diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml index 31388fc..a561f09 100644 --- a/.github/workflows/linters.yml +++ b/.github/workflows/linters.yml @@ -1,35 +1,19 @@ --- name: Linters -'on': +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +on: push: - branches: - - main pull_request: - branches: - - main jobs: - linters: + uses: ansible-network/github_actions/.github/workflows/tox-linters.yml@main + ansible-lint: + name: Ansible Lint runs-on: ubuntu-latest - strategy: - matrix: - python_version: ['3.8'] steps: - - name: Check out code - uses: actions/checkout@v2 - - - name: Set up Python ${{ matrix.python_version }} - uses: actions/setup-python@v2 - with: - python-version: ${{ matrix.python_version }} - - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install tox - - name: Test with tox - run: tox -e linters -vv - - ansible-lint: - uses: ansible-network/github_actions/.github/workflows/ansible-lint.yml@main + - name: Run ansible-lint + uses: ansible/ansible-lint@v6.17.2 diff --git a/.github/workflows/sanity.yml b/.github/workflows/sanity.yml index 02af4d6..c82cad5 100644 --- a/.github/workflows/sanity.yml +++ b/.github/workflows/sanity.yml @@ -5,13 +5,6 @@ concurrency: on: pull_request: - types: - - opened - - reopened - - labeled - - unlabeled - - synchronize - - closed branches: - main - stable-* @@ -68,6 +61,10 @@ jobs: "ansible-version": "milestone", "python-version": "3.8" }, + { + "ansible-version": "milestone", + "python-version": "3.9" + }, { "ansible-version": "devel", "python-version": "3.7" @@ -75,6 +72,10 @@ jobs: { "ansible-version": "devel", "python-version": "3.8" + }, + { + "ansible-version": "devel", + "python-version": "3.9" } ] all_green: diff --git a/roles/connectivity_troubleshooter/tasks/main.yml b/roles/connectivity_troubleshooter/tasks/main.yml index cc72943..775c5a5 100644 --- a/roles/connectivity_troubleshooter/tasks/main.yml +++ b/roles/connectivity_troubleshooter/tasks/main.yml @@ -1,11 +1,11 @@ --- # tasks file for roles/connectivity_troubleshooter -- name: Run cloud.aws_troubleshooting.connectivity_troubleshooter +- name: Run 'cloud.aws_troubleshooting.connectivity_troubleshooter' role module_defaults: group/aws: "{{ aws_setup_credentials__output }}" block: - - name: Include cloud.aws_troubleshooting.connectivity_troubleshooter_validate role + - name: Include 'cloud.aws_troubleshooting.connectivity_troubleshooter_validate' role ansible.builtin.include_role: name: cloud.aws_troubleshooting.connectivity_troubleshooter_validate vars: @@ -20,7 +20,7 @@ when: connectivity_troubleshooter_validate__next_hop != 'local' and not connectivity_troubleshooter_validate__next_hop.startswith('nat-') and not connectivity_troubleshooter_validate__next_hop.startswith('igw-') and not connectivity_troubleshooter_validate__next_hop.startswith('pcx-') - - name: Include cloud.aws_troubleshooting.connectivity_troubleshooter_local role + - name: Include 'cloud.aws_troubleshooting.connectivity_troubleshooter_local' role ansible.builtin.include_role: name: cloud.aws_troubleshooting.connectivity_troubleshooter_local vars: @@ -31,7 +31,7 @@ connectivity_troubleshooter_local_source_port_range: "{{ connectivity_troubleshooter_source_port_range }}" when: "'local' == connectivity_troubleshooter_validate__next_hop" - - name: Include cloud.aws_troubleshooting.connectivity_troubleshooter_igw role + - name: Include 