From 7dc4f32e269873408ee5f7b6b25020bb0e9dbb24 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Thu, 12 Jan 2023 20:48:24 +0000 Subject: [PATCH] aws_ssm - Rework (and enable) integration tests (#1652) (#1656) [PR #1652/e01ac083 backport][stable-5] aws_ssm - Rework (and enable) integration tests This is a backport of PR #1652 as merged into main (e01ac08). Depends-On: #558 SUMMARY aws_ssm tests have been broken for a while. This should get initial integration tests up and running ISSUE TYPE Feature Pull Request COMPONENT NAME aws_ssm ADDITIONAL INFORMATION Notes: Does not cover cross-geo S3 buckets (only one region in CI at the minute) Does not cover encrypted buckets (missing permissions) Reviewed-by: Markus Bergholz --- .../fragments/20230112-aws_ssm-tests.yml | 2 + tests/integration/targets/connection/aliases | 1 + tests/integration/targets/connection/test.sh | 7 +- .../targets/connection_aws_ssm/aliases | 5 - .../aws_ssm_integration_test_setup.yml | 3 - .../defaults/main.yml | 10 -- .../tasks/main.yml | 151 ------------------ .../templates/ec2_linux_vars_to_delete.yml.j2 | 2 - .../templates/inventory-combined.aws_ssm.j2 | 32 ---- .../templates/s3_vars_to_delete.yml.j2 | 2 - .../aws_ssm_integration_test_teardown.yml | 3 - .../README.md | 43 ----- .../tasks/main.yml | 90 ----------- .../targets/connection_aws_ssm/meta/main.yml | 1 - .../targets/connection_aws_ssm_amazon/aliases | 4 + .../aws_ssm_integration_test_setup.yml | 5 + .../aws_ssm_integration_test_teardown.yml | 5 + .../connection_aws_ssm_amazon/meta/main.yml | 3 + .../runme.sh | 6 +- .../targets/connection_aws_ssm_fedora/aliases | 4 + .../aws_ssm_integration_test_setup.yml | 5 + .../aws_ssm_integration_test_teardown.yml | 5 + .../connection_aws_ssm_fedora/meta/main.yml | 3 + .../connection_aws_ssm_fedora/runme.sh | 31 ++++ .../targets/connection_aws_ssm_ubuntu/aliases | 4 + .../aws_ssm_integration_test_setup.yml | 5 + .../aws_ssm_integration_test_teardown.yml | 5 + .../connection_aws_ssm_ubuntu/meta/main.yml | 3 + .../connection_aws_ssm_ubuntu/runme.sh | 31 ++++ .../connection_aws_ssm_windows/aliases | 5 + .../aws_ssm_integration_test_setup.yml | 5 + .../aws_ssm_integration_test_teardown.yml | 5 + .../connection_aws_ssm_windows/meta/main.yml | 3 + .../connection_aws_ssm_windows/runme.sh | 31 ++++ .../README.md | 0 .../targets/setup_connection_aws_ssm/aliases | 3 + .../defaults/main.yml | 46 ++++++ .../files/ec2-trust-policy.json | 0 .../tasks/cleanup.yml | 71 ++++++++ .../tasks/debian.yml | 13 +- .../setup_connection_aws_ssm/tasks/main.yml | 131 +++++++++++++++ .../tasks/redhat.yml | 3 + .../templates/aws-env-vars.j2 | 0 .../ec2_instance_vars_to_delete.yml.j2 | 7 + .../ec2_windows_vars_to_delete.yml.j2 | 0 .../templates/iam_role_vars_to_delete.yml.j2 | 0 .../templates/inventory-combined.aws_ssm.j2 | 42 +++++ .../templates/s3_vars_to_delete.yml.j2 | 2 + 48 files changed, 481 insertions(+), 357 deletions(-) create mode 100644 changelogs/fragments/20230112-aws_ssm-tests.yml delete mode 100644 tests/integration/targets/connection_aws_ssm/aliases delete mode 100644 tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup.yml delete mode 100644 tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/defaults/main.yml delete mode 100644 tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/tasks/main.yml delete mode 100644 tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/ec2_linux_vars_to_delete.yml.j2 delete mode 100644 tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/inventory-combined.aws_ssm.j2 delete mode 100644 tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/s3_vars_to_delete.yml.j2 delete mode 100644 tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_teardown.yml delete mode 100644 tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_teardown/README.md delete mode 100644 tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_teardown/tasks/main.yml delete mode 100644 tests/integration/targets/connection_aws_ssm/meta/main.yml create mode 100644 tests/integration/targets/connection_aws_ssm_amazon/aliases create mode 100644 tests/integration/targets/connection_aws_ssm_amazon/aws_ssm_integration_test_setup.yml create mode 100644 tests/integration/targets/connection_aws_ssm_amazon/aws_ssm_integration_test_teardown.yml create mode 100644 tests/integration/targets/connection_aws_ssm_amazon/meta/main.yml rename tests/integration/targets/{connection_aws_ssm => connection_aws_ssm_amazon}/runme.sh (80%) create mode 100644 tests/integration/targets/connection_aws_ssm_fedora/aliases create mode 100644 tests/integration/targets/connection_aws_ssm_fedora/aws_ssm_integration_test_setup.yml create mode 100644 tests/integration/targets/connection_aws_ssm_fedora/aws_ssm_integration_test_teardown.yml create mode 100644 tests/integration/targets/connection_aws_ssm_fedora/meta/main.yml create mode 100755 tests/integration/targets/connection_aws_ssm_fedora/runme.sh create mode 100644 tests/integration/targets/connection_aws_ssm_ubuntu/aliases create mode 100644 tests/integration/targets/connection_aws_ssm_ubuntu/aws_ssm_integration_test_setup.yml create mode 100644 tests/integration/targets/connection_aws_ssm_ubuntu/aws_ssm_integration_test_teardown.yml create mode 100644 tests/integration/targets/connection_aws_ssm_ubuntu/meta/main.yml create mode 100755 tests/integration/targets/connection_aws_ssm_ubuntu/runme.sh create mode 100644 tests/integration/targets/connection_aws_ssm_windows/aliases create mode 100644 tests/integration/targets/connection_aws_ssm_windows/aws_ssm_integration_test_setup.yml create mode 100644 tests/integration/targets/connection_aws_ssm_windows/aws_ssm_integration_test_teardown.yml create mode 100644 tests/integration/targets/connection_aws_ssm_windows/meta/main.yml create mode 100755 tests/integration/targets/connection_aws_ssm_windows/runme.sh rename tests/integration/targets/{connection_aws_ssm/aws_ssm_integration_test_setup => setup_connection_aws_ssm}/README.md (100%) create mode 100644 tests/integration/targets/setup_connection_aws_ssm/aliases create mode 100644 tests/integration/targets/setup_connection_aws_ssm/defaults/main.yml rename tests/integration/targets/{connection_aws_ssm/aws_ssm_integration_test_setup => setup_connection_aws_ssm}/files/ec2-trust-policy.json (100%) create mode 100644 tests/integration/targets/setup_connection_aws_ssm/tasks/cleanup.yml rename tests/integration/targets/{connection_aws_ssm/aws_ssm_integration_test_setup => setup_connection_aws_ssm}/tasks/debian.yml (63%) create mode 100644 tests/integration/targets/setup_connection_aws_ssm/tasks/main.yml rename tests/integration/targets/{connection_aws_ssm/aws_ssm_integration_test_setup => setup_connection_aws_ssm}/tasks/redhat.yml (75%) rename tests/integration/targets/{connection_aws_ssm/aws_ssm_integration_test_setup => setup_connection_aws_ssm}/templates/aws-env-vars.j2 (100%) create mode 100644 tests/integration/targets/setup_connection_aws_ssm/templates/ec2_instance_vars_to_delete.yml.j2 rename tests/integration/targets/{connection_aws_ssm/aws_ssm_integration_test_setup => setup_connection_aws_ssm}/templates/ec2_windows_vars_to_delete.yml.j2 (100%) rename tests/integration/targets/{connection_aws_ssm/aws_ssm_integration_test_setup => setup_connection_aws_ssm}/templates/iam_role_vars_to_delete.yml.j2 (100%) create mode 100644 tests/integration/targets/setup_connection_aws_ssm/templates/inventory-combined.aws_ssm.j2 create mode 100644 tests/integration/targets/setup_connection_aws_ssm/templates/s3_vars_to_delete.yml.j2 diff --git a/changelogs/fragments/20230112-aws_ssm-tests.yml b/changelogs/fragments/20230112-aws_ssm-tests.yml new file mode 100644 index 00000000000..c35e054b931 --- /dev/null +++ b/changelogs/fragments/20230112-aws_ssm-tests.yml @@ -0,0 +1,2 @@ +trivial: +- aws_ssm - Rework and enable aws_ssm integration tests diff --git a/tests/integration/targets/connection/aliases b/tests/integration/targets/connection/aliases index 9edc56e9dcf..8019bed396b 100644 --- a/tests/integration/targets/connection/aliases +++ b/tests/integration/targets/connection/aliases @@ -1,2 +1,3 @@ # Used to test basic operation once a connection plugin has established a connection hidden +disabled diff --git a/tests/integration/targets/connection/test.sh b/tests/integration/targets/connection/test.sh index 4e7aa8dda13..52af74d7dd2 100755 --- a/tests/integration/targets/connection/test.sh +++ b/tests/integration/targets/connection/test.sh @@ -4,7 +4,8 @@ set -eux [ -f "${INVENTORY}" ] -# Run connection tests with both the default and C locale. +ansible-playbook test_connection.yml -i "${INVENTORY}" "$@" - ansible-playbook test_connection.yml -i "${INVENTORY}" "$@" -LC_ALL=C LANG=C ansible-playbook test_connection.yml -i "${INVENTORY}" "$@" +# Ansible 2.14 dropped support for non UTF-8 Locale +# https://github.com/ansible/ansible/pull/78175 +# LC_ALL=C LANG=C ansible-playbook test_connection.yml -i "${INVENTORY}" "$@" diff --git a/tests/integration/targets/connection_aws_ssm/aliases b/tests/integration/targets/connection_aws_ssm/aliases deleted file mode 100644 index 5647bd17be4..00000000000 --- a/tests/integration/targets/connection_aws_ssm/aliases +++ /dev/null @@ -1,5 +0,0 @@ -# reason: slow -# This test suite can take almost 25 minutes (on a good day) -disabled # Test is currently broken on Deb-based systems, and dependant ../connection dir access in ansible/default-test-container -unstable -cloud/aws diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup.yml b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup.yml deleted file mode 100644 index 7cd735b9a1c..00000000000 --- a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup.yml +++ /dev/null @@ -1,3 +0,0 @@ -- hosts: localhost - roles: - - role: aws_ssm_integration_test_setup diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/defaults/main.yml b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/defaults/main.yml deleted file mode 100644 index 513c35dae33..00000000000 --- a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/defaults/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -instance_type: t3.micro -linux_ami_name: amzn-ami-hvm-2018.03*x86_64-ebs -# Windows AMIs get replaced every few months, don't be too specific -windows_ami_name: Windows_Server-2019-English-Full-Base-* - -# see: -# - https://github.com/mattclay/aws-terminator/pull/181 -# - https://github.com/ansible-collections/community.aws/pull/763 -s3_bucket_name: ssm-encrypted-test-bucket diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/tasks/main.yml b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/tasks/main.yml deleted file mode 100644 index d81d756c34e..00000000000 --- a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/tasks/main.yml +++ /dev/null @@ -1,151 +0,0 @@ ---- -## Task file for setup/teardown AWS resources for aws_ssm integration testing -- name: 'aws_ssm connection plugin integration test resource creation' - collections: - - amazon.aws - module_defaults: - group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region }}' - block: - - name: AMI Lookup - ec2_ami_info: - owners: 'amazon' - filters: - name: '{{ item }}' - register: ec2_amis - loop: - - '{{ linux_ami_name }}' - - '{{ windows_ami_name }}' - - - name: Set facts with latest AMIs - vars: - latest_linux_ami: '{{ ec2_amis.results[0].images | sort(attribute="creation_date") | last }}' - latest_windows_ami: '{{ ec2_amis.results[1].images | sort(attribute="creation_date") | last }}' - set_fact: - linux_ami_id: '{{ latest_linux_ami.image_id }}' - windows_ami_id: '{{ latest_windows_ami.image_id }}' - - - name: Install Session Manager Plugin for Fedora/Debian/Ubuntu - include_tasks: debian.yml - when: ansible_distribution == "Ubuntu" or ansible_distribution == "Debian" - register: install_plugin_debian - - - name: Install Session Manager Plugin for RedHat/Amazon - include_tasks: redhat.yml - when: ansible_distribution in ["CentOS", "RedHat", "Amazon", "Fedora"] - register: install_plugin_redhat - - - block: - - name: Fail if the plugin was not installed - fail: - msg: The distribution does not contain the required Session Manager Plugin - when: - - install_plugin_debian is skipped - - install_plugin_redhat is skipped - always: - - debug: - var: ansible_distribution - - - name: Ensure IAM instance role exists - iam_role: - name: "ansible-test-{{tiny_prefix}}-aws-ssm-role" - assume_role_policy_document: "{{ lookup('file','ec2-trust-policy.json') }}" - state: present - create_instance_profile: yes - managed_policy: - - AmazonSSMManagedInstanceCore - register: role_output - - - name: Wait for IAM Role getting created - pause: - seconds: 10 - - - name: Create Windows EC2 instance - ec2_instance: - instance_type: "{{instance_type}}" - ebs_optimized: True - image_id: "{{windows_ami_id}}" - wait: no - instance_role: "{{role_output.iam_role.role_name}}" - name: "{{resource_prefix}}-integration-test-aws-ssm-windows" - user_data: | - - Invoke-WebRequest -Uri "https://amazon-ssm-us-east-1.s3.amazonaws.com/latest/windows_amd64/AmazonSSMAgentSetup.exe" -OutFile "C:\AmazonSSMAgentSetup.exe" - Start-Process -FilePath C:\AmazonSSMAgentSetup.exe -ArgumentList "/S","/v","/qn" -Wait - Restart-Service AmazonSSMAgent - - state: present - tags: - TestPrefix: '{{ resource_prefix }}' - register: windows_output - - - name: Create Linux EC2 instance - ec2_instance: - instance_type: "{{instance_type}}" - ebs_optimized: True - image_id: "{{linux_ami_id}}" - wait: "yes" - instance_role: "{{role_output.iam_role.role_name}}" - name: "{{resource_prefix}}-integration-test-aws-ssm-linux" - user_data: | - #!/bin/sh - sudo systemctl start amazon-ssm-agent - state: present - tags: - TestPrefix: '{{ resource_prefix }}' - register: linux_output - - # This is just a delay, current host is localhost - - name: Wait for EC2 to be available - wait_for_connection: - delay: 360 - - - name: create a key - aws_kms: - alias: '{{ resource_prefix }}-kms' - tags: - ansible-test: '{{ resource_prefix }}' - - # - name: Create S3 bucket - # s3_bucket: - # name: "{{resource_prefix}}-aws-ssm-s3" - # register: s3_output - - - name: Create Inventory file - template: - dest: "{{playbook_dir}}/ssm_inventory" - src: inventory-combined.aws_ssm.j2 - - - name: Create AWS Keys Environement - template: - dest: "{{playbook_dir}}/aws-env-vars.sh" - src: aws-env-vars.j2 - no_log: yes - - always: - - name: Create EC2 Linux vars_to_delete.yml - template: - dest: "{{playbook_dir}}/ec2_linux_vars_to_delete.yml" - src: ec2_linux_vars_to_delete.yml.j2 - ignore_errors: yes - - - name: Create EC2 Windows vars_to_delete.yml - template: - dest: "{{playbook_dir}}/ec2_windows_vars_to_delete.yml" - src: ec2_windows_vars_to_delete.yml.j2 - ignore_errors: yes - - # - name: Create S3 vars_to_delete.yml - # template: - # dest: "{{playbook_dir}}/s3_vars_to_delete.yml" - # src: s3_vars_to_delete.yml.j2 - # ignore_errors: yes - - - name: Create IAM Role vars_to_delete.yml - template: - dest: "{{playbook_dir}}/iam_role_vars_to_delete.yml" - src: iam_role_vars_to_delete.yml.j2 - ignore_errors: yes diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/ec2_linux_vars_to_delete.yml.j2 b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/ec2_linux_vars_to_delete.yml.j2 deleted file mode 100644 index 06a2f8fd9d6..00000000000 --- a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/ec2_linux_vars_to_delete.yml.j2 +++ /dev/null @@ -1,2 +0,0 @@ ---- -linux_instance_id: {{ linux_output.instance_ids[0] }} diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/inventory-combined.aws_ssm.j2 b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/inventory-combined.aws_ssm.j2 deleted file mode 100644 index f8296e23044..00000000000 --- a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/inventory-combined.aws_ssm.j2 +++ /dev/null @@ -1,32 +0,0 @@ -[aws_ssm_linux] -linux_{{linux_output.instance_ids[0]}} ansible_aws_ssm_instance_id={{linux_output.instance_ids[0]}} ansible_aws_ssm_region={{aws_region}} - -[aws_ssm_linux:vars] -remote_tmp=/tmp/ansible-remote -action_prefix= - -[aws_ssm_windows] -windows_{{windows_output.instance_ids[0]}} ansible_aws_ssm_instance_id={{windows_output.instance_ids[0]}} ansible_aws_ssm_region={{aws_region}} - -[aws_ssm_windows:vars] -ansible_shell_type=powershell -remote_tmp=c:/windows/temp/ansible-remote -action_prefix=win_ - -[aws_ssm:children] -aws_ssm_linux -## To run the connection test uncomment here -# aws_ssm_windows - -[aws_ssm:vars] -ansible_connection=community.aws.aws_ssm -ansible_aws_ssm_bucket_name={{s3_bucket_name}} -ansible_aws_ssm_plugin=/usr/local/sessionmanagerplugin/bin/session-manager-plugin -ansible_python_interpreter=/usr/bin/env python -local_tmp=/tmp/ansible-local- -ansible_aws_ssm_bucket_sse_mode='aws:kms' -ansible_aws_ssm_bucket_sse_kms_key_id=alias/{{ resource_prefix }}-kms - -# support tests that target testhost -[testhost:children] -aws_ssm diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/s3_vars_to_delete.yml.j2 b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/s3_vars_to_delete.yml.j2 deleted file mode 100644 index d29071a9f98..00000000000 --- a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/s3_vars_to_delete.yml.j2 +++ /dev/null @@ -1,2 +0,0 @@ ---- -#bucket_name: {{s3_output.name}} diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_teardown.yml b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_teardown.yml deleted file mode 100644 index 13c62c1f90c..00000000000 --- a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_teardown.yml +++ /dev/null @@ -1,3 +0,0 @@ -- hosts: localhost - roles: - - role: aws_ssm_integration_test_teardown diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_teardown/README.md