ansible/test/integration/targets/aws_ses_identity_policy/tasks/main.yaml
Ed Costello 0d31d1cd24 [cloud]Add aws_ses_identity_policy module for managing SES sending policies (#36623)
* Add aws_ses_identity_policy module for managing SES sending policies

* Add option to AnsibleAWSModule for applying a retry decorator to all calls.

* Add per-callsite opt in to retry behaviours in AnsibleAWSModule

* Update aws_ses_identity_policy module to opt in to retries at all callsites.

* Add test for aws_ses_identity_policy module with inline policy.

* Remove implicit retrys on boto resources since they're not working yet.
2018-04-05 15:11:12 -04:00

334 lines
9.6 KiB
YAML

---
# ============================================================
- name: set up aws connection info
set_fact:
aws_connection_info: &aws_connection_info
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token }}"
region: "{{ aws_region }}"
no_log: yes
# ============================================================
- name: test add identity policy
block:
- name: register identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: present
<<: *aws_connection_info
register: identity_info
- name: register identity policy
aws_ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
policy: "{{ lookup('template', 'policy.json.j2') }}"
state: present
<<: *aws_connection_info
register: result
- name: assert result.changed == True
assert:
that:
- result.changed == True
- name: assert result.policies contains only policy
assert:
that:
- result.policies|length == 1
- result.policies|select('equalto', policy_name)|list|length == 1
always:
- name: clean-up identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: absent
<<: *aws_connection_info
# ============================================================
- name: test add duplicate identity policy
block:
- name: register identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: present
<<: *aws_connection_info
register: identity_info
- name: register identity policy
aws_ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
policy: "{{ lookup('template', 'policy.json.j2') }}"
state: present
<<: *aws_connection_info
- name: register duplicate identity policy
aws_ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
policy: "{{ lookup('template', 'policy.json.j2') }}"
state: present
<<: *aws_connection_info
register: result
- name: assert result.changed == False
assert:
that:
- result.changed == False
- name: assert result.policies contains only policy
assert:
that:
- result.policies|length == 1
- result.policies|select('equalto', policy_name)|list|length == 1
always:
- name: clean-up identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: absent
<<: *aws_connection_info
# ============================================================
- name: test add identity policy by identity arn
block:
- name: register identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: present
<<: *aws_connection_info
register: identity_info
- name: register identity policy
aws_ses_identity_policy:
identity: "{{ identity_info.identity_arn }}"
policy_name: "{{ policy_name }}"
policy: "{{ lookup('template', 'policy.json.j2') }}"
state: present
<<: *aws_connection_info
register: result
- name: assert result.changed == True
assert:
that:
- result.changed == True
- name: assert result.policies contains only policy
assert:
that:
- result.policies|length == 1
- result.policies|select('equalto', policy_name)|list|length == 1
always:
- name: clean-up identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: absent
<<: *aws_connection_info
# ============================================================
- name: test add multiple identity policies
block:
- name: register identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: present
<<: *aws_connection_info
register: identity_info
- name: register identity policy
aws_ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}-{{ item }}"
policy: "{{ lookup('template', 'policy.json.j2') }}"
state: present
<<: *aws_connection_info
with_items:
- 1
- 2
register: result
- name: assert result.policies contains policies
assert:
that:
- result.results[1].policies|length == 2
- result.results[1].policies|select('equalto', policy_name + '-1')|list|length == 1
- result.results[1].policies|select('equalto', policy_name + '-2')|list|length == 1
always:
- name: clean-up identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: absent
<<: *aws_connection_info
# ============================================================
- name: test add inline identity policy
block:
- name: register identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: present
<<: *aws_connection_info
register: identity_info
- name: register identity policy
aws_ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
policy:
Id: SampleAuthorizationPolicy
Version: "2012-10-17"
Statement:
- Sid: DenyAll
Effect: Deny
Resource: "{{ identity_info.identity_arn }}"
Principal: "*"
Action: "*"
state: present
<<: *aws_connection_info
register: result
- name: assert result.changed == True
assert:
that:
- result.changed == True
- name: assert result.policies contains only policy
assert:
that:
- result.policies|length == 1
- result.policies|select('equalto', policy_name)|list|length == 1
- name: register duplicate identity policy
aws_ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
policy:
Id: SampleAuthorizationPolicy
Version: "2012-10-17"
Statement:
- Sid: DenyAll
Effect: Deny
Resource: "{{ identity_info.identity_arn }}"
Principal: "*"
Action: "*"
state: present
<<: *aws_connection_info
register: result
- name: assert result.changed == False
assert:
that:
- result.changed == False
always:
- name: clean-up identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: absent
<<: *aws_connection_info
# ============================================================
- name: test remove identity policy
block:
- name: register identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: present
<<: *aws_connection_info
register: identity_info
- name: register identity policy
aws_ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
policy: "{{ lookup('template', 'policy.json.j2') }}"
state: present
<<: *aws_connection_info
- name: delete identity policy
aws_ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
state: absent
<<: *aws_connection_info
register: result
- name: assert result.changed == True
assert:
that:
- result.changed == True
- name: assert result.policies empty
assert:
that:
- result.policies|length == 0
always:
- name: clean-up identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: absent
<<: *aws_connection_info
# ============================================================
- name: test remove missing identity policy
block:
- name: register identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: present
<<: *aws_connection_info
register: identity_info
- name: delete identity policy
aws_ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
state: absent
<<: *aws_connection_info
register: result
- name: assert result.changed == False
assert:
that:
- result.changed == False
- name: assert result.policies empty
assert:
that:
- result.policies|length == 0
always:
- name: clean-up identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: absent
<<: *aws_connection_info
# ============================================================
- name: test add identity policy with invalid policy
block:
- name: register identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: present
<<: *aws_connection_info
register: identity_info
- name: register identity policy
aws_ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
policy: '{"noSuchAttribute": 2}'
state: present
<<: *aws_connection_info
register: result
failed_when: result.failed == False
- name: assert error.code == InvalidPolicy
assert:
that:
- result.error.code == 'InvalidPolicy'
always:
- name: clean-up identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: absent
<<: *aws_connection_info