ansible/test/integration/targets/iam_policy/tasks/object.yml
Mark Chappell bd6d4b5b3a New module: iam_policy_info (#62955)
* iam_policy: (integration tests) migrate to module_defaults

* iam_policy: (integration tests) Rework iam_policy integration tests

* iam_policy_info: Add new module and add iam_policy_info tests to iam_policy integration tests
2019-10-23 13:04:25 -07:00

1044 lines
36 KiB
YAML

---
- name: 'Run integration tests for IAM (inline) Policy management on {{ iam_type }}s'
vars:
iam_object_key: '{{ iam_type }}_name'
block:
# ============================================================
- name: 'Fetch policies from {{ iam_type }} before making changes'
iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
register: iam_policy_info
- name: 'Assert empty policy list'
assert:
that:
- iam_policy_info is succeeded
- iam_policy_info.policies | length == 0
- iam_policy_info.all_policy_names | length == 0
- iam_policy_info.policy_names | length == 0
- name: 'Fetch policies from non-existent {{ iam_type }}'
iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}-junk'
register: iam_policy_info
- name: 'Assert not failed'
assert:
that:
- iam_policy_info is succeeded
# ============================================================
#- name: 'Create policy using document for {{ iam_type }} (check mode)'
# check_mode: yes
# iam_policy:
# state: present
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_a }}'
# policy_document: '{{ tmpdir.path }}/no_access.json'
# skip_duplicates: yes
# register: result
#- name: 'Assert policy would be added for {{ iam_type }}'
# assert:
# that:
# - result is changed
- name: 'Create policy using document for {{ iam_type }}'
iam_policy:
state: present
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_a }}'
policy_document: '{{ tmpdir.path }}/no_access.json'
skip_duplicates: yes
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
register: iam_policy_info
- name: 'Assert policy was added for {{ iam_type }}'
assert:
that:
- result is changed
- result.policies | length == 1
- iam_policy_name_a in result.policies
- result[iam_object_key] == iam_name
- iam_policy_name_a in iam_policy_info.policy_names
- iam_policy_info.policy_names | length == 1
- iam_policy_info.policies | length == 1
- iam_policy_name_a in iam_policy_info.all_policy_names
- iam_policy_info.all_policy_names | length == 1
- iam_policy_info.policies[0].policy_name == iam_policy_name_a
- '"Id" not in iam_policy_info.policies[0].policy_document'
- name: 'Create policy using document for {{ iam_type }} (idempotency)'
iam_policy:
state: present
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_a }}'
policy_document: '{{ tmpdir.path }}/no_access.json'
skip_duplicates: yes
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
register: iam_policy_info
- name: 'Assert no change'
assert:
that:
- result is not changed
- result.policies | length == 1
- iam_policy_name_a in result.policies
- result[iam_object_key] == iam_name
- iam_policy_info.policies | length == 1
- iam_policy_info.all_policy_names | length == 1
- iam_policy_name_a in iam_policy_info.all_policy_names
- iam_policy_info.policies[0].policy_name == iam_policy_name_a
- '"Id" not in iam_policy_info.policies[0].policy_document'
# ============================================================
#- name: 'Create policy using document for {{ iam_type }} (check mode) (skip_duplicates)'
# check_mode: yes
# iam_policy:
# state: present
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_b }}'
# policy_document: '{{ tmpdir.path }}/no_access.json'
# skip_duplicates: yes
# register: result
#- iam_policy_info:
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_b }}'
# register: iam_policy_info
#- name: 'Assert policy would be added for {{ iam_type }}'
# assert:
# that:
# - result is not changed
# - iam_policy_info.all_policy_names | length == 1
# - '"policies" not in iam_policy_info'
# - iam_policy_name_b not in iam_policy_info.all_policy_names
- name: 'Create policy using document for {{ iam_type }} (skip_duplicates)'
iam_policy:
state: present
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_b }}'
