From a815fdf8bbe33ac3ed18828f4e19935300b10b4c Mon Sep 17 00:00:00 2001
From: Mark Chappell <mchappel@redhat.com>
Date: Mon, 18 Nov 2019 14:48:59 +0100
Subject: [PATCH] Update Route53 IAM policy so the Route53 tests run (#64886)

---
 hacking/aws_config/testing_policies/network-policy.json | 2 ++
 test/integration/targets/route53/tasks/main.yml         | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/hacking/aws_config/testing_policies/network-policy.json b/hacking/aws_config/testing_policies/network-policy.json
index 022c9369d74..d108c1c0fd7 100644
--- a/hacking/aws_config/testing_policies/network-policy.json
+++ b/hacking/aws_config/testing_policies/network-policy.json
@@ -6,9 +6,11 @@
             "Effect": "Allow",
             "Action": [
                 "route53:CreateHostedZone",
+                "route53:ChangeResourceRecordSets",
                 "route53:DeleteHostedZone",
                 "route53:GetHostedZone",
                 "route53:ListHostedZones",
+                "route53:ListResourceRecordSets",
                 "route53:UpdateHostedZoneComment"
             ],
             "Resource": "*"
diff --git a/test/integration/targets/route53/tasks/main.yml b/test/integration/targets/route53/tasks/main.yml
index 010fe2fe129..de332a7ba0c 100644
--- a/test/integration/targets/route53/tasks/main.yml
+++ b/test/integration/targets/route53/tasks/main.yml
@@ -11,7 +11,7 @@
     group/aws:
       aws_access_key: "{{ aws_access_key }}"
       aws_secret_key: "{{ aws_secret_key }}"
-      security_token: "{{ security_token }}"
+      security_token: "{{ security_token | default(omit) }}"
       region: "{{ aws_region }}"
     route53:
       region: null