Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ci_complete
- Loading branch information
Showing
18 changed files
with
777 additions
and
453 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,2 @@ | ||
cloud/aws | ||
shippable/aws/group1 | ||
unstable |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
[tests] | ||
missing | ||
simple | ||
complex | ||
dotted | ||
tags | ||
encryption_kms | ||
encryption_sse | ||
|
||
[all:vars] | ||
ansible_connection=local | ||
ansible_python_interpreter="{{ ansible_playbook_python }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
--- | ||
# Beware: most of our tests here are run in parallel. | ||
# To add new tests you'll need to add a new host to the inventory and a matching | ||
# '{{ inventory_hostname }}'.yml file in roles/s3_bucket/tasks/ | ||
|
||
# VPC should get cleaned up once all hosts have run | ||
- hosts: all | ||
gather_facts: no | ||
strategy: free | ||
#serial: 10 | ||
roles: | ||
- s3_bucket |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
dependencies: | ||
- prepare_tests | ||
- setup_ec2 | ||
- setup_remote_tmp_dir |
2 changes: 2 additions & 0 deletions
2
test/integration/targets/s3_bucket/roles/s3_bucket/defaults/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
--- | ||
bucket_name: '{{ resource_prefix }}-{{ inventory_hostname | regex_replace("_","-") }}' |
4 changes: 4 additions & 0 deletions
4
test/integration/targets/s3_bucket/roles/s3_bucket/meta/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
dependencies: | ||
- prepare_tests | ||
- setup_ec2 | ||
- setup_remote_tmp_dir |
135 changes: 135 additions & 0 deletions
135
test/integration/targets/s3_bucket/roles/s3_bucket/tasks/complex.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,135 @@ | ||
--- | ||
- block: | ||
- name: 'Create more complex s3_bucket' | ||
s3_bucket: | ||
name: '{{ bucket_name }}' | ||
state: present | ||
policy: "{{ lookup('template','policy.json') }}" | ||
requester_pays: yes | ||
versioning: yes | ||
tags: | ||
example: tag1 | ||
another: tag2 | ||
register: output | ||
|
||
- assert: | ||
that: | ||
- output is changed | ||
- output.name == '{{ bucket_name }}' | ||
- output.requester_pays | ||
- output.versioning.MfaDelete == 'Disabled' | ||
- output.versioning.Versioning == 'Enabled' | ||
- output.tags.example == 'tag1' | ||
- output.tags.another == 'tag2' | ||
- output.policy.Statement[0].Action == 's3:GetObject' | ||
- output.policy.Statement[0].Effect == 'Allow' | ||
- output.policy.Statement[0].Principal == '*' | ||
- output.policy.Statement[0].Resource == 'arn:aws:s3:::{{ bucket_name }}/*' | ||
- output.policy.Statement[0].Sid == 'AddPerm' | ||
|
||
# ============================================================ | ||
|
||
- name: 'Pause to help with s3 bucket eventual consistency' | ||
wait_for: | ||
timeout: 10 | ||
delegate_to: localhost | ||
|
||
- name: 'Try to update the same complex s3_bucket' | ||
s3_bucket: | ||
name: '{{ bucket_name }}' | ||
state: present | ||
policy: "{{ lookup('template','policy.json') }}" | ||
requester_pays: yes | ||
versioning: yes | ||
tags: | ||
example: tag1 | ||
another: tag2 | ||
register: output | ||
|
||
- assert: | ||
that: | ||
- output is not changed | ||
|
||
# ============================================================ | ||
- name: 'Update bucket policy on complex bucket' | ||
s3_bucket: | ||
name: '{{ bucket_name }}' | ||
state: present | ||
policy: "{{ lookup('template','policy-updated.json') }}" | ||
requester_pays: yes | ||
versioning: yes | ||
tags: | ||
example: tag1 | ||
another: tag2 | ||
register: output | ||
|
||
- assert: | ||
that: | ||
- output is changed | ||
- output.policy.Statement[0].Action == 's3:GetObject' | ||
- output.policy.Statement[0].Effect == 'Deny' | ||
- output.policy.Statement[0].Principal == '*' | ||
- output.policy.Statement[0].Resource == 'arn:aws:s3:::{{ bucket_name }}/*' | ||
- output.policy.Statement[0].Sid == 'AddPerm' | ||
|
||
# ============================================================ | ||
|
||
- name: 'Pause to help with s3 bucket eventual consistency' | ||
wait_for: | ||
timeout: 10 | ||
delegate_to: localhost | ||
|
||
- name: Update attributes for s3_bucket | ||
s3_bucket: | ||
name: '{{ bucket_name }}' | ||
state: present | ||
policy: "{{ lookup('template','policy.json') }}" | ||
requester_pays: no | ||
versioning: no | ||
tags: | ||
example: tag1-udpated | ||
another: tag2 | ||
register: output | ||
|
||
- assert: | ||
that: | ||
- output is changed | ||
- output.name == '{{ bucket_name }}' | ||
- not output.requester_pays | ||
- output.versioning.MfaDelete == 'Disabled' | ||
- output.versioning.Versioning in ['Suspended', 'Disabled'] | ||
- output.tags.example == 'tag1-udpated' | ||