policy_document: '{{ tmpdir.path }}/no_access.json'
skip_duplicates: yes
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_b }}'
register: iam_policy_info
- name: 'Assert policy was not added for {{ iam_type }} (skip_duplicates)'
assert:
that:
- result is not changed
- result.policies | length == 1
- iam_policy_name_b not in result.policies
- result[iam_object_key] == iam_name
- '"policies" not in iam_policy_info'
- '"policy_names" not in iam_policy_info'
- iam_policy_info.all_policy_names | length == 1
- iam_policy_name_b not in iam_policy_info.all_policy_names
#- name: 'Create policy using document for {{ iam_type }} (check mode) (skip_duplicates = no)'
# check_mode: yes
# iam_policy:
# state: present
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_b }}'
# policy_document: '{{ tmpdir.path }}/no_access.json'
# skip_duplicates: no
# register: result
#- iam_policy_info:
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_b }}'
# register: iam_policy_info
#- name: 'Assert policy would be added for {{ iam_type }}'
# assert:
# that:
# - result.changed == True
# - '"policies" not in iam_policy_info'
# - iam_policy_info.all_policy_names | length == 1
# - iam_policy_name_a in iam_policy_info.all_policy_names
# - iam_policy_name_b not in iam_policy_info.all_policy_names
- name: 'Create policy using document for {{ iam_type }} (skip_duplicates = no)'
iam_policy:
state: present
skip_duplicates: no
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_b }}'
policy_document: '{{ tmpdir.path }}/no_access.json'
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_b }}'
register: iam_policy_info
- name: 'Assert policy was added for {{ iam_type }}'
assert:
that:
- result is changed
- result.policies | length == 2
- iam_policy_name_b in result.policies
- result[iam_object_key] == iam_name
- iam_policy_info.policies | length == 1
- iam_policy_info.all_policy_names | length == 2
- iam_policy_name_a in iam_policy_info.all_policy_names
- iam_policy_name_b in iam_policy_info.all_policy_names
- iam_policy_info.policies[0].policy_name == iam_policy_name_b
- '"Id" not in iam_policy_info.policies[0].policy_document'
- name: 'Create policy using document for {{ iam_type }} (idempotency) (skip_duplicates = no)'
iam_policy:
state: present
skip_duplicates: no
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_b }}'
policy_document: '{{ tmpdir.path }}/no_access.json'
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_b }}'
register: iam_policy_info
- name: 'Assert no change'
assert:
that:
- result is not changed
- result.policies | length == 2
- iam_policy_name_b in result.policies
- result[iam_object_key] == iam_name
- iam_policy_info.policies | length == 1
- iam_policy_name_a in iam_policy_info.all_policy_names
- iam_policy_name_b in iam_policy_info.all_policy_names
- iam_policy_info.all_policy_names | length == 2
- iam_policy_info.policies[0].policy_name == iam_policy_name_b
- '"Id" not in iam_policy_info.policies[0].policy_document'
# ============================================================
#- name: 'Create policy using json for {{ iam_type }} (check mode)'
# check_mode: yes
# iam_policy:
# state: present
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_c }}'
# policy_json: '{{ lookup("file", "{{ tmpdir.path }}/no_access_with_id.json") }}'
# skip_duplicates: yes
# register: result
#- iam_policy_info:
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_c }}'
# register: iam_policy_info
#- name: 'Assert policy would be added for {{ iam_type }}'
# assert:
# that:
# - result is changed
# - '"policies" not in iam_policy_info'
# - iam_policy_info.all_policy_names | length == 2
# - iam_policy_name_c not in iam_policy_info.all_policy_names
# - iam_policy_name_a in iam_policy_info.all_policy_names
# - iam_policy_name_b in iam_policy_info.all_policy_names
- name: 'Create policy using json for {{ iam_type }}'
iam_policy:
state: present
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_c }}'
policy_json: '{{ lookup("file", "{{ tmpdir.path }}/no_access_with_id.json") }}'
skip_duplicates: yes
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_c }}'
register: iam_policy_info
