mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
s3_bucket: add integration tests (#36941)
Also update testing-policies/storage
This commit is contained in:
parent
51d491f8f0
commit
7c07877b1b
5 changed files with 244 additions and 5 deletions
|
@ -2,16 +2,24 @@
|
||||||
"Version": "2012-10-17",
|
"Version": "2012-10-17",
|
||||||
"Statement": [
|
"Statement": [
|
||||||
{
|
{
|
||||||
"Sid": "AlowS3AnsibleTestBuckets",
|
"Sid": "AllowS3AnsibleTestBuckets",
|
||||||
"Action": [
|
"Action": [
|
||||||
|
"s3:CreateBucket",
|
||||||
|
"s3:DeleteBucket",
|
||||||
|
"s3:DeleteObject",
|
||||||
|
"s3:GetBucketPolicy",
|
||||||
|
"s3:GetBucketRequestPayment",
|
||||||
|
"s3:GetBucketTagging",
|
||||||
|
"s3:GetBucketVersioning",
|
||||||
"s3:GetObject",
|
"s3:GetObject",
|
||||||
"s3:ListBucket",
|
"s3:ListBucket",
|
||||||
"s3:PutBucketAcl",
|
"s3:PutBucketAcl",
|
||||||
"s3:CreateBucket",
|
"s3:PutBucketPolicy",
|
||||||
|
"s3:PutBucketRequestPayment",
|
||||||
|
"s3:PutBucketTagging",
|
||||||
|
"s3:PutBucketVersioning",
|
||||||
"s3:PutObject",
|
"s3:PutObject",
|
||||||
"s3:PutObjectAcl",
|
"s3:PutObjectAcl"
|
||||||
"s3:DeleteBucket",
|
|
||||||
"s3:DeleteObject"
|
|
||||||
],
|
],
|
||||||
"Effect": "Allow",
|
"Effect": "Allow",
|
||||||
"Resource": [
|
"Resource": [
|
||||||
|
|
2
test/integration/targets/s3_bucket/aliases
Normal file
2
test/integration/targets/s3_bucket/aliases
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
cloud/aws
|
||||||
|
posix/ci/cloud/group4/aws
|
205
test/integration/targets/s3_bucket/tasks/main.yml
Normal file
205
test/integration/targets/s3_bucket/tasks/main.yml
Normal file
|
@ -0,0 +1,205 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- block:
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
- name: set connection information for all tasks
|
||||||
|
set_fact:
|
||||||
|
aws_connection_info: &aws_connection_info
|
||||||
|
aws_access_key: "{{ aws_access_key }}"
|
||||||
|
aws_secret_key: "{{ aws_secret_key }}"
|
||||||
|
security_token: "{{ security_token }}"
|
||||||
|
region: "{{ aws_region }}"
|
||||||
|
no_log: true
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
- name: Create simple s3_bucket
|
||||||
|
s3_bucket:
|
||||||
|
name: "{{ resource_prefix }}-testbucket-ansible"
|
||||||
|
state: present
|
||||||
|
<<: *aws_connection_info
|
||||||
|
register: output
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- output.changed
|
||||||
|
- output.name == '{{ resource_prefix }}-testbucket-ansible'
|
||||||
|
- not output.requester_pays
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
- name: Try to update the same bucket with the same values
|
||||||
|
s3_bucket:
|
||||||
|
name: "{{ resource_prefix }}-testbucket-ansible"
|
||||||
|
state: present
|
||||||
|
<<: *aws_connection_info
|
||||||
|
register: output
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- not output.changed
|
||||||
|
- output.name == '{{ resource_prefix }}-testbucket-ansible'
|
||||||
|
- not output.requester_pays
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
- name: Delete s3_bucket
|
||||||
|
s3_bucket:
|
||||||
|
name: "{{ resource_prefix }}-testbucket-ansible"
|
||||||
|
state: absent
|
||||||
|
<<: *aws_connection_info
|
||||||
|
register: output
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- output.changed
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
- name: Set bucket_name variable to be able to use it in lookup('template')
|
||||||
|
set_fact:
|
||||||
|
bucket_name: "{{ resource_prefix }}-testbucket-ansible-complex"
|
||||||
|
|
||||||
|
- name: Create more complex s3_bucket
|
||||||
|
s3_bucket:
|
||||||
|
name: "{{ resource_prefix }}-testbucket-ansible-complex"
|
||||||
|
state: present
|
||||||
|
policy: "{{ lookup('template','policy.json') }}"
|
||||||
|
requester_pays: yes
|
||||||
|
versioning: yes
|
||||||
|
tags:
|
||||||
|
example: tag1
|
||||||
|
another: tag2
|
||||||
|
<<: *aws_connection_info
|
||||||
|
register: output
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- output.changed
|
||||||
|
- output.name == '{{ resource_prefix }}-testbucket-ansible-complex'
|
||||||
|
- output.requester_pays
|
||||||
|
- output.versioning.MfaDelete == 'Disabled'
|
||||||
|
- output.versioning.Versioning == 'Enabled'
|
||||||
|
- output.tags.example == 'tag1'
|
||||||
|
- output.tags.another == 'tag2'
|
||||||
|
- output.policy.Statement[0].Action == 's3:GetObject'
|
||||||
|
- output.policy.Statement[0].Effect == 'Allow'
|
||||||
|
- output.policy.Statement[0].Principal == '*'
|
||||||
|
- output.policy.Statement[0].Resource == 'arn:aws:s3:::{{ resource_prefix }}-testbucket-ansible-complex/*'
|
||||||
|
- output.policy.Statement[0].Sid == 'AddPerm'
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
- name: Try to update the same complex s3_bucket
|
||||||
|
s3_bucket:
|
||||||
|
