fix: playbook webapp - delete resources

abikouo · abikouo · commit 0b901fbaa181 · 2024-01-08T18:41:44.000+01:00
diff --git a/playbooks/webapp/tasks/delete.yaml b/playbooks/webapp/tasks/delete.yaml
@@ -22,54 +22,33 @@
           ansible.builtin.set_fact:
             vpc_id: "{{ vpc.vpcs.0.vpc_id }}"
 
-        - name: Get bastion instance info
+        # Delete Load balancer
+        - name: List Load balancer(s) from VPC
+          community.aws.elb_classic_lb_info:
+          register: load_balancers
+
+        - name: Delete load balancer(s)
+          amazon.aws.elb_classic_lb:
+            name: "{{ item }}"
+            wait: true
+            state: absent
+          with_items: "{{ load_balancers.elbs | selectattr('vpc_id', 'equalto', vpc_id) | map(attribute='load_balancer_name') | list }}"
+
+        # Delete EC2 instances
+        - name: Get EC2 instance info
           amazon.aws.ec2_instance_info:
             filters:
-              instance-type: "{{ bastion_host_type }}"
-              key-name: "{{ deploy_flask_app_sshkey_pair_name }}"
               vpc-id: "{{ vpc_id }}"
-              instance-state-name: running
-          register: bastion
-
-        - name: Delete EC2 instances with dependant Resources
-          when: bastion.instances | length == 1
-          block:
-            - name: Set 'instance_host_name' variable
-              ansible.builtin.set_fact:
-                instance_host_name: "{{ bastion.instances.0.public_dns_name | split('.') | first }}"
-
-            - name: Delete workers key pair
-              amazon.aws.ec2_key:
-                name: "{{ instance_host_name }}-key"
-                state: absent
-
-            - name: Delete load balancer
-              amazon.aws.elb_classic_lb:
-                name: "{{ instance_host_name }}-lb"
-                wait: true
-                state: absent
-
-            - name: List workers
-              amazon.aws.ec2_instance_info:
-                filters:
-                  tag:Name: "{{ instance_host_name }}-workers"
-                  instance-state-name: running
-              register: running
-
-            - name: Delete workers
-              when: running.instances | length != 0
-              amazon.aws.ec2_instance:
-                instance_ids: "{{ running.instances | map(attribute='instance_id') | list }}"
-                wait: true
-                state: terminated
-
-            - name: Delete bastion host
-              amazon.aws.ec2_instance:
-                instance_ids:
-                  - "{{ bastion.instances.0.instance_id }}"
-                wait: true
-                state: terminated
+          register: ec2_instances
+
+        - name: Delete ec2 instances from VPC
+          amazon.aws.ec2_instance:
+            instance_ids: "{{ ec2_instances.instances | map(attribute='instance_id') | list }}"
+            wait: true
+            state: terminated
+          when: ec2_instances.instances | length > 0
 
+        # Delete RDS instance
         - name: Delete RDS instance
           amazon.aws.rds_instance:
             state: absent
@@ -87,19 +66,7 @@
             name: "{{ rds_subnet_group_name }}"
             state: absent
 
-        - name: List Security group from VPC
-          amazon.aws.ec2_security_group_info:
-            filters:
-              vpc-id: "{{ vpc_id }}"
-              tag:prefix: "{{ resource_prefix }}"
-          register: secgroups
-
-        - name: Delete security groups
-          amazon.aws.ec2_security_group:
-            state: absent
-            group_id: "{{ item }}"
-          with_items: "{{ secgroups.security_groups | map(attribute='group_id') | list }}"
-
+        # Delete VPC route table
         - name: List routes table from VPC
           amazon.aws.ec2_vpc_route_table_info:
             filters:
@@ -115,6 +82,7 @@
             state: absent
           with_items: "{{ route_table.route_tables | map(attribute='id') | list }}"
 
+        # Delete NAT Gateway
         - name: Get NAT gateway
           amazon.aws.ec2_vpc_nat_gateway_info:
             filters:
@@ -128,20 +96,39 @@
             wait: true
           with_items: "{{ nat_gw.result | map(attribute='nat_gateway_id') | list }}"
 
+        # Delete Internet gateway
         - name: Delete internet gateway
           amazon.aws.ec2_vpc_igw:
             vpc_id: "{{ vpc_id }}"
             state: absent
 
+        # Delete Subnets
+        - name: List Subnets from VPC
+          amazon.aws.ec2_vpc_subnet_info:
+            filters:
+              vpc-id: "{{ vpc_id }}"
+          register: vpc_subnets
+
         - name: Delete subnets
           amazon.aws.ec2_vpc_subnet:
             cidr: "{{ item }}"
             state: absent
             vpc_id: "{{ vpc_id }}"
-          with_items: "{{ subnet_cidr }}"
+          with_items: "{{ vpc_subnets.subnets | map(attribute='cidr_block') | list }}"
+
+        # Delete Security groups
+        - name: List Security group from VPC
+          amazon.aws.ec2_security_group_info:
+            filters:
+              vpc-id: "{{ vpc_id }}"
+          register: secgroups
+
+        - name: Delete security groups
+          amazon.aws.ec2_security_group:
+            state: absent
+            group_id: "{{ item }}"
+          with_items: "{{ secgroups.security_groups | rejectattr('group_name', 'equalto', 'default') | map(attribute='group_id') | list }}"
 
-        # As ec2_vpc_route_table can't delete route table, the vpc still has dependencies and cannot be deleted.
-        # You need to do it delete it manually using either the console or the cli.
         - name: Delete VPC
           amazon.aws.ec2_vpc_net:
             name: "{{ vpc_name }}"
diff --git a/tests/integration/targets/test_deploy_flask_app/tasks/delete.yaml b/tests/integration/targets/test_deploy_flask_app/tasks/delete.yaml
@@ -76,7 +76,7 @@
             state: absent
           with_items: "{{ route_table.route_tables | map(attribute='id') | list }}"
 
-        # Delete VPC route table
+        # Delete NAT Gateway
         - name: Get NAT gateway
           amazon.aws.ec2_vpc_nat_gateway_info:
             filters:
diff --git a/tests/integration/targets/test_playbook_webapp/create_aws_credentials.yml b/tests/integration/targets/test_playbook_webapp/create_aws_credentials.yml
@@ -0,0 +1,12 @@
+---
+- hosts: localhost
+  connection: local
+  gather_facts: false
+  tasks:
+    - name: Write access key to file we can source
+      ansible.builtin.copy:
+        dest: access_key.sh
+        content: |
+          export AWS_ACCESS_KEY_ID="{{ aws_access_key }}"
+          export AWS_SECRET_ACCESS_KEY="{{ aws_secret_key }}"
+          export AWS_REGION="{{ aws_region }}"
diff --git a/tests/integration/targets/test_playbook_webapp/runme.sh b/tests/integration/targets/test_playbook_webapp/runme.sh
@@ -1,8 +1,15 @@
 #!/usr/bin/env bash
 
+# generate inventory with access_key provided through a templated variable
+ansible-playbook create_aws_credentials.yml "$@"
+source access_key.sh
+
 set -eux
 
 function cleanup() {
+    set +x
+    source access_key.sh
+    set -x
     ansible-playbook webapp.yaml -e "operation=delete" "$@"
     exit 1
 }
