1---
2- name: ec2_vpc_endpoint tests
3  collections:
4    - amazon.aws
5
6  module_defaults:
7    group/aws:
8      aws_access_key: "{{ aws_access_key }}"
9      aws_secret_key: "{{ aws_secret_key }}"
10      security_token: "{{ security_token | default(omit) }}"
11      region: "{{ aws_region }}"
12  block:
13  # ============================================================
14  # BEGIN PRE-TEST SETUP
15  - name: create a VPC
16    ec2_vpc_net:
17      state: present
18      name: "{{ vpc_name }}"
19      cidr_block: "{{ vpc_cidr }}"
20      tags:
21        AnsibleTest: 'ec2_vpc_endpoint'
22        AnsibleRun: '{{ resource_prefix }}'
23    register: vpc_creation
24  - name: Assert success
25    assert:
26      that:
27        - vpc_creation is successful
28
29  - name: Create an IGW
30    ec2_vpc_igw:
31      vpc_id: "{{ vpc_creation.vpc.id }}"
32      state: present
33      tags:
34        Name: "{{ resource_prefix }}"
35        AnsibleTest: 'ec2_vpc_endpoint'
36        AnsibleRun: '{{ resource_prefix }}'
37    register: igw_creation
38  - name: Assert success
39    assert:
40      that:
41        - igw_creation is successful
42
43  - name: Create a minimal route table (no routes)
44    ec2_vpc_route_table:
45      vpc_id: '{{ vpc_creation.vpc.id }}'
46      tags:
47        AnsibleTest: 'ec2_vpc_endpoint'
48        AnsibleRun: '{{ resource_prefix }}'
49        Name: '{{ resource_prefix }}-empty'
50      subnets: []
51      routes: []
52    register: rtb_creation_empty
53
54  - name: Create a minimal route table (with IGW)
55    ec2_vpc_route_table:
56      vpc_id: '{{ vpc_creation.vpc.id }}'
57      tags:
58        AnsibleTest: 'ec2_vpc_endpoint'
59        AnsibleRun: '{{ resource_prefix }}'
60        Name: '{{ resource_prefix }}-igw'
61      subnets: []
62      routes:
63        - dest: 0.0.0.0/0
64          gateway_id: "{{ igw_creation.gateway_id }}"
65    register: rtb_creation_igw
66
67  - name: Save VPC info in a fact
68    set_fact:
69      vpc_id: '{{ vpc_creation.vpc.id }}'
70      rtb_empty_id: '{{ rtb_creation_empty.route_table.id }}'
71      rtb_igw_id: '{{ rtb_creation_igw.route_table.id }}'
72
73  # ============================================================
74  # BEGIN TESTS
75
76  # Minimal check_mode with _info
77  - name: Fetch Endpoints in check_mode
78    ec2_vpc_endpoint_info:
79      query: endpoints
80    register: endpoint_info
81    check_mode: True
82  - name: Assert success
83    assert:
84      that:
85        # May be run in parallel, the only thing we can guarantee is
86        # - we shouldn't error
87        # - we should return 'vpc_endpoints' (even if it's empty)
88        - endpoint_info is successful
89        - '"vpc_endpoints" in endpoint_info'
90
91  - name: Fetch Services in check_mode
92    ec2_vpc_endpoint_info:
93      query: services
94    register: endpoint_info
95    check_mode: True
96  - name: Assert success
97    assert:
98      that:
99        - endpoint_info is successful
100        - '"service_names" in endpoint_info'
101        # This is just 2 arbitrary AWS services that should (generally) be
102        # available.  The actual list will vary over time and between regions
103        - endpoint_service_a in endpoint_info.service_names
104        - endpoint_service_b in endpoint_info.service_names
105
106  # Fetch services without check mode
107  # Note: Filters not supported on services via this module, this is all we can test for now
108  - name: Fetch Services
109    ec2_vpc_endpoint_info:
110      query: services
111    register: endpoint_info
112  - name: Assert success
113    assert:
114      that:
115        - endpoint_info is successful
116        - '"service_names" in endpoint_info'
117        # This is just 2 arbitrary AWS services that should (generally) be
118        # available.  The actual list will vary over time and between regions
119        - endpoint_service_a in endpoint_info.service_names
120        - endpoint_service_b in endpoint_info.service_names
121
122  # Attempt to create an endpoint
123  - name: Create minimal endpoint (check mode)
124    ec2_vpc_endpoint:
125      state: present
126      vpc_id: '{{ vpc_id }}'
127      service: '{{ endpoint_service_a }}'
128    register: create_endpoint_check
129    check_mode: True
130  - name: Assert changed
131    assert:
132      that:
133        - create_endpoint_check is changed
134
135  - name: Create minimal endpoint
136    ec2_vpc_endpoint:
137      state: present
138      vpc_id: '{{ vpc_id }}'
139      service: '{{ endpoint_service_a }}'
140      wait: true
141    register: create_endpoint
142  - name: Check standard return values
143    assert:
144      that:
145        - create_endpoint is changed
146        - '"result" in create_endpoint'
147        - '"creation_timestamp" in create_endpoint.result'
148        - '"dns_entries" in create_endpoint.result'
149        - '"groups" in create_endpoint.result'
150        - '"network_interface_ids" in create_endpoint.result'
151        - '"owner_id" in create_endpoint.result'
152        - '"policy_document" in create_endpoint.result'
153        - '"private_dns_enabled" in create_endpoint.result'
154        - create_endpoint.result.private_dns_enabled == False
155        - '"requester_managed" in create_endpoint.result'
156        - create_endpoint.result.requester_managed == False
157        - '"service_name" in create_endpoint.result'
158        - create_endpoint.result.service_name == endpoint_service_a
159        - '"state" in create_endpoint.result'
160        - create_endpoint.result.state == "available"
161        - '"vpc_endpoint_id" in create_endpoint.result'
162        - create_endpoint.result.vpc_endpoint_id.startswith("vpce-")
163        - '"vpc_endpoint_type" in create_endpoint.result'
164        - create_endpoint.result.vpc_endpoint_type == "Gateway"
165        - '"vpc_id" in create_endpoint.result'
166        - create_endpoint.result.vpc_id == vpc_id
167
168  - name: Save Endpoint info in a fact
169    set_fact:
170      endpoint_id: '{{ create_endpoint.result.vpc_endpoint_id }}'
171
172  # Pull info about the endpoints
173  - name: Fetch Endpoints (all)
174    ec2_vpc_endpoint_info:
175      query: endpoints
176    register: endpoint_info
177  - name: Assert success
178    assert:
179      that:
180        # We're fetching all endpoints, there's no guarantee what the values
181        # will be
182        - endpoint_info is successful
183        - '"vpc_endpoints" in endpoint_info'
184        - '"creation_timestamp" in first_endpoint'
185        - '"policy_document" in first_endpoint'
186        - '"route_table_ids" in first_endpoint'
187        - first_endpoint.route_table_ids | length == 0
188        - '"service_name" in first_endpoint'
189        - '"state" in first_endpoint'
190        - '"vpc_endpoint_id" in first_endpoint'
191        - '"vpc_id" in first_endpoint'
192        # Not yet documented, but returned
193        - '"dns_entries" in first_endpoint'
194        - '"groups" in first_endpoint'
195        - '"network_interface_ids" in first_endpoint'
196        - '"owner_id" in first_endpoint'
197        - '"private_dns_enabled" in first_endpoint'
198        - '"requester_managed" in first_endpoint'
199        - '"subnet_ids" in first_endpoint'
200        - '"tags" in first_endpoint'
201        - '"vpc_endpoint_type" in first_endpoint'
202        # Make sure our endpoint is included
203        - endpoint_id in ( endpoint_info | community.general.json_query("vpc_endpoints[*].vpc_endpoint_id") | list | flatten )
204    vars:
205      first_endpoint: '{{ endpoint_info.vpc_endpoints[0] }}'
206
207  - name: Fetch Endpoints (targetted by ID)
208    ec2_vpc_endpoint_info:
209      query: endpoints
210      vpc_endpoint_ids: '{{ endpoint_id }}'
211    register: endpoint_info
212  - name: Assert success
213    assert:
214      that:
215        - endpoint_info is successful
216        - '"vpc_endpoints" in endpoint_info'
217        - '"creation_timestamp" in first_endpoint'
218        - '"policy_document" in first_endpoint'
219        - '"route_table_ids" in first_endpoint'
220        - first_endpoint.route_table_ids | length == 0
221        - '"service_name" in first_endpoint'
222        - first_endpoint.service_name == endpoint_service_a
223        - '"state" in first_endpoint'
224        - first_endpoint.state == "available"
225        - '"vpc_endpoint_id" in first_endpoint'
226        - first_endpoint.vpc_endpoint_id == endpoint_id
227        - '"vpc_id" in first_endpoint'
228        - first_endpoint.vpc_id == vpc_id
229        # Not yet documented, but returned
230        - '"dns_entries" in first_endpoint'
231        - '"groups" in first_endpoint'
232        - '"network_interface_ids" in first_endpoint'
233        - '"owner_id" in first_endpoint'
234        - '"private_dns_enabled" in first_endpoint'
235        - first_endpoint.private_dns_enabled == False
236        - '"requester_managed" in first_endpoint'
237        - first_endpoint.requester_managed == False
238        - '"subnet_ids" in first_endpoint'
239        - '"tags" in first_endpoint'
240        - '"vpc_endpoint_type" in first_endpoint'
241    vars:
242      first_endpoint: '{{ endpoint_info.vpc_endpoints[0] }}'
243
244  - name: Fetch Endpoints (targetted by VPC)
245    ec2_vpc_endpoint_info:
246      query: endpoints
247      filters:
248        vpc-id:
249        - '{{ vpc_id }}'
250    register: endpoint_info
251  - name: Assert success
252    assert:
253      that:
254        - endpoint_info is successful
255        - '"vpc_endpoints" in endpoint_info'
256        - '"creation_timestamp" in first_endpoint'
257        - '"policy_document" in first_endpoint'
258        - '"route_table_ids" in first_endpoint'
259        - '"service_name" in first_endpoint'
260        - first_endpoint.service_name == endpoint_service_a
261        - '"state" in first_endpoint'
262        - first_endpoint.state == "available"
263        - '"vpc_endpoint_id" in first_endpoint'
264        - first_endpoint.vpc_endpoint_id == endpoint_id
265        - '"vpc_id" in first_endpoint'
266        - first_endpoint.vpc_id == vpc_id
267        # Not yet documented, but returned
268        - '"dns_entries" in first_endpoint'
269        - '"groups" in first_endpoint'
270        - '"network_interface_ids" in first_endpoint'
271        - '"owner_id" in first_endpoint'
272        - '"private_dns_enabled" in first_endpoint'
273        - first_endpoint.private_dns_enabled == False
274        - '"requester_managed" in first_endpoint'
275        - first_endpoint.requester_managed == False
276        - '"subnet_ids" in first_endpoint'
277        - '"tags" in first_endpoint'
278        - '"vpc_endpoint_type" in first_endpoint'
279    vars:
280      first_endpoint: '{{ endpoint_info.vpc_endpoints[0] }}'
281
282
