Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

s3_bucket/test: use one bucket per scenario #345

Merged
merged 1 commit into from
Apr 29, 2021
Merged

s3_bucket/test: use one bucket per scenario #345

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 16 additions & 14 deletions tests/integration/targets/s3_bucket/roles/s3_bucket/tasks/complex.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
---
- block:
- set_fact:
local_bucket_name: "{{ bucket_name | hash('md5')}}complex"
- name: 'Create more complex s3_bucket'
s3_bucket:
name: '{{ bucket_name }}'
name: "{{ local_bucket_name }}"
state: present
policy: "{{ lookup('template','policy.json') }}"
requester_pays: yes
Expand All @@ -15,7 +17,7 @@
- assert:
that:
- output is changed
- output.name == '{{ bucket_name }}'
- output.name == '{{ local_bucket_name }}'
- output.requester_pays
- output.versioning.MfaDelete == 'Disabled'
- output.versioning.Versioning == 'Enabled'
Expand All @@ -24,7 +26,7 @@
- output.policy.Statement[0].Action == 's3:GetObject'
- output.policy.Statement[0].Effect == 'Allow'
- output.policy.Statement[0].Principal == '*'
- output.policy.Statement[0].Resource == 'arn:aws:s3:::{{ bucket_name }}/*'
- output.policy.Statement[0].Resource == 'arn:aws:s3:::{{ local_bucket_name }}/*'
- output.policy.Statement[0].Sid == 'AddPerm'

# ============================================================
Expand All @@ -36,7 +38,7 @@

- name: 'Try to update the same complex s3_bucket'
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: present
policy: "{{ lookup('template','policy.json') }}"
requester_pays: yes
Expand All @@ -49,7 +51,7 @@
- assert:
that:
- output is not changed
- output.name == '{{ bucket_name }}'
- output.name == '{{ local_bucket_name }}'
- output.requester_pays
- output.versioning.MfaDelete == 'Disabled'
- output.versioning.Versioning == 'Enabled'
Expand All @@ -58,13 +60,13 @@
- output.policy.Statement[0].Action == 's3:GetObject'
- output.policy.Statement[0].Effect == 'Allow'
- output.policy.Statement[0].Principal == '*'
- output.policy.Statement[0].Resource == 'arn:aws:s3:::{{ bucket_name }}/*'
- output.policy.Statement[0].Resource == 'arn:aws:s3:::{{ local_bucket_name }}/*'
- output.policy.Statement[0].Sid == 'AddPerm'

# ============================================================
- name: 'Update bucket policy on complex bucket'
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: present
policy: "{{ lookup('template','policy-updated.json') }}"
requester_pays: yes
Expand All @@ -80,7 +82,7 @@
- output.policy.Statement[0].Action == 's3:GetObject'
- output.policy.Statement[0].Effect == 'Deny'
- output.policy.Statement[0].Principal.AWS == '*'
- output.policy.Statement[0].Resource == 'arn:aws:s3:::{{ bucket_name }}/*'
- output.policy.Statement[0].Resource == 'arn:aws:s3:::{{ local_bucket_name }}/*'
- output.policy.Statement[0].Sid == 'AddPerm'

# ============================================================
Expand All @@ -92,7 +94,7 @@

- name: Update attributes for s3_bucket
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: present
policy: "{{ lookup('template','policy.json') }}"
requester_pays: no
Expand All @@ -105,7 +107,7 @@
- assert:
that:
- output is changed
- output.name == '{{ bucket_name }}'
- output.name == '{{ local_bucket_name }}'
- not output.requester_pays
- output.versioning.MfaDelete == 'Disabled'
- output.versioning.Versioning in ['Suspended', 'Disabled']
Expand All @@ -114,12 +116,12 @@
- output.policy.Statement[0].Action == 's3:GetObject'
- output.policy.Statement[0].Effect == 'Allow'
- output.policy.Statement[0].Principal == '*'
- output.policy.Statement[0].Resource == 'arn:aws:s3:::{{ bucket_name }}/*'
- output.policy.Statement[0].Resource == 'arn:aws:s3:::{{ local_bucket_name }}/*'
- output.policy.Statement[0].Sid == 'AddPerm'

- name: 'Delete complex test bucket'
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: absent
register: output

Expand All @@ -129,7 +131,7 @@

- name: 'Re-delete complex test bucket'
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: absent
register: output

Expand All @@ -141,6 +143,6 @@
always:
- name: 'Ensure all buckets are deleted'
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: absent
ignore_errors: yes
13 changes: 7 additions & 6 deletions tests/integration/targets/s3_bucket/roles/s3_bucket/tasks/dotted.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,20 +2,21 @@
- block:
- name: 'Ensure bucket_name contains a .'
set_fact:
bucket_name: '{{ bucket_name }}.something'
local_bucket_name: "{{ bucket_name | hash('md5')}}.dotted"


# ============================================================
#
- name: 'Create bucket with dot in name'
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: present
register: output

- assert:
that:
- output is changed
- output.name == '{{ bucket_name }}'
- output.name == '{{ local_bucket_name }}'


# ============================================================
Expand All @@ -27,7 +28,7 @@

- name: 'Delete s3_bucket with dot in name'
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: absent
register: output

Expand All @@ -37,7 +38,7 @@

- name: 'Re-delete s3_bucket with dot in name'
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: absent
register: output

Expand All @@ -49,6 +50,6 @@
always:
- name: 'Ensure all buckets are deleted'
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: absent
ignore_errors: yes
17 changes: 9 additions & 8 deletions tests/integration/targets/s3_bucket/roles/s3_bucket/tasks/encryption_kms.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,18 +6,19 @@
security_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:

- set_fact:
local_bucket_name: "{{ bucket_name | hash('md5')}}e-kms"
# ============================================================

- name: 'Create a simple bucket'
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: present
register: output

- name: 'Enable aws:kms encryption with KMS master key'
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: present
encryption: "aws:kms"
register: output
Expