ansible/test/integration/targets/iam_password_policy/tasks/main.yaml

106 lines
2.4 KiB
YAML
Raw Normal View History

- module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:
- name: set iam password policy
iam_password_policy:
state: present
min_pw_length: 8
require_symbols: false
require_numbers: true
require_uppercase: true
require_lowercase: true
allow_pw_change: true
pw_max_age: 60
pw_reuse_prevent: 5
pw_expire: false
register: result
- name: assert that changes were made
assert:
that:
- result.changed
- name: verify iam password policy has been created
iam_password_policy:
state: present
min_pw_length: 8
require_symbols: false
require_numbers: true
require_uppercase: true
require_lowercase: true
allow_pw_change: true
pw_max_age: 60
pw_reuse_prevent: 5
pw_expire: false
register: result
- name: assert that no changes were made
assert:
that:
- not result.changed
- name: update iam password policy with different settings
iam_password_policy:
state: present
min_pw_length: 15
require_symbols: true
require_numbers: true
require_uppercase: true
require_lowercase: true
allow_pw_change: true
pw_max_age: 30
pw_reuse_prevent: 10
pw_expire: true
register: result
- name: assert that updates were made
assert:
that:
- result.changed
# Test for regression of #59102
- name: update iam password policy without expiry
iam_password_policy:
state: present
min_pw_length: 15
require_symbols: true
require_numbers: true
require_uppercase: true
require_lowercase: true
allow_pw_change: true
register: result
- name: assert that changes were made
assert:
that:
- result.changed
- name: remove iam password policy
iam_password_policy:
state: absent
register: result
- name: assert password policy has been removed
assert:
that:
- result.changed
- name: verify password policy has been removed
iam_password_policy:
state: absent
register: result
- name: assert no changes were made
assert:
that:
- not result.changed
always:
- name: remove iam password policy
iam_password_policy:
state: absent
register: result