Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cleanup aws_config tests #440

Merged
merged 2 commits into from
Feb 24, 2021
Merged

Cleanup aws_config tests #440

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f406b6e
More explanation as to why aws_config is 'unsupported'
tremble Feb 24, 2021
094d7d9
Make sure aws_config tests create resources with the 'usual' names.
tremble Feb 24, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion tests/integration/targets/aws_config/aliases
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
# reason: missing-policy
# We don't have CI or 'unsupported' policy for AWS config
# AWS Config will test that it's able to deliver using its assumed role.
# Either we'll need to grant the role global access to S3/SNS/SQS or we'll need
# some custom Managed Policies.
# reason: serial
# Only one Config Recorder per region per account is permitted
unsupported

cloud/aws
Expand Down
2 changes: 1 addition & 1 deletion tests/integration/targets/aws_config/defaults/main.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
---
config_s3_bucket: '{{ resource_prefix }}-config-records'
config_sns_name: '{{ resource_prefix }}-delivery-channel-test-topic'
config_role_name: 'config-recorder-test-{{ resource_prefix }}'
config_role_name: 'ansible-test-{{ resource_prefix }}'
24 changes: 12 additions & 12 deletions tests/integration/targets/aws_config/tasks/main.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -158,7 +158,7 @@
# ============================================================
- name: Create Configuration Recorder for AWS Config
aws_config_recorder:
name: test_configuration_recorder
name: '{{ resource_prefix }}-recorder'
state: present
role_arn: "{{ config_iam_role.arn }}"
recording_group:
Expand All @@ -172,7 +172,7 @@

- name: Create Delivery Channel for AWS Config
aws_config_delivery_channel:
name: test_delivery_channel
name: '{{ resource_prefix }}-channel'
state: present
s3_bucket: "{{ config_s3_bucket }}"
s3_prefix: "foo/bar"
Expand All @@ -186,7 +186,7 @@

- name: Create Config Rule for AWS Config
aws_config_rule:
name: test_config_rule
name: '{{ resource_prefix }}-rule'
state: present
description: 'This AWS Config rule checks for public write access on S3 buckets'
scope:
Expand All @@ -206,7 +206,7 @@
# ============================================================
- name: Update Configuration Recorder
aws_config_recorder:
name: test_configuration_recorder
name: '{{ resource_prefix }}-recorder'
state: present
role_arn: "{{ config_iam_role.arn }}"
recording_group:
Expand All @@ -222,7 +222,7 @@

- name: Update Delivery Channel
aws_config_delivery_channel:
name: test_delivery_channel
name: '{{ resource_prefix }}-channel'
state: present
s3_bucket: "{{ config_s3_bucket }}"
sns_topic_arn: "{{ config_sns_topic.sns_arn }}"
Expand All @@ -235,7 +235,7 @@

- name: Update Config Rule
aws_config_rule:
name: test_config_rule
name: '{{ resource_prefix }}-rule'
state: present
description: 'This AWS Config rule checks for public write access on S3 buckets'
scope:
Expand All @@ -255,7 +255,7 @@
# ============================================================
- name: Don't update Configuration Recorder
aws_config_recorder:
name: test_configuration_recorder
name: '{{ resource_prefix }}-recorder'
state: present
role_arn: "{{ config_iam_role.arn }}"
recording_group:
Expand All @@ -271,7 +271,7 @@

- name: Don't update Delivery Channel
aws_config_delivery_channel:
name: test_delivery_channel
name: '{{ resource_prefix }}-channel'
state: present
s3_bucket: "{{ config_s3_bucket }}"
sns_topic_arn: "{{ config_sns_topic.sns_arn }}"
Expand All @@ -284,7 +284,7 @@

- name: Don't update Config Rule
aws_config_rule:
name: test_config_rule
name: '{{ resource_prefix }}-rule'
state: present
description: 'This AWS Config rule checks for public write access on S3 buckets'
scope:
Expand All @@ -305,7 +305,7 @@
# ============================================================
- name: Destroy Configuration Recorder
aws_config_recorder:
name: test_configuration_recorder
name: '{{ resource_prefix }}-recorder'
state: absent
register: output
ignore_errors: yes
Expand All @@ -316,7 +316,7 @@

- name: Destroy Delivery Channel
aws_config_delivery_channel:
name: test_delivery_channel
name: '{{ resource_prefix }}-channel'
state: absent
s3_bucket: "{{ config_s3_bucket }}"
sns_topic_arn: "{{ config_sns_topic.sns_arn }}"
Expand All @@ -330,7 +330,7 @@

- name: Destroy Config Rule
aws_config_rule:
name: test_config_rule
name: '{{ resource_prefix }}-rule'
state: absent
description: 'This AWS Config rule checks for public write access on S3 buckets'
scope:
Expand Down