2019-09-06 01:25:36 +02:00
|
|
|
---
|
2018-09-18 01:53:44 +02:00
|
|
|
- name: set up aws connection info
|
2019-09-06 01:25:36 +02:00
|
|
|
module_defaults:
|
|
|
|
group/aws:
|
2018-09-18 01:53:44 +02:00
|
|
|
aws_access_key: "{{ aws_access_key }}"
|
|
|
|
aws_secret_key: "{{ aws_secret_key }}"
|
2019-09-06 01:25:36 +02:00
|
|
|
security_token: "{{ security_token | default(omit) }}"
|
2018-09-18 01:53:44 +02:00
|
|
|
region: "{{ aws_region }}"
|
2019-09-06 01:25:36 +02:00
|
|
|
block:
|
|
|
|
- name: ensure ansible user exists
|
|
|
|
iam_user:
|
|
|
|
name: '{{ test_user }}'
|
|
|
|
state: present
|
|
|
|
|
|
|
|
- name: ensure group exists
|
|
|
|
iam_group:
|
|
|
|
name: '{{ test_group }}'
|
|
|
|
users:
|
|
|
|
- '{{ test_user }}'
|
|
|
|
state: present
|
|
|
|
register: iam_group
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- iam_group.iam_group.users
|
|
|
|
- iam_group is changed
|
|
|
|
|
|
|
|
- name: add non existent user to group
|
|
|
|
iam_group:
|
|
|
|
name: '{{ test_group }}'
|
|
|
|
users:
|
|
|
|
- '{{ test_user }}'
|
|
|
|
- NonExistentUser
|
|
|
|
state: present
|
|
|
|
ignore_errors: yes
|
|
|
|
register: iam_group
|
|
|
|
|
|
|
|
- name: assert that adding non existent user to group fails with helpful message
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- iam_group is failed
|
|
|
|
- iam_group.msg.startswith("Couldn't add user NonExistentUser to group {{ test_group }}")
|
|
|
|
|
|
|
|
- name: remove a user
|
|
|
|
iam_group:
|
|
|
|
name: '{{ test_group }}'
|
|
|
|
purge_users: True
|
|
|
|
users: []
|
|
|
|
state: present
|
|
|
|
register: iam_group
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- iam_group is changed
|
|
|
|
- not iam_group.iam_group.users
|
|
|
|
|
|
|
|
- name: re-remove a user (no change)
|
|
|
|
iam_group:
|
|
|
|
name: '{{ test_group }}'
|
|
|
|
purge_users: True
|
|
|
|
users: []
|
|
|
|
state: present
|
|
|
|
register: iam_group
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- iam_group is not changed
|
|
|
|
- not iam_group.iam_group.users
|
|
|
|
|
|
|
|
- name: Add the user again
|
|
|
|
iam_group:
|
|
|
|
name: '{{ test_group }}'
|
|
|
|
users:
|
|
|
|
- '{{ test_user }}'
|
|
|
|
state: present
|
|
|
|
register: iam_group
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- iam_group is changed
|
|
|
|
- iam_group.iam_group.users
|
|
|
|
|
|
|
|
- name: Re-add the user
|
|
|
|
iam_group:
|
|
|
|
name: '{{ test_group }}'
|
|
|
|
users:
|
|
|
|
- '{{ test_user }}'
|
|
|
|
state: present
|
|
|
|
register: iam_group
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- iam_group is not changed
|
|
|
|
- iam_group.iam_group.users
|
|
|
|
|
|
|
|
- name: remove group
|
|
|
|
iam_group:
|
|
|
|
name: '{{ test_group }}'
|
|
|
|
state: absent
|
|
|
|
register: iam_group
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- iam_group is changed
|
|
|
|
|
|
|
|
- name: re-remove group
|
|
|
|
iam_group:
|
|
|
|
name: '{{ test_group }}'
|
|
|
|
state: absent
|
|
|
|
register: iam_group
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- iam_group is not changed
|
|
|
|
|
|
|
|
always:
|
|
|
|
- name: remove group
|
|
|
|
iam_group:
|
|
|
|
name: '{{ test_group }}'
|
|
|
|
state: absent
|
|
|
|
|
|
|
|
- name: remove ansible user
|
|
|
|
iam_user:
|
|
|
|
name: '{{ test_user }}'
|
|
|
|
state: absent
|