- name: 'Assert policy was added for {{ iam_type }}'
assert:
that:
- result is changed
- result.policies | length == 3
- iam_policy_name_c in result.policies
- result[iam_object_key] == iam_name
- iam_policy_info.policies | length == 1
- iam_policy_name_a in iam_policy_info.all_policy_names
- iam_policy_name_b in iam_policy_info.all_policy_names
- iam_policy_name_c in iam_policy_info.all_policy_names
- iam_policy_info.all_policy_names | length == 3
- iam_policy_info.policies[0].policy_name == iam_policy_name_c
- iam_policy_info.policies[0].policy_document.Id == 'MyId'
- name: 'Create policy using json for {{ iam_type }} (idempotency)'
iam_policy:
state: present
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_c }}'
policy_json: '{{ lookup("file", "{{ tmpdir.path }}/no_access_with_id.json") }}'
skip_duplicates: yes
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_c }}'
register: iam_policy_info
- name: 'Assert no change'
assert:
that:
- result is not changed
- result.policies | length == 3
- iam_policy_name_c in result.policies
- result[iam_object_key] == iam_name
- iam_policy_name_a in iam_policy_info.all_policy_names
- iam_policy_name_b in iam_policy_info.all_policy_names
- iam_policy_name_c in iam_policy_info.all_policy_names
- iam_policy_info.all_policy_names | length == 3
- iam_policy_info.policies[0].policy_name == iam_policy_name_c
- iam_policy_info.policies[0].policy_document.Id == 'MyId'
# ============================================================
#- name: 'Create policy using json for {{ iam_type }} (check mode) (skip_duplicates)'
# check_mode: yes
# iam_policy:
# state: present
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_d }}'
# policy_json: '{{ lookup("file", "{{ tmpdir.path }}/no_access_with_id.json") }}'
# skip_duplicates: yes
# register: result
#- iam_policy_info:
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_d }}'
# register: iam_policy_info
#- name: 'Assert policy would be added for {{ iam_type }}'
# assert:
# that:
# - result is not changed
# - iam_policy_name_a in iam_policy_info.all_policy_names
# - iam_policy_name_b in iam_policy_info.all_policy_names
# - iam_policy_name_c in iam_policy_info.all_policy_names
# - iam_policy_name_d not in iam_policy_info.all_policy_names
# - iam_policy_info.all_policy_names | length == 3
# - '"policies" not in iam_policy_info'
- name: 'Create policy using json for {{ iam_type }} (skip_duplicates)'
iam_policy:
state: present
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_d }}'
policy_json: '{{ lookup("file", "{{ tmpdir.path }}/no_access_with_id.json") }}'
skip_duplicates: yes
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_d }}'
register: iam_policy_info
- name: 'Assert policy was not added for {{ iam_type }} (skip_duplicates)'
assert:
that:
- result is not changed
- result.policies | length == 3
- iam_policy_name_d not in result.policies
- result[iam_object_key] == iam_name
- iam_policy_name_a in iam_policy_info.all_policy_names
- iam_policy_name_b in iam_policy_info.all_policy_names
- iam_policy_name_c in iam_policy_info.all_policy_names
- iam_policy_name_d not in iam_policy_info.all_policy_names
- iam_policy_info.all_policy_names | length == 3
- '"policies" not in iam_policy_info'
#- name: 'Create policy using json for {{ iam_type }} (check mode) (skip_duplicates = no)'
# check_mode: yes
# iam_policy:
# state: present
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_d }}'
# policy_json: '{{ lookup("file", "{{ tmpdir.path }}/no_access_with_id.json") }}'
# skip_duplicates: no
# register: result
#- iam_policy_info:
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_d }}'
# register: iam_policy_info
#- name: 'Assert policy would be added for {{ iam_type }}'
# assert:
# that:
# - result.changed == True
- name: 'Create policy using json for {{ iam_type }} (skip_duplicates = no)'
iam_policy:
state: present
skip_duplicates: no
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_d }}'
policy_json: '{{ lookup("file", "{{ tmpdir.path }}/no_access_with_id.json") }}'
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_d }}'
register: iam_policy_info
- name: 'Assert policy was added for {{ iam_type }}'
