[cloud] Create ECS integration test suite (#33757)

Tests for: * ecs_cluster * ecs_service * ecs_service_facts * ecs_taskdefinition * ecs_taskdefinition_facts * Add idempotency testing Test ecs_cluster, ecs_service and ecs_taskdefinition for trivial idempotency. Add FIXMEs to the tests because the latter two fail. Remove unused dependencies
2025-06-22 00:00:22 -07:00 · 2017-12-15 23:15:01 +10:00 · 2017-12-15 23:15:01 +10:00 · 866d7fdce9
commit 866d7fdce9
parent b5318e2c34
9 changed files with 558 additions and 2 deletions
--- a/hacking/aws_config/testing_policies/compute-policy.json
+++ b/hacking/aws_config/testing_policies/compute-policy.json
@ -131,10 +131,14 @@
            "Effect": "Allow",
            "Action": [
                "elasticloadbalancing:ConfigureHealthCheck",
+                "elasticloadbalancing:CreateListener",
                "elasticloadbalancing:CreateLoadBalancer",
                "elasticloadbalancing:CreateLoadBalancerListeners",
+                "elasticloadbalancing:CreateTargetGroup",
+                "elasticloadbalancing:DeleteListener",
                "elasticloadbalancing:DeleteLoadBalancer",
                "elasticloadbalancing:DeleteLoadBalancerListeners",
+                "elasticloadbalancing:DeleteTargetGroup",
                "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
                "elasticloadbalancing:DescribeInstanceHealth",
                "elasticloadbalancing:DescribeLoadBalancerAttributes",
@ -212,14 +216,39 @@
            "Resource": "arn:aws:lambda:{{aws_region}}:{{aws_account}}:function:*"
        },
        {
-            "Sid": "AllowLambdaRoleManagement",
+            "Sid": "AllowRoleManagement",
            "Effect": "Allow",
            "Action": [
                "iam:PassRole"
            ],
            "Resource": [
-                "arn:aws:iam::{{aws_account}}:role/ansible_lambda_role"
+                "arn:aws:iam::{{aws_account}}:role/ansible_lambda_role",
+                "arn:aws:iam::{{aws_account}}:role/ecsInstanceRole",
+                "arn:aws:iam::{{aws_account}}:role/ecsServiceRole"
            ]
+        },
+        {
+          "Sid": "AllowECSManagement",
+          "Effect": "Allow",
+          "Action": [
+            "application-autoscaling:Describe*",
+            "application-autoscaling:PutScalingPolicy",
+            "application-autoscaling:RegisterScalableTarget",
+            "cloudwatch:DescribeAlarms",
+            "cloudwatch:PutMetricAlarm",
+            "ecs:CreateCluster",
+            "ecs:CreateService",
+            "ecs:DeleteCluster",
+            "ecs:DeleteService",
+            "ecs:Describe*",
+            "ecs:DeregisterTaskDefinition",
+            "ecs:List*",
+            "ecs:RegisterTaskDefinition",
+            "ecs:UpdateService"
+          ],
+          "Resource": [
+            "*"
+          ]
        }
    ]
 }
--- a/hacking/aws_config/testing_policies/ecs-policy.json
+++ b/hacking/aws_config/testing_policies/ecs-policy.json
@ -0,0 +1,57 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "UnspecifiedCodeRepositories",
+            "Effect": "Allow",
+            "Action": [
+                "ecr:DescribeRepositories",
+                "ecr:CreateRepository"
+            ],
+            "Resource": "*"
+        },
+        {
+            "Sid": "SpecifiedCodeRepositories",
+            "Effect": "Allow",
+            "Action": [
+                "ecr:GetRepositoryPolicy",
+                "ecr:SetRepositoryPolicy",
+                "ecr:DeleteRepository",
+                "ecr:DeleteRepositoryPolicy",
+                "ecr:DeleteRepositoryPolicy"
+            ],
+            "Resource": [
+                "arn:aws:ecr:{{aws_region}}:{{aws_account}}:repository/ansible-*"
+            ]
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "application-autoscaling:Describe*",
+            "application-autoscaling:PutScalingPolicy",
+            "application-autoscaling:RegisterScalableTarget",
+            "cloudwatch:DescribeAlarms",
+            "cloudwatch:PutMetricAlarm",
+            "ecs:List*",
+            "ecs:Describe*",
+            "ecs:CreateCluster",
+            "ecs:DeleteCluster",
+            "ecs:CreateService",
+            "ecs:UpdateService",
+            "elasticloadbalancing:Describe*",
+            "iam:AttachRolePolicy",
+            "iam:CreateRole",
+            "iam:GetPolicy",
+            "iam:GetPolicyVersion",
+            "iam:GetRole",
+            "iam:ListAttachedRolePolicies",
+            "iam:ListRoles",
+            "iam:ListGroups",
+            "iam:ListUsers"
+          ],
+          "Resource": [
+            "*"
+          ]
+        }
+    ]
+}
--- a/hacking/aws_config/testing_policies/security-policy.json
+++ b/hacking/aws_config/testing_policies/security-policy.json
@ -0,0 +1,22 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Action": [
+                "iam:GetPolicy",
+                "iam:GetPolicyVersion",
+                "iam:GetRole",
+                "iam:ListAttachedRolePolicies",
+                "iam:ListGroups",
+                "iam:ListInstanceProfilesForRole",
+                "iam:ListPolicies",
+                "iam:ListRoles",
+                "iam:ListRolePolicies",
+                "iam:ListUsers"
+            ],
+            "Resource": "*",
+            "Effect": "Allow",
+            "Sid": "AllowReadOnlyIAMUse"
+        }
+    ]
+}