[cloud] ec2_vpc_net integration tests (#33111)

* Add some integration tests for ec2_vpc_net module

* Add a couple tests for check mode

fix typo

ensure the DHCP option set is cleaned up

* Add permissions to test policy

4 files changed, 302 insertions, 0 deletions

diff --git a/test/integration/targets/ec2_vpc_net/aliases b/test/integration/targets/ec2_vpc_net/aliases
new file mode 100644
index 0000000000..ebdf4aa572
--- /dev/null
+++ b/test/integration/targets/ec2_vpc_net/aliases
@@ -0,0 +1,2 @@
+cloud/aws
+posix/ci/cloud/group1/aws
diff --git a/test/integration/targets/ec2_vpc_net/defaults/main.yml b/test/integration/targets/ec2_vpc_net/defaults/main.yml
new file mode 100644
index 0000000000..16079778d8
--- /dev/null
+++ b/test/integration/targets/ec2_vpc_net/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# defaults file for ec2_vpc_net
diff --git a/test/integration/targets/ec2_vpc_net/meta/main.yml b/test/integration/targets/ec2_vpc_net/meta/main.yml
new file mode 100644
index 0000000000..1f64f1169a
--- /dev/null
+++ b/test/integration/targets/ec2_vpc_net/meta/main.yml
@@ -0,0 +1,3 @@
+dependencies:
+  - prepare_tests
+  - setup_ec2
diff --git a/test/integration/targets/ec2_vpc_net/tasks/main.yml b/test/integration/targets/ec2_vpc_net/tasks/main.yml
new file mode 100644
index 0000000000..4f0ca6b177
--- /dev/null
+++ b/test/integration/targets/ec2_vpc_net/tasks/main.yml
@@ -0,0 +1,295 @@
+---
+- block:
+
+    # ============================================================
+
+    - name: run the module without parameters
+      ec2_vpc_net:
+      ignore_errors: yes
+      register: result
+    
+    - name: assert failure
+      assert:
+        that:
+          - 'result | failed'
+          - 'result.msg.startswith("missing required arguments")'
+
+    # ============================================================
+
+    - name: attempt to create a VPC without providing connnection information
+      ec2_vpc_net:
+        cidr_block: 20.0.0.0/24
+        name: "{{ resource_prefix }}"
+        state: present
+        region: us-east-1
+      ignore_errors: yes
+      register: result
+
+    - name: assert connection failure
+      assert:
+        that:
+          - 'result | failed'
+          - 'result.msg.startswith("No handler was ready to authenticate")'
+
+    # ============================================================
+
+    - name: set connection information for subsequent tasks
+      set_fact:
+        aws_connection_info: &aws_connection_info
+          aws_access_key: "{{ aws_access_key }}"
+          aws_secret_key: "{{ aws_secret_key }}"
+          security_token: "{{ security_token }}"
+          region: "{{ aws_region }}"
+      no_log: yes
+
+    # ============================================================
+
+    - name: test check mode creating a VPC
+      ec2_vpc_net:
+        cidr_block: 20.0.0.0/24
+        name: "{{ resource_prefix }}"
+        state: present
+        <<: *aws_connection_info
+      check_mode: true
+      register: result
+
+    - name: check for a change
+      assert:
+        that:
+          - 'result.changed'
+
+    # ============================================================
+
+    - name: create a VPC
+      ec2_vpc_net:
+        cidr_block: 20.0.0.0/24
+        name: "{{ resource_prefix }}"
+        state: present
+        <<: *aws_connection_info
+      register: result
+
+    - name: assert the VPC was created successfully
+      assert:
+        that:
+          - 'result | success'
+          - 'result.changed'
+
+    - name: assert the output
+      assert:
+        that:
+          - '"cidr_block" in result.vpc'
+          - '"classic_link_enabled" in result.vpc'
+          - '"dhcp_options_id" in result.vpc'
+          - '"id" in result.vpc'
+          - '"instance_tenancy" in result.vpc'
+          - '"is_default" in result.vpc'
+          - '"state" in result.vpc'
+          - '"tags" in result.vpc'
+
+    - name: set the first VPC as a fact for comparison and cleanup
+      set_fact:
+        vpc_1: "{{ result.vpc.id }}"
+
+    - name: save default dhcp_options_id for later comparison
+      set_fact:
+        default_dhcp_options_id: "{{ result.vpc.dhcp_options_id }}"
+
+    # ============================================================
+
+    - name: test check mode creating an identical VPC
+      ec2_vpc_net:
+        cidr_block: 20.0.0.0/24
+        name: "{{ resource_prefix }}"
+        state: present
+        multi_ok: yes
+        <<: *aws_connection_info
+      check_mode: true
+      register: result
+
+    - name: assert a change would be made
+      assert:
+        that:
+          - 'result.changed'
+
+    # ============================================================
+
+    - name: create a VPC with a dedicated tenancy using the same CIDR and name
+      ec2_vpc_net:
+        cidr_block: 20.0.0.0/24
+        name: "{{ resource_prefix }}"
+        tenancy: dedicated
+        state: present
+        multi_ok: yes
+        <<: *aws_connection_info
+      register: result
+
+    - name: assert a new VPC was created
+      assert:
+        that:
+          - 'result | success'
+          - 'result.changed'
+          - 'result.vpc.instance_tenancy == "dedicated"'
+          - result.vpc.id != vpc_1
+
+    # ============================================================
+
+    - name: attempt to create another VPC with the same CIDR and name without multi_ok
+      ec2_vpc_net:
+        cidr_block: 20.0.0.0/24
+        name: "{{ resource_prefix }}"
+        state: present
+        multi_ok: no
+        <<: *aws_connection_info
+      register: result
+      ignore_errors: yes
+
+    - name: assert failure
+      assert:
+        that:
+          - 'result | failed'
+          - '"If you would like to create the VPC anyway please pass True to the multi_ok param" in result.msg'
+
+    # ============================================================
+
+    # FIXME: right now if there are multiple matching VPCs they cannot be removed,
+    # as there is no vpc_id option for idempotence. A workaround is to retag the VPC.
+    - name: remove Name tag on vpc_1
+      ec2_tag:
+        resource: "{{ vpc_1 }}"
+        state: absent
+        tags:
+          Name: "{{ resource_prefix }}"
+        <<: *aws_connection_info
+
+    - name: add a unique name tag
+      ec2_tag:
+        resource: "{{ vpc_1 }}"
+        state: present
+        tags:
+          Name: "{{ resource_prefix }}-changed"
+        <<: *aws_connection_info
+
+    - name: delete one of the VPCs
+      ec2_vpc_net:
+        cidr_block: 20.0.0.0/24
+        name: "{{ resource_prefix }}-changed"
+        state: absent
+        <<: *aws_connection_info
+      register: result
+
+    - name: assert success
+      assert:
+        that:
+          - 'result.changed'
+          - 'not result.vpc'
+
+    # ============================================================
+
+    - name: attempt to delete a VPC that doesn't exist
+      ec2_vpc_net:
+        cidr_block: 20.0.0.0/24
+        name: "{{ resource_prefix }}-changed"
+        state: absent
+        <<: *aws_connection_info
+      register: result
+
+    - name: assert no changes were made
+      assert:
+        that:
+          - 'not result.changed'
+          - 'not result.vpc'
+
+    # ============================================================
+
+    - name: create a DHCP option set to use in next test
+      ec2_vpc_dhcp_option:
+        dns_servers:
+          - 4.4.4.4
+          - 8.8.8.8
+        tags:
+          Name: "{{ resource_prefix }}"
+        <<: *aws_connection_info
+      register: new_dhcp
+
+    - name: modify the DHCP options set for a VPC
+      ec2_vpc_net:
+        cidr_block: 20.0.0.0/24
+        name: "{{ resource_prefix }}"
+        state: present
+        multi_ok: no
+        dhcp_opts_id: "{{ new_dhcp.dhcp_options_id }}"
+        <<: *aws_connection_info 
+      register: result
+
+    - name: assert the DHCP option set changed
+      assert:
+        that:
+          - 'result.changed'
+          - default_dhcp_options_id != result.vpc.dhcp_options_id
+
+    # ============================================================
+
+    - name: modify classic_link_enabled
+      ec2_vpc_net:
+        cidr_block: 20.0.0.0/24
+        name: "{{ resource_prefix }}"
+        dns_support: True
+        dns_hostnames: True
+        state: present
+        multi_ok: no
+        <<: *aws_connection_info
+      register: result
+
+    - name: assert a change was made
+      assert:
+        that:
+          - 'result | success'
+          # FIXME The module currently doesn't note changed for VPC attributes.
+          # Once this is fixed a test should be added for check mode as well.
+          # - 'result.changed'
+
+    # ============================================================
+
+    - name: test check mode to delete a VPC
+      ec2_vpc_net:
+        cidr_block: 20.0.0.0/24
+        name: "{{ resource_prefix }}"
+        state: absent
+        <<: *aws_connection_info
+      check_mode: true
+      register: result
+
+    - name: assert that a change would have been made
+      assert:
+        that:
+          - 'result.changed'
+
+    # ============================================================
+
+  always:
+
+    - name: replace the DHCP options set so the new one can be deleted
+      ec2_vpc_net:
+        cidr_block: 20.0.0.0/24
+        name: "{{ resource_prefix }}"
+        state: present
+        multi_ok: no
+        dhcp_opts_id: "{{ default_dhcp_options_id }}"
+        <<: *aws_connection_info
+      ignore_errors: true
+
+    - name: remove the DHCP option set
+      ec2_vpc_dhcp_option:
+        dhcp_options_id: "{{ new_dhcp.dhcp_options_id }}"
+        state: absent
+        <<: *aws_connection_info
+      ignore_errors: true
+
+    - name: remove the VPC
+      ec2_vpc_net:
+        cidr_block: 20.0.0.0/24
+        name: "{{ resource_prefix }}"
+        state: absent
+        <<: *aws_connection_info
+
+    # ============================================================