Skip to content

Commit

Permalink
adding intergration tests
Browse files Browse the repository at this point in the history
  • Loading branch information
Chirag Choudha committed Jun 21, 2022
1 parent 926ced0 commit 57302d2
Show file tree
Hide file tree
Showing 2 changed files with 95 additions and 0 deletions.
1 change: 1 addition & 0 deletions tests/integration/targets/s3_bucket/inventory
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ complex
dotted
tags
encryption_kms
encryption_bucket_key
encryption_sse
public_access
acl
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
---
- module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:
- set_fact:
local_bucket_name: "{{ bucket_name | hash('md5')}}e-kms"
# ============================================================

- name: 'Create a simple bucket'
s3_bucket:
name: '{{ local_bucket_name }}'
state: present
register: output

- name: 'Enable aws:kms encryption with KMS master key'
s3_bucket:
name: '{{ local_bucket_name }}'
state: present
encryption: "aws:kms"
register: output

- name: 'Enable bucket key for bucket with aws:kms encryption'
s3_bucket:
name: '{{ local_bucket_name }}'
state: present
encryption: "aws:kms"
encryption_bucket_key: true
register: output

- assert:
that:
- output.changed
- output.encryption
- output.encryption.SSEAlgorithm == 'aws:kms'

- name: 'Re-enable bucket key for bucket with aws:kms encryption (idempotent)'
s3_bucket:
name: '{{ local_bucket_name }}'
encryption_bucket_key: true
register: output

- assert:
that:
- not output.changed
- output.encryption
- output.encryption.SSEAlgorithm == 'aws:kms'

# ============================================================

- name: Disable encryption from bucket
s3_bucket:
name: '{{ local_bucket_name }}'
encryption_bucket_key: true
register: output

- assert:
that:
- output.changed
- not output.encryption

- name: Disable encryption from bucket (idempotent)
s3_bucket:
name: '{{ local_bucket_name }}'
encryption_bucket_key: true
register: output

- assert:
that:
- output is not changed
- not output.encryption

# ============================================================

- name: Delete encryption test s3 bucket
s3_bucket:
name: '{{ local_bucket_name }}'
state: absent
register: output

- assert:
that:
- output.changed

# ============================================================
always:
- name: Ensure all buckets are deleted
s3_bucket:
name: '{{ local_bucket_name }}'
state: absent
ignore_errors: yes

0 comments on commit 57302d2

Please sign in to comment.