283  # matches on parameters without explicitly passing the endpoint ID
284  - name: Create minimal endpoint - idempotency (check mode)
285    ec2_vpc_endpoint:
286      state: present
287      vpc_id: '{{ vpc_id }}'
288      service: '{{ endpoint_service_a }}'
289    register: create_endpoint_idem_check
290    check_mode: True
291  - assert:
292      that:
293        - create_endpoint_idem_check is not changed
294
295  - name: Create minimal endpoint - idempotency
296    ec2_vpc_endpoint:
297      state: present
298      vpc_id: '{{ vpc_id }}'
299      service: '{{ endpoint_service_a }}'
300    register: create_endpoint_idem
301  - assert:
302      that:
303        - create_endpoint_idem is not changed
304
305  - name: Delete minimal endpoint by ID (check_mode)
306    ec2_vpc_endpoint:
307      state: absent
308      vpc_endpoint_id: "{{ endpoint_id }}"
309    check_mode: true
310    register: endpoint_delete_check
311  - assert:
312      that:
313        - endpoint_delete_check is changed
314
315
316  - name: Delete minimal endpoint by ID
317    ec2_vpc_endpoint:
318      state: absent
319      vpc_endpoint_id: "{{ endpoint_id }}"
320    register: endpoint_delete_check
321  - assert:
322      that:
323        - endpoint_delete_check is changed
324
325  - name: Delete minimal endpoint by ID - idempotency (check_mode)
326    ec2_vpc_endpoint:
327      state: absent
328      vpc_endpoint_id: "{{ endpoint_id }}"
329    check_mode: true
330    register: endpoint_delete_check
331  - assert:
332      that:
333        - endpoint_delete_check is not changed
334
335  - name: Delete minimal endpoint by ID - idempotency
336    ec2_vpc_endpoint:
337      state: absent
338      vpc_endpoint_id: "{{ endpoint_id }}"
339    register: endpoint_delete_check
340  - assert:
341      that:
342        - endpoint_delete_check is not changed
343
344  - name: Fetch Endpoints by ID (expect failed)
345    ec2_vpc_endpoint_info:
346      query: endpoints
347      vpc_endpoint_ids: "{{ endpoint_id }}"
348    ignore_errors: True
349    register: endpoint_info
350  - name: Assert endpoint does not exist
351    assert:
352      that:
353        - endpoint_info is successful
354        - '"does not exist" in endpoint_info.msg'
355        - endpoint_info.vpc_endpoints | length == 0
356
357  # Attempt to create an endpoint with a route table
358  - name: Create an endpoint with route table (check mode)
359    ec2_vpc_endpoint:
360      state: present
361      vpc_id: '{{ vpc_id }}'
362      service: '{{ endpoint_service_a }}'
363      route_table_ids:
364        - '{{ rtb_empty_id }}'
365    register: create_endpoint_check
366    check_mode: True
367  - name: Assert changed
368    assert:
369      that:
370        - create_endpoint_check is changed
371
372  - name: Create an endpoint with route table
373    ec2_vpc_endpoint:
374      state: present
375      vpc_id: '{{ vpc_id }}'
376      service: '{{ endpoint_service_a }}'
377      route_table_ids:
378        - '{{ rtb_empty_id }}'
379      wait: true
380    register: create_rtb_endpoint
381  - name: Check standard return values
382    assert:
383      that:
384        - create_rtb_endpoint is changed
385        - '"result" in create_rtb_endpoint'
386        - '"creation_timestamp" in create_rtb_endpoint.result'
387        - '"dns_entries" in create_rtb_endpoint.result'
388        - '"groups" in create_rtb_endpoint.result'
389        - '"network_interface_ids" in create_rtb_endpoint.result'
390        - '"owner_id" in create_rtb_endpoint.result'
391        - '"policy_document" in create_rtb_endpoint.result'
392        - '"private_dns_enabled" in create_rtb_endpoint.result'
