diff options
author | Andrea Tartaglia <andrea@braingap.uk> | 2019-03-06 12:46:37 +0000 |
---|---|---|
committer | Will Thames <will@thames.id.au> | 2019-03-06 22:46:37 +1000 |
commit | 5c6b16edc3f6cc8a1c9a87e32b24429572e51f6e (patch) | |
tree | 52c4dab30f2ca23601f14cd5943d5925fcc63b8b /hacking | |
parent | d0db99e023c506ef122e16d3fe71c5742bb4f8b1 (diff) | |
download | ansible-5c6b16edc3f6cc8a1c9a87e32b24429572e51f6e.tar.gz |
Fix ec2_instance eventual consistency when wait: false (#51885)
* Do not return 'instances' when wait is false
* Added integration tests for wait: false
* Added changelog fragment
* Fix test suite to work with ec2_instance
* Additional permissions
* Enforce boto3 version
* Fix broken tests
* Improve error messages
* fix linter issues
Diffstat (limited to 'hacking')
3 files changed, 41 insertions, 2 deletions
diff --git a/hacking/aws_config/testing_policies/compute-policy.json b/hacking/aws_config/testing_policies/compute-policy.json index 3a18c17552..94b1baae39 100644 --- a/hacking/aws_config/testing_policies/compute-policy.json +++ b/hacking/aws_config/testing_policies/compute-policy.json @@ -42,6 +42,7 @@ "ec2:AssociateVpcCidrBlock", "ec2:AssociateSubnetCidrBlock", "ec2:AttachInternetGateway", + "ec2:AttachNetworkInterface", "ec2:AttachVpnGateway", "ec2:CreateCustomerGateway", "ec2:CreateDhcpOptions", @@ -80,6 +81,7 @@ "ec2:DisassociateSubnetCidrBlock", "ec2:ImportKeyPair", "ec2:ModifyImageAttribute", + "ec2:ModifyInstanceAttribute", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:RegisterImage", @@ -102,6 +104,8 @@ "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:RunInstances", + "ec2:StartInstances", + "ec2:StopInstances", "ec2:TerminateInstances", "ec2:UpdateSecurityGroupRuleDescriptionsIngress", "ec2:UpdateSecurityGroupRuleDescriptionsEgress" diff --git a/hacking/aws_config/testing_policies/container-policy.json b/hacking/aws_config/testing_policies/container-policy.json index 944559c159..4bf60a80b2 100644 --- a/hacking/aws_config/testing_policies/container-policy.json +++ b/hacking/aws_config/testing_policies/container-policy.json @@ -45,8 +45,6 @@ "ecs:StopTask", "ecs:UpdateService", "elasticloadbalancing:Describe*", - "iam:AttachRolePolicy", - "iam:CreateRole", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole", diff --git a/hacking/aws_config/testing_policies/security-policy.json b/hacking/aws_config/testing_policies/security-policy.json index da25b72dc2..b1760a6bec 100644 --- a/hacking/aws_config/testing_policies/security-policy.json +++ b/hacking/aws_config/testing_policies/security-policy.json @@ -27,6 +27,43 @@ "Sid": "AllowReadOnlyIAMUse" }, { + "Action": [ + "iam:AttachRolePolicy", + "iam:CreateRole", + "iam:DeleteRole", + "iam:DetachRolePolicy", + "iam:PassRole" + ], + "Resource": "arn:aws:iam::{{ aws_account }}:role/ansible-test-*", + "Effect": "Allow", + "Sid": "AllowUpdateOfSpecificRoles" + }, + { + "Action": [ + "iam:CreateInstanceProfile", + "iam:DeleteInstanceProfile", + "iam:AddRoleToInstanceProfile", + "iam:RemoveRoleFromInstanceProfile" + ], + "Resource": "arn:aws:iam::{{ aws_account }}:instance-profile/ansible-test-*", + "Effect": "Allow", + "Sid": "AllowUpdateOfSpecificInstanceProfiles" + }, + { + "Action": [ + "ec2:ReplaceIamInstanceProfileAssociation" + ], + "Resource": "*", + "Condition": { + "ArnEquals": { + "ec2:InstanceProfile": "arn:aws:iam::{{ aws_account }}:instance-profile/ansible-test-*" + } + }, + "Effect": "Allow", + "Sid": "AllowReplacementOfSpecificInstanceProfiles" + }, + + { "Sid": "AllowWAFusage", "Action": "waf:*", "Effect": "Allow", |