--- # ============================================================ - name: set up aws connection info set_fact: aws_connection_info: &aws_connection_info aws_access_key: "{{ aws_access_key }}" aws_secret_key: "{{ aws_secret_key }}" security_token: "{{ security_token }}" region: "{{ aws_region }}" no_log: yes # ============================================================ - name: test add identity policy block: - name: register identity aws_ses_identity: identity: "{{ domain_identity }}" state: present <<: *aws_connection_info register: identity_info - name: register identity policy aws_ses_identity_policy: identity: "{{ domain_identity }}" policy_name: "{{ policy_name }}" policy: "{{ lookup('template', 'policy.json.j2') }}" state: present <<: *aws_connection_info register: result - name: assert result.changed == True assert: that: - result.changed == True - name: assert result.policies contains only policy assert: that: - result.policies|length == 1 - result.policies|select('equalto', policy_name)|list|length == 1 always: - name: clean-up identity aws_ses_identity: identity: "{{ domain_identity }}" state: absent <<: *aws_connection_info # ============================================================ - name: test add duplicate identity policy block: - name: register identity aws_ses_identity: identity: "{{ domain_identity }}" state: present <<: *aws_connection_info register: identity_info - name: register identity policy aws_ses_identity_policy: identity: "{{ domain_identity }}" policy_name: "{{ policy_name }}" policy: "{{ lookup('template', 'policy.json.j2') }}" state: present <<: *aws_connection_info - name: register duplicate identity policy aws_ses_identity_policy: identity: "{{ domain_identity }}" policy_name: "{{ policy_name }}" policy: "{{ lookup('template', 'policy.json.j2') }}" state: present <<: *aws_connection_info register: result - name: assert result.changed == False assert: that: - result.changed == False - name: assert result.policies contains only policy assert: that: - result.policies|length == 1 - result.policies|select('equalto', policy_name)|list|length == 1 always: - name: clean-up identity aws_ses_identity: identity: "{{ domain_identity }}" state: absent <<: *aws_connection_info # ============================================================ - name: test add identity policy by identity arn block: - name: register identity aws_ses_identity: identity: "{{ domain_identity }}" state: present <<: *aws_connection_info register: identity_info - name: register identity policy aws_ses_identity_policy: identity: "{{ identity_info.identity_arn }}" policy_name: "{{ policy_name }}" policy: "{{ lookup('template', 'policy.json.j2') }}" state: present <<: *aws_connection_info register: result - name: assert result.changed == True assert: that: - result.changed == True - name: assert result.policies contains only policy assert: that: - result.policies|length == 1 - result.policies|select('equalto', policy_name)|list|length == 1 always: - name: clean-up identity aws_ses_identity: identity: "{{ domain_identity }}" state: absent <<: *aws_connection_info # ============================================================ - name: test add multiple identity policies block: - name: register identity aws_ses_identity: identity: "{{ domain_identity }}" state: present <<: *aws_connection_info register: identity_info - name: register identity policy aws_ses_identity_policy: identity: "{{ domain_identity }}" policy_name: "{{ policy_name }}-{{ item }}" policy: "{{ lookup('template', 'policy.json.j2') }}" state: present <<: *aws_connection_info with_items: - 1 - 2 register: result - name: assert result.policies contains policies assert: that: - result.results[1].policies|length == 2 - result.results[1].policies|select('equalto', policy_name + '-1')|list|length == 1 - result.results[1].policies|select('equalto', policy_name + '-2')|list|length == 1 always: - name: clean-up identity aws_ses_identity: identity: "{{ domain_identity }}" state: absent <<: *aws_connection_info # ============================================================ - name: test add inline identity policy block: - name: register identity aws_ses_identity: identity: "{{ domain_identity }}" state: present <<: *aws_connection_info register: identity_info - name: register identity policy aws_ses_identity_policy: identity: "{{ domain_identity }}" policy_name: "{{ policy_name }}" policy: Id: SampleAuthorizationPolicy Version: "2012-10-17" Statement: - Sid: DenyAll Effect: Deny Resource: "{{ identity_info.identity_arn }}" Principal: "*" Action: "*" state: present <<: *aws_connection_info register: result - name: assert result.changed == True assert: that: - result.changed == True - name: assert result.policies contains only policy assert: that: - result.policies|length == 1 - result.policies|select('equalto', policy_name)|list|length == 1 - name: register duplicate identity policy aws_ses_identity_policy: identity: "{{ domain_identity }}" policy_name: "{{ policy_name }}" policy: Id: SampleAuthorizationPolicy Version: "2012-10-17" Statement: - Sid: DenyAll Effect: Deny Resource: "{{ identity_info.identity_arn }}" Principal: "*" Action: "*" state: present <<: *aws_connection_info register: result - name: assert result.changed == False assert: that: - result.changed == False always: - name: clean-up identity aws_ses_identity: identity: "{{ domain_identity }}" state: absent <<: *aws_connection_info # ============================================================ - name: test remove identity policy block: - name: register identity aws_ses_identity: identity: "{{ domain_identity }}" state: present <<: *aws_connection_info register: identity_info - name: register identity policy aws_ses_identity_policy: identity: "{{ domain_identity }}" policy_name: "{{ policy_name }}" policy: "{{ lookup('template', 'policy.json.j2') }}" state: present <<: *aws_connection_info - name: delete identity policy aws_ses_identity_policy: identity: "{{ domain_identity }}" policy_name: "{{ policy_name }}" state: absent <<: *aws_connection_info register: result - name: assert result.changed == True assert: that: - result.changed == True - name: assert result.policies empty assert: that: - result.policies|length == 0 always: - name: clean-up identity aws_ses_identity: identity: "{{ domain_identity }}" state: absent <<: *aws_connection_info # ============================================================ - name: test remove missing identity policy block: - name: register identity aws_ses_identity: identity: "{{ domain_identity }}" state: present <<: *aws_connection_info register: identity_info - name: delete identity policy aws_ses_identity_policy: identity: "{{ domain_identity }}" policy_name: "{{ policy_name }}" state: absent <<: *aws_connection_info register: result - name: assert result.changed == False assert: that: - result.changed == False - name: assert result.policies empty assert: that: - result.policies|length == 0 always: - name: clean-up identity aws_ses_identity: identity: "{{ domain_identity }}" state: absent <<: *aws_connection_info # ============================================================ - name: test add identity policy with invalid policy block: - name: register identity aws_ses_identity: identity: "{{ domain_identity }}" state: present <<: *aws_connection_info register: identity_info - name: register identity policy aws_ses_identity_policy: identity: "{{ domain_identity }}" policy_name: "{{ policy_name }}" policy: '{"noSuchAttribute": 2}' state: present <<: *aws_connection_info register: result failed_when: result.failed == False - name: assert error.code == InvalidPolicy assert: that: - result.error.code == 'InvalidPolicy' always: - name: clean-up identity aws_ses_identity: identity: "{{ domain_identity }}" state: absent <<: *aws_connection_info