From f26c16902e0d460f1a34141e8f8bafdb3b12ea31 Mon Sep 17 00:00:00 2001 From: Alina Buzachis Date: Mon, 14 Aug 2023 14:05:15 +0200 Subject: [PATCH] Yet another round of fixes Signed-off-by: Alina Buzachis --- roles/aws_setup_credentials/tasks/main.yml | 1 + .../tasks/main.yml | 15 +++---- .../tasks/main.yml | 18 +++++---- .../tasks/main.yml | 40 +++++++++++-------- .../tasks/main.yml | 13 +++--- .../tasks/main.yml | 16 ++++---- .../tasks/main.yml | 24 ++++++----- .../tasks/get_ec2_instance_info.yml | 7 ++-- .../tasks/get_rds_instance_info.yml | 3 +- .../test_aws_setup_credentials/tasks/main.yml | 18 +++++---- .../tasks/setup_classic.yml | 22 +++++----- .../tasks/setup_destination_peering.yml | 14 +++---- tox.ini | 6 +-- 13 files changed, 106 insertions(+), 91 deletions(-) diff --git a/roles/aws_setup_credentials/tasks/main.yml b/roles/aws_setup_credentials/tasks/main.yml index c005a3f..8a6ae74 100644 --- a/roles/aws_setup_credentials/tasks/main.yml +++ b/roles/aws_setup_credentials/tasks/main.yml @@ -2,6 +2,7 @@ - name: Define intial value for credentials ansible.builtin.set_fact: aws_setup_credentials__output: {} + - name: Create auth credentials ansible.builtin.include_tasks: read_option.yml with_dict: "{{ aws_connection_env }}" diff --git a/roles/connectivity_troubleshooter/tasks/main.yml b/roles/connectivity_troubleshooter/tasks/main.yml index 5e4e4f4..cc72943 100644 --- a/roles/connectivity_troubleshooter/tasks/main.yml +++ b/roles/connectivity_troubleshooter/tasks/main.yml @@ -1,11 +1,11 @@ --- # tasks file for roles/connectivity_troubleshooter -- name: Run 'connectivity_troubleshooter' +- name: Run cloud.aws_troubleshooting.connectivity_troubleshooter module_defaults: group/aws: "{{ aws_setup_credentials__output }}" block: - - name: Include 'connectivity_troubleshooter_validate' role + - name: Include cloud.aws_troubleshooting.connectivity_troubleshooter_validate role ansible.builtin.include_role: name: cloud.aws_troubleshooting.connectivity_troubleshooter_validate vars: @@ -17,9 +17,10 @@ - name: Fail when next hop type is not supported by this role ansible.builtin.fail: msg: Next hop type '{{ connectivity_troubleshooter_validate__next_hop }}' is not supported by this role - when: connectivity_troubleshooter_validate__next_hop != 'local' and not connectivity_troubleshooter_validate__next_hop.startswith('nat-') and not connectivity_troubleshooter_validate__next_hop.startswith('igw-') and not connectivity_troubleshooter_validate__next_hop.startswith('pcx-') + when: connectivity_troubleshooter_validate__next_hop != 'local' and not connectivity_troubleshooter_validate__next_hop.startswith('nat-') and not connectivity_troubleshooter_validate__next_hop.startswith('igw-') + and not connectivity_troubleshooter_validate__next_hop.startswith('pcx-') - - name: Include 'connectivity_troubleshooter_local' role + - name: Include cloud.aws_troubleshooting.connectivity_troubleshooter_local role ansible.builtin.include_role: name: cloud.aws_troubleshooting.connectivity_troubleshooter_local vars: @@ -30,7 +31,7 @@ connectivity_troubleshooter_local_source_port_range: "{{ connectivity_troubleshooter_source_port_range }}" when: "'local' == connectivity_troubleshooter_validate__next_hop" - - name: Include 'connectivity_troubleshooter_igw' role + - name: Include cloud.aws_troubleshooting.connectivity_troubleshooter_igw role ansible.builtin.include_role: name: cloud.aws_troubleshooting.connectivity_troubleshooter_igw vars: @@ -42,7 +43,7 @@ connectivity_troubleshooter_igw_source_port_range: "{{ connectivity_troubleshooter_source_port_range }}" when: "'igw-' in connectivity_troubleshooter_validate__next_hop" - - name: Include 'connectivity_troubleshooter_nat' role + - name: Include cloud.aws_troubleshooting.connectivity_troubleshooter_nat role ansible.builtin.include_role: name: cloud.aws_troubleshooting.connectivity_troubleshooter_nat vars: @@ -52,7 +53,7 @@ connectivity_troubleshooter_nat_source_port_range: "{{ connectivity_troubleshooter_source_port_range }}" when: "'nat-' in connectivity_troubleshooter_validate__next_hop" - - name: Include 'connectivity_troubleshooter_peering' role + - name: Include