summaryrefslogtreecommitdiff
path: root/test/integration/targets/iam_user/tasks/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'test/integration/targets/iam_user/tasks/main.yml')
-rw-r--r--test/integration/targets/iam_user/tasks/main.yml480
1 files changed, 0 insertions, 480 deletions
diff --git a/test/integration/targets/iam_user/tasks/main.yml b/test/integration/targets/iam_user/tasks/main.yml
deleted file mode 100644
index e5b9a21e84..0000000000
--- a/test/integration/targets/iam_user/tasks/main.yml
+++ /dev/null
@@ -1,480 +0,0 @@
----
-- name: set up aws connection info
- module_defaults:
- group/aws:
- aws_access_key: "{{ aws_access_key }}"
- aws_secret_key: "{{ aws_secret_key }}"
- security_token: "{{ security_token | default(omit) }}"
- region: "{{ aws_region }}"
- block:
- - name: ensure improper usage of parameters fails gracefully
- iam_user_info:
- path: '{{ test_path }}'
- group: '{{ test_group }}'
- ignore_errors: yes
- register: iam_user_info_path_group
- - assert:
- that:
- - iam_user_info_path_group is failed
- - 'iam_user_info_path_group.msg == "parameters are mutually exclusive: group|path"'
-
- - name: ensure exception handling fails as expected
- iam_user_info:
- region: 'bogus'
- path: ''
- ignore_errors: yes
- register: iam_user_info
- - assert:
- that:
- - iam_user_info is failed
- - '"user" in iam_user_info.msg'
-
- - name: ensure exception handling fails as expected with group
- iam_user_info:
- region: 'bogus'
- group: '{{ test_group }}'
- ignore_errors: yes
- register: iam_user_info
- - assert:
- that:
- - iam_user_info is failed
- - '"group" in iam_user_info.msg'
-
- - name: ensure exception handling fails as expected with default path
- iam_user_info:
- region: 'bogus'
- ignore_errors: yes
- register: iam_user_info
- - assert:
- that:
- - iam_user_info is failed
- - '"path" in iam_user_info.msg'
-
- - name: create test user (check mode)
- iam_user:
- name: '{{ test_user }}'
- state: present
- check_mode: yes
- register: iam_user
-
- - name: assert that the user would be created
- assert:
- that:
- - iam_user is changed
-
- - name: create test user
- iam_user:
- name: '{{ test_user }}'
- state: present
- register: iam_user
-
- - name: assert that the user is created
- assert:
- that:
- - iam_user is changed
-
- - name: ensure test user exists (no change)
- iam_user:
- name: '{{ test_user }}'
- state: present
- register: iam_user
-
- - name: assert that the user wasn't changed
- assert:
- that:
- - iam_user is not changed
-
- - name: ensure the info used to validate other tests is valid
- set_fact:
- test_iam_user: '{{ iam_user.iam_user.user }}'
- - assert:
- that:
- - 'test_iam_user.arn.startswith("arn:aws:iam")'
- - 'test_iam_user.arn.endswith("user/" + test_user )'
- - test_iam_user.create_date is not none
- - test_iam_user.path == '{{ test_path }}'
- - test_iam_user.user_id is not none
- - test_iam_user.user_name == '{{ test_user }}'
-
- - name: get info on IAM user(s)
- iam_user_info:
- register: iam_user_info
- - assert:
- that:
- - iam_user_info.iam_users | length != 0
-
- - name: get info on IAM user(s) with name
- iam_user_info:
- name: '{{ test_user }}'
- register: iam_user_info
- - debug: var=iam_user_info
- - assert:
- that:
- - iam_user_info.iam_users | length == 1
- - iam_user_info.iam_users[0].arn == test_iam_user.arn
- - iam_user_info.iam_users[0].create_date == test_iam_user.create_date
- - iam_user_info.iam_users[0].path == test_iam_user.path
- - iam_user_info.iam_users[0].user_id == test_iam_user.user_id
- - iam_user_info.iam_users[0].user_name == test_iam_user.user_name
-
- - name: get info on IAM user(s) on path
- iam_user_info:
- path: '{{ test_path }}'
- name: '{{ test_user }}'
- register: iam_user_info
- - assert:
- that:
- - iam_user_info.iam_users | length == 1
- - iam_user_info.iam_users[0].arn == test_iam_user.arn
- - iam_user_info.iam_users[0].create_date == test_iam_user.create_date
