Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

manage_vpc_peering: fix integration tests, update role var names #61

Merged
merged 5 commits into from
Jul 27, 2023
Merged

manage_vpc_peering: fix integration tests, update role var names #61

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
26aa8ce
fix integration tests
mandar242 Jul 12, 2023
a2eba6b
minor fix
mandar242 Jul 14, 2023
560c46f
make linter happy
mandar242 Jul 17, 2023
5f0e8b2
fix integration tests, add tests to validate changes
mandar242 Jul 26, 2023
13ab1ba
update role names to pass ansible-lint
mandar242 Jul 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions changelogs/fragments/fix_manage_vpc_peering_integration_test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
bugfixes:
- fix and update integration tests target test_manage_vpc_peering (https://github.com/redhat-cop/cloud.aws_ops/pull/61).
58 changes: 29 additions & 29 deletions roles/manage_vpc_peering/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,21 +4,21 @@ A role to create, delete and accept existing VPC peering connections.

## Specify following values in role vars

- region - Region of the requester VPC.
- manage_vpc_peering_region - Region of the requester VPC.

- requester_vpc - ID of the VPC requesting the peering connection.
- manage_vpc_peering_requeter_vpc - ID of the VPC requesting the peering connection.

- accepter_vpc - ID of the VPC accepting the peering connection.
- manage_vpc_peering_accepter_vpc - ID of the VPC accepting the peering connection.

- accepter_vpc_region - Region of the accepter VPC (Required if requester and accepter VPCs are in different regions or performing cross-account peering.)
- manage_vpc_peering_accepter_vpc_region - Region of the accepter VPC (Required if requester and accepter VPCs are in different regions or performing cross-account peering.)

- accepter_vpc_account_id - The AWS account ID of accepter VPC account for cross-account peering.
- manage_vpc_peering_accepter_vpc_account_id - The AWS account ID of accepter VPC account for cross-account peering.

- accepter_account_profile - A Named AWS profile of accepter VPC account for cross-account peering.
- manage_vpc_peering_accepter_account_profile - A Named AWS profile of accepter VPC account for cross-account peering.

- vpc_peering_operation - Choices include 'create', 'delete', and 'accept'.
- manage_vpc_peering_operation - Choices include 'create', 'delete', and 'accept'.

- vpc_peering_conn_id - ID of the VPC peering connection request (only provide to delete a VPC peering connection).
- manage_vpc_peering_vpc_peering_conn_id - ID of the VPC peering connection request (only provide to delete a VPC peering connection).

Return Value
------------
Expand All @@ -41,9 +41,9 @@ Dependencies
name: cloud.aws_ops.manage_vpc_peering
vars:
region: us-west-1
requester_vpc: vpc-12345
accepter_vpc: vpc-98765
vpc_peering_operation: create
manage_vpc_peering_requeter_vpc: vpc-12345
manage_vpc_peering_accepter_vpc: vpc-98765
manage_vpc_peering_operation: create

- name: Set variable for peering connection ID for above task
ansible.builtin.set_fact:
Expand All @@ -54,48 +54,48 @@ Dependencies
name: cloud.aws_ops.manage_vpc_peering
vars:
region: us-west-1
requester_vpc: vpc-12345
accepter_vpc: vpc-98765
accepter_vpc_region: ap-northeast-3
vpc_peering_operation: create
manage_vpc_peering_requeter_vpc: vpc-12345
manage_vpc_peering_accepter_vpc: vpc-98765
manage_vpc_peering_accepter_vpc_region: ap-northeast-3
manage_vpc_peering_operation: create

- name: Peer VPCs in different accounts and different region (cross-account)
ansible.builtin.include_role:
name: cloud.aws_ops.manage_vpc_peering
vars:
region: us-west-1
requester_vpc: vpc-12345
accepter_vpc: vpc-98765
accepter_vpc_region: ap-northeast-3
accepter_vpc_account_id: 1234567890
accepter_account_profile: my-account-profile
vpc_peering_operation: create
manage_vpc_peering_requeter_vpc: vpc-12345
manage_vpc_peering_accepter_vpc: vpc-98765
manage_vpc_peering_accepter_vpc_region: ap-northeast-3
manage_vpc_peering_accepter_vpc_account_id: 1234567890
manage_vpc_peering_accepter_account_profile: my-account-profile
manage_vpc_peering_operation: create

- name: Delete VPC peering request
ansible.builtin.include_role:
name: cloud.aws_ops.manage_vpc_peering
vars:
region: us-west-1
vpc_peering_conn_id: pcx-1234567890
vpc_peering_operation: delete
manage_vpc_peering_vpc_peering_conn_id: pcx-1234567890
manage_vpc_peering_operation: delete

