diff options
Diffstat (limited to 'ansible_collections/amazon/aws/tests/integration/targets')
54 files changed, 1376 insertions, 230 deletions
diff --git a/ansible_collections/amazon/aws/tests/integration/targets/aws_region_info/tasks/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/aws_region_info/tasks/main.yml index d83b14440..0b07bec77 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/aws_region_info/tasks/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/aws_region_info/tasks/main.yml @@ -7,7 +7,7 @@ region: "{{ aws_region }}" block: - name: List available Regions - community.aws.aws_region_info: + amazon.aws.aws_region_info: register: regions - name: check task return attributes vars: @@ -22,7 +22,7 @@ - '"region_name" in first_region' - name: List available Regions - check_mode - community.aws.aws_region_info: + amazon.aws.aws_region_info: register: check_regions - name: check task return attributes - check_mode vars: @@ -37,7 +37,7 @@ - '"region_name" in first_region' - name: Filter available Regions using - ("region-name") - community.aws.aws_region_info: + amazon.aws.aws_region_info: filters: region-name: us-west-1 register: us_west_1 @@ -58,7 +58,7 @@ - first_region.region_name == 'us-west-1' - name: Filter available Regions using _ ("region_name") - community.aws.aws_region_info: + amazon.aws.aws_region_info: filters: region_name: us-west-2 register: us_west_2 @@ -79,7 +79,7 @@ - first_region.region_name == 'us-west-2' - name: Filter available Regions using _ and - to check precedence - community.aws.aws_region_info: + amazon.aws.aws_region_info: filters: region-name: eu-west-1 region_name: eu-central-1 diff --git a/ansible_collections/amazon/aws/tests/integration/targets/backup_selection/tasks/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/backup_selection/tasks/main.yml index 7cf27ce8c..11d550d48 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/backup_selection/tasks/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/backup_selection/tasks/main.yml @@ -12,7 +12,7 @@ # ============================================================ - name: Create an IAM Role - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ backup_iam_role_name }}" assume_role_policy_document: '{{ lookup("file", "backup-policy.json") }}' create_instance_profile: false @@ -745,7 +745,7 @@ ignore_errors: true - name: Delete IAM role created during this test - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ backup_iam_role_name }}" state: absent ignore_errors: true diff --git a/ansible_collections/amazon/aws/tests/integration/targets/cloudtrail/tasks/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/cloudtrail/tasks/main.yml index 3d4f60144..6f9e8fe48 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/cloudtrail/tasks/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/cloudtrail/tasks/main.yml @@ -141,7 +141,7 @@ register: kms_key2 - name: Create CloudWatch IAM Role - community.aws.iam_role: + amazon.aws.iam_role: state: present name: "{{ cloudwatch_role }}" assume_role_policy_document: "{{ lookup('template', 'cloudwatch-assume-policy.j2') }}" @@ -167,7 +167,7 @@ policy_json: "{{ lookup('template', 'cloudwatch-policy.j2') | to_json }}" - name: Create CloudWatch IAM Role with no kms permissions - community.aws.iam_role: + amazon.aws.iam_role: state: present name: "{{ cloudwatch_no_kms_role }}" assume_role_policy_document: "{{ lookup('template', 'cloudtrail-no-kms-assume-policy.j2') }}" @@ -551,7 +551,7 @@ state: present name: "{{ cloudtrail_name }}" cloudwatch_logs_log_group_arn: "{{ output_cloudwatch_log_group.arn }}" - cloudwatch_logs_role_arn: "{{ output_cloudwatch_role.arn }}" + cloudwatch_logs_role_arn: "{{ output_cloudwatch_role.iam_role.arn }}" register: output check_mode: true - ansible.builtin.assert: @@ -563,28 +563,28 @@ state: present name: "{{ cloudtrail_name }}" cloudwatch_logs_log_group_arn: "{{ output_cloudwatch_log_group.arn }}" - cloudwatch_logs_role_arn: "{{ output_cloudwatch_role.arn }}" + cloudwatch_logs_role_arn: "{{ output_cloudwatch_role.iam_role.arn }}" register: output - ansible.builtin.assert: that: - output is changed - output.trail.name == cloudtrail_name - output.trail.cloud_watch_logs_log_group_arn == output_cloudwatch_log_group.arn - - output.trail.cloud_watch_logs_role_arn == output_cloudwatch_role.arn + - output.trail.cloud_watch_logs_role_arn == output_cloudwatch_role.iam_role.arn - name: Set CloudWatch Log Group (no change) amazon.aws.cloudtrail: state: present name: "{{ cloudtrail_name }}" cloudwatch_logs_log_group_arn: "{{ output_cloudwatch_log_group.arn }}" - cloudwatch_logs_role_arn: "{{ output_cloudwatch_role.arn }}" + cloudwatch_logs_role_arn: "{{ output_cloudwatch_role.iam_role.arn }}" register: output - ansible.builtin.assert: that: - output is not changed - output.trail.name == cloudtrail_name - output.trail.cloud_watch_logs_log_group_arn == output_cloudwatch_log_group.arn - - output.trail.cloud_watch_logs_role_arn == output_cloudwatch_role.arn + - output.trail.cloud_watch_logs_role_arn == output_cloudwatch_role.iam_role.arn - name: No-op update to trail amazon.aws.cloudtrail: @@ -596,7 +596,7 @@ - output is not changed - output.trail.name == cloudtrail_name - output.trail.cloud_watch_logs_log_group_arn == output_cloudwatch_log_group.arn - - output.trail.cloud_watch_logs_role_arn == output_cloudwatch_role.arn + - output.trail.cloud_watch_logs_role_arn == output_cloudwatch_role.iam_role.arn - name: Get the trail info with CloudWatch Log Group amazon.aws.cloudtrail_info: @@ -608,49 +608,49 @@ ansible.builtin.assert: that: - info.trail_list[0].cloud_watch_logs_log_group_arn == output_cloudwatch_log_group.arn - - info.trail_list[0].cloud_watch_logs_role_arn == output_cloudwatch_role.arn + - info.trail_list[0].cloud_watch_logs_role_arn == output_cloudwatch_role.iam_role.arn - name: Update CloudWatch Log Group (CHECK MODE) amazon.aws.cloudtrail: state: present name: "{{ cloudtrail_name }}" cloudwatch_logs_log_group_arn: "{{ output_cloudwatch_log_group2.arn }}" - cloudwatch_logs_role_arn: "{{ output_cloudwatch_role.arn }}" + cloudwatch_logs_role_arn: "{{ output_cloudwatch_role.iam_role.arn }}" register: output check_mode: true - ansible.builtin.assert: that: - output is changed - output.trail.cloud_watch_logs_log_group_arn == output_cloudwatch_log_group2.arn - - output.trail.cloud_watch_logs_role_arn == output_cloudwatch_role.arn + - output.trail.cloud_watch_logs_role_arn == output_cloudwatch_role.iam_role.arn - name: Update CloudWatch Log Group amazon.aws.cloudtrail: state: present name: "{{ cloudtrail_name }}" cloudwatch_logs_log_group_arn: "{{ output_cloudwatch_log_group2.arn }}" - cloudwatch_logs_role_arn: "{{ output_cloudwatch_role.arn }}" + cloudwatch_logs_role_arn: "{{ output_cloudwatch_role.iam_role.arn }}" register: output - ansible.builtin.assert: that: - output is changed - output.trail.name == cloudtrail_name - output.trail.cloud_watch_logs_log_group_arn == output_cloudwatch_log_group2.arn - - output.trail.cloud_watch_logs_role_arn == output_cloudwatch_role.arn + - output.trail.cloud_watch_logs_role_arn == output_cloudwatch_role.iam_role.arn - name: Update CloudWatch Log Group (no change) amazon.aws.cloudtrail: state: present name: "{{ cloudtrail_name }}" cloudwatch_logs_log_group_arn: "{{ output_cloudwatch_log_group2.arn }}" - cloudwatch_logs_role_arn: "{{ output_cloudwatch_role.arn }}" + cloudwatch_logs_role_arn: "{{ output_cloudwatch_role.iam_role.arn }}" register: output - ansible.builtin.assert: that: - output is not changed - output.trail.name == cloudtrail_name - output.trail.cloud_watch_logs_log_group_arn == output_cloudwatch_log_group2.arn - - output.trail.cloud_watch_logs_role_arn == output_cloudwatch_role.arn + - output.trail.cloud_watch_logs_role_arn == output_cloudwatch_role.iam_role.arn - name: Get the trail info with CloudWatch Log Group after update amazon.aws.cloudtrail_info: @@ -662,7 +662,7 @@ ansible.builtin.assert: that: - info.trail_list[0].cloud_watch_logs_log_group_arn == output_cloudwatch_log_group2.arn - - info.trail_list[0].cloud_watch_logs_role_arn == output_cloudwatch_role.arn + - info.trail_list[0].cloud_watch_logs_role_arn == output_cloudwatch_role.iam_role.arn #- name: 'Remove CloudWatch Log Group (CHECK MODE)' # amazon.aws.cloudtrail: @@ -1332,7 +1332,7 @@ # Assume role to a role with Denied access to KMS - amazon.aws.sts_assume_role: - role_arn: "{{ output_cloudwatch_no_kms_role.arn }}" + role_arn: "{{ output_cloudwatch_no_kms_role.iam_role.arn }}" role_session_name: cloudtrailNoKms region: "{{ aws_region }}" register: noKms_assumed_role @@ -1438,7 +1438,7 @@ s3_key_prefix: "{{ cloudtrail_prefix }}" sns_topic_name: "{{ sns_topic }}" cloudwatch_logs_log_group_arn: "{{ output_cloudwatch_log_group.arn }}" - cloudwatch_logs_role_arn: "{{ output_cloudwatch_role.arn }}" + cloudwatch_logs_role_arn: "{{ output_cloudwatch_role.iam_role.arn }}" is_multi_region_trail: true include_global_events: true enable_log_file_validation: true @@ -1468,7 +1468,7 @@ s3_key_prefix: "{{ cloudtrail_prefix }}" sns_topic_name: "{{ sns_topic }}" cloudwatch_logs_log_group_arn: "{{ output_cloudwatch_log_group.arn }}" - cloudwatch_logs_role_arn: "{{ output_cloudwatch_role.arn }}" + cloudwatch_logs_role_arn: "{{ output_cloudwatch_role.iam_role.arn }}" is_multi_region_trail: true include_global_events: true enable_log_file_validation: true @@ -1572,7 +1572,7 @@ policy_name: CloudWatch ignore_errors: true - name: Delete CloudWatch IAM Role - community.aws.iam_role: + amazon.aws.iam_role: state: absent name: "{{ cloudwatch_role }}" ignore_errors: true @@ -1584,7 +1584,7 @@ policy_name: CloudWatchNokms ignore_errors: true - name: Delete CloudWatch No KMS IAM Role - community.aws.iam_role: + amazon.aws.iam_role: state: absent name: "{{ cloudwatch_no_kms_role }}" ignore_errors: true diff --git a/ansible_collections/amazon/aws/tests/integration/targets/ec2_instance_iam_instance_role/tasks/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/ec2_instance_iam_instance_role/tasks/main.yml index 14f44c2eb..336ebdb08 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/ec2_instance_iam_instance_role/tasks/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/ec2_instance_iam_instance_role/tasks/main.yml @@ -7,7 +7,7 @@ region: "{{ aws_region }}" block: - name: Create IAM role for test - community.aws.iam_role: + amazon.aws.iam_role: state: present name: "{{ first_iam_role }}" assume_role_policy_document: "{{ lookup('file','assume-role-policy.json') }}" @@ -17,7 +17,7 @@ register: iam_role - name: Create second IAM role for test - community.aws.iam_role: + amazon.aws.iam_role: state: present name: "{{ second_iam_role }}" assume_role_policy_document: "{{ lookup('file','assume-role-policy.json') }}" @@ -46,7 +46,7 @@ - ansible.builtin.assert: that: - - instance_with_role.instances[0].iam_instance_profile.arn == iam_role.arn.replace(":role/", ":instance-profile/") + - instance_with_role.instances[0].iam_instance_profile.arn == iam_role.iam_role.arn.replace(":role/", ":instance-profile/") - name: Make instance with an instance_role(check mode) amazon.aws.ec2_instance: @@ -55,7 +55,7 @@ image_id: "{{ ec2_ami_id }}" security_groups: "{{ sg.group_id }}" instance_type: "{{ ec2_instance_type }}" - instance_role: "{{ iam_role.arn.replace(':role/', ':instance-profile/') }}" + instance_role: "{{ iam_role.iam_role.arn.replace(':role/', ':instance-profile/') }}" vpc_subnet_id: "{{ testing_subnet_a.subnet.id }}" tags: TestId: "{{ ec2_instance_tag_TestId }}" @@ -86,7 +86,7 @@ image_id: "{{ ec2_ami_id }}" security_groups: "{{ sg.group_id }}" instance_type: "{{ ec2_instance_type }}" - instance_role: "{{ iam_role_2.arn.replace(':role/', ':instance-profile/') }}" + instance_role: "{{ iam_role_2.iam_role.arn.replace(':role/', ':instance-profile/') }}" vpc_subnet_id: "{{ testing_subnet_a.subnet.id }}" tags: TestId: "{{ ec2_instance_tag_TestId }}" @@ -105,7 +105,7 @@ - ansible.builtin.assert: that: - - updates_instance_info.instances[0].iam_instance_profile.arn == iam_role_2.arn.replace(":role/", ":instance-profile/") + - updates_instance_info.instances[0].iam_instance_profile.arn == iam_role_2.iam_role.arn.replace(":role/", ":instance-profile/") - updates_instance_info.instances[0].instance_id == instance_with_role.instances[0].instance_id always: @@ -119,7 +119,7 @@ ignore_errors: true - name: Delete IAM role for test - community.aws.iam_role: + amazon.aws.iam_role: state: absent name: "{{ item }}" delete_instance_profile: true diff --git a/ansible_collections/amazon/aws/tests/integration/targets/ec2_vol/tasks/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/ec2_vol/tasks/main.yml index edeccb4ea..3867885a7 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/ec2_vol/tasks/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/ec2_vol/tasks/main.yml @@ -685,7 +685,6 @@ ansible.builtin.assert: that: - not delete_volume_result_idem.changed - - '"Volume "+ volume2.volume_id +" does not exist" in delete_volume_result_idem.msg' # Originally from ec2_vol_info diff --git a/ansible_collections/amazon/aws/tests/integration/targets/elb_application_lb/defaults/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/elb_application_lb/defaults/main.yml index b591e4ae6..399f98acf 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/elb_application_lb/defaults/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/elb_application_lb/defaults/main.yml @@ -4,6 +4,7 @@ resource_short: "{{ '%0.8x' % ((16**8) | random(seed=resource_prefix)) }}" alb_name: alb-test-{{ resource_short }} alb_2_name: alb-test-2-{{ resource_short }} +alb_name_multiple_listener_test: alb-test-{{ resource_short }}-lt tg_name: alb-test-{{ resource_short }} tg_2_name: alb-test-2-{{ resource_short }} vpc_cidr: 10.{{ 256 | random(seed=resource_prefix) }}.0.0/16 @@ -26,3 +27,15 @@ elb_access_log_account_id_map: us-gov-west-1: "048591011584" elb_account_id: "{{ elb_access_log_account_id_map[aws_region] }}" + +local_certs: + - priv_key: "{{ remote_tmp_dir }}/private-1.pem" + cert: "{{ remote_tmp_dir }}/public-1.pem" + csr: "{{ remote_tmp_dir }}/csr-1.csr" + domain: elb-classic.{{ tiny_prefix }}.ansible.test + name: "{{ resource_prefix }}_{{ resource_prefix }}_1" + - priv_key: "{{ remote_tmp_dir }}/private-2.pem" + cert: "{{ remote_tmp_dir }}/public-2.pem" + csr: "{{ remote_tmp_dir }}/csr-2.csr" + domain: elb-classic.{{ tiny_prefix }}.ansible.test + name: "{{ resource_prefix }}_{{ resource_prefix }}_2" diff --git a/ansible_collections/amazon/aws/tests/integration/targets/elb_application_lb/meta/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/elb_application_lb/meta/main.yml new file mode 100644 index 000000000..bef04ab7f --- /dev/null +++ b/ansible_collections/amazon/aws/tests/integration/targets/elb_application_lb/meta/main.yml @@ -0,0 +1,4 @@ +--- +dependencies: + - setup_ec2_facts + - setup_remote_tmp_dir diff --git a/ansible_collections/amazon/aws/tests/integration/targets/elb_application_lb/tasks/alb_with_multiple_listener_certs.yml b/ansible_collections/amazon/aws/tests/integration/targets/elb_application_lb/tasks/alb_with_multiple_listener_certs.yml new file mode 100644 index 000000000..af55c29bf --- /dev/null +++ b/ansible_collections/amazon/aws/tests/integration/targets/elb_application_lb/tasks/alb_with_multiple_listener_certs.yml @@ -0,0 +1,127 @@ +- name: Run tests + block: + - name: Generate private key for local certs + community.crypto.openssl_privatekey: + path: "{{ item.priv_key }}" + type: RSA + size: 2048 + with_items: "{{ local_certs }}" + + - name: Generate an OpenSSL Certificate Signing Request for own certs + community.crypto.openssl_csr: + path: "{{ item.csr }}" + privatekey_path: "{{ item.priv_key }}" + common_name: "{{ item.domain }}" + with_items: "{{ local_certs }}" + + - name: Generate a Self Signed OpenSSL certificate for own certs + community.crypto.x509_certificate: + provider: selfsigned + path: "{{ item.cert }}" + csr_path: "{{ item.csr }}" + privatekey_path: "{{ item.priv_key }}" + selfsigned_digest: sha256 + register: cert_create_result + with_items: "{{ local_certs }}" + + - name: upload certificates + community.aws.acm_certificate: + name_tag: "{{ item.name }}" + certificate: "{{ lookup('file', item.cert ) }}" + private_key: "{{ lookup('file', item.priv_key ) }}" + state: present + tags: + Application: search + Environment: development + purge_tags: false + register: upload + with_items: "{{ local_certs }}" + until: upload is succeeded + retries: 5 + delay: 10 + + - ansible.builtin.set_fact: + cert_1_arn: "{{ upload.results[0].certificate.arn }}" + cert_2_arn: "{{ upload.results[1].certificate.arn }}" + + - name: Create a target group for testing + community.aws.elb_target_group: + name: "{{ tg_name }}" + protocol: http + port: 80 + vpc_id: "{{ vpc_id }}" + state: present + + - name: Create an ALB with listener having multiple certificates + amazon.aws.elb_application_lb: + name: "{{ alb_name_multiple_listener_test }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: present + purge_listeners: False + listeners: + - Protocol: HTTPS + Port: 446 + SslPolicy: ELBSecurityPolicy-TLS13-1-2-2021-06 + Certificates: # The ARN of the certificate + - CertificateArn: "{{ cert_1_arn }}" + - CertificateArn: "{{ cert_2_arn }}" + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + register: alb + + - name: Gather information about a particular ALB given its ARN #returns only default cert + amazon.aws.elb_application_lb_info: + load_balancer_arns: + - "{{ alb.load_balancer_arn }}" + register: alb_info + + - name: obtain information about a certificate 1 + community.aws.acm_certificate_info: + certificate_arn: "{{ cert_1_arn }}" + register: cert_1_info + + - name: obtain information about a certificate 2 + community.aws.acm_certificate_info: + certificate_arn: "{{ cert_2_arn }}" + register: cert_2_info + + - name: Assert that both certificiates are in use by test load balancer + ansible.builtin.assert: + that: + - cert_1_info.certificates[0].in_use_by[0] == alb_info.load_balancers[0].load_balancer_arn + - cert_2_info.certificates[0].in_use_by[0] == alb_info.load_balancers[0].load_balancer_arn + + always: + - name: Delete test ALB + amazon.aws.elb_application_lb: + name: "{{ alb_name_multiple_listener_test }}" + subnets: "{{ public_subnets }}" + security_groups: "{{ sec_group.group_id }}" + state: absent + purge_listeners: False + listeners: + - Protocol: HTTPS + Port: 446 + SslPolicy: ELBSecurityPolicy-TLS13-1-2-2021-06 + Certificates: # The ARN of the certificate + - CertificateArn: "{{ cert_1_arn }}" + - CertificateArn: "{{ cert_2_arn }}" + DefaultActions: + - Type: forward + TargetGroupName: "{{ tg_name }}" + ignore_errors: true + + - name: delete a certificate with a particular ARN + community.aws.acm_certificate: + certificate_arn: "{{ item }}" + state: absent + register: delete_acm + with_items: + - "{{ cert_1_arn }}" + - "{{ cert_2_arn }}" + retries: 5 + delay: 5 + until: delete_acm is not failed + ignore_errors: true diff --git a/ansible_collections/amazon/aws/tests/integration/targets/elb_application_lb/tasks/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/elb_application_lb/tasks/main.yml index 6edc6416d..28d4bdbdd 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/elb_application_lb/tasks/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/elb_application_lb/tasks/main.yml @@ -133,6 +133,10 @@ encryption: aws:kms policy: "{{ lookup('template', 'policy.json') }}" + + - name: Run tests for creating ALB with listener having multiple certificates + ansible.builtin.import_tasks: alb_with_multiple_listener_certs.yml + - name: Create an ALB (invalid - SslPolicy is required when Protocol == HTTPS) amazon.aws.elb_application_lb: name: "{{ alb_name }}" diff --git a/ansible_collections/amazon/aws/tests/integration/targets/iam_group/tasks/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/iam_group/tasks/main.yml index 54015a446..269cd51ec 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/iam_group/tasks/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/iam_group/tasks/main.yml @@ -15,7 +15,7 @@ state: present - name: Create Safe IAM Managed Policy - community.aws.iam_managed_policy: + amazon.aws.iam_managed_policy: state: present policy_name: "{{ custom_policy_name }}" policy_description: A safe (deny-all) managed policy @@ -54,7 +54,7 @@ state: absent - name: Remove Safe IAM Managed Policy - community.aws.iam_managed_policy: + amazon.aws.iam_managed_policy: state: absent policy_name: "{{ custom_policy_name }}" diff --git a/ansible_collections/amazon/aws/tests/integration/targets/iam_instance_profile/tasks/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/iam_instance_profile/tasks/main.yml index 794b7a4ae..cbebc966a 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/iam_instance_profile/tasks/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/iam_instance_profile/tasks/main.yml @@ -17,7 +17,7 @@ # Prepare - name: Prepare IAM Roles - community.aws.iam_role: + amazon.aws.iam_role: state: present name: "{{ item }}" path: "{{ test_path }}" @@ -504,7 +504,7 @@ - "{{ test_role }}-2" - name: Remove IAM Roles - community.aws.iam_role: + amazon.aws.iam_role: state: absent name: "{{ item }}" path: "{{ test_path }}" diff --git a/ansible_collections/amazon/aws/tests/integration/targets/iam_managed_policy/defaults/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/iam_managed_policy/defaults/main.yml index 51ece2c3a..4257634b7 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/iam_managed_policy/defaults/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/iam_managed_policy/defaults/main.yml @@ -2,3 +2,6 @@ policy_name: "{{ resource_prefix }}-policy" policy_path: "/ansible-test-{{ tiny_prefix }}/" policy_description: "An example Managed Policy description" +test_role: "{{ resource_prefix }}-mp-role" +test_user: "{{ resource_prefix }}-mp-user" +test_group: "{{ resource_prefix }}-mp-group" diff --git a/ansible_collections/amazon/aws/tests/integration/targets/iam_managed_policy/files/deny-assume.json b/ansible_collections/amazon/aws/tests/integration/targets/iam_managed_policy/files/deny-assume.json new file mode 100644 index 000000000..73e877158 --- /dev/null +++ b/ansible_collections/amazon/aws/tests/integration/targets/iam_managed_policy/files/deny-assume.json @@ -0,0 +1,10 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Principal": { "Service": "ec2.amazonaws.com" }, + "Effect": "Deny" + } + ] +} diff --git a/ansible_collections/amazon/aws/tests/integration/targets/iam_managed_policy/tasks/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/iam_managed_policy/tasks/main.yml index c6ab19a74..ec4238b85 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/iam_managed_policy/tasks/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/iam_managed_policy/tasks/main.yml @@ -9,6 +9,21 @@ collections: - amazon.aws block: + - name: Create IAM group + amazon.aws.iam_group: + name: "{{ test_group }}" + state: present + - name: Create IAM user + amazon.aws.iam_user: + name: "{{ test_user }}" + state: present + - name: Create IAM role + amazon.aws.iam_role: + name: "{{ test_role }}" + assume_role_policy_document: '{{ lookup("file", "deny-assume.json") }}' + create_instance_profile: false + state: present + ## Test policy creation - name: Create IAM managed policy - check mode amazon.aws.iam_managed_policy: @@ -448,14 +463,60 @@ - result.policy.tags["Tag C"] == "Value C" - result.policy.tags["tag d"] == "value d" + - name: Attach managed policy to group + amazon.aws.iam_group: + name: "{{ test_group }}" + state: present + managed_policies: + - "{{ policy_name }}" + - name: Attach managed policy to user + amazon.aws.iam_user: + name: "{{ test_user }}" + state: present + managed_policies: + - "{{ policy_name }}" + - name: Attach managed policy to role + amazon.aws.iam_role: + name: "{{ test_role }}" + state: present + assume_role_policy_document: '{{ lookup("file", "deny-assume.json") }}' + managed_policies: + - "{{ policy_name }}" + - name: Delete IAM managed policy amazon.aws.iam_managed_policy: policy_name: "{{ policy_name }}" state: absent + - name: Delete IAM group + amazon.aws.iam_group: + name: "{{ test_group }}" + state: absent + - name: Delete IAM user + amazon.aws.iam_user: + name: "{{ test_user }}" + state: absent + - name: Delete IAM role + amazon.aws.iam_role: + name: "{{ test_role }}" + state: absent + always: - name: Delete IAM managed policy amazon.aws.iam_managed_policy: policy_name: "{{ policy_name }}" state: absent ignore_errors: true # noqa: ignore-errors + + - name: Delete IAM group + amazon.aws.iam_group: + name: "{{ test_group }}" + state: absent + - name: Delete IAM user + amazon.aws.iam_user: + name: "{{ test_user }}" + state: absent + - name: Delete IAM role + amazon.aws.iam_role: + name: "{{ test_role }}" + state: absent diff --git a/ansible_collections/amazon/aws/tests/integration/targets/iam_password_policy/tasks/main.yaml b/ansible_collections/amazon/aws/tests/integration/targets/iam_password_policy/tasks/main.yaml index 9b4fa7167..8d497813a 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/iam_password_policy/tasks/main.yaml +++ b/ansible_collections/amazon/aws/tests/integration/targets/iam_password_policy/tasks/main.yaml @@ -9,7 +9,7 @@ - amazon.aws block: - name: set iam password policy - community.aws.iam_password_policy: + amazon.aws.iam_password_policy: state: present min_pw_length: 8 require_symbols: false @@ -28,7 +28,7 @@ - result.changed - name: verify iam password policy has been created - community.aws.iam_password_policy: + amazon.aws.iam_password_policy: state: present min_pw_length: 8 require_symbols: false @@ -47,7 +47,7 @@ - not result.changed - name: update iam password policy with different settings - community.aws.iam_password_policy: + amazon.aws.iam_password_policy: state: present min_pw_length: 15 require_symbols: true @@ -67,7 +67,7 @@ # Test for regression of #59102 - name: update iam password policy without expiry - community.aws.iam_password_policy: + amazon.aws.iam_password_policy: state: present min_pw_length: 15 require_symbols: true @@ -83,7 +83,7 @@ - result.changed - name: remove iam password policy - community.aws.iam_password_policy: + amazon.aws.iam_password_policy: state: absent register: result @@ -93,7 +93,7 @@ - result.changed - name: verify password policy has been removed - community.aws.iam_password_policy: + amazon.aws.iam_password_policy: state: absent register: result @@ -103,6 +103,6 @@ - not result.changed always: - name: remove iam password policy - community.aws.iam_password_policy: + amazon.aws.iam_password_policy: state: absent register: result diff --git a/ansible_collections/amazon/aws/tests/integration/targets/iam_policy/tasks/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/iam_policy/tasks/main.yml index 9ed065036..afae59a0e 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/iam_policy/tasks/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/iam_policy/tasks/main.yml @@ -19,7 +19,7 @@ - result is changed - name: Create role for tests - community.aws.iam_role: + amazon.aws.iam_role: state: present name: "{{ iam_name }}" assume_role_policy_document: "{{ lookup('file','no_trust.json') }}" @@ -30,7 +30,7 @@ - result is changed - name: Create group for tests - community.aws.iam_group: + amazon.aws.iam_group: state: present name: "{{ iam_name }}" register: result @@ -60,12 +60,12 @@ name: "{{ iam_name }}" ignore_errors: true - name: Remove role - community.aws.iam_role: + amazon.aws.iam_role: state: absent name: "{{ iam_name }}" ignore_errors: true - name: Remove group - community.aws.iam_group: + amazon.aws.iam_group: state: absent name: "{{ iam_name }}" ignore_errors: true diff --git a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/defaults/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/defaults/main.yml index 8d7bdfb1d..57a4b9e2b 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/defaults/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/defaults/main.yml @@ -1,6 +1,7 @@ --- test_role: "{{ resource_prefix }}-role" -test_path: /{{ resource_prefix }}/ +test_path: "/{{ resource_prefix }}/" +bad_test_path: "{{ resource_prefix }}" safe_managed_policy: AWSDenyAll custom_policy_name: "{{ resource_prefix }}-denyall" -boundary_policy: arn:aws:iam::aws:policy/AWSDenyAll +boundary_policy: "arn:aws:iam::aws:policy/AWSDenyAll" diff --git a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/boundary_policy.yml b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/boundary_policy.yml index 706853c67..f24731f08 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/boundary_policy.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/boundary_policy.yml @@ -1,6 +1,6 @@ --- - name: Create minimal role with no boundary policy - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" create_instance_profile: false register: iam_role @@ -10,7 +10,7 @@ - iam_role.iam_role.role_name == test_role - name: Configure Boundary Policy (CHECK MODE) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" create_instance_profile: false boundary: "{{ boundary_policy }}" @@ -21,7 +21,7 @@ - iam_role is changed - name: Configure Boundary Policy - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" create_instance_profile: false boundary: "{{ boundary_policy }}" @@ -32,7 +32,7 @@ - iam_role.iam_role.role_name == test_role - name: Configure Boundary Policy (no change) - check mode - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" create_instance_profile: false boundary: "{{ boundary_policy }}" @@ -43,7 +43,7 @@ - iam_role is not changed - name: Configure Boundary Policy (no change) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" create_instance_profile: false boundary: "{{ boundary_policy }}" @@ -54,7 +54,7 @@ - iam_role.iam_role.role_name == test_role - name: iam_role_info after adding boundary policy - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" register: role_info - ansible.builtin.assert: @@ -77,7 +77,7 @@ - role_info.iam_roles[0].role_name == test_role - name: Remove IAM Role - community.aws.iam_role: + amazon.aws.iam_role: state: absent name: "{{ test_role }}" delete_instance_profile: true diff --git a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/complex_role_creation.yml b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/complex_role_creation.yml index 7195c5887..e0a33d7ca 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/complex_role_creation.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/complex_role_creation.yml @@ -1,6 +1,6 @@ --- - name: Complex IAM Role (CHECK MODE) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" assume_role_policy_document: '{{ lookup("file", "deny-assume.json") }}' boundary: "{{ boundary_policy }}" @@ -20,7 +20,7 @@ - iam_role is changed - name: iam_role_info after Complex Role creation in check_mode - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" register: role_info - ansible.builtin.assert: @@ -29,7 +29,7 @@ - role_info.iam_roles | length == 0 - name: Complex IAM Role - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" assume_role_policy_document: '{{ lookup("file", "deny-assume.json") }}' boundary: "{{ boundary_policy }}" @@ -59,7 +59,7 @@ - '"role_id" in iam_role.iam_role' - name: Complex IAM role (no change) - check mode - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" assume_role_policy_document: '{{ lookup("file", "deny-assume.json") }}' boundary: "{{ boundary_policy }}" @@ -79,7 +79,7 @@ - iam_role is not changed - name: Complex IAM role (no change) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" assume_role_policy_document: '{{ lookup("file", "deny-assume.json") }}' boundary: "{{ boundary_policy }}" @@ -99,7 +99,7 @@ - iam_role.iam_role.role_name == test_role - name: iam_role_info after Role creation - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" register: role_info - ansible.builtin.assert: diff --git a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/creation_deletion.yml b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/creation_deletion.yml index 9c81019c8..694c4d16b 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/creation_deletion.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/creation_deletion.yml @@ -2,12 +2,12 @@ - name: Try running some rapid fire create/delete tests block: - name: Minimal IAM Role without instance profile (rapid) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" create_instance_profile: false register: iam_role - name: Minimal IAM Role without instance profile (rapid) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" create_instance_profile: false register: iam_role_again @@ -17,12 +17,12 @@ - iam_role_again is not changed - name: Remove IAM Role (rapid) - community.aws.iam_role: + amazon.aws.iam_role: state: absent name: "{{ test_role }}" register: iam_role - name: Remove IAM Role (rapid) - community.aws.iam_role: + amazon.aws.iam_role: state: absent name: "{{ test_role }}" register: iam_role_again @@ -32,12 +32,12 @@ - iam_role_again is not changed - name: Minimal IAM Role without instance profile (rapid) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" create_instance_profile: false register: iam_role - name: Remove IAM Role (rapid) - community.aws.iam_role: + amazon.aws.iam_role: state: absent name: "{{ test_role }}" register: iam_role_again @@ -50,14 +50,14 @@ # Role Creation # (without Instance profile) - name: iam_role_info before Role creation (no args) - community.aws.iam_role_info: + amazon.aws.iam_role_info: register: role_info - ansible.builtin.assert: that: - role_info is succeeded - name: iam_role_info before Role creation (search for test role) - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" register: role_info - ansible.builtin.assert: @@ -66,7 +66,7 @@ - role_info.iam_roles | length == 0 - name: Minimal IAM Role (CHECK MODE) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" create_instance_profile: false register: iam_role @@ -76,7 +76,7 @@ - iam_role is changed - name: iam_role_info after Role creation in check_mode - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" register: role_info - ansible.builtin.assert: @@ -85,7 +85,7 @@ - role_info.iam_roles | length == 0 - name: Minimal IAM Role without instance profile - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" create_instance_profile: false register: iam_role @@ -106,7 +106,7 @@ - '"role_id" in iam_role.iam_role' - name: Minimal IAM Role without instance profile (no change) - check mode - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" create_instance_profile: false register: iam_role @@ -116,7 +116,7 @@ - iam_role is not changed - name: Minimal IAM Role without instance profile (no change) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" create_instance_profile: false register: iam_role @@ -126,7 +126,7 @@ - iam_role.iam_role.role_name == test_role - name: iam_role_info after Role creation - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" register: role_info - ansible.builtin.assert: @@ -151,7 +151,7 @@ - role_info.iam_roles[0].tags | length == 0 - name: Remove IAM Role - community.aws.iam_role: + amazon.aws.iam_role: state: absent name: "{{ test_role }}" delete_instance_profile: true @@ -161,7 +161,7 @@ - iam_role is changed - name: iam_role_info after Role deletion - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" register: role_info - ansible.builtin.assert: @@ -173,7 +173,7 @@ # (with path) - name: Minimal IAM Role with path (CHECK MODE) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" path: "{{ test_path }}" register: iam_role @@ -183,7 +183,7 @@ - iam_role is changed - name: Minimal IAM Role with path - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" path: "{{ test_path }}" register: iam_role @@ -203,7 +203,7 @@ - '"role_id" in iam_role.iam_role' - name: Minimal IAM Role with path (no change) - check mode - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" path: "{{ test_path }}" register: iam_role @@ -213,7 +213,7 @@ - iam_role is not changed - name: Minimal IAM Role with path (no change) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" path: "{{ test_path }}" register: iam_role @@ -223,7 +223,7 @@ - iam_role.iam_role.role_name == test_role - name: Minimal IAM Role with updated path (no change) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" path: "{{ test_path }}subpath/" register: iam_role @@ -234,7 +234,7 @@ - iam_role.iam_role.role_name == test_role - name: iam_role_info after Role creation - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" register: role_info - ansible.builtin.assert: @@ -260,7 +260,7 @@ - role_info.iam_roles[0].tags | length == 0 - name: iam_role_info after Role creation (searching a path) - community.aws.iam_role_info: + amazon.aws.iam_role_info: path_prefix: "{{ test_path }}" register: role_info - ansible.builtin.assert: @@ -285,8 +285,34 @@ - role_info.iam_roles[0].role_name == test_role - role_info.iam_roles[0].tags | length == 0 +- name: iam_role_info after Role creation (searching a path without / prefix and suffix) + amazon.aws.iam_role_info: + path_prefix: "{{ bad_test_path }}" + register: role_info +- ansible.builtin.assert: + that: + - role_info is succeeded + - role_info.iam_roles | length == 1 + - role_info.iam_roles[0].arn.startswith("arn") + - role_info.iam_roles[0].arn.endswith("role" + test_path + test_role ) + - '"assume_role_policy_document" in role_info.iam_roles[0]' + - '"create_date" in role_info.iam_roles[0]' + - '"description" not in role_info.iam_roles[0]' + - role_info.iam_roles[0].inline_policies | length == 0 + - role_info.iam_roles[0].instance_profiles | length == 1 + - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role + - role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn") + - role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile" + test_path + test_role) + - role_info.iam_roles[0].managed_policies | length == 0 + - role_info.iam_roles[0].max_session_duration == 3600 + - '"permissions_boundary" not in role_info.iam_roles[0]' + - role_info.iam_roles[0].path == test_path + - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id + - role_info.iam_roles[0].role_name == test_role + - role_info.iam_roles[0].tags | length == 0 + - name: Remove IAM Role - community.aws.iam_role: + amazon.aws.iam_role: state: absent name: "{{ test_role }}" path: "{{ test_path }}" @@ -297,7 +323,7 @@ - iam_role is changed - name: iam_role_info after Role deletion - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" register: role_info - ansible.builtin.assert: @@ -309,7 +335,7 @@ # (with Instance profile) - name: Minimal IAM Role with instance profile - check mode - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" create_instance_profile: true register: iam_role @@ -319,7 +345,7 @@ - iam_role is changed - name: Minimal IAM Role with instance profile - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" create_instance_profile: true register: iam_role @@ -339,7 +365,7 @@ - '"role_id" in iam_role.iam_role' - name: Minimal IAM Role wth instance profile (no change) - check mode - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" create_instance_profile: true register: iam_role @@ -349,7 +375,7 @@ - iam_role is not changed - name: Minimal IAM Role wth instance profile (no change) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" create_instance_profile: true register: iam_role @@ -359,7 +385,7 @@ - iam_role.iam_role.role_name == test_role - name: iam_role_info after Role creation - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" register: role_info - ansible.builtin.assert: diff --git a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/description_update.yml b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/description_update.yml index 0cb9a46af..edb88f7dd 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/description_update.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/description_update.yml @@ -1,6 +1,6 @@ --- - name: Add Description (CHECK MODE) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" description: Ansible Test Role {{ resource_prefix }} check_mode: true @@ -10,7 +10,7 @@ - iam_role is changed - name: Add Description - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" description: Ansible Test Role {{ resource_prefix }} register: iam_role @@ -21,7 +21,7 @@ - iam_role.iam_role.description == "Ansible Test Role "+resource_prefix - name: Add Description (no change) - check mode - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" description: Ansible Test Role {{ resource_prefix }} register: iam_role @@ -31,7 +31,7 @@ - iam_role is not changed - name: Add Description (no change) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" description: Ansible Test Role {{ resource_prefix }} register: iam_role @@ -42,7 +42,7 @@ - iam_role.iam_role.description == "Ansible Test Role "+resource_prefix - name: iam_role_info after adding Description - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" register: role_info - ansible.builtin.assert: @@ -70,7 +70,7 @@ # ------------------------------------------------------------------------------------------ - name: Update Description (CHECK MODE) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" description: Ansible Test Role (updated) {{ resource_prefix }} check_mode: true @@ -80,7 +80,7 @@ - iam_role is changed - name: Update Description - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" description: Ansible Test Role (updated) {{ resource_prefix }} register: iam_role @@ -91,7 +91,7 @@ - iam_role.iam_role.description == 'Ansible Test Role (updated) '+resource_prefix - name: Update Description (no change) - check mode - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" description: Ansible Test Role (updated) {{ resource_prefix }} register: iam_role @@ -101,7 +101,7 @@ - iam_role is not changed - name: Update Description (no change) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" description: Ansible Test Role (updated) {{ resource_prefix }} register: iam_role @@ -112,7 +112,7 @@ - iam_role.iam_role.description == 'Ansible Test Role (updated) '+resource_prefix - name: iam_role_info after updating Description - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" register: role_info - ansible.builtin.assert: diff --git a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/inline_policy_update.yml b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/inline_policy_update.yml index 0091045e8..5b3e42458 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/inline_policy_update.