b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_teardown/README.md deleted file mode 100644 index bc12a83e1d7..00000000000 --- a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_teardown/README.md +++ /dev/null @@ -1,43 +0,0 @@ -# AWS SSM Integration Test Setup - -## aws_ssm_integration_test_setup_teardown - -An Ansible role was created to perform integration test across aws_ssm connection plugin. The role performs the following actions. - -- Create AWS Resources in user specified region. -- Perform integration Test across aws_ssm connection plugin. -- TearDown/Remove AWS Resources that are created for testing plugin. - -### Prerequisites - -- Make sure the machine used for testing already has Ansible repo with ssm connection plugin. -- AWS CLI/IAM-Role configured to the machine which has permissions to spin-up AWS resources. - -### Variables referred in Ansible Role - -The following table provide details about variables referred within Ansible Role. - -| Variable Name | Details | -| ------ | ------ | -| aws_region | Name of AWS-region | -| iam_role_name | Name of IAM Role which will be attached to newly-created EC2-Instance | -| iam_policy_name | Name of IAM Policy which will be attached to the IAM role referred above | -| instance_type | Instance type user for creating EC2-Instance | -| instance_id | AWS EC2 Instance-Id (This gets populated by role) | -| bucket_name | Name of S3 buckted used by SSM (This gets populated by role) | - -### Example Playbook - -A sample example to demonstrate the usage of role within Ansible-playbook.(Make sure the respective variables are passed as parameters.) - -```yaml - - hosts: localhost - roles: - - aws_ssm_integration_test_setup_teardown -``` - -#### Author's Information - -Krishna Nand Choudhary (krishnanandchoudhary) -Nikhil Araga (araganik) -Gaurav Ashtikar (gau1991) diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_teardown/tasks/main.yml b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_teardown/tasks/main.yml deleted file mode 100644 index 744fa26896f..00000000000 --- a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_teardown/tasks/main.yml +++ /dev/null @@ -1,90 +0,0 @@ ---- -- name: 'aws_ssm connection plugin integration test resource cleanup' - collections: - - amazon.aws - module_defaults: - group/aws: - aws_access_key: '{{ aws_access_key }}' - aws_secret_key: '{{ aws_secret_key }}' - security_token: '{{ security_token | default(omit) }}' - region: '{{ aws_region }}' - block: - - - name: Check if ec2_linux_vars_to_delete.yml is present - stat: - path: "{{playbook_dir}}/ec2_linux_vars_to_delete.yml" - register: ec2_linux_vars_file - - - name: Include variable file to delete EC2 Linux infra - include_vars: "{{playbook_dir}}/ec2_linux_vars_to_delete.yml" - when: ec2_linux_vars_file.stat.exists == true - - - name: Check if ec2_windows_vars_to_delete.yml is present - stat: - path: "{{playbook_dir}}/ec2_windows_vars_to_delete.yml" - register: ec2_windows_vars_file - - - name: Include variable file to delete EC2 Windows infra - include_vars: "{{playbook_dir}}/ec2_windows_vars_to_delete.yml" - when: ec2_windows_vars_file.stat.exists == true - - - name: Check if s3_vars_to_delete.yml is present - stat: - path: "{{playbook_dir}}/s3_vars_to_delete.yml" - register: s3_vars_file - - - name: Include variable file to delete S3 Infra infra - include_vars: "{{playbook_dir}}/s3_vars_to_delete.yml" - when: s3_vars_file.stat.exists == true - - - name: Check if iam_role_vars_to_delete.yml is present - stat: - path: "{{playbook_dir}}/iam_role_vars_to_delete.yml" - register: iam_role_vars_file - - - name: Include variable file to delete IAM Role infra - include_vars: "{{playbook_dir}}/iam_role_vars_to_delete.yml" - when: iam_role_vars_file.stat.exists == true - - - name: Terminate Windows EC2 instances that were previously launched - ec2_instance: - instance_ids: - - "{{windows_instance_id}}" - state: absent - wait: True - ignore_errors: yes - when: ec2_windows_vars_file.stat.exists == true - - - name: Terminate Linux EC2 instances that were previously launched - ec2_instance: - instance_ids: - - "{{linux_instance_id}}" - state: absent - wait: True - ignore_errors: yes - when: ec2_linux_vars_file.stat.exists == true - - - name: Delete S3 bucket - aws_s3: - bucket: "{{bucket_name}}" - mode: delete - ignore_errors: yes - when: s3_vars_file.stat.exists == true - - - name: Delete IAM role - iam_role: - name: "{{iam_role_name}}" - state: absent - ignore_errors: yes - when: iam_role_vars_file.stat.exists == true - - - name: Delete the KMS key - aws_kms: - state: absent - alias: '{{ resource_prefix }}-kms' - - - name: Delete AWS keys environement - file: - path: "{{playbook_dir}}/aws-env-vars.sh" - state: absent - ignore_errors: yes diff --git a/tests/integration/targets/connection_aws_ssm/meta/main.yml b/tests/integration/targets/connection_aws_ssm/meta/main.yml deleted file mode 100644 index 32cf5dda7ed..00000000000 --- a/tests/integration/targets/connection_aws_ssm/meta/main.yml +++ /dev/null @@ -1 +0,0 @@ -dependencies: [] diff --git a/tests/integration/targets/connection_aws_ssm_amazon/aliases b/tests/integration/targets/connection_aws_ssm_amazon/aliases new file mode 100644 index 00000000000..eb8e0b8914b --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_amazon/aliases @@ -0,0 +1,4 @@ +time=10m + +cloud/aws +connection_aws_ssm diff --git a/tests/integration/targets/connection_aws_ssm_amazon/aws_ssm_integration_test_setup.yml b/tests/integration/targets/connection_aws_ssm_amazon/aws_ssm_integration_test_setup.yml new file mode 100644 index 00000000000..17cc6bce7ae --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_amazon/aws_ssm_integration_test_setup.yml @@ -0,0 +1,5 @@ +- hosts: localhost + roles: + - role: ../setup_connection_aws_ssm + vars: + target_os: amazon diff --git a/tests/integration/targets/connection_aws_ssm_amazon/aws_ssm_integration_test_teardown.yml