- name: Accept existing VPC peering request (local account)
ansible.builtin.include_role:
name: cloud.aws_ops.manage_vpc_peering
vars:
region: us-west-1
vpc_peering_conn_id: pcx-1234567890
vpc_peering_operation: accept
manage_vpc_peering_vpc_peering_conn_id: pcx-1234567890
manage_vpc_peering_operation: accept

- name: Accept existing VPC peering request (another account)
ansible.builtin.include_role:
name: cloud.aws_ops.manage_vpc_peering
vars:
region: us-west-1
vpc_peering_conn_id: pcx-1234567890
vpc_peering_operation: accept
accepter_vpc_account_id: 1234567890
accepter_account_profile: my-account-profile
manage_vpc_peering_vpc_peering_conn_id: pcx-1234567890
manage_vpc_peering_operation: accept
manage_vpc_peering_accepter_vpc_account_id: 1234567890
manage_vpc_peering_accepter_account_profile: my-account-profile
```

License
Expand Down
16 changes: 8 additions & 8 deletions roles/manage_vpc_peering/tasks/accept.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,26 +2,26 @@
- name: Fail when required parameters are not provided
ansible.builtin.fail:
msg: Please provide required parameters to create VPC peering (refer documentation for more information)
when: region is not defined or vpc_peering_conn_id is not defined
when: manage_vpc_peering_region is not defined or manage_vpc_peering_vpc_peering_conn_id is not defined

- name: Accept VPC peering connection request
block:
- name: Ensure VPC peering connection request exists before moving forward
community.aws.ec2_vpc_peering_info:
peer_connection_ids:
- "{{ vpc_peering_conn_id }}"
region: "{{ region }}"
profile: "{{ accepter_account_profile | default(omit) }}"
- "{{ manage_vpc_peering_vpc_peering_conn_id }}"
region: "{{ manage_vpc_peering_region }}"
profile: "{{ manage_vpc_peering_accepter_account_profile | default(omit) }}"
register: manage_vpc_peering_peering_info
retries: 3
delay: 5
until: manage_vpc_peering_peering_info.vpc_peering_connections[0].vpc_peering_connection_id is defined

- name: Accept VPC peering request
community.aws.ec2_vpc_peer:
region: "{{ region }}"
peering_id: "{{ vpc_peering_conn_id }}"
peer_owner_id: "{{ accepter_vpc_account_id | default(omit) }}"
profile: "{{ accepter_account_profile | default(omit) }}"
region: "{{ manage_vpc_peering_region }}"
peering_id: "{{ manage_vpc_peering_vpc_peering_conn_id }}"
peer_owner_id: "{{ manage_vpc_peering_accepter_vpc_account_id | default(omit) }}"
profile: "{{ manage_vpc_peering_accepter_account_profile | default(omit) }}"
state: accept
register: manage_vpc_peering_accept_peering_request
22 changes: 11 additions & 11 deletions roles/manage_vpc_peering/tasks/create.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,26 +2,26 @@
- name: Fail when required parameters are not provided
ansible.builtin.fail:
msg: Please provide required parameters to create VPC peering (refer documentation for more information)
when: region is not defined or requester_vpc is not defined or accepter_vpc is not defined
when: manage_vpc_peering_region is not defined or manage_vpc_peering_requeter_vpc is not defined or manage_vpc_peering_accepter_vpc is not defined

- name: Create VPC peering
block:
- name: Create VPC peering request
community.aws.ec2_vpc_peer:
region: "{{ region }}"
peer_region: "{{ accepter_vpc_region | default(region, true) }}"
vpc_id: "{{ requester_vpc }}"
peer_vpc_id: "{{ accepter_vpc }}"
peer_owner_id: "{{ accepter_vpc_account_id | default(omit) }}"
region: "{{ manage_vpc_peering_region }}"
peer_region: "{{ manage_vpc_peering_accepter_vpc_region | default(manage_vpc_peering_region, true) }}"
vpc_id: "{{ manage_vpc_peering_requeter_vpc }}"
peer_vpc_id: "{{ manage_vpc_peering_accepter_vpc }}"
peer_owner_id: "{{ manage_vpc_peering_accepter_vpc_account_id | default(omit) }}"
state: present
register: manage_vpc_peering_vpc_peering_request

- name: Ensure VPC peering connection request exists before moving forward
community.aws.ec2_vpc_peering_info:
peer_connection_ids:
- "{{ manage_vpc_peering_vpc_peering_request.peering_id }}"
region: "{{ accepter_vpc_region | default(region, true) }}"
profile: "{{ accepter_account_profile | default(omit) }}"