assert:
that:
- result is changed
- result.policies | length == 4
- iam_policy_name_d in result.policies
- result[iam_object_key] == iam_name
- iam_policy_name_a in iam_policy_info.all_policy_names
- iam_policy_name_b in iam_policy_info.all_policy_names
- iam_policy_name_c in iam_policy_info.all_policy_names
- iam_policy_name_d in iam_policy_info.all_policy_names
- iam_policy_name_a not in iam_policy_info.policy_names
- iam_policy_name_b not in iam_policy_info.policy_names
- iam_policy_name_c not in iam_policy_info.policy_names
- iam_policy_name_d in iam_policy_info.policy_names
- iam_policy_info.policy_names | length == 1
- iam_policy_info.all_policy_names | length == 4
- iam_policy_info.policies[0].policy_name == iam_policy_name_d
- iam_policy_info.policies[0].policy_document.Id == 'MyId'
- name: 'Create policy using json for {{ iam_type }} (idempotency) (skip_duplicates = no)'
iam_policy:
state: present
skip_duplicates: no
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_d }}'
policy_json: '{{ lookup("file", "{{ tmpdir.path }}/no_access_with_id.json") }}'
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_d }}'
register: iam_policy_info
- name: 'Assert no change'
assert:
that:
- result is not changed
- result.policies | length == 4
- iam_policy_name_d in result.policies
- result[iam_object_key] == iam_name
- iam_policy_name_a in iam_policy_info.all_policy_names
- iam_policy_name_b in iam_policy_info.all_policy_names
- iam_policy_name_c in iam_policy_info.all_policy_names
- iam_policy_name_d in iam_policy_info.all_policy_names
- iam_policy_info.all_policy_names | length == 4
- iam_policy_info.policies[0].policy_name == iam_policy_name_d
- iam_policy_info.policies[0].policy_document.Id == 'MyId'
# ============================================================
- name: 'Test fetching multiple policies from {{ iam_type }}'
iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
register: iam_policy_info
- name: 'Assert all policies returned'
assert:
that:
- iam_policy_info is succeeded
- iam_policy_info.policies | length == 4
- iam_policy_info.all_policy_names | length == 4
- iam_policy_name_a in iam_policy_info.all_policy_names
- iam_policy_name_b in iam_policy_info.all_policy_names
- iam_policy_name_c in iam_policy_info.all_policy_names
- iam_policy_name_d in iam_policy_info.all_policy_names
# Quick test that the policies are the ones we expect
- iam_policy_info.policies | json_query('[*].policy_name') | length == 4
- iam_policy_info.policies | json_query('[?policy_document.Id == `MyId`].policy_name') | length == 2
- iam_policy_name_c in (iam_policy_info.policies | json_query('[?policy_document.Id == `MyId`].policy_name') | list)
- iam_policy_name_d in (iam_policy_info.policies | json_query('[?policy_document.Id == `MyId`].policy_name') | list)
# ============================================================
#- name: 'Update policy using document for {{ iam_type }} (check mode) (skip_duplicates)'
# check_mode: yes
# iam_policy:
# state: present
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_a }}'
# policy_document: '{{ tmpdir.path }}/no_access_with_id.json'
# skip_duplicates: yes
# register: result
#- iam_policy_info:
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_a }}'
# register: iam_policy_info
#- name: 'Assert policy would be added for {{ iam_type }}'
# assert:
# that:
# - result is not changed
# - iam_policy_info.policies[0].policy_name == iam_policy_name_a
# - '"Id" not in iam_policy_info.policies[0].policy_document'
- name: 'Update policy using document for {{ iam_type }} (skip_duplicates)'
iam_policy:
state: present
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_a }}'
policy_document: '{{ tmpdir.path }}/no_access_with_id.json'
skip_duplicates: yes
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_a }}'
register: iam_policy_info
- name: 'Assert policy was not updated for {{ iam_type }} (skip_duplicates)'
assert:
that:
- result is not changed
- result.policies | length == 4
- iam_policy_name_a in result.policies
- result[iam_object_key] == iam_name
- iam_policy_info.all_policy_names | length == 4
