Closed mikedlr closed 2 years ago
Sounds good. We currently have some AWS specific documentation at https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/cloud/amazon/GUIDELINES.md
That will get converted to RST and be part of the main dev_guide
pages in the future, though if for the moment things get added to the current location that will ensure they will get migrated
I have now written a set of proposed guidelines for integration tests for AWS
Also I'm attempting to write a role which will partly enforce them.
Testing docs have been ported to RST and can be found at http://docs.ansible.com/ansible/dev_guide/testing_integration.html#cloud-tests
@mattclay has started moving the cloud integration tests from the old system to the new one. As he is doing this he's decided to go in the opposite direction from the one @willthames proposed and @s-hertel and I were starting to implement.
Attached (with Matt's permission) IRC chat log between myself and matt (with all other comments / activity filtered out) ansible-new-cloud-int-test-system-discussion.txt
Since collections aws development has moved out of core, this should move to community or aws specific proposal process.
Proposal: Better protections and guidelines for AWS tests
Author: Your Name mikedlr
Date: 2017/04/07
Motivation
make it safer to run
Problems
What problems exist that this proposal will solve?
Solution proposal
N.B. this is the proposal that came out of discussions on IRC more than my personal proposal. One of the major feelings is that the current situation is non-standard and inconvenient. However,
use a single dedicated AWS profile name
set all of the environment variables that might override the profile to blank
abort if credentials.yml is configured
clearly document this and other safeguards and make gudelines for people to follow
enforce some of this in the CI testing.
ensure that all cloud resources are created with a prefix
distribute a policy which can be used to limit the integration tests user to the minimum privileges needed
only the profile will work and it will only work when explicitly configured so the user is much less likely to make a mistake
Dependencies (optional)
There is a partial dependency on the plan to turn on automatic cloud integration tests in shippable.
Testing (optional)
The integration tests should be checked with various environment variables set to invalid values and it should be verified that this does not disrupt them.
Documentation (optional)
There needs to be an explicit document about what to do when writing
Anything else?
This proposal needs to be reviewed and verified by multiple people working in different AWS environments. There is complexity in getting this right because many different configurations exist.
An early (too open but also a bit incomplete) policy exists here https://gist.github.com/michael-dev2rights/77f9b007d06519d85792a872db4b687f A branch with some environment cleanup is starting here. https://github.com/mikedlr/ansible/tree/mdd-integration-testing-clean-env