diff --git a/changelogs/fragments/migrate_iam_role.yml b/changelogs/fragments/migrate_iam_role.yml new file mode 100644 index 00000000000..9b8110ba7d8 --- /dev/null +++ b/changelogs/fragments/migrate_iam_role.yml @@ -0,0 +1,7 @@ +major_changes: +- iam_role - The module has been migrated from the ``community.aws`` collection. Playbooks + using the Fully Qualified Collection Name for this module should be updated to use + ``amazon.aws.iam_role`` (https://github.com/ansible-collections/amazon.aws/pull/1760). +- iam_role_info - The module has been migrated from the ``community.aws`` collection. + Playbooks using the Fully Qualified Collection Name for this module should be updated + to use ``amazon.aws.iam_role_info`` (https://github.com/ansible-collections/amazon.aws/pull/1760). diff --git a/meta/runtime.yml b/meta/runtime.yml index c627df5be2b..dba31e0079b 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -72,6 +72,8 @@ action_groups: - iam_instance_profile_info - iam_policy - iam_policy_info + - iam_role + - iam_role_info - iam_user - iam_user_info - kms_key @@ -143,4 +145,4 @@ plugin_routing: redirect: amazon.aws.ssm_parameter aws_secret: # Deprecation for this alias should not *start* prior to 2024-09-01 - redirect: amazon.aws.secretsmanager_secret + redirect: amazon.aws.secretsmanager_secret \ No newline at end of file diff --git a/plugins/modules/iam_role.py b/plugins/modules/iam_role.py index b39281e17b9..404e4aa4e5f 100644 --- a/plugins/modules/iam_role.py +++ b/plugins/modules/iam_role.py @@ -8,6 +8,7 @@ --- module: iam_role version_added: 1.0.0 +version_added_collection: community.aws short_description: Manage AWS IAM roles description: - Manage AWS IAM roles. @@ -45,7 +46,7 @@ description: - A list of managed policy ARNs, managed policy ARNs or friendly names. - To remove all policies set I(purge_polices=true) and I(managed_policies=[None]). - - To embed an inline policy, use M(community.aws.iam_policy). + - To embed an inline policy, use M(amazon.aws.iam_policy). aliases: ['managed_policy'] type: list elements: str @@ -100,7 +101,7 @@ # Note: These examples do not set authentication details, see the AWS Guide for details. - name: Create a role with description and tags - community.aws.iam_role: + amazon.aws.iam_role: name: mynewrole assume_role_policy_document: "{{ lookup('file','policy.json') }}" description: This is My New Role @@ -108,20 +109,20 @@ env: dev - name: "Create a role and attach a managed policy called 'PowerUserAccess'" - community.aws.iam_role: + amazon.aws.iam_role: name: mynewrole assume_role_policy_document: "{{ lookup('file','policy.json') }}" managed_policies: - arn:aws:iam::aws:policy/PowerUserAccess - name: Keep the role created above but remove all managed policies - community.aws.iam_role: + amazon.aws.iam_role: name: mynewrole assume_role_policy_document: "{{ lookup('file','policy.json') }}" managed_policies: [] - name: Delete the role - community.aws.iam_role: + amazon.aws.iam_role: name: mynewrole assume_role_policy_document: "{{ lookup('file', 'policy.json') }}" state: absent @@ -232,7 +233,7 @@ from ansible_collections.amazon.aws.plugins.module_utils.tagging import boto3_tag_list_to_ansible_dict from ansible_collections.amazon.aws.plugins.module_utils.tagging import compare_aws_tags -from ansible_collections.community.aws.plugins.module_utils.modules import AnsibleCommunityAWSModule as AnsibleAWSModule +from ansible_collections.amazon.aws.plugins.module_utils.modules import AnsibleAWSModule @AWSRetry.jittered_backoff() @@ -732,7 +733,7 @@ def main(): "All return values other than iam_role and changed have been deprecated and " "will be removed in a release after 2023-12-01.", date="2023-12-01", - collection_name="community.aws", + collection_name="amazon.aws", ) module.deprecate( @@ -741,7 +742,7 @@ def main(): "iam_role.assume_role_policy_document_raw return value already returns the " "policy document in this future format.", date="2023-12-01", - collection_name="community.aws", + collection_name="amazon.aws", ) if module.params.get("boundary"): diff --git a/plugins/modules/iam_role_info.py b/plugins/modules/iam_role_info.py index d23754d90a0..b87a281287f 100644 --- a/plugins/modules/iam_role_info.py +++ b/plugins/modules/iam_role_info.py @@ -8,6 +8,7 @@ --- module: iam_role_info version_added: 1.0.0 +version_added_collection: community.aws short_description: Gather information on IAM roles description: - Gathers information about IAM roles. @@ -34,15 +35,15 @@ EXAMPLES = r""" - name: find all existing IAM roles - community.aws.iam_role_info: + amazon.aws.iam_role_info: register: result - name: describe a single role - community.aws.iam_role_info: + amazon.aws.iam_role_info: name: MyIAMRole - name: describe all roles matching a path prefix - community.aws.iam_role_info: + amazon.aws.iam_role_info: path_prefix: /application/path """ @@ -163,7 +164,7 @@ from ansible_collections.amazon.aws.plugins.module_utils.retries import AWSRetry from ansible_collections.amazon.aws.plugins.module_utils.tagging import boto3_tag_list_to_ansible_dict -from ansible_collections.community.aws.plugins.module_utils.modules import AnsibleCommunityAWSModule as AnsibleAWSModule +from ansible_collections.amazon.aws.plugins.module_utils.modules import AnsibleAWSModule @AWSRetry.jittered_backoff() @@ -278,7 +279,7 @@ def main(): ".assume_role_policy_document_raw return value already returns the " "policy document in this future format.", date="2023-12-01", - collection_name="community.aws", + collection_name="amazon.aws", ) module.exit_json(changed=False, iam_roles=describe_iam_roles(module, client)) diff --git a/tests/integration/targets/iam_role/defaults/main.yml b/tests/integration/targets/iam_role/defaults/main.yml index d496c421636..e83a563990b 100644 --- a/tests/integration/targets/iam_role/defaults/main.yml +++ b/tests/integration/targets/iam_role/defaults/main.yml @@ -1,6 +1,5 @@ ---- test_role: '{{ resource_prefix }}-role' -test_path: '/{{ resource_prefix }}/' -safe_managed_policy: 'AWSDenyAll' +test_path: /{{ resource_prefix }}/ +safe_managed_policy: AWSDenyAll custom_policy_name: '{{ resource_prefix }}-denyall' -boundary_policy: 'arn:aws:iam::aws:policy/AWSDenyAll' +boundary_policy: arn:aws:iam::aws:policy/AWSDenyAll diff --git a/tests/integration/targets/iam_role/tasks/boundary_policy.yml b/tests/integration/targets/iam_role/tasks/boundary_policy.yml index 89a983f1564..818b701f1ef 100644 --- a/tests/integration/targets/iam_role/tasks/boundary_policy.yml +++ b/tests/integration/targets/iam_role/tasks/boundary_policy.yml @@ -1,94 +1,86 @@ ---- -- name: "Create minimal role with no boundary policy" +- name: Create minimal role with no boundary policy iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' create_instance_profile: no register: iam_role - - assert: that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role + - iam_role is changed + - iam_role.iam_role.role_name == test_role -- name: "Configure Boundary Policy (CHECK MODE)" +- name: Configure Boundary Policy (CHECK MODE) iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' create_instance_profile: no - boundary: "{{ boundary_policy }}" + boundary: '{{ boundary_policy }}' check_mode: yes register: iam_role - - assert: that: - - iam_role is changed + - iam_role is changed -- name: "Configure Boundary Policy" +- name: Configure Boundary Policy iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' create_instance_profile: no - boundary: "{{ boundary_policy }}" + boundary: '{{ boundary_policy }}' register: iam_role - - assert: that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role + - iam_role is changed + - iam_role.iam_role.role_name == test_role -- name: "Configure Boundary Policy (no change) - check mode" +- name: Configure Boundary Policy (no change) - check mode iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' create_instance_profile: no - boundary: "{{ boundary_policy }}" + boundary: '{{ boundary_policy }}' register: iam_role check_mode: yes - - assert: that: - - iam_role is not changed + - iam_role is not changed -- name: "Configure Boundary Policy (no change)" +- name: Configure Boundary Policy (no change) iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' create_instance_profile: no - boundary: "{{ boundary_policy }}" + boundary: '{{ boundary_policy }}' register: iam_role - - assert: that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role + - iam_role is not changed + - iam_role.iam_role.role_name == test_role -- name: "iam_role_info after adding boundary policy" +- name: iam_role_info after adding boundary policy iam_role_info: - name: "{{ test_role }}" + name: '{{ test_role }}' register: role_info - - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - '"description" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 0 - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 3600 - - role_info.iam_roles[0].path == '/' - - role_info.iam_roles[0].permissions_boundary.permissions_boundary_arn == boundary_policy - - role_info.iam_roles[0].permissions_boundary.permissions_boundary_type == 'Policy' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role + - role_info is succeeded + - role_info.iam_roles | length == 1 + - role_info.iam_roles[0].arn.startswith("arn") + - role_info.iam_roles[0].arn.endswith("role/" + test_role ) + - '"assume_role_policy_document" in role_info.iam_roles[0]' + - '"create_date" in role_info.iam_roles[0]' + - '"description" not in role_info.iam_roles[0]' + - role_info.iam_roles[0].inline_policies | length == 0 + - role_info.iam_roles[0].instance_profiles | length == 0 + - role_info.iam_roles[0].managed_policies | length == 0 + - role_info.iam_roles[0].max_session_duration == 3600 + - role_info.iam_roles[0].path == '/' + - role_info.iam_roles[0].permissions_boundary.permissions_boundary_arn == boundary_policy + - role_info.iam_roles[0].permissions_boundary.permissions_boundary_type == 'Policy' + - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id + - role_info.iam_roles[0].role_name == test_role -- name: "Remove IAM Role" +- name: Remove IAM Role iam_role: state: absent - name: "{{ test_role }}" + name: '{{ test_role }}' delete_instance_profile: yes register: iam_role - - assert: that: - - iam_role is changed \ No newline at end of file + - iam_role is changed diff --git a/tests/integration/targets/iam_role/tasks/complex_role_creation.yml b/tests/integration/targets/iam_role/tasks/complex_role_creation.yml index c23234ebf1f..59db5d156fe 100644 --- a/tests/integration/targets/iam_role/tasks/complex_role_creation.yml +++ b/tests/integration/targets/iam_role/tasks/complex_role_creation.yml @@ -1,131 +1,128 @@ ---- -- name: "Complex IAM Role (CHECK MODE)" +- name: Complex IAM Role (CHECK MODE) iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' assume_role_policy_document: '{{ lookup("file", "deny-assume.json") }}' - boundary: "{{ boundary_policy }}" + boundary: '{{ boundary_policy }}' create_instance_profile: no - description: "Ansible Test Role {{ resource_prefix }}" + description: Ansible Test Role {{ resource_prefix }} managed_policy: - - "{{ safe_managed_policy }}" - - "{{ custom_policy_name }}" + - '{{ safe_managed_policy }}' + - '{{ custom_policy_name }}' max_session_duration: 43200 - path: "{{ test_path }}" + path: '{{ test_path }}' tags: - TagA: "ValueA" + TagA: ValueA check_mode: yes register: iam_role - - assert: that: - - iam_role is changed + - iam_role is changed -- name: "iam_role_info after Complex Role creation in check_mode" +- name: iam_role_info after Complex Role creation in check_mode iam_role_info: - name: "{{ test_role }}" + name: '{{ test_role }}' register: role_info - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 0 + - role_info is succeeded + - role_info.iam_roles | length == 0 -- name: "Complex IAM Role" +- name: Complex IAM Role iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' assume_role_policy_document: '{{ lookup("file", "deny-assume.json") }}' - boundary: "{{ boundary_policy }}" + boundary: '{{ boundary_policy }}' create_instance_profile: no - description: "Ansible Test Role {{ resource_prefix }}" + description: Ansible Test Role {{ resource_prefix }} managed_policy: - - "{{ safe_managed_policy }}" - - "{{ custom_policy_name }}" + - '{{ safe_managed_policy }}' + - '{{ custom_policy_name }}' max_session_duration: 43200 - path: "{{ test_path }}" + path: '{{ test_path }}' tags: - TagA: "ValueA" + TagA: ValueA register: iam_role - - assert: that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - - 'iam_role.iam_role.arn.startswith("arn")' - - 'iam_role.iam_role.arn.endswith("role" + test_path + test_role )' + - iam_role is changed + - iam_role.iam_role.role_name == test_role + - iam_role.iam_role.arn.startswith("arn") + - iam_role.iam_role.arn.endswith("role" + test_path + test_role ) # Would be nice to test the contents... - - '"assume_role_policy_document" in iam_role.iam_role' - - iam_role.iam_role.attached_policies | length == 2 - - iam_role.iam_role.max_session_duration == 43200 - - iam_role.iam_role.path == test_path - - iam_role.iam_role.role_name == test_role - - '"create_date" in iam_role.iam_role' - - '"role_id" in iam_role.iam_role' + - '"assume_role_policy_document" in iam_role.iam_role' + - iam_role.iam_role.attached_policies | length == 2 + - iam_role.iam_role.max_session_duration == 43200 + - iam_role.iam_role.path == test_path + - iam_role.iam_role.role_name == test_role + - '"create_date" in iam_role.iam_role' + - '"role_id" in iam_role.iam_role' -- name: "Complex IAM role (no change) - check mode" +- name: Complex IAM role (no change) - check mode iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' assume_role_policy_document: '{{ lookup("file", "deny-assume.json") }}' - boundary: "{{ boundary_policy }}" + boundary: '{{ boundary_policy }}' create_instance_profile: no - description: "Ansible Test Role {{ resource_prefix }}" + description: Ansible Test Role {{ resource_prefix }} managed_policy: - - "{{ safe_managed_policy }}" - - "{{ custom_policy_name }}" + - '{{ safe_managed_policy }}' + - '{{ custom_policy_name }}' max_session_duration: 43200 - path: "{{ test_path }}" + path: '{{ test_path }}' tags: - TagA: "ValueA" + TagA: ValueA register: iam_role check_mode: yes - - assert: that: - - iam_role is not changed + - iam_role is not changed -- name: "Complex IAM role (no change)" +- name: Complex IAM role (no change) iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' assume_role_policy_document: '{{ lookup("file", "deny-assume.json") }}' - boundary: "{{ boundary_policy }}" + boundary: '{{ boundary_policy }}' create_instance_profile: no - description: "Ansible Test Role {{ resource_prefix }}" + description: Ansible Test Role {{ resource_prefix }} managed_policy: - - "{{ safe_managed_policy }}" - - "{{ custom_policy_name }}" + - '{{ safe_managed_policy }}' + - '{{ custom_policy_name }}' max_session_duration: 43200 - path: "{{ test_path }}" + path: '{{ test_path }}' tags: - TagA: "ValueA" + TagA: ValueA register: iam_role - - assert: that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role + - iam_role is not changed + - iam_role.iam_role.role_name == test_role -- name: "iam_role_info after Role creation" +- name: iam_role_info after Role creation iam_role_info: - name: "{{ test_role }}" + name: '{{ test_role }}' register: role_info - - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role" + test_path + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - 'role_info.iam_roles[0].description == "Ansible Test Role {{ resource_prefix }}"' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 0 - - role_info.iam_roles[0].managed_policies | length == 2 - - safe_managed_policy in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten ) - - custom_policy_name in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten ) - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == test_path - - role_info.iam_roles[0].permissions_boundary.permissions_boundary_arn == boundary_policy - - role_info.iam_roles[0].permissions_boundary.permissions_boundary_type == 'Policy' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - '"TagA" in role_info.iam_roles[0].tags' - - role_info.iam_roles[0].tags.TagA == "ValueA" + - role_info is succeeded + - role_info.iam_roles | length == 1 + - role_info.iam_roles[0].arn.startswith("arn") + - role_info.iam_roles[0].arn.endswith("role" + test_path + test_role ) + - '"assume_role_policy_document" in role_info.iam_roles[0]' + - '"create_date" in role_info.iam_roles[0]' + - role_info.iam_roles[0].description == "Ansible Test Role {{ resource_prefix + }}" + - role_info.iam_roles[0].inline_policies | length == 0 + - role_info.iam_roles[0].instance_profiles | length == 0 + - role_info.iam_roles[0].managed_policies | length == 2 + - safe_managed_policy in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") + | list | flatten ) + - custom_policy_name in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") + | list | flatten ) + - role_info.iam_roles[0].max_session_duration == 43200 + - role_info.iam_roles[0].path == test_path + - role_info.iam_roles[0].permissions_boundary.permissions_boundary_arn == boundary_policy + - role_info.iam_roles[0].permissions_boundary.permissions_boundary_type == 'Policy' + - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id + - role_info.iam_roles[0].role_name == test_role + - '"TagA" in role_info.iam_roles[0].tags' + - role_info.iam_roles[0].tags.TagA == "ValueA" diff --git a/tests/integration/targets/iam_role/tasks/creation_deletion.yml b/tests/integration/targets/iam_role/tasks/creation_deletion.yml index 0579a6d3430..166c7f1236e 100644 --- a/tests/integration/targets/iam_role/tasks/creation_deletion.yml +++ b/tests/integration/targets/iam_role/tasks/creation_deletion.yml @@ -1,404 +1,376 @@ ---- - name: Try running some rapid fire create/delete tests block: - - name: "Minimal IAM Role without instance profile (rapid)" - iam_role: - name: "{{ test_role }}" - create_instance_profile: no - register: iam_role - - - name: "Minimal IAM Role without instance profile (rapid)" - iam_role: - name: "{{ test_role }}" - create_instance_profile: no - register: iam_role_again - - - assert: - that: - - iam_role is changed - - iam_role_again is not changed - - - name: "Remove IAM Role (rapid)" - iam_role: - state: absent - name: "{{ test_role }}" - register: iam_role - - - name: "Remove IAM Role (rapid)" - iam_role: - state: absent - name: "{{ test_role }}" - register: iam_role_again - - - assert: - that: - - iam_role is changed - - iam_role_again is not changed - - - name: "Minimal IAM Role without instance profile (rapid)" - iam_role: - name: "{{ test_role }}" - create_instance_profile: no - register: iam_role - - - name: "Remove IAM Role (rapid)" - iam_role: - state: absent - name: "{{ test_role }}" - - register: iam_role_again - - assert: - that: - - iam_role is changed - - iam_role_again is changed + - name: Minimal IAM Role without instance profile (rapid) + iam_role: + name: '{{ test_role }}' + create_instance_profile: no + register: iam_role + - name: Minimal IAM Role without instance profile (rapid) + iam_role: + name: '{{ test_role }}' + create_instance_profile: no + register: iam_role_again + - assert: + that: + - iam_role is changed + - iam_role_again is not changed + + - name: Remove IAM Role (rapid) + iam_role: + state: absent + name: '{{ test_role }}' + register: iam_role + - name: Remove IAM Role (rapid) + iam_role: + state: absent + name: '{{ test_role }}' + register: iam_role_again + - assert: + that: + - iam_role is changed + - iam_role_again is not changed + + - name: Minimal IAM Role without instance profile (rapid) + iam_role: + name: '{{ test_role }}' + create_instance_profile: no + register: iam_role + - name: Remove IAM Role (rapid) + iam_role: + state: absent + name: '{{ test_role }}' + register: iam_role_again + - assert: + that: + - iam_role is changed + - iam_role_again is changed # =================================================================== # Role Creation # (without Instance profile) -- name: "iam_role_info before Role creation (no args)" +- name: iam_role_info before Role creation (no args) iam_role_info: register: role_info - - assert: that: - - role_info is succeeded + - role_info is succeeded -- name: "iam_role_info before Role creation (search for test role)" +- name: iam_role_info before Role creation (search for test role) iam_role_info: - name: "{{ test_role }}" + name: '{{ test_role }}' register: role_info - - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 0 + - role_info is succeeded + - role_info.iam_roles | length == 0 -- name: "Minimal IAM Role (CHECK MODE)" +- name: Minimal IAM Role (CHECK MODE) iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' create_instance_profile: no register: iam_role check_mode: yes - - assert: that: - - iam_role is changed + - iam_role is changed -- name: "iam_role_info after Role creation in check_mode" +- name: iam_role_info after Role creation in check_mode iam_role_info: - name: "{{ test_role }}" + name: '{{ test_role }}' register: role_info - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 0 + - role_info is succeeded + - role_info.iam_roles | length == 0 -- name: "Minimal