Split off ssm_document integration tests (rather than using it for al…

…l test runs)

tests/integration/targets/connection_aws_ssm_ssm_document/aliases

@@ -0,0 +1,4 @@
+time=20m
+
+cloud/aws
+connection_aws_ssm

tests/integration/targets/connection_aws_ssm_ssm_document/aws_ssm_integration_test_setup.yml

@@ -0,0 +1,6 @@
+- hosts: localhost
+  roles:
+    - role: ../setup_connection_aws_ssm
+      vars:
+        target_os: fedora
+        use_ssm_document: True

tests/integration/targets/connection_aws_ssm_ssm_document/aws_ssm_integration_test_teardown.yml

@@ -0,0 +1,5 @@
+- hosts: localhost
+  tasks:
+    - include_role:
+        name: ../setup_connection_aws_ssm
+        tasks_from: cleanup.yml

tests/integration/targets/connection_aws_ssm_ssm_document/meta/main.yml

@@ -0,0 +1,3 @@
+dependencies:
+  - connection
+  - setup_connection_aws_ssm

tests/integration/targets/connection_aws_ssm_ssm_document/runme.sh

@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+
+PLAYBOOK_DIR=$(pwd)
+set -eux
+
+CMD_ARGS=("$@")
+
+# Destroy Environment
+cleanup() {
+
+    cd "${PLAYBOOK_DIR}"
+    ansible-playbook -c local aws_ssm_integration_test_teardown.yml "${CMD_ARGS[@]}"
+
+}
+
+trap "cleanup" EXIT
+
+# Setup Environment
+ansible-playbook -c local aws_ssm_integration_test_setup.yml "$@"
+
+# Export the AWS Keys
+set +x
+. ./aws-env-vars.sh
+set -x
+
+cd ../connection
+
+# Execute Integration tests
+INVENTORY="${PLAYBOOK_DIR}/ssm_inventory" ./test.sh \
+    -e target_hosts=aws_ssm \
+    "$@"

tests/integration/targets/setup_connection_aws_ssm/tasks/cleanup.yml

@@ -10,6 +10,9 @@
       region: '{{ aws_region }}'
   block:
 
+    - name: setup connection argments fact
+      include_tasks: 'connection_args.yml'
+
     - name: Check if instance_vars_to_delete.yml is present
       stat:
         path: "{{ playbook_dir }}/instance_vars_to_delete.yml"
@@ -75,11 +78,8 @@
 
     - name: Delete SSM document
       command: "aws ssm delete-document --name {{ ssm_document_name }}"
-      environment:
-        AWS_ACCESS_KEY_ID: "{{ aws_access_key }}"
-        AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}"
-        AWS_SESSION_TOKEN: "{{ security_token | default('') }}"
-        AWS_DEFAULT_REGION: "{{ aws_region }}"
+      environment: "{{ connection_env }}"
+      ignore_errors: yes
 
     - name: Delete AWS keys environement
       file:

tests/integration/targets/setup_connection_aws_ssm/tasks/connection_args.yml

@@ -0,0 +1,14 @@
+---
+- set_fact:
+    # As a lookup plugin we don't have access to module_defaults
+    connection_args:
+      region: "{{ aws_region }}"
+      aws_access_key: "{{ aws_access_key }}"
+      aws_secret_key: "{{ aws_secret_key }}"
+      aws_session_token: "{{ security_token | default(omit) }}"
+    connection_env:
+      AWS_DEFAULT_REGION: "{{ aws_region }}"
+      AWS_ACCESS_KEY_ID: "{{ aws_access_key }}"
+      AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}"
+      AWS_SESSION_TOKEN: "{{ security_token | default(omit) }}"
+  no_log: True

tests/integration/targets/setup_connection_aws_ssm/tasks/main.yml

@@ -15,6 +15,9 @@
       aws_caller_info:
       register: aws_caller_info
 
+    - name: setup connection argments fact
+      include_tasks: 'connection_args.yml'
+
     - name: Ensure IAM instance role exists
       iam_role:
         name: "ansible-test-{{tiny_prefix}}-aws-ssm-role"
@@ -43,14 +46,6 @@
       when:
         - ami_configuration.ssm_parameter | default(False)
       block:
-        - set_fact:
-            # As a lookup plugin we don't have access to module_defaults
-            connection_args:
-              region: "{{ aws_region }}"
-              aws_access_key: "{{ aws_access_key }}"
-              aws_secret_key: "{{ aws_secret_key }}"
-              aws_security_token: "{{ security_token | default(omit) }}"
-          no_log: True
         - set_fact:
             ssm_amis: "{{ lookup('aws_ssm', ami_configuration.ssm_parameter, **connection_args) }}"
 
@@ -101,13 +96,10 @@
       when:
         - encrypted_bucket | default(False)
 
-    - name: Create custom SSM document
-      command: "aws ssm create-document --content file://{{ role_path }}/files/ssm-document.json --name {{ ssm_document_name }} --document-type Session"
-      environment:
-        AWS_ACCESS_KEY_ID: "{{ aws_access_key }}"
-        AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}"
-        AWS_SESSION_TOKEN: "{{ security_token | default('') }}"
-        AWS_DEFAULT_REGION: "{{ aws_region }}"
+    - name: setup SSM document
+      include_tasks: 'ssm_document.yml'
+      when:
+        - use_ssm_document | default(False)
 
     - name: Create S3 bucket
       s3_bucket:

tests/integration/targets/setup_connection_aws_ssm/tasks/ssm_document.yml

@@ -0,0 +1,11 @@
+---
+- block:
+    - name: Create custom SSM document
+      command: "aws ssm create-document --content file://{{ role_path }}/files/ssm-document.json --name {{ ssm_document_name }} --document-type Session"
+      environment: "{{ connection_env }}"
+  always:
+    - name: Create SSM vars_to_delete.yml
+      template:
+        dest: "{{ playbook_dir }}/ssm_vars_to_delete.yml"
+        src: ssm_vars_to_delete.yml.j2
+      ignore_errors: yes

tests/integration/targets/setup_connection_aws_ssm/templates/inventory-combined.aws_ssm.j2

@@ -38,7 +38,9 @@ ansible_aws_ssm_bucket_name={{ encrypted_s3_bucket_name }}
 {% else %}
 ansible_aws_ssm_bucket_name={{ s3_bucket_name }}
 {% endif %}
+{% if use_ssm_document | default(False) %}
 ansible_aws_ssm_document={{ ssm_document_name }}
+{% endif %}
 
 # support tests that target testhost
 [testhost:children]