'cloud.aws_troubleshooting.connectivity_troubleshooter_igw' role ansible.builtin.include_role: name: cloud.aws_troubleshooting.connectivity_troubleshooter_igw vars: @@ -43,7 +43,7 @@ connectivity_troubleshooter_igw_source_port_range: "{{ connectivity_troubleshooter_source_port_range }}" when: "'igw-' in connectivity_troubleshooter_validate__next_hop" - - name: Include cloud.aws_troubleshooting.connectivity_troubleshooter_nat role + - name: Include 'cloud.aws_troubleshooting.connectivity_troubleshooter_nat' role ansible.builtin.include_role: name: cloud.aws_troubleshooting.connectivity_troubleshooter_nat vars: @@ -53,7 +53,7 @@ connectivity_troubleshooter_nat_source_port_range: "{{ connectivity_troubleshooter_source_port_range }}" when: "'nat-' in connectivity_troubleshooter_validate__next_hop" - - name: Include cloud.aws_troubleshooting.connectivity_troubleshooter_peering role + - name: Include 'cloud.aws_troubleshooting.connectivity_troubleshooter_peering' role ansible.builtin.include_role: name: cloud.aws_troubleshooting.connectivity_troubleshooter_peering vars: diff --git a/roles/connectivity_troubleshooter_igw/tasks/main.yml b/roles/connectivity_troubleshooter_igw/tasks/main.yml index 1a8a997..5991656 100644 --- a/roles/connectivity_troubleshooter_igw/tasks/main.yml +++ b/roles/connectivity_troubleshooter_igw/tasks/main.yml @@ -1,6 +1,6 @@ --- # tasks file for roles/connectivity_troubleshooter_igw -- name: Run cloud.aws_troubleshooting.connectivity_troubleshooter_igw role +- name: Run 'cloud.aws_troubleshooting.connectivity_troubleshooter_igw' role block: - name: Fail when next hop type is not supported by this role ansible.legacy.fail: @@ -21,9 +21,9 @@ - "{{ src_subnet_id }}" register: connectivity_troubleshooter_igw__src_subnet_nacls - - name: Set source subnet NACLs + - name: Set 'connectivity_troubleshooter_igw__src_subnet_nacls' variable ansible.legacy.set_fact: - connectivity_troubleshooter_igw__src_subnet_nacls: "{{ src_subnet_nacls | d([]) + [dict(connectivity_troubleshooter_igw__keys | zip(connectivity_troubleshooter_igw__vals))] + connectivity_troubleshooter_igw__src_subnet_nacls: "{{ connectivity_troubleshooter_igw__src_subnet_nacls | d([]) + [dict(connectivity_troubleshooter_igw__keys | zip(connectivity_troubleshooter_igw__vals))] }}" loop: "{{ connectivity_troubleshooter_igw__src_subnet_nacls.nacls }}" vars: diff --git a/roles/connectivity_troubleshooter_local/tasks/main.yml b/roles/connectivity_troubleshooter_local/tasks/main.yml index c4a323c..32efc4f 100644 --- a/roles/connectivity_troubleshooter_local/tasks/main.yml +++ b/roles/connectivity_troubleshooter_local/tasks/main.yml @@ -1,7 +1,7 @@ --- # tasks file for roles/connectivity_troubleshooter_local -- name: Run cloud.aws_troubleshooting.connectivity_troubleshooter_local role +- name: Run 'cloud.aws_troubleshooting.connectivity_troubleshooter_local' role block: - name: Fail when next hop type is not supported by this role ansible.builtin.fail: @@ -14,7 +14,7 @@ addresses.private-ip-address: "{{ connectivity_troubleshooter_local_destination_ip }}" register: connectivity_troubleshooter_local__describe_dst_eni - - name: Set destination VPC id, subnet id and security groups + - name: Set 'connectivity_troubleshooter_local__dst_vpc_id', 'connectivity_troubleshooter_local__dst_subnet_id' and 'connectivity_troubleshooter_local__dst_security_groups' variables ansible.builtin.set_fact: connectivity_troubleshooter_local__dst_vpc_id: "{{ connectivity_troubleshooter_local__dst_network_interface_info.vpc_id }}" connectivity_troubleshooter_local__dst_subnet_id: "{{ connectivity_troubleshooter_local__dst_network_interface_info.subnet_id }}" @@ -47,14 +47,14 @@ register: connectivity_troubleshooter_local__dst_security_groups_info with_items: "{{ connectivity_troubleshooter_local__dst_security_groups }}" - - name: Set source and destination security groups info + - name: Set 'connectivity_troubleshooter_local__src_security_groups_info' and 'connectivity_troubleshooter_local__dst_security_groups_info' variables ansible.builtin.set_fact: connectivity_troubleshooter_local__src_security_groups_info: "{{ connectivity_troubleshooter_local__src_security_groups_info.results | sum(attribute='security_groups', start=[]) }}" connectivity_troubleshooter_local__dst_security_groups_info: "{{ connectivity_troubleshooter_local__dst_security_groups_info.results | sum(attribute='security_groups', start=[]) }}" - - name: Set security groups info + - name: Set 'connectivity_troubleshooter_local__security_groups_info' variable ansible.builtin.set_fact: connectivity_troubleshooter_local__security_groups_info: "{{ connectivity_troubleshooter_local__security_groups_info | default([]) + item.security_groups }}" @@ -79,7 +79,7 @@ - "{{ src_subnet_id }}" register: connectivity_troubleshooter_local__network_acls_info - - name: Set source NACLs info + - name: Set 'connectivity_troubleshooter_local__src_network_acls_info' variable ansible.builtin.set_fact: connectivity_troubleshooter_local__src_network_acls_info: "{{ connectivity_troubleshooter_local__src_network_acls_info | d([]) + [dict(_keys | zip(_vals))] }}" @@ -95,7 +95,7 @@ - "{{ dst_subnet_id }}" register: connectivity_troubleshooter_local__network_acls_info - - name: Set destination NACLs info + - name: Set 'connectivity_troubleshooter_local__dst_network_acls_info' variable ansible.builtin.set_fact: connectivity_troubleshooter_local__dst_network_acls_info: "{{ connectivity_troubleshooter_local__dst_network_acls_info | d([]) + [dict(connectivity_troubleshooter_local__keys | zip(connectivity_troubleshooter_local__vals))] }}" diff --git a/roles/connectivity_troubleshooter_nat/tasks/main.yml b/roles/connectivity_troubleshooter_nat/tasks/main.yml index a492af9..a429b40 100644 --- a/roles/connectivity_troubleshooter_nat/tasks/main.yml +++ b/roles/connectivity_troubleshooter_nat/tasks/main.yml @@ -1,7 +1,7 @@ --- # tasks file for roles/connectivity_troubleshooter_nat -- name: Run cloud.aws_troubleshooting.connectivity_troubleshooter_nat role +- name: Run 'cloud.aws_troubleshooting.connectivity_troubleshooter_nat' role block: - name: Fail when next hop type is not supported by this role ansible.builtin.fail: @@ -14,7 +14,7 @@ nat-gateway-id: "{{ connectivity_troubleshooter_validate__next_hop }}" register: connectivity_troubleshooter_nat__describe_nat_gw - - name: Set NAT subnet id and NAT VPC id + - name: Set 'connectivity_troubleshooter_nat__nat_subnet_id' and 'connectivity_troubleshooter_nat__nat_vpc_id' variables ansible.builtin.set_fact: connectivity_troubleshooter_nat__nat_subnet_id: "{{ connectivity_troubleshooter_nat__nat_gw_info.subnet_id }}" connectivity_troubleshooter_nat__nat_vpc_id: "{{ connectivity_troubleshooter_nat__nat_gw_info.vpc_id }}" @@ -27,7 +27,7 @@ association.subnet-id: "{{ connectivity_troubleshooter_nat__describe_nat_gwnat_subnet_id }}" register: connectivity_troubleshooter_nat__nat_network_acls_info - - name: Set NAT NACLs + - name: Set 'connectivity_troubleshooter_nat__nat_network_acls' variable ansible.builtin.set_fact: connectivity_troubleshooter_nat__nat_network_acls: "{{ connectivity_troubleshooter_nat__nat_network_acls | d([]) + [dict(connectivity_troubleshooter_nat__keys | zip(connectivity_troubleshooter_nat__vals))] }}" @@ -43,7 +43,7 @@ - "{{ connectivity_troubleshooter_nat__nat_subnet_id }}" register: connectivity_troubleshooter_nat__nat_route_table - - name: Set NAT routes + - name: Set 'connectivity_troubleshooter_nat__nat_routes' variable ansible.builtin.set_fact: connectivity_troubleshooter_nat__nat_routes: "{{ connectivity_troubleshooter_nat__nat_route_table.route_tables.0.routes }}" when: connectivity_troubleshooter_nat__nat_route_table.route_tables | length > 0 @@ -64,7 +64,7 @@ msg: Could not find route table for NAT Gateway when: connectivity_troubleshooter_nat__nat_route_table_retry.route_tables | length == 0 - - name: Set NAT routest + - name: Set 'connectivity_troubleshooter_nat__nat_routes' variable ansible.builtin.set_fact: connectivity_troubleshooter_nat__nat_routes: "{{ connectivity_troubleshooter_nat__nat_route_table_retry.route_tables.0.routes }}" diff --git a/roles/connectivity_troubleshooter_peering/tasks/main.yml b/roles/connectivity_troubleshooter_peering/tasks/main.yml index 35897e6..cded0ca 100644 --- a/roles/connectivity_troubleshooter_peering/tasks/main.yml +++ b/roles/connectivity_troubleshooter_peering/tasks/main.yml @@ -21,7 +21,7 @@ addresses.private-ip-address: "{{ connectivity_troubleshooter_peering_destination_ip }}" register: connectivity_troubleshooter_peering__dst_peer_eni - - name: Set destination peer VPC id and subnet id + - name: Set 'connectivity_troubleshooter_peering__dst_peer_vpc_id' and 'connectivity_troubleshooter_peering__dst_peer_subnet_id' variables ansible.builtin.set_fact: connectivity_troubleshooter_peering__dst_peer_vpc_id: "{{ connectivity_troubleshooter_peering__dst_peer_eni_info.vpc_id }}" connectivity_troubleshooter_peering__dst_peer_subnet_id: "{{ connectivity_troubleshooter_peering__dst_peer_eni_info.subnet_id }}" @@ -35,7 +35,7 @@ - "{{ connectivity_troubleshooter_peering__dst_peer_subnet_id }}" register: connectivity_troubleshooter_peering__dst_peer_route_table - - name: Set routes + - name: Set 'connectivity_troubleshooter_validate__routes' variable ansible.builtin.set_fact: connectivity_troubleshooter_validate__routes: "{{ connectivity_troubleshooter_peering__dst_peer_route_table.route_tables.0.routes }}" when: connectivity_troubleshooter_peering__dst_peer_route_table.route_tables | length > 0 @@ -56,7 +56,7 @@ msg: Could not find route table for Destination peer when: connectivity_troubleshooter_peering__dst_peer_route_table_retry.route_tables | length == 0 - - name: Set routes + - name: Set 'connectivity_troubleshooter_peering__routes' variable ansible.builtin.set_fact: connectivity_troubleshooter_peering__routes: "{{ connectivity_troubleshooter_peering__dst_peer_route_table_retry.route_tables.0.routes }}" diff --git a/roles/connectivity_troubleshooter_validate/tasks/main.yml b/roles/connectivity_troubleshooter_validate/tasks/main.yml index 2d3c7cd..7ead125 100644 --- a/roles/connectivity_troubleshooter_validate/tasks/main.yml +++ b/roles/connectivity_troubleshooter_validate/tasks/main.yml @@ -1,7 +1,7 @@ --- # tasks file for