393        - '"route_table_ids" in create_rtb_endpoint.result'
394        - create_rtb_endpoint.result.route_table_ids | length == 1
395        - create_rtb_endpoint.result.route_table_ids[0] == '{{ rtb_empty_id }}'
396        - create_rtb_endpoint.result.private_dns_enabled == False
397        - '"requester_managed" in create_rtb_endpoint.result'
398        - create_rtb_endpoint.result.requester_managed == False
399        - '"service_name" in create_rtb_endpoint.result'
400        - create_rtb_endpoint.result.service_name == endpoint_service_a
401        - '"state" in create_endpoint.result'
402        - create_rtb_endpoint.result.state == "available"
403        - '"vpc_endpoint_id" in create_rtb_endpoint.result'
404        - create_rtb_endpoint.result.vpc_endpoint_id.startswith("vpce-")
405        - '"vpc_endpoint_type" in create_rtb_endpoint.result'
406        - create_rtb_endpoint.result.vpc_endpoint_type == "Gateway"
407        - '"vpc_id" in create_rtb_endpoint.result'
408        - create_rtb_endpoint.result.vpc_id == vpc_id
409
410  - name: Save Endpoint info in a fact
411    set_fact:
412      rtb_endpoint_id: '{{ create_rtb_endpoint.result.vpc_endpoint_id }}'
413
414  - name: Create an endpoint with route table - idempotency (check mode)
415    ec2_vpc_endpoint:
416      state: present
417      vpc_id: '{{ vpc_id }}'
418      service: '{{ endpoint_service_a }}'
419      route_table_ids:
420        - '{{ rtb_empty_id }}'
421    register: create_endpoint_check
422    check_mode: True
423  - name: Assert changed
424    assert:
425      that:
426        - create_endpoint_check is not changed
427
428  - name: Create an endpoint with route table - idempotency
429    ec2_vpc_endpoint:
430      state: present
431      vpc_id: '{{ vpc_id }}'
432      service: '{{ endpoint_service_a }}'
433      route_table_ids:
434        - '{{ rtb_empty_id }}'
435    register: create_endpoint_check
436    check_mode: True
437  - name: Assert changed
438    assert:
439      that:
440        - create_endpoint_check is not changed
441
442# # Endpoint modifications are not yet supported by the module
443#  # A Change the route table for the endpoint
444#  - name: Change the route table for the endpoint (check_mode)
445#    ec2_vpc_endpoint:
446#      state: present
447#      vpc_id: '{{ vpc_id }}'
448#      vpc_endpoint_id: "{{ rtb_endpoint_id }}"
449#      service: '{{ endpoint_service_a }}'
450#      route_table_ids:
451#        - '{{ rtb_igw_id }}'
452#    check_mode: True
453#    register: check_two_rtbs_endpoint
454#
455#  - name: Assert second route table would be added
456#    assert:
457#      that:
458#        - check_two_rtbs_endpoint.changed
459#
460#  - name: Change the route table for the endpoint
461#    ec2_vpc_endpoint:
462#      state: present
463#      vpc_id: '{{ vpc_id }}'
464#      vpc_endpoint_id: "{{ rtb_endpoint_id }}"
465#      service: '{{ endpoint_service_a }}'
466#      route_table_ids:
467#        - '{{ rtb_igw_id }}'
468#    register: two_rtbs_endpoint
469#
470#  - name: Assert second route table would be added
471#    assert:
472#      that:
473#        - check_two_rtbs_endpoint.changed
474#        - two_rtbs_endpoint.result.route_table_ids | length == 1
475#        - two_rtbs_endpoint.result.route_table_ids[0] == '{{ rtb_igw_id }}'
476#
477#  - name: Change the route table for the endpoint - idempotency (check_mode)
478#    ec2_vpc_endpoint:
479#      state: present
480#      vpc_id: '{{ vpc_id }}'
481#      vpc_endpoint_id: "{{ rtb_endpoint_id }}"
482#      service: '{{ endpoint_service_a }}'
483#      route_table_ids:
484#        - '{{ rtb_igw_id }}'
485#    check_mode: True
486#    register: check_two_rtbs_endpoint
487#
488#  - name: Assert route table would not change
489#    assert:
490#      that:
491#        - not check_two_rtbs_endpoint.changed
492#
493#  - name: Change the route table for the endpoint - idempotency
494#    ec2_vpc_endpoint:
495#      state: present
496#      vpc_id: '{{ vpc_id }}'
497#      vpc_endpoint_id: "{{ rtb_endpoint_id }}"
498#      service: '{{ endpoint_service_a }}'
499#      route_table_ids:
500#        - '{{ rtb_igw_id }}'
501#    register: two_rtbs_endpoint
502#
503#  - name: Assert route table would not change
504#    assert:
505#      that:
506#        - not check_two_rtbs_endpoint.changed
507
508  - name: Tag the endpoint (check_mode)
509    ec2_vpc_endpoint:
510      state: present
511      vpc_id: '{{ vpc_id }}'
512      vpc_endpoint_id: "{{ rtb_endpoint_id }}"
513      service: '{{ endpoint_service_a }}'
514      route_table_ids:
515        - '{{ rtb_empty_id }}'
516      tags:
517        camelCase: "helloWorld"
518        PascalCase: "HelloWorld"
519        snake_case: "hello_world"
520        "Title Case": "Hello World"
521        "lowercase spaced": "hello world"
522    check_mode: true
523    register: check_tag_vpc_endpoint
524
525  - name: Assert tags would have changed
526    assert:
527      that:
528        - check_tag_vpc_endpoint.changed
529
530  - name: Tag the endpoint
531    ec2_vpc_endpoint:
532      state: present
533      vpc_id: '{{ vpc_id }}'
534      vpc_endpoint_id: "{{ rtb_endpoint_id }}"
535      service: '{{ endpoint_service_a }}'
536      route_table_ids:
537        - '{{ rtb_igw_id }}'
538      tags:
539        testPrefix: '{{ resource_prefix }}'
540        camelCase: "helloWorld"
541        PascalCase: "HelloWorld"
542        snake_case: "hello_world"
543        "Title Case": "Hello World"
544        "lowercase spaced": "hello world"
545    register: tag_vpc_endpoint
546
547  - name: Assert tags are successful
548    assert:
549      that:
550        - tag_vpc_endpoint.changed
551        - tag_vpc_endpoint.result.tags | length == 6
552        - endpoint_tags["testPrefix"] == resource_prefix
553        - endpoint_tags["camelCase"] == "helloWorld"
554        - endpoint_tags["PascalCase"] == "HelloWorld"
555        - endpoint_tags["snake_case"] == "hello_world"
556        - endpoint_tags["Title Case"] == "Hello World"
557        - endpoint_tags["lowercase spaced"] == "hello world"
558    vars:
559      endpoint_tags: "{{ tag_vpc_endpoint.result.tags | items2dict(key_name='Key', value_name='Value') }}"
560
561  - name: Query by tag
562    ec2_vpc_endpoint_info:
563      query: endpoints
564      filters:
565        "tag:testPrefix":
566        - "{{ resource_prefix }}"
567    register: tag_result
568
569  - name: Assert tag lookup found endpoint
570    assert:
571      that:
572        - tag_result is successful
573        - '"vpc_endpoints" in tag_result'
574        - first_endpoint.vpc_endpoint_id == rtb_endpoint_id
575    vars:
576      first_endpoint: '{{ tag_result.vpc_endpoints[0] }}'
577
578  - name: Tag the endpoint - idempotency (check_mode)
579    ec2_vpc_endpoint:
580      state: present
581      vpc_id: '{{ vpc_id }}'
582      vpc_endpoint_id: "{{ rtb_endpoint_id }}"
583      service: '{{ endpoint_service_a }}'
584      route_table_ids:
585        - '{{ rtb_igw_id }}'
586      tags:
587        testPrefix: '{{ resource_prefix }}'
588        camelCase: "helloWorld"
589        PascalCase: "HelloWorld"
590        snake_case: "hello_world"
591        "Title Case": "Hello World"
592        "lowercase spaced": "hello world"
