integration/targets/lookup_aws_ssm/meta/main.yml b/tests/integration/targets/lookup_aws_ssm/meta/main.yml new file mode 100644 index 00000000000..32cf5dda7ed --- /dev/null +++ b/tests/integration/targets/lookup_aws_ssm/meta/main.yml @@ -0,0 +1 @@ +dependencies: [] diff --git a/tests/integration/targets/lookup_aws_ssm/tasks/main.yml b/tests/integration/targets/lookup_aws_ssm/tasks/main.yml new file mode 100644 index 00000000000..462374e72c1 --- /dev/null +++ b/tests/integration/targets/lookup_aws_ssm/tasks/main.yml @@ -0,0 +1,242 @@ +--- +- set_fact: + # As a lookup plugin we don't have access to module_defaults + connection_args: + region: "{{ aws_region }}" + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + aws_security_token: "{{ security_token | default(omit) }}" + no_log: True + +- name: 'aws_ssm lookup plugin integration tests' + collections: + - amazon.aws + module_defaults: + group/aws: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token | default(omit) }}' + region: '{{ aws_region }}' + vars: + skip: 'skip' + warn: 'warn' + simple_name: '/{{ ssm_key_prefix }}/Simple' + simple_description: 'This is a simple example' + simple_value: 'A simple VALue' + path_name: '/{{ ssm_key_prefix }}/path' + path_name_a: '{{ path_name }}/key_one' + path_shortname_a: 'key_one' + path_name_b: '{{ path_name }}/keyTwo' + path_shortname_b: 'keyTwo' + path_name_c: '{{ path_name }}/Nested/Key' + path_shortname_c: 'Key' + path_description: 'This is somewhere to store a set of keys' + path_value_a: 'value_one' + path_value_b: 'valueTwo' + path_value_c: 'Value Three' + missing_name: '{{ path_name }}/IDoNotExist' + block: + + # ============================================================ + # Simple key/value + - name: lookup a missing key (error) + set_fact: + lookup_value: "{{ lookup('amazon.aws.aws_ssm', simple_name, **connection_args) }}" + ignore_errors: true + register: lookup_missing + - assert: + that: + - lookup_missing is failed + + - name: lookup a missing key (warn) + set_fact: + lookup_value: "{{ lookup('amazon.aws.aws_ssm', simple_name, on_missing=warn, **connection_args) }}" + register: lookup_missing + - assert: + that: + - lookup_value | list | length == 0 + + - name: lookup a single missing key (skip) + set_fact: + lookup_value: "{{ lookup('amazon.aws.aws_ssm', simple_name, on_missing=skip, **connection_args) }}" + register: lookup_missing + - assert: + that: + - lookup_value | list | length == 0 + + - name: Create key/value pair in aws parameter store + aws_ssm_parameter_store: + name: '{{ simple_name }}' + description: '{{ simple_description }}' + value: '{{ simple_value }}' + + - name: Lookup a single key + set_fact: + lookup_value: "{{ lookup('amazon.aws.aws_ssm', simple_name, **connection_args) }}" + - assert: + that: + - lookup_value == simple_value + + # ============================================================ + + - name: Create nested key/value pair in aws parameter store (1) + aws_ssm_parameter_store: + name: '{{ path_name_a }}' + description: '{{ path_description }}' + value: '{{ path_value_a }}' + + - name: Create nested key/value pair in aws parameter store (2) + aws_ssm_parameter_store: + name: '{{ path_name_b }}' + description: '{{ path_description }}' + value: '{{ path_value_b }}' + + - name: Create nested key/value pair in aws parameter store (3) + aws_ssm_parameter_store: + name: '{{ path_name_c }}' + description: '{{ path_description }}' + value: '{{ path_value_c }}' + + # ============================================================ + - name: Lookup a keys using bypath + set_fact: + lookup_value: "{{ lookup('amazon.aws.aws_ssm', path_name, bypath=True, wantlist=True, **connection_args ) | first }}" + - assert: + that: + - path_name_a in lookup_value + - lookup_value[path_name_a] == path_value_a + - path_name_b in lookup_value + - lookup_value[path_name_b] == path_value_b + - lookup_value | length == 2 + + - name: Lookup a keys using bypath and recursive + set_fact: + lookup_value: "{{ lookup('amazon.aws.aws_ssm', path_name, bypath=True, recursive=True, wantlist=True, **connection_args ) | first }}" + - assert: + that: + - path_name_a in lookup_value + - lookup_value[path_name_a] == path_value_a + - path_name_b in lookup_value + - lookup_value[path_name_b] == path_value_b + - path_name_c in lookup_value + - lookup_value[path_name_c] == path_value_c + - lookup_value | length == 3 + + - name: Lookup a keys using bypath and shortname + set_fact: + lookup_value: "{{ lookup('amazon.aws.aws_ssm', path_name, bypath=True, shortnames=True, wantlist=True, **connection_args ) | first }}" + - assert: + that: + - path_shortname_a in lookup_value + - lookup_value[path_shortname_a] == path_value_a + - path_shortname_b in lookup_value + - lookup_value[path_shortname_b] == path_value_b + - lookup_value | length == 2 + + - name: Lookup a keys using bypath and recursive and shortname + set_fact: + lookup_value: "{{ lookup('amazon.aws.aws_ssm', path_name, bypath=True, recursive=True, shortnames=True, wantlist=True, **connection_args ) | first }}" + - assert: + that: + - path_shortname_a in lookup_value + - lookup_value[path_shortname_a] == path_value_a + - path_shortname_b in lookup_value + - lookup_value[path_shortname_b] == path_value_b + - path_shortname_c in lookup_value + - lookup_value[path_shortname_c] == path_value_c + - lookup_value | length == 3 + + # ============================================================ + + - name: Explicitly lookup two keys + set_fact: + lookup_value: "{{ lookup('amazon.aws.aws_ssm', simple_name, path_name_a, wantlist=True, **connection_args) }}" + - assert: + that: + - lookup_value | list | length == 2 + - lookup_value[0] == simple_value + - lookup_value[1] == path_value_a + + ### + + - name: Explicitly lookup two keys - one missing + set_fact: + lookup_value: "{{ lookup('amazon.aws.aws_ssm', simple_name, missing_name, wantlist=True, **connection_args) }}" + ignore_errors: True + register: lookup_missing + - assert: + that: + - lookup_missing is failed + + - name: Explicitly lookup two keys - one missing (skip) + set_fact: + lookup_value: "{{ lookup('amazon.aws.aws_ssm', simple_name, missing_name, on_missing=skip, wantlist=True, **connection_args) }}" + - assert: + that: + - lookup_value | list | length == 2 + - lookup_value[0] == simple_value + - lookup_value | bool == False + + ### + + - name: Explicitly lookup two paths - one missing + set_fact: + lookup_value: "{{ lookup('amazon.aws.aws_ssm', path_name, missing_name, bypath=True, wantlist=True, **connection_args) }}" + ignore_errors: True + register: lookup_missing + - assert: + that: + - lookup_missing is failed + + - name: Explicitly lookup two paths - one missing (skip) + set_fact: + lookup_value: "{{ lookup('amazon.aws.aws_ssm', path_name, missing_name, on_missing=skip, bypath=True, wantlist=True, **connection_args) }}" + - assert: + that: + - lookup_value | list | length == 2 + - lookup_value[1] | bool == False + - path_name_a in lookup_value[0] + - lookup_value[0][path_name_a] == path_value_a + - path_name_b in lookup_value[0] + - lookup_value[0][path_name_b] == path_value_b + - lookup_value[0] | length == 2 + + ### + + - name: Explicitly lookup two paths with recurse - one missing + set_fact: + lookup_value: "{{ lookup('amazon.aws.aws_ssm', path_name, missing_name, bypath=True, recursive=True, wantlist=True, **connection_args) }}" + ignore_errors: True + register: lookup_missing + - assert: + that: + - lookup_missing is failed + + - name: Explicitly lookup two paths with recurse - one missing (skip) + set_fact: + lookup_value: "{{ lookup('amazon.aws.aws_ssm', path_name, missing_name, on_missing=skip, bypath=True, recursive=True, wantlist=True, **connection_args) }}" + - assert: + that: + - lookup_value | list | length == 2 + - lookup_value[1] | bool == False + - path_name_a in lookup_value[0] + - lookup_value[0][path_name_a] == path_value_a + - path_name_b in lookup_value[0] + - lookup_value[0][path_name_b] == path_value_b + - path_name_c in lookup_value[0] + - lookup_value[0][path_name_c] == path_value_c + - lookup_value[0] | length == 3 + + always: + # ============================================================ + - name: Delete remaining key/value pairs in aws parameter store + aws_ssm_parameter_store: + name: "{{item}}" + state: absent + ignore_errors: True + with_items: + - '{{ path_name_c }}' + - '{{ path_name_b }}' + - '{{ path_name_c }}' + - '{{ path_name }}' + - '{{ simple_name }}'