ansible-collections/google.cloud
1
0
Fork 0
mirror of https://github.com/ansible-collections/google.cloud.git synced 2025-08-10 16:14:27 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #693 from thekad/feature/bucket_policy
Some checks are pending
Run integration tests for the cloud.google collection / integration (stable-2.16) (push) Waiting to run
Details
Run integration tests for the cloud.google collection / integration (stable-2.17) (push) Waiting to run
Details
Run integration tests for the cloud.google collection / integration (stable-2.18) (push) Waiting to run
Details

Browse source 
Add iamConfiguration support to gcp_storage_bucket
This commit is contained in:
Chris Hawk 2025-07-29 15:25:49 -07:00 committed by GitHub
commit 2ed1936ad8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 180 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

86
tests/integration/targets/gcp_storage_bucket/tasks/iam_configuration.yml Normal file
View file

@ -0,0 +1,86 @@
---
- name: Run test cases
block:
# --------------------------------------------------------------------------
- name: Create default bucket
google.cloud.gcp_storage_bucket:
name: "{{ resource_name }}-default"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: present
register: result
- name: Assert changed is true and default values are returned
ansible.builtin.assert:
that:
- result.changed == true
- result.iamConfiguration.publicAccessPrevention == 'inherited'
- result.iamConfiguration.uniformBucketLevelAccess.enabled == false
# --------------------------------------------------------------------------
- name: Create bucket with enforced PAP
google.cloud.gcp_storage_bucket:
name: "{{ resource_name }}-pap"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: present
iam_configuration:
public_access_prevention: enforced
register: result
- name: Assert changed is true and IAM PAP is 'enforced'
ansible.builtin.assert:
that:
- result.changed == true
- result.iamConfiguration.publicAccessPrevention == 'enforced'
# --------------------------------------------------------------------------
- name: Create bucket with UBLA enabled
google.cloud.gcp_storage_bucket:
name: "{{ resource_name }}-ublae"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: present
iam_configuration:
uniform_bucket_level_access:
enabled: true
register: result
- name: Assert changed is true and IAM UBLA is enabled
ansible.builtin.assert:
that:
- result.changed == true
- result.iamConfiguration.uniformBucketLevelAccess.enabled == true
# --------------------------------------------------------------------------
- name: Create bucket with UBLA disabled
google.cloud.gcp_storage_bucket:
name: "{{ resource_name }}-ublad"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: present
iam_configuration:
uniform_bucket_level_access:
enabled: false
register: result
- name: Assert changed is true and IAM UBLA is disabled
ansible.builtin.assert:
that:
- result.changed == true
- result.iamConfiguration.uniformBucketLevelAccess.enabled == false
# --------------------------------------------------------------------------
always:
- name: Clean up buckets
google.cloud.gcp_storage_bucket:
name: "{{ resource_name }}-{{ item }}"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: absent
loop:
- default
- pap
- ublae
- ublad

3
tests/integration/targets/gcp_storage_bucket/tasks/main.yml
View file

@ -1,3 +1,6 @@
---
- name: Generated tests
ansible.builtin.include_tasks: autogen.yml
- name: Tests for IAM Configuration support
ansible.builtin.include_tasks: iam_configuration.yml