70777020c4
* iam_password_policy: (integration tests) Use module defaults for AWS connection details * iam_password_policy: (integration tests) Ensure the policy is removed when tests fail * iam_password_policy: (integration tests) Add regression test for #59102 * iam_password_policy: Only return changed when the policy changes. * iam_password_policy: PasswordReusePrevention must be omitted to remove/set to 0 * #60930 add changelog * Update hacking AWS security policy to allow testing of Password Policy Management
105 lines
2.4 KiB
YAML
105 lines
2.4 KiB
YAML
- module_defaults:
|
|
group/aws:
|
|
aws_access_key: "{{ aws_access_key }}"
|
|
aws_secret_key: "{{ aws_secret_key }}"
|
|
security_token: "{{ security_token | default(omit) }}"
|
|
region: "{{ aws_region }}"
|
|
block:
|
|
- name: set iam password policy
|
|
iam_password_policy:
|
|
state: present
|
|
min_pw_length: 8
|
|
require_symbols: false
|
|
require_numbers: true
|
|
require_uppercase: true
|
|
require_lowercase: true
|
|
allow_pw_change: true
|
|
pw_max_age: 60
|
|
pw_reuse_prevent: 5
|
|
pw_expire: false
|
|
register: result
|
|
|
|
- name: assert that changes were made
|
|
assert:
|
|
that:
|
|
- result.changed
|
|
|
|
- name: verify iam password policy has been created
|
|
iam_password_policy:
|
|
state: present
|
|
min_pw_length: 8
|
|
require_symbols: false
|
|
require_numbers: true
|
|
require_uppercase: true
|
|
require_lowercase: true
|
|
allow_pw_change: true
|
|
pw_max_age: 60
|
|
pw_reuse_prevent: 5
|
|
pw_expire: false
|
|
register: result
|
|
|
|
- name: assert that no changes were made
|
|
assert:
|
|
that:
|
|
- not result.changed
|
|
|
|
- name: update iam password policy with different settings
|
|
iam_password_policy:
|
|
state: present
|
|
min_pw_length: 15
|
|
require_symbols: true
|
|
require_numbers: true
|
|
require_uppercase: true
|
|
require_lowercase: true
|
|
allow_pw_change: true
|
|
pw_max_age: 30
|
|
pw_reuse_prevent: 10
|
|
pw_expire: true
|
|
register: result
|
|
|
|
- name: assert that updates were made
|
|
assert:
|
|
that:
|
|
- result.changed
|
|
|
|
# Test for regression of #59102
|
|
- name: update iam password policy without expiry
|
|
iam_password_policy:
|
|
state: present
|
|
min_pw_length: 15
|
|
require_symbols: true
|
|
require_numbers: true
|
|
require_uppercase: true
|
|
require_lowercase: true
|
|
allow_pw_change: true
|
|
register: result
|
|
|
|
- name: assert that changes were made
|
|
assert:
|
|
that:
|
|
- result.changed
|
|
|
|
- name: remove iam password policy
|
|
iam_password_policy:
|
|
state: absent
|
|
register: result
|
|
|
|
- name: assert password policy has been removed
|
|
assert:
|
|
that:
|
|
- result.changed
|
|
|
|
- name: verify password policy has been removed
|
|
iam_password_policy:
|
|
state: absent
|
|
register: result
|
|
|
|
- name: assert no changes were made
|
|
assert:
|
|
that:
|
|
- not result.changed
|
|
always:
|
|
- name: remove iam password policy
|
|
iam_password_policy:
|
|
state: absent
|
|
register: result
|