Prevent empty destroy from deleting other EC2 instances (#170)

* Prevent empty destroy from deleting other EC2 instances * Fix linting errors * ignore lint warning --------- Co-authored-by: Thomas McKanna <mail.thomasmckanna@gmail.com> Co-authored-by: Ajinkya Udgirkar <ajinkyaudgirkar@gmail.com>
ansible-community · Aug 3, 2023 · 10a502b · 10a502b
1 parent a7c7448
commit 10a502b
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 52 deletions.
diff --git a/.ansible-lint-ignore b/.ansible-lint-ignore
@@ -16,3 +16,5 @@ test/roles/containersplugin/molecule/default/destroy.yml yaml[octal-values]
 test/roles/containersplugin/molecule/default/create.yml yaml[octal-values]
 test/roles/azureplugin/molecule/default/create.yml yaml[octal-values]
 test/roles/azureplugin/molecule/default/destroy.yml yaml[octal-values]
+
+test/roles/ec2plugin/molecule/default/destroy.yml risky-file-permissions
diff --git a/...okiecutter/{{cookiecutter.molecule_directory}}/{{cookiecutter.scenario_name}}/destroy.yml b/...okiecutter/{{cookiecutter.molecule_directory}}/{{cookiecutter.scenario_name}}/destroy.yml
@@ -81,60 +81,62 @@
         index_var: index
         label: "{{ platform.name }}"
 
-    - name: Destroy ephemeral EC2 instances
-      amazon.aws.ec2_instance:
-        profile: "{{ item.aws_profile | default(omit) }}"
-        region: "{{ item.region | default(omit) }}"
-        instance_ids: "{{ instance_config | map(attribute='instance_ids') | flatten }}"
-        state: absent
-      loop: "{{ platforms }}"
-      loop_control:
-        label: "{{ item.name }}"
-      register: ec2_instances_async
-      async: 7200
-      poll: 0
+    - name: Destroy resources
+      when: instance_config | length != 0
+      block:
+        - name: Destroy ephemeral EC2 instances
+          amazon.aws.ec2_instance:
+            profile: "{{ item.aws_profile | default(omit) }}"
+            region: "{{ item.region | default(omit) }}"
+            instance_ids: "{{ instance_config | map(attribute='instance_ids') | flatten }}"
+            state: absent
+          loop: "{{ platforms }}"
+          loop_control:
+            label: "{{ item.name }}"
+          register: ec2_instances_async
+          async: 7200
+          poll: 0
 
-    - name: Wait for instance destruction to complete
-      ansible.builtin.async_status:
-        jid: "{{ item.ansible_job_id }}"
-      loop: "{{ ec2_instances_async.results }}"
-      loop_control:
-        index_var: index
-        label: "{{ platforms[index].name }}"
-      register: ec2_instances
-      until: ec2_instances is finished
-      retries: 300
+        - name: Wait for instance destruction to complete
+          ansible.builtin.async_status:
+            jid: "{{ item.ansible_job_id }}"
+          loop: "{{ ec2_instances_async.results }}"
+          loop_control:
+            index_var: index
+            label: "{{ platforms[index].name }}"
+          register: ec2_instances
+          until: ec2_instances is finished
+          retries: 300
 
-    - name: Write Molecule instance configs
-      ansible.builtin.copy:
-        dest: "{{ molecule_instance_config }}"
-        content: "{{ {} | to_yaml }}"
-        mode: "0644"
+        - name: Write Molecule instance configs
+          ansible.builtin.copy:
+            dest: "{{ molecule_instance_config }}"
+            content: "{{ {} | to_yaml }}"
 
-    - name: Destroy ephemeral security groups (if needed)
-      amazon.aws.ec2_security_group:
-        profile: "{{ item.aws_profile | default(omit) }}"
-        region: "{{ item.region | default(omit) }}"
-        vpc_id: "{{ item.vpc_id or vpc_subnet.vpc_id }}"
-        name: "{{ item.security_group_name }}"
-        state: absent
-      vars:
-        vpc_subnet: "{{ subnet_info.results[index].subnets[0] }}"
-      loop: "{{ platforms }}"
-      loop_control:
-        index_var: index
-        label: "{{ item.name }}"
-      when: item.security_groups | length == 0
+        - name: Destroy ephemeral security groups (if needed)
+          amazon.aws.ec2_security_group:
+            profile: "{{ item.aws_profile | default(omit) }}"
+            region: "{{ item.region | default(omit) }}"
+            vpc_id: "{{ item.vpc_id or vpc_subnet.vpc_id }}"
+            name: "{{ item.security_group_name }}"
+            state: absent
+          vars:
+            vpc_subnet: "{{ subnet_info.results[index].subnets[0] }}"
+          loop: "{{ platforms }}"
+          loop_control:
+            index_var: index
+            label: "{{ item.name }}"
+          when: item.security_groups | length == 0
 
-    - name: Destroy ephemeral keys (if needed)
-      amazon.aws.ec2_key:
-        profile: "{{ item.aws_profile | default(omit) }}"
-        region: "{{ item.region | default(omit) }}"
-        name: "{{ item.key_name }}"
-        state: absent
-      loop: "{{ platforms }}"
-      loop_control:
-        index_var: index
-        label: "{{ item.name }}"
-      when: item.key_inject_method == "ec2"
+        - name: Destroy ephemeral keys (if needed)
+          amazon.aws.ec2_key:
+            profile: "{{ item.aws_profile | default(omit) }}"
+            region: "{{ item.region | default(omit) }}"
+            name: "{{ item.key_name }}"
+            state: absent
+          loop: "{{ platforms }}"
+          loop_control:
+            index_var: index
+            label: "{{ item.name }}"
+          when: item.key_inject_method == "ec2"
 {%- endraw %}