Skip to content

Commit

Permalink
ecs_cluster test suite refactor (ansible#57716)
Browse files Browse the repository at this point in the history 
* Combine testing policies

Because of the maximum of 10 policies per group, need to
consolidate testing policies as best we can.

* Tidy put-account-setting tasks and add permission

Using `environment` and `command` rather than `shell` avoids the
need for `no_log` and means that people can fix the problem

* refactor ecs_cluster test suite

move from runme.sh technique to virtualenv

use ec2_instance rather than ec2 module to
avoid need for boto
  • Loading branch information
@willthames @jillr
willthames authored and jillr committed Jun 17, 2019
1 parent 7751e97 commit 924352a
Show file tree
Hide file tree
Showing 25 changed files with 687 additions and 752 deletions.
1 change: 1 addition & 0 deletions hacking/aws_config/testing_policies/container-policy.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
"ecs:DeregisterTaskDefinition",
"ecs:Describe*",
"ecs:List*",
"ecs:PutAccountSetting",
"ecs:RegisterTaskDefinition",
"ecs:RunTask",
"ecs:StartTask",
Expand Down
15 changes: 15 additions & 0 deletions hacking/aws_config/testing_policies/database-policy.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,21 @@
"Resource": [
"arn:aws:rds:{{aws_region}}:{{aws_account}}:pg:*"
]
},
{
"Sid": "AllowRedshiftManagment",
"Action": [
"redshift:CreateCluster",
"redshift:CreateTags",
"redshift:DeleteCluster",
"redshift:DeleteTags",
"redshift:DescribeClusters",
"redshift:DescribeTags",
"redshift:ModifyCluster",
"redshift:RebootCluster"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
36 changes: 0 additions & 36 deletions hacking/aws_config/testing_policies/efs-policy.json
View file

This file was deleted.

54 changes: 0 additions & 54 deletions hacking/aws_config/testing_policies/kms-policy.json
View file

This file was deleted.

20 changes: 0 additions & 20 deletions hacking/aws_config/testing_policies/redshift-policy.json
View file

This file was deleted.

61 changes: 58 additions & 3 deletions hacking/aws_config/testing_policies/security-policy.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,6 @@
"Effect": "Allow",
"Sid": "AllowReplacementOfSpecificInstanceProfiles"
},

{
"Sid": "AllowWAFusage",
"Action": "waf:*",
Expand Down Expand Up @@ -93,10 +92,66 @@
]
},
{
"Sid": "AllowWAFRegionalusage",
"Action": "waf-regional:*",
"Sid": "AllowSTSAnsibleTests",
"Action": [
"iam:CreateRole",
"iam:DeleteRole",
"iam:DetachRolePolicy",
"sts:AssumeRole",
"iam:AttachRolePolicy",
"iam:CreateInstanceProfile"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::{{aws_account}}:role/ansible-test-sts-*",
"arn:aws:iam::{{aws_account}}:instance-profile/ansible-test-sts-*"
]
},
{
"Sid": "AllowAccessToUnspecifiedKMSResources",
"Effect": "Allow",
"Action": [
"kms:CancelKeyDeletion",
"kms:CreateAlias",
"kms:CreateGrant",
"kms:CreateKey",
"kms:DeleteAlias",
"kms:Describe*",
"kms:DisableKey",
"kms:EnableKey",
"kms:GenerateRandom",
"kms:Get*",
"kms:List*",
"kms:RetireGrant",
"kms:ScheduleKeyDeletion",
"kms:TagResource",
"kms:UntagResource",
"kms:UpdateGrant",
"kms:UpdateKeyDescription"
],
"Resource": "*"
},
{
"Sid": "AllowAccessToSpecifiedIAMResources",
"Effect": "Allow",
"Action": [
"iam:CreateRole",
"iam:DeleteRole",
"iam:GetRole",
"iam:PassRole",
"iam:UpdateAssumeRolePolicy"
],
"Resource": "arn:aws:iam::{{aws_account}}:role/ansible-test-*"
},
{
"Sid": "AllowInstanceProfileCreation",
"Effect": "Allow",
"Action": [
"iam:AddRoleToInstanceProfile",
"iam:CreateInstanceProfile",
"iam:RemoveRoleFromInstanceProfile"
],
"Resource": "arn:aws:iam::{{aws_account}}:instance-profile/ansible-test-*"
}
]
}
8 changes: 8 additions & 0 deletions hacking/aws_config/testing_policies/storage-policy.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,14 @@
],
"Effect": "Allow",
"Resource": "*"
},
{
"Sid": "ManageEFS",
"Effect": "Allow",
"Action": [
"elasticfilesystem:*"
],
"Resource": "*"
}
]
}
23 changes: 0 additions & 23 deletions hacking/aws_config/testing_policies/sts-policy.json
View file

This file was deleted.

0 ...books/roles/ecs_cluster/defaults/main.yml → ...ion/targets/ecs_cluster/defaults/main.yml
View file
File renamed without changes.
0 ...s/ecs_cluster/files/ec2-trust-policy.json → ...s/ecs_cluster/files/ec2-trust-policy.json
View file
File renamed without changes.
0 ...s/ecs_cluster/files/ecs-trust-policy.json → ...s/ecs_cluster/files/ecs-trust-policy.json
View file
File renamed without changes.
2 changes: 2 additions & 0 deletions test/integration/targets/ecs_cluster/meta/main.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
dependencies:
- setup_remote_tmp_dir
6 changes: 0 additions & 6 deletions test/integration/targets/ecs_cluster/playbooks/full_test.yml
View file

This file was deleted.

130 changes: 0 additions & 130 deletions test/integration/targets/ecs_cluster/playbooks/network_assign_public_ip_fail.yml
View file

This file was deleted.

Loading

0 comments on commit 924352a

Please sign in to comment.