IAM Role without instance profile" +- name: Minimal IAM Role without instance profile iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' create_instance_profile: no register: iam_role - - assert: that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - - 'iam_role.iam_role.arn.startswith("arn")' - - 'iam_role.iam_role.arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in iam_role.iam_role' - - '"assume_role_policy_document_raw" in iam_role.iam_role' - - iam_role.iam_role.assume_role_policy_document_raw == assume_deny_policy - - iam_role.iam_role.attached_policies | length == 0 - - iam_role.iam_role.max_session_duration == 3600 - - iam_role.iam_role.path == '/' - - iam_role.iam_role.role_name == test_role - - '"create_date" in iam_role.iam_role' - - '"role_id" in iam_role.iam_role' - -- name: "Minimal IAM Role without instance profile (no change) - check mode" + - iam_role is changed + - iam_role.iam_role.role_name == test_role + - iam_role.iam_role.arn.startswith("arn") + - iam_role.iam_role.arn.endswith("role/" + test_role ) + - '"assume_role_policy_document" in iam_role.iam_role' + - '"assume_role_policy_document_raw" in iam_role.iam_role' + - iam_role.iam_role.assume_role_policy_document_raw == assume_deny_policy + - iam_role.iam_role.attached_policies | length == 0 + - iam_role.iam_role.max_session_duration == 3600 + - iam_role.iam_role.path == '/' + - iam_role.iam_role.role_name == test_role + - '"create_date" in iam_role.iam_role' + - '"role_id" in iam_role.iam_role' + +- name: Minimal IAM Role without instance profile (no change) - check mode iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' create_instance_profile: no register: iam_role check_mode: yes - - assert: that: - - iam_role is not changed + - iam_role is not changed -- name: "Minimal IAM Role without instance profile (no change)" +- name: Minimal IAM Role without instance profile (no change) iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' create_instance_profile: no register: iam_role - - assert: that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role + - iam_role is not changed + - iam_role.iam_role.role_name == test_role -- name: "iam_role_info after Role creation" +- name: iam_role_info after Role creation iam_role_info: - name: "{{ test_role }}" + name: '{{ test_role }}' register: role_info - - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"assume_role_policy_document_raw" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - '"description" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].assume_role_policy_document_raw == assume_deny_policy - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 0 - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 3600 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 0 - -- name: "Remove IAM Role" + - role_info is succeeded + - role_info.iam_roles | length == 1 + - role_info.iam_roles[0].arn.startswith("arn") + - role_info.iam_roles[0].arn.endswith("role/" + test_role ) + - '"assume_role_policy_document" in role_info.iam_roles[0]' + - '"assume_role_policy_document_raw" in role_info.iam_roles[0]' + - '"create_date" in role_info.iam_roles[0]' + - '"description" not in role_info.iam_roles[0]' + - role_info.iam_roles[0].assume_role_policy_document_raw == assume_deny_policy + - role_info.iam_roles[0].inline_policies | length == 0 + - role_info.iam_roles[0].instance_profiles | length == 0 + - role_info.iam_roles[0].managed_policies | length == 0 + - role_info.iam_roles[0].max_session_duration == 3600 + - role_info.iam_roles[0].path == '/' + - '"permissions_boundary" not in role_info.iam_roles[0]' + - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id + - role_info.iam_roles[0].role_name == test_role + - role_info.iam_roles[0].tags | length == 0 + +- name: Remove IAM Role iam_role: state: absent - name: "{{ test_role }}" + name: '{{ test_role }}' delete_instance_profile: yes register: iam_role - - assert: that: - - iam_role is changed + - iam_role is changed -- name: "iam_role_info after Role deletion" +- name: iam_role_info after Role deletion iam_role_info: - name: "{{ test_role }}" + name: '{{ test_role }}' register: role_info - - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 0 + - role_info is succeeded + - role_info.iam_roles | length == 0 # ------------------------------------------------------------------------------------------ # (with path) -- name: "Minimal IAM Role with path (CHECK MODE)" +- name: Minimal IAM Role with path (CHECK MODE) iam_role: - name: "{{ test_role }}" - path: "{{ test_path }}" + name: '{{ test_role }}' + path: '{{ test_path }}' register: iam_role check_mode: yes - - assert: that: - - iam_role is changed + - iam_role is changed -- name: "Minimal IAM Role with path" +- name: Minimal IAM Role with path iam_role: - name: "{{ test_role }}" - path: "{{ test_path }}" + name: '{{ test_role }}' + path: '{{ test_path }}' register: iam_role - - assert: that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - - 'iam_role.iam_role.arn.startswith("arn")' - - 'iam_role.iam_role.arn.endswith("role" + test_path + test_role )' + - iam_role is changed + - iam_role.iam_role.role_name == test_role + - iam_role.iam_role.arn.startswith("arn") + - iam_role.iam_role.arn.endswith("role" + test_path + test_role ) # Would be nice to test the contents... - - '"assume_role_policy_document" in iam_role.iam_role' - - iam_role.iam_role.attached_policies | length == 0 - - iam_role.iam_role.max_session_duration == 3600 - - iam_role.iam_role.path == '{{ test_path }}' - - iam_role.iam_role.role_name == test_role - - '"create_date" in iam_role.iam_role' - - '"role_id" in iam_role.iam_role' - -- name: "Minimal IAM Role with path (no change) - check mode" + - '"assume_role_policy_document" in iam_role.iam_role' + - iam_role.iam_role.attached_policies | length == 0 + - iam_role.iam_role.max_session_duration == 3600 + - iam_role.iam_role.path == '{{ test_path }}' + - iam_role.iam_role.role_name == test_role + - '"create_date" in iam_role.iam_role' + - '"role_id" in iam_role.iam_role' + +- name: Minimal IAM Role with path (no change) - check mode iam_role: - name: "{{ test_role }}" - path: "{{ test_path }}" + name: '{{ test_role }}' + path: '{{ test_path }}' register: iam_role check_mode: yes - - assert: that: - - iam_role is not changed + - iam_role is not changed -- name: "Minimal IAM Role with path (no change)" +- name: Minimal IAM Role with path (no change) iam_role: - name: "{{ test_role }}" - path: "{{ test_path }}" + name: '{{ test_role }}' + path: '{{ test_path }}' register: iam_role - - assert: that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role + - iam_role is not changed + - iam_role.iam_role.role_name == test_role -- name: "iam_role_info after Role creation" +- name: iam_role_info after Role creation iam_role_info: - name: "{{ test_role }}" + name: '{{ test_role }}' register: role_info - - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role" + test_path + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - '"description" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile" + test_path + test_role)' - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 3600 - - role_info.iam_roles[0].path == '{{ test_path }}' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 0 - -- name: "iam_role_info after Role creation (searching a path)" + - role_info is succeeded + - role_info.iam_roles | length == 1 + - role_info.iam_roles[0].arn.startswith("arn") + - role_info.iam_roles[0].arn.endswith("role" + test_path + test_role ) + - '"assume_role_policy_document" in role_info.iam_roles[0]' + - '"create_date" in role_info.iam_roles[0]' + - '"description" not in role_info.iam_roles[0]' + - role_info.iam_roles[0].inline_policies | length == 0 + - role_info.iam_roles[0].instance_profiles | length == 1 + - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role + - role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn") + - role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile" + + test_path + test_role) + - role_info.iam_roles[0].managed_policies | length == 0 + - role_info.iam_roles[0].max_session_duration == 3600 + - role_info.iam_roles[0].path == '{{ test_path }}' + - '"permissions_boundary" not in role_info.iam_roles[0]' + - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id + - role_info.iam_roles[0].role_name == test_role + - role_info.iam_roles[0].tags | length == 0 + +- name: iam_role_info after Role creation (searching a path) iam_role_info: - path_prefix: "{{ test_path }}" + path_prefix: '{{ test_path }}' register: role_info - - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role" + test_path + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - '"description" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile" + test_path + test_role)' - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 3600 - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].path == '{{ test_path }}' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 0 - -- name: "Remove IAM Role" + - role_info is succeeded + - role_info.iam_roles | length == 1 + - role_info.iam_roles[0].arn.startswith("arn") + - role_info.iam_roles[0].arn.endswith("role" + test_path + test_role ) + - '"assume_role_policy_document" in role_info.iam_roles[0]' + - '"create_date" in role_info.iam_roles[0]' + - '"description" not in role_info.iam_roles[0]' + - role_info.iam_roles[0].inline_policies | length == 0 + - role_info.iam_roles[0].instance_profiles | length == 1 + - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role + - role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn") + - role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile" + + test_path + test_role) + - role_info.iam_roles[0].managed_policies | length == 0 + - role_info.iam_roles[0].max_session_duration == 3600 + - '"permissions_boundary" not in role_info.iam_roles[0]' + - role_info.iam_roles[0].path == '{{ test_path }}' + - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id + - role_info.iam_roles[0].role_name == test_role + - role_info.iam_roles[0].tags | length == 0 + +- name: Remove IAM Role iam_role: state: absent - name: "{{ test_role }}" - path: "{{ test_path }}" - # If we don't delete the existing profile it'll be reused (with the path) - # by the test below. + name: '{{ test_role }}' + path: '{{ test_path }}' delete_instance_profile: yes register: iam_role - - assert: that: - - iam_role is changed + - iam_role is changed -- name: "iam_role_info after Role deletion" +- name: iam_role_info after Role deletion iam_role_info: - name: "{{ test_role }}" + name: '{{ test_role }}' register: role_info - - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 0 + - role_info is succeeded + - role_info.iam_roles | length == 0 # ------------------------------------------------------------------------------------------ # (with Instance profile) -- name: "Minimal IAM Role with instance profile - check mode" +- name: Minimal IAM Role with instance profile - check mode iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' create_instance_profile: yes register: iam_role check_mode: yes - - assert: that: - - iam_role is changed + - iam_role is changed -- name: "Minimal IAM Role with instance profile" +- name: Minimal IAM Role with instance profile iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' create_instance_profile: yes register: iam_role - - assert: that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - - 'iam_role.iam_role.arn.startswith("arn")' - - 'iam_role.iam_role.arn.endswith("role/" + test_role )' + - iam_role is changed + - iam_role.iam_role.role_name == test_role + - iam_role.iam_role.arn.startswith("arn") + - iam_role.iam_role.arn.endswith("role/" + test_role ) # Would be nice to test the contents... - - '"assume_role_policy_document" in iam_role.iam_role' - - iam_role.iam_role.attached_policies | length == 0 - - iam_role.iam_role.max_session_duration == 3600 - - iam_role.iam_role.path == '/' - - iam_role.iam_role.role_name == test_role - - '"create_date" in iam_role.iam_role' - - '"role_id" in iam_role.iam_role' - -- name: "Minimal IAM Role wth instance profile (no change) - check mode" + - '"assume_role_policy_document" in iam_role.iam_role' + - iam_role.iam_role.attached_policies | length == 0 + - iam_role.iam_role.max_session_duration == 3600 + - iam_role.iam_role.path == '/' + - iam_role.iam_role.role_name == test_role + - '"create_date" in iam_role.iam_role' + - '"role_id" in iam_role.iam_role' + +- name: Minimal IAM Role wth instance profile (no change) - check mode iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' create_instance_profile: yes register: iam_role check_mode: yes - - assert: that: - - iam_role is not changed + - iam_role is not changed -- name: "Minimal IAM Role wth instance profile (no change)" +- name: Minimal IAM Role wth instance profile (no change) iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' create_instance_profile: yes register: iam_role - - assert: that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role + - iam_role is not changed + - iam_role.iam_role.role_name == test_role -- name: "iam_role_info after Role creation" +- name: iam_role_info after Role creation iam_role_info: - name: "{{ test_role }}" + name: '{{ test_role }}' register: role_info - - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - '"description" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 3600 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 0 + - role_info is succeeded + - role_info.iam_roles | length == 1 + - role_info.iam_roles[0].arn.startswith("arn") + - role_info.iam_roles[0].arn.endswith("role/" + test_role ) + - '"assume_role_policy_document" in role_info.iam_roles[0]' + - '"create_date" in role_info.iam_roles[0]' + - '"description" not in role_info.iam_roles[0]' + - role_info.iam_roles[0].inline_policies | length == 0 + - role_info.iam_roles[0].instance_profiles | length == 1 + - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role + - role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn") + - role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + + test_role) + - role_info.iam_roles[0].managed_policies | length == 0 + - role_info.iam_roles[0].max_session_duration == 3600 + - role_info.iam_roles[0].path == '/' + - '"permissions_boundary" not in role_info.iam_roles[0]' + - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id + - role_info.iam_roles[0].role_name == test_role + - role_info.iam_roles[0].tags | length == 0 diff --git a/tests/integration/targets/iam_role/tasks/description_update.yml b/tests/integration/targets/iam_role/tasks/description_update.yml index 85f5e1f56a3..198104134fb 100644 --- a/tests/integration/targets/iam_role/tasks/description_update.yml +++ b/tests/integration/targets/iam_role/tasks/description_update.yml @@ -1,148 +1,143 @@ ---- -- name: "Add Description (CHECK MODE)" +- name: Add Description (CHECK MODE) iam_role: - name: "{{ test_role }}" - description: "Ansible Test Role {{ resource_prefix }}" + name: '{{ test_role }}' + description: Ansible Test Role {{ resource_prefix }} check_mode: yes register: iam_role - - assert: that: - - iam_role is changed + - iam_role is changed -- name: "Add Description" +- name: Add Description iam_role: - name: "{{ test_role }}" - description: "Ansible Test Role {{ resource_prefix }}" + name: '{{ test_role }}' + description: Ansible Test Role {{ resource_prefix }} register: iam_role - - assert: that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - - iam_role.iam_role.description == 'Ansible Test Role {{ resource_prefix }}' + - iam_role is changed + - iam_role.iam_role.role_name == test_role + - iam_role.iam_role.description == 'Ansible Test Role {{ resource_prefix }}' -- name: "Add Description (no change) - check mode" +- name: Add Description (no change) - check mode iam_role: - name: "{{ test_role }}" - description: "Ansible Test Role {{ resource_prefix }}" + name: '{{ test_role }}' + description: Ansible Test Role {{ resource_prefix }} register: iam_role check_mode: yes - - assert: that: - - iam_role is not changed + - iam_role is not changed -- name: "Add Description (no change)" +- name: Add Description (no change) iam_role: - name: "{{ test_role }}" - description: "Ansible Test Role {{ resource_prefix }}" + name: '{{ test_role }}' + description: Ansible Test Role {{ resource_prefix }} register: iam_role - - assert: that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role - - iam_role.iam_role.description == 'Ansible Test Role {{ resource_prefix }}' + - iam_role is not changed + - iam_role.iam_role.role_name == test_role + - iam_role.iam_role.description == 'Ansible Test Role {{ resource_prefix }}' -- name: "iam_role_info after adding Description" +- name: iam_role_info after adding Description iam_role_info: - name: "{{ test_role }}" + name: '{{ test_role }}' register: role_info - - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - 'role_info.iam_roles[0].description == "Ansible Test Role {{ resource_prefix }}"' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 0 + - role_info is succeeded + - role_info.iam_roles | length == 1 + - role_info.iam_roles[0].arn.startswith("arn") + - role_info.iam_roles[0].arn.endswith("role/" + test_role ) + - '"assume_role_policy_document" in role_info.iam_roles[0]' + - '"create_date" in role_info.iam_roles[0]' + - role_info.iam_roles[0].description == "Ansible Test Role {{ resource_prefix + }}" + - role_info.iam_roles[0].inline_policies | length == 0 + - role_info.iam_roles[0].instance_profiles | length == 1 + - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role + - role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn") + - role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + + test_role) + - role_info.iam_roles[0].managed_policies | length == 0 + - role_info.iam_roles[0].max_session_duration == 43200 + - role_info.iam_roles[0].path == '/' + - '"permissions_boundary" not in role_info.iam_roles[0]' + - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id + - role_info.iam_roles[0].role_name == test_role + - role_info.iam_roles[0].tags | length == 0 # ------------------------------------------------------------------------------------------ -- name: "Update Description (CHECK MODE)" +- name: Update Description (CHECK MODE) iam_role: - name: "{{ test_role }}" - description: "Ansible Test Role (updated) {{ resource_prefix }}" + name: '{{ test_role }}' + description: Ansible Test Role (updated) {{ resource_prefix }} check_mode: yes register: iam_role - - assert: that: - - iam_role is changed + - iam_role is changed -- name: "Update Description" +- name: Update Description iam_role: - name: "{{ test_role }}" - description: "Ansible Test Role (updated) {{ resource_prefix }}" + name: '{{ test_role }}' + description: Ansible Test Role (updated) {{ resource_prefix }} register: iam_role - - assert: that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - - iam_role.iam_role.description == 'Ansible Test Role (updated) {{ resource_prefix }}' + - iam_role is changed + - iam_role.iam_role.role_name == test_role + - iam_role.iam_role.description == 'Ansible Test Role (updated) {{ resource_prefix + }}' -- name: "Update Description (no change) - check mode" +- name: Update Description (no change) - check mode iam_role: - name: "{{ test_role }}" - description: "Ansible Test Role (updated) {{ resource_prefix }}" + name: '{{ test_role }}' + description: Ansible Test Role (updated) {{ resource_prefix }} register: iam_role check_mode: yes - - assert: that: - - iam_role is not changed + - iam_role is not changed -- name: "Update Description (no change)" +- name: Update Description (no change) iam_role: - name: "{{ test_role }}" - description: "Ansible Test Role (updated) {{ resource_prefix }}" + name: '{{ test_role }}' + description: Ansible Test Role (updated) {{ resource_prefix }} register: iam_role - - assert: that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role - - iam_role.iam_role.description == 'Ansible Test Role (updated) {{ resource_prefix }}' + - iam_role is not changed + - iam_role.iam_role.role_name == test_role + - iam_role.iam_role.description == 'Ansible Test Role (updated) {{ resource_prefix + }}' -- name: "iam_role_info after updating Description" +- name: iam_role_info after updating Description iam_role_info: - name: "{{ test_role }}" + name: '{{ test_role }}' register: role_info - - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 0 + - role_info is succeeded + - role_info.iam_roles | length == 1 + - role_info.iam_roles[0].arn.startswith("arn") + - role_info.iam_roles[0].arn.endswith("role/" + test_role ) + - '"assume_role_policy_document" in role_info.iam_roles[0]' + - '"create_date" in role_info.iam_roles[0]' + - role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix + }}" + - role_info.iam_roles[0].inline_policies | length == 0 + - role_info.iam_roles[0].instance_profiles | length == 1 + - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role + - role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn") + - role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + + test_role) + - role_info.iam_roles[0].managed_policies | length == 0 + - role_info.iam_roles[0].max_session_duration == 43200 + - role_info.iam_roles[0].path == '/' + - '"permissions_boundary" not in role_info.iam_roles[0]' + - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id + - role_info.iam_roles[0].role_name == test_role + - role_info.iam_roles[0].tags | length == 0 diff --git a/tests/integration/targets/iam_role/tasks/inline_policy_update.yml b/tests/integration/targets/iam_role/tasks/inline_policy_update.yml index d364d87d79f..3c82196dd8d 100644 --- a/tests/integration/targets/iam_role/tasks/inline_policy_update.yml +++ b/tests/integration/targets/iam_role/tasks/inline_policy_update.yml @@ -1,48 +1,49 @@ ---- -- name: "Attach inline policy a" +- name: Attach inline policy a iam_policy: state: present - iam_type: "role" - iam_name: "{{ test_role }}" - policy_name: "inline-policy-a" + iam_type: role + iam_name: '{{ test_role }}' + policy_name: inline-policy-a policy_json: '{{ lookup("file", "deny-all-a.json") }}' - -- name: "Attach inline policy b" +- name: Attach inline policy b iam_policy: state: present - iam_type: "role" - iam_name: "{{ test_role }}" - policy_name: "inline-policy-b" + iam_type: role + iam_name: '{{ test_role }}' + policy_name: inline-policy-b policy_json: '{{ lookup("file", "deny-all-b.json") }}' - -- name: "iam_role_info after attaching inline policies (using iam_policy)" +- name: iam_role_info after attaching inline policies (using iam_policy) iam_role_info: - name: "{{ test_role }}" + name: '{{ test_role }}' register: role_info - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"' - - role_info.iam_roles[0].inline_policies | length == 2 - - '"inline-policy-a" in role_info.iam_roles[0].inline_policies' - - '"inline-policy-b" in role_info.iam_roles[0].inline_policies' - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 1 - - safe_managed_policy not in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten ) - - custom_policy_name in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten ) - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 1 - - '"TagB" in role_info.iam_roles[0].tags' - - role_info.iam_roles[0].tags.TagB == "ValueB" + - role_info is succeeded + - role_info.iam_roles | length == 1 + - role_info.iam_roles[0].arn.startswith("arn") + - role_info.iam_roles[0].arn.endswith("role/" + test_role ) + - '"assume_role_policy_document" in role_info.iam_roles[0]' + - '"create_date" in role_info.iam_roles[0]' + - role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix + }}" + - role_info.iam_roles[0].inline_policies | length == 2 + - '"inline-policy-a" in role_info.iam_roles[0].inline_policies' + - '"inline-policy-b" in role_info.iam_roles[0].inline_policies' + - role_info.iam_roles[0].instance_profiles | length == 1 + - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role + - role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn") + - role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + + test_role) + - role_info.iam_roles[0].managed_policies | length == 1 + - safe_managed_policy not in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") + | list | flatten ) + - custom_policy_name in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") + | list | flatten ) + - role_info.iam_roles[0].max_session_duration == 43200 + - role_info.iam_roles[0].path == '/' + - '"permissions_boundary" not in role_info.iam_roles[0]' + - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id + - role_info.iam_roles[0].role_name == test_role + - role_info.iam_roles[0].tags | length == 1 + - '"TagB" in role_info.iam_roles[0].tags' + - role_info.iam_roles[0].tags.TagB == "ValueB" diff --git a/tests/integration/targets/iam_role/tasks/main.yml b/tests/integration/targets/iam_role/tasks/main.yml index 821a683eb53..a787d5cfac1 100644 --- a/tests/integration/targets/iam_role/tasks/main.yml +++ b/tests/integration/targets/iam_role/tasks/main.yml @@ -1,4 +1,3 @@ ---- # Tests for iam_role and iam_role_info # # Tests: @@ -20,100 +19,65 @@ # the standard_pauses and paranoid_pauses options as a first step in debugging -- name: "Setup AWS connection info" +- name: Setup AWS connection info module_defaults: group/aws: - access_key: "{{ aws_access_key }}" - secret_key: "{{ aws_secret_key }}" - session_token: "{{ security_token | default(omit) }}" - region: "{{ aws_region }}" + access_key: '{{ aws_access_key }}' + secret_key: '{{ aws_secret_key }}' + session_token: '{{ security_token | default(omit) }}' + region: '{{ aws_region }}' iam_role: assume_role_policy_document: '{{ lookup("file", "deny-assume.json") }}' collections: - - amazon.aws - - community.general + - community.general block: - - set_fact: - assume_deny_policy: '{{ lookup("file", "deny-assume.json") | from_json }}' - # =================================================================== - # Parameter Checks - - include_tasks: parameter_checks.yml - - # =================================================================== - # Supplemental resource pre-creation - - name: "Create Safe IAM Managed Policy" - iam_managed_policy: - state: present - policy_name: "{{ custom_policy_name }}" - policy_description: "A safe (deny-all) managed policy" - policy: "{{ lookup('file', 'deny-all.json') }}" - register: create_managed_policy - - - assert: - that: - - create_managed_policy is succeeded + - set_fact: + assume_deny_policy: '{{ lookup("file", "deny-assume.json") | from_json }}' + - include_tasks: parameter_checks.yml + - name: Create Safe IAM Managed Policy + iam_managed_policy: + state: present + policy_name: '{{ custom_policy_name }}' + policy_description: A safe (deny-all) managed policy + policy: "{{ lookup('file', 'deny-all.json') }}" + register: create_managed_policy + - assert: + that: + - create_managed_policy is succeeded # =================================================================== # Rapid Role Creation and deletion - - include_tasks: creation_deletion.yml - - # =================================================================== - # Max Session Duration Manipulation - - include_tasks: max_session_update.yml - - # =================================================================== - # Description Manipulation - - include_tasks: description_update.yml - - # =================================================================== - # Tag Manipulation - - include_tasks: tags_update.yml - - # =================================================================== - # Policy Manipulation - - include_tasks: policy_update.yml - - # =================================================================== - # Inline Policy (test _info behavior) - - include_tasks: inline_policy_update.yml - - # =================================================================== - # Role Removal - - include_tasks: role_removal.yml - - # =================================================================== - # Boundary Policy (requires create_instance_profile: no) - - include_tasks: boundary_policy.yml - - # =================================================================== - # Complex role Creation - - include_tasks: complex_role_creation.yml - + - include_tasks: creation_deletion.yml + - include_tasks: max_session_update.yml + - include_tasks: description_update.yml + - include_tasks: tags_update.yml + - include_tasks: policy_update.yml + - include_tasks: inline_policy_update.yml + - include_tasks: role_removal.yml + - include_tasks: boundary_policy.yml + - include_tasks: complex_role_creation.yml always: # =================================================================== # Cleanup - - name: "Remove IAM Role" - iam_role: - state: absent - name: "{{ test_role }}" - delete_instance_profile: yes - ignore_errors: true - - - name: "Remove IAM Role (with path)" - iam_role: - state: absent - name: "{{ test_role }}" - path: "{{ test_path }}" - delete_instance_profile: yes - ignore_errors: true - - - name: "iam_role_info after Role deletion" - iam_role_info: - name: "{{ test_role }}" - ignore_errors: true - - - name: "Remove test managed policy" - iam_managed_policy: - state: absent - policy_name: "{{ custom_policy_name }}" + - name: Remove IAM Role + iam_role: + state: absent + name: '{{ test_role }}' + delete_instance_profile: yes + ignore_errors: true + - name: Remove IAM Role (with path) + iam_role: + state: absent + name: '{{ test_role }}' + path: '{{ test_path }}' + delete_instance_profile: yes + ignore_errors: true + - name: iam_role_info after Role deletion + iam_role_info: + name: '{{ test_role }}' + ignore_errors: true + - name: Remove test managed policy + iam_managed_policy: + state: absent + policy_name: '{{ custom_policy_name }}' diff --git a/tests/integration/targets/iam_role/tasks/max_session_update.yml b/tests/integration/targets/iam_role/tasks/max_session_update.yml index 8ad3641be62..a850de70264 100644 --- a/tests/integration/targets/iam_role/tasks/max_session_update.yml +++ b/tests/integration/targets/iam_role/tasks/max_session_update.yml @@ -1,71 +1,66 @@ ---- -- name: "Update Max Session Duration (CHECK MODE)" +- name: Update Max Session Duration (CHECK MODE) iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' max_session_duration: 43200 check_mode: yes register: iam_role - - assert: that: - - iam_role is changed + - iam_role is changed -- name: "Update Max Session Duration" +- name: Update Max Session Duration iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' max_session_duration: 43200 register: iam_role - - assert: that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - - iam_role.iam_role.max_session_duration == 43200 + - iam_role is changed + - iam_role.iam_role.role_name == test_role + - iam_role.iam_role.max_session_duration == 43200 -- name: "Update Max Session Duration (no change)" +- name: Update Max Session Duration (no change) iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' max_session_duration: 43200 register: iam_role - - assert: that: - - iam_role is not changed + - iam_role is not changed -- name: "Update Max Session Duration (no change) - check mode" +- name: Update Max Session Duration (no change) - check mode iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' max_session_duration: 43200 register: iam_role check_mode: yes - - assert: that: - - iam_role is not changed + - iam_role is not changed -- name: "iam_role_info after updating Max Session Duration" +- name: iam_role_info after updating Max Session Duration iam_role_info: - name: "{{ test_role }}" + name: '{{ test_role }}' register: role_info - - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - '"description" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 0 + - role_info is succeeded + - role_info.iam_roles | length == 1 + - role_info.iam_roles[0].arn.startswith("arn") + - role_info.iam_roles[0].arn.endswith("role/" + test_role ) + - '"assume_role_policy_document" in role_info.iam_roles[0]' + - '"create_date" in role_info.iam_roles[0]' + - '"description" not in role_info.iam_roles[0]' + - role_info.iam_roles[0].inline_policies | length == 0 + - role_info.iam_roles[0].instance_profiles | length == 1 + - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role + - role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn") + - role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + + test_role) + - role_info.iam_roles[0].managed_policies | length == 0 + - role_info.iam_roles[0].max_session_duration == 43200 + - role_info.iam_roles[0].path == '/' + - '"permissions_boundary" not in role_info.iam_roles[0]' + - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id + - role_info.iam_roles[0].role_name == test_role + - role_info.iam_roles[0].tags | length == 0 diff --git a/tests/integration/targets/iam_role/tasks/parameter_checks.yml b/tests/integration/targets/iam_role/tasks/parameter_checks.yml index 57df5436afc..74d3294b1c5 100644 --- a/tests/integration/targets/iam_role/tasks/parameter_checks.yml +++ b/tests/integration/targets/iam_role/tasks/parameter_checks.yml @@ -1,90 +1,82 @@ ---- # Parameter Checks -- name: "Friendly message when creating an instance profile and adding a boundary profile" +- name: Friendly message when creating an instance profile and adding a boundary profile iam_role: - name: "{{ test_role }}" - boundary: "{{ boundary_policy }}" + name: '{{ test_role }}' + boundary: '{{ boundary_policy }}' register: iam_role ignore_errors: yes - - assert: that: - - iam_role is failed - - '"boundary policy" in iam_role.msg' - - '"create_instance_profile" in iam_role.msg' - - '"false" in iam_role.msg' + - iam_role is failed + - '"boundary policy" in iam_role.msg' + - '"create_instance_profile" in iam_role.msg' + - '"false" in iam_role.msg' -- name: "Friendly message when boundary profile is not an ARN" +- name: Friendly message when boundary profile is not an ARN iam_role: - name: "{{ test_role }}" - boundary: "AWSDenyAll" + name: '{{ test_role }}' + boundary: AWSDenyAll create_instance_profile: no register: iam_role ignore_errors: yes - - assert: that: - - iam_role is failed - - '"Boundary policy" in iam_role.msg' - - '"ARN" in iam_role.msg' + - iam_role is failed + - '"Boundary policy" in iam_role.msg' + - '"ARN" in iam_role.msg' -- name: 'Friendly message when "present" without assume_role_policy_document' - module_defaults: { iam_role: {} } +- name: Friendly message when "present" without assume_role_policy_document + module_defaults: {iam_role: {}} iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' register: iam_role ignore_errors: yes - - assert: that: - - iam_role is failed - - 'iam_role.msg.startswith("state is present but all of the following are missing")' - - '"assume_role_policy_document" in iam_role.msg' + - iam_role is failed + - iam_role.msg.startswith("state is present but all of the following are missing") + - '"assume_role_policy_document" in iam_role.msg' -- name: "Maximum Session Duration needs to be between 1 and 12 hours" +- name: Maximum Session Duration needs to be between 1 and 12 hours iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' max_session_duration: 3599 register: iam_role ignore_errors: yes - - assert: that: - - iam_role is failed - - '"max_session_duration must be between" in iam_role.msg' + - iam_role is failed + - '"max_session_duration must be between" in iam_role.msg' -- name: "Maximum Session Duration needs to be between 1 and 12 hours" +- name: Maximum Session Duration needs to be between 1 and 12 hours iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' max_session_duration: 43201 register: iam_role ignore_errors: yes - - assert: that: - - iam_role is failed - - '"max_session_duration must be between" in iam_role.msg' + - iam_role is failed + - '"max_session_duration must be between" in iam_role.msg' -- name: "Role Paths must start with /" +- name: Role Paths must start with / iam_role: - name: "{{ test_role }}" - path: "test/" + name: '{{ test_role }}' + path: test/ register: iam_role ignore_errors: yes - - assert: that: - - iam_role is failed - - '"path must begin and end with /" in iam_role.msg' + - iam_role is failed + - '"path must begin and end with /" in iam_role.msg' -- name: "Role Paths must end with /" +- name: Role Paths must end with / iam_role: - name: "{{ test_role }}" - path: "/test" + name: '{{ test_role }}' + path: /test register: iam_role ignore_errors: yes - - assert: that: - - iam_role is failed - - '"path must begin and end with /" in iam_role.msg' + - iam_role is failed + - '"path must begin and end with /" in iam_role.msg' diff --git a/tests/integration/targets/iam_role/tasks/policy_update.yml b/tests/integration/targets/iam_role/tasks/policy_update.yml index a822edf74b6..ab16ea81f39 100644 --- a/tests/integration/targets/iam_role/tasks/policy_update.yml +++ b/tests/integration/targets/iam_role/tasks/policy_update.yml @@ -1,250 +1,246 @@ ---- -- name: "Add Managed Policy (CHECK MODE)" +- name: Add Managed Policy (CHECK MODE) iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' purge_policies: no managed_policy: - - "{{ safe_managed_policy }}" + - '{{ safe_managed_policy }}' check_mode: yes register: iam_role - - assert: that: - - iam_role is changed + - iam_role is changed -- name: "Add Managed Policy" +- name: Add Managed Policy iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' purge_policies: no managed_policy: - - "{{ safe_managed_policy }}" + - '{{ safe_managed_policy }}' register: iam_role - - assert: that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role + - iam_role is changed + - iam_role.iam_role.role_name == test_role -- name: "Add Managed Policy (no change) - check mode" +- name: Add Managed Policy (no change) - check mode iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' purge_policies: no managed_policy: - - "{{ safe_managed_policy }}" + - '{{ safe_managed_policy }}' register: iam_role check_mode: yes - - assert: that: - - iam_role is not changed + - iam_role is not changed -- name: "Add Managed Policy (no change)" +- name: Add Managed Policy (no change) iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' purge_policies: no managed_policy: - - "{{ safe_managed_policy }}" + - '{{ safe_managed_policy }}' register: iam_role - - assert: that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role + - iam_role is not changed + - iam_role.iam_role.role_name == test_role -- name: "iam_role_info after adding Managed Policy" +- name: iam_role_info after adding Managed Policy iam_role_info: - name: "{{ test_role }}" + name: '{{ test_role }}' register: role_info - - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 1 - - safe_managed_policy in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten ) - - custom_policy_name not in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten ) - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 1 - - '"TagB" in role_info.iam_roles[0].tags' - - role_info.iam_roles[0].tags.TagB == "ValueB" + - role_info is succeeded + - role_info.iam_roles | length == 1 + - role_info.iam_roles[0].arn.startswith("arn") + - role_info.iam_roles[0].arn.endswith("role/" + test_role ) + - '"assume_role_policy_document" in role_info.iam_roles[0]' + - '"create_date" in role_info.iam_roles[0]' + - role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix + }}" + - role_info.iam_roles[0].inline_policies | length == 0 + - role_info.iam_roles[0].instance_profiles | length == 1 + - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role + - role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn") + - role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + + test_role) + - role_info.iam_roles[0].managed_policies | length == 1 + - safe_managed_policy in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") + | list | flatten ) + - custom_policy_name not in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") + | list | flatten ) + - role_info.iam_roles[0].max_session_duration == 43200 + - role_info.iam_roles[0].path == '/' + - '"permissions_boundary" not in role_info.iam_roles[0]' + - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id + - role_info.iam_roles[0].role_name == test_role + - role_info.iam_roles[0].tags | length == 1 + - '"TagB" in role_info.iam_roles[0].tags' + - role_info.iam_roles[0].tags.TagB == "ValueB" # ------------------------------------------------------------------------------------------ -- name: "Update Managed Policy without purge (CHECK MODE)" +- name: Update Managed Policy without purge (CHECK MODE) iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' purge_policies: no managed_policy: - - "{{ custom_policy_name }}" + - '{{ custom_policy_name }}' check_mode: yes register: iam_role - - assert: that: - - iam_role is changed + - iam_role is changed -- name: "Update Managed Policy without purge" +- name: Update Managed Policy without purge iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' purge_policies: no managed_policy: - - "{{ custom_policy_name }}" + - '{{ custom_policy_name }}' register: iam_role - - assert: that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role + - iam_role is changed + - iam_role.iam_role.role_name == test_role -- name: "Update Managed Policy without purge (no change) - check mode" +- name: Update Managed Policy without purge (no change) - check mode iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' purge_policies: no managed_policy: - - "{{ custom_policy_name }}" + - '{{ custom_policy_name }}' register: iam_role check_mode: yes - - assert: that: - - iam_role is not changed + - iam_role is not changed -- name: "Update Managed Policy without purge (no change)" +- name: Update Managed Policy without purge (no change) iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' purge_policies: no managed_policy: - - "{{ custom_policy_name }}" + - '{{ custom_policy_name }}' register: iam_role - - assert: that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role + - iam_role is not changed + - iam_role.iam_role.role_name == test_role -- name: "iam_role_info after updating Managed Policy without purge" +- name: iam_role_info after updating Managed Policy without purge iam_role_info: - name: "{{ test_role }}" + name: '{{ test_role }}' register: role_info - - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 2 - - safe_managed_policy in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten ) - - custom_policy_name