Merge pull request ansible-collections#665 from tremble/cleanup/cred_…

…tests Remove "missing credentials" tests SUMMARY AWS Client creation is now done inside a helper module which is more thoroughly tested. Remove the extra tests from aws_api_gateway, ec2_asg, ec2_transit_gateway, lambda_policy, and rds_instance. They bring no significant value but do bump up the login failure count, which can result in the IPs getting temporarily black-listed ISSUE TYPE Feature Pull Request COMPONENT NAME aws_api_gateway ec2_asg ec2_transit_gateway lambda lambda_policy rds_instance ADDITIONAL INFORMATION https://github.com/ansible-collections/amazon.aws/blob/main/tests/integration/targets/module_utils_ec2/roles/connect_to_aws/tasks/main.yml Reviewed-by: Markus Bergholz <[email protected]> Reviewed-by: None <None>
abikouo · Aug 2, 2021 · db06a1c · db06a1c
2 parents fb1cbf8 + b736aea
commit db06a1c
Show file tree

Hide file tree

Showing 7 changed files with 22 additions and 215 deletions.
diff --git a/tests/integration/targets/aws_api_gateway/tasks/main.yml b/tests/integration/targets/aws_api_gateway/tasks/main.yml
@@ -1,4 +1,12 @@
-- block:
+- name: Wrap API Gateway tests with credentials by default
+  module_defaults:
+    group/aws:
+      aws_access_key: '{{ aws_access_key }}'
+      aws_secret_key: '{{ aws_secret_key }}'
+      security_token: '{{ security_token | default(omit) }}'
+      region: '{{ aws_region }}'
+
+  block:
 
     # ====================== testing failure cases: ==================================
 
@@ -11,24 +19,11 @@
       assert:
         that:
            - 'result.failed'
-           - 'result.msg.startswith("The aws_api_gateway module requires a region")'
-
-    - name: test with minimal parameters but no region
-      aws_api_gateway:
-        api_id: 'fake-api-doesnt-exist'
-      register: result
-      ignore_errors: true
-
-    - name: assert failure when called with with minimal parameters but no region
-      assert:
-        that:
-           - 'result.failed'
-           - 'result.msg.startswith("The aws_api_gateway module requires a region")'
+           - '"no swagger info provided" in result.msg'
 
     - name: test for disallowing multiple swagger sources
       aws_api_gateway:
         api_id: 'fake-api-doesnt-exist'
-        region: '{{ec2_region}}'
         swagger_file: foo.yml
         swagger_text: "this is not really an API"
       register: result
@@ -54,10 +49,6 @@
         stage: "minimal"
         endpoint_type: 'REGIONAL'
         state: present
-        region: '{{ec2_region}}'
-        aws_access_key: '{{ec2_access_key}}'
-        aws_secret_key: '{{ec2_secret_key}}'
-        security_token: '{{security_token}}'
       register: create_result
 
     - name: assert deploy new API worked
@@ -71,7 +62,7 @@
           - 'create_result.configure_response.endpoint_configuration.types.0 == "REGIONAL"'
 
     - name: check if API endpoint works
-      uri: url="https://{{create_result.api_id}}.execute-api.{{ec2_region}}.amazonaws.com/minimal"
+      uri: url="https://{{create_result.api_id}}.execute-api.{{aws_region}}.amazonaws.com/minimal"
       register: uri_result
 
     - name: assert API works success
@@ -80,7 +71,7 @@
           - 'uri_result.status == 200'
 
     - name: check if nonexistent endpoint causes error
-      uri: url="https://{{create_result.api_id}}.execute-api.{{ec2_region}}.amazonaws.com/nominal"
+      uri: url="https://{{create_result.api_id}}.execute-api.{{aws_region}}.amazonaws.com/nominal"
       register: bad_uri_result
       ignore_errors: true
 
@@ -97,10 +88,6 @@
         cache_size: '1.6'
         tracing_enabled: true
         state: present
-        region: '{{ec2_region}}'
-        aws_access_key: '{{ec2_access_key}}'
-        aws_secret_key: '{{ec2_secret_key}}'
-        security_token: '{{security_token}}'
       register: update_result
 
