aws_kms: Update policy on existing keys (when passed) (#60059)

* aws_kms: (integration tests) Use module_defaults to reduce the copy and paste * aws_kms: (integration tests) make sure policy option functions. * aws_kms: (integration tests) Move iam_role creation to start of playbook. iam_roles aren't fully created when iam_role completes, there's a delay on the Amazon side before they're fully recognised. * aws_kms: Update policy on existing keys (when passed)
author: Mark Chappell <mchappel@redhat.com> 2019-08-23 12:38:38 +0200
committer: Will Thames <will@thames.id.au> 2019-08-23 20:38:38 +1000
commit: 77e4371460d4579c8a26c1511220d2bebcd4a1ca (patch)
tree: 267cd018e4cd66540496d32b48ad3fa927526cc0 /hacking
parent: 25053827a5444dba4e37b2d58fcb5ac94729c3f1 (diff)
download: ansible-77e4371460d4579c8a26c1511220d2bebcd4a1ca.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/hacking/aws_config/testing_policies/security-policy.json b/hacking/aws_config/testing_policies/security-policy.json
index b7feb6b0b9..8c3f2b914d 100644
--- a/hacking/aws_config/testing_policies/security-policy.json
+++ b/hacking/aws_config/testing_policies/security-policy.json
@@ -108,6 +108,7 @@
                 "kms:GenerateRandom",
                 "kms:Get*",
                 "kms:List*",
+                "kms:PutKeyPolicy",
                 "kms:RetireGrant",
                 "kms:ScheduleKeyDeletion",
                 "kms:TagResource",
author	Mark Chappell <mchappel@redhat.com>	2019-08-23 12:38:38 +0200
committer	Will Thames <will@thames.id.au>	2019-08-23 20:38:38 +1000
commit	77e4371460d4579c8a26c1511220d2bebcd4a1ca (patch)
tree	267cd018e4cd66540496d32b48ad3fa927526cc0 /hacking
parent	25053827a5444dba4e37b2d58fcb5ac94729c3f1 (diff)
download	ansible-77e4371460d4579c8a26c1511220d2bebcd4a1ca.tar.gz