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/inline_policy_update.yml @@ -14,7 +14,7 @@ policy_name: inline-policy-b policy_json: '{{ lookup("file", "deny-all-b.json") }}' - name: iam_role_info after attaching inline policies (using iam_policy) - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" register: role_info - ansible.builtin.assert: diff --git a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/main.yml index b7a62db9f..21e25d9e3 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/main.yml @@ -34,7 +34,7 @@ assume_deny_policy: '{{ lookup("file", "deny-assume.json") | from_json }}' - ansible.builtin.include_tasks: parameter_checks.yml - name: Create Safe IAM Managed Policy - community.aws.iam_managed_policy: + amazon.aws.iam_managed_policy: state: present policy_name: "{{ custom_policy_name }}" policy_description: A safe (deny-all) managed policy @@ -60,23 +60,23 @@ # Cleanup - name: Remove IAM Role - community.aws.iam_role: + amazon.aws.iam_role: state: absent name: "{{ test_role }}" delete_instance_profile: true ignore_errors: true - name: Remove IAM Role (with path) - community.aws.iam_role: + amazon.aws.iam_role: state: absent name: "{{ test_role }}" path: "{{ test_path }}" delete_instance_profile: true ignore_errors: true - name: iam_role_info after Role deletion - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" ignore_errors: true - name: Remove test managed policy - community.aws.iam_managed_policy: + amazon.aws.iam_managed_policy: state: absent policy_name: "{{ custom_policy_name }}" diff --git a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/max_session_update.yml b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/max_session_update.yml index fe43bcfc8..576e6b24c 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/max_session_update.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/max_session_update.yml @@ -1,6 +1,6 @@ --- - name: Update Max Session Duration (CHECK MODE) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" max_session_duration: 43200 check_mode: true @@ -10,7 +10,7 @@ - iam_role is changed - name: Update Max Session Duration - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" max_session_duration: 43200 register: iam_role @@ -21,7 +21,7 @@ - iam_role.iam_role.max_session_duration == 43200 - name: Update Max Session Duration (no change) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" max_session_duration: 43200 register: iam_role @@ -30,7 +30,7 @@ - iam_role is not changed - name: Update Max Session Duration (no change) - check mode - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" max_session_duration: 43200 register: iam_role @@ -40,7 +40,7 @@ - iam_role is not changed - name: iam_role_info after updating Max Session Duration - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" register: role_info - ansible.builtin.assert: diff --git a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/parameter_checks.yml b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/parameter_checks.yml index 2cf46eebf..545072674 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/parameter_checks.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/parameter_checks.yml @@ -1,7 +1,7 @@ --- # Parameter Checks - name: Friendly message when creating an instance profile and adding a boundary profile - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" boundary: "{{ boundary_policy }}" register: iam_role @@ -14,7 +14,7 @@ - '"false" in iam_role.msg' - name: Friendly message when boundary profile is not an ARN - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" boundary: AWSDenyAll create_instance_profile: false @@ -28,7 +28,7 @@ - name: Friendly message when "present" without assume_role_policy_document module_defaults: { amazon.aws.iam_role: {}} - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" register: iam_role ignore_errors: true @@ -39,7 +39,7 @@ - '"assume_role_policy_document" in iam_role.msg' - name: Maximum Session Duration needs to be between 1 and 12 hours - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" max_session_duration: 3599 register: iam_role @@ -50,7 +50,7 @@ - '"max_session_duration must be between" in iam_role.msg' - name: Maximum Session Duration needs to be between 1 and 12 hours - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" max_session_duration: 43201 register: iam_role @@ -61,7 +61,7 @@ - '"max_session_duration must be between" in iam_role.msg' - name: Role Paths must start with / - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" path: test/ register: iam_role @@ -72,7 +72,7 @@ - '"path must begin and end with /" in iam_role.msg' - name: Role Paths must end with / - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" path: /test register: iam_role diff --git a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/policy_update.yml b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/policy_update.yml index 4fa5cd6d2..27b911ae7 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/policy_update.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/policy_update.yml @@ -1,6 +1,6 @@ --- - name: Add Managed Policy (CHECK MODE) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" purge_policies: false managed_policy: @@ -12,7 +12,7 @@ - iam_role is changed - name: Add Managed Policy - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" purge_policies: false managed_policy: @@ -24,7 +24,7 @@ - iam_role.iam_role.role_name == test_role - name: Add Managed Policy (no change) - check mode - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" purge_policies: false managed_policy: @@ -36,7 +36,7 @@ - iam_role is not changed - name: Add Managed Policy (no change) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" purge_policies: false managed_policy: @@ -48,7 +48,7 @@ - iam_role.iam_role.role_name == test_role - name: iam_role_info after adding Managed Policy - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" register: role_info - ansible.builtin.assert: @@ -80,7 +80,7 @@ # ------------------------------------------------------------------------------------------ - name: Update Managed Policy without purge (CHECK MODE) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" purge_policies: false managed_policy: @@ -92,7 +92,7 @@ - iam_role is changed - name: Update Managed Policy without purge - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" purge_policies: false managed_policy: @@ -104,7 +104,7 @@ - iam_role.iam_role.role_name == test_role - name: Update Managed Policy without purge (no change) - check mode - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" purge_policies: false managed_policy: @@ -116,7 +116,7 @@ - iam_role is not changed - name: Update Managed Policy without purge (no change) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" purge_policies: false managed_policy: @@ -128,7 +128,7 @@ - iam_role.iam_role.role_name == test_role - name: iam_role_info after updating Managed Policy without purge - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" register: role_info - ansible.builtin.assert: @@ -161,7 +161,7 @@ # Managed Policies are purged by default - name: Update Managed Policy with purge (CHECK MODE) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" managed_policy: - "{{ custom_policy_name }}" @@ -172,7 +172,7 @@ - iam_role is changed - name: Update Managed Policy with purge - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" managed_policy: - "{{ custom_policy_name }}" @@ -183,7 +183,7 @@ - iam_role.iam_role.role_name == test_role - name: Update Managed Policy with purge (no change) - check mode - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" managed_policy: - "{{ custom_policy_name }}" @@ -194,7 +194,7 @@ - iam_role is not changed - name: Update Managed Policy with purge (no change) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" managed_policy: - "{{ custom_policy_name }}" @@ -205,7 +205,7 @@ - iam_role.iam_role.role_name == test_role - name: iam_role_info after updating Managed Policy with purge - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" register: role_info - ansible.builtin.assert: diff --git a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/role_removal.yml b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/role_removal.yml index 8761bda73..f4e79252a 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/role_removal.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/role_removal.yml @@ -1,6 +1,6 @@ --- - name: Remove IAM Role (CHECK MODE) - community.aws.iam_role: + amazon.aws.iam_role: state: absent name: "{{ test_role }}" delete_instance_profile: true @@ -11,7 +11,7 @@ - iam_role is changed - name: iam_role_info after deleting role in check mode - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" register: role_info - ansible.builtin.assert: @@ -20,7 +20,7 @@ - role_info.iam_roles | length == 1 - name: Remove IAM Role - community.aws.iam_role: + amazon.aws.iam_role: state: absent name: "{{ test_role }}" delete_instance_profile: true @@ -30,7 +30,7 @@ - iam_role is changed - name: iam_role_info after deleting role - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" register: role_info - ansible.builtin.assert: @@ -39,7 +39,7 @@ - role_info.iam_roles | length == 0 - name: Remove IAM Role (should be gone already) - check mode - community.aws.iam_role: + amazon.aws.iam_role: state: absent name: "{{ test_role }}" delete_instance_profile: true @@ -50,7 +50,7 @@ - iam_role is not changed - name: Remove IAM Role (should be gone already) - community.aws.iam_role: + amazon.aws.iam_role: state: absent name: "{{ test_role }}" delete_instance_profile: true diff --git a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/tags_update.yml b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/tags_update.yml index e74820d77..45d703cc1 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/tags_update.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/iam_role/tasks/tags_update.yml @@ -1,6 +1,6 @@ --- - name: Add Tag (CHECK MODE) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" tags: TagA: ValueA @@ -11,7 +11,7 @@ - iam_role is changed - name: Add Tag - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" tags: TagA: ValueA @@ -25,7 +25,7 @@ - iam_role.iam_role.tags.TagA == "ValueA" - name: Add Tag (no change) - check mode - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" tags: TagA: ValueA @@ -36,7 +36,7 @@ - iam_role is not changed - name: Add Tag (no change) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" tags: TagA: ValueA @@ -49,7 +49,7 @@ - iam_role.iam_role.tags.TagA == "ValueA" - name: iam_role_info after adding Tags - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" register: role_info - ansible.builtin.assert: @@ -79,7 +79,7 @@ # ------------------------------------------------------------------------------------------ - name: Update Tag (CHECK MODE) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" tags: TagA: AValue @@ -90,7 +90,7 @@ - iam_role is changed - name: Update Tag - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" tags: TagA: AValue @@ -103,7 +103,7 @@ - iam_role.iam_role.tags.TagA == "AValue" - name: Update Tag (no change) - check mode - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" tags: TagA: AValue @@ -114,7 +114,7 @@ - iam_role is not changed - name: Update Tag (no change) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" tags: TagA: AValue @@ -127,7 +127,7 @@ - iam_role.iam_role.tags.TagA == "AValue" - name: iam_role_info after updating Tag - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" register: role_info - ansible.builtin.assert: @@ -157,7 +157,7 @@ # ------------------------------------------------------------------------------------------ - name: Add second Tag without purge (CHECK MODE) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" purge_tags: false tags: @@ -169,7 +169,7 @@ - iam_role is changed - name: Add second Tag without purge - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" purge_tags: false tags: @@ -183,7 +183,7 @@ - iam_role.iam_role.tags.TagB == "ValueB" - name: Add second Tag without purge (no change) - check mode - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" purge_tags: false tags: @@ -195,7 +195,7 @@ - iam_role is not changed - name: Add second Tag without purge (no change) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" purge_tags: false tags: @@ -209,7 +209,7 @@ - iam_role.iam_role.tags.TagB == "ValueB" - name: iam_role_info after adding second Tag without purge - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" register: role_info - ansible.builtin.assert: @@ -241,7 +241,7 @@ # ------------------------------------------------------------------------------------------ - name: Purge first tag (CHECK MODE) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" purge_tags: true tags: @@ -253,7 +253,7 @@ - iam_role is changed - name: Purge first tag - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" purge_tags: true tags: @@ -267,7 +267,7 @@ - iam_role.iam_role.tags.TagB == "ValueB" - name: Purge first tag (no change) - check mode - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" purge_tags: true tags: @@ -278,7 +278,7 @@ - iam_role is not changed - name: Purge first tag (no change) - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ test_role }}" purge_tags: true tags: @@ -292,7 +292,7 @@ - iam_role.iam_role.tags.TagB == "ValueB" - name: iam_role_info after purging first Tag - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: "{{ test_role }}" register: role_info - ansible.builtin.assert: diff --git a/ansible_collections/amazon/aws/tests/integration/targets/iam_user/tasks/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/iam_user/tasks/main.yml index 675b9a5b1..870dd4931 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/iam_user/tasks/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/iam_user/tasks/main.yml @@ -160,7 +160,7 @@ ansible.builtin.include_tasks: deletion.yml always: - name: Remove group - community.aws.iam_group: + amazon.aws.iam_group: name: "{{ test_group }}" state: absent ignore_errors: true # noqa: ignore-errors diff --git a/ansible_collections/amazon/aws/tests/integration/targets/inventory_aws_ec2/playbooks/test_inventory_ssm.yml b/ansible_collections/amazon/aws/tests/integration/targets/inventory_aws_ec2/playbooks/test_inventory_ssm.yml index c8e820aad..161fdc6e6 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/inventory_aws_ec2/playbooks/test_inventory_ssm.