s3_bucket: add integration tests (#36941)

Also update testing-policies/storage
pull/37130/head
Julien Vey 6 years ago committed by Sloane Hertel
parent 51d491f8f0
commit 7c07877b1b

@ -2,16 +2,24 @@
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AlowS3AnsibleTestBuckets",
"Sid": "AllowS3AnsibleTestBuckets",
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:DeleteObject",
"s3:GetBucketPolicy",
"s3:GetBucketRequestPayment",
"s3:GetBucketTagging",
"s3:GetBucketVersioning",
"s3:GetObject",
"s3:ListBucket",
"s3:PutBucketAcl",
"s3:CreateBucket",
"s3:PutBucketPolicy",
"s3:PutBucketRequestPayment",
"s3:PutBucketTagging",
"s3:PutBucketVersioning",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:DeleteBucket",
"s3:DeleteObject"
"s3:PutObjectAcl"
],
"Effect": "Allow",
"Resource": [

@ -0,0 +1,2 @@
cloud/aws
posix/ci/cloud/group4/aws

@ -0,0 +1,205 @@
---
- block:
# ============================================================
- name: set connection information for all tasks
set_fact:
aws_connection_info: &aws_connection_info
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token }}"
region: "{{ aws_region }}"
no_log: true
# ============================================================
- name: Create simple s3_bucket
s3_bucket:
name: "{{ resource_prefix }}-testbucket-ansible"
state: present
<<: *aws_connection_info
register: output
- assert:
that:
- output.changed
- output.name == '{{ resource_prefix }}-testbucket-ansible'
- not output.requester_pays
# ============================================================
- name: Try to update the same bucket with the same values
s3_bucket:
name: "{{ resource_prefix }}-testbucket-ansible"
state: present
<<: *aws_connection_info
register: output
- assert:
that:
- not output.changed
- output.name == '{{ resource_prefix }}-testbucket-ansible'
- not output.requester_pays
# ============================================================
- name: Delete s3_bucket
s3_bucket:
name: "{{ resource_prefix }}-testbucket-ansible"
state: absent
<<: *aws_connection_info
register: output
- assert:
that:
- output.changed
# ============================================================
- name: Set bucket_name variable to be able to use it in lookup('template')
set_fact:
bucket_name: "{{ resource_prefix }}-testbucket-ansible-complex"
- name: Create more complex s3_bucket
s3_bucket:
name: "{{ resource_prefix }}-testbucket-ansible-complex"
state: present
policy: "{{ lookup('template','policy.json') }}"
requester_pays: yes
versioning: yes
tags:
example: tag1
another: tag2
<<: *aws_connection_info
register: output
- assert:
that:
- output.changed
- output.name == '{{ resource_prefix }}-testbucket-ansible-complex'
- output.requester_pays
- output.versioning.MfaDelete == 'Disabled'
- output.versioning.Versioning == 'Enabled'
- output.tags.example == 'tag1'
- output.tags.another == 'tag2'
- output.policy.Statement[0].Action == 's3:GetObject'
- output.policy.Statement[0].Effect == 'Allow'
- output.policy.Statement[0].Principal == '*'
- output.policy.Statement[0].Resource == 'arn:aws:s3:::{{ resource_prefix }}-testbucket-ansible-complex/*'
- output.policy.Statement[0].Sid == 'AddPerm'
# ============================================================
- name: Try to update the same complex s3_bucket
s3_bucket:
name: "{{ resource_prefix }}-testbucket-ansible-complex"
state: present
policy: "{{ lookup('template','policy.json') }}"
requester_pays: yes
versioning: yes
tags:
example: tag1
another: tag2
<<: *aws_connection_info
register: output
- assert:
that:
- not output.changed
# ============================================================
- name: Update bucket policy
s3_bucket:
name: "{{ resource_prefix }}-testbucket-ansible-complex"
state: present
policy: "{{ lookup('template','policy-updated.json') }}"
requester_pays: yes
versioning: yes
tags:
example: tag1
another: tag2
<<: *aws_connection_info
register: output
- assert:
that:
- output.changed
- output.policy.Statement[0].Action == 's3:GetObject'
- output.policy.Statement[0].Effect == 'Deny'
- output.policy.Statement[0].Principal == '*'
- output.policy.Statement[0].Resource == 'arn:aws:s3:::{{ resource_prefix }}-testbucket-ansible-complex/*'
- output.policy.Statement[0].Sid == 'AddPerm'
# ============================================================
- name: Update attributes for s3_bucket
s3_bucket:
name: "{{ resource_prefix }}-testbucket-ansible-complex"
state: present
policy: "{{ lookup('template','policy.json') }}"
requester_pays: no
versioning: no
tags:
example: tag1-udpated
another: tag2
<<: *aws_connection_info
register: output
- assert:
that:
- output.changed
- output.name == '{{ resource_prefix }}-testbucket-ansible-complex'
- not output.requester_pays
- output.versioning.MfaDelete == 'Disabled'
- output.versioning.Versioning == 'Suspended'
- output.tags.example == 'tag1-udpated'
- output.tags.another == 'tag2'
- output.policy.Statement[0].Action == 's3:GetObject'
- output.policy.Statement[0].Effect == 'Allow'
- output.policy.Statement[0].Principal == '*'
- output.policy.Statement[0].Resource == 'arn:aws:s3:::{{ resource_prefix }}-testbucket-ansible-complex/*'
- output.policy.Statement[0].Sid == 'AddPerm'
# ============================================================
- name: Delete s3_bucket
s3_bucket:
name: "{{ resource_prefix }}-testbucket-ansible-complex"
state: absent
<<: *aws_connection_info
register: output
- assert:
that:
- output.changed
# ============================================================
- name: Create bucket with dot in name
s3_bucket:
name: "{{ resource_prefix }}.testbucket.ansible"
state: present
<<: *aws_connection_info
register: output
- assert:
that:
- output.changed
- output.name == '{{ resource_prefix }}.testbucket.ansible'
- name: Delete s3_bucket
s3_bucket:
name: "{{ resource_prefix }}.testbucket.ansible"
state: absent
<<: *aws_connection_info
register: output
- assert:
that:
- output.changed
# ============================================================
always:
- name: Ensure all buckets are deleted
s3_bucket:
name: "{{item}}"
state: absent
<<: *aws_connection_info
with_items:
- "{{ resource_prefix }}-testbucket-ansible"
- "{{ resource_prefix }}-testbucket-ansible-complex"
- "{{ resource_prefix }}.testbucket.ansible"

@ -0,0 +1,12 @@
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddPerm",
"Effect":"Deny",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::{{bucket_name}}/*"]
}
]
}

@ -0,0 +1,12 @@
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddPerm",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::{{bucket_name}}/*"]
}
]
}
Loading…
Cancel
Save