- - iam_user_info.iam_users[0].path == test_iam_user.path
- - iam_user_info.iam_users[0].user_id == test_iam_user.user_id
- - iam_user_info.iam_users[0].user_name == test_iam_user.user_name
-
- # ===========================================
- # Test Managed Policy management
- #
- # Use a couple of benign policies for testing:
- # - AWSDenyAll
- # - ServiceQuotasReadOnlyAccess
- #
- - name: attach managed policy to user (check mode)
- check_mode: yes
- iam_user:
- name: '{{ test_user }}'
- state: present
- managed_policy:
- - arn:aws:iam::aws:policy/AWSDenyAll
- register: iam_user
-
- - name: assert that the user is changed
- assert:
- that:
- - iam_user is changed
-
- - name: attach managed policy to user
- iam_user:
- name: '{{ test_user }}'
- state: present
- managed_policy:
- - arn:aws:iam::aws:policy/AWSDenyAll
- register: iam_user
-
- - name: assert that the user is changed
- assert:
- that:
- - iam_user is changed
-
- - name: ensure managed policy is attached to user (no change)
- iam_user:
- name: '{{ test_user }}'
- state: present
- managed_policy:
- - arn:aws:iam::aws:policy/AWSDenyAll
- register: iam_user
-
- - name: assert that the user hasn't changed
- assert:
- that:
- - iam_user is not changed
-
- - name: attach different managed policy to user (check mode)
- check_mode: yes
- iam_user:
- name: '{{ test_user }}'
- state: present
- managed_policy:
- - arn:aws:iam::aws:policy/ServiceQuotasReadOnlyAccess
- purge_policy: no
- register: iam_user
-
- - name: assert that the user changed
- assert:
- that:
- - iam_user is changed
-
- - name: attach different managed policy to user
- iam_user:
- name: '{{ test_user }}'
- state: present
- managed_policy:
- - arn:aws:iam::aws:policy/ServiceQuotasReadOnlyAccess
- purge_policy: no
- register: iam_user
-
- - name: assert that the user changed
- assert:
- that:
- - iam_user is changed
-
- - name: Check first policy wasn't purged
- iam_user:
- name: '{{ test_user }}'
- state: present
- managed_policy:
- - arn:aws:iam::aws:policy/ServiceQuotasReadOnlyAccess
- - arn:aws:iam::aws:policy/AWSDenyAll
- purge_policy: no
- register: iam_user
-
- - name: assert that the user hasn't changed
- assert:
- that:
- - iam_user is not changed
-
- - name: Check that managed policy order doesn't matter
- iam_user:
- name: '{{ test_user }}'
- state: present
- managed_policy:
- - arn:aws:iam::aws:policy/AWSDenyAll
- - arn:aws:iam::aws:policy/ServiceQuotasReadOnlyAccess
- purge_policy: no
- register: iam_user
-
- - name: assert that the user hasn't changed
- assert:
- that:
- - iam_user is not changed
-
- - name: Check that policy doesn't require full ARN path
- iam_user:
- name: '{{ test_user }}'
- state: present
- managed_policy:
- - AWSDenyAll
- - arn:aws:iam::aws:policy/ServiceQuotasReadOnlyAccess
- purge_policy: no
- register: iam_user
-
- - name: assert that the user hasn't changed
- assert:
- that:
- - iam_user is not changed
-
- - name: Remove one of the managed policies - with purge (check mode)
- check_mode: yes
- iam_user:
- name: '{{ test_user }}'
- state: present
- managed_policy:
- - arn:aws:iam::aws:policy/ServiceQuotasReadOnlyAccess
- purge_policy: yes
- register: iam_user
-
- - name: assert that the user changed
- assert:
- that:
- - iam_user is changed
-
- - name: Remove one of the managed policies - with purge
- iam_user:
- name: '{{ test_user }}'
- state: present
- managed_policy:
- - arn:aws:iam::aws:policy/ServiceQuotasReadOnlyAccess
- purge_policy: yes
- register: iam_user
-
- - name: assert that the user changed
- assert:
- that:
- - iam_user is changed
-
- - name: Check we only have the one policy attached
- iam_user:
- name: '{{ test_user }}'
- state: present
- managed_policy:
- - arn:aws:iam::aws:policy/ServiceQuotasReadOnlyAccess
- purge_policy: yes
- register: iam_user
-
- - name: assert that the user changed
- assert:
- that:
- - iam_user is not changed
-
- - name: ensure group exists
- iam_group:
- name: '{{ test_group }}'
- users:
- - '{{ test_user }}'
- state: present
- register: iam_group
-
- - assert:
- that:
- - iam_group.changed
- - iam_group.iam_group.users
-
- - name: get info on IAM user(s) in group
- iam_user_info:
- group: '{{ test_group }}'
- name: '{{ test_user }}'
- register: iam_user_info
-
- - assert:
- that:
- - iam_user_info.iam_users | length == 1
- - iam_user_info.iam_users[0].arn == test_iam_user.arn
- - iam_user_info.iam_users[0].create_date == test_iam_user.create_date
- - iam_user_info.iam_users[0].path == test_iam_user.path
- - iam_user_info.iam_users[0].user_id == test_iam_user.user_id
- - iam_user_info.iam_users[0].user_name == test_iam_user.user_name
-
- - name: remove user from group
- iam_group:
- name: '{{ test_group }}'
- purge_users: True
- users: []
- state: present
- register: iam_group
-
- - name: get info on IAM user(s) after removing from group
- iam_user_info:
- group: '{{ test_group }}'
- name: '{{ test_user }}'
- register: iam_user_info
-
- - name: assert empty list of users for group are returned
- assert:
- that:
- - iam_user_info.iam_users | length == 0
-
- - name: ensure ansible users exist
- iam_user:
- name: '{{ item }}'
- state: present
- with_items: '{{ test_users }}'
-
- - name: get info on multiple IAM user(s)
- iam_user_info:
- register: iam_user_info
- - assert:
- that:
- - iam_user_info.iam_users | length != 0
-
- - name: ensure multiple user group exists with single user
- iam_group:
- name: '{{ test_group }}'
- users:
- - '{{ test_user }}'
- state: present
- register: iam_group
-
- - name: get info on IAM user(s) in group
- iam_user_info:
- group: '{{ test_group }}'
- register: iam_user_info
- - assert:
- that:
- - iam_user_info.iam_users | length == 1
-
- - name: add all users to group
- iam_group:
- name: '{{ test_group }}'
- users: '{{ test_users }}'
- state: present
- register: iam_group
-
- - name: get info on multiple IAM user(s) in group
- iam_user_info:
- group: '{{ test_group }}'
- register: iam_user_info
- - assert:
- that:
- - iam_user_info.iam_users | length == test_users | length
-
- - name: purge users from group
- iam_group:
- name: '{{ test_group }}'
- purge_users: True
- users: []
- state: present
- register: iam_group
-
- - name: ensure info is empty for empty group
- iam_user_info:
- group: '{{ test_group }}'
- register: iam_user_info
- - assert:
- that:
- - iam_user_info.iam_users | length == 0
-
- - name: get info on IAM user(s) after removing from group
- iam_user_info:
- group: '{{ test_group }}'
- register: iam_user_info
-
- - name: assert empty list of users for group are returned
- assert:
- that:
- - iam_user_info.iam_users | length == 0
-
- - name: remove group
- iam_group:
- name: '{{ test_group }}'
- state: absent
- register: iam_group
-
- - name: assert that group was removed
- assert:
- that:
- - iam_group.changed
- - iam_group
-
- - name: Test remove group again (idempotency)
- iam_group:
- name: "{{ test_group }}"
- state: absent
- register: iam_group
-
- - name: assert that group remove is not changed
- assert:
- that:
- - not iam_group.changed
-
- - name: Remove user with attached policy
- iam_user:
- name: "{{ test_user }}"
- state: absent
- register: iam_user
-
- - name: get info on IAM user(s) after deleting
- iam_user_info:
- group: '{{ test_user }}'
- ignore_errors: yes
- register: iam_user_info
-
- - name: Assert user was removed
- assert:
- that:
- - iam_user.changed
- - "'cannot be found' in iam_user_info.msg"
-
- - name: Remove user with attached policy (idempotent)
- iam_user:
- name: "{{ test_user }}"
- state: absent
- ignore_errors: yes
- register: iam_user
-
- - name: Assert user was removed
- assert:
- that:
- - not iam_user.changed
-
- always:
- - name: remove group
- iam_group:
- name: '{{ test_group }}'
- state: absent
- ignore_errors: yes
-
- - name: remove ansible users
- iam_user:
- name: '{{ item }}'
- state: absent
- with_items: '{{ test_users }}'
- ignore_errors: yes
View Lorry Controller Status