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/inventory_aws_ec2/playbooks/test_inventory_ssm.yml @@ -31,7 +31,7 @@ # Create VPC, subnet, security group, and find image_id to create instance - ansible.builtin.include_tasks: tasks/setup.yml - name: Ensure IAM instance role exists - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ iam_role_name }}" assume_role_policy_document: "{{ lookup('file', 'files/ec2-trust-policy.json') }}" state: present @@ -117,7 +117,7 @@ always: - name: Delete IAM role - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ iam_role_name }}" state: absent wait: true diff --git a/ansible_collections/amazon/aws/tests/integration/targets/kms_key/roles/kms_key/tasks/test_grants.yml b/ansible_collections/amazon/aws/tests/integration/targets/kms_key/roles/kms_key/tasks/test_grants.yml index ff97a1a09..d9ad140e9 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/kms_key/roles/kms_key/tasks/test_grants.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/kms_key/roles/kms_key/tasks/test_grants.yml @@ -10,7 +10,7 @@ amazon.aws.aws_caller_info: register: aws_caller_info - name: Create an IAM role that can do nothing - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ kms_key_alias }}" state: present assume_role_policy_document: @@ -353,7 +353,7 @@ pending_window: 7 ignore_errors: true # noqa: ignore-errors - name: Remove the IAM role - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ kms_key_alias }}" state: absent ignore_errors: true # noqa: ignore-errors diff --git a/ansible_collections/amazon/aws/tests/integration/targets/kms_key/roles/kms_key/tasks/test_modify.yml b/ansible_collections/amazon/aws/tests/integration/targets/kms_key/roles/kms_key/tasks/test_modify.yml index 1adb65094..8a0390615 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/kms_key/roles/kms_key/tasks/test_modify.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/kms_key/roles/kms_key/tasks/test_modify.yml @@ -10,7 +10,7 @@ amazon.aws.aws_caller_info: register: aws_caller_info - name: Create an IAM role that can do nothing - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ kms_key_alias }}" state: present assume_role_policy_document: @@ -286,7 +286,7 @@ pending_window: 7 ignore_errors: true # noqa: ignore-errors - name: Remove the IAM role - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ kms_key_alias }}" state: absent ignore_errors: true # noqa: ignore-errors diff --git a/ansible_collections/amazon/aws/tests/integration/targets/lambda/tasks/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/lambda/tasks/main.yml index dd8392d20..3720b4d79 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/lambda/tasks/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/lambda/tasks/main.yml @@ -16,7 +16,7 @@ when: (lookup('env', 'HOME')) # Preparation - name: create minimal lambda role - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ lambda_role_name }}" assume_role_policy_document: '{{ lookup("file", "minimal_trust_policy.json") }}' create_instance_profile: false @@ -807,7 +807,7 @@ - "{{ lambda_function_name }}_4" - name: ensure role has been removed at end of test - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ lambda_role_name }}" state: absent ignore_errors: true diff --git a/ansible_collections/amazon/aws/tests/integration/targets/lambda_alias/tasks/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/lambda_alias/tasks/main.yml index d6b8e0d6e..e96aa8269 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/lambda_alias/tasks/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/lambda_alias/tasks/main.yml @@ -12,7 +12,7 @@ # ============================================================== # Preparation - name: create minimal lambda role - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ lambda_role_name }}" assume_role_policy_document: '{{ lookup("file", "minimal_trust_policy.json") }}' create_instance_profile: false @@ -616,7 +616,7 @@ state: absent ignore_errors: true - name: ensure role has been removed at end of test - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ lambda_role_name }}" state: absent delete_instance_profile: true diff --git a/ansible_collections/amazon/aws/tests/integration/targets/lambda_event/tasks/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/lambda_event/tasks/main.yml index f06482a62..1e49d1373 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/lambda_event/tasks/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/lambda_event/tasks/main.yml @@ -6,11 +6,10 @@ secret_key: "{{ aws_secret_key }}" session_token: "{{ security_token | default(omit) }}" region: "{{ aws_region }}" - collections: - - community.general block: - name: Create test resources setup ansible.builtin.import_tasks: setup.yml + - name: Create DynamoDB stream event mapping (trigger) - check_mode amazon.aws.lambda_event: state: present diff --git a/ansible_collections/amazon/aws/tests/integration/targets/lambda_event/tasks/setup.yml b/ansible_collections/amazon/aws/tests/integration/targets/lambda_event/tasks/setup.yml index fa2668fd5..1f77a5e40 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/lambda_event/tasks/setup.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/lambda_event/tasks/setup.yml @@ -33,7 +33,7 @@ when: (lookup('env', 'HOME')) - name: create minimal lambda role - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ lambda_role_name }}" assume_role_policy_document: '{{ lookup("file", "minimal_trust_policy.json")}}' create_instance_profile: false diff --git a/ansible_collections/amazon/aws/tests/integration/targets/lambda_event/tasks/teardown.yml b/ansible_collections/amazon/aws/tests/integration/targets/lambda_event/tasks/teardown.yml index 476465a6e..2f13e1de4 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/lambda_event/tasks/teardown.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/lambda_event/tasks/teardown.yml @@ -26,7 +26,7 @@ state: absent - name: Delete the role - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ lambda_role_name }}" assume_role_policy_document: '{{ lookup("file", "minimal_trust_policy.json")}}' state: absent diff --git a/ansible_collections/amazon/aws/tests/integration/targets/lambda_policy/tasks/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/lambda_policy/tasks/main.yml index c3c73aaf2..e222f9fa6 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/lambda_policy/tasks/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/lambda_policy/tasks/main.yml @@ -12,7 +12,7 @@ - community.aws block: - name: create minimal lambda role - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ lambda_role_name }}" assume_role_policy_document: '{{ lookup("file", "minimal_trust_policy.json") }}' create_instance_profile: false @@ -50,7 +50,7 @@ path: "{{ output_dir }}/mini_http_lambda.py" dest: "{{ output_dir }}/mini_http_lambda.zip" - name: create minimal lambda role - community.aws.iam_role: + amazon.aws.iam_role: name: ansible_lambda_role assume_role_policy_document: "{{ lookup('file', 'minimal_trust_policy.json', convert_data=False) }}" create_instance_profile: false @@ -143,7 +143,7 @@ register: destroy_result ignore_errors: true - name: Clean up test role - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ lambda_role_name }}" state: absent ignore_errors: true diff --git a/ansible_collections/amazon/aws/tests/integration/targets/rds_cluster_param_group/aliases b/ansible_collections/amazon/aws/tests/integration/targets/rds_cluster_param_group/aliases new file mode 100644 index 000000000..e26025382 --- /dev/null +++ b/ansible_collections/amazon/aws/tests/integration/targets/rds_cluster_param_group/aliases @@ -0,0 +1,3 @@ +cloud/aws +rds_cluster_param_group_info +rds_engine_versions_info diff --git a/ansible_collections/amazon/aws/tests/integration/targets/rds_cluster_param_group/defaults/main.yaml b/ansible_collections/amazon/aws/tests/integration/targets/rds_cluster_param_group/defaults/main.yaml new file mode 100644 index 000000000..8758e70cf --- /dev/null +++ b/ansible_collections/amazon/aws/tests/integration/targets/rds_cluster_param_group/defaults/main.yaml @@ -0,0 +1,7 @@ +--- +rds_cluster_param_group_name: "{{ resource_prefix }}-cluster-param-group" +rds_engine: postgres +resource_tags: + resource_prefix: "{{ resource_prefix }}" + some: tag + another: tag diff --git a/ansible_collections/amazon/aws/tests/integration/targets/rds_cluster_param_group/tasks/main.yaml b/ansible_collections/amazon/aws/tests/integration/targets/rds_cluster_param_group/tasks/main.yaml new file mode 100644 index 000000000..3eb85f617 --- /dev/null +++ b/ansible_collections/amazon/aws/tests/integration/targets/rds_cluster_param_group/tasks/main.yaml @@ -0,0 +1,328 @@ +--- +- module_defaults: + group/aws: + region: "{{ aws_region }}" + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" + + block: + - name: Gather information about RDS engine version + amazon.aws.rds_engine_versions_info: + engine: "{{ rds_engine }}" + default_only: true + register: engine_versions + + - name: Set variable for RDS param group family + ansible.builtin.set_fact: + dbparam_group_family: "{{ engine_versions.db_engine_versions.0.db_parameter_group_family }}" + + # Test create using check_mode=true + - name: Create RDS cluster parameter group (check_mode=true) + amazon.aws.rds_cluster_param_group: + name: "{{ rds_cluster_param_group_name }}" + db_parameter_group_family: "{{ dbparam_group_family }}" + description: "RDS cluster param group for Engine {{ engine_versions.db_engine_versions.0.engine_version }}" + check_mode: true + register: create_checkmode + + - name: Describe RDS parameter group + amazon.aws.rds_cluster_param_group_info: + name: "{{ rds_cluster_param_group_name }}" + register: cluster_params + + - name: Assert that the RDS cluster parameter was not created (using check_mode=true) + ansible.builtin.assert: + that: + - create_checkmode is changed + - cluster_params.db_cluster_parameter_groups | length == 0 + + # Test create RDS cluster parameter group + - name: Create RDS cluster parameter group + amazon.aws.rds_cluster_param_group: + name: "{{ rds_cluster_param_group_name }}" + db_parameter_group_family: "{{ dbparam_group_family }}" + description: "RDS cluster param group for Engine {{ engine_versions.db_engine_versions.0.engine_version }}" + register: create_group + + - name: Describe RDS parameter group + amazon.aws.rds_cluster_param_group_info: + name: "{{ rds_cluster_param_group_name }}" + register: cluster_params + + - name: Assert that the RDS cluster parameter was created + ansible.builtin.assert: + that: + - create_group is changed + - create_group.db_cluster_parameter_group.db_cluster_parameter_group_arn + - create_group.db_cluster_parameter_group.db_cluster_parameter_group_name == rds_cluster_param_group_name + - create_group.db_cluster_parameter_group.db_parameter_group_family == dbparam_group_family + - cluster_params.db_cluster_parameter_groups | length == 1 + + # Test create RDS cluster parameter group (idempotency) + - name: Create RDS cluster parameter group (idempotency) + amazon.aws.rds_cluster_param_group: + name: "{{ rds_cluster_param_group_name }}" + db_parameter_group_family: "{{ dbparam_group_family }}" + description: "RDS cluster param group for Engine {{ engine_versions.db_engine_versions.0.engine_version }}" + register: create_idempotency + + - name: Validate that module did not report change + ansible.builtin.assert: + that: + - create_idempotency is not changed + + # Test adding tag to existing RDS cluster parameter group (check_mode=true) + - name: Update existing RDS cluster parameter group with tags (check_mode=true) + amazon.aws.rds_cluster_param_group: + name: "{{ rds_cluster_param_group_name }}" + db_parameter_group_family: "{{ dbparam_group_family }}" + description: "RDS cluster param group for Engine {{ engine_versions.db_engine_versions.0.engine_version }}" + tags: "{{ resource_tags }}" + register: create_tag + check_mode: true + + - name: Describe RDS parameter group + amazon.aws.rds_cluster_param_group_info: + name: "{{ rds_cluster_param_group_name }}" + register: cluster_params + + - name: Validate that the resource has not been updated with tags (check_mode) + ansible.builtin.assert: + that: + - create_tag is changed + - cluster_params.db_cluster_parameter_groups.0.tags == {} + + # Test adding tag to existing RDS cluster parameter group + - name: Update existing RDS cluster parameter group with tags + amazon.aws.rds_cluster_param_group: + name: "{{ rds_cluster_param_group_name }}" + db_parameter_group_family: "{{ dbparam_group_family }}" + description: "RDS cluster param group for Engine {{ engine_versions.db_engine_versions.0.engine_version }}" + tags: "{{ resource_tags }}" + register: create_tag + + - name: Describe