cloud.aws_troubleshooting.connectivity_troubleshooter_peering role ansible.builtin.include_role: name: cloud.aws_troubleshooting.connectivity_troubleshooter_peering vars: diff --git a/roles/connectivity_troubleshooter_igw/tasks/main.yml b/roles/connectivity_troubleshooter_igw/tasks/main.yml index 729fa0f..1a8a997 100644 --- a/roles/connectivity_troubleshooter_igw/tasks/main.yml +++ b/roles/connectivity_troubleshooter_igw/tasks/main.yml @@ -1,37 +1,39 @@ --- # tasks file for roles/connectivity_troubleshooter_igw -- name: Run 'connectivity_troubleshooter_igw' role +- name: Run cloud.aws_troubleshooting.connectivity_troubleshooter_igw role block: - name: Fail when next hop type is not supported by this role ansible.legacy.fail: msg: Next hop type '{{ connectivity_troubleshooter_validate__next_hop }}' is not supported by this role when: "'igw-' not in connectivity_troubleshooter_validate__next_hop" - - name: Gather information about Source security groups + - name: Gather information about source security groups amazon.aws.ec2_security_group_info: filters: group_id: "{{ item }}" register: connectivity_troubleshooter_igw__src_security_groups with_items: "{{ connectivity_troubleshooter_igw__src_security_groups }}" - - name: Gather information about Source subnet network ACLs + - name: Gather information about source subnet network ACLs community.aws.ec2_vpc_nacl_info: filters: association.subnet-id: - "{{ src_subnet_id }}" register: connectivity_troubleshooter_igw__src_subnet_nacls - - name: Set 'src_subnet_nacls' variable + - name: Set source subnet NACLs ansible.legacy.set_fact: - connectivity_troubleshooter_igw__src_subnet_nacls: "{{ src_subnet_nacls | d([]) + [dict(connectivity_troubleshooter_igw__keys | zip(connectivity_troubleshooter_igw__vals))] }}" + connectivity_troubleshooter_igw__src_subnet_nacls: "{{ src_subnet_nacls | d([]) + [dict(connectivity_troubleshooter_igw__keys | zip(connectivity_troubleshooter_igw__vals))] + }}" loop: "{{ connectivity_troubleshooter_igw__src_subnet_nacls.nacls }}" vars: connectivity_troubleshooter_igw__keys: "{{ ['egress', 'ingress'] }}" connectivity_troubleshooter_igw__vals: "{{ ['egress', 'ingress'] | map('extract', item) }}" - - name: Set 'connectivity_troubleshooter_igw__src_security_groups_info' variable + - name: Set source security groups info ansible.legacy.set_fact: - connectivity_troubleshooter_igw__src_security_groups_info: "{{ connectivity_troubleshooter_igw__src_security_groups.results | sum(attribute='security_groups', start=[]) }}" + connectivity_troubleshooter_igw__src_security_groups_info: "{{ connectivity_troubleshooter_igw__src_security_groups.results | sum(attribute='security_groups', + start=[]) }}" - name: Evaluate ingress and egress netwok ACLs cloud.aws_troubleshooting.eval_src_igw_route: @@ -42,5 +44,5 @@ dst_port: "{{ connectivity_troubleshooter_igw_destination_port }}" src_network_interface: "{{ src_network_interface }}" src_security_groups_info: "{{ connectivity_troubleshooter_igw__src_security_groups_info }}" - src_network_acls: "{{connectivity_troubleshooter_igw__src_subnet_nacls }}" + src_network_acls: "{{ connectivity_troubleshooter_igw__src_subnet_nacls }}" register: connectivity_troubleshooter_igw__result_eval_src_igw_route diff --git a/roles/connectivity_troubleshooter_local/tasks/main.yml b/roles/connectivity_troubleshooter_local/tasks/main.yml index 3267670..c4a323c 100644 --- a/roles/connectivity_troubleshooter_local/tasks/main.yml +++ b/roles/connectivity_troubleshooter_local/tasks/main.yml @@ -1,24 +1,25 @@ --- # tasks file for roles/connectivity_troubleshooter_local -- name: Run 'connectivity_troubleshooter_local' role +- name: Run cloud.aws_troubleshooting.connectivity_troubleshooter_local role block: - name: Fail when next hop type is not supported by this role ansible.builtin.fail: msg: Next hop type '{{ connectivity_troubleshooter_validate__next_hop }}' is not supported by this role when: connectivity_troubleshooter_validate__next_hop != 'local' - - name: Gather information about Destination ENI + - name: Gather information about destination ENI amazon.aws.ec2_eni_info: filters: addresses.private-ip-address: "{{ connectivity_troubleshooter_local_destination_ip }}" register: connectivity_troubleshooter_local__describe_dst_eni - - name: Set 'connectivity_troubleshooter_local__dst_vpc_id', 'connectivity_troubleshooter_local__dst_subnet_id' and 'connectivity_troubleshooter_local__dst_security_groups' variables + - name: Set destination VPC id, subnet id and security groups ansible.builtin.set_fact: connectivity_troubleshooter_local__dst_vpc_id: "{{ connectivity_troubleshooter_local__dst_network_interface_info.vpc_id }}" connectivity_troubleshooter_local__dst_subnet_id: "{{ connectivity_troubleshooter_local__dst_network_interface_info.subnet_id }}" - connectivity_troubleshooter_local__dst_security_groups: "{{ connectivity_troubleshooter_local__dst_network_interface_info.groups | map(attribute='group_id') | list }}" + connectivity_troubleshooter_local__dst_security_groups: "{{ connectivity_troubleshooter_local__dst_network_interface_info.groups | map(attribute='group_id') + | list }}" vars: connectivity_troubleshooter_local__dst_network_interface_info: "{{ connectivity_troubleshooter_local__describe_dst_eni.network_interfaces.0 }}" @@ -32,28 +33,31 @@ msg: Kindly check the source route table to ensure a more specific route is present towards required destination VPC when: connectivity_troubleshooter_local_destination_vpc | default('', true) | trim and connectivity_troubleshooter_local_destination_vpc != connectivity_troubleshooter_local__dst_vpc_id - - name: Gather information about Source security groups + - name: Gather information about source security groups amazon.aws.ec2_security_group_info: filters: group_id: "{{ item }}" register: connectivity_troubleshooter_local__src_security_groups_info with_items: "{{ connectivity_troubleshooter_local__src_security_groups }}" - - name: Gather information about Destination security group + - name: Gather information about destination security group amazon.aws.ec2_security_group_info: filters: group_id: "{{ item }}" register: connectivity_troubleshooter_local__dst_security_groups_info with_items: "{{ connectivity_troubleshooter_local__dst_security_groups }}" - - name: Set 'connectivity_troubleshooter_local__src_security_groups_info' and 'connectivity_troubleshooter_local__dst_security_groups_info' variables + - name: Set source and destination security groups info ansible.builtin.set_fact: - connectivity_troubleshooter_local__src_security_groups_info: "{{ connectivity_troubleshooter_local__src_security_groups_info.results | sum(attribute='security_groups', start=[]) }}" - connectivity_troubleshooter_local__dst_security_groups_info: "{{ connectivity_troubleshooter_local__dst_security_groups_info.results | sum(attribute='security_groups', start=[]) }}" + connectivity_troubleshooter_local__src_security_groups_info: "{{ connectivity_troubleshooter_local__src_security_groups_info.results | sum(attribute='security_groups', + start=[]) }}" + connectivity_troubleshooter_local__dst_security_groups_info: "{{ connectivity_troubleshooter_local__dst_security_groups_info.results | sum(attribute='security_groups', + start=[]) }}" - - name: Set 'connectivity_troubleshooter_local__security_groups_info' variable + - name: Set security groups info ansible.builtin.set_fact: - connectivity_troubleshooter_local__security_groups_info: "{{ connectivity_troubleshooter_local__security_groups_info | default([]) + item.security_groups }}" + connectivity_troubleshooter_local__security_groups_info: "{{ connectivity_troubleshooter_local__security_groups_info | default([]) + item.security_groups + }}" with_items: - "{{ connectivity_troubleshooter_local__src_security_groups_info.results }}" - "{{ connectivity_troubleshooter_local__dst_security_groups_info.results }}" @@ -68,31 +72,33 @@ security_groups: "{{ connectivity_troubleshooter_local__security_groups_info }}" register: connectivity_troubleshooter_local__result_eval_security_groups - - name: Gather information about Source subnet network ACLs + - name: Gather information about source subnet network ACLs community.aws.ec2_vpc_nacl_info: filters: association.subnet-id: - "{{ src_subnet_id }}" register: connectivity_troubleshooter_local__network_acls_info - - name: Set 'connectivity_troubleshooter_local__src_network_acls_info' variable + - name: Set source NACLs info ansible.builtin.set_fact: - connectivity_troubleshooter_local__src_network_acls_info: "{{ connectivity_troubleshooter_local__src_network_acls_info | d([]) + [dict(_keys | zip(_vals))] }}" + connectivity_troubleshooter_local__src_network_acls_info: "{{ connectivity_troubleshooter_local__src_network_acls_info | d([]) + [dict(_keys | zip(_vals))] + }}" loop: "{{ connectivity_troubleshooter_local__network_acls_info.nacls }}" vars: _keys: "{{ ['egress', 'ingress'] }}" _vals: "{{ ['egress', 'ingress'] | map('extract', item) }}" - - name: Gather information about Destination network ACLs + - name: Gather information about destination network ACLs community.aws.ec2_vpc_nacl_info: filters: association.subnet-id: - "{{ dst_subnet_id }}" register: connectivity_troubleshooter_local__network_acls_info - - name: Set 'connectivity_troubleshooter_local__dst_network_acls_info' variable + - name: Set destination NACLs info ansible.builtin.set_fact: - connectivity_troubleshooter_local__dst_network_acls_info: "{{ connectivity_troubleshooter_local__dst_network_acls_info | d([]) + [dict(connectivity_troubleshooter_local__keys | zip(connectivity_troubleshooter_local__vals))] }}" + connectivity_troubleshooter_local__dst_network_acls_info: "{{ connectivity_troubleshooter_local__dst_network_acls_info | d([]) + [dict(connectivity_troubleshooter_local__keys + | zip(connectivity_troubleshooter_local__vals))] }}" loop: "{{ connectivity_troubleshooter_local__network_acls_info.nacls }}" vars: connectivity_troubleshooter_local__keys: "{{ ['egress', 'ingress'] }}" diff --git a/roles/connectivity_troubleshooter_nat/tasks/main.yml b/roles/connectivity_troubleshooter_nat/tasks/main.yml index da08570..a492af9 100644 --- a/roles/connectivity_troubleshooter_nat/tasks/main.yml +++ b/roles/connectivity_troubleshooter_nat/tasks/main.yml @@ -1,7 +1,7 @@ --- # tasks file for roles/connectivity_troubleshooter_nat -- name: Run 'connectivity_troubleshooter_nat' role +- name: Run cloud.aws_troubleshooting.connectivity_troubleshooter_nat role block: - name: Fail when next hop type is not supported by this role ansible.builtin.fail: @@ -14,7 +14,7 @@ nat-gateway-id: "{{ connectivity_troubleshooter_validate__next_hop }}" register: connectivity_troubleshooter_nat__describe_nat_gw - - name: Set 'connectivity_troubleshooter_nat__nat_subnet_id' and 'connectivity_troubleshooter_nat__nat_vpc_id' variables + - name: Set NAT subnet id and NAT VPC id ansible.builtin.set_fact: connectivity_troubleshooter_nat__nat_subnet_id: "{{ connectivity_troubleshooter_nat__nat_gw_info.subnet_id }}" connectivity_troubleshooter_nat__nat_vpc_id: "{{ connectivity_troubleshooter_nat__nat_gw_info.vpc_id }}" @@ -27,9 +27,10 @@ association.subnet-id: "{{ connectivity_troubleshooter_nat__describe_nat_gwnat_subnet_id }}" register: connectivity_troubleshooter_nat__nat_network_acls_info - - name: Set 'connectivity_troubleshooter__nat_network_acls' variable + - name: Set NAT NACLs ansible.builtin.set_fact: - connectivity_troubleshooter_nat__nat_network_acls: "{{ connectivity_troubleshooter_nat__nat_network_acls | d([]) + [dict(connectivity_troubleshooter_nat__keys | zip(connectivity_troubleshooter_nat__vals))] }}" + connectivity_troubleshooter_nat__nat_network_acls: "{{ connectivity_troubleshooter_nat__nat_network_acls | d([]) + [dict(connectivity_troubleshooter_nat__keys + | zip(connectivity_troubleshooter_nat__vals))] }}" loop: "{{ connectivity_troubleshooter_nat__nat_network_acls_info.nacls }}" vars: connectivity_troubleshooter_nat__keys: "{{ ['egress', 'ingress'] }}" @@ -42,7 +43,7 @@ - "{{ connectivity_troubleshooter_nat__nat_subnet_id }}" register: connectivity_troubleshooter_nat__nat_route_table - - name: Set 'nat_routes' variable + - name: Set NAT routes ansible.builtin.set_fact: connectivity_troubleshooter_nat__nat_routes: "{{ connectivity_troubleshooter_nat__nat_route_table.route_tables.0.routes }}" when: connectivity_troubleshooter_nat__nat_route_table.route_tables | length > 0 @@ -63,7 +64,7 @@ msg: Could not find