name: "{{ resource_prefix }}-testbucket-ansible-complex"
|
||||||
|
state: present
|
||||||
|
policy: "{{ lookup('template','policy.json') }}"
|
||||||
|
requester_pays: yes
|
||||||
|
versioning: yes
|
||||||
|
tags:
|
||||||
|
example: tag1
|
||||||
|
another: tag2
|
||||||
|
<<: *aws_connection_info
|
||||||
|
register: output
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- not output.changed
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
- name: Update bucket policy
|
||||||
|
s3_bucket:
|
||||||
|
name: "{{ resource_prefix }}-testbucket-ansible-complex"
|
||||||
|
state: present
|
||||||
|
policy: "{{ lookup('template','policy-updated.json') }}"
|
||||||
|
requester_pays: yes
|
||||||
|
versioning: yes
|
||||||
|
tags:
|
||||||
|
example: tag1
|
||||||
|
another: tag2
|
||||||
|
<<: *aws_connection_info
|
||||||
|
register: output
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- output.changed
|
||||||
|
- output.policy.Statement[0].Action == 's3:GetObject'
|
||||||
|
- output.policy.Statement[0].Effect == 'Deny'
|
||||||
|
- output.policy.Statement[0].Principal == '*'
|
||||||
|
- output.policy.Statement[0].Resource == 'arn:aws:s3:::{{ resource_prefix }}-testbucket-ansible-complex/*'
|
||||||
|
- output.policy.Statement[0].Sid == 'AddPerm'
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
- name: Update attributes for s3_bucket
|
||||||
|
s3_bucket:
|
||||||
|
name: "{{ resource_prefix }}-testbucket-ansible-complex"
|
||||||
|
state: present
|
||||||
|
policy: "{{ lookup('template','policy.json') }}"
|
||||||
|
requester_pays: no
|
||||||
|
versioning: no
|
||||||
|
tags:
|
||||||
|
example: tag1-udpated
|
||||||
|
another: tag2
|
||||||
|
<<: *aws_connection_info
|
||||||
|
register: output
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- output.changed
|
||||||
|
- output.name == '{{ resource_prefix }}-testbucket-ansible-complex'
|
||||||
|
- not output.requester_pays
|
||||||
|
- output.versioning.MfaDelete == 'Disabled'
|
||||||
|
- output.versioning.Versioning == 'Suspended'
|
||||||
|
- output.tags.example == 'tag1-udpated'
|
||||||
|
- output.tags.another == 'tag2'
|
||||||
|
- output.policy.Statement[0].Action == 's3:GetObject'
|
||||||
|
- output.policy.Statement[0].Effect == 'Allow'
|
||||||
|
- output.policy.Statement[0].Principal == '*'
|
||||||
|
- output.policy.Statement[0].Resource == 'arn:aws:s3:::{{ resource_prefix }}-testbucket-ansible-complex/*'
|
||||||
|
- output.policy.Statement[0].Sid == 'AddPerm'
|
||||||
|
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
- name: Delete s3_bucket
|
||||||
|
s3_bucket:
|
||||||
|
name: "{{ resource_prefix }}-testbucket-ansible-complex"
|
||||||
|
state: absent
|
||||||
|
<<: *aws_connection_info
|
||||||
|
register: output
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- output.changed
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
- name: Create bucket with dot in name
|
||||||
|
s3_bucket:
|
||||||
|
name: "{{ resource_prefix }}.testbucket.ansible"
|
||||||
|
state: present
|
||||||
|
<<: *aws_connection_info
|
||||||
|
register: output
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- output.changed
|
||||||
|
- output.name == '{{ resource_prefix }}.testbucket.ansible'
|
||||||
|
|
||||||
|
- name: Delete s3_bucket
|
||||||
|
s3_bucket:
|
||||||
|
name: "{{ resource_prefix }}.testbucket.ansible"
|
||||||
|
state: absent
|
||||||
|
<<: *aws_connection_info
|
||||||
|
register: output
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- output.changed
|
||||||
|
|
||||||
|
# ============================================================
|
||||||
|
always:
|
||||||
|
- name: Ensure all buckets are deleted
|
||||||
|
s3_bucket:
|
||||||
|
name: "{{item}}"
|
||||||
|
state: absent
|
||||||
|
<<: *aws_connection_info
|
||||||
|
with_items:
|
||||||
|
- "{{ resource_prefix }}-testbucket-ansible"
|
||||||
|
- "{{ resource_prefix }}-testbucket-ansible-complex"
|
||||||
|
- "{{ resource_prefix }}.testbucket.ansible"
|
|
@ -0,0 +1,12 @@
|
||||||
|
{
|
||||||
|
"Version":"2012-10-17",
|
||||||
|
"Statement":[
|
||||||
|
{
|
||||||
|
"Sid":"AddPerm",
|
||||||
|
"Effect":"Deny",
|
||||||
|
"Principal": "*",
|
||||||
|
"Action":["s3:GetObject"],
|
||||||
|
"Resource":["arn:aws:s3:::{{bucket_name}}/*"]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
12
test/integration/targets/s3_bucket/templates/policy.json
Normal file
12
test/integration/targets/s3_bucket/templates/policy.json
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
{
|
||||||
|
"Version":"2012-10-17",
|
||||||
|
"Statement":[
|
||||||
|
{
|
||||||
|
"Sid":"AddPerm",
|
||||||
|
"Effect":"Allow",
|
||||||
|
"Principal": "*",
|
||||||
|
"Action":["s3:GetObject"],
|
||||||
|
"Resource":["arn:aws:s3:::{{bucket_name}}/*"]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
Loading…
Reference in a new issue