in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten ) - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 1 - - '"TagB" in role_info.iam_roles[0].tags' - - role_info.iam_roles[0].tags.TagB == "ValueB" + - role_info is succeeded + - role_info.iam_roles | length == 1 + - role_info.iam_roles[0].arn.startswith("arn") + - role_info.iam_roles[0].arn.endswith("role/" + test_role ) + - '"assume_role_policy_document" in role_info.iam_roles[0]' + - '"create_date" in role_info.iam_roles[0]' + - role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix + }}" + - role_info.iam_roles[0].inline_policies | length == 0 + - role_info.iam_roles[0].instance_profiles | length == 1 + - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role + - role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn") + - role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + + test_role) + - role_info.iam_roles[0].managed_policies | length == 2 + - safe_managed_policy in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") + | list | flatten ) + - custom_policy_name in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") + | list | flatten ) + - role_info.iam_roles[0].max_session_duration == 43200 + - role_info.iam_roles[0].path == '/' + - '"permissions_boundary" not in role_info.iam_roles[0]' + - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id + - role_info.iam_roles[0].role_name == test_role + - role_info.iam_roles[0].tags | length == 1 + - '"TagB" in role_info.iam_roles[0].tags' + - role_info.iam_roles[0].tags.TagB == "ValueB" # ------------------------------------------------------------------------------------------ # Managed Policies are purged by default -- name: "Update Managed Policy with purge (CHECK MODE)" +- name: Update Managed Policy with purge (CHECK MODE) iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' managed_policy: - - "{{ custom_policy_name }}" + - '{{ custom_policy_name }}' check_mode: yes register: iam_role - - assert: that: - - iam_role is changed + - iam_role is changed -- name: "Update Managed Policy with purge" +- name: Update Managed Policy with purge iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' managed_policy: - - "{{ custom_policy_name }}" + - '{{ custom_policy_name }}' register: iam_role - - assert: that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role + - iam_role is changed + - iam_role.iam_role.role_name == test_role -- name: "Update Managed Policy with purge (no change) - check mode" +- name: Update Managed Policy with purge (no change) - check mode iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' managed_policy: - - "{{ custom_policy_name }}" + - '{{ custom_policy_name }}' register: iam_role check_mode: yes - - assert: that: - - iam_role is not changed + - iam_role is not changed -- name: "Update Managed Policy with purge (no change)" +- name: Update Managed Policy with purge (no change) iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' managed_policy: - - "{{ custom_policy_name }}" + - '{{ custom_policy_name }}' register: iam_role - - assert: that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role + - iam_role is not changed + - iam_role.iam_role.role_name == test_role -- name: "iam_role_info after updating Managed Policy with purge" +- name: iam_role_info after updating Managed Policy with purge iam_role_info: - name: "{{ test_role }}" + name: '{{ test_role }}' register: role_info - - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 1 - - safe_managed_policy not in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten ) - - custom_policy_name in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") | list | flatten ) - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 1 - - '"TagB" in role_info.iam_roles[0].tags' - - role_info.iam_roles[0].tags.TagB == "ValueB" + - role_info is succeeded + - role_info.iam_roles | length == 1 + - role_info.iam_roles[0].arn.startswith("arn") + - role_info.iam_roles[0].arn.endswith("role/" + test_role ) + - '"assume_role_policy_document" in role_info.iam_roles[0]' + - '"create_date" in role_info.iam_roles[0]' + - role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix + }}" + - role_info.iam_roles[0].inline_policies | length == 0 + - role_info.iam_roles[0].instance_profiles | length == 1 + - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role + - role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn") + - role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + + test_role) + - role_info.iam_roles[0].managed_policies | length == 1 + - safe_managed_policy not in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") + | list | flatten ) + - custom_policy_name in ( role_info | community.general.json_query("iam_roles[*].managed_policies[*].policy_name") + | list | flatten ) + - role_info.iam_roles[0].max_session_duration == 43200 + - role_info.iam_roles[0].path == '/' + - '"permissions_boundary" not in role_info.iam_roles[0]' + - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id + - role_info.iam_roles[0].role_name == test_role + - role_info.iam_roles[0].tags | length == 1 + - '"TagB" in role_info.iam_roles[0].tags' + - role_info.iam_roles[0].tags.TagB == "ValueB" diff --git a/tests/integration/targets/iam_role/tasks/role_removal.yml b/tests/integration/targets/iam_role/tasks/role_removal.yml index ebcfd54530a..7450fb9685c 100644 --- a/tests/integration/targets/iam_role/tasks/role_removal.yml +++ b/tests/integration/targets/iam_role/tasks/role_removal.yml @@ -1,65 +1,59 @@ ---- -- name: "Remove IAM Role (CHECK MODE)" +- name: Remove IAM Role (CHECK MODE) iam_role: state: absent - name: "{{ test_role }}" + name: '{{ test_role }}' delete_instance_profile: yes check_mode: yes register: iam_role - - assert: that: - - iam_role is changed + - iam_role is changed -- name: "iam_role_info after deleting role in check mode" +- name: iam_role_info after deleting role in check mode iam_role_info: - name: "{{ test_role }}" + name: '{{ test_role }}' register: role_info - - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 1 + - role_info is succeeded + - role_info.iam_roles | length == 1 -- name: "Remove IAM Role" +- name: Remove IAM Role iam_role: state: absent - name: "{{ test_role }}" + name: '{{ test_role }}' delete_instance_profile: yes register: iam_role - - assert: that: - - iam_role is changed + - iam_role is changed -- name: "iam_role_info after deleting role" +- name: iam_role_info after deleting role iam_role_info: - name: "{{ test_role }}" + name: '{{ test_role }}' register: role_info - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 0 + - role_info is succeeded + - role_info.iam_roles | length == 0 -- name: "Remove IAM Role (should be gone already) - check mode" +- name: Remove IAM Role (should be gone already) - check mode iam_role: state: absent - name: "{{ test_role }}" + name: '{{ test_role }}' delete_instance_profile: yes register: iam_role check_mode: yes - - assert: that: - - iam_role is not changed + - iam_role is not changed -- name: "Remove IAM Role (should be gone already)" +- name: Remove IAM Role (should be gone already) iam_role: state: absent - name: "{{ test_role }}" + name: '{{ test_role }}' delete_instance_profile: yes register: iam_role - - assert: that: - - iam_role is not changed + - iam_role is not changed diff --git a/tests/integration/targets/iam_role/tasks/tags_update.yml b/tests/integration/targets/iam_role/tasks/tags_update.yml index 5eadd9fdf7e..b68013212dd 100644 --- a/tests/integration/targets/iam_role/tasks/tags_update.yml +++ b/tests/integration/targets/iam_role/tasks/tags_update.yml @@ -1,341 +1,328 @@ ---- -- name: "Add Tag (CHECK MODE)" +- name: Add Tag (CHECK MODE) iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' tags: TagA: ValueA check_mode: yes register: iam_role - - assert: that: - - iam_role is changed + - iam_role is changed -- name: "Add Tag" +- name: Add Tag iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' tags: TagA: ValueA register: iam_role - - assert: that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - - iam_role.iam_role.tags | length == 1 - - '"TagA" in iam_role.iam_role.tags' - - iam_role.iam_role.tags.TagA == "ValueA" + - iam_role is changed + - iam_role.iam_role.role_name == test_role + - iam_role.iam_role.tags | length == 1 + - '"TagA" in iam_role.iam_role.tags' + - iam_role.iam_role.tags.TagA == "ValueA" -- name: "Add Tag (no change) - check mode" +- name: Add Tag (no change) - check mode iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' tags: TagA: ValueA register: iam_role check_mode: yes - - assert: that: - - iam_role is not changed + - iam_role is not changed -- name: "Add Tag (no change)" +- name: Add Tag (no change) iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' tags: TagA: ValueA register: iam_role - - assert: that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role - - '"TagA" in iam_role.iam_role.tags' - - iam_role.iam_role.tags.TagA == "ValueA" + - iam_role is not changed + - iam_role.iam_role.role_name == test_role + - '"TagA" in iam_role.iam_role.tags' + - iam_role.iam_role.tags.TagA == "ValueA" -- name: "iam_role_info after adding Tags" +- name: iam_role_info after adding Tags iam_role_info: - name: "{{ test_role }}" + name: '{{ test_role }}' register: role_info - - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 1 - - '"TagA" in role_info.iam_roles[0].tags' - - role_info.iam_roles[0].tags.TagA == "ValueA" + - role_info is succeeded + - role_info.iam_roles | length == 1 + - role_info.iam_roles[0].arn.startswith("arn") + - role_info.iam_roles[0].arn.endswith("role/" + test_role ) + - '"assume_role_policy_document" in role_info.iam_roles[0]' + - '"create_date" in role_info.iam_roles[0]' + - role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix + }}" + - role_info.iam_roles[0].inline_policies | length == 0 + - role_info.iam_roles[0].instance_profiles | length == 1 + - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role + - role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn") + - role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + + test_role) + - role_info.iam_roles[0].managed_policies | length == 0 + - role_info.iam_roles[0].max_session_duration == 43200 + - role_info.iam_roles[0].path == '/' + - '"permissions_boundary" not in role_info.iam_roles[0]' + - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id + - role_info.iam_roles[0].role_name == test_role + - role_info.iam_roles[0].tags | length == 1 + - '"TagA" in role_info.iam_roles[0].tags' + - role_info.iam_roles[0].tags.TagA == "ValueA" # ------------------------------------------------------------------------------------------ -- name: "Update Tag (CHECK MODE)" +- name: Update Tag (CHECK MODE) iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' tags: TagA: AValue check_mode: yes register: iam_role - - assert: that: - - iam_role is changed + - iam_role is changed -- name: "Update Tag" +- name: Update Tag iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' tags: TagA: AValue register: iam_role - - assert: that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - - '"TagA" in iam_role.iam_role.tags' - - iam_role.iam_role.tags.TagA == "AValue" + - iam_role is changed + - iam_role.iam_role.role_name == test_role + - '"TagA" in iam_role.iam_role.tags' + - iam_role.iam_role.tags.TagA == "AValue" -- name: "Update Tag (no change) - check mode" +- name: Update Tag (no change) - check mode iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' tags: TagA: AValue register: iam_role check_mode: yes - - assert: that: - - iam_role is not changed + - iam_role is not changed -- name: "Update Tag (no change)" +- name: Update Tag (no change) iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' tags: TagA: AValue register: iam_role - - assert: that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role - - '"TagA" in iam_role.iam_role.tags' - - iam_role.iam_role.tags.TagA == "AValue" + - iam_role is not changed + - iam_role.iam_role.role_name == test_role + - '"TagA" in iam_role.iam_role.tags' + - iam_role.iam_role.tags.TagA == "AValue" -- name: "iam_role_info after updating Tag" +- name: iam_role_info after updating Tag iam_role_info: - name: "{{ test_role }}" + name: '{{ test_role }}' register: role_info - - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 1 - - '"TagA" in role_info.iam_roles[0].tags' - - role_info.iam_roles[0].tags.TagA == "AValue" + - role_info is succeeded + - role_info.iam_roles | length == 1 + - role_info.iam_roles[0].arn.startswith("arn") + - role_info.iam_roles[0].arn.endswith("role/" + test_role ) + - '"assume_role_policy_document" in role_info.iam_roles[0]' + - '"create_date" in role_info.iam_roles[0]' + - role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix + }}" + - role_info.iam_roles[0].inline_policies | length == 0 + - role_info.iam_roles[0].instance_profiles | length == 1 + - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role + - role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn") + - role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + + test_role) + - role_info.iam_roles[0].managed_policies | length == 0 + - role_info.iam_roles[0].max_session_duration == 43200 + - role_info.iam_roles[0].path == '/' + - '"permissions_boundary" not in role_info.iam_roles[0]' + - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id + - role_info.iam_roles[0].role_name == test_role + - role_info.iam_roles[0].tags | length == 1 + - '"TagA" in role_info.iam_roles[0].tags' + - role_info.iam_roles[0].tags.TagA == "AValue" # ------------------------------------------------------------------------------------------ -- name: "Add second Tag without purge (CHECK MODE)" +- name: Add second Tag without purge (CHECK MODE) iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' purge_tags: no tags: TagB: ValueB check_mode: yes register: iam_role - - assert: that: - - iam_role is changed + - iam_role is changed -- name: "Add second Tag without purge" +- name: Add second Tag without purge iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' purge_tags: no tags: TagB: ValueB register: iam_role - - assert: that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - - '"TagB" in iam_role.iam_role.tags' - - iam_role.iam_role.tags.TagB == "ValueB" + - iam_role is changed + - iam_role.iam_role.role_name == test_role + - '"TagB" in iam_role.iam_role.tags' + - iam_role.iam_role.tags.TagB == "ValueB" -- name: "Add second Tag without purge (no change) - check mode" +- name: Add second Tag without purge (no change) - check mode iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' purge_tags: no tags: TagB: ValueB register: iam_role check_mode: yes - - assert: that: - - iam_role is not changed + - iam_role is not changed -- name: "Add second Tag without purge (no change)" +- name: Add second Tag without purge (no change) iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' purge_tags: no tags: TagB: ValueB register: iam_role - - assert: that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role - - '"TagB" in iam_role.iam_role.tags' - - iam_role.iam_role.tags.TagB == "ValueB" + - iam_role is not changed + - iam_role.iam_role.role_name == test_role + - '"TagB" in iam_role.iam_role.tags' + - iam_role.iam_role.tags.TagB == "ValueB" -- name: "iam_role_info after adding second Tag without purge" +- name: iam_role_info after adding second Tag without purge iam_role_info: - name: "{{ test_role }}" + name: '{{ test_role }}' register: role_info - - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 2 - - '"TagA" in role_info.iam_roles[0].tags' - - role_info.iam_roles[0].tags.TagA == "AValue" - - '"TagB" in role_info.iam_roles[0].tags' - - role_info.iam_roles[0].tags.TagB == "ValueB" + - role_info is succeeded + - role_info.iam_roles | length == 1 + - role_info.iam_roles[0].arn.startswith("arn") + - role_info.iam_roles[0].arn.endswith("role/" + test_role ) + - '"assume_role_policy_document" in role_info.iam_roles[0]' + - '"create_date" in role_info.iam_roles[0]' + - role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix + }}" + - role_info.iam_roles[0].inline_policies | length == 0 + - role_info.iam_roles[0].instance_profiles | length == 1 + - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role + - role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn") + - role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + + test_role) + - role_info.iam_roles[0].managed_policies | length == 0 + - role_info.iam_roles[0].max_session_duration == 43200 + - role_info.iam_roles[0].path == '/' + - '"permissions_boundary" not in role_info.iam_roles[0]' + - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id + - role_info.iam_roles[0].role_name == test_role + - role_info.iam_roles[0].tags | length == 2 + - '"TagA" in role_info.iam_roles[0].tags' + - role_info.iam_roles[0].tags.TagA == "AValue" + - '"TagB" in role_info.iam_roles[0].tags' + - role_info.iam_roles[0].tags.TagB == "ValueB" # ------------------------------------------------------------------------------------------ -- name: "Purge first tag (CHECK MODE)" +- name: Purge first tag (CHECK MODE) iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' purge_tags: yes tags: TagB: ValueB check_mode: yes register: iam_role - - assert: that: - - iam_role is changed + - iam_role is changed -- name: "Purge first tag" +- name: Purge first tag iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' purge_tags: yes tags: TagB: ValueB register: iam_role - - assert: that: - - iam_role is changed - - iam_role.iam_role.role_name == test_role - - '"TagB" in iam_role.iam_role.tags' - - iam_role.iam_role.tags.TagB == "ValueB" + - iam_role is changed + - iam_role.iam_role.role_name == test_role + - '"TagB" in iam_role.iam_role.tags' + - iam_role.iam_role.tags.TagB == "ValueB" -- name: "Purge first tag (no change) - check mode" +- name: Purge first tag (no change) - check mode iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' purge_tags: yes tags: TagB: ValueB register: iam_role - - assert: that: - - iam_role is not changed + - iam_role is not changed -- name: "Purge first tag (no change)" +- name: Purge first tag (no change) iam_role: - name: "{{ test_role }}" + name: '{{ test_role }}' purge_tags: yes tags: TagB: ValueB register: iam_role - - assert: that: - - iam_role is not changed - - iam_role.iam_role.role_name == test_role - - '"TagB" in iam_role.iam_role.tags' - - iam_role.iam_role.tags.TagB == "ValueB" + - iam_role is not changed + - iam_role.iam_role.role_name == test_role + - '"TagB" in iam_role.iam_role.tags' + - iam_role.iam_role.tags.TagB == "ValueB" -- name: "iam_role_info after purging first Tag" +- name: iam_role_info after purging first Tag iam_role_info: - name: "{{ test_role }}" + name: '{{ test_role }}' register: role_info - - assert: that: - - role_info is succeeded - - role_info.iam_roles | length == 1 - - 'role_info.iam_roles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].arn.endswith("role/" + test_role )' - - '"assume_role_policy_document" in role_info.iam_roles[0]' - - '"create_date" in role_info.iam_roles[0]' - - 'role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix }}"' - - role_info.iam_roles[0].inline_policies | length == 0 - - role_info.iam_roles[0].instance_profiles | length == 1 - - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role - - 'role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn")' - - 'role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + test_role)' - - role_info.iam_roles[0].managed_policies | length == 0 - - role_info.iam_roles[0].max_session_duration == 43200 - - role_info.iam_roles[0].path == '/' - - '"permissions_boundary" not in role_info.iam_roles[0]' - - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id - - role_info.iam_roles[0].role_name == test_role - - role_info.iam_roles[0].tags | length == 1 - - '"TagA" not in role_info.iam_roles[0].tags' - - '"TagB" in role_info.iam_roles[0].tags' - - role_info.iam_roles[0].tags.TagB == "ValueB" + - role_info is succeeded + - role_info.iam_roles | length == 1 + - role_info.iam_roles[0].arn.startswith("arn") + - role_info.iam_roles[0].arn.endswith("role/" + test_role ) + - '"assume_role_policy_document" in role_info.iam_roles[0]' + - '"create_date" in role_info.iam_roles[0]' + - role_info.iam_roles[0].description == "Ansible Test Role (updated) {{ resource_prefix + }}" + - role_info.iam_roles[0].inline_policies | length == 0 + - role_info.iam_roles[0].instance_profiles | length == 1 + - role_info.iam_roles[0].instance_profiles[0].instance_profile_name == test_role + - role_info.iam_roles[0].instance_profiles[0].arn.startswith("arn") + - role_info.iam_roles[0].instance_profiles[0].arn.endswith("instance-profile/" + + test_role) + - role_info.iam_roles[0].managed_policies | length == 0 + - role_info.iam_roles[0].max_session_duration == 43200 + - role_info.iam_roles[0].path == '/' + - '"permissions_boundary" not in role_info.iam_roles[0]' + - role_info.iam_roles[0].role_id == iam_role.iam_role.role_id + - role_info.iam_roles[0].role_name == test_role + - role_info.iam_roles[0].tags | length == 1 + - '"TagA" not in role_info.iam_roles[0].tags' + - '"TagB" in role_info.iam_roles[0].tags' + - role_info.iam_roles[0].tags.TagB == "ValueB"