ansible/test/integration/targets/iam_password_policy/tasks/main.yaml
Mark Chappell 70777020c4 Fix iam_password_policy integration tests (#60930)
* iam_password_policy: (integration tests) Use module defaults for AWS connection details

* iam_password_policy: (integration tests) Ensure the policy is removed when tests fail

* iam_password_policy: (integration tests) Add regression test for #59102

* iam_password_policy: Only return changed when the policy changes.

* iam_password_policy: PasswordReusePrevention must be omitted to remove/set to 0

* #60930 add changelog

* Update hacking AWS security policy to allow testing of Password Policy Management
2019-08-22 23:25:25 +10:00

105 lines
2.4 KiB
YAML

- module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:
- name: set iam password policy
iam_password_policy:
state: present
min_pw_length: 8
require_symbols: false
require_numbers: true
require_uppercase: true
require_lowercase: true
allow_pw_change: true
pw_max_age: 60
pw_reuse_prevent: 5
pw_expire: false
register: result
- name: assert that changes were made
assert:
that:
- result.changed
- name: verify iam password policy has been created
iam_password_policy:
state: present
min_pw_length: 8
require_symbols: false
require_numbers: true
require_uppercase: true
require_lowercase: true
allow_pw_change: true
pw_max_age: 60
pw_reuse_prevent: 5
pw_expire: false
register: result
- name: assert that no changes were made
assert:
that:
- not result.changed
- name: update iam password policy with different settings
iam_password_policy:
state: present
min_pw_length: 15
require_symbols: true
require_numbers: true
require_uppercase: true
require_lowercase: true
allow_pw_change: true
pw_max_age: 30
pw_reuse_prevent: 10
pw_expire: true
register: result
- name: assert that updates were made
assert:
that:
- result.changed
# Test for regression of #59102
- name: update iam password policy without expiry
iam_password_policy:
state: present
min_pw_length: 15
require_symbols: true
require_numbers: true
require_uppercase: true
require_lowercase: true
allow_pw_change: true
register: result
- name: assert that changes were made
assert:
that:
- result.changed
- name: remove iam password policy
iam_password_policy:
state: absent
register: result
- name: assert password policy has been removed
assert:
that:
- result.changed
- name: verify password policy has been removed
iam_password_policy:
state: absent
register: result
- name: assert no changes were made
assert:
that:
- not result.changed
always:
- name: remove iam password policy
iam_password_policy:
state: absent
register: result