route table for NAT Gateway when: connectivity_troubleshooter_nat__nat_route_table_retry.route_tables | length == 0 - - name: Set 'nat_routes' variable + - name: Set NAT routest ansible.builtin.set_fact: connectivity_troubleshooter_nat__nat_routes: "{{ connectivity_troubleshooter_nat__nat_route_table_retry.route_tables.0.routes }}" diff --git a/roles/connectivity_troubleshooter_peering/tasks/main.yml b/roles/connectivity_troubleshooter_peering/tasks/main.yml index f6ae78d..35897e6 100644 --- a/roles/connectivity_troubleshooter_peering/tasks/main.yml +++ b/roles/connectivity_troubleshooter_peering/tasks/main.yml @@ -1,7 +1,7 @@ --- # tasks file for roles/connectivity_troubleshooter_peering_destination -- name: Run 'connectivity_troubleshooter_peering' role +- name: Run cloud.aws_troubleshooting.connectivity_troubleshooter_peering role block: - name: Fail when next hop type is not supported by this role ansible.builtin.fail: @@ -15,27 +15,27 @@ - "{{ connectivity_troubleshooter_validate__next_hop }}" register: connectivity_troubleshooter_peering__vpc_peering_connection_info - - name: Gather information about Network Interface of the Destination peer + - name: Gather information about Network Interface of the destination peer amazon.aws.ec2_eni_info: filters: addresses.private-ip-address: "{{ connectivity_troubleshooter_peering_destination_ip }}" register: connectivity_troubleshooter_peering__dst_peer_eni - - name: Set 'connectivity_troubleshooter_peering__dst_peer_vpc_id' and 'connectivity_troubleshooter_peering__dst_peer_subnet_id' variables + - name: Set destination peer VPC id and subnet id ansible.builtin.set_fact: connectivity_troubleshooter_peering__dst_peer_vpc_id: "{{ connectivity_troubleshooter_peering__dst_peer_eni_info.vpc_id }}" connectivity_troubleshooter_peering__dst_peer_subnet_id: "{{ connectivity_troubleshooter_peering__dst_peer_eni_info.subnet_id }}" vars: connectivity_troubleshooter_peering__dst_peer_eni_info: "{{ connectivity_troubleshooter_peering__dst_peer_eni.network_interfaces.0 }}" - - name: Gather information about Destination peer subnet + - name: Gather information about destination peer subnet amazon.aws.ec2_vpc_route_table_info: filters: association.subnet-id: - "{{ connectivity_troubleshooter_peering__dst_peer_subnet_id }}" register: connectivity_troubleshooter_peering__dst_peer_route_table - - name: Set 'routes' variable + - name: Set routes ansible.builtin.set_fact: connectivity_troubleshooter_validate__routes: "{{ connectivity_troubleshooter_peering__dst_peer_route_table.route_tables.0.routes }}" when: connectivity_troubleshooter_peering__dst_peer_route_table.route_tables | length > 0 @@ -44,19 +44,19 @@ - name: Gather information about VPC route table using association.main=true when: connectivity_troubleshooter_peering__dst_peer_route_table.route_tables | length == 0 block: - - name: Gather information about Destination peer subnet + - name: Gather information about destination peer subnet amazon.aws.ec2_vpc_route_table_info: filters: association.main: "true" vpc-id: "{{ connectivity_troubleshooter_peering__dst_peer_vpc_id }}" register: connectivity_troubleshooter_peering__dst_peer_route_table_retry - - name: Fail when no route table for Destination peer is found + - name: Fail when no route table for destination peer is found ansible.builtin.fail: msg: Could not find route table for Destination peer when: connectivity_troubleshooter_peering__dst_peer_route_table_retry.route_tables | length == 0 - - name: Set 'routes' variable + - name: Set routes ansible.builtin.set_fact: connectivity_troubleshooter_peering__routes: "{{ connectivity_troubleshooter_peering__dst_peer_route_table_retry.route_tables.0.routes }}" diff --git a/roles/connectivity_troubleshooter_validate/tasks/main.yml b/roles/connectivity_troubleshooter_validate/tasks/main.yml index 2707915..2d3c7cd 100644 --- a/roles/connectivity_troubleshooter_validate/tasks/main.yml +++ b/roles/connectivity_troubleshooter_validate/tasks/main.yml @@ -1,7 +1,7 @@ --- # tasks file for roles/connectivity_troubleshooter_validate -- name: Run 'connectivity_troubleshooter_validate' role +- name: Run