- iam_policy_info.policies[0].policy_name == iam_policy_name_a
- '"Id" not in iam_policy_info.policies[0].policy_document'
#- name: 'Update policy using document for {{ iam_type }} (check mode) (skip_duplicates = no)'
# check_mode: yes
# iam_policy:
# state: present
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_a }}'
# policy_document: '{{ tmpdir.path }}/no_access_with_id.json'
# skip_duplicates: no
# register: result
#- iam_policy_info:
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_a }}'
# register: iam_policy_info
#- name: 'Assert policy would be updated for {{ iam_type }}'
# assert:
# that:
# - result.changed == True
# - iam_policy_info.all_policy_names | length == 4
# - iam_policy_info.policies[0].policy_name == iam_policy_name_a
# - '"Id" not in iam_policy_info.policies[0].policy_document'
- name: 'Update policy using document for {{ iam_type }} (skip_duplicates = no)'
iam_policy:
state: present
skip_duplicates: no
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_a }}'
policy_document: '{{ tmpdir.path }}/no_access_with_id.json'
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_a }}'
register: iam_policy_info
- name: 'Assert policy was updated for {{ iam_type }}'
assert:
that:
- result is changed
- result.policies | length == 4
- iam_policy_name_a in result.policies
- result[iam_object_key] == iam_name
- iam_policy_info.policies[0].policy_document.Id == 'MyId'
- name: 'Update policy using document for {{ iam_type }} (idempotency) (skip_duplicates = no)'
iam_policy:
state: present
skip_duplicates: no
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_a }}'
policy_document: '{{ tmpdir.path }}/no_access_with_id.json'
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_a }}'
register: iam_policy_info
- name: 'Assert no change'
assert:
that:
- result is not changed
- result.policies | length == 4
- iam_policy_name_a in result.policies
- result[iam_object_key] == iam_name
- iam_policy_info.policies[0].policy_document.Id == 'MyId'
- name: 'Delete policy A'
iam_policy:
state: absent
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_a }}'
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_a }}'
register: iam_policy_info
- name: 'Assert deleted'
assert:
that:
- result is changed
- result.policies | length == 3
- iam_policy_name_a not in result.policies
- result[iam_object_key] == iam_name
- '"policies" not in iam_policy_info'
- iam_policy_info.all_policy_names | length == 3
- iam_policy_name_a not in iam_policy_info.all_policy_names
# ============================================================
# Update C with no_access.json
# Delete C
#
#- name: 'Update policy using json for {{ iam_type }} (check mode) (skip_duplicates)'
# check_mode: yes
# iam_policy:
# state: present
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_c }}'
# policy_json: '{{ lookup("file", "{{ tmpdir.path }}/no_access.json") }}'
# skip_duplicates: yes
# register: result
#- iam_policy_info:
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_c }}'
# register: iam_policy_info
#- name: 'Assert policy would be added for {{ iam_type }}'
# assert:
# that:
# - result is not changed
# - iam_policy_info.policies[0].policy_document.Id == 'MyId'
- name: 'Update policy using json for {{ iam_type }} (skip_duplicates)'
iam_policy:
state: present
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_c }}'
policy_json: '{{ lookup("file", "{{ tmpdir.path }}/no_access.json") }}'
skip_duplicates: yes
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_c }}'
register: iam_policy_info
- name: 'Assert policy was not updated for {{ iam_type }} (skip_duplicates)'
assert:
that:
- result is not changed
- result.policies | length == 3
- iam_policy_name_c in result.policies
- result[iam_object_key] == iam_name
- iam_policy_info.policies[0].policy_document.Id == 'MyId'
#- name: 'Update policy using json for {{ iam_type }} (check mode) (skip_duplicates = no)'
# check_mode: yes
# iam_policy:
# state: present
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_c }}'
# policy_json: '{{ lookup("file", "{{ tmpdir.path }}/no_access.json") }}'
# skip_duplicates: no
# register: result
#- iam_policy_info:
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_c }}'
# register: iam_policy_info
#- name: 'Assert policy would be updated for {{ iam_type }}'
# assert:
# that:
# - result.changed == True
# - iam_policy_info.policies[0].policy_document.Id == 'MyId'
- name: 'Update policy using json for {{ iam_type }} (skip_duplicates = no)'
iam_policy:
state: present
skip_duplicates: no
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_c }}'
policy_json: '{{ lookup("file", "{{ tmpdir.path }}/no_access.json") }}'
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_c }}'
register: iam_policy_info
- name: 'Assert policy was updated for {{ iam_type }}'
assert:
that:
- result is changed
- result.policies | length == 3
- iam_policy_name_c in result.policies
- result[iam_object_key] == iam_name
- '"Id" not in iam_policy_info.policies[0].policy_document'
- name: 'Update policy using json for {{ iam_type }} (idempotency) (skip_duplicates = no)'
iam_policy:
state: present
skip_duplicates: no
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_c }}'
policy_json: '{{ lookup("file", "{{ tmpdir.path }}/no_access.json") }}'
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_c }}'
register: iam_policy_info
- name: 'Assert no change'
assert:
that:
- result is not changed
- result.policies | length == 3
- iam_policy_name_c in result.policies
- result[iam_object_key] == iam_name
- '"Id" not in iam_policy_info.policies[0].policy_document'
- name: 'Delete policy C'
iam_policy:
state: absent
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_c }}'
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_c }}'
register: iam_policy_info
- name: 'Assert deleted'
assert:
that:
- result is changed
- result.policies | length == 2
- iam_policy_name_c not in result.policies
- result[iam_object_key] == iam_name
- '"policies" not in iam_policy_info'
- iam_policy_info.all_policy_names | length == 2
- iam_policy_name_c not in iam_policy_info.all_policy_names
# ============================================================
#- name: 'Update policy using document for {{ iam_type }} (check mode)'
# check_mode: yes
# iam_policy:
# state: present
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_b }}'
# policy_document: '{{ tmpdir.path }}/no_access_with_second_id.json'
# register: result
#- iam_policy_info:
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_b }}'
# register: iam_policy_info
#- name: 'Assert policy would be updated for {{ iam_type }}'
# assert:
# that:
# - result.changed == True
# - '"Id" not in iam_policy_info.policies[0].policy_document'
- name: 'Update policy using document for {{ iam_type }}'
iam_policy:
state: present
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_b }}'
policy_document: '{{ tmpdir.path }}/no_access_with_second_id.json'
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_b }}'
register: iam_policy_info
- name: 'Assert policy was updated for {{ iam_type }}'
assert:
that:
- result is changed
- result.policies | length == 2
- iam_policy_name_b in result.policies
- result[iam_object_key] == iam_name
- iam_policy_info.policies[0].policy_document.Id == 'MyOtherId'
- name: 'Update policy using document for {{ iam_type }} (idempotency)'
iam_policy:
state: present
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_b }}'
policy_document: '{{ tmpdir.path }}/no_access_with_second_id.json'
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_b }}'
register: iam_policy_info
- name: 'Assert no change'
assert:
that:
- result is not changed
- result.policies | length == 2
- iam_policy_name_b in result.policies
- result[iam_object_key] == iam_name
- iam_policy_info.policies[0].policy_document.Id == 'MyOtherId'
- name: 'Delete policy B'
iam_policy:
state: absent
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_b }}'
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_b }}'
register: iam_policy_info
- name: 'Assert deleted'
assert:
that:
- result is changed
- result.policies | length == 1
- iam_policy_name_b not in result.policies
- result[iam_object_key] == iam_name
- '"policies" not in iam_policy_info'
- iam_policy_info.all_policy_names | length == 1
