Skip to content

Commit

Permalink
Add tests and fix remaining bug
Browse files Browse the repository at this point in the history
  • Loading branch information
@hakbailey
hakbailey committed Jun 26, 2023
1 parent 5f6d529 commit 512ee9c
Show file tree
Hide file tree
Showing 2 changed files with 162 additions and 5 deletions.
2 changes: 1 addition & 1 deletion plugins/modules/backup_vault.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ def tag_vault(module, client, tags, vault_arn, curr_tags=None, purge_tags=True):

if tags_to_remove:
try:
client.untag_resource(ResourceArn=vault_arn, Tags=tags_to_remove)
client.untag_resource(ResourceArn=vault_arn, TagKeyList=tags_to_remove)
except (BotoCoreError, ClientError) as err:
module.fail_json_aws(err, msg="Failed to remove tags from the vault")

Expand Down
165 changes: 161 additions & 4 deletions tests/integration/targets/backup_vault/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,20 +72,177 @@
- backup_vault_result_idem.vault.encryption_key_arn == key.key_arn
- backup_vault_result_idem.vault.tags.environment == "dev"

- name: Update AWS Backup Vault - check mode
amazon.aws.backup_vault:
backup_vault_name: "{{ backup_vault_name }}"
tags:
owner: ansible
purge_tags: false
check_mode: true
register: backup_vault_update_check_mode_result

- name: Verify check mode update result
assert:
that:
- backup_vault_update_check_mode_result is changed
- backup_vault_update_check_mode_result.vault.backup_vault_name == backup_vault_name
- backup_vault_update_check_mode_result.vault.encryption_key_arn == key.key_arn
- backup_vault_update_check_mode_result.vault.tags.environment == "dev"
- backup_vault_update_check_mode_result.vault.tags.owner == "ansible"

- name: Get backup vault info
amazon.aws.backup_vault_info:
backup_vault_names:
- "{{ backup_vault_name }}"
register: update_check_mode_vault_info

- name: Verify backup vault was not updated in check mode
ansible.builtin.assert:
that:
- update_check_mode_vault_info.backup_vaults[0].backup_vault_name == vault_info.backup_vaults[0].backup_vault_name
- update_check_mode_vault_info.backup_vaults[0].encryption_key_arn == vault_info.backup_vaults[0].encryption_key_arn
- update_check_mode_vault_info.backup_vaults[0].backup_vault_arn == vault_info.backup_vaults[0].backup_vault_arn
- update_check_mode_vault_info.backup_vaults[0].tags == vault_info.backup_vaults[0].tags

- name: Update AWS Backup Vault
amazon.aws.backup_vault:
backup_vault_name: "{{ backup_vault_name }}"
encryption_key_arn: "{{ key.key_arn }}"
tags:
environment: test
owner: ansible
purge_tags: false
register: backup_vault_update_result

- assert:
- name: Verify update result
ansible.builtin.assert:
that:
- backup_vault_update_result is changed
- backup_vault_update_result.vault.backup_vault_name == backup_vault_name
- backup_vault_update_result.vault.encryption_key_arn == key.key_arn
- backup_vault_update_result.vault.tags.environment == "test"
- backup_vault_update_result.vault.tags.environment == "dev"
- backup_vault_update_check_mode_result.vault.tags.owner == "ansible"

- name: Get updated backup vault info
amazon.aws.backup_vault_info:
backup_vault_names:
- "{{ backup_vault_name }}"
register: updated_vault_info

- name: Verify backup vault was updated
ansible.builtin.assert:
that:
- updated_vault_info.backup_vaults[0].backup_vault_name == vault_info.backup_vaults[0].backup_vault_name
- updated_vault_info.backup_vaults[0].backup_vault_arn == vault_info.backup_vaults[0].backup_vault_arn
- updated_vault_info.backup_vaults[0].encryption_key_arn == vault_info.backup_vaults[0].encryption_key_arn
- updated_vault_info.backup_vaults[0].tags != vault_info.backup_vaults[0].tags

- name: Update AWS Backup Vault - idempotency
amazon.aws.backup_vault:
backup_vault_name: "{{ backup_vault_name }}"
tags:
owner: ansible
purge_tags: false
register: backup_vault_update_idempotency_result