     - name: assert update result
@@ -118,21 +105,13 @@
         stage: "minimal"
         cache_enabled: false
         state: present
-        region: '{{ec2_region}}'
-        aws_access_key: '{{ec2_access_key}}'
-        aws_secret_key: '{{ec2_secret_key}}'
-        security_token: '{{security_token}}'
       register: create_result_1
 
     - name: deploy second API rapidly after first
       aws_api_gateway:
         api_file: "{{output_dir}}/minimal-swagger-api.yml"
         stage: "minimal"
         state: present
-        region: '{{ec2_region}}'
-        aws_access_key: '{{ec2_access_key}}'
-        aws_secret_key: '{{ec2_secret_key}}'
-        security_token: '{{security_token}}'
       register: create_result_2
 
     - name: assert both APIs deployed successfully
@@ -148,20 +127,12 @@
       aws_api_gateway:
         state: absent
         api_id: '{{create_result_1.api_id}}'
-        region: '{{ec2_region}}'
-        aws_access_key: '{{ec2_access_key}}'
-        aws_secret_key: '{{ec2_secret_key}}'
-        security_token: '{{security_token}}'
       register: destroy_result_1
 
     - name: destroy second API rapidly after first
       aws_api_gateway:
         state: absent
         api_id: '{{create_result_2.api_id}}'
-        region: '{{ec2_region}}'
-        aws_access_key: '{{ec2_access_key}}'
-        aws_secret_key: '{{ec2_secret_key}}'
-        security_token: '{{security_token}}'
       register: destroy_result_2
 
     - name: assert both APIs deployed successfully
@@ -180,28 +151,16 @@
       aws_api_gateway:
         state: absent
         api_id: '{{create_result.api_id}}'
-        ec2_region: '{{ec2_region}}'
-        aws_access_key: '{{ec2_access_key}}'
-        aws_secret_key: '{{ec2_secret_key}}'
-        security_token: '{{security_token}}'
       ignore_errors: true
 
     - name: Ensure cleanup of API deploy 1
       aws_api_gateway:
         state: absent
         api_id: '{{create_result_1.api_id}}'
-        ec2_region: '{{ec2_region}}'
-        aws_access_key: '{{ec2_access_key}}'
-        aws_secret_key: '{{ec2_secret_key}}'
-        security_token: '{{security_token}}'
       ignore_errors: true
 
     - name: Ensure cleanup of API deploy 2
       aws_api_gateway:
         state: absent
         api_id: '{{create_result_2.api_id}}'
-        ec2_region: '{{ec2_region}}'
-        aws_access_key: '{{ec2_access_key}}'
-        aws_secret_key: '{{ec2_secret_key}}'
-        security_token: '{{security_token}}'
       ignore_errors: true
diff --git a/tests/integration/targets/ec2_asg/tasks/main.yml b/tests/integration/targets/ec2_asg/tasks/main.yml
@@ -1,54 +1,6 @@
 ---
 # tasks file for test_ec2_asg
 
-- name: Test incomplete credentials with ec2_asg
-  collections:
-    - amazon.aws
-
-  block:
-
-    # ============================================================
-
-    - name: test invalid profile
-      ec2_asg:
-        name: "{{ resource_prefix }}-asg"
-        region: "{{ aws_region }}"
-        profile: notavalidprofile
-      ignore_errors: yes
-      register: result
-
-    - name:
-      assert:
-        that:
-          - "'The config profile (notavalidprofile) could not be found' in result.msg"
-
-    - name: test partial credentials
-      ec2_asg:
-        name: "{{ resource_prefix }}-asg"
-        region: "{{ aws_region }}"
-        aws_access_key: "{{ aws_access_key }}"
-      ignore_errors: yes
-      register: result
-
-    - name:
-      assert:
-        that:
-          - "'Partial credentials found in explicit, missing: aws_secret_access_key' in result.msg"
-
-    - name: test without specifying region
-      ec2_asg:
-        name: "{{ resource_prefix }}-asg"
-        aws_access_key: "{{ aws_access_key }}"
-        aws_secret_key: "{{ aws_secret_key }}"
-        security_token: "{{ security_token | default(omit) }}"
-      ignore_errors: yes
-      register: result
-
-    - name:
-      assert:
-        that:
-          - result.msg == 'The ec2_asg module requires a region and none was found in configuration, environment variables or module parameters'
-
     # ============================================================
 
