ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-22 12:50:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

[cloud]Add aws_ses_identity_policy module for managing SES sending policies (#36623)

Browse source 
* Add aws_ses_identity_policy module for managing SES sending policies

* Add option to AnsibleAWSModule for applying a retry decorator to all calls.

* Add per-callsite opt in to retry behaviours in AnsibleAWSModule

* Update aws_ses_identity_policy module to opt in to retries at all callsites.

* Add test for aws_ses_identity_policy module with inline policy.

* Remove implicit retrys on boto resources since they're not working yet.
This commit is contained in:
Ed Costello 2018-04-06 07:11:12 +12:00 committed by Ryan Brown
commit 0d31d1cd24
8 changed files with 582 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
test/integration/targets/aws_ses_identity_policy/aliases Normal file
View file

@ -0,0 +1,2 @@
cloud/aws
posix/ci/cloud/group4/aws

3
test/integration/targets/aws_ses_identity_policy/defaults/main.yaml Normal file
View file

@ -0,0 +1,3 @@
---
domain_identity: "{{ resource_prefix }}.example.com"
policy_name: "TestPolicy"

334
test/integration/targets/aws_ses_identity_policy/tasks/main.yaml Normal file
View file

@ -0,0 +1,334 @@
---
# ============================================================
- name: set up aws connection info
set_fact:
aws_connection_info: &aws_connection_info
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token }}"
region: "{{ aws_region }}"
no_log: yes
# ============================================================
- name: test add identity policy
block:
- name: register identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: present
<<: *aws_connection_info
register: identity_info
- name: register identity policy
aws_ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
policy: "{{ lookup('template', 'policy.json.j2') }}"
state: present
<<: *aws_connection_info
register: result
- name: assert result.changed == True
assert:
that:
- result.changed == True
- name: assert result.policies contains only policy
assert:
that:
- result.policies|length == 1
- result.policies|select('equalto', policy_name)|list|length == 1
always:
- name: clean-up identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: absent
<<: *aws_connection_info
# ============================================================
- name: test add duplicate identity policy
block:
- name: register identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: present
<<: *aws_connection_info
register: identity_info
- name: register identity policy
aws_ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
policy: "{{ lookup('template', 'policy.json.j2') }}"
state: present
<<: *aws_connection_info
- name: register duplicate identity policy
aws_ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
policy: "{{ lookup('template', 'policy.json.j2') }}"
state: present
<<: *aws_connection_info
register: result
- name: assert result.changed == False
assert:
that:
- result.changed == False
- name: assert result.policies contains only policy
assert:
that:
- result.policies|length == 1
- result.policies|select('equalto', policy_name)|list|length == 1
always:
- name: clean-up identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: absent
<<: *aws_connection_info
# ============================================================
- name: test add identity policy by identity arn
block:
- name: register identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: present
<<: *aws_connection_info
register: identity_info
- name: register identity policy
aws_ses_identity_policy:
identity: "{{ identity_info.identity_arn }}"
policy_name: "{{ policy_name }}"
policy: "{{ lookup('template', 'policy.json.j2') }}"
state: present
<<: *aws_connection_info
register: result
- name: assert result.changed == True
assert:
that:
- result.changed == True
- name: assert result.policies contains only policy
assert:
that:
- result.policies|length == 1
- result.policies|select('equalto', policy_name)|list|length == 1
always:
- name: clean-up identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: absent
<<: *aws_connection_info
# ============================================================
- name: test add multiple identity policies
block:
- name: register identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: present
<<: *aws_connection_info
register: identity_info
- name: register identity policy
aws_ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}-{{ item }}"
policy: "{{ lookup('template', 'policy.json.j2') }}"
state: present
<<: *aws_connection_info
with_items:
- 1
- 2
register: result
- name: assert result.policies contains policies
assert:
that:
- result.results[1].policies|length == 2
- result.results[1].policies|select('equalto', policy_name + '-1')|list|length == 1
- result.results[1].policies|select('equalto', policy_name + '-2')|list|length == 1
always:
- name: clean-up identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: absent
<<: *aws_connection_info
# ============================================================
- name: test add inline identity policy
block:
- name: register identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: present
<<: *aws_connection_info
register: identity_info
- name: register identity policy
aws_ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
policy:
Id: SampleAuthorizationPolicy
Version: "2012-10-17"
Statement:
- Sid: DenyAll
Effect: Deny
Resource: "{{ identity_info.identity_arn }}"
Principal: "*"
Action: "*"
state: present
<<: *aws_connection_info
register: result
- name: assert result.changed == True
assert:
that:
- result.changed == True
- name: assert result.policies contains only policy
assert:
that:
- result.policies|length == 1
- result.policies|select('equalto', policy_name)|list|length == 1
- name: register duplicate identity policy
aws_ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
policy:
Id: SampleAuthorizationPolicy
Version: "2012-10-17"
Statement:
- Sid: DenyAll
Effect: Deny
Resource: "{{ identity_info.identity_arn }}"
Principal: "*"
Action: "*"
state: present
<<: *aws_connection_info
register: result
- name: assert result.changed == False
assert:
that:
- result.changed == False
always:
- name: clean-up identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: absent
<<: *aws_connection_info
# ============================================================
- name: test remove identity policy
block:
- name: register identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: present
<<: *aws_connection_info
register: identity_info
- name: register identity policy
aws_ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
policy: "{{ lookup('template', 'policy.json.j2') }}"
state: present
<<: *aws_connection_info
- name: delete identity policy
aws_ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
state: absent
<<: *aws_connection_info
register: result
- name: assert result.changed == True
assert:
that:
- result.changed == True
- name: assert result.policies empty
assert:
that:
- result.policies|length == 0
always:
- name: clean-up identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: absent
<<: *aws_connection_info
# ============================================================
- name: test remove missing identity policy
block:
- name: register identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: present
<<: *aws_connection_info
register: identity_info
- name: delete identity policy
aws_ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
state: absent
<<: *aws_connection_info
register: result
- name: assert result.changed == False
assert:
that:
- result.changed == False
- name: assert result.policies empty
assert:
that:
- result.policies|length == 0
always:
- name: clean-up identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: absent
<<: *aws_connection_info
# ============================================================
- name: test add identity policy with invalid policy
block:
- name: register identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: present
<<: *aws_connection_info
register: identity_info
- name: register identity policy
aws_ses_identity_policy:
identity: "{{ domain_identity }}"
policy_name: "{{ policy_name }}"
policy: '{"noSuchAttribute": 2}'
state: present
<<: *aws_connection_info
register: result
failed_when: result.failed == False
- name: assert error.code == InvalidPolicy
assert:
that:
- result.error.code == 'InvalidPolicy'
always:
- name: clean-up identity
aws_ses_identity:
identity: "{{ domain_identity }}"
state: absent
<<: *aws_connection_info

13
test/integration/targets/aws_ses_identity_policy/templates/policy.json.j2 Normal file
View file

@ -0,0 +1,13 @@
{
"Id": "SampleAuthorizationPolicy",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyAll",
"Effect": "Deny",
"Resource": "{{ identity_info.identity_arn }}",
"Principal": "*",
"Action": "*"
}
]
}