593    register: tag_vpc_endpoint_again
594
595  - name: Assert tags would not change
596    assert:
597      that:
598        - not tag_vpc_endpoint_again.changed
599
600  - name: Tag the endpoint - idempotency
601    ec2_vpc_endpoint:
602      state: present
603      vpc_id: '{{ vpc_id }}'
604      vpc_endpoint_id: "{{ rtb_endpoint_id }}"
605      service: '{{ endpoint_service_a }}'
606      route_table_ids:
607        - '{{ rtb_igw_id }}'
608      tags:
609        testPrefix: '{{ resource_prefix }}'
610        camelCase: "helloWorld"
611        PascalCase: "HelloWorld"
612        snake_case: "hello_world"
613        "Title Case": "Hello World"
614        "lowercase spaced": "hello world"
615    register: tag_vpc_endpoint_again
616
617  - name: Assert tags would not change
618    assert:
619      that:
620        - not tag_vpc_endpoint_again.changed
621
622  - name: Add a tag (check_mode)
623    ec2_vpc_endpoint:
624      state: present
625      vpc_id: '{{ vpc_id }}'
626      vpc_endpoint_id: "{{ rtb_endpoint_id }}"
627      service: '{{ endpoint_service_a }}'
628      route_table_ids:
629        - '{{ rtb_igw_id }}'
630      tags:
631        new_tag: "ANewTag"
632    check_mode: true
633    register: check_tag_vpc_endpoint
634
635  - name: Assert tags would have changed
636    assert:
637      that:
638        - check_tag_vpc_endpoint.changed
639
640  - name: Add a tag (purge_tags=False)
641    ec2_vpc_endpoint:
642      state: present
643      vpc_id: '{{ vpc_id }}'
644      vpc_endpoint_id: "{{ rtb_endpoint_id }}"
645      service: '{{ endpoint_service_a }}'
646      route_table_ids:
647        - '{{ rtb_igw_id }}'
648      tags:
649        new_tag: "ANewTag"
650    register: add_tag_vpc_endpoint
651
652  - name: Assert tags changed
653    assert:
654      that:
655        - add_tag_vpc_endpoint.changed
656        - add_tag_vpc_endpoint.result.tags | length == 7
657        - endpoint_tags["testPrefix"] == resource_prefix
658        - endpoint_tags["camelCase"] == "helloWorld"
659        - endpoint_tags["PascalCase"] == "HelloWorld"
660        - endpoint_tags["snake_case"] == "hello_world"
661        - endpoint_tags["Title Case"] == "Hello World"
662        - endpoint_tags["lowercase spaced"] == "hello world"
663        - endpoint_tags["new_tag"] == "ANewTag"
664    vars:
665      endpoint_tags: "{{ add_tag_vpc_endpoint.result.tags | items2dict(key_name='Key', value_name='Value') }}"
666
667  - name: Add a tag (purge_tags=True)
668    ec2_vpc_endpoint:
669      state: present
670      vpc_id: '{{ vpc_id }}'
671      vpc_endpoint_id: "{{ rtb_endpoint_id }}"
672      service: '{{ endpoint_service_a }}'
673      route_table_ids:
674        - '{{ rtb_igw_id }}'
675      tags:
676        another_new_tag: "AnotherNewTag"
677      purge_tags: True
678    register: purge_tag_vpc_endpoint
679
680  - name: Assert tags changed
681    assert:
682      that:
683        - purge_tag_vpc_endpoint.changed
684        - purge_tag_vpc_endpoint.result.tags | length == 1
685        - endpoint_tags["another_new_tag"] == "AnotherNewTag"
686    vars:
687      endpoint_tags: "{{ purge_tag_vpc_endpoint.result.tags | items2dict(key_name='Key', value_name='Value') }}"
688
689  - name: Delete minimal route table (no routes)
690    ec2_vpc_route_table:
691      state: absent
692      lookup: id
693      route_table_id: "{{ rtb_empty_id }}"
694    register: rtb_delete
695  - assert:
696      that:
697        - rtb_delete is changed
698
699  - name: Delete minimal route table (IGW route)
700    ec2_vpc_route_table:
701      state: absent
702      lookup: id
