From 172b634c7daf725abac9dbf72297d68618aaf536 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Tue, 9 Mar 2021 14:47:05 +0100 Subject: [PATCH 1/3] Initial integration test for aws_account_attribute --- .../lookup_aws_account_attribute/aliases | 2 + .../tasks/main.yaml | 130 ++++++++++++++++++ 2 files changed, 132 insertions(+) create mode 100644 tests/integration/targets/lookup_aws_account_attribute/aliases create mode 100644 tests/integration/targets/lookup_aws_account_attribute/tasks/main.yaml diff --git a/tests/integration/targets/lookup_aws_account_attribute/aliases b/tests/integration/targets/lookup_aws_account_attribute/aliases new file mode 100644 index 00000000000..6e3860bee23 --- /dev/null +++ b/tests/integration/targets/lookup_aws_account_attribute/aliases @@ -0,0 +1,2 @@ +cloud/aws +shippable/aws/group2 diff --git a/tests/integration/targets/lookup_aws_account_attribute/tasks/main.yaml b/tests/integration/targets/lookup_aws_account_attribute/tasks/main.yaml new file mode 100644 index 00000000000..0dcc162b845 --- /dev/null +++ b/tests/integration/targets/lookup_aws_account_attribute/tasks/main.yaml @@ -0,0 +1,130 @@ +- set_fact: + # As a lookup plugin we don't have access to module_defaults + connection_args: + region: "{{ aws_region }}" + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + aws_security_token: "{{ security_token | default(omit) }}" + no_log: True + +- module_defaults: + group/aws: + region: "{{ aws_region }}" + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + security_token: "{{ security_token | default(omit) }}" + block: + - name: 'Check for EC2 Classic support (has-ec2-classic)' + set_fact: + has_ec2_classic: "{{ lookup('amazon.aws.aws_account_attribute', + attribute='has-ec2-classic', + wantlist=True, + **connection_args) }}" + - assert: + that: + - ( has_ec2_classic is sameas true ) or ( has_ec2_classic is sameas false ) + + - name: 'Fetch all account attributes (wantlist=True)' + set_fact: + account_attrs: "{{ lookup('amazon.aws.aws_account_attribute', + wantlist=True, + **connection_args) }}" + - assert: + that: + # Not guaranteed that there will be a default-vpc + - '"default-vpc" in account_attrs' + - '"max-elastic-ips" in account_attrs' + - account_attrs['max-elastic-ips'][0] | int + - '"max-instances" in account_attrs' + - account_attrs['max-instances'][0] | int + # EC2 and VPC are both valid values, but we can't guarantee which are available + - '"supported-platforms" in account_attrs' + - account_attrs['supported-platforms'] | difference(['VPC', 'EC2']) | length == 0 + - '"vpc-max-elastic-ips" in account_attrs' + - account_attrs['vpc-max-elastic-ips'][0] | int + - '"vpc-max-security-groups-per-interface" in account_attrs' + - account_attrs['vpc-max-security-groups-per-interface'][0] | int + + # Not espcially useful, but let's be thorough and leave hints what folks could + # expect + - name: 'Fetch all account attributes (wantlist=False)' + set_fact: + account_attrs: "{{ lookup('amazon.aws.aws_account_attribute', + wantlist=False, + **connection_args) }}" + - assert: + that: + - '"default-vpc" in split_attrs' + - '"max-elastic-ips" in split_attrs' + - '"max-instances" in split_attrs' + - '"supported-platforms" in split_attrs' + - '"vpc-max-elastic-ips" in split_attrs' + - '"vpc-max-security-groups-per-interface" in split_attrs' + vars: + split_attrs: '{{ account_attrs.split(",") }}' + + - name: 'Check for Default VPC (default-vpc)' + set_fact: + default_vpc: "{{ lookup('amazon.aws.aws_account_attribute', + attribute='default-vpc', + **connection_args) }}" + - assert: + that: + - (default_vpc == "none") + or + default_vpc.startswith("vpc-") + + - name: 'Check for maximum number of EIPs (max-elastic-ips)' + set_fact: + max_eips: "{{ lookup('amazon.aws.aws_account_attribute', + attribute='max-elastic-ips', + **connection_args) }}" + - assert: + that: + - max_eips | int + + - name: 'Check for maximum number of Instances (max-instances)' + set_fact: + max_instances: "{{ lookup('amazon.aws.aws_account_attribute', + attribute='max-instances', + **connection_args) }}" + - assert: + that: + - max_instances | int + + - name: 'Check for maximum number of EIPs in a VPC (vpc-max-elastic-ips)' + set_fact: + vpc_max_eips: "{{ lookup('amazon.aws.aws_account_attribute', + attribute='vpc-max-elastic-ips', + **connection_args) }}" + - assert: + that: + - vpc_max_eips | int + + - name: 'Check for maximum number of Security Groups per Interface (vpc-max-security-groups-per-interface)' + set_fact: + max_sg_per_int: "{{ lookup('amazon.aws.aws_account_attribute', + attribute='vpc-max-security-groups-per-interface', + **connection_args) }}" + - assert: + that: + - max_sg_per_int | int + + - name: 'Check for support of Classic EC2 vs VPC (supported-platforms)' + set_fact: + supported_plat: "{{ lookup('amazon.aws.aws_account_attribute', + attribute='supported-platforms', + **connection_args) }}" + - assert: + that: + - supported_plat.split(',') | difference(['VPC', 'EC2']) | length == 0 + + - name: 'Check for support of Classic EC2 vs VPC (supported-platforms) (wantlist)' + set_fact: + supported_plat: "{{ lookup('amazon.aws.aws_account_attribute', + attribute='supported-platforms', + wantlist=True, + **connection_args) }}" + - assert: + that: + - supported_plat | difference(['VPC', 'EC2']) | length == 0 From d13c297d9da64aa720b194df17525b7c88c956da Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Tue, 9 Mar 2021 14:40:34 +0100 Subject: [PATCH 2/3] Add AWS retries to aws_account_attribute --- plugins/lookup/aws_account_attribute.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/plugins/lookup/aws_account_attribute.py b/plugins/lookup/aws_account_attribute.py index 6c04373a841..2d9690ad662 100644 --- a/plugins/lookup/aws_account_attribute.py +++ b/plugins/lookup/aws_account_attribute.py @@ -65,6 +65,8 @@ from ansible.module_utils._text import to_native from ansible.plugins.lookup import LookupBase +from ansible_collections.amazon.aws.plugins.module_utils.ec2 import AWSRetry + def _boto3_conn(region, credentials): boto_profile = credentials.pop('aws_profile', None) @@ -93,6 +95,11 @@ def _get_credentials(options): return credentials +@AWSRetry.jittered_backoff(retries=10) +def _describe_account_attributes(client, **params): + return client.describe_account_attributes(**params) + + class LookupModule(LookupBase): def run(self, terms, variables, **kwargs): @@ -115,7 +122,7 @@ def run(self, terms, variables, **kwargs): params['AttributeNames'] = [attribute] try: - response = client.describe_account_attributes(**params)['AccountAttributes'] + response = _describe_account_attributes(client, **params)['AccountAttributes'] except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: raise AnsibleError("Failed to describe account attributes: %s" % to_native(e)) From 9deb7be787043bff0900afbc99c9863df368c4ae Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Tue, 9 Mar 2021 16:55:18 +0100 Subject: [PATCH 3/3] changelog --- changelogs/fragments/295-aws_account_attribute-awsretry.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 changelogs/fragments/295-aws_account_attribute-awsretry.yml diff --git a/changelogs/fragments/295-aws_account_attribute-awsretry.yml b/changelogs/fragments/295-aws_account_attribute-awsretry.yml new file mode 100644 index 00000000000..c49f91fdf37 --- /dev/null +++ b/changelogs/fragments/295-aws_account_attribute-awsretry.yml @@ -0,0 +1,2 @@ +minor_changes: +- aws_account_attribute - add retries on common AWS failures (https://github.com/ansible-collections/amazon.aws/pull/295).