From cc35729e925df91075d9407cb53cd3efbf1dede2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Brochet?= Date: Mon, 7 Feb 2022 12:03:28 +0100 Subject: [PATCH] wip: create and delete custom SSM document during tests --- .../defaults/main.yml | 2 ++ .../files/ssm-document.json | 15 +++++++++++++++ .../aws_ssm_integration_test_setup/tasks/main.yml | 9 +++++++++ .../templates/inventory-combined.aws_ssm.j2 | 2 +- .../templates/ssm_vars_to_delete.yml.j2 | 2 ++ .../tasks/main.yml | 12 ++++++++++++ 6 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/files/ssm-document.json create mode 100644 tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/ssm_vars_to_delete.yml.j2 diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/defaults/main.yml b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/defaults/main.yml index 513c35dae33..764ff1237df 100644 --- a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/defaults/main.yml +++ b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/defaults/main.yml @@ -8,3 +8,5 @@ windows_ami_name: Windows_Server-2019-English-Full-Base-* # - https://github.com/mattclay/aws-terminator/pull/181 # - https://github.com/ansible-collections/community.aws/pull/763 s3_bucket_name: ssm-encrypted-test-bucket + +ssm_document_name: ansible-custom-document diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/files/ssm-document.json b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/files/ssm-document.json new file mode 100644 index 00000000000..b3e5d91146f --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/files/ssm-document.json @@ -0,0 +1,15 @@ +{ + "schemaVersion": "1.0", + "description": "Custom SSM document", + "sessionType": "Standard_Stream", + "inputs": { + "s3EncryptionEnabled": false, + "cloudWatchLogGroupName": "", + "cloudWatchEncryptionEnabled": false, + "idleSessionTimeout": "20", + "cloudWatchStreamingEnabled": false, + "kmsKeyId": "", + "runAsEnabled": false, + "runAsDefaultUser": "" + } +} diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/tasks/main.yml b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/tasks/main.yml index d81d756c34e..ffe011078d9 100644 --- a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/tasks/main.yml +++ b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/tasks/main.yml @@ -63,6 +63,9 @@ pause: seconds: 10 + - name: Create custom SSM document + command: "aws ssm create-document --content file:/{{ lookup('file', 'ssm-document.json') }} --name {{ ssm_document_name }} --document-type Session" + - name: Create Windows EC2 instance ec2_instance: instance_type: "{{instance_type}}" @@ -149,3 +152,9 @@ dest: "{{playbook_dir}}/iam_role_vars_to_delete.yml" src: iam_role_vars_to_delete.yml.j2 ignore_errors: yes + + - name: Create SSM vars_to_delete.yml + template: + dest: "{{playbook_dir}}/ssm_vars_to_delete.yml" + src: ssm_vars_to_delete.yml.j2 + ignore_errors: yes diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/inventory-combined.aws_ssm.j2 b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/inventory-combined.aws_ssm.j2 index 4ac817d0ff0..6c2e33c9c68 100644 --- a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/inventory-combined.aws_ssm.j2 +++ b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/inventory-combined.aws_ssm.j2 @@ -26,7 +26,7 @@ ansible_python_interpreter=/usr/bin/env python local_tmp=/tmp/ansible-local- ansible_aws_ssm_bucket_sse_mode='aws:kms' ansible_aws_ssm_bucket_sse_kms_key_id=alias/{{ resource_prefix }}-kms -ansible_aws_ssm_document=SSM-SessionManagerRunShell +ansible_aws_ssm_document={{ ssm_document_name }} # support tests that target testhost [testhost:children] diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/ssm_vars_to_delete.yml.j2 b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/ssm_vars_to_delete.yml.j2 new file mode 100644 index 00000000000..cb7f92590c2 --- /dev/null +++ b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_setup/templates/ssm_vars_to_delete.yml.j2 @@ -0,0 +1,2 @@ +--- +ssm_document_name: {{ssm_document_name}} diff --git a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_teardown/tasks/main.yml b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_teardown/tasks/main.yml index 744fa26896f..e259ed774d1 100644 --- a/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_teardown/tasks/main.yml +++ b/tests/integration/targets/connection_aws_ssm/aws_ssm_integration_test_teardown/tasks/main.yml @@ -46,6 +46,15 @@ include_vars: "{{playbook_dir}}/iam_role_vars_to_delete.yml" when: iam_role_vars_file.stat.exists == true + - name: Check if ssm_vars_to_delete.yml is present + stat: + path: "{{playbook_dir}}/ssm_vars_to_delete.yml" + register: ssm_vars_file + + - name: Include variable file to delete SSM infra + include_vars: "{{playbook_dir}}/ssm_vars_to_delete.yml" + when: ssm_vars_file.stat.exists == true + - name: Terminate Windows EC2 instances that were previously launched ec2_instance: instance_ids: @@ -83,6 +92,9 @@ state: absent alias: '{{ resource_prefix }}-kms' + - name: Delete SSM document + command: "aws ssm delete-document --name {{ ssm_document_name }}" + - name: Delete AWS keys environement file: path: "{{playbook_dir}}/aws-env-vars.sh"