ec2_platform: Named security groups are not unique to job runs
#8
Labels
bug
Something isn't working
Comments
|
This should probably be updated to skip the delete step if the security group doesn't have a tag on it for the currently running job. Furthermore, if the security group already exists, that tag should not be added in order to prevent destruction of SGs that have relevance outside of a particular molecule job run. |
syndr
added a commit
that referenced
this issue
Jan 23, 2025
Refactor molecule.docker_platform role to handle specifically docker testing containers and not molecule inventory files Molecule inventory files are now managed by the new molecule.platform role. References to docker_platform in molecule create.yml or destroy.yml files should be updated to use this role in order to work with this version Add molecule.ec2_platform role, which allows creation and use of ephemeral ec2 instances for test environments. Update molecule.init role to support deployment of both docker and ec2 platforms. Note that only one platform type is supported per scenario! Also note that there are differences between the Molecule configuration for each platform, so this init role should be used to deploy the appropriate templates!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If a security group is specified by name, all job runs will match the same group based on specifically that name. This becomes an issue when there are multiple test jobs running concurrently, as the
destroystep of one job will remove the security group that is being used by the other (still running) job.Named security groups are necessary for any tests where multiple instances need to communicate with each other (any clustered application).
These groups should have a tag applied with the unique ID for the currently running Molecule job, and adds/deletes should filter based upon that value to avoid trampling on other tests.
The text was updated successfully, but these errors were encountered: