ansible/test/integration/targets/iam_policy/tasks/main.yml

98 lines
2.5 KiB
YAML
Raw Normal View History

---
- name: 'Run integration tests for IAM (inline) Policy management'
module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:
# ============================================================
- name: Create a temporary folder for the policies
tempfile:
state: directory
register: tmpdir
- name: Copy over policy
copy:
src: no_access.json
dest: "{{ tmpdir.path }}"
- name: Copy over other policy
copy:
src: no_access_with_id.json
dest: "{{ tmpdir.path }}"
- name: Copy over other policy
copy:
src: no_access_with_second_id.json
dest: "{{ tmpdir.path }}"
# ============================================================
- name: Create user for tests
iam_user:
state: present
name: "{{ iam_name }}"
register: result
- name: Ensure user was created
assert:
that:
- result is changed
- name: Create role for tests
iam_role:
state: present
name: "{{ iam_name }}"
assume_role_policy_document: "{{ lookup('file','no_trust.json') }}"
register: result
- name: Ensure role was created
assert:
that:
- result is changed
- name: Create group for tests
iam_group:
state: present
name: "{{ iam_name }}"
register: result
- name: Ensure group was created
assert:
that:
- result is changed
# ============================================================
- name: Run tests for each type of object
include_tasks: object.yml
loop_control:
loop_var: iam_type
with_items:
- user
- group
- role
# ============================================================
always:
# ============================================================
- name: Remove user
iam_user:
state: absent
name: "{{ iam_name }}"
ignore_errors: yes
- name: Remove role
iam_role:
state: absent
name: "{{ iam_name }}"
ignore_errors: yes
- name: Remove group
iam_group:
state: absent
name: "{{ iam_name }}"
ignore_errors: yes
# ============================================================
- name: Delete temporary folder containing the policies
file:
state: absent
path: "{{ tmpdir.path }}/"