 - name: Test incomplete arguments with ec2_asg

diff --git a/tests/integration/targets/ec2_transit_gateway/tasks/main.yml b/tests/integration/targets/ec2_transit_gateway/tasks/main.yml
@@ -14,34 +14,6 @@
       set_fact:
         tgw_description: "{{ resource_prefix }}-tgw"
 
-    - name: test create transit gateway without permissions
-      ec2_transit_gateway:
-        aws_access_key: '{{ omit }}'
-        aws_secret_key: '{{ omit }}'
-        security_token: '{{ omit }}'
-        description: "{{ tgw_description }}"
-      register: result
-      ignore_errors: yes
-
-    - name: assert nice message returned
-      assert:
-        that:
-          - result is failed
-          - "result.msg != 'MODULE FAILURE'"
-
-    - name: test create transit gateway without region
-      ec2_transit_gateway:
-        description: "{{ tgw_description }}"
-        region: '{{ omit }}'
-      register: result
-      ignore_errors: yes
-
-    - name: assert failure when called with minimal parameters but no region
-      assert:
-        that:
-           - 'result.failed'
-           - 'result.msg.startswith("The ec2_transit_gateway module requires a region")'
-
     - name: test create transit gateway without tags
       ec2_transit_gateway:
         description: "{{ tgw_description }}"

diff --git a/tests/integration/targets/lambda/tasks/main.yml b/tests/integration/targets/lambda/tasks/main.yml
@@ -42,7 +42,8 @@
     assert:
       that:
       - result.failed
-      - 'result.msg.startswith("missing required arguments: name")'
+      - 'result.msg.startswith("missing required arguments: ")'
+      - '"name" in result.msg'
 
   - name: test with no parameters except state absent
     lambda:
@@ -65,7 +66,9 @@
     assert:
       that:
       - result.failed
-      - 'result.msg.startswith("state is present but all of the following are missing: handler")'
+      - 'result.msg.startswith("state is present but all of the following are missing: ")'
+      - '"handler" in result.msg'
+      - '"role" in result.msg'
 
   - name: test state=present with security group but no vpc
     lambda:

diff --git a/tests/integration/targets/lambda_policy/tasks/main.yml b/tests/integration/targets/lambda_policy/tasks/main.yml
@@ -24,7 +24,6 @@
     when: iam_role.changed
 
   - name: test with no parameters
-    module_defaults: { group/aws: {} }
     lambda_policy: null
     register: result
     ignore_errors: true
@@ -33,42 +32,11 @@
       that:
       - result.failed
       - 'result.msg.startswith("missing required arguments: ")'
-  - name: test with all required dummy parameters but no region
-    module_defaults: { group/aws: {} }
-    lambda_policy:
-      statement_id: dummy
-      principal: api_fakeway
-      action: fake:do_something_fake
-      function_name: dummy_fake_function
-    ignore_errors: true
-    register: result
-  - name: assert failure and appropriate message when called without region
-    assert:
-      that:
-      - result.failed
-      - '"requires a region and none was found" in result.msg'
-  - name: test exceptions generated by forcing bad ec2 url
-    module_defaults: { group/aws: {} }
-    lambda_policy:
-      function_name: '{{ lambda_function_name }}'
-      state: present
-      statement_id: api-gateway-invoke-lambdas
-      action: lambda:InvokeFunction
-      principal: apigateway.amazonaws.com
-      source_arn: arn:aws:execute-api:no-north-0:1234567:*/*
-      ec2_url: https://noexist.example.com
-      ec2_region: no-north-0
-      ec2_access_key: iamnotreallyanaccesskey
-      ec2_secret_key: thisisabadsecretkey
-      security_token: andthisisabadsecuritytoken
-    register: result
-    ignore_errors: true
-  - name: assert lambda manages to respond as expected
-    assert:
-      that:
-      - result is failed
-      - result.msg != "MODULE FAILURE"
-      - result.changed == False
+      - '"action" in result.msg'
+      - '"function_name" in result.msg'
+      - '"principal" in result.msg'
+      - '"statement_id" in result.msg'
+
   - name: move lambda into place for archive module
     copy:
       src: mini_http_lambda.py

diff --git a/tests/integration/targets/rds_instance/inventory b/tests/integration/targets/rds_instance/inventory
@@ -1,5 +1,4 @@
 [tests]
-credentials
 states
 tags
 modification

diff --git a/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_credentials.yml b/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_credentials.yml