cloud.aws_troubleshooting.connectivity_troubleshooter_validate role block: - name: Fail when the IPv4 address of the resource you want to connect is not defined ansible.builtin.fail: @@ -23,15 +23,16 @@ msg: connectivity_troubleshooter_validate_source_ip and connectivity_troubleshooter_validate_destination_ip are same, kindly provide different values when: connectivity_troubleshooter_validate_source_ip == connectivity_troubleshooter_validate_destination_ip - - name: Set 'connectivity_troubleshooter_validate__filter_eni' variable + - name: Set connectivity_troubleshooter_validate__filter_eni variable ansible.builtin.set_fact: connectivity_troubleshooter_validate__filter_eni: { addresses.private-ip-address: "{{ connectivity_troubleshooter_validate_source_ip }}" } - - name: Set 'connectivity_troubleshooter_validate__filter_eni' variable + - name: Set connectivity_troubleshooter_validate__filter_eni variable ansible.builtin.set_fact: - connectivity_troubleshooter_validate__filter_eni: "{{ connectivity_troubleshooter_validate__filter_eni | combine({'vpc-id': connectivity_troubleshooter_validate_source_vpc}) }}" + connectivity_troubleshooter_validate__filter_eni: "{{ connectivity_troubleshooter_validate__filter_eni | combine({'vpc-id': connectivity_troubleshooter_validate_source_vpc}) + }}" when: connectivity_troubleshooter_validate_source_vpc | default('', true) | trim != '' - - name: Gather information about Source ENI + - name: Gather information about source ENI amazon.aws.ec2_eni_info: filters: "{{ connectivity_troubleshooter_validate__filter_eni }}" register: connectivity_troubleshooter_validate__describe_src_eni @@ -42,22 +43,23 @@ found when: connectivity_troubleshooter_validate__describe_src_eni['network_interfaces'] | length == 0 - - name: Set 'connectivity_troubleshooter_validate__src_subnet_id', 'connectivity_troubleshooter_validate__src_vpc_id', 'connectivity_troubleshooter_validate__src_security_groups' and 'connectivity_troubleshooter_validate__src_network_interface' variables + - name: Set source subnet id, VPC id, security groups and network interface ansible.builtin.set_fact: connectivity_troubleshooter_validate__src_subnet_id: "{{ connectivity_troubleshooter_validate__src_network_interface_info.subnet_id }}" connectivity_troubleshooter_validate__src_vpc_id: "{{ connectivity_troubleshooter_validate__src_network_interface_info.vpc_id }}" - connectivity_troubleshooter_validate__src_security_groups: "{{ connectivity_troubleshooter_validate__src_network_interface_info.groups | map(attribute='group_id') | list }}" + connectivity_troubleshooter_validate__src_security_groups: "{{ connectivity_troubleshooter_validate__src_network_interface_info.groups | map(attribute='group_id') + | list }}" connectivity_troubleshooter_validate__src_network_interface: "{{ connectivity_troubleshooter_validate__src_network_interface_info }}" vars: connectivity_troubleshooter_validate__src_network_interface_info: "{{ connectivity_troubleshooter_validate__describe_src_eni.network_interfaces.0 }}" - - name: Gather information about Source VPC route table + - name: Gather information about source VPC route table amazon.aws.ec2_vpc_route_table_info: filters: association.subnet-id: "{{ connectivity_troubleshooter_validate__src_subnet_id }}" register: connectivity_troubleshooter_validate__src_route_table - - name: Set 'connectivity_troubleshooter_validate__routes' variable + - name: Set routes ansible.builtin.set_fact: connectivity_troubleshooter_validate__routes: "{{ connectivity_troubleshooter_validate__src_route_table.route_tables.0.routes }}" when: connectivity_troubleshooter_validate__src_route_table.route_tables | length > 0 @@ -78,7 +80,7 @@ msg: Could not find route table for connectivity_troubleshooter_validate_source_ip when: connectivity_troubleshooter_validate__src_route_table_retry.route_tables | length == 0 - - name: Set 'connectivity_troubleshooter_validate__routes' variable + - name: Set routes ansible.builtin.set_fact: connectivity_troubleshooter_validate__routes: "{{ connectivity_troubleshooter_validate__src_route_table_retry.route_tables.0.routes }}" @@ -88,6 +90,6 @@ routes: "{{ connectivity_troubleshooter_validate__routes }}" register: connectivity_troubleshooter_validate__result_next_hop - - name: Set 'connectivity_troubleshooter_validate__next_hop' variable + - name: Set next hop ansible.builtin.set_fact: connectivity_troubleshooter_validate__next_hop: "{{ connectivity_troubleshooter_validate__result_next_hop.next_hop }}" diff --git a/roles/troubleshoot_rds_connectivity/tasks/get_ec2_instance_info.yml b/roles/troubleshoot_rds_connectivity/tasks/get_ec2_instance_info.yml index c733f29..9a05285 100644 --- a/roles/troubleshoot_rds_connectivity/tasks/get_ec2_instance_info.yml +++ b/roles/troubleshoot_rds_connectivity/tasks/get_ec2_instance_info.yml @@ -10,13 +10,14 @@ msg: "EC2 instance not found with id: {{ troubleshoot_rds_connectivity_ec2_instance_id }}" when: troubleshoot_rds_connectivity__result.instances | length == 0 -- name: Set 'roubleshoot_rds_connectivity__ec2_security_group_ids', 'roubleshoot_rds_connectivity__ec2_subnet_id', 'roubleshoot_rds_connectivity__ec2_vpc_id' and 'roubleshoot_rds_connectivity__ec2_private_ip_addrs' variables +- name: Set 'roubleshoot_rds_connectivity__ec2_security_group_ids', 'roubleshoot_rds_connectivity__ec2_subnet_id', 'roubleshoot_rds_connectivity__ec2_vpc_id' and + 'roubleshoot_rds_connectivity__ec2_private_ip_addrs' variables ansible.builtin.set_fact: troubleshoot_rds_connectivity__ec2_security_group_ids: "{{ ec2_instance_info.security_groups | map(attribute='group_id') | list }}" troubleshoot_rds_connectivity__ec2_subnet_id: "{{ ec2_instance_info.subnet_id }}" troubleshoot_rds_connectivity__ec2_vpc_id: "{{ ec2_instance_info.vpc_id }}" - troubleshoot_rds_connectivity__ec2_private_ip_addrs: "{{ ec2_instance_info.network_interfaces | map(attribute='private_ip_addresses') | flatten | map(attribute='private_ip_address') | list\ - \ }}" + troubleshoot_rds_connectivity__ec2_private_ip_addrs: "{{ ec2_instance_info.network_interfaces | map(attribute='private_ip_addresses') | flatten | map(attribute='private_ip_address') + | list }}" vars: ec2_instance_info: "{{ troubleshoot_rds_connectivity__result.instances.0 }}" diff --git a/roles/troubleshoot_rds_connectivity/tasks/get_rds_instance_info.yml b/roles/troubleshoot_rds_connectivity/tasks/get_rds_instance_info.yml index 64ba1bf..4b1693a 100644 --- a/roles/troubleshoot_rds_connectivity/tasks/get_rds_instance_info.yml +++ b/roles/troubleshoot_rds_connectivity/tasks/get_rds_instance_info.yml @@ -14,7 +14,8 @@ msg: Bad DB instance status, expecting 'available', found '{{ troubleshoot_rds_connectivity__rds_info.instances.0.db_instance_status }}' when: troubleshoot_rds_connectivity__rds_info.instances.0.db_instance_status != "available" -- name: Set 'troubleshoot_rds_connectivity__rds_instance_endpoint_addr', 'troubleshoot_rds_connectivity__rds_instance_endpoint_port', 'troubleshoot_rds_connectivity__rds_instance_subnets', 'troubleshoot_rds_connectivity__rds_instance_vpc_id' and 'troubleshoot_rds_connectivity__rds_instance_vpc_security_groups' variables +- name: Set 'troubleshoot_rds_connectivity__rds_instance_endpoint_addr', 'troubleshoot_rds_connectivity__rds_instance_endpoint_port', 'troubleshoot_rds_connectivity__rds_instance_subnets', + 'troubleshoot_rds_connectivity__rds_instance_vpc_id' and 'troubleshoot_rds_connectivity__rds_instance_vpc_security_groups' variables ansible.builtin.set_fact: troubleshoot_rds_connectivity__rds_instance_endpoint_addr: "{{ rds_instance_info.endpoint.address }}" troubleshoot_rds_connectivity__rds_instance_endpoint_port: "{{ rds_instance_info.endpoint.port }}" diff --git a/tests/integration/targets/test_aws_setup_credentials/tasks/main.yml b/tests/integration/targets/test_aws_setup_credentials/tasks/main.yml index a08034d..820ffc4 100644 --- a/tests/integration/targets/test_aws_setup_credentials/tasks/main.yml +++ b/tests/integration/targets/test_aws_setup_credentials/tasks/main.yml @@ -3,12 +3,14 @@ ansible.builtin.include_role: name: cloud.aws_troubleshooting.aws_setup_credentials vars: - aws_profile: default + aws_security_token: '{{ security_token | default(omit) }}' -- name: Ensure credentials contain only aws_profile key - ansible.builtin.assert: - that: - - aws_setup_credentials__output is defined - - aws_setup_credentials__output.keys() | length == 1 - - '"aws_profile" in aws_setup_credentials__output' - - aws_setup_credentials__output.aws_profile == 'default' +- name: Trying calling module using generating credentials + module_defaults: + group/aws: + "{{ aws_setup_credentials__output }}" + block: + - name: Get instances to be terminated + amazon.aws.ec2_instance_info: + filters: + instance-state-name: 'running' diff --git a/tests/integration/targets/test_connectivity_troubleshooter/tasks/setup_classic.yml b/tests/integration/targets/test_connectivity_troubleshooter/tasks/setup_classic.yml index a0c7c4c..2a9d512 100644 --- a/tests/integration/targets/test_connectivity_troubleshooter/tasks/setup_classic.yml +++ b/tests/integration/targets/test_connectivity_troubleshooter/tasks/setup_classic.yml @@ -38,7 +38,7 @@ subnets: - "{{ __subnet_private_public.results[0].subnet.id }}" routes: - - dest: 0.0.0.0/0 + - dest: "0.0.0.0/0" gateway_id: "{{ __create_igw.gateway_id }}" register: __route_table_public @@ -57,7 +57,7 @@ subnets: - "{{ __subnet_private_public.results[1].subnet.id }}" routes: - - dest: 0.0.0.0/0 + - dest: "0.0.0.0/0" gateway_id: "{{ __create_nat_gw.nat_gateway_id }}" register: __route_table_private @@ -71,24 +71,24 @@ - proto: udp from_port: 12345 to_port: 12345 - cidr_ip: 0.0.0.0/0 + cidr_ip: "0.0.0.0/0" - proto: tcp from_port: 22 to_port: 22 - cidr_ip: 0.0.0.0/0 + cidr_ip: "0.0.0.0/0" - proto: tcp from_port: 443 to_port: 443 - cidr_ip: 0.0.0.0/0 + cidr_ip: "0.0.0.0/0" - proto: tcp from_port: 80 to_port: 80 - cidr_ip: 0.0.0.0/0 + cidr_ip: "0.0.0.0/0" rules_egress: - proto: tcp from_port: 80 to_port: 80 - cidr_ip: 0.0.0.0/0 + cidr_ip: "0.0.0.0/0" register: __security_group_in - name: Create public Security Group @@ -101,19 +101,19 @@ - proto: udp from_port: 12345 to_port: 12345 - cidr_ip: 0.0.0.0/0 + cidr_ip: "0.0.0.0/0" - proto: tcp from_port: 22 to_port: 22 - cidr_ip: 0.0.0.0/0 + cidr_ip: "0.0.0.0/0" - proto: tcp from_port: 443 to_port: 443 - cidr_ip: 0.0.0.0/0 + cidr_ip: "0.0.0.0/0" - proto: tcp from_port: 80 to_port: 80 - cidr_ip: 0.0.0.0/0 + cidr_ip: "0.0.0.0/0" - proto: tcp from_port: 3128 to_port: 3128 diff --git a/tests/integration/targets/test_connectivity_troubleshooter/tasks/setup_destination_peering.yml b/tests/integration/targets/test_connectivity_troubleshooter/tasks/setup_destination_peering.yml index f367e4e..e7fe3e1 100644 --- a/tests/integration/targets/test_connectivity_troubleshooter/tasks/setup_destination_peering.yml +++ b/tests/integration/targets/test_connectivity_troubleshooter/tasks/setup_destination_peering.yml @@ -74,7 +74,7 @@ routes: - dest: "{{ vpc_1_subnet_cidr_1 }}" vpc_peering_connection_id: "{{ __create_vpc_peering.peering_id }}" - - dest: 0.0.0.0/0 + - dest: "0.0.0.0/0" gateway_id: "{{ __create_igw.gateway_id }}" register: __route_table_in @@ -88,15 +88,15 @@ - proto: udp from_port: 12345 to_port: 12345 - cidr_ip: 0.0.0.0/0 + cidr_ip: "0.0.0.0/0" - proto: tcp from_port: 22 to_port: 22 - cidr_ip: 0.0.0.0/0 + cidr_ip: "0.0.0.0/0" - proto: tcp from_port: 443 to_port: 443 - cidr_ip: 0.0.0.0/0 + cidr_ip: "0.0.0.0/0" register: __security_group_in - name: Out Security Group @@ -109,15 +109,15 @@ - proto: udp from_port: 12345 to_port: 12345 - cidr_ip: 0.0.0.0/0 + cidr_ip: "0.0.0.0/0" - proto: tcp from_port: 22 to_port: 22 - cidr_ip: 0.0.0.0/0 + cidr_ip: "0.0.0.0/0" - proto: tcp from_port: 443 to_port: 443 - cidr_ip: 0.0.0.0/0 + cidr_ip: "0.0.0.0/0" - proto: tcp from_port: 3128 to_port: 3128 diff --git a/tox.ini b/tox.ini index 3640c0a..c849b3f 100644 --- a/tox.ini +++ b/tox.ini @@ -6,19 +6,17 @@ skipsdist = True deps = -r{toxinidir}/requirements.txt -r{toxinidir}/test-requirements.txt install_command = pip install {opts} {packages} -setenv = - LC_ALL=C.UTF-8 [testenv:black] deps = - black >= 22.0, < 23.0 + black >= 23.0, < 24.0 commands = black {toxinidir}/plugins {toxinidir}/tests [testenv:ansible-lint] deps = - ansible-lint>=6.7.0 + ansible-lint==6.17.2 commands = ansible-lint --profile production --format pep8 --nocolor --strict --write {toxinidir}/roles {toxinidir}/tests [testenv:linters]