b/tests/integration/targets/connection_aws_ssm_amazon/aws_ssm_integration_test_teardown.yml new file mode 100644 index 00000000000..3ab6f74cf64 --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_amazon/aws_ssm_integration_test_teardown.yml @@ -0,0 +1,5 @@ +- hosts: localhost + tasks: + - include_role: + name: ../setup_connection_aws_ssm + tasks_from: cleanup.yml diff --git a/tests/integration/targets/connection_aws_ssm_amazon/meta/main.yml b/tests/integration/targets/connection_aws_ssm_amazon/meta/main.yml new file mode 100644 index 00000000000..d055eb86e84 --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_amazon/meta/main.yml @@ -0,0 +1,3 @@ +dependencies: + - connection + - setup_connection_aws_ssm diff --git a/tests/integration/targets/connection_aws_ssm/runme.sh b/tests/integration/targets/connection_aws_ssm_amazon/runme.sh similarity index 80% rename from tests/integration/targets/connection_aws_ssm/runme.sh rename to tests/integration/targets/connection_aws_ssm_amazon/runme.sh index e40675a5f3e..c99b3b0663b 100755 --- a/tests/integration/targets/connection_aws_ssm/runme.sh +++ b/tests/integration/targets/connection_aws_ssm_amazon/runme.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash +PLAYBOOK_DIR=$(pwd) set -eux CMD_ARGS=("$@") @@ -7,8 +8,7 @@ CMD_ARGS=("$@") # Destroy Environment cleanup() { - cd ../connection_aws_ssm - + cd "${PLAYBOOK_DIR}" ansible-playbook -c local aws_ssm_integration_test_teardown.yml "${CMD_ARGS[@]}" } @@ -26,6 +26,6 @@ set -x cd ../connection # Execute Integration tests -INVENTORY=../connection_aws_ssm/ssm_inventory ./test.sh \ +INVENTORY="${PLAYBOOK_DIR}/ssm_inventory" ./test.sh \ -e target_hosts=aws_ssm \ "$@" diff --git a/tests/integration/targets/connection_aws_ssm_fedora/aliases b/tests/integration/targets/connection_aws_ssm_fedora/aliases new file mode 100644 index 00000000000..eb8e0b8914b --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_fedora/aliases @@ -0,0 +1,4 @@ +time=10m + +cloud/aws +connection_aws_ssm diff --git a/tests/integration/targets/connection_aws_ssm_fedora/aws_ssm_integration_test_setup.yml b/tests/integration/targets/connection_aws_ssm_fedora/aws_ssm_integration_test_setup.yml new file mode 100644 index 00000000000..353757e332c --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_fedora/aws_ssm_integration_test_setup.yml @@ -0,0 +1,5 @@ +- hosts: localhost + roles: + - role: ../setup_connection_aws_ssm + vars: + target_os: fedora diff --git a/tests/integration/targets/connection_aws_ssm_fedora/aws_ssm_integration_test_teardown.yml b/tests/integration/targets/connection_aws_ssm_fedora/aws_ssm_integration_test_teardown.yml new file mode 100644 index 00000000000..3ab6f74cf64 --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_fedora/aws_ssm_integration_test_teardown.yml @@ -0,0 +1,5 @@ +- hosts: localhost + tasks: + - include_role: + name: ../setup_connection_aws_ssm + tasks_from: cleanup.yml diff --git a/tests/integration/targets/connection_aws_ssm_fedora/meta/main.yml b/tests/integration/targets/connection_aws_ssm_fedora/meta/main.yml new file mode 100644 index 00000000000..d055eb86e84 --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_fedora/meta/main.yml @@ -0,0 +1,3 @@ +dependencies: + - connection + - setup_connection_aws_ssm diff --git a/tests/integration/targets/connection_aws_ssm_fedora/runme.sh b/tests/integration/targets/connection_aws_ssm_fedora/runme.sh new file mode 100755 index 00000000000..c99b3b0663b --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_fedora/runme.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash + +PLAYBOOK_DIR=$(pwd) +set -eux + +CMD_ARGS=("$@") + +# Destroy Environment +cleanup() { + + cd "${PLAYBOOK_DIR}" + ansible-playbook -c local aws_ssm_integration_test_teardown.yml "${CMD_ARGS[@]}" + +} + +trap "cleanup" EXIT + +# Setup Environment +ansible-playbook -c local aws_ssm_integration_test_setup.yml "$@" + +# Export the AWS Keys +set +x +. ./aws-env-vars.sh +set -x + +cd ../connection + +# Execute Integration tests +INVENTORY="${PLAYBOOK_DIR}/ssm_inventory" ./test.sh \ + -e target_hosts=aws_ssm \ + "$@" diff --git a/tests/integration/targets/connection_aws_ssm_ubuntu/aliases b/tests/integration/targets/connection_aws_ssm_ubuntu/aliases new file mode 100644 index 00000000000..eb8e0b8914b --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_ubuntu/aliases @@ -0,0 +1,4 @@ +time=10m + +cloud/aws +connection_aws_ssm diff --git a/tests/integration/targets/connection_aws_ssm_ubuntu/aws_ssm_integration_test_setup.yml b/tests/integration/targets/connection_aws_ssm_ubuntu/aws_ssm_integration_test_setup.yml new file mode 100644 index 00000000000..c50b8e689d1 --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_ubuntu/aws_ssm_integration_test_setup.yml @@ -0,0 +1,5 @@ +- hosts: localhost + roles: + - role: ../setup_connection_aws_ssm + vars: + target_os: ubuntu diff --git a/tests/integration/targets/connection_aws_ssm_ubuntu/aws_ssm_integration_test_teardown.yml b/tests/integration/targets/connection_aws_ssm_ubuntu/aws_ssm_integration_test_teardown.yml new file mode 100644 index 00000000000..3ab6f74cf64 --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_ubuntu/aws_ssm_integration_test_teardown.yml @@ -0,0 +1,5 @@ +- hosts: localhost + tasks: + - include_role: + name: ../setup_connection_aws_ssm + tasks_from: cleanup.yml diff --git a/tests/integration/targets/connection_aws_ssm_ubuntu/meta/main.yml b/tests/integration/targets/connection_aws_ssm_ubuntu/meta/main.yml new file mode 100644 index 00000000000..d055eb86e84 --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_ubuntu/meta/main.yml @@ -0,0 +1,3 @@ +dependencies: + - connection + - setup_connection_aws_ssm diff --git a/tests/integration/targets/connection_aws_ssm_ubuntu/runme.sh b/tests/integration/targets/connection_aws_ssm_ubuntu/runme.sh new file mode 100755 index 00000000000..c99b3b0663b --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_ubuntu/runme.