mirror of https://github.com/ansible/ansible.git
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
335 lines
9.6 KiB
YAML
335 lines
9.6 KiB
YAML
7 years ago
|
---
|
||
|
# ============================================================
|
||
|
- name: set up aws connection info
|
||
|
set_fact:
|
||
|
aws_connection_info: &aws_connection_info
|
||
|
aws_access_key: "{{ aws_access_key }}"
|
||
|
aws_secret_key: "{{ aws_secret_key }}"
|
||
|
security_token: "{{ security_token }}"
|
||
|
region: "{{ aws_region }}"
|
||
|
no_log: yes
|
||
|
# ============================================================
|
||
|
- name: test add identity policy
|
||
|
block:
|
||
|
- name: register identity
|
||
|
aws_ses_identity:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
state: present
|
||
|
<<: *aws_connection_info
|
||
|
register: identity_info
|
||
|
|
||
|
- name: register identity policy
|
||
|
aws_ses_identity_policy:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
policy_name: "{{ policy_name }}"
|
||
|
policy: "{{ lookup('template', 'policy.json.j2') }}"
|
||
|
state: present
|
||
|
<<: *aws_connection_info
|
||
|
register: result
|
||
|
|
||
|
- name: assert result.changed == True
|
||
|
assert:
|
||
|
that:
|
||
|
- result.changed == True
|
||
|
|
||
|
- name: assert result.policies contains only policy
|
||
|
assert:
|
||
|
that:
|
||
|
- result.policies|length == 1
|
||
|
- result.policies|select('equalto', policy_name)|list|length == 1
|
||
|
|
||
|
always:
|
||
|
- name: clean-up identity
|
||
|
aws_ses_identity:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
state: absent
|
||
|
<<: *aws_connection_info
|
||
|
# ============================================================
|
||
|
- name: test add duplicate identity policy
|
||
|
block:
|
||
|
- name: register identity
|
||
|
aws_ses_identity:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
state: present
|
||
|
<<: *aws_connection_info
|
||
|
register: identity_info
|
||
|
|
||
|
- name: register identity policy
|
||
|
aws_ses_identity_policy:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
policy_name: "{{ policy_name }}"
|
||
|
policy: "{{ lookup('template', 'policy.json.j2') }}"
|
||
|
state: present
|
||
|
<<: *aws_connection_info
|
||
|
|
||
|
- name: register duplicate identity policy
|
||
|
aws_ses_identity_policy:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
policy_name: "{{ policy_name }}"
|
||
|
policy: "{{ lookup('template', 'policy.json.j2') }}"
|
||
|
state: present
|
||
|
<<: *aws_connection_info
|
||
|
register: result
|
||
|
|
||
|
- name: assert result.changed == False
|
||
|
assert:
|
||
|
that:
|
||
|
- result.changed == False
|
||
|
|
||
|
- name: assert result.policies contains only policy
|
||
|
assert:
|
||
|
that:
|
||
|
- result.policies|length == 1
|
||
|
- result.policies|select('equalto', policy_name)|list|length == 1
|
||
|
|
||
|
always:
|
||
|
- name: clean-up identity
|
||
|
aws_ses_identity:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
state: absent
|
||
|
<<: *aws_connection_info
|
||
|
# ============================================================
|
||
|
- name: test add identity policy by identity arn
|
||
|
block:
|
||
|
- name: register identity
|
||
|
aws_ses_identity:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
state: present
|
||
|
<<: *aws_connection_info
|
||
|
register: identity_info
|
||
|
|
||
|
- name: register identity policy
|
||
|
aws_ses_identity_policy:
|
||
|
identity: "{{ identity_info.identity_arn }}"
|
||
|
policy_name: "{{ policy_name }}"
|
||
|
policy: "{{ lookup('template', 'policy.json.j2') }}"
|
||
|
state: present
|
||
|
<<: *aws_connection_info
|
||
|
register: result
|
||
|
|
||
|
- name: assert result.changed == True
|
||
|
assert:
|
||
|
that:
|
||
|
- result.changed == True
|
||
|
|
||
|
- name: assert result.policies contains only policy
|
||
|
assert:
|
||
|
that:
|
||
|
- result.policies|length == 1
|
||
|
- result.policies|select('equalto', policy_name)|list|length == 1
|
||
|
|
||
|
always:
|
||
|
- name: clean-up identity
|
||
|
aws_ses_identity:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
state: absent
|
||
|
<<: *aws_connection_info
|
||
|
# ============================================================
|
||
|
- name: test add multiple identity policies
|
||
|
block:
|
||
|
- name: register identity
|
||
|
aws_ses_identity:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
state: present
|
||
|
<<: *aws_connection_info
|
||
|
register: identity_info
|
||
|
|
||
|
- name: register identity policy
|
||
|
aws_ses_identity_policy:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
policy_name: "{{ policy_name }}-{{ item }}"
|
||
|
policy: "{{ lookup('template', 'policy.json.j2') }}"
|
||
|
state: present
|
||
|
<<: *aws_connection_info
|
||
|
with_items:
|
||
|
- 1
|
||
|
- 2
|
||
|
register: result
|
||
|
|
||
|
- name: assert result.policies contains policies
|
||
|
assert:
|
||
|
that:
|
||
|
- result.results[1].policies|length == 2
|
||
|
- result.results[1].policies|select('equalto', policy_name + '-1')|list|length == 1
|
||
|
- result.results[1].policies|select('equalto', policy_name + '-2')|list|length == 1
|
||
|
|
||
|
always:
|
||
|