- name: Verify idempotency update result
ansible.builtin.assert:
that:
- backup_vault_update_idempotency_result is not changed

- name: Get backup vault info
amazon.aws.backup_vault_info:
backup_vault_names:
- "{{ backup_vault_name }}"
register: updated_vault_info_idempotency

- name: Verify backup vault was not updated
ansible.builtin.assert:
that:
- updated_vault_info_idempotency.backup_vaults[0].backup_vault_name == updated_vault_info.backup_vaults[0].backup_vault_name
- updated_vault_info_idempotency.backup_vaults[0].backup_vault_arn == updated_vault_info.backup_vaults[0].backup_vault_arn
- updated_vault_info_idempotency.backup_vaults[0].encryption_key_arn == updated_vault_info.backup_vaults[0].encryption_key_arn
- updated_vault_info_idempotency.backup_vaults[0].tags == updated_vault_info.backup_vaults[0].tags

- name: Update tags with purge - check mode
amazon.aws.backup_vault:
backup_vault_name: "{{ backup_vault_name }}"
tags:
environment: test
purge_tags: true
check_mode: true
register: backup_vault_update_tags_check_mode_result

- name: Verify check mode tag update result
ansible.builtin.assert:
that:
- backup_vault_update_tags_check_mode_result is changed
- backup_vault_update_tags_check_mode_result.vault.backup_vault_name == backup_vault_name
- backup_vault_update_tags_check_mode_result.vault.tags | length == 1
- backup_vault_update_tags_check_mode_result.vault.tags.environment == "test"

- name: Get backup vault info
amazon.aws.backup_vault_info:
backup_vault_names:
- "{{ backup_vault_name }}"
register: update_tags_check_mode_info

- name: Verify backup vault tags were not updated in check mode
ansible.builtin.assert:
that:
- update_tags_check_mode_info.backup_vaults[0].backup_vault_name == updated_vault_info.backup_vaults[0].backup_vault_name
- update_tags_check_mode_info.backup_vaults[0].tags == updated_vault_info.backup_vaults[0].tags

- name: Update tags with purge
amazon.aws.backup_vault:
backup_vault_name: "{{ backup_vault_name }}"
tags:
environment: test
purge_tags: true
register: backup_vault_update_tags_result

- name: Verify update tags with purge result
ansible.builtin.assert:
that:
- backup_vault_update_tags_result is changed
- backup_vault_update_tags_result.vault.backup_vault_name == backup_vault_name
- backup_vault_update_tags_result.vault.tags | length == 1
- backup_vault_update_tags_result.vault.tags.environment == "test"

- name: Get backup vault info
amazon.aws.backup_vault_info:
backup_vault_names:
- "{{ backup_vault_name }}"
register: updated_tags_info

- name: Verify backup vault tags were updated
ansible.builtin.assert:
that:
- updated_tags_info.backup_vaults[0].backup_vault_name == updated_vault_info.backup_vaults[0].backup_vault_name
- updated_tags_info.backup_vaults[0].tags != updated_vault_info.backup_vaults[0].tags

- name: Update tags with purge - idempotency
amazon.aws.backup_vault:
backup_vault_name: "{{ backup_vault_name }}"
tags:
environment: test
purge_tags: true
register: backup_vault_update_tags_idempotency_result

- name: Verify update tags with purge idempotency result
ansible.builtin.assert:
that:
- backup_vault_update_tags_idempotency_result is not changed

- name: Get backup vault info
amazon.aws.backup_vault_info:
backup_vault_names:
- "{{ backup_vault_name }}"
register: updated_tags_idempotency_info

- name: Verify no changes were made
ansible.builtin.assert:
that:
- updated_tags_idempotency_info.backup_vaults[0].backup_vault_name == updated_tags_info.backup_vaults[0].backup_vault_name
- updated_tags_idempotency_info.backup_vaults[0].tags == updated_tags_info.backup_vaults[0].tags

always:
- name: Delete AWS Backup Vault created during this test
Expand Down

0 comments on commit 512ee9c

Please sign in to comment.