ansible-collections · softwarefactory-project-zuul · Oct 13, 2022 · Oct 13, 2022 · tremble · Oct 13, 2022
diff --git a/changelogs/fragments/20221013-reenable-ec2_vpc_endpoint-tests.yml b/changelogs/fragments/20221013-reenable-ec2_vpc_endpoint-tests.yml
@@ -0,0 +1,2 @@
+trivial:
+- ec2_vpc_endpoint - Re-enable ec2_vpc_endpoint tests
diff --git a/tests/integration/targets/ec2_vpc_endpoint/aliases b/tests/integration/targets/ec2_vpc_endpoint/aliases
@@ -1,3 +1,5 @@
+time=7m
+
 cloud/aws
-disabled
+
 ec2_vpc_endpoint_info
diff --git a/tests/integration/targets/ec2_vpc_endpoint/meta/main.yml b/tests/integration/targets/ec2_vpc_endpoint/meta/main.yml
@@ -1 +1,2 @@
-dependencies: []
+dependencies:
+- role: setup_ec2_vpc
diff --git a/tests/integration/targets/ec2_vpc_endpoint/tasks/main.yml b/tests/integration/targets/ec2_vpc_endpoint/tasks/main.yml
@@ -643,6 +643,7 @@
       service: '{{ endpoint_service_a }}'
       route_table_ids:
       - '{{ rtb_igw_id }}'
+      purge_tags: false
       tags:
         new_tag: ANewTag
     register: add_tag_vpc_endpoint
@@ -767,7 +768,7 @@
       name: securitygroup-prodext
       description: "security group for Ansible interface endpoint"
       state: present
-      vpc_id: "{{ vpc.vpc.id }}"
+      vpc_id: "{{ vpc_id }}"
       rules:
         - proto: tcp
           from_port: 1
@@ -779,10 +780,11 @@
     ec2_vpc_endpoint:
       state: present
       vpc_id: '{{ vpc_id }}'
-      service: '{{ endpoint_service_a }}'
+      service: '{{ endpoint_service_b }}'
       vpc_endpoint_type: Interface
-      vpc_endpoint_subnets: "{{ interface_endpoint_create_subnet_check.subnet.id') }}"
+      vpc_endpoint_subnets: "{{ interface_endpoint_create_subnet_check.subnet.id }}"
       vpc_endpoint_security_groups: "{{ interface_endpoint_create_sg_check.group_id }}"
+      wait: true
     register: create_interface_endpoint_with_sg_subnets
   - name: Check that the interface endpoint was created properly
     assert:
@@ -794,6 +796,7 @@
     ec2_vpc_endpoint:
       state: absent
       vpc_endpoint_id: "{{ create_interface_endpoint_with_sg_subnets.result.vpc_endpoint_id }}"
+      wait: true
     register: create_interface_endpoint_with_sg_subnets_delete_check
   - assert:
       that:
@@ -802,62 +805,30 @@
   # ============================================================
   # BEGIN POST-TEST CLEANUP
   always:
-  # Delete the routes first - you can't delete an endpoint with a route
-  # attached.
-  - name: Delete minimal route table (no routes)
-    ec2_vpc_route_table:
-      state: absent
-      lookup: id
-      route_table_id: '{{ rtb_creation_empty.route_table.id }}'
-    ignore_errors: true
-
-  - name: Delete minimal route table (IGW route)
-    ec2_vpc_route_table:
-      state: absent
-      lookup: id
-      route_table_id: '{{ rtb_creation_igw.route_table.id }}'
-    ignore_errors: true
-
-  - name: Delete endpoint
-    ec2_vpc_endpoint:
-      state: absent
-      vpc_endpoint_id: '{{ create_endpoint.result.vpc_endpoint_id }}'
-    ignore_errors: true
-
-  - name: Delete endpoint
-    ec2_vpc_endpoint:
-      state: absent
-      vpc_endpoint_id: '{{ create_rtb_endpoint.result.vpc_endpoint_id }}'
-    ignore_errors: true
-
-  - name: Query any remain endpoints we created (idempotency work is ongoing)  # FIXME
+  - name: Query any remain endpoints we created
     ec2_vpc_endpoint_info:
       query: endpoints
       filters:
         vpc-id:
         - '{{ vpc_id }}'
-    register: test_endpoints
+    register: remaining_endpoints
 
   - name: Delete all endpoints
     ec2_vpc_endpoint:
       state: absent
       vpc_endpoint_id: '{{ item.vpc_endpoint_id }}'
-    with_items: '{{ test_endpoints.vpc_endpoints }}'
-    ignore_errors: true
-
-  - name: Remove IGW
-    ec2_vpc_igw:
-      state: absent
-      vpc_id: '{{ vpc_id }}'
-    register: igw_deletion
-    retries: 10
-    delay: 5
-    until: igw_deletion is success
-    ignore_errors: yes
-
-  - name: Remove VPC
-    ec2_vpc_net:
-      state: absent
-      name: '{{ vpc_name }}'
-      cidr_block: '{{ vpc_cidr }}'
+      wait: true
+    loop: '{{ remaining_endpoints.vpc_endpoints }}'
     ignore_errors: true
+    register: endpoints_removed
+    until:
+      - endpoints_removed is not failed
+      - endpoints_removed is not changed
+    retries: 20
+    delay: 10
+
+  - include_role:
+      name: 'setup_ec2_vpc'
+      tasks_from: 'cleanup.yml'
+    vars:
+      vpc_id: '{{ vpc_creation.vpc.id }}'
diff --git a/tests/integration/targets/setup_ec2_vpc/aliases b/tests/integration/targets/setup_ec2_vpc/aliases
@@ -0,0 +1 @@
+disabled
