|
|
|
---
|
|
|
|
- name: 'Run integration tests for IAM (inline) Policy management'
|
|
|
|
module_defaults:
|
|
|
|
group/aws:
|
|
|
|
aws_access_key: "{{ aws_access_key }}"
|
|
|
|
aws_secret_key: "{{ aws_secret_key }}"
|
|
|
|
security_token: "{{ security_token | default(omit) }}"
|
|
|
|
region: "{{ aws_region }}"
|
|
|
|
block:
|
|
|
|
# ============================================================
|
|
|
|
- name: Create a temporary folder for the policies
|
|
|
|
tempfile:
|
|
|
|
state: directory
|
|
|
|
register: tmpdir
|
|
|
|
- name: Copy over policy
|
|
|
|
copy:
|
|
|
|
src: no_access.json
|
|
|
|
dest: "{{ tmpdir.path }}"
|
|
|
|
- name: Copy over other policy
|
|
|
|
copy:
|
|
|
|
src: no_access_with_id.json
|
|
|
|
dest: "{{ tmpdir.path }}"
|
|
|
|
- name: Copy over other policy
|
|
|
|
copy:
|
|
|
|
src: no_access_with_second_id.json
|
|
|
|
dest: "{{ tmpdir.path }}"
|
|
|
|
|
|
|
|
# ============================================================
|
|
|
|
- name: Create user for tests
|
|
|
|
iam_user:
|
|
|
|
state: present
|
|
|
|
name: "{{ iam_name }}"
|
|
|
|
register: result
|
|
|
|
- name: Ensure user was created
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- result is changed
|
|
|
|
|
|
|
|
- name: Create role for tests
|
|
|
|
iam_role:
|
|
|
|
state: present
|
|
|
|
name: "{{ iam_name }}"
|
|
|
|
assume_role_policy_document: "{{ lookup('file','no_trust.json') }}"
|
|
|
|
register: result
|
|
|
|
- name: Ensure role was created
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- result is changed
|
|
|
|
|
|
|
|
- name: Create group for tests
|
|
|
|
iam_group:
|
|
|
|
state: present
|
|
|
|
name: "{{ iam_name }}"
|
|
|
|
register: result
|
|
|
|
- name: Ensure group was created
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- result is changed
|
|
|
|
|
|
|
|
# ============================================================
|
|
|
|
|
|
|
|
- name: Run tests for each type of object
|
|
|
|
include_tasks: object.yml
|
|
|
|
loop_control:
|
|
|
|
loop_var: iam_type
|
|
|
|
with_items:
|
|
|
|
- user
|
|
|
|
- group
|
|
|
|
- role
|
|
|
|
|
|
|
|
# ============================================================
|
|
|
|
|
|
|
|
always:
|
|
|
|
# ============================================================
|
|
|
|
- name: Remove user
|
|
|
|
iam_user:
|
|
|
|
state: absent
|
|
|
|
name: "{{ iam_name }}"
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: Remove role
|
|
|
|
iam_role:
|
|
|
|
state: absent
|
|
|
|
name: "{{ iam_name }}"
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: Remove group
|
|
|
|
iam_group:
|
|
|
|
state: absent
|
|
|
|
name: "{{ iam_name }}"
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
# ============================================================
|
|
|
|
- name: Delete temporary folder containing the policies
|
|
|
|
file:
|
|
|
|
state: absent
|
|
|
|
path: "{{ tmpdir.path }}/"
|