roles/connectivity_troubleshooter_validate -- name: Run cloud.aws_troubleshooting.connectivity_troubleshooter_validate role +- name: Run 'cloud.aws_troubleshooting.connectivity_troubleshooter_validate' role block: - name: Fail when the IPv4 address of the resource you want to connect is not defined ansible.builtin.fail: @@ -18,15 +18,16 @@ msg: The private IPv4 address of the AWS resource in your Amazon VPC you want to test connectivity from must be defined as connectivity_troubleshooter_validate_source_ip when: connectivity_troubleshooter_validate_source_ip is not defined - - name: Fail when connectivity_troubleshooter_validate_source_ip and connectivity_troubleshooter_validate_destination_ip coincide + - name: Fail when 'connectivity_troubleshooter_validate_source_ip' and 'connectivity_troubleshooter_validate_destination_ip' coincide ansible.builtin.fail: msg: connectivity_troubleshooter_validate_source_ip and connectivity_troubleshooter_validate_destination_ip are same, kindly provide different values when: connectivity_troubleshooter_validate_source_ip == connectivity_troubleshooter_validate_destination_ip - - name: Set connectivity_troubleshooter_validate__filter_eni variable + - name: Set 'connectivity_troubleshooter_validate__filter_eni' variable ansible.builtin.set_fact: connectivity_troubleshooter_validate__filter_eni: { addresses.private-ip-address: "{{ connectivity_troubleshooter_validate_source_ip }}" } - - name: Set connectivity_troubleshooter_validate__filter_eni variable + + - name: Set 'connectivity_troubleshooter_validate__filter_eni' variable ansible.builtin.set_fact: connectivity_troubleshooter_validate__filter_eni: "{{ connectivity_troubleshooter_validate__filter_eni | combine({'vpc-id': connectivity_troubleshooter_validate_source_vpc}) }}" @@ -43,7 +44,7 @@ found when: connectivity_troubleshooter_validate__describe_src_eni['network_interfaces'] | length == 0 - - name: Set source subnet id, VPC id, security groups and network interface + - name: Set 'connectivity_troubleshooter_validate__src_subnet_id', 'connectivity_troubleshooter_validate__src_vpc_id', 'connectivity_troubleshooter_validate__src_security_groups' and 'connectivity_troubleshooter_validate__src_network_interface' variables ansible.builtin.set_fact: connectivity_troubleshooter_validate__src_subnet_id: "{{ connectivity_troubleshooter_validate__src_network_interface_info.subnet_id }}" connectivity_troubleshooter_validate__src_vpc_id: "{{ connectivity_troubleshooter_validate__src_network_interface_info.vpc_id }}" @@ -59,7 +60,7 @@ association.subnet-id: "{{ connectivity_troubleshooter_validate__src_subnet_id }}" register: connectivity_troubleshooter_validate__src_route_table - - name: Set routes + - name: Set 'connectivity_troubleshooter_validate__routes' variable ansible.builtin.set_fact: connectivity_troubleshooter_validate__routes: "{{ connectivity_troubleshooter_validate__src_route_table.route_tables.0.routes }}" when: connectivity_troubleshooter_validate__src_route_table.route_tables | length > 0 @@ -80,7 +81,7 @@ msg: Could not find route table for connectivity_troubleshooter_validate_source_ip when: connectivity_troubleshooter_validate__src_route_table_retry.route_tables | length == 0 - - name: Set routes + - name: Set 'connectivity_troubleshooter_validate__routes' variable ansible.builtin.set_fact: connectivity_troubleshooter_validate__routes: "{{ connectivity_troubleshooter_validate__src_route_table_retry.route_tables.0.routes }}" @@ -90,6 +91,6 @@ routes: "{{ connectivity_troubleshooter_validate__routes }}" register: connectivity_troubleshooter_validate__result_next_hop - - name: Set next hop + - name: Set 'connectivity_troubleshooter_validate__next_hop' variable ansible.builtin.set_fact: connectivity_troubleshooter_validate__next_hop: "{{ connectivity_troubleshooter_validate__result_next_hop.next_hop }}" diff --git a/roles/troubleshoot_rds_connectivity/tasks/get_ec2_instance_info.yml b/roles/troubleshoot_rds_connectivity/tasks/get_ec2_instance_info.yml index 9a05285..b1edfe1 100644 --- a/roles/troubleshoot_rds_connectivity/tasks/get_ec2_instance_info.yml +++ b/roles/troubleshoot_rds_connectivity/tasks/get_ec2_instance_info.yml @@ -10,8 +10,7 @@ msg: "EC2 instance not found with id: {{ troubleshoot_rds_connectivity_ec2_instance_id }}" when: troubleshoot_rds_connectivity__result.instances | length == 0 -- name: Set 'roubleshoot_rds_connectivity__ec2_security_group_ids', 'roubleshoot_rds_connectivity__ec2_subnet_id', 'roubleshoot_rds_connectivity__ec2_vpc_id' and - 'roubleshoot_rds_connectivity__ec2_private_ip_addrs' variables +- name: Set EC2 security group ids, EC2 subnetid, EC2 VPC id and EC2 private IPs ansible.builtin.set_fact: troubleshoot_rds_connectivity__ec2_security_group_ids: "{{ ec2_instance_info.security_groups | map(attribute='group_id') | list }}" troubleshoot_rds_connectivity__ec2_subnet_id: "{{ ec2_instance_info.subnet_id }}" diff --git a/roles/troubleshoot_rds_connectivity/tasks/get_rds_instance_info.yml b/roles/troubleshoot_rds_connectivity/tasks/get_rds_instance_info.yml index 4b1693a..3cfb8ed 100644 --- a/roles/troubleshoot_rds_connectivity/tasks/get_rds_instance_info.yml +++ b/roles/troubleshoot_rds_connectivity/tasks/get_rds_instance_info.yml @@ -14,7 +14,7 @@ msg: Bad DB instance status, expecting 'available', found '{{ troubleshoot_rds_connectivity__rds_info.instances.0.db_instance_status }}' when: troubleshoot_rds_connectivity__rds_info.instances.0.db_instance_status != "available" -- name: Set 'troubleshoot_rds_connectivity__rds_instance_endpoint_addr', 'troubleshoot_rds_connectivity__rds_instance_endpoint_port', 'troubleshoot_rds_connectivity__rds_instance_subnets', +- name: Set RDS instance endpoint address, RDS instance endpoint port, and RDS instance subnets 'troubleshoot_rds_connectivity__rds_instance_vpc_id' and 'troubleshoot_rds_connectivity__rds_instance_vpc_security_groups' variables ansible.builtin.set_fact: troubleshoot_rds_connectivity__rds_instance_endpoint_addr: "{{ rds_instance_info.endpoint.address }}" @@ -37,7 +37,7 @@ subnet_ids: "{{ troubleshoot_rds_connectivity__rds_instance_subnets }}" register: troubleshoot_rds_connectivity__rds_subnets_info -- name: Set 'troubleshoot_rds_connectivity__rds_subnets_cidrs' variable +- name: Set RDS subnets cidrs ansible.builtin.set_fact: troubleshoot_rds_connectivity__rds_subnets_cidrs: "{{ troubleshoot_rds_connectivity__rds_subnets_info.subnets | map(attribute='cidr_block') | list }}" diff --git a/tox.ini b/tox.ini index f8e4adf..c849b3f 100644 --- a/tox.ini +++ b/tox.ini @@ -16,8 +16,8 @@ commands = [testenv:ansible-lint] deps = - ansible-lint==6.16.0 -commands = ansible-linters + ansible-lint==6.17.2 +commands = ansible-lint --profile production --format pep8 --nocolor --strict --write {toxinidir}/roles {toxinidir}/tests [testenv:linters] deps =