RDS parameter group + amazon.aws.rds_cluster_param_group_info: + name: "{{ rds_cluster_param_group_name }}" + register: cluster_params + + - name: Validate that the resource has been updated with tags + ansible.builtin.assert: + that: + - create_tag is changed + - cluster_params.db_cluster_parameter_groups.0.tags == resource_tags + + # Test adding tag to existing RDS cluster parameter group (idempotency) + - name: Update existing RDS cluster parameter group with tags (idempotency) + amazon.aws.rds_cluster_param_group: + name: "{{ rds_cluster_param_group_name }}" + db_parameter_group_family: "{{ dbparam_group_family }}" + description: "RDS cluster param group for Engine {{ engine_versions.db_engine_versions.0.engine_version }}" + tags: "{{ resource_tags }}" + register: create_tag_idempotency + + - name: Describe RDS parameter group + amazon.aws.rds_cluster_param_group_info: + name: "{{ rds_cluster_param_group_name }}" + register: cluster_params + + - name: Validate that the module did not report change and the resource tag remain unchanged + ansible.builtin.assert: + that: + - create_tag_idempotency is not changed + - cluster_params.db_cluster_parameter_groups.0.tags == resource_tags + + # Test adding not modifiable parameter + - name: Update RDS cluster param group with not modifiable parameter + amazon.aws.rds_cluster_param_group: + name: "{{ rds_cluster_param_group_name }}" + db_parameter_group_family: "{{ dbparam_group_family }}" + description: "RDS cluster param group for Engine {{ engine_versions.db_engine_versions.0.engine_version }}" + parameters: + - parameter_name: archive_library + parameter_value: test + apply_method: immediate + register: not_modifiable + ignore_errors: true + + - name: Ensure module failed to update not modifiable parameter + ansible.builtin.assert: + that: + - not_modifiable is failed + - '"The parameter archive_library cannot be modified" in not_modifiable.msg' + + # Test adding invalid parameter + - name: Update RDS cluster param group with invalid parameter + amazon.aws.rds_cluster_param_group: + name: "{{ rds_cluster_param_group_name }}" + db_parameter_group_family: "{{ dbparam_group_family }}" + description: "RDS cluster param group for Engine {{ engine_versions.db_engine_versions.0.engine_version }}" + parameters: + - parameter_name: invalid_fake + parameter_value: test + apply_method: immediate + register: invalid_param + ignore_errors: true + + - name: Ensure module failed to update invalid parameter + ansible.builtin.assert: + that: + - invalid_param is failed + - '"Could not find parameter with name: invalid_fake" in invalid_param.msg' + + # Test Modify parameters + - name: Modify RDS cluster parameter group with new parameters (check_mode) + amazon.aws.rds_cluster_param_group: + name: "{{ rds_cluster_param_group_name }}" + db_parameter_group_family: "{{ dbparam_group_family }}" + description: "RDS cluster param group for Engine {{ engine_versions.db_engine_versions.0.engine_version }}" + parameters: + - parameter_name: array_nulls + parameter_value: "0" + apply_method: immediate + - parameter_name: authentication_timeout + parameter_value: "50" + apply_method: immediate + register: update_param_check_mode + check_mode: true + + - name: Describe RDS parameter group + amazon.aws.rds_cluster_param_group_info: + name: "{{ rds_cluster_param_group_name }}" + include_parameters: all + register: initial_params + no_log: true # very spammy + + - name: Assert that the task executed in check_mode reported change, while the parameters remain unchanged + ansible.builtin.assert: + that: + - update_param_check_mode is changed + - "'parameter_value' not in array_nulls_param" + - "'parameter_value' not in auth_timeout_param" + vars: + array_nulls_param: "{{ initial_params.db_cluster_parameter_groups.0.db_parameters | selectattr('parameter_name', 'equalto', 'array_nulls') | first }}" + auth_timeout_param: "{{ initial_params.db_cluster_parameter_groups.0.db_parameters | selectattr('parameter_name', 'equalto', 'authentication_timeout') | first }}" + + - name: Modify RDS cluster parameter group with new parameters + amazon.aws.rds_cluster_param_group: + name: "{{ rds_cluster_param_group_name }}" + db_parameter_group_family: "{{ dbparam_group_family }}" + description: "RDS cluster param group for Engine {{ engine_versions.db_engine_versions.0.engine_version }}" + parameters: + - parameter_name: array_nulls + parameter_value: "0" + apply_method: immediate + - parameter_name: authentication_timeout + parameter_value: "50" + apply_method: immediate + register: update_parameters + + - name: Describe RDS parameter group + amazon.aws.rds_cluster_param_group_info: + name: "{{ rds_cluster_param_group_name }}" + include_parameters: user + register: cluster_params + + - name: Assert that the parameters are updated correctly + ansible.builtin.assert: + that: + - update_parameters is changed + - cluster_params.db_cluster_parameter_groups.0.db_parameters | selectattr('parameter_name', 'equalto', 'array_nulls') | first | community.general.json_query('parameter_value') == "0" + - cluster_params.db_cluster_parameter_groups.0.db_parameters | selectattr('parameter_name', 'equalto', 'authentication_timeout') | first | community.general.json_query('parameter_value') == "50" + + # Test Modify parameters (idempotency) + - name: Modify RDS cluster parameter group with new parameters (idempotency with check_mode) + amazon.aws.rds_cluster_param_group: + name: "{{ rds_cluster_param_group_name }}" + db_parameter_group_family: "{{ dbparam_group_family }}" + description: "RDS cluster param group for Engine {{ engine_versions.db_engine_versions.0.engine_version }}" + parameters: + - parameter_name: array_nulls + parameter_value: "0" + apply_method: immediate + - parameter_name: authentication_timeout + parameter_value: "50" + apply_method: immediate + register: update_idempotency_check_mode + + - name: Ensure task executed using check_mode did not reported change + ansible.builtin.assert: + that: + - update_idempotency_check_mode is not changed + + - name: Modify RDS cluster parameter group with new parameters (idempotency) + amazon.aws.rds_cluster_param_group: + name: "{{ rds_cluster_param_group_name }}" + db_parameter_group_family: "{{ dbparam_group_family }}" + description: "RDS cluster param group for Engine {{ engine_versions.db_engine_versions.0.engine_version }}" + parameters: + - parameter_name: array_nulls + parameter_value: "0" + apply_method: immediate + - parameter_name: authentication_timeout + parameter_value: "50" + apply_method: immediate + register: update_idempotency + + - name: Ensure module did not report change + ansible.builtin.assert: + that: + - update_idempotency is not changed + + # Test delete RDS cluster parameter group (check_mode=true) + - name: Delete existing RDS cluster parameter group (check_mode=true) + amazon.aws.rds_cluster_param_group: + name: "{{ rds_cluster_param_group_name }}" + state: absent + register: delete_cluster_param_checkmode + check_mode: true + + - name: Describe RDS parameter group + amazon.aws.rds_cluster_param_group_info: + name: "{{ rds_cluster_param_group_name }}" + register: cluster_params + + - name: Validate that module execution reported change but the RDS cluster param group was not deleted + assert: + that: + - delete_cluster_param_checkmode is changed + - cluster_params.db_cluster_parameter_groups | length == 1 + + # Test delete RDS cluster parameter group + - name: Delete existing RDS cluster parameter group + amazon.aws.rds_cluster_param_group: + name: "{{ rds_cluster_param_group_name }}" + state: absent + register: delete_cluster_param + + - name: Describe RDS parameter group + amazon.aws.rds_cluster_param_group_info: + name: "{{ rds_cluster_param_group_name }}" + register: cluster_params + + - name: Validate that module execution reported change and the RDS cluster param group is deleted + ansible.builtin.assert: + that: + - delete_cluster_param is changed + - cluster_params.db_cluster_parameter_groups | length == 0 + + # Test delete RDS cluster parameter group (idempotency) + - name: Delete existing RDS cluster parameter group + amazon.aws.rds_cluster_param_group: + name: "{{ rds_cluster_param_group_name }}" + state: absent + register: delete_cluster_param + + - name: Ensure module did not report change + ansible.builtin.assert: + that: + - delete_cluster_param is not changed + + always: + - name: Delete existing RDS cluster parameter group + amazon.aws.rds_cluster_param_group: + name: "{{ rds_cluster_param_group_name }}" + state: absent + register: delete_cluster_param + ignore_errors: true diff --git a/ansible_collections/amazon/aws/tests/integration/targets/rds_instance_complex/defaults/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/rds_instance_complex/defaults/main.yml index f2b794609..c7b6d0de9 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/rds_instance_complex/defaults/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/rds_instance_complex/defaults/main.yml @@ -14,4 +14,4 @@ storage_type: io1 iops: 1000 # For mariadb tests -mariadb_engine_version: 10.6.10 +mariadb_engine_version: 10.11.7 diff --git a/ansible_collections/amazon/aws/tests/integration/targets/rds_instance_complex/tasks/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/rds_instance_complex/tasks/main.yml index e4d9daa60..51ff777ea 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/rds_instance_complex/tasks/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/rds_instance_complex/tasks/main.yml @@ -23,7 +23,7 @@ ignore_errors: true - name: Create an enhanced monitoring role - community.aws.iam_role: + amazon.aws.iam_role: assume_role_policy_document: "{{ lookup('file','files/enhanced_monitoring_assume_policy.json') }}" name: "{{ instance_id }}-role" state: present @@ -91,7 +91,7 @@ preferred_maintenance_window: "{{ preferred_maintenance_window }}" auto_minor_version_upgrade: false monitoring_interval: "{{ monitoring_interval }}" - monitoring_role_arn: "{{ enhanced_monitoring_role.arn }}" + monitoring_role_arn: "{{ enhanced_monitoring_role.iam_role.arn }}" iops: "{{ iops }}" port: 1150 max_allocated_storage: 150 @@ -115,7 +115,7 @@ preferred_maintenance_window: "{{ preferred_maintenance_window }}" auto_minor_version_upgrade: false monitoring_interval: "{{ monitoring_interval }}" - monitoring_role_arn: "{{ enhanced_monitoring_role.arn }}" + monitoring_role_arn: "{{ enhanced_monitoring_role.iam_role.arn }}" iops: "{{ iops }}" port: 1150 max_allocated_storage: 150 @@ -143,7 +143,7 @@ preferred_maintenance_window: "{{ preferred_maintenance_window }}" auto_minor_version_upgrade: false monitoring_interval: "{{ monitoring_interval }}" - monitoring_role_arn: "{{ enhanced_monitoring_role.arn }}" + monitoring_role_arn: "{{ enhanced_monitoring_role.iam_role.arn }}" iops: "{{ iops }}" port: 1150 max_allocated_storage: 150 @@ -166,7 +166,7 @@ preferred_maintenance_window: "{{ preferred_maintenance_window }}" auto_minor_version_upgrade: false monitoring_interval: "{{ monitoring_interval }}" - monitoring_role_arn: "{{ enhanced_monitoring_role.arn }}" + monitoring_role_arn: "{{ enhanced_monitoring_role.iam_role.arn }}" iops: "{{ iops }}" port: 1150 max_allocated_storage: 150 @@ -190,7 +190,7 @@ ignore_errors: true - name: Remove enhanced monitoring role - community.aws.iam_role: + amazon.aws.iam_role: assume_role_policy_document: "{{ lookup('file','files/enhanced_monitoring_assume_policy.json') }}" name: "{{ instance_id }}-role" state: absent diff --git a/ansible_collections/amazon/aws/tests/integration/targets/rds_instance_modify/defaults/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/rds_instance_modify/defaults/main.yml index 0384232d5..0e09b9c4c 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/rds_instance_modify/defaults/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/rds_instance_modify/defaults/main.yml @@ -7,4 +7,4 @@ db_instance_class: db.t3.micro allocated_storage: 20 # For mariadb tests -mariadb_engine_version: 10.6.10 +mariadb_engine_version: 10.11.7 diff --git a/ansible_collections/amazon/aws/tests/integration/targets/rds_instance_modify/tasks/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/rds_instance_modify/tasks/main.yml index 4e33789f3..e440bbc42 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/rds_instance_modify/tasks/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/rds_instance_modify/tasks/main.yml @@ -82,7 +82,7 @@ - '"is not valid for adding IAM roles" in result.msg' # TODO: test modifying db_subnet_group_name, db_security_groups, db_parameter_group_name, option_group_name, - # monitoring_role_arn, monitoring_interval, domain, domain_iam_role_name, cloudwatch_logs_export_configuration + # monitoring_role_arn, monitoring_interval, domain, domain_iam_role_name # ------------------------------------------------------------------------------------------ - name: Modify the storage type without immediate application - check_mode @@ -306,6 +306,193 @@ - db_info.instances[0].ca_certificate_identifier == "rds-ca-ecc384-g1" # Test modifying CA certificate identifier Complete------------------------------------------- + # Test modifying cloudwatch log exports ------------------------------------------- + - name: Enable all cloudwatch log exports - check_mode + amazon.aws.rds_instance: + state: present + db_instance_identifier: "{{ modified_instance_id }}" + enable_cloudwatch_logs_exports: ["audit", "error", "general", "slowquery"] + register: result + check_mode: true + vars: + ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" + + - name: Get current cloudwatch log exports + amazon.aws.rds_instance_info: + db_instance_identifier: "{{ modified_instance_id }}" + register: db_info + - name: Assert that cloudwatch log exports has been modified - check_mode + ansible.builtin.assert: + that: + - result is changed + - result is not failed + - db_info.instances[0].enabled_cloudwatch_logs_exports is not defined + + - name: Enable all cloudwatch