- output.tags.another == 'tag2' | ||
- output.policy.Statement[0].Action == 's3:GetObject' | ||
- output.policy.Statement[0].Effect == 'Allow' | ||
- output.policy.Statement[0].Principal == '*' | ||
- output.policy.Statement[0].Resource == 'arn:aws:s3:::{{ bucket_name }}/*' | ||
- output.policy.Statement[0].Sid == 'AddPerm' | ||
|
||
- name: 'Delete complex test bucket' | ||
s3_bucket: | ||
name: '{{ bucket_name }}' | ||
state: absent | ||
register: output | ||
|
||
- assert: | ||
that: | ||
- output is changed | ||
|
||
- name: 'Re-delete complex test bucket' | ||
s3_bucket: | ||
name: '{{ bucket_name }}' | ||
state: absent | ||
register: output | ||
|
||
- assert: | ||
that: | ||
- output is not changed | ||
|
||
# ============================================================ | ||
always: | ||
- name: 'Ensure all buckets are deleted' | ||
s3_bucket: | ||
name: '{{ bucket_name }}' | ||
state: absent | ||
ignore_errors: yes |
54 changes: 54 additions & 0 deletions
54
test/integration/targets/s3_bucket/roles/s3_bucket/tasks/dotted.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
--- | ||
- block: | ||
- name: 'Ensure bucket_name contains a .' | ||
set_fact: | ||
bucket_name: '{{ bucket_name }}.something' | ||
|
||
# ============================================================ | ||
# | ||
- name: 'Create bucket with dot in name' | ||
s3_bucket: | ||
name: '{{ bucket_name }}' | ||
state: present | ||
register: output | ||
|
||
- assert: | ||
that: | ||
- output is changed | ||
- output.name == '{{ bucket_name }}' | ||
|
||
|
||
# ============================================================ | ||
|
||
- name: 'Pause to help with s3 bucket eventual consistency' | ||
wait_for: | ||
timeout: 10 | ||
delegate_to: localhost | ||
|
||
- name: 'Delete s3_bucket with dot in name' | ||
s3_bucket: | ||
name: '{{ bucket_name }}' | ||
state: absent | ||
register: output | ||
|
||
- assert: | ||
that: | ||
- output is changed | ||
|
||
- name: 'Re-delete s3_bucket with dot in name' | ||
s3_bucket: | ||
name: '{{ bucket_name }}' | ||
state: absent | ||
register: output | ||
|
||
- assert: | ||
that: | ||
- output is not changed | ||
|
||
# ============================================================ | ||
always: | ||
- name: 'Ensure all buckets are deleted' | ||
s3_bucket: | ||
name: '{{ bucket_name }}' | ||
state: absent | ||
ignore_errors: yes |
88 changes: 88 additions & 0 deletions
88
test/integration/targets/s3_bucket/roles/s3_bucket/tasks/encryption_kms.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
--- | ||
- module_defaults: | ||
group/aws: | ||
aws_access_key: "{{ aws_access_key }}" | ||
aws_secret_key: "{{ aws_secret_key }}" | ||
security_token: "{{ security_token | default(omit) }}" | ||
region: "{{ aws_region }}" | ||
block: | ||
|
||
# ============================================================ | ||
|
||
- name: 'Create a simple bucket' | ||
s3_bucket: | ||
name: '{{ bucket_name }}' | ||
state: present | ||
register: output | ||
|
||
- name: 'Enable aws:kms encryption with KMS master key' | ||
s3_bucket: | ||
name: '{{ bucket_name }}' | ||
state: present | ||
encryption: "aws:kms" | ||
register: output | ||
|
||
- assert: | ||
that: | ||
- output.changed | ||
- output.encryption | ||
- output.encryption.SSEAlgorithm == 'aws:kms' | ||
|
||
- name: 'Re-enable aws:kms encryption with KMS master key (idempotent)' | ||
s3_bucket: | ||
name: '{{ bucket_name }}' | ||
state: present | ||
encryption: "aws:kms" | ||
register: output | ||
|
||
- assert: | ||
that: | ||
- not output.changed | ||
- output.encryption | ||
- output.encryption.SSEAlgorithm == 'aws:kms' | ||
|
||
# ============================================================ | ||
|
||
- name: Disable encryption from bucket | ||
s3_bucket: | ||
name: '{{ bucket_name }}' | ||
state: present | ||
encryption: "none" | ||
register: output | ||
|
||
- assert: | ||
that: | ||
- output.changed | ||
- not output.encryption | ||
|
||
- name: Disable encryption from bucket | ||
s3_bucket: | ||
name: '{{ bucket_name }}' | ||
state: present | ||
encryption: "none" | ||
register: output | ||
|
||
- assert: | ||
that: | ||
- output is not changed | ||
- not output.encryption | ||
|
||
# ============================================================ | ||
|
||
- name: Delete encryption test s3 bucket | ||
s3_bucket: | ||
name: '{{ bucket_name }}' | ||
state: absent | ||
register: output | ||
|
||
- assert: | ||
that: | ||
- output.changed | ||
|
||
# ============================================================ | ||
always: | ||
- name: Ensure all buckets are deleted | ||
s3_bucket: | ||
name: '{{ bucket_name }}' | ||
state: absent | ||
ignore_errors: yes |
Oops, something went wrong.