ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-24 22:00:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

aws integration tests - provide an IAM policy for running (#24725)

Browse source 
* aws integration tests - provide an IAM policy that can be used for running them

* move documentation of aws policies into main integration testing documentation + some updates there

* Update testing_integration.rst

Edits
This commit is contained in:
Michael De La Rue 2017-05-19 22:37:39 +01:00 committed by scottb
commit e9e661ebbb
3 changed files with 310 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

39
docs/docsite/rst/dev_guide/testing_integration.rst
View file

@ -29,7 +29,9 @@ more information about supported credentials, refer to ``credentials.template``.
Prerequisites
=============
The tests will assume things like hg, svn, and git are installed and in path.
The tests will assume things like hg, svn, and git are installed and in path. Some tests
(such as those for Amazon Web Services) need separate definitions, which will be covered
later in this document.
(Complete list pending)
@ -139,10 +141,38 @@ To test with Python 3 use the following images:
- ubuntu1604py3
Cloud Tests
===========
Legacy Cloud Tests
==================
See the :doc:`testing_integration_legacy` page for more information.
Some of the cloud tests run as normal integration tests, and others run as legacy tests; see the
:doc:`testing_integration_legacy` page for more information.
Other configuration for Cloud Tests
===================================
In order to run some tests, you must provide access credentials in a file named
``cloud-config-aws.yml`` or ``cloud-config-cs.ini`` in the test/integration
directory. Corresponding .template files are available for for syntax help. The newer AWS
tests now use the file test/integration/cloud-config-aws.yml
IAM policies for AWS
====================
Ansible needs fairly wide ranging powers to run the tests in an AWS account. This rights can be provided to a dedicated user. These need to be configured before running the test.
testing-iam-policy.json.j2
--------------------------
The testing-iam-policy.json.j2 file contains a policy which can be given to the user
running the tests to minimize the rights of that user. Please note that while this policy does limit the user to one region, this does not fully restrict the user (primarily due to the limitations of the Amazon ARN notation). The user will still have wide privileges for viewing account definitions, and will also able to manage some resources that are not related to testing (for example, AWS lambdas with different names). Tests should not be run in a primary production account in any case.
Other Definitions required
--------------------------
Apart from installing the policy and giving it to the user identity running the tests, a
lambda role `ansible_integration_tests` has to be created which has lambda basic execution
privileges.
Network Tests
@ -159,7 +189,6 @@ This page details the specifics around testing Ansible Networking modules.
How to do this is explained in the rest of this document.
Network integration tests can be ran by doing::
cd test/integration