From dd571bd4a74a277c0b7ce026840e3f076535327d Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Wed, 5 Jul 2023 17:46:00 +0200 Subject: [PATCH] A round of sanity fixes Signed-off-by: Alina Buzachis --- roles/aws_setup_credentials/tasks/main.yml | 2 +- .../tasks/read_option.yml | 18 +++--- roles/connectivity_troubleshooter/README.md | 2 +- .../tasks/main.yml | 14 ++--- .../tasks/main.yml | 14 ++--- .../tasks/main.yml | 58 +++++++++---------- .../tasks/main.yml | 48 +++++++-------- .../tasks/main.yml | 40 ++++++------- .../tasks/main.yml | 54 ++++++++--------- .../tasks/get_ec2_instance_info.yml | 36 ++++++------ .../tasks/get_rds_instance_info.yml | 46 +++++++-------- .../tasks/main.yml | 36 ++++++------ .../test_aws_setup_credentials/tasks/main.yml | 8 +-- 13 files changed, 188 insertions(+), 188 deletions(-) diff --git a/roles/aws_setup_credentials/tasks/main.yml b/roles/aws_setup_credentials/tasks/main.yml index da0ee15..ed017cd 100644 --- a/roles/aws_setup_credentials/tasks/main.yml +++ b/roles/aws_setup_credentials/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Define intial value for credentials ansible.builtin.set_fact: - aws_role_credentials: {} + aws_setup_credentials__aws_role_credentials: {} - name: Create auth credentials ansible.builtin.include_tasks: read_option.yml with_dict: "{{ aws_connection_env }}" diff --git a/roles/aws_setup_credentials/tasks/read_option.yml b/roles/aws_setup_credentials/tasks/read_option.yml index ef2f3e2..4fe5ace 100644 --- a/roles/aws_setup_credentials/tasks/read_option.yml +++ b/roles/aws_setup_credentials/tasks/read_option.yml @@ -1,23 +1,23 @@ --- - name: Set 'option_key' and 'option_value' from Environment ansible.builtin.set_fact: - option_key: "{{ ('dest' in item.value) | ternary(item.value.dest, item.key) }}" - option_value: "{{ lookup('vars', item.key, default='') }}" + aws_setup_credentials__option_key: "{{ ('dest' in item.value) | ternary(item.value.dest, item.key) }}" + aws_setup_credentials__option_value: "{{ lookup('vars', item.key, default='') }}" - name: Combine user-defined variable ansible.builtin.set_fact: - aws_role_credentials: "{{ aws_role_credentials | combine({option_key: option_value}) }}" - when: option_value | length > 0 + aws_setup_credentials__aws_role_credentials: "{{ aws_setup_credentials__aws_role_credentials | combine({aws_setup_credentials__option_key: aws_setup_credentials__option_value}) }}" + when: aws_setup_credentials__option_value | length > 0 - name: Read value from Environment - when: option_value | length == 0 + when: aws_setup_credentials__option_value | length == 0 block: - name: Set 'env_values' variable ansible.builtin.set_fact: - env_values: [] + aws_setup_credentials__env_values: [] - name: Set 'env_values' from Environment ansible.builtin.set_fact: - env_values: "{{ env_values + [current_value] }}" + aws_setup_credentials__env_values: "{{ aws_setup_credentials__env_values + [current_value] }}" with_items: "{{ ('env' in item.value) | ternary(item.value.env, []) }}" when: current_value | length > 0 loop_control: @@ -27,5 +27,5 @@ - name: Combine with environment-defined variable ansible.builtin.set_fact: - aws_role_credentials: "{{ aws_role_credentials | combine({option_key: env_values[0]}) }}" - when: env_values | length > 0 + aws_setup_credentials__aws_role_credentials: "{{ aws_setup_credentials__aws_role_credentials | combine({aws_setup_credentials__option_key: aws_setup_credentials__env_values[0]}) }}" + when: aws_setup_credentials__env_values | length > 0 diff --git a/roles/connectivity_troubleshooter/README.md b/roles/connectivity_troubleshooter/README.md index 932ba12..96126b9 100644 --- a/roles/connectivity_troubleshooter/README.md +++ b/roles/connectivity_troubleshooter/README.md @@ -15,7 +15,7 @@ Authentication against AWS is managed by the `aws_setup_credentials` role. It also requires the folllowing roles: - cloud.aws_troubleshooting.connectivity_troubleshooter_validate - cloud.aws_troubleshooting.connectivity_troubleshooter_igw -- cloud.aws_troubleshooting.connectivity_troubleshooter_local +- cloud.aws_troubleshooting.connectivity_troubleshooter_local - cloud.aws_troubleshooting.connectivity_troubleshooter_nat - cloud.aws_troubleshooting.connectivity_troubleshooter_peering diff --git a/roles/connectivity_troubleshooter/tasks/main.yml b/roles/connectivity_troubleshooter/tasks/main.yml index b3882ce..95ec169 100644 --- a/roles/connectivity_troubleshooter/tasks/main.yml +++ b/roles/connectivity_troubleshooter/tasks/main.yml @@ -2,7 +2,7 @@ # tasks file for roles/connectivity_troubleshooter - name: Run 'connectivity_troubleshooter' module_defaults: - group/aws: "{{ aws_role_credentials }}" + group/aws: "{{ aws_setup_credentials__aws_role_credentials }}" block: - name: Include 'connectivity_troubleshooter_validate' role @@ -16,8 +16,8 @@ - name: Fail when next hop type is not supported by this role ansible.builtin.fail: - msg: Next hop type '{{ next_hop }}' is not supported by this role - when: next_hop != 'local' and not next_hop.startswith('nat-') and not next_hop.startswith('igw-') and not next_hop.startswith('pcx-') + msg: Next hop type '{{ connectivity_troubleshooter_validate__next_hop }}' is not supported by this role + when: connectivity_troubleshooter_validate__next_hop != 'local' and not connectivity_troubleshooter_validate__next_hop.startswith('nat-') and not connectivity_troubleshooter_validate__next_hop.startswith('igw-') and not connectivity_troubleshooter_validate__next_hop.startswith('pcx-') - name: Include 'connectivity_troubleshooter_local' role ansible.builtin.include_role: @@ -28,7 +28,7 @@ connectivity_troubleshooter_local_source_ip: "{{ connectivity_troubleshooter_source_ip }}" connectivity_troubleshooter_local_destination_vpc: "{{ connectivity_troubleshooter_destination_vpc }}" connectivity_troubleshooter_local_source_port_range: "{{ connectivity_troubleshooter_source_port_range }}" - when: "'local' == next_hop" + when: "'local' == connectivity_troubleshooter_validate__next_hop" - name: Include 'connectivity_troubleshooter_igw' role ansible.builtin.include_role: @@ -40,7 +40,7 @@ connectivity_troubleshooter_igw_destination_vpc: "{{ connectivity_troubleshooter_destination_vpc }}" connectivity_troubleshooter_igw_source_vpc: "{{ connectivity_troubleshooter_source_vpc }}" connectivity_troubleshooter_igw_source_port_range: "{{ connectivity_troubleshooter_source_port_range }}" - when: "'igw-' in next_hop" + when: "'igw-' in connectivity_troubleshooter_validate__next_hop" - name: Include 'connectivity_troubleshooter_nat' role ansible.builtin.include_role: @@ -50,7 +50,7 @@ connectivity_troubleshooter_nat_destination_port: "{{ connectivity_troubleshooter_destination_port }}" connectivity_troubleshooter_nat_source_ip: "{{ connectivity_troubleshooter_source_ip }}" connectivity_troubleshooter_nat_source_port_range: "{{ connectivity_troubleshooter_source_port_range }}" - when: "'nat-' in next_hop" + when: "'nat-' in connectivity_troubleshooter_validate__next_hop" - name: Include 'connectivity_troubleshooter_peering' role ansible.builtin.include_role: @@ -61,4 +61,4 @@ connectivity_troubleshooter_peering_source_ip: "{{ connectivity_troubleshooter_source_ip }}" connectivity_troubleshooter_peering_destination_vpc: "{{ connectivity_troubleshooter_destination_vpc }}" connectivity_troubleshooter_peering_source_vpc: "{{ connectivity_troubleshooter_source_vpc }}" - when: "'pcx-' in next_hop" + when: "'pcx-' in connectivity_troubleshooter_validate__next_hop" diff --git a/roles/connectivity_troubleshooter_igw/tasks/main.yml b/roles/connectivity_troubleshooter_igw/tasks/main.yml index 152a33c..7c35e01 100644 --- a/roles/connectivity_troubleshooter_igw/tasks/main.yml +++ b/roles/connectivity_troubleshooter_igw/tasks/main.yml @@ -11,7 +11,7 @@ amazon.aws.ec2_security_group_info: filters: group_id: "{{ item }}" - register: __src_security_groups + register: connectivity_troubleshooter_igw__src_security_groups with_items: "{{ src_security_groups }}" - name: Gather information about Source subnet network ACLs @@ -19,19 +19,19 @@ filters: association.subnet-id: - "{{ src_subnet_id }}" - register: __src_subnet_nacls + register: connectivity_troubleshooter_igw__src_subnet_nacls - name: Set 'src_subnet_nacls' variable ansible.legacy.set_fact: src_subnet_nacls: "{{ src_subnet_nacls | d([]) + [dict(_keys | zip(_vals))] }}" - loop: "{{ __src_subnet_nacls.nacls }}" + loop: "{{ connectivity_troubleshooter_igw__src_subnet_nacls.nacls }}" vars: _keys: "{{ ['egress', 'ingress'] }}" _vals: "{{ ['egress', 'ingress'] | map('extract', item) }}" - - name: Set 'src_security_groups_info' variable + - name: Set 'connectivity_troubleshooter_igw__src_security_groups_info' variable ansible.legacy.set_fact: - src_security_groups_info: "{{ __src_security_groups.results | sum(attribute='security_groups', start=[]) }}" + connectivity_troubleshooter_igw__src_security_groups_info: "{{ connectivity_troubleshooter_igw__src_security_groups.results | sum(attribute='security_groups', start=[]) }}" - name: Evaluate ingress and egress netwok ACLs cloud.aws_troubleshooting.eval_src_igw_route: @@ -41,6 +41,6 @@ dst_ip: "{{ connectivity_troubleshooter_igw_destination_ip }}" dst_port: "{{ connectivity_troubleshooter_igw_destination_port }}" src_network_interface: "{{ src_network_interface }}" - src_security_groups_info: "{{ src_security_groups_info }}" + src_security_groups_info: "{{ connectivity_troubleshooter_igw__src_security_groups_info }}" src_network_acls: "{{ src_subnet_nacls }}" - register: __result_eval_src_igw_route + register: connectivity_troubleshooter_igw__result_eval_src_igw_route diff --git a/roles/connectivity_troubleshooter_local/tasks/main.yml b/roles/connectivity_troubleshooter_local/tasks/main.yml index 9e32adb..fd87129 100644 --- a/roles/connectivity_troubleshooter_local/tasks/main.yml +++ b/roles/connectivity_troubleshooter_local/tasks/main.yml @@ -5,58 +5,58 @@ block: - name: Fail when next hop type is not supported by this role ansible.builtin.fail: - msg: Next hop type '{{ next_hop }}' is not supported by this role - when: next_hop != 'local' + msg: Next hop type '{{ connectivity_troubleshooter_validate__next_hop }}' is not supported by this role + when: connectivity_troubleshooter_validate__next_hop != 'local' - name: Gather information about Destination ENI amazon.aws.ec2_eni_info: filters: addresses.private-ip-address: "{{ connectivity_troubleshooter_local_destination_ip }}" - register: __describe_dst_eni + register: connectivity_troubleshooter_local__describe_dst_eni - - name: Set 'dst_vpc_id', 'dst_subnet_id' and 'dst_security_groups' variables + - name: Set 'connectivity_troubleshooter_local__dst_vpc_id', 'connectivity_troubleshooter_local__dst_subnet_id' and 'connectivity_troubleshooter_local__dst_security_groups' variables ansible.builtin.set_fact: - dst_vpc_id: "{{ __dst_network_interface_info.vpc_id }}" - dst_subnet_id: "{{ __dst_network_interface_info.subnet_id }}" - dst_security_groups: "{{ __dst_network_interface_info.groups | map(attribute='group_id') | list }}" + connectivity_troubleshooter_local__dst_vpc_id: "{{ __dst_network_interface_info.vpc_id }}" + connectivity_troubleshooter_local__dst_subnet_id: "{{ __dst_network_interface_info.subnet_id }}" + connectivity_troubleshooter_local__dst_security_groups: "{{ __dst_network_interface_info.groups | map(attribute='group_id') | list }}" vars: - __dst_network_interface_info: "{{ __describe_dst_eni.network_interfaces.0 }}" + __dst_network_interface_info: "{{ connectivity_troubleshooter_local__describe_dst_eni.network_interfaces.0 }}" - name: Fail when no network interface found ansible.builtin.fail: msg: Kindly check the connectivity_troubleshooter_local_destination_ip parameter, no network interface found - when: __describe_dst_eni['network_interfaces'] | length == 0 + when: connectivity_troubleshooter_local__describe_dst_eni['network_interfaces'] | length == 0 - name: Fail when no route is present towards required destination VPC ansible.builtin.fail: msg: Kindly check the source route table to ensure a more specific route is present towards required destination VPC - when: connectivity_troubleshooter_local_destination_vpc | default('', true) | trim and connectivity_troubleshooter_local_destination_vpc != dst_vpc_id + when: connectivity_troubleshooter_local_destination_vpc | default('', true) | trim and connectivity_troubleshooter_local_destination_vpc != connectivity_troubleshooter_local__dst_vpc_id - name: Gather information about Source security groups amazon.aws.ec2_security_group_info: filters: group_id: "{{ item }}" - register: __src_security_groups_info + register: connectivity_troubleshooter_local__src_security_groups_info with_items: "{{ src_security_groups }}" - name: Gather information about Destination security group amazon.aws.ec2_security_group_info: filters: group_id: "{{ item }}" - register: __dst_security_groups_info + register: connectivity_troubleshooter_local__dst_security_groups_info with_items: "{{ dst_security_groups }}" - name: Set 'src_security_groups_info' and 'dst_security_groups_info' variables ansible.builtin.set_fact: - src_security_groups_info: "{{ __src_security_groups_info.results | sum(attribute='security_groups', start=[]) }}" - dst_security_groups_info: "{{ __dst_security_groups_info.results | sum(attribute='security_groups', start=[]) }}" + src_security_groups_info: "{{ connectivity_troubleshooter_local__src_security_groups_info.results | sum(attribute='security_groups', start=[]) }}" + dst_security_groups_info: "{{ connectivity_troubleshooter_local__dst_security_groups_info.results | sum(attribute='security_groups', start=[]) }}" - name: Set 'security_groups_info' variable ansible.builtin.set_fact: security_groups_info: "{{ security_groups_info | default([]) + item.security_groups }}" with_items: - - "{{ __src_security_groups_info.results }}" - - "{{ __dst_security_groups_info.results }}" + - "{{ connectivity_troubleshooter_local__src_security_groups_info.results }}" + - "{{ connectivity_troubleshooter_local__dst_security_groups_info.results }}" - name: Evaluate ingress and egress security group rules cloud.aws_troubleshooting.eval_security_groups: @@ -66,19 +66,19 @@ dst_port: "{{ connectivity_troubleshooter_local_destination_port }}" dst_security_groups: "{{ dst_security_groups }}" security_groups: "{{ security_groups_info }}" - register: __result_eval_security_groups + register: connectivity_troubleshooter_local__result_eval_security_groups - name: Gather information about Source subnet network ACLs community.aws.ec2_vpc_nacl_info: filters: association.subnet-id: - "{{ src_subnet_id }}" - register: __network_acls_info + register: connectivity_troubleshooter_local__network_acls_info - - name: Set 'src_network_acls_info' variable + - name: Set 'connectivity_troubleshooter_local__src_network_acls_info' variable ansible.builtin.set_fact: - src_network_acls_info: "{{ src_network_acls_info | d([]) + [dict(_keys | zip(_vals))] }}" - loop: "{{ __network_acls_info.nacls }}" + connectivity_troubleshooter_local__src_network_acls_info: "{{ connectivity_troubleshooter_local__src_network_acls_info | d([]) + [dict(_keys | zip(_vals))] }}" + loop: "{{ connectivity_troubleshooter_local__network_acls_info.nacls }}" vars: _keys: "{{ ['egress', 'ingress'] }}" _vals: "{{ ['egress', 'ingress'] | map('extract', item) }}" @@ -88,12 +88,12 @@ filters: association.subnet-id: - "{{ dst_subnet_id }}" - register: __network_acls_info + register: connectivity_troubleshooter_local__network_acls_info - name: Set 'dst_network_acls_info' variable ansible.builtin.set_fact: - dst_network_acls_info: "{{ dst_network_acls_info | d([]) + [dict(_keys | zip(_vals))] }}" - loop: "{{ __network_acls_info.nacls }}" + connectivity_troubleshooter_local__dst_network_acls_info: "{{ connectivity_troubleshooter_local__dst_network_acls_info | d([]) + [dict(_keys | zip(_vals))] }}" + loop: "{{ connectivity_troubleshooter_local__network_acls_info.nacls }}" vars: _keys: "{{ ['egress', 'ingress'] }}" _vals: "{{ ['egress', 'ingress'] | map('extract', item) }}" @@ -101,11 +101,11 @@ - name: Evaluate ingress and egress netwok ACLs cloud.aws_troubleshooting.eval_network_acls: src_ip: "{{ connectivity_troubleshooter_local_source_ip }}" - src_subnet_id: "{{ src_subnet_id }}" + src_subnet_id: "{{ connectivity_troubleshooter_local__src_subnet_id }}" src_port_range: "{{ connectivity_troubleshooter_local_source_port_range }}" dst_ip: "{{ connectivity_troubleshooter_local_destination_ip }}" dst_port: "{{ connectivity_troubleshooter_local_destination_port }}" - dst_subnet_id: "{{ dst_subnet_id }}" - src_network_acls: "{{ src_network_acls_info }}" - dst_network_acls: "{{ dst_network_acls_info }}" - register: __result_eval_network_acls + dst_subnet_id: "{{ connectivity_troubleshooter_local__dst_subnet_id }}" + src_network_acls: "{{ connectivity_troubleshooter_local__src_network_acls_info }}" + dst_network_acls: "{{ connectivity_troubleshooter_local__dst_network_acls_info }}" + register: connectivity_troubleshooter_local__result_eval_network_acls diff --git a/roles/connectivity_troubleshooter_nat/tasks/main.yml b/roles/connectivity_troubleshooter_nat/tasks/main.yml index def2ff0..8e9e4cb 100644 --- a/roles/connectivity_troubleshooter_nat/tasks/main.yml +++ b/roles/connectivity_troubleshooter_nat/tasks/main.yml @@ -5,32 +5,32 @@ block: - name: Fail when next hop type is not supported by this role ansible.builtin.fail: - msg: Next hop type '{{ next_hop }}' is not supported by this role - when: "'nat-' not in next_hop" + msg: Next hop type '{{ connectivity_troubleshooter_validate__next_hop }}' is not supported by this role + when: "'nat-' not in connectivity_troubleshooter_validate__next_hop" - name: Gather information about NAT gateway amazon.aws.ec2_vpc_nat_gateway_info: filters: - nat-gateway-id: "{{ next_hop }}" - register: __describe_nat_gw + nat-gateway-id: "{{ connectivity_troubleshooter_validate__next_hop }}" + register: connectivity_troubleshooter_nat__describe_nat_gw - - name: Set 'nat_subnet_id' and 'nat_vpc_id' variables + - name: Set 'connectivity_troubleshooter_nat__nat_subnet_id' and 'connectivity_troubleshooter_nat__nat_vpc_id' variables ansible.builtin.set_fact: - nat_subnet_id: "{{ __nat_gw_info.subnet_id }}" - nat_vpc_id: "{{ __nat_gw_info.vpc_id }}" + connectivity_troubleshooter_nat__nat_subnet_id: "{{ __nat_gw_info.subnet_id }}" + connectivity_troubleshooter_nat__nat_vpc_id: "{{ __nat_gw_info.vpc_id }}" vars: - __nat_gw_info: "{{ __describe_nat_gw.result.0 }}" + __nat_gw_info: "{{ connectivity_troubleshooter_nat__describe_nat_gw.result.0 }}" - name: Gather information about NAT gateway subnet networks ACLs community.aws.ec2_vpc_nacl_info: filters: - association.subnet-id: "{{ nat_subnet_id }}" - register: __nat_network_acls_info + association.subnet-id: "{{ connectivity_troubleshooter_nat__describe_nat_gwnat_subnet_id }}" + register: connectivity_troubleshooter_nat__nat_network_acls_info - - name: Set 'nat_network_acls' variable + - name: Set 'connectivity_troubleshooter__nat_network_acls' variable ansible.builtin.set_fact: - nat_network_acls: "{{ nat_network_acls | d([]) + [dict(_keys | zip(_vals))] }}" - loop: "{{ __nat_network_acls_info.nacls }}" + connectivity_troubleshooter_nat__nat_network_acls: "{{ connectivity_troubleshooter_nat__nat_network_acls | d([]) + [dict(_keys | zip(_vals))] }}" + loop: "{{ connectivity_troubleshooter_nat__nat_network_acls_info.nacls }}" vars: _keys: "{{ ['egress', 'ingress'] }}" _vals: "{{ ['egress', 'ingress'] | map('extract', item) }}" @@ -39,13 +39,13 @@ amazon.aws.ec2_vpc_route_table_info: filters: association.subnet-id: - - "{{ nat_subnet_id }}" - register: __nat_route_table + - "{{ connectivity_troubleshooter_nat__nat_subnet_id }}" + register: connectivity_troubleshooter_nat__nat_route_table - name: Set 'nat_routes' variable ansible.builtin.set_fact: - nat_routes: "{{ __nat_route_table.route_tables.0.routes }}" - when: __nat_route_table.route_tables | length > 0 + connectivity_troubleshooter_nat__nat_routes: "{{ connectivity_troubleshooter_nat__nat_route_table.route_tables.0.routes }}" + when: connectivity_troubleshooter_nat__nat_route_table.route_tables | length > 0 # if RouteTable is not returned, this indicates association of subnet with main route table - name: Gather information about VPC route table using association.main=true @@ -55,17 +55,17 @@ amazon.aws.ec2_vpc_route_table_info: filters: association.main: "true" - vpc-id: "{{ nat_vpc_id }}" - register: __nat_route_table_retry + vpc-id: "{{ connectivity_troubleshooter_nat__nat_vpc_id }}" + register: connectivity_troubleshooter_nat__nat_route_table_retry - name: Fail when route table for NAT Gateway is found ansible.builtin.fail: msg: Could not find route table for NAT Gateway - when: __nat_route_table_retry.route_tables | length == 0 + when: connectivity_troubleshooter_nat__nat_route_table_retry.route_tables | length == 0 - name: Set 'nat_routes' variable ansible.builtin.set_fact: - nat_routes: "{{ __nat_route_table_retry.route_tables.0.routes }}" + connectivity_troubleshooter_nat__nat_routes: "{{ connectivity_troubleshooter_nat__nat_route_table_retry.route_tables.0.routes }}" - name: Evaluate ingress and egress NAT netwok ACLs cloud.aws_troubleshooting.eval_nat_network_acls: @@ -74,7 +74,7 @@ src_port_range: "{{ connectivity_troubleshooter_nat_source_port_range }}" dst_ip: "{{ connectivity_troubleshooter_nat_destination_ip }}" dst_port: "{{ connectivity_troubleshooter_nat_destination_port }}" - nat_subnet_id: "{{ nat_subnet_id }}" - nat_network_acls: "{{ nat_network_acls }}" - routes: "{{ nat_routes }}" + nat_subnet_id: "{{ connectivity_troubleshooter__nat_subnet_id }}" + nat_network_acls: "{{ connectivity_troubleshooter__nat_network_acls }}" + routes: "{{ connectivity_troubleshooter__nat_routes }}" register: __result_eval_nat_network_acls diff --git a/roles/connectivity_troubleshooter_peering/tasks/main.yml b/roles/connectivity_troubleshooter_peering/tasks/main.yml index 0762012..0a75038 100644 --- a/roles/connectivity_troubleshooter_peering/tasks/main.yml +++ b/roles/connectivity_troubleshooter_peering/tasks/main.yml @@ -5,65 +5,65 @@ block: - name: Fail when next hop type is not supported by this role ansible.builtin.fail: - msg: Next hop type '{{ next_hop }}' is not supported by this role - when: "'pcx-' not in next_hop" + msg: Next hop type '{{ connectivity_troubleshooter_validate__next_hop }}' is not supported by this role + when: "'pcx-' not in connectivity_troubleshooter_validate__next_hop" - name: Gather information about peering connection community.aws.ec2_vpc_peering_info: filters: vpc-peering-connection-id: - - "{{ next_hop }}" - register: vpc_peering_connection_info + - "{{ connectivity_troubleshooter_validate__next_hop }}" + register: connectivity_troubleshooter_peering__vpc_peering_connection_info - name: Gather information about Network Interface of the Destination peer amazon.aws.ec2_eni_info: filters: addresses.private-ip-address: "{{ connectivity_troubleshooter_peering_destination_ip }}" - register: __dst_peer_eni + register: connectivity_troubleshooter_peering__dst_peer_eni - - name: Set 'dst_peer_vpc_id' and 'dst_peer_subnet_id' variables + - name: Set 'connectivity_troubleshooter_peering__dst_peer_vpc_id' and 'connectivity_troubleshooter_peering__dst_peer_subnet_id' variables ansible.builtin.set_fact: - dst_peer_vpc_id: "{{ __dst_peer_eni_info.vpc_id }}" - dst_peer_subnet_id: "{{ __dst_peer_eni_info.subnet_id }}" + connectivity_troubleshooter_peering__dst_peer_vpc_id: "{{ connectivity_troubleshooter_peering__dst_peer_eni_info.vpc_id }}" + connectivity_troubleshooter_peering__dst_peer_subnet_id: "{{ connectivity_troubleshooter_peering__dst_peer_eni_info.subnet_id }}" vars: - __dst_peer_eni_info: "{{ __dst_peer_eni.network_interfaces.0 }}" + __dst_peer_eni_info: "{{ connectivity_troubleshooter_peering__dst_peer_eni.network_interfaces.0 }}" - name: Gather information about Destination peer subnet amazon.aws.ec2_vpc_route_table_info: filters: association.subnet-id: - - "{{ dst_peer_subnet_id }}" - register: __dst_peer_route_table + - "{{ connectivity_troubleshooter_peering__dst_peer_subnet_id }}" + register: connectivity_troubleshooter_peering__dst_peer_route_table - name: Set 'routes' variable ansible.builtin.set_fact: - routes: "{{ __dst_peer_route_table.route_tables.0.routes }}" - when: __dst_peer_route_table.route_tables | length > 0 + routes: "{{ connectivity_troubleshooter_peering__dst_peer_route_table.route_tables.0.routes }}" + when: connectivity_troubleshooter_peering__dst_peer_route_table.route_tables | length > 0 # if RouteTable is not returned, this indicates association of subnet with main route table - name: Gather information about VPC route table using association.main=true - when: __dst_peer_route_table.route_tables | length == 0 + when: connectivity_troubleshooter_peering__dst_peer_route_table.route_tables | length == 0 block: - name: Gather information about Destination peer subnet amazon.aws.ec2_vpc_route_table_info: filters: association.main: "true" - vpc-id: "{{ dst_peer_vpc_id }}" - register: __dst_peer_route_table_retry + vpc-id: "{{ connectivity_troubleshooter_peering__dst_peer_vpc_id }}" + register: connectivity_troubleshooter_peering__dst_peer_route_table_retry - name: Fail when no route table for Destination peer is found ansible.builtin.fail: msg: Could not find route table for Destination peer - when: __dst_peer_route_table_retry.route_tables | length == 0 + when: connectivity_troubleshooter_peering__dst_peer_route_table_retry.route_tables | length == 0 - name: Set 'routes' variable ansible.builtin.set_fact: - routes: "{{ __dst_peer_route_table_retry.route_tables.0.routes }}" + connectivity_troubleshooter_peering__routes: "{{ connectivity_troubleshooter_peering__dst_peer_route_table_retry.route_tables.0.routes }}" - name: Evaluate VPC peering connection cloud.aws_troubleshooting.eval_vpc_peering: src_ip: "{{ connectivity_troubleshooter_peering_source_ip }}" peering_id: "{{ next_hop }}" dst_vpc: "{{ connectivity_troubleshooter_peering_destination_vpc }}" - routes: "{{ routes }}" - vpc_peering_connection: "{{ vpc_peering_connection_info.vpc_peering_connections.0 }}" + routes: "{{ connectivity_troubleshooter_peering__routes }}" + vpc_peering_connection: "{{ connectivity_troubleshooter_peering__vpc_peering_connection_info.vpc_peering_connections.0 }}" diff --git a/roles/connectivity_troubleshooter_validate/tasks/main.yml b/roles/connectivity_troubleshooter_validate/tasks/main.yml index 5c6e57e..f06a56c 100644 --- a/roles/connectivity_troubleshooter_validate/tasks/main.yml +++ b/roles/connectivity_troubleshooter_validate/tasks/main.yml @@ -23,71 +23,71 @@ msg: connectivity_troubleshooter_validate_source_ip and connectivity_troubleshooter_validate_destination_ip are same, kindly provide different values when: connectivity_troubleshooter_validate_source_ip == connectivity_troubleshooter_validate_destination_ip - - name: Set '__filter_eni' variable + - name: Set 'connectivity_troubleshooter_validate__filter_eni' variable ansible.builtin.set_fact: - __filter_eni: { addresses.private-ip-address: "{{ connectivity_troubleshooter_validate_source_ip }}" } - - name: Set '__filter_eni' variable + connectivity_troubleshooter_validate__filter_eni: { addresses.private-ip-address: "{{ connectivity_troubleshooter_validate_source_ip }}" } + - name: Set 'connectivity_troubleshooter_validate__filter_eni' variable ansible.builtin.set_fact: - __filter_eni: "{{ __filter_eni | combine({'vpc-id': connectivity_troubleshooter_validate_source_vpc}) }}" + connectivity_troubleshooter_validate__filter_eni: "{{ connectivity_troubleshooter_validate__filter_eni | combine({'vpc-id': connectivity_troubleshooter_validate_source_vpc}) }}" when: connectivity_troubleshooter_validate_source_vpc | default('', true) | trim != '' - name: Gather information about Source ENI amazon.aws.ec2_eni_info: - filters: "{{ __filter_eni }}" - register: __describe_src_eni + filters: "{{ connectivity_troubleshooter_validate__filter_eni }}" + register: connectivity_troubleshooter_validate__describe_src_eni - name: Fail when no network interface found ansible.builtin.fail: msg: Kindly check the connectivity_troubleshooter_validate_source_ip and connectivity_troubleshooter_validate_source_vpc parameters, no network interface found - when: __describe_src_eni['network_interfaces'] | length == 0 + when: connectivity_troubleshooter_validate__describe_src_eni['network_interfaces'] | length == 0 - - name: Set 'src_subnet_id', 'src_vpc_id', 'src_security_groups' and 'src_network_interface' variables + - name: Set 'connectivity_troubleshooter_validate__src_subnet_id', 'connectivity_troubleshooter_validate__src_vpc_id', 'connectivity_troubleshooter_validate__src_security_groups' and 'connectivity_troubleshooter_validate__src_network_interface' variables ansible.builtin.set_fact: - src_subnet_id: "{{ __src_network_interface_info.subnet_id }}" - src_vpc_id: "{{ __src_network_interface_info.vpc_id }}" - src_security_groups: "{{ __src_network_interface_info.groups | map(attribute='group_id') | list }}" - src_network_interface: "{{ __src_network_interface_info }}" + connectivity_troubleshooter_validate__src_subnet_id: "{{ connectivity_troubleshooter_validate__src_network_interface_info.subnet_id }}" + connectivity_troubleshooter_validate__src_vpc_id: "{{ connectivity_troubleshooter_validate__src_network_interface_info.vpc_id }}" + connectivity_troubleshooter_validate__src_security_groups: "{{ connectivity_troubleshooter_validate__src_network_interface_info.groups | map(attribute='group_id') | list }}" + connectivity_troubleshooter_validate__src_network_interface: "{{ connectivity_troubleshooter_validate__src_network_interface_info }}" vars: - __src_network_interface_info: "{{ __describe_src_eni.network_interfaces.0 }}" + __src_network_interface_info: "{{ connectivity_troubleshooter_validate__describe_src_eni.network_interfaces.0 }}" - name: Gather information about Source VPC route table amazon.aws.ec2_vpc_route_table_info: filters: - association.subnet-id: "{{ src_subnet_id }}" - register: __src_route_table + association.subnet-id: "{{ connectivity_troubleshooter_validate__src_subnet_id }}" + register: connectivity_troubleshooter_validate__src_route_table - - name: Set 'routes' variable + - name: Set 'connectivity_troubleshooter_validate__routes' variable ansible.builtin.set_fact: - routes: "{{ __src_route_table.route_tables.0.routes }}" - when: __src_route_table.route_tables | length > 0 + connectivity_troubleshooter_validate__routes: "{{ connectivity_troubleshooter_validate__src_route_table.route_tables.0.routes }}" + when: connectivity_troubleshooter_validate__src_route_table.route_tables | length > 0 # if RouteTable is not returned, this indicates association of subnet with main route table - name: Gather information about VPC route table using association.main=true - when: __src_route_table.route_tables | length == 0 + when: connectivity_troubleshooter_validate__src_route_table.route_tables | length == 0 block: - name: Gather information about VPC route table amazon.aws.ec2_vpc_route_table_info: filters: association.main: "true" - vpc-id: "{{ src_vpc_id }}" - register: __src_route_table_retry + vpc-id: "{{ connectivity_troubleshooter_validate__src_vpc_id }}" + register: connectivity_troubleshooter_validate__src_route_table_retry - name: Fail when no route table for connectivity_troubleshooter_validate_source_ip is found ansible.builtin.fail: msg: Could not find route table for connectivity_troubleshooter_validate_source_ip - when: __src_route_table_retry.route_tables | length == 0 + when: connectivity_troubleshooter_validate__src_route_table_retry.route_tables | length == 0 - name: Set 'routes' variable ansible.builtin.set_fact: - routes: "{{ __src_route_table_retry.route_tables.0.routes }}" + connectivity_troubleshooter_validate__routes: "{{ connectivity_troubleshooter_validate__src_route_table_retry.route_tables.0.routes }}" - name: Get connection next hop cloud.aws_troubleshooting.get_connection_next_hop: dst_ip: "{{ connectivity_troubleshooter_validate_destination_ip }}" - routes: "{{ routes }}" - register: __result_next_hop + routes: "{{ connectivity_troubleshooter_validate__routes }}" + register: connectivity_troubleshooter_validate__result_next_hop - - name: Set 'next_hop' variable + - name: Set 'connectivity_troubleshooter_validate__next_hop' variable ansible.builtin.set_fact: - next_hop: "{{ __result_next_hop.next_hop }}" + connectivity_troubleshooter_validate__next_hop: "{{ connectivity_troubleshooter_validate__result_next_hop.next_hop }}" diff --git a/roles/troubleshoot_rds_connectivity/tasks/get_ec2_instance_info.yml b/roles/troubleshoot_rds_connectivity/tasks/get_ec2_instance_info.yml index b97698c..c733f29 100644 --- a/roles/troubleshoot_rds_connectivity/tasks/get_ec2_instance_info.yml +++ b/roles/troubleshoot_rds_connectivity/tasks/get_ec2_instance_info.yml @@ -3,49 +3,49 @@ amazon.aws.ec2_instance_info: instance_ids: - "{{ troubleshoot_rds_connectivity_ec2_instance_id }}" - register: result + register: troubleshoot_rds_connectivity__result - name: Fail when no EC2 instance found ansible.builtin.fail: msg: "EC2 instance not found with id: {{ troubleshoot_rds_connectivity_ec2_instance_id }}" - when: result.instances | length == 0 + when: troubleshoot_rds_connectivity__result.instances | length == 0 -- name: Set 'ec2_security_group_ids', 'ec2_subnet_id', 'ec2_vpc_id' and 'ec2_private_ip_addrs' variables +- name: Set 'roubleshoot_rds_connectivity__ec2_security_group_ids', 'roubleshoot_rds_connectivity__ec2_subnet_id', 'roubleshoot_rds_connectivity__ec2_vpc_id' and 'roubleshoot_rds_connectivity__ec2_private_ip_addrs' variables ansible.builtin.set_fact: - ec2_security_group_ids: "{{ ec2_instance_info.security_groups | map(attribute='group_id') | list }}" - ec2_subnet_id: "{{ ec2_instance_info.subnet_id }}" - ec2_vpc_id: "{{ ec2_instance_info.vpc_id }}" - ec2_private_ip_addrs: "{{ ec2_instance_info.network_interfaces | map(attribute='private_ip_addresses') | flatten | map(attribute='private_ip_address') | list\ + troubleshoot_rds_connectivity__ec2_security_group_ids: "{{ ec2_instance_info.security_groups | map(attribute='group_id') | list }}" + troubleshoot_rds_connectivity__ec2_subnet_id: "{{ ec2_instance_info.subnet_id }}" + troubleshoot_rds_connectivity__ec2_vpc_id: "{{ ec2_instance_info.vpc_id }}" + troubleshoot_rds_connectivity__ec2_private_ip_addrs: "{{ ec2_instance_info.network_interfaces | map(attribute='private_ip_addresses') | flatten | map(attribute='private_ip_address') | list\ \ }}" vars: - ec2_instance_info: "{{ result.instances.0 }}" + ec2_instance_info: "{{ troubleshoot_rds_connectivity__result.instances.0 }}" - name: Get EC2 Subnet info amazon.aws.ec2_vpc_subnet_info: - subnet_ids: "{{ ec2_subnet_id }}" - register: ec2_subnets_info + subnet_ids: "{{ troubleshoot_rds_connectivity__ec2_subnet_id }}" + register: troubleshoot_rds_connectivity__ec2_subnets_info - name: Get EC2 Network Acl Rules community.aws.ec2_vpc_nacl_info: filters: - association.subnet-id: "{{ ec2_subnet_id }}" - register: ec2_network_acl + association.subnet-id: "{{ troubleshoot_rds_connectivity__ec2_subnet_id }}" + register: troubleshoot_rds_connectivity__ec2_network_acl - name: Get EC2 Security Groups info amazon.aws.ec2_security_group_info: filters: - group-id: "{{ ec2_security_group_ids }}" - register: ec2_security_groups + group-id: "{{ troubleshoot_rds_connectivity__ec2_security_group_ids }}" + register: troubleshoot_rds_connectivity__ec2_security_groups - name: Get EC2 Route Tables amazon.aws.ec2_vpc_route_table_info: filters: - association.subnet-id: "{{ ec2_subnet_id }}" - register: ec2_subnet_route_table + association.subnet-id: "{{ troubleshoot_rds_connectivity__ec2_subnet_id }}" + register: troubleshoot_rds_connectivity__ec2_subnet_route_table - name: Get EC2 Vpc Route Tables amazon.aws.ec2_vpc_route_table_info: filters: association.main: true - vpc-id: "{{ ec2_vpc_id }}" - register: ec2_vpc_route_table + vpc-id: "{{ troubleshoot_rds_connectivity__ec2_vpc_id }}" + register: troubleshoot_rds_connectivity__ec2_vpc_route_table diff --git a/roles/troubleshoot_rds_connectivity/tasks/get_rds_instance_info.yml b/roles/troubleshoot_rds_connectivity/tasks/get_rds_instance_info.yml index 21a9bd2..64ba1bf 100644 --- a/roles/troubleshoot_rds_connectivity/tasks/get_rds_instance_info.yml +++ b/roles/troubleshoot_rds_connectivity/tasks/get_rds_instance_info.yml @@ -2,59 +2,59 @@ - name: Get RDS instance properties amazon.aws.rds_instance_info: db_instance_identifier: "{{ troubleshoot_rds_connectivity_db_instance_id }}" - register: rds_info + register: troubleshoot_rds_connectivity__rds_info - name: Assert that DB instance exists ansible.builtin.fail: msg: No DB instance found with identifier '{{ troubleshoot_rds_connectivity_db_instance_id }}' - when: rds_info.instances | length == 0 + when: troubleshoot_rds_connectivity__rds_info.instances | length == 0 - name: Assert that DB Instance status is 'available' ansible.builtin.fail: - msg: Bad DB instance status, expecting 'available', found '{{ rds_info.instances.0.db_instance_status }}' - when: rds_info.instances.0.db_instance_status != "available" + msg: Bad DB instance status, expecting 'available', found '{{ troubleshoot_rds_connectivity__rds_info.instances.0.db_instance_status }}' + when: troubleshoot_rds_connectivity__rds_info.instances.0.db_instance_status != "available" -- name: Set 'rds_instance_endpoint_addr', 'rds_instance_endpoint_port', 'rds_instance_subnets', 'rds_instance_vpc_id' and rds_instance_vpc_security_groups' variables +- name: Set 'troubleshoot_rds_connectivity__rds_instance_endpoint_addr', 'troubleshoot_rds_connectivity__rds_instance_endpoint_port', 'troubleshoot_rds_connectivity__rds_instance_subnets', 'troubleshoot_rds_connectivity__rds_instance_vpc_id' and 'troubleshoot_rds_connectivity__rds_instance_vpc_security_groups' variables ansible.builtin.set_fact: - rds_instance_endpoint_addr: "{{ rds_instance_info.endpoint.address }}" - rds_instance_endpoint_port: "{{ rds_instance_info.endpoint.port }}" + troubleshoot_rds_connectivity__rds_instance_endpoint_addr: "{{ rds_instance_info.endpoint.address }}" + troubleshoot_rds_connectivity__rds_instance_endpoint_port: "{{ rds_instance_info.endpoint.port }}" # rds_instance_publicly_accessible: "{{ rds_instance_info.publicly_accessible }}" - rds_instance_subnets: "{{ rds_instance_info.db_subnet_group.subnets | map(attribute='subnet_identifier') | list }}" - rds_instance_vpc_id: "{{ rds_instance_info.db_subnet_group.vpc_id }}" - rds_instance_vpc_security_groups: "{{ rds_instance_info.vpc_security_groups | map(attribute='vpc_security_group_id') | list }}" + troubleshoot_rds_connectivity__rds_instance_subnets: "{{ rds_instance_info.db_subnet_group.subnets | map(attribute='subnet_identifier') | list }}" + troubleshoot_rds_connectivity__rds_instance_vpc_id: "{{ rds_instance_info.db_subnet_group.vpc_id }}" + troubleshoot_rds_connectivity__rds_instance_vpc_security_groups: "{{ rds_instance_info.vpc_security_groups | map(attribute='vpc_security_group_id') | list }}" vars: - rds_instance_info: "{{ rds_info.instances.0 }}" + rds_instance_info: "{{ troubleshoot_rds_connectivity__rds_info.instances.0 }}" - name: Get RDS Network ACL Rules community.aws.ec2_vpc_nacl_info: filters: - association.subnet-id: "{{ rds_instance_subnets }}" - register: rds_network_acl + association.subnet-id: "{{ troubleshoot_rds_connectivity__rds_instance_subnets }}" + register: troubleshoot_rds_connectivity__rds_network_acl - name: Get RDS Subnet info amazon.aws.ec2_vpc_subnet_info: - subnet_ids: "{{ rds_instance_subnets }}" - register: rds_subnets_info + subnet_ids: "{{ troubleshoot_rds_connectivity__rds_instance_subnets }}" + register: troubleshoot_rds_connectivity__rds_subnets_info -- name: Set 'rds_subnets_cidrs' variable +- name: Set 'troubleshoot_rds_connectivity__rds_subnets_cidrs' variable ansible.builtin.set_fact: - rds_subnets_cidrs: "{{ rds_subnets_info.subnets | map(attribute='cidr_block') | list }}" + troubleshoot_rds_connectivity__rds_subnets_cidrs: "{{ troubleshoot_rds_connectivity__rds_subnets_info.subnets | map(attribute='cidr_block') | list }}" - name: Get RDS Security Groups amazon.aws.ec2_security_group_info: filters: - group-id: "{{ rds_instance_vpc_security_groups }}" - register: rds_security_groups + group-id: "{{ troubleshoot_rds_connectivity__rds_instance_vpc_security_groups }}" + register: troubleshoot_rds_connectivity__rds_security_groups - name: Get RDS Route Tables amazon.aws.ec2_vpc_route_table_info: filters: - association.subnet-id: "{{ rds_instance_subnets }}" - register: rds_subnet_route_table + association.subnet-id: "{{ troubleshoot_rds_connectivity__rds_instance_subnets }}" + register: troubleshoot_rds_connectivity__rds_subnet_route_table - name: Get RDS VPC Route Tables amazon.aws.ec2_vpc_route_table_info: filters: association.main: true - vpc-id: "{{ rds_instance_vpc_id }}" - register: rds_vpc_route_table + vpc-id: "{{ troubleshoot_rds_connectivity__rds_instance_vpc_id }}" + register: troubleshoot_rds_connectivity__rds_vpc_route_table diff --git a/roles/troubleshoot_rds_connectivity/tasks/main.yml b/roles/troubleshoot_rds_connectivity/tasks/main.yml index 258cea8..0c523d5 100644 --- a/roles/troubleshoot_rds_connectivity/tasks/main.yml +++ b/roles/troubleshoot_rds_connectivity/tasks/main.yml @@ -16,7 +16,7 @@ - name: Run 'troubleshoot_rds_connectivity' roles module_defaults: - group/aws: "{{ aws_role_credentials }}" + group/aws: "{{ aws_setup_credentials__aws_role_credentials }}" block: - name: Include 'get_rds_instance_info.yml' @@ -28,29 +28,29 @@ # Evaluates security group rules. - name: Evaluate Security Group Rules cloud.aws_troubleshooting.validate_security_group_rules: - dest_subnet_cidrs: "{{ rds_subnets_cidrs }}" - dest_security_groups: "{{ rds_security_groups.security_groups }}" - dest_port: "{{ rds_instance_endpoint_port }}" - src_security_groups: "{{ ec2_security_groups.security_groups }}" - src_private_ip: "{{ ec2_private_ip_addrs | first }}" + dest_subnet_cidrs: "{{ troubleshoot_rds_connectivity__rds_subnets_cidrs }}" + dest_security_groups: "{{ troubleshoot_rds_connectivity__rds_security_groups.security_groups }}" + dest_port: "{{ troubleshoot_rds_connectivity__rds_instance_endpoint_port }}" + src_security_groups: "{{ troubleshoot_rds_connectivity__ec2_security_groups.security_groups }}" + src_private_ip: "{{ troubleshoot_rds_connectivity__ec2_private_ip_addrs | first }}" # Evaluates network ACLs. - name: Evaluate network ACLS cloud.aws_troubleshooting.validate_network_acls: - dest_subnet_cidrs: "{{ rds_subnets_cidrs }}" - dest_network_acl_rules: "{{ rds_network_acl.nacls }}" + dest_subnet_cidrs: "{{ troubleshoot_rds_connectivity__rds_subnets_cidrs }}" + dest_network_acl_rules: "{{ troubleshoot_rds_connectivity__rds_network_acl.nacls }}" dest_port: - - "{{ rds_instance_endpoint_port }}" - src_network_acl_rules: "{{ ec2_network_acl.nacls }}" - src_private_ip: "{{ ec2_private_ip_addrs }}" + - "{{ troubleshoot_rds_connectivity__rds_instance_endpoint_port }}" + src_network_acl_rules: "{{ troubleshoot_rds_connectivity__ec2_network_acl.nacls }}" + src_private_ip: "{{ troubleshoot_rds_connectivity__ec2_private_ip_addrs }}" # Evaluates route tables. - name: Evaluate route tables cloud.aws_troubleshooting.validate_route_tables: - dest_subnets: "{{ rds_subnets_info.subnets }}" - dest_route_tables: "{{ rds_subnet_route_table.route_tables }}" - dest_vpc_route_tables: "{{ rds_vpc_route_table.route_tables }}" - src_subnets: "{{ ec2_subnets_info.subnets }}" - src_private_ip: "{{ ec2_private_ip_addrs }}" - src_route_tables: "{{ ec2_subnet_route_table.route_tables }}" - src_vpc_route_tables: "{{ ec2_vpc_route_table.route_tables }}" + dest_subnets: "{{ troubleshoot_rds_connectivity__rds_subnets_info.subnets }}" + dest_route_tables: "{{ troubleshoot_rds_connectivity__rds_subnet_route_table.route_tables }}" + dest_vpc_route_tables: "{{ troubleshoot_rds_connectivity__rds_vpc_route_table.route_tables }}" + src_subnets: "{{ troubleshoot_rds_connectivity__ec2_subnets_info.subnets }}" + src_private_ip: "{{ troubleshoot_rds_connectivity__ec2_private_ip_addrs }}" + src_route_tables: "{{ troubleshoot_rds_connectivity__ec2_subnet_route_table.route_tables }}" + src_vpc_route_tables: "{{ troubleshoot_rds_connectivity__ec2_vpc_route_table.route_tables }}" diff --git a/tests/integration/targets/test_aws_setup_credentials/tasks/main.yml b/tests/integration/targets/test_aws_setup_credentials/tasks/main.yml index 5c6d75c..bfd3577 100644 --- a/tests/integration/targets/test_aws_setup_credentials/tasks/main.yml +++ b/tests/integration/targets/test_aws_setup_credentials/tasks/main.yml @@ -8,7 +8,7 @@ - name: Ensure credentials contain only aws_profile key ansible.builtin.assert: that: - - aws_role_credentials is defined - - aws_role_credentials.keys() | length == 1 - - '"aws_profile" in aws_role_credentials' - - aws_role_credentials.aws_profile == 'profile-1' + - aws_setup_credentials__aws_role_credentials is defined + - aws_setup_credentials__aws_role_credentials.keys() | length == 1 + - '"aws_profile" in aws_setup_credentials__aws_role_credentials' + - aws_setup_credentials__aws_role_credentials.aws_profile == 'profile-1'