diff --git a/tests/integration/targets/setup_ec2_vpc/defaults/main.yml b/tests/integration/targets/setup_ec2_vpc/defaults/main.yml
diff --git a/tests/integration/targets/setup_ec2_vpc/meta/main.yml b/tests/integration/targets/setup_ec2_vpc/meta/main.yml
@@ -0,0 +1 @@
+dependencies: []
diff --git a/tests/integration/targets/setup_ec2_vpc/tasks/cleanup.yml b/tests/integration/targets/setup_ec2_vpc/tasks/cleanup.yml
@@ -0,0 +1,126 @@
+# ============================================================
+- name: Run all tests
+  module_defaults:
+    group/aws:
+      aws_access_key: '{{ aws_access_key }}'
+      aws_secret_key: '{{ aws_secret_key }}'
+      security_token: '{{ security_token | default(omit)}}'
+      region: '{{ aws_region }}'
+  block:
+
+    # ============================================================
+    # Describe state of remaining resources
+
+    - name: '(VPC Cleanup) Find all remaining ENIs'
+      ec2_eni_info:
+        filters:
+          vpc-id: '{{ vpc_id }}'
+      register: remaining_enis
+
+    - name: '(VPC Cleanup) Retrieve security group info based on VPC ID'
+      ec2_group_info:
+        filters:
+          vpc-id: '{{ vpc_id }}'
+      register: remaining_groups
+
+    - name: '(VPC Cleanup) Retrieve subnet info based on VPC ID'
+      ec2_vpc_subnet_info:
+        filters:
+          vpc-id: '{{ vpc_id }}'
+      register: remaining_subnets
+
+    - name: '(VPC Cleanup) Retrieve route table info based on VPC ID'
+      ec2_vpc_route_table_info:
+        filters:
+          vpc-id: '{{ vpc_id }}'
+      register: remaining_rtbs
+
+    - name: '(VPC Cleanup) Retrieve VPC info based on VPC ID'
+      ec2_vpc_net_info:
+        vpc_ids:
+          - '{{ vpc_id }}'
+      register: remaining_vpc
+
+    # ============================================================
+
+    - name: '(Cleanup) Delete all ENIs'
+      ec2_eni:
+        state: absent
+        eni_id: '{{ item.id }}'
+      register: eni_removed
+      until: eni_removed is not failed
+      loop: '{{ remaining_enis.network_interfaces }}'
+      ignore_errors: yes
+      retries: 10
+
+    # ============================================================
+    # Delete all remaining SGs
+
+    # Cross-dependencies between rules in the SGs can cause us problems if we don't clear the rules
+    # first
+    - name: '(VPC Cleanup) Delete rules from remaining SGs'
+      ec2_group:
+        name: '{{ item.group_name }}'
+        group_id: '{{ item.group_id }}'
+        description: '{{ item.description }}'
+        rules: []
+        rules_egress: []
+      loop: '{{ remaining_groups.security_groups }}'
+      ignore_errors: yes
+
+    - name: '(VPC Cleanup) Delete remaining SGs'
+      ec2_group:
+        state: absent
+        group_id: '{{ item.group_id }}'
+      loop: '{{ remaining_groups.security_groups }}'
+      ignore_errors: yes
+
+    # ============================================================
+
+    - name: '(VPC Cleanup) Delete remaining subnets'
+      ec2_vpc_subnet:
+        state: absent
+        vpc_id: '{{ vpc_id }}'
+        cidr: '{{ item.cidr_block }}'
+      register: subnets_removed
+      loop: '{{ remaining_subnets.subnets }}'
+      until: subnets_removed is not failed
+      when:
+        - item.name != 'default'
+      ignore_errors: yes
+      retries: 10
+
+    # ============================================================
+
+    - name: '(VPC Cleanup) Delete IGW'
+      ec2_vpc_igw:
+        state: absent
+        vpc_id: '{{ vpc_id }}'
+      register: igw_deletion
+      retries: 10
+      delay: 5
+      until: igw_deletion is success
+      ignore_errors: yes
+
+    # ============================================================
+
+    - name: '(VPC Cleanup) Delete remaining route tables'
+      ec2_vpc_route_table:
+        state: absent
+        vpc_id: '{{ vpc_id }}'
+        route_table_id: '{{ item.id }}'
+        lookup: 'id'
+      register: rtbs_removed
+      loop: '{{ remaining_rtbs.route_tables }}'
+      ignore_errors: yes
+
+    # ============================================================
+
+    - name: '(VPC Cleanup) Remove the VPC'
+      ec2_vpc_net:
+        state: absent
+        vpc_id: '{{ vpc_id }}'
+      register: vpc_removed
+      until: vpc_removed is not failed
+      ignore_errors: yes
+      retries: 10
diff --git a/tests/integration/targets/setup_ec2_vpc/tasks/main.yml b/tests/integration/targets/setup_ec2_vpc/tasks/main.yml
@@ -0,0 +1,2 @@
+- debug:
+    msg: 'VPC Cleanup module loaded'
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		trivial:
		- ec2_vpc_endpoint - Re-enable ec2_vpc_endpoint tests