region: "{{ manage_vpc_peering_accepter_vpc_region | default(manage_vpc_peering_region, true) }}"
profile: "{{ manage_vpc_peering_accepter_account_profile | default(omit) }}"
register: manage_vpc_peering_peering_info
retries: 3
delay: 5
Expand All @@ -33,10 +33,10 @@

- name: Accept VPC peering request
community.aws.ec2_vpc_peer:
region: "{{ accepter_vpc_region | default(region, true) }}"
region: "{{ manage_vpc_peering_accepter_vpc_region | default(manage_vpc_peering_region, true) }}"
peering_id: "{{ manage_vpc_peering_vpc_peering_request.peering_id }}"
peer_owner_id: "{{ accepter_vpc_account_id | default(omit) }}"
profile: "{{ accepter_account_profile | default(omit) }}"
peer_owner_id: "{{ manage_vpc_peering_accepter_vpc_account_id | default(omit) }}"
profile: "{{ manage_vpc_peering_accepter_account_profile | default(omit) }}"
state: accept
register: manage_vpc_peering_accept_peering_request

Expand Down
6 changes: 3 additions & 3 deletions roles/manage_vpc_peering/tasks/delete.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@
- name: Fail when required parameters are not provided
ansible.builtin.fail:
msg: Please provide required parameters to delete VPC peering (refer documentation for more information)
when: region is not defined or vpc_peering_conn_id is not defined
when: manage_vpc_peering_region is not defined or manage_vpc_peering_vpc_peering_conn_id is not defined

- name: Delete vpc peering connection request
block:
- name: Delete a local VPC peering connection
community.aws.ec2_vpc_peer:
region: "{{ region }}"
peering_id: "{{ vpc_peering_conn_id }}"
region: "{{ manage_vpc_peering_region }}"
peering_id: "{{ manage_vpc_peering_vpc_peering_conn_id }}"
state: absent
register: manage_vpc_peering_vpc_peer

Expand Down
4 changes: 2 additions & 2 deletions roles/manage_vpc_peering/tasks/main.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
---
- name: Run 'manage_vpc_peering' role
module_defaults:
group/aws: "{{ aws_role_credentials }}"
group/aws: "{{ aws_setup_credentials__output }}"

block:
- name: Include file
ansible.builtin.include_tasks: "{{ vpc_peering_operation }}.yaml"
ansible.builtin.include_tasks: "{{ manage_vpc_peering_operation }}.yaml"
3 changes: 3 additions & 0 deletions tests/integration/targets/test_manage_vpc_peering/aliases
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
cloud/aws
role/manage_vpc_peering
time=1m
15 changes: 9 additions & 6 deletions tests/integration/targets/test_manage_vpc_peering/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,13 @@
---
# defaults file for manage_vpc_peering role
aws_security_token: '{{ security_token | default(omit) }}'

test_vpc_name_1_1: role_test_vpc_1_1
test_vpc_name_1_2: role_test_vpc_1_2
test_vpc_name_2: role_test_vpc_2
test_vpc_name_1: "{{ resource_prefix }}-vpc-1"
test_vpc_cidr_1: '172.{{ 255 | random(seed=resource_prefix) }}.0.0/28'

test_vpc_cidr_1_1: 172.10.0.0/16
test_vpc_cidr_1_2: 192.168.0.0/28
test_vpc_cidr_2_1: 192.168.64.0/26
test_vpc_name_2: "{{ resource_prefix }}-vpc-2"
test_vpc_cidr_2: '192.{{ 255 | random(seed=resource_prefix) }}.0.0/28'

# Disable: IAM permission does not allow to create VPC into a region different than the one
# test_vpc_name_3: "{{ resource_prefix }}-vpc-3"
# test_vpc_cidr_3: '192.{{ 255 | random(seed=resource_prefix) }}.64.0/28'
63 changes: 63 additions & 0 deletions tests/integration/targets/test_manage_vpc_peering/tasks/create_delete_accept_peering.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
---
# Test: create and accept VPC peering
- name: Create and accept VPC peering
ansible.builtin.include_role:
name: cloud.aws_ops.manage_vpc_peering
vars:
manage_vpc_peering_requeter_vpc: "{{ vpc_peering_manage_vpc_peering_requeter_vpc_id }}"
manage_vpc_peering_accepter_vpc: "{{ vpc_peering_manage_vpc_peering_accepter_vpc_id }}"
manage_vpc_peering_region: "{{ vpc_peering_accepter_region }}"
manage_vpc_peering_operation: create

- name: Validate that VPC Peering was created and is active
ansible.builtin.include_tasks: validate.yml

# Test: delete existing VPC peering
- name: Delete VPC peering connection request
