Fix KeyError: SecurityGroups in elasticache module.

changelogs/fragments/410-elasticache-fixes.yml

@@ -0,0 +1,5 @@
+---
+bugfixes:
+  - elasticache - Fix issue when updating security group (KeyError)
+minor_changes:
+  - elasticache - Improve docs a little, add intgration tests

plugins/modules/elasticache.py

@@ -74,7 +74,8 @@
     elements: str
   cache_security_groups:
     description:
-      - A list of cache security group names to associate with this cache cluster. Must be an empty list if inside a VPC.
+      - A list of cache security group names to associate with this cache cluster.
+      - Don't use if your Cache is inside a VPC. In that case use I(security_group_ids) instead!
     type: list
     elements: str
   zone:
@@ -393,7 +394,7 @@ def _requires_modification(self):
         # check vpc security groups
         if self.security_group_ids:
             vpc_security_groups = []
-            security_groups = self.data['SecurityGroups'] or []
+            security_groups = self.data.get('SecurityGroups', [])
             for sg in security_groups:
                 vpc_security_groups.append(sg['SecurityGroupId'])
             if set(vpc_security_groups) != set(self.security_group_ids):

tests/integration/targets/elasticache/aliases

@@ -0,0 +1,3 @@
+cloud/aws
+shippable/aws/group2
+elasticache_subnet_group

tests/integration/targets/elasticache/defaults/main.yml

@@ -0,0 +1,10 @@
+---
+
+vpc_name: "{{ resource_prefix }}-elasticache-test-vpc"
+vpc_seed: '{{ resource_prefix }}'
+vpc_cidr_prefix: '10.{{ 256 | random(seed=vpc_seed) }}'
+
+elasticache_redis_sg_name: "{{ resource_prefix }}-elasticache-test-redis-sg"
+elasticache_redis_test_name: "{{ resource_prefix }}-elasticache-module-redis-test"
+elasticache_subnet_group_name: "{{ resource_prefix }}-elasticache-test-vpc-subnet-group"
+elasticache_redis_port: 6379

tests/integration/targets/elasticache/tasks/main.yml

@@ -0,0 +1,121 @@
+---
+
+- name: Integration testing for the elasticache module
+  module_defaults:
+    group/aws:
+      aws_access_key: '{{ aws_access_key }}'
+      aws_secret_key: '{{ aws_secret_key }}'
+      security_token: '{{ security_token | default(omit) }}'
+      region: '{{ aws_region }}'
+  collections:
+    - amazon.aws
+  block:
+    # == Dependency setup ==
+
+    - name: Create VPC to launch Elasticache instances into
+      ec2_vpc_net:
+        name: "{{ vpc_name }}"
+        cidr_block: "{{ vpc_cidr_prefix }}.0.0/16"
+        state: present
+      register: elasticache_vpc
+
+    - name: Create subnet 1 in this VPC to launch Elasticache instances into
+      ec2_vpc_subnet:
+        vpc_id: "{{ elasticache_vpc.vpc.id }}"
+        cidr: "{{ vpc_cidr_prefix }}.1.0/24"
+        state: present
+      register: elasticache_vpc_subnet_1
+
+    - name: Create subnet 2 in this VPC to launch Elasticache instances into
+      ec2_vpc_subnet:
+        vpc_id: "{{ elasticache_vpc.vpc.id }}"
+        cidr: "{{ vpc_cidr_prefix }}.2.0/24"
+        state: present
+      register: elasticache_vpc_subnet_2
+
+    - name: Create Elasticache Subnet Group (grouping two subnets together)
+      elasticache_subnet_group:
+        name: "{{ elasticache_subnet_group_name }}"
+        description: Subnet group grouping together both VPC subnets for Elasticache Test setup
+        subnets:
+          - "{{ elasticache_vpc_subnet_1.subnet.id }}"
+          - "{{ elasticache_vpc_subnet_2.subnet.id }}"
+        state: present
+
+    # == Actual testing of the elasticache module ==
+
+    - name: Create Redis Server on Elasticache in VPC subnets
+      elasticache:
+        name: "{{ elasticache_redis_test_name }}"
+        engine: redis
+        node_type: cache.t3.micro
+        cache_port: "{{ elasticache_redis_port }}"
+        cache_subnet_group: "{{ elasticache_subnet_group_name }}"
+        num_nodes: 1
+        state: present
+      register: elasticache_redis
+
+    - name: Assert that task worked
+      assert:
+        that:
+          elasticache_redis is changed
+          elasticache_redis.elasticache.data is defined
+          elasticache_redis.elasticache.name == "{{ elasticache_redis_test_name }}"
+          elasticache_redis.elasticache.data.CacheSubnetGroupName == "{{ elasticache_subnet_group_name }}"
+
+    - name: Add security group for Redis access in Elasticache
+      ec2_group:
+        name: "{{ elasticache_redis_sg_name }}"
+        description: Allow access to Elasticache Redis for testing EC module
+        vpc_id: "{{ elasticache_vpc.vpc.id }}"
+        rules:
+          - proto: tcp
+            from_port: "{{ elasticache_redis_port }}"
+            to_port: "{{ elasticache_redis_port }}"
+            cidr: 10.31.0.0/16
+        register: elasticache_redis_sg
+
+    - name: Update Redis Elasticache config with security group (to if changes to existing setup work)
+      elasticache:
+        name: "{{ elasticache_redis.name }}"
+        engine: redis
+        node_type: cache.t3.micro
+        num_nodes: 1
+        cache_port: "{{ elasticache_redis_port }}"
+        cache_subnet_group: "{{ elasticache_subnet_group_name }}"
+        security_group_ids: "{{ elasticache_redis_sg.group_id }}"
+        state: present
+      register: elasticache_redis_new
+
+    - name: Assert that task worked
+      assert:
+        that:
+          elasticache_redis_new is changed
+          elasticache_redis_new.elasticache.data is defined
+          elasticache_redis_new.elasticache.data.Engine == "redis"
+          elasticache_redis_new.elasticache.data.SecurityGroups.0.SecurityGroupId == "{{ elasticache_redis_sg.group_id }}"
+
+  always:
+
+    # == Cleanup ==
+
+    - name: Make sure test Redis is deleted again from Elasticache
+      elasticache:
+        name: "{{ elasticache_redis_test_name }}"
+        engine: redis
+        state: absent
+
+    - name: Make sure Subnet group is deleted again
+      elasticache_subnet_group:
+        name: "{{ elasticache_subnet_group_name }}"
+        state: absent
+
+    - name: Make sure VPC SG is deleted again
+      ec2_group:
+        name: "{{ elasticache_redis_sg_name }}"
+        state: absent
+
+    - name: Make sure VPC is deleted again (should also delete subnets?)
+      ec2_vpc_net:
+        name: "{{ vpc_name }}"
+        state: absent