diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/defaults/main.yml b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/defaults/main.yml index 513c35dae33..764ff1237df 100644 --- a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/defaults/main.yml +++ b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/defaults/main.yml @@ -8,3 +8,5 @@ windows_ami_name: Windows_Server-2019-English-Full-Base-* # - https://github.com/mattclay/aws-terminator/pull/181 # - https://github.com/ansible-collections/community.aws/pull/763 s3_bucket_name: ssm-encrypted-test-bucket + +ssm_document_name: ansible-custom-document diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/files/ssm-document.json b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/files/ssm-document.json new file mode 100644 index 00000000000..b3e5d91146f --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/files/ssm-document.json @@ -0,0 +1,15 @@ +{ + "schemaVersion": "1.0", + "description": "Custom SSM document", + "sessionType": "Standard_Stream", + "inputs": { + "s3EncryptionEnabled": false, + "cloudWatchLogGroupName": "", + "cloudWatchEncryptionEnabled": false, + "idleSessionTimeout": "20", + "cloudWatchStreamingEnabled": false, + "kmsKeyId": "", + "runAsEnabled": false, + "runAsDefaultUser": "" + } +} diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/tasks/main.yml b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/tasks/main.yml index d81d756c34e..45c5aa58dae 100644 --- a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/tasks/main.yml +++ b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/tasks/main.yml @@ -62,6 +62,12 @@ - name: Wait for IAM Role getting created pause: seconds: 10 + - name: Create custom SSM document + command: "aws ssm create-document --content file://{{playbook_dir}}/aws_ssm_integration_test_setup/files/ssm-document.json --name {{ ssm_document_name }} --document-type Session" + environement: + - AWS_ACCESS_KEY_ID: "{{ aws_access_key }}" + - AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}" + - AWS_REGION: "{{ aws_region }}" - name: Create Windows EC2 instance ec2_instance: @@ -149,3 +155,9 @@ dest: "{{playbook_dir}}/iam_role_vars_to_delete.yml" src: iam_role_vars_to_delete.yml.j2 ignore_errors: yes + + - name: Create SSM vars_to_delete.yml + template: + dest: "{{playbook_dir}}/ssm_vars_to_delete.yml" + src: ssm_vars_to_delete.yml.j2 + ignore_errors: yes diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/inventory-combined.aws_ssm.j2 b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/inventory-combined.aws_ssm.j2 index 4ac817d0ff0..6c2e33c9c68 100644 --- a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/inventory-combined.aws_ssm.j2 +++ b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/inventory-combined.aws_ssm.j2 @@ -26,7 +26,7 @@ ansible_python_interpreter=/usr/bin/env python local_tmp=/tmp/ansible-local- ansible_aws_ssm_bucket_sse_mode='aws:kms' ansible_aws_ssm_bucket_sse_kms_key_id=alias/{{ resource_prefix }}-kms -ansible_aws_ssm_document=SSM-SessionManagerRunShell +ansible_aws_ssm_document={{ ssm_document_name }} # support tests that target testhost [testhost:children] diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/ssm_vars_to_delete.yml.j2 b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/ssm_vars_to_delete.yml.j2 new file mode 100644 index 00000000000..cb7f92590c2 --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/ssm_vars_to_delete.yml.j2 @@ -0,0 +1,2 @@ +--- +ssm_document_name: {{ssm_document_name}} diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_teardown/tasks/main.yml b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_teardown/tasks/main.yml index 744fa26896f..16fd865b3a4 100644 --- a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_teardown/tasks/main.yml +++ b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_teardown/tasks/main.yml @@ -46,6 +46,15 @@ include_vars: "{{playbook_dir}}/iam_role_vars_to_delete.yml" when: iam_role_vars_file.stat.exists == true + - name: Check if ssm_vars_to_delete.yml is present + stat: + path: "{{playbook_dir}}/ssm_vars_to_delete.yml" + register: ssm_vars_file + + - name: Include variable file to delete SSM infra + include_vars: "{{playbook_dir}}/ssm_vars_to_delete.yml" + when: ssm_vars_file.stat.exists == true + - name: Terminate Windows EC2 instances that were previously launched ec2_instance: instance_ids: @@ -83,6 +92,13 @@ state: absent alias: '{{ resource_prefix }}-kms' + - name: Delete SSM document + command: "aws ssm delete-document --name {{ ssm_document_name }}" + environement: + - AWS_ACCESS_KEY_ID: "{{ aws_access_key }}" + - AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}" + - AWS_REGION: "{{ aws_region }}" + - name: Delete AWS keys environement file: path: "{{playbook_dir}}/aws-env-vars.sh"