ansible.builtin.include_role:
name: cloud.aws_ops.manage_vpc_peering
vars:
manage_vpc_peering_region: "{{ vpc_peering_accepter_region }}"
manage_vpc_peering_vpc_peering_conn_id: "{{ manage_vpc_peering_req_id }}"
manage_vpc_peering_operation: delete

- name: Validate that VPC Peering was deleted
ansible.builtin.include_tasks: validate.yml
vars:
vpc_peering_status: "deleted"

# Test: accept existing VPC peering request
- name: Create VPC peering request
community.aws.ec2_vpc_peer:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
aws_security_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
peer_region: "{{ vpc_peering_accepter_region }}"
vpc_id: "{{ vpc_peering_manage_vpc_peering_requeter_vpc_id }}"
peer_vpc_id: "{{ vpc_peering_manage_vpc_peering_accepter_vpc_id }}"
state: present
register: __vpc_peering

- name: Set Peering id into variable
ansible.builtin.set_fact:
vpc_peering_id: "{{ __vpc_peering.peering_id }}"

- name: Accept existing VPC peering request
ansible.builtin.include_role:
name: cloud.aws_ops.manage_vpc_peering
vars:
manage_vpc_peering_region: "{{ vpc_peering_accepter_region }}"
manage_vpc_peering_vpc_peering_conn_id: "{{ vpc_peering_id }}"
manage_vpc_peering_operation: accept

- name: Validate that VPC Peering has been accepted
ansible.builtin.include_tasks: validate.yml

- name: Delete VPC peering connection
ansible.builtin.include_role:
name: cloud.aws_ops.manage_vpc_peering
vars:
manage_vpc_peering_region: "{{ vpc_peering_accepter_region }}"
manage_vpc_peering_vpc_peering_conn_id: "{{ vpc_peering_id }}"
manage_vpc_peering_operation: delete
55 changes: 23 additions & 32 deletions tests/integration/targets/test_manage_vpc_peering/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,42 +11,33 @@
- name: Include 'setup.yml' file
ansible.builtin.include_tasks: setup.yml

# VPC Peering (same region)
- name: Create VPC peering (same region)
ansible.builtin.include_role:
name: cloud.aws_ops.manage_vpc_peering
vars:
requester_vpc: "{{ eu_central_1_vpc_1.vpc.id }}"
accepter_vpc: "{{ eu_central_1_vpc_2.vpc.id }}"
region: eu-central-1
vpc_peering_operation: create

- name: Delete VPC peering connection req
ansible.builtin.include_role:
name: cloud.aws_ops.manage_vpc_peering
- name: Test VPC Peering in the same region
ansible.builtin.include_tasks: create_delete_accept_peering.yml
vars:
region: eu-central-1
vpc_peering_conn_id: "{{ manage_vpc_peering_req_id }}"
vpc_peering_operation: delete
vpc_peering_manage_vpc_peering_accepter_vpc_id: "{{ test_vpc_1.vpc.id }}"
vpc_peering_manage_vpc_peering_requeter_vpc_id: "{{ test_vpc_2.vpc.id }}"
vpc_peering_accepter_region: "{{ aws_region }}"

# VPC Peering (cross region)
- name: Create VPC peering (cross region)
ansible.builtin.include_role:
name: cloud.aws_ops.manage_vpc_peering
vars:
region: eu-central-1
accepter_vpc_region: us-west-1
requester_vpc: "{{ eu_central_1_vpc_1.vpc.id }}"
accepter_vpc: "{{ us_west_1_vpc_1.vpc.id }}"
vpc_peering_operation: create
# Disable: Tests for cross-region vpc peering skipped as CI permissions are restricted to us-east-1 only
# VPC Peering (cross region)
# - name: Create VPC peering (cross region)
# ansible.builtin.include_role:
# name: cloud.aws_ops.manage_vpc_peering
# vars:
# manage_vpc_peering_region: "{{ aws_region }}"
# manage_vpc_peering_accepter_vpc_region: us-west-1
# manage_vpc_peering_requeter_vpc: "{{ test_vpc_1.vpc.id }}"
# manage_vpc_peering_accepter_vpc: "{{ us_west_1_vpc_1.vpc.id }}"
# manage_vpc_peering_operation: create

- name: Delete VPC peering connection req
ansible.builtin.include_role:
name: cloud.aws_ops.manage_vpc_peering
vars:
region: eu-central-1
vpc_peering_conn_id: "{{ manage_vpc_peering_req_id }}"
vpc_peering_operation: delete
# - name: Delete VPC peering connection req
# ansible.builtin.include_role:
# name: cloud.aws_ops.manage_vpc_peering
# vars:
# manage_vpc_peering_region: "{{ aws_region }}"
# manage_vpc_peering_vpc_peering_conn_id: "{{ manage_vpc_peering_req_id }}"
# manage_vpc_peering_operation: delete

always:
- name: Include 'teardown.yml' file
Expand Down
Loading