- name: clean-up identity
|
||
|
aws_ses_identity:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
state: absent
|
||
|
<<: *aws_connection_info
|
||
|
# ============================================================
|
||
|
- name: test add inline identity policy
|
||
|
block:
|
||
|
- name: register identity
|
||
|
aws_ses_identity:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
state: present
|
||
|
<<: *aws_connection_info
|
||
|
register: identity_info
|
||
|
|
||
|
- name: register identity policy
|
||
|
aws_ses_identity_policy:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
policy_name: "{{ policy_name }}"
|
||
|
policy:
|
||
|
Id: SampleAuthorizationPolicy
|
||
|
Version: "2012-10-17"
|
||
|
Statement:
|
||
|
- Sid: DenyAll
|
||
|
Effect: Deny
|
||
|
Resource: "{{ identity_info.identity_arn }}"
|
||
|
Principal: "*"
|
||
|
Action: "*"
|
||
|
state: present
|
||
|
<<: *aws_connection_info
|
||
|
register: result
|
||
|
|
||
|
- name: assert result.changed == True
|
||
|
assert:
|
||
|
that:
|
||
|
- result.changed == True
|
||
|
|
||
|
- name: assert result.policies contains only policy
|
||
|
assert:
|
||
|
that:
|
||
|
- result.policies|length == 1
|
||
|
- result.policies|select('equalto', policy_name)|list|length == 1
|
||
|
|
||
|
- name: register duplicate identity policy
|
||
|
aws_ses_identity_policy:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
policy_name: "{{ policy_name }}"
|
||
|
policy:
|
||
|
Id: SampleAuthorizationPolicy
|
||
|
Version: "2012-10-17"
|
||
|
Statement:
|
||
|
- Sid: DenyAll
|
||
|
Effect: Deny
|
||
|
Resource: "{{ identity_info.identity_arn }}"
|
||
|
Principal: "*"
|
||
|
Action: "*"
|
||
|
state: present
|
||
|
<<: *aws_connection_info
|
||
|
register: result
|
||
|
|
||
|
- name: assert result.changed == False
|
||
|
assert:
|
||
|
that:
|
||
|
- result.changed == False
|
||
|
|
||
|
always:
|
||
|
- name: clean-up identity
|
||
|
aws_ses_identity:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
state: absent
|
||
|
<<: *aws_connection_info
|
||
|
# ============================================================
|
||
|
- name: test remove identity policy
|
||
|
block:
|
||
|
- name: register identity
|
||
|
aws_ses_identity:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
state: present
|
||
|
<<: *aws_connection_info
|
||
|
register: identity_info
|
||
|
|
||
|
- name: register identity policy
|
||
|
aws_ses_identity_policy:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
policy_name: "{{ policy_name }}"
|
||
|
policy: "{{ lookup('template', 'policy.json.j2') }}"
|
||
|
state: present
|
||
|
<<: *aws_connection_info
|
||
|
|
||
|
- name: delete identity policy
|
||
|
aws_ses_identity_policy:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
policy_name: "{{ policy_name }}"
|
||
|
state: absent
|
||
|
<<: *aws_connection_info
|
||
|
register: result
|
||
|
|
||
|
- name: assert result.changed == True
|
||
|
assert:
|
||
|
that:
|
||
|
- result.changed == True
|
||
|
|
||
|
- name: assert result.policies empty
|
||
|
assert:
|
||
|
that:
|
||
|
- result.policies|length == 0
|
||
|
|
||
|
always:
|
||
|
- name: clean-up identity
|
||
|
aws_ses_identity:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
state: absent
|
||
|
<<: *aws_connection_info
|
||
|
# ============================================================
|
||
|
- name: test remove missing identity policy
|
||
|
block:
|
||
|
- name: register identity
|
||
|
aws_ses_identity:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
state: present
|
||
|
<<: *aws_connection_info
|
||
|
register: identity_info
|
||
|
|
||
|
- name: delete identity policy
|
||
|
aws_ses_identity_policy:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
policy_name: "{{ policy_name }}"
|
||
|
state: absent
|
||
|
<<: *aws_connection_info
|
||
|
register: result
|
||
|
|
||
|
- name: assert result.changed == False
|
||
|
assert:
|
||
|
that:
|
||
|
- result.changed == False
|
||
|
|
||
|
- name: assert result.policies empty
|
||
|
assert:
|
||
|
that:
|
||
|
- result.policies|length == 0
|
||
|
|
||
|
always:
|
||
|
- name: clean-up identity
|
||
|
aws_ses_identity:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
state: absent
|
||
|
<<: *aws_connection_info
|
||
|
# ============================================================
|
||
|
- name: test add identity policy with invalid policy
|
||
|
block:
|
||
|
- name: register identity
|
||
|
aws_ses_identity:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
state: present
|
||
|
<<: *aws_connection_info
|
||
|
register: identity_info
|
||
|
|
||
|
- name: register identity policy
|
||
|
aws_ses_identity_policy:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
policy_name: "{{ policy_name }}"
|
||
|
policy: '{"noSuchAttribute": 2}'
|
||
|
state: present
|
||
|
<<: *aws_connection_info
|
||
|
register: result
|
||
|
failed_when: result.failed == False
|
||
|
|
||
|
- name: assert error.code == InvalidPolicy
|
||
|
assert:
|
||
|
that:
|
||
|
- result.error.code == 'InvalidPolicy'
|
||
|
|
||
|
always:
|
||
|
- name: clean-up identity
|
||
|
aws_ses_identity:
|
||
|
identity: "{{ domain_identity }}"
|
||
|
state: absent
|
||
|
<<: *aws_connection_info
|