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash + +PLAYBOOK_DIR=$(pwd) +set -eux + +CMD_ARGS=("$@") + +# Destroy Environment +cleanup() { + + cd "${PLAYBOOK_DIR}" + ansible-playbook -c local aws_ssm_integration_test_teardown.yml "${CMD_ARGS[@]}" + +} + +trap "cleanup" EXIT + +# Setup Environment +ansible-playbook -c local aws_ssm_integration_test_setup.yml "$@" + +# Export the AWS Keys +set +x +. ./aws-env-vars.sh +set -x + +cd ../connection + +# Execute Integration tests +INVENTORY="${PLAYBOOK_DIR}/ssm_inventory" ./test.sh \ + -e target_hosts=aws_ssm \ + "$@" diff --git a/tests/integration/targets/connection_aws_ssm_windows/aliases b/tests/integration/targets/connection_aws_ssm_windows/aliases new file mode 100644 index 00000000000..ad8f7302c86 --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_windows/aliases @@ -0,0 +1,5 @@ +time=10m + +unstable +cloud/aws +connection_aws_ssm diff --git a/tests/integration/targets/connection_aws_ssm_windows/aws_ssm_integration_test_setup.yml b/tests/integration/targets/connection_aws_ssm_windows/aws_ssm_integration_test_setup.yml new file mode 100644 index 00000000000..4c8b6601e89 --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_windows/aws_ssm_integration_test_setup.yml @@ -0,0 +1,5 @@ +- hosts: localhost + roles: + - role: ../setup_connection_aws_ssm + vars: + target_os: windows diff --git a/tests/integration/targets/connection_aws_ssm_windows/aws_ssm_integration_test_teardown.yml b/tests/integration/targets/connection_aws_ssm_windows/aws_ssm_integration_test_teardown.yml new file mode 100644 index 00000000000..3ab6f74cf64 --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_windows/aws_ssm_integration_test_teardown.yml @@ -0,0 +1,5 @@ +- hosts: localhost + tasks: + - include_role: + name: ../setup_connection_aws_ssm + tasks_from: cleanup.yml diff --git a/tests/integration/targets/connection_aws_ssm_windows/meta/main.yml b/tests/integration/targets/connection_aws_ssm_windows/meta/main.yml new file mode 100644 index 00000000000..d055eb86e84 --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_windows/meta/main.yml @@ -0,0 +1,3 @@ +dependencies: + - connection + - setup_connection_aws_ssm diff --git a/tests/integration/targets/connection_aws_ssm_windows/runme.sh b/tests/integration/targets/connection_aws_ssm_windows/runme.sh new file mode 100755 index 00000000000..c99b3b0663b --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm_windows/runme.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash + +PLAYBOOK_DIR=$(pwd) +set -eux + +CMD_ARGS=("$@") + +# Destroy Environment +cleanup() { + + cd "${PLAYBOOK_DIR}" + ansible-playbook -c local aws_ssm_integration_test_teardown.yml "${CMD_ARGS[@]}" + +} + +trap "cleanup" EXIT + +# Setup Environment +ansible-playbook -c local aws_ssm_integration_test_setup.yml "$@" + +# Export the AWS Keys +set +x +. ./aws-env-vars.sh +set -x + +cd ../connection + +# Execute Integration tests +INVENTORY="${PLAYBOOK_DIR}/ssm_inventory" ./test.sh \ + -e target_hosts=aws_ssm \ + "$@" diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/README.md b/tests/integration/targets/setup_connection_aws_ssm/README.md similarity index 100% rename from tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/README.md rename to tests/integration/targets/setup_connection_aws_ssm/README.md diff --git a/tests/integration/targets/setup_connection_aws_ssm/aliases b/tests/integration/targets/setup_connection_aws_ssm/aliases new file mode 100644 index 00000000000..fc6c7dd0fb3 --- /dev/null +++ b/tests/integration/targets/setup_connection_aws_ssm/aliases @@ -0,0 +1,3 @@ +# Used by the connection_amazon_aws plugins to build/destroy test infrastructure +hidden +disabled diff --git a/tests/integration/targets/setup_connection_aws_ssm/defaults/main.yml b/tests/integration/targets/setup_connection_aws_ssm/defaults/main.yml new file mode 100644 index 00000000000..e4886a0b2d4 --- /dev/null +++ b/tests/integration/targets/setup_connection_aws_ssm/defaults/main.yml @@ -0,0 +1,46 @@ +--- +instance_type: t3.micro + +ami_details: + fedora: + owner: 125523088429 + name: Fedora-Cloud-Base-34-1.2.x86_64* + user_data: | + #!/bin/sh + sudo dnf install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm + sudo systemctl start amazon-ssm-agent + os_type: linux + amazon: + owner: amazon + name: amzn2-ami-kernel-5.10-hvm-*-x86_64-gp2 + user_data: | + #!/bin/sh + # Pre-Installed just needs started + sudo systemctl start amazon-ssm-agent + os_type: linux + ubuntu: + owner: amazon + name: ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server* + user_data: | + #!/bin/sh + # Pre-Installed just needs started + sudo systemctl start amazon-ssm-agent + os_type: linux + windows: + owner: amazon + name: Windows_Server-2022-English-Full-Base-* + user_data: | + + Invoke-WebRequest -Uri "https://amazon-ssm-us-east-1.s3.amazonaws.com/latest/windows_amd64/AmazonSSMAgentSetup.exe" -OutFile "C:\AmazonSSMAgentSetup.exe" + Start-Process -FilePath C:\AmazonSSMAgentSetup.exe -ArgumentList "/S","/v","/qn" -Wait + Restart-Service AmazonSSMAgent + + os_type: windows + +# see: +# - https://github.com/mattclay/aws-terminator/pull/181 +# - https://github.com/ansible-collections/community.aws/pull/763 +encrypted_s3_bucket_name: ssm-encrypted-test-bucket + +s3_bucket_name: "{{ resource_prefix }}-connection-ssm" +kms_key_name: "{{ resource_prefix }}-connection-ssm" diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/files/ec2-trust-policy.json b/tests/integration/targets/setup_connection_aws_ssm/files/ec2-trust-policy.json similarity index 100% rename from tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/files/ec2-trust-policy.json rename to tests/integration/targets/setup_connection_aws_ssm/files/ec2-trust-policy.json diff --git a/tests/integration/targets/setup_connection_aws_ssm/tasks/cleanup.yml b/tests/integration/targets/setup_connection_aws_ssm/tasks/cleanup.yml new file mode 100644 index 00000000000..c45ac7dd457 --- /dev/null +++ b/tests/integration/targets/setup_connection_aws_ssm/tasks/cleanup.yml @@ -0,0 +1,71 @@ +--- +- name: 'aws_ssm connection plugin integration test resource cleanup' + collections: + - amazon.aws + module_defaults: + group/aws: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token | default(omit) }}' + region: '{{ aws_region }}' + block: + + - name: Check if instance_vars_to_delete.yml is present + stat: + path: "{{ playbook_dir }}/instance_vars_to_delete.yml" + register: ec2_vars_file + + - name: Include variable file to delete EC2 infra + include_vars: "{{ playbook_dir }}/instance_vars_to_delete.yml" + when: ec2_vars_file.stat.exists == true + + - name: Check if s3_vars_to_delete.yml is present + stat: + path: "{{playbook_dir}}/s3_vars_to_delete.yml" + register: s3_vars_file + + - name: Include variable file to delete S3 Infra infra + include_vars: "{{playbook_dir}}/s3_vars_to_delete.yml" + when: s3_vars_file.stat.exists == true + + - name: Check if iam_role_vars_to_delete.yml is present + stat: + path: "{{ playbook_dir }}/iam_role_vars_to_delete.yml" + register: iam_role_vars_file + + - name: Include variable file to delete IAM Role infra + include_vars: "{{ playbook_dir }}/iam_role_vars_to_delete.yml" + when: iam_role_vars_file.stat.exists == true + + - name: Terminate EC2 instances that were previously launched + ec2_instance: + instance_ids: "{{ created_instance_ids }}" + state: absent + wait: True + ignore_errors: yes + when: ec2_vars_file.stat.exists == true + + - name: Delete S3 bucket + s3_bucket: + state: absent + name: "{{ bucket_name }}" + ignore_errors: yes + when: s3_vars_file.stat.exists == true + + - name: Delete IAM role + iam_role: + name: "{{ iam_role_name }}" + state: absent + ignore_errors: yes + when: iam_role_vars_file.stat.exists == true + + - name: Delete the KMS key + aws_kms: + state: absent + alias: '{{ kms_key_name }}' + + - name: Delete AWS keys environement + file: + path: "{{ playbook_dir }}/aws-env-vars.sh" + state: absent + ignore_errors: yes diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/tasks/debian.yml b/tests/integration/targets/setup_connection_aws_ssm/tasks/debian.yml similarity index 63% rename from tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/tasks/debian.yml rename to tests/integration/targets/setup_connection_aws_ssm/tasks/debian.yml index ff497ef3c5f..2fa55723f14 100644 --- a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/tasks/debian.yml +++ b/tests/integration/targets/setup_connection_aws_ssm/tasks/debian.yml @@ -4,15 +4,10 @@ dest: /tmp/session-manager-plugin.deb mode: '0440' tags: setup_infra -- name: Extract SSM plugin Deb File - shell: ar x session-manager-plugin.deb - args: - chdir: /tmp - tags: setup_infra -- name: Extract SSM Plugin Control File - shell: tar -zxvf data.tar.gz -C / - args: - chdir: /tmp +- name: Install SSM Plugin + become: true + apt: + deb: /tmp/session-manager-plugin.deb tags: setup_infra - name: Check the SSM Plugin shell: /usr/local/sessionmanagerplugin/bin/session-manager-plugin --version diff --git a/tests/integration/targets/setup_connection_aws_ssm/tasks/main.yml b/tests/integration/targets/setup_connection_aws_ssm/tasks/main.yml new file mode 100644 index 00000000000..291a2daa891 --- /dev/null +++ b/tests/integration/targets/setup_connection_aws_ssm/tasks/main.yml @@ -0,0 +1,131 @@ +--- +## Task file for setup/teardown AWS resources for aws_ssm integration testing +- name: 'aws_ssm connection plugin integration test resource creation' + collections: + - amazon.aws + module_defaults: + group/aws: + aws_access_key: '{{ aws_access_key }}' + aws_secret_key: '{{ aws_secret_key }}' + security_token: '{{ security_token | default(omit) }}' + region: '{{ aws_region }}' + block: + + - name: Ensure IAM instance role exists + iam_role: + name: "ansible-test-{{tiny_prefix}}-aws-ssm-role" + assume_role_policy_document: "{{ lookup('file','ec2-trust-policy.json') }}" + state: present + create_instance_profile: yes + managed_policy: + - AmazonSSMManagedInstanceCore + wait: True + register: role_output + + - name: Lookup AMI configuration + set_fact: + ami_configuration: '{{ ami_details[(target_os | default("fedora"))] }}' + + - name: AMI Lookup + ec2_ami_info: + owners: '{{ ami_configuration.owner }}' + filters: + name: '{{ ami_configuration.name }}' + register: ec2_amis + + - name: Set facts with latest AMIs + vars: + latest_ami: '{{ ec2_amis.images | sort(attribute="creation_date") | last }}' + set_fact: + latest_ami_id: '{{ latest_ami.image_id }}' + + # (Local installation of the SSM **client** which is then used by the plugin) + - name: Install Session Manager Client for Debian/Ubuntu + include_tasks: debian.yml + when: ansible_distribution in ["Ubuntu", "Debian"] + register: install_plugin_debian + + - name: Install Session Manager Client for RedHat/Amazon + include_tasks: redhat.yml + when: ansible_distribution in ["CentOS", "RedHat", "Amazon", "Fedora"] + register: install_plugin_redhat + + - block: + - name: Fail if the plugin was not installed + fail: + msg: The distribution does not contain the required Session Manager Plugin + when: + - install_plugin_debian is skipped + - install_plugin_redhat is skipped + always: + - debug: + var: ansible_distribution + + - name: Create EC2 instance + ec2_instance: + instance_type: "{{ instance_type }}" + ebs_optimized: True + image_id: "{{ latest_ami_id }}" + wait: "yes" + instance_role: "{{ role_output.iam_role.role_name }}" + name: "{{ resource_prefix }}-connection-aws-ssm" + user_data: "{{ ami_configuration.user_data }}" + state: running + tags: + TestPrefix: '{{ resource_prefix }}' + register: instance_output + + - name: create a KMS key + aws_kms: + alias: '{{ kms_key_name }}' + tags: + ansible-test: '{{ resource_prefix }}' + when: + - encrypted_bucket | default(False) + + - name: Create S3 bucket + s3_bucket: + name: "{{ s3_bucket_name }}" + register: s3_output + + # Note: This bucket will **NOT** be deleted, there are some nasty gotchas with the time it takes + # to properly enable encryption so we have a permanant bucket which is automatically emptied + - name: Ensure encrypted bucket exists + s3_bucket: + name: "{{ encrypted_s3_bucket_name }}" + + - name: Create Inventory file + template: + dest: "{{ playbook_dir }}/ssm_inventory" + src: inventory-combined.aws_ssm.j2 + + - name: Create AWS Keys Environement + template: + dest: "{{ playbook_dir }}/aws-env-vars.sh" + src: aws-env-vars.j2 + no_log: yes + + always: + - name: Create EC2 Linux vars_to_delete.yml + template: + dest: "{{ playbook_dir }}/instance_vars_to_delete.yml" + src: ec2_instance_vars_to_delete.yml.j2 + ignore_errors: yes + when: + - instance_output is successful + + - name: Create IAM Role vars_to_delete.yml + template: + dest: "{{ playbook_dir }}/iam_role_vars_to_delete.yml" + src: iam_role_vars_to_delete.yml.j2 + when: + - role_output is successful + ignore_errors: yes + + - name: Create S3.yml + template: + dest: "{{ playbook_dir }}/s3_vars_to_delete.yml" + src: s3_vars_to_delete.yml.j2 + when: + - s3_output is successful + ignore_errors: yes diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/tasks/redhat.yml b/tests/integration/targets/setup_connection_aws_ssm/tasks/redhat.yml similarity index 75% rename from tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/tasks/redhat.yml rename to tests/integration/targets/setup_connection_aws_ssm/tasks/redhat.yml index f2cd5201451..52b3540c0ab 100644 --- a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/tasks/redhat.yml +++ b/tests/integration/targets/setup_connection_aws_ssm/tasks/redhat.yml @@ -11,3 +11,6 @@ state: present disable_gpg_check: true tags: setup_infra +- name: Check the SSM Plugin + shell: /usr/local/sessionmanagerplugin/bin/session-manager-plugin --version + tags: setup_infra diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/aws-env-vars.j2 b/tests/integration/targets/setup_connection_aws_ssm/templates/aws-env-vars.j2 similarity index 100% rename from tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/aws-env-vars.j2 rename to tests/integration/targets/setup_connection_aws_ssm/templates/aws-env-vars.j2 diff --git a/tests/integration/targets/setup_connection_aws_ssm/templates/ec2_instance_vars_to_delete.yml.j2 b/tests/integration/targets/setup_connection_aws_ssm/templates/ec2_instance_vars_to_delete.yml.j2 new file mode 100644 index 00000000000..6165486b42d --- /dev/null +++ b/tests/integration/targets/setup_connection_aws_ssm/templates/ec2_instance_vars_to_delete.yml.j2 @@ -0,0 +1,7 @@ +--- +created_instance_ids: +{% if instance_output | default(False) %} +{% for instance_id in instance_output.instance_ids %} +- {{ instance_id }} +{% endfor %} +{% endif %} diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/ec2_windows_vars_to_delete.yml.j2 b/tests/integration/targets/setup_connection_aws_ssm/templates/ec2_windows_vars_to_delete.yml.j2 similarity index 100% rename from tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/ec2_windows_vars_to_delete.yml.j2 rename to tests/integration/targets/setup_connection_aws_ssm/templates/ec2_windows_vars_to_delete.yml.j2 diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/iam_role_vars_to_delete.yml.j2 b/tests/integration/targets/setup_connection_aws_ssm/templates/iam_role_vars_to_delete.yml.j2 similarity index 100% rename from tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/iam_role_vars_to_delete.yml.j2 rename to tests/integration/targets/setup_connection_aws_ssm/templates/iam_role_vars_to_delete.yml.j2 diff --git a/tests/integration/targets/setup_connection_aws_ssm/templates/inventory-combined.aws_ssm.j2 b/tests/integration/targets/setup_connection_aws_ssm/templates/inventory-combined.aws_ssm.j2 new file mode 100644 index 00000000000..80b08244caa --- /dev/null +++ b/tests/integration/targets/setup_connection_aws_ssm/templates/inventory-combined.aws_ssm.j2 @@ -0,0 +1,42 @@ + +[aws_ssm_linux] +{% if instance_output | default(False) %} +{% if ( ami_configuration.os_type | default("linux")) == "linux" %} +linux_{{ instance_output.instance_ids[0] }} ansible_aws_ssm_instance_id={{ instance_output.instance_ids[0] }} ansible_aws_ssm_region={{ aws_region }} +{% endif %} +{% endif %} + +[aws_ssm_windows] +{% if instance_output | default(False) %} +{% if ( ami_configuration.os_type | default("linux")) == "windows" %} +windows_{{ instance_output.instance_ids[0] }} ansible_aws_ssm_instance_id={{ instance_output.instance_ids[0] }} ansible_aws_ssm_region={{ aws_region }} +{% endif %} +{% endif %} + +[aws_ssm_linux:vars] +remote_tmp=/tmp/ansible-remote +action_prefix=ansible.builtin. + +[aws_ssm_windows:vars] +ansible_shell_type=powershell +remote_tmp=c:/windows/temp/ansible-remote +action_prefix=ansible.windows.win_ + +[aws_ssm:children] +aws_ssm_linux +aws_ssm_windows + +[aws_ssm:vars] +ansible_connection=community.aws.aws_ssm +ansible_aws_ssm_bucket_name={{ s3_bucket_name }} +ansible_aws_ssm_plugin=/usr/local/sessionmanagerplugin/bin/session-manager-plugin +ansible_python_interpreter=/usr/bin/env python3 +local_tmp=/tmp/ansible-local-{{ tiny_prefix }} +{% if encrypted_bucket | default(False) %} +ansible_aws_ssm_bucket_sse_mode='aws:kms' +ansible_aws_ssm_bucket_sse_kms_key_id=alias/{{ kms_key_name }} +{% endif %} + +# support tests that target testhost +[testhost:children] +aws_ssm diff --git a/tests/integration/targets/setup_connection_aws_ssm/templates/s3_vars_to_delete.yml.j2 b/tests/integration/targets/setup_connection_aws_ssm/templates/s3_vars_to_delete.yml.j2 new file mode 100644 index 00000000000..3839fb3c6ea --- /dev/null +++ b/tests/integration/targets/setup_connection_aws_ssm/templates/s3_vars_to_delete.yml.j2 @@ -0,0 +1,2 @@ +--- +bucket_name: {{s3_output.name}}