log exports + amazon.aws.rds_instance: + state: present + db_instance_identifier: "{{ modified_instance_id }}" + enable_cloudwatch_logs_exports: ["audit", "error", "general", "slowquery"] + register: result + vars: + ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" + + - name: Get current cloudwatch log exports + amazon.aws.rds_instance_info: + db_instance_identifier: "{{ modified_instance_id }}" + register: db_info + # It applies immediately but takes a couple seconds + until: + - db_info.instances[0].db_instance_status == 'available' + - not db_info.instances[0].pending_modified_values + retries: 10 + delay: 20 + + - name: Assert that cloudwatch log exports has been modified + ansible.builtin.assert: + that: + - result is changed + - result is not failed + - db_info.instances[0].enabled_cloudwatch_logs_exports | length == 4 + + - name: Enable all cloudwatch log exports - idempotent + amazon.aws.rds_instance: + state: present + db_instance_identifier: "{{ modified_instance_id }}" + enable_cloudwatch_logs_exports: ["audit", "error", "general", "slowquery"] + register: result + vars: + ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" + + - name: Get current cloudwatch log exports + amazon.aws.rds_instance_info: + db_instance_identifier: "{{ modified_instance_id }}" + register: db_info + - name: Assert that cloudwatch log exports has not been modified + ansible.builtin.assert: + that: + - result is not changed + - result is not failed + - not result.pending_modified_values + - db_info.instances[0].enabled_cloudwatch_logs_exports | length == 4 + + - name: Disable some cloudwatch log exports - check_mode + amazon.aws.rds_instance: + state: present + db_instance_identifier: "{{ modified_instance_id }}" + enable_cloudwatch_logs_exports: ["audit", "error"] + register: result + check_mode: true + vars: + ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" + + - name: Get current cloudwatch log exports + amazon.aws.rds_instance_info: + db_instance_identifier: "{{ modified_instance_id }}" + register: db_info + - name: Assert that cloudwatch log exports has been modified - check_mode + ansible.builtin.assert: + that: + - result is changed + - result is not failed + - db_info.instances[0].enabled_cloudwatch_logs_exports | length == 4 + + - name: Disable some cloudwatch log exports + amazon.aws.rds_instance: + state: present + db_instance_identifier: "{{ modified_instance_id }}" + enable_cloudwatch_logs_exports: ["audit", "error"] + register: result + vars: + ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" + + - name: Get current cloudwatch log exports + amazon.aws.rds_instance_info: + db_instance_identifier: "{{ modified_instance_id }}" + register: db_info + until: + - db_info.instances[0].db_instance_status == 'available' + - not db_info.instances[0].pending_modified_values + retries: 10 + delay: 20 + + - name: Assert that cloudwatch log exports has been modified + ansible.builtin.assert: + that: + - result is changed + - result is not failed + - db_info.instances[0].enabled_cloudwatch_logs_exports | length == 2 + + - name: Disable all cloudwatch log exports - no purge + amazon.aws.rds_instance: + state: present + db_instance_identifier: "{{ modified_instance_id }}" + enable_cloudwatch_logs_exports: [] + purge_cloudwatch_logs_exports: false + register: result + vars: + ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" + + - name: Get current cloudwatch log exports + amazon.aws.rds_instance_info: + db_instance_identifier: "{{ modified_instance_id }}" + register: db_info + - name: Assert that cloudwatch log exports has not been modified + ansible.builtin.assert: + that: + - result is not changed + - result is not failed + - not result.pending_modified_values + - db_info.instances[0].enabled_cloudwatch_logs_exports | length == 2 + + - name: Disable all cloudwatch log exports - check_mode + amazon.aws.rds_instance: + state: present + db_instance_identifier: "{{ modified_instance_id }}" + enable_cloudwatch_logs_exports: [] + register: result + check_mode: true + vars: + ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" + + - name: Get current cloudwatch log exports + amazon.aws.rds_instance_info: + db_instance_identifier: "{{ modified_instance_id }}" + register: db_info + - name: Assert that cloudwatch log exports has been modified - check_mode + ansible.builtin.assert: + that: + - result is changed + - result is not failed + - db_info.instances[0].enabled_cloudwatch_logs_exports | length == 2 + + - name: Disable all cloudwatch log exports + amazon.aws.rds_instance: + state: present + db_instance_identifier: "{{ modified_instance_id }}" + enable_cloudwatch_logs_exports: [] + register: result + vars: + ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" + + - name: Get current cloudwatch log exports + amazon.aws.rds_instance_info: + db_instance_identifier: "{{ modified_instance_id }}" + register: db_info + until: + - db_info.instances[0].db_instance_status == 'available' + - not db_info.instances[0].pending_modified_values + retries: 10 + delay: 20 + + - name: Assert that cloudwatch log exports has been modified + ansible.builtin.assert: + that: + - result is changed + - result is not failed + - db_info.instances[0].enabled_cloudwatch_logs_exports is not defined + # Test modifying cloudwatch log exports Complete------------------------------------------- + always: - name: Delete the instance amazon.aws.rds_instance: diff --git a/ansible_collections/amazon/aws/tests/integration/targets/rds_instance_snapshot/defaults/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/rds_instance_snapshot/defaults/main.yml index d193876e7..e82f395a8 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/rds_instance_snapshot/defaults/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/rds_instance_snapshot/defaults/main.yml @@ -8,7 +8,7 @@ password: "{{ lookup('password', '/dev/null') }}" db_instance_class: db.t3.micro allocated_storage: 10 engine: mariadb -mariadb_engine_version: 10.6.10 +mariadb_engine_version: 10.11.7 # Create snapshot snapshot_id: "{{ instance_id }}-snapshot" diff --git a/ansible_collections/amazon/aws/tests/integration/targets/rds_option_group/defaults/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/rds_option_group/defaults/main.yml index e0f04005f..70a5946bf 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/rds_option_group/defaults/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/rds_option_group/defaults/main.yml @@ -1,7 +1,7 @@ --- option_group_name: "{{ resource_prefix }}rds-option-group" engine_name: mysql -major_engine_version: 5.6 +major_engine_version: 8.0 option_group_description: "{{ resource_prefix }}rds-option-group test" instance_id: "{{ resource_prefix }}" username: test diff --git a/ansible_collections/amazon/aws/tests/integration/targets/rds_param_group/tasks/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/rds_param_group/tasks/main.yml index 663ee68df..4751e56e8 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/rds_param_group/tasks/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/rds_param_group/tasks/main.yml @@ -22,7 +22,7 @@ block: # ============================================================ - name: test empty parameter group - CHECK_MODE - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" description: "{{ rds_param_group.description }}" @@ -36,7 +36,7 @@ - result.changed - name: test empty parameter group - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" description: "{{ rds_param_group.description }}" @@ -54,7 +54,7 @@ # ============================================================ - name: test empty parameter group with no arguments changes nothing - CHECK_MODE - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" description: "{{ rds_param_group.description }}" @@ -68,7 +68,7 @@ - not result.changed - name: test empty parameter group with no arguments changes nothing - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" description: "{{ rds_param_group.description }}" @@ -82,7 +82,7 @@ # ============================================================ - name: test adding numeric tag - CHECK_MODE - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" description: "{{ rds_param_group.description }}" @@ -98,7 +98,7 @@ that: - result.changed - name: test adding numeric tag - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" description: "{{ rds_param_group.description }}" @@ -123,7 +123,7 @@ # ============================================================ - name: test modifying rds parameter group engine/family (warning displayed) - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine_to_modify_to }}" description: "{{ rds_param_group.description }}" @@ -143,7 +143,7 @@ # ============================================================ - name: test tagging existing group - CHECK_MODE - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" description: "{{ rds_param_group.description }}" @@ -160,7 +160,7 @@ that: - result.changed - name: test tagging existing group - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" description: "{{ rds_param_group.description }}" @@ -186,7 +186,7 @@ # ============================================================ - name: test repeating tagging existing group - CHECK_MODE - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" description: "{{ rds_param_group.description }}" @@ -212,7 +212,7 @@ - result.tags["NewTag"] == 'hello' - name: test repeating tagging existing group - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" description: "{{ rds_param_group.description }}" @@ -238,7 +238,7 @@ # ============================================================ - name: test deleting tags from existing group - CHECK_MODE - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" description: "{{ rds_param_group.description }}" @@ -254,7 +254,7 @@ that: - result.changed - name: test deleting tags from existing group - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" description: "{{ rds_param_group.description }}" @@ -277,7 +277,7 @@ # ============================================================ - name: test state=absent with engine defined (expect changed=true) - CHECK_MODE - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" state: absent @@ -290,7 +290,7 @@ - result.changed - name: test state=absent with engine defined (expect changed=true) - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" state: absent @@ -303,7 +303,7 @@ # ============================================================ - name: test creating group with parameters - CHECK_MODE - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" description: "{{ rds_param_group.description }}" @@ -325,7 +325,7 @@ - result.changed - name: test creating group with parameters - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" description: "{{ rds_param_group.description }}" @@ -355,7 +355,7 @@ # ============================================================ - name: test repeating group with parameters - CHECK_MODE - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" description: "{{ rds_param_group.description }}" @@ -377,7 +377,7 @@ - not result.changed - name: test repeating group with parameters - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" description: "{{ rds_param_group.description }}" @@ -407,7 +407,7 @@ # ============================================================ - name: test state=absent with engine defined (expect changed=true) - CHECK_MODE - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" state: absent @@ -419,7 +419,7 @@ that: - result.changed - name: test state=absent with engine defined (expect changed=true) - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" state: absent @@ -432,7 +432,7 @@ # ============================================================ - name: test repeating state=absent (expect changed=false) - CHECK_MODE - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" state: absent @@ -445,7 +445,7 @@ that: - not result.changed - name: test repeating state=absent (expect changed=false) - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" state: absent @@ -459,7 +459,7 @@ # ============================================================ - name: test creating group with more than 20 parameters - CHECK_MODE - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" description: "{{ rds_param_group.description }}" @@ -473,7 +473,7 @@ that: - result.changed - name: test creating group with more than 20 parameters - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" description: "{{ rds_param_group.description }}" @@ -488,7 +488,7 @@ # ============================================================ - name: test creating group with more than 20 parameters - CHECK_MODE - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" description: "{{ rds_param_group.description }}" @@ -502,7 +502,7 @@ that: - not result.changed - name: test creating group with more than 20 parameters - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" engine: "{{ rds_param_group.engine }}" description: "{{ rds_param_group.description }}" @@ -518,7 +518,7 @@ always: # ============================================================ - name: test state=absent (expect changed=false) - amazon.aws.rds_param_group: + amazon.aws.rds_instance_param_group: name: "{{ rds_param_group.name }}" state: absent register: result diff --git a/ansible_collections/amazon/aws/tests/integration/targets/s3_bucket_info/tasks/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/s3_bucket_info/tasks/main.yml index f532c13a1..1b5c3172e 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/s3_bucket_info/tasks/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/s3_bucket_info/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: Test community.aws.aws_s3_bucket_info +- name: Test s3_bucket_info module_defaults: group/aws: access_key: "{{ aws_access_key }}" diff --git a/ansible_collections/amazon/aws/tests/integration/targets/s3_object/library/test_s3_upload_multipart.py