703      route_table_id: "{{ rtb_igw_id }}"
704  - assert:
705      that:
706        - rtb_delete is changed
707
708  - name: Delete route table endpoint by ID
709    ec2_vpc_endpoint:
710      state: absent
711      vpc_endpoint_id: "{{ rtb_endpoint_id }}"
712    register: endpoint_delete_check
713  - assert:
714      that:
715        - endpoint_delete_check is changed
716
717  - name: Delete minimal endpoint by ID - idempotency (check_mode)
718    ec2_vpc_endpoint:
719      state: absent
720      vpc_endpoint_id: "{{ rtb_endpoint_id }}"
721    check_mode: true
722    register: endpoint_delete_check
723  - assert:
724      that:
725        - endpoint_delete_check is not changed
726
727  - name: Delete endpoint by ID - idempotency
728    ec2_vpc_endpoint:
729      state: absent
730      vpc_endpoint_id: "{{ endpoint_id }}"
731    register: endpoint_delete_check
732  - assert:
733      that:
734        - endpoint_delete_check is not changed
735
736  - name: Create interface endpoint
737    ec2_vpc_endpoint:
738      state: present
739      vpc_id: '{{ vpc_id }}'
740      service: '{{ endpoint_service_a }}'
741      vpc_endpoint_type: Interface
742    register: create_interface_endpoint
743  - name: Check that the interface endpoint was created properly
744    assert:
745      that:
746        - create_interface_endpoint is changed
747        - create_interface_endpoint.result.vpc_endpoint_type == "Interface"
748  - name: Delete interface endpoint
749    ec2_vpc_endpoint:
750      state: absent
751      vpc_endpoint_id: "{{ create_interface_endpoint.result.vpc_endpoint_id }}"
752    register: interface_endpoint_delete_check
753  - assert:
754      that:
755        - interface_endpoint_delete_check is changed
756
757  # ============================================================
758  # BEGIN POST-TEST CLEANUP
759  always:
760  # Delete the routes first - you can't delete an endpoint with a route
761  # attached.
762  - name: Delete minimal route table (no routes)
763    ec2_vpc_route_table:
764      state: absent
765      lookup: id
766      route_table_id: "{{ rtb_creation_empty.route_table.id }}"
767    ignore_errors: True
768
769  - name: Delete minimal route table (IGW route)
770    ec2_vpc_route_table:
771      state: absent
772      lookup: id
773      route_table_id: "{{ rtb_creation_igw.route_table.id }}"
774    ignore_errors: True
775
776  - name: Delete endpoint
777    ec2_vpc_endpoint:
778      state: absent
779      vpc_endpoint_id: "{{ create_endpoint.result.vpc_endpoint_id }}"
780    ignore_errors: True
781
782  - name: Delete endpoint
783    ec2_vpc_endpoint:
784      state: absent
785      vpc_endpoint_id: "{{ create_rtb_endpoint.result.vpc_endpoint_id }}"
786    ignore_errors: True
787
788  - name: Query any remain endpoints we created (idempotency work is ongoing)  # FIXME
789    ec2_vpc_endpoint_info:
790      query: endpoints
791      filters:
792        vpc-id:
793          - '{{ vpc_id }}'
794    register: test_endpoints
795
796  - name: Delete all endpoints
797    ec2_vpc_endpoint:
798      state: absent
799      vpc_endpoint_id: '{{ item.vpc_endpoint_id }}'
800    with_items: '{{ test_endpoints.vpc_endpoints }}'
801    ignore_errors: True
802
803  - name: Remove IGW
804    ec2_vpc_igw:
805      state: absent
806      vpc_id: "{{ vpc_id }}"
807    register: igw_deletion
808    retries: 10
809    delay: 5
810    until: igw_deletion is success
811    ignore_errors: yes
812
813  - name: Remove VPC
814    ec2_vpc_net:
815      state: absent
816      name: "{{ vpc_name }}"
817      cidr_block: "{{ vpc_cidr }}"
818    ignore_errors: true
819