- iam_policy_name_b not in iam_policy_info.all_policy_names
# ============================================================
#- name: 'Update policy using json for {{ iam_type }} (check mode)'
# check_mode: yes
# iam_policy:
# state: present
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_d }}'
# policy_json: '{{ lookup("file", "{{ tmpdir.path }}/no_access_with_second_id.json") }}'
# register: result
#- iam_policy_info:
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_d }}'
# register: iam_policy_info
#- name: 'Assert policy would be updated for {{ iam_type }}'
# assert:
# that:
# - result.changed == True
# - iam_policy_info.policies[0].policy_document.Id == 'MyId'
- name: 'Update policy using json for {{ iam_type }}'
iam_policy:
state: present
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_d }}'
policy_json: '{{ lookup("file", "{{ tmpdir.path }}/no_access_with_second_id.json") }}'
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_d }}'
register: iam_policy_info
- name: 'Assert policy was updated for {{ iam_type }}'
assert:
that:
- result is changed
- result.policies | length == 1
- iam_policy_name_d in result.policies
- result[iam_object_key] == iam_name
- iam_policy_info.policies[0].policy_document.Id == 'MyOtherId'
- name: 'Update policy using json for {{ iam_type }} (idempotency)'
iam_policy:
state: present
skip_duplicates: no
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_d }}'
policy_json: '{{ lookup("file", "{{ tmpdir.path }}/no_access_with_second_id.json") }}'
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_d }}'
register: iam_policy_info
- name: 'Assert no change'
assert:
that:
- result is not changed
- result.policies | length == 1
- iam_policy_name_d in result.policies
- result[iam_object_key] == iam_name
- iam_policy_info.policies[0].policy_document.Id == 'MyOtherId'
# ============================================================
#- name: 'Delete policy D (check_mode)'
# check_mode: yes
# iam_policy:
# state: absent
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_d }}'
# register: result
#- iam_policy_info:
# iam_type: '{{ iam_type }}'
# iam_name: '{{ iam_name }}'
# policy_name: '{{ iam_policy_name_d }}'
# register: iam_policy_info
#- name: 'Assert not deleted'
# assert:
# that:
# - result is changed
# - result.policies | length == 1
# - iam_policy_name_d in result.policies
# - result[iam_object_key] == iam_name
# - iam_policy_info.all_policy_names | length == 1
# - iam_policy_name_d in iam_policy_info.all_policy_names
# - iam_policy_info.policies[0].policy_document.Id == 'MyOtherId'
- name: 'Delete policy D'
iam_policy:
state: absent
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_d }}'
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_d }}'
register: iam_policy_info
- name: 'Assert deleted'
assert:
that:
- result is changed
- '"policies" not in iam_policy_info'
- iam_policy_name_d not in result.policies
- result[iam_object_key] == iam_name
- '"policies" not in iam_policy_info'
- iam_policy_info.all_policy_names | length == 0
- name: 'Delete policy D (test idempotency)'
iam_policy:
state: absent
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_d }}'
register: result
- iam_policy_info:
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_d }}'
register: iam_policy_info
- name: 'Assert deleted'
assert:
that:
- result is not changed
- '"policies" not in iam_policy_info'
- iam_policy_info.all_policy_names | length == 0
always:
# ============================================================
- name: 'Delete policy A for {{ iam_type }}'
iam_policy:
state: absent
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_a }}'
ignore_errors: yes
- name: 'Delete policy B for {{ iam_type }}'
iam_policy:
state: absent
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_b }}'
ignore_errors: yes
- name: 'Delete policy C for {{ iam_type }}'
iam_policy:
state: absent
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_c }}'
ignore_errors: yes
- name: 'Delete policy D for {{ iam_type }}'
iam_policy:
state: absent
iam_type: '{{ iam_type }}'
iam_name: '{{ iam_name }}'
policy_name: '{{ iam_policy_name_d }}'
ignore_errors: yes