b/ansible_collections/amazon/aws/tests/integration/targets/s3_object/library/test_s3_upload_multipart.py new file mode 100644 index 000000000..a95275865 --- /dev/null +++ b/ansible_collections/amazon/aws/tests/integration/targets/s3_object/library/test_s3_upload_multipart.py @@ -0,0 +1,137 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright: Contributors to the Ansible project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: test_s3_upload_multipart +short_description: Create object using multipart upload +description: + - This module is used to create object into S3 bucket using multipart upload. + - Multipart upload allows to upload a single object as a set of parts. + - This module is exclusively used to test collection `amazon.aws`. +options: + bucket: + description: + - Bucket name. + required: true + type: str + object: + description: + - Key name of the object. + type: str + required: true + part_size: + description: + - Part size in MB. + type: int + default: 10 + parts: + description: + - Number of parts. + type: int + default: 6 +author: + - "Aubin Bikouo (@abikouo)" +extends_documentation_fragment: + - amazon.aws.common.modules + - amazon.aws.region.modules + - amazon.aws.tags + - amazon.aws.boto3 +""" + + +try: + import boto3 + import botocore +except ImportError: + pass # Handled by AnsibleAWSModule + +import random +import string + +from ansible.module_utils.common.dict_transformations import snake_dict_to_camel_dict + +from ansible_collections.amazon.aws.plugins.module_utils.modules import AnsibleAWSModule +from ansible_collections.amazon.aws.plugins.module_utils.retries import AWSRetry +from ansible_collections.amazon.aws.plugins.module_utils.s3 import s3_extra_params + + +def generate_content(length): + return "".join([random.choice(string.ascii_letters + string.digits) for i in range(length)]) + + +def updload_parts(s3, parts, part_size, **kwargs): + multiparts = [] + for part_id in range(1, parts + 1): + response = s3.upload_part( + Body=str.encode(generate_content(part_size * 1024 * 1024)), PartNumber=part_id, **kwargs + ) + + multiparts.append( + { + "PartNumber": part_id, + "ETag": response.get("ETag"), + } + ) + return multiparts + + +def main(): + argument_spec = dict( + bucket=dict(required=True), + object=dict(required=True), + parts=dict(type="int", default=6), + part_size=dict(type="int", default=10), + ) + + module = AnsibleAWSModule( + argument_spec=argument_spec, + supports_check_mode=True, + ) + + bucket = module.params.get("bucket") + object = module.params.get("object") + part_size = module.params.get("part_size") + parts = module.params.get("parts") + + extra_params = s3_extra_params(module.params) + retry_decorator = AWSRetry.jittered_backoff() + try: + s3 = module.client("s3", retry_decorator=retry_decorator, **extra_params) + except ( + botocore.exceptions.ClientError, + botocore.exceptions.BotoCoreError, + boto3.exceptions.Boto3Error, + ) as e: + module.fail_json_aws(e, msg="Failed to connect to AWS") + + # create multipart upload + response = s3.create_multipart_upload(Bucket=bucket, Key=object) + upload_id = response.get("UploadId") + + # upload parts + upload_params = { + "Bucket": bucket, + "Key": object, + "UploadId": upload_id, + } + + multiparts = updload_parts(s3, parts, part_size, **upload_params) + + # complete the upload + response = s3.complete_multipart_upload( + Bucket=bucket, + Key=object, + MultipartUpload={"Parts": multiparts}, + UploadId=upload_id, + ) + + response.pop("ResponseMetadata", None) + module.exit_json(changed=True, s3_object=snake_dict_to_camel_dict(response)) + + +if __name__ == "__main__": + main() diff --git a/ansible_collections/amazon/aws/tests/integration/targets/s3_object/tasks/copy_multipart_upload.yml b/ansible_collections/amazon/aws/tests/integration/targets/s3_object/tasks/copy_multipart_upload.yml new file mode 100644 index 000000000..edab77b6e --- /dev/null +++ b/ansible_collections/amazon/aws/tests/integration/targets/s3_object/tasks/copy_multipart_upload.yml @@ -0,0 +1,185 @@ +- name: Test copying object create using multipart upload + vars: + test_bucket: "{{ resource_prefix }}-multipart" + test_versioned_bucket: "{{ resource_prefix }}-multipart-versioned" + obj_metadata: + some: meta_info + test: ci + block: + # Create Sample bucket + - name: Create bucket with name '{{ test_bucket }}' + amazon.aws.s3_bucket: + name: "{{ test_bucket }}" + state: present + + - name: Create object into bucket using multipart upload + test_s3_upload_multipart: + access_key: "{{ aws_access_key }}" + secret_key: "{{ aws_secret_key }}" + session_token: "{{ security_token | default(omit) }}" + region: "{{ aws_region }}" + bucket: "{{ test_bucket }}" + object: multipart_1 + + # Test copying multipart-uploaded object + - name: Copy object + amazon.aws.s3_object: + bucket: "{{ test_bucket }}" + mode: copy + object: multipart_1_copy + copy_src: + bucket: "{{ test_bucket }}" + object: multipart_1 + register: _copy + + - name: Ensure module reported change + ansible.builtin.assert: + that: + - _copy is changed + + - name: Retrieve object info + amazon.aws.s3_object_info: + bucket_name: "{{ test_bucket }}" + object_name: multipart_1_copy + register: obj_info + + - name: Ensure object has been created + ansible.builtin.assert: + that: + - obj_info.object_info | length == 1 + + - name: Copy object once again (idempotency) + amazon.aws.s3_object: + bucket: "{{ test_bucket }}" + mode: copy + object: multipart_1_copy + copy_src: + bucket: "{{ test_bucket }}" + object: multipart_1 + register: copy_idempotency + + - name: Ensure module did not reported change + ansible.builtin.assert: + that: + - copy_idempotency is not changed + + # Update object with metadata + - name: Copy object with metadata + amazon.aws.s3_object: + bucket: "{{ test_bucket }}" + mode: copy + object: multipart_1_copy + copy_src: + bucket: "{{ test_bucket }}" + object: multipart_1 + metadata: "{{ obj_metadata }}" + register: _copymetadata + + - name: Ensure module reported change + ansible.builtin.assert: + that: + - _copymetadata is changed + + - name: Retrieve object info + amazon.aws.s3_object_info: + bucket_name: "{{ test_bucket }}" + object_name: multipart_1_copy + register: obj_info + + - name: Ensure object has been created + ansible.builtin.assert: + that: + - obj_info.object_info | length == 1 + - obj_info.object_info.0.object_data.metadata == obj_metadata + + # Test copy with metadata (idempotency) + - name: Copy object with metadata once again (idempotency) + amazon.aws.s3_object: + bucket: "{{ test_bucket }}" + mode: copy + object: multipart_1_copy + copy_src: + bucket: "{{ test_bucket }}" + object: multipart_1 + metadata: "{{ obj_metadata }}" + register: copy_idempotency + + - name: Ensure module did not reported change + ansible.builtin.assert: + that: + - copy_idempotency is not changed + + - name: Retrieve object info + amazon.aws.s3_object_info: + bucket_name: "{{ test_bucket }}" + object_name: multipart_1_copy + register: obj_info + + - name: Ensure object has been created + ansible.builtin.assert: + that: + - obj_info.object_info | length == 1 + - obj_info.object_info.0.object_data.metadata == obj_metadata + + # Test copying multipart-uploaded object into bucket with versioning activated + # Create bucket with versioning activated + - name: Create bucket with name '{{ test_versioned_bucket }}' + amazon.aws.s3_bucket: + name: "{{ test_versioned_bucket }}" + versioning: true + state: present + + - name: Copy object into bucket with versioning activated + amazon.aws.s3_object: + bucket: "{{ test_versioned_bucket }}" + mode: copy + object: multipart_2 + copy_src: + bucket: "{{ test_bucket }}" + object: multipart_1 + register: _copy + + - name: Get objects info from bucket with versioning activated + amazon.aws.s3_object_info: + bucket_name: "{{ test_versioned_bucket }}" + object_name: multipart_2 + register: obj_info_1 + + - name: Ensure object was copied and object info contain versioning information + ansible.builtin.assert: + that: + - _copy is changed + - obj_info_1.object_info.0.object_data.version_id + + # test copy idempotency with versioned bucket + - name: Copy object into bucket with versioning activated (once again) + amazon.aws.s3_object: + bucket: "{{ test_versioned_bucket }}" + mode: copy + object: multipart_2 + copy_src: + bucket: "{{ test_bucket }}" + object: multipart_1 + register: _copy_idempotency + + - name: Get objects info from bucket with versioning activated + amazon.aws.s3_object_info: + bucket_name: "{{ test_versioned_bucket }}" + object_name: multipart_2 + register: obj_info_2 + + - name: Validate that module did not reported change and object versioned remains unchanged + ansible.builtin.assert: + that: + - _copy_idempotency is not changed + - obj_info_1.object_info.0.object_data.version_id == obj_info_2.object_info.0.object_data.version_id + + always: + - name: Delete buckets + amazon.aws.s3_bucket: + name: "{{ item }}" + state: absent + force: true + with_items: + - "{{ test_versioned_bucket }}" + - "{{ test_bucket }}" diff --git a/ansible_collections/amazon/aws/tests/integration/targets/s3_object/tasks/copy_object.yml b/ansible_collections/amazon/aws/tests/integration/targets/s3_object/tasks/copy_object.yml index 994733d81..cfb5e13f6 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/s3_object/tasks/copy_object.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/s3_object/tasks/copy_object.yml @@ -6,6 +6,9 @@ metacopy_data: name: metacopy version: "1.0.3" + another_metadata: + another: meta + mode: copy block: - name: define bucket name used for tests ansible.builtin.set_fact: @@ -211,6 +214,54 @@ - obj_info.results | selectattr('item', 'equalto', 'metacopy') | map(attribute='object_info.0.object_data.metadata') | first == metacopy_data - obj_info.results | selectattr('item', 'equalto', 'copywithmeta') | map(attribute='object_info.0.object_data.metadata') | first == withmeta_data + # Validate copy idempotency with metadata + - name: Copy same object including metadata (check_mode=true) + amazon.aws.s3_object: + bucket: "{{ bucket_name }}" + mode: copy + object: copywithmeta + copy_src: + bucket: "{{ bucket_name }}" + object: withmeta + metadata: "{{ another_metadata }}" + register: copy_with_metadata_checkmode + check_mode: true + + - name: Get objects info + amazon.aws.s3_object_info: + bucket_name: "{{ bucket_name }}" + object_name: copywithmeta + register: obj_info + + - name: Validate that objects module reported change but metadata was not updated + ansible.builtin.assert: + that: + - copy_with_metadata_checkmode is changed + - obj_info.object_info.0.object_data.metadata == withmeta_data + + - name: Copy same object including metadata + amazon.aws.s3_object: + bucket: "{{ bucket_name }}" + mode: copy + object: copywithmeta + copy_src: + bucket: "{{ bucket_name }}" + object: withmeta + metadata: "{{ another_metadata }}" + register: copy_with_metadata + + - name: Get objects info + amazon.aws.s3_object_info: + bucket_name: "{{ bucket_name }}" + object_name: copywithmeta + register: obj_info + + - name: Validate that objects module reported change and metadata was updated + ansible.builtin.assert: + that: + - copy_with_metadata is changed + - obj_info.object_info.0.object_data.metadata == another_metadata + always: - ansible.builtin.include_tasks: delete_bucket.yml with_items: diff --git a/ansible_collections/amazon/aws/tests/integration/targets/s3_object/tasks/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/s3_object/tasks/main.yml index 7a8a585de..70041d36a 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/s3_object/tasks/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/s3_object/tasks/main.yml @@ -1071,9 +1071,10 @@ - "'tags' in result" - (result.tags | length) == 0 - - ansible.builtin.include_tasks: copy_recursively.yml - - ansible.builtin.include_tasks: copy_object.yml - - ansible.builtin.include_tasks: copy_object_acl_disabled_bucket.yml + - ansible.builtin.include_tasks: copy_recursively.yml + - ansible.builtin.include_tasks: copy_object.yml + - ansible.builtin.include_tasks: copy_object_acl_disabled_bucket.yml + - ansible.builtin.include_tasks: copy_multipart_upload.yml always: - name: delete temporary files file: diff --git a/ansible_collections/amazon/aws/tests/integration/targets/sts_assume_role/tasks/main.yml b/ansible_collections/amazon/aws/tests/integration/targets/sts_assume_role/tasks/main.yml index 807a422c9..7fdeb71e5 100644 --- a/ansible_collections/amazon/aws/tests/integration/targets/sts_assume_role/tasks/main.yml +++ b/ansible_collections/amazon/aws/tests/integration/targets/sts_assume_role/tasks/main.yml @@ -22,7 +22,7 @@ # ============================================================ - name: create test iam role - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ iam_role_name }}" assume_role_policy_document: "{{ lookup('template','policy.json.j2') }}" create_instance_profile: false @@ -247,7 +247,7 @@ # ============================================================ - name: test that assumed credentials have IAM read-only access - community.aws.iam_role: + amazon.aws.iam_role: access_key: "{{ assumed_role.sts_creds.access_key }}" secret_key: "{{ assumed_role.sts_creds.secret_key }}" session_token: "{{ assumed_role.sts_creds.session_token }}" @@ -266,7 +266,7 @@ # ============================================================ - name: test assumed role with unprivileged action - community.aws.iam_role: + amazon.aws.iam_role: access_key: "{{ assumed_role.sts_creds.access_key }}" secret_key: "{{ assumed_role.sts_creds.secret_key }}" session_token: "{{ assumed_role.sts_creds.session_token }}" @@ -295,7 +295,7 @@ # ============================================================ always: - name: delete test iam role - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ iam_role_name }}" assume_role_policy_document: "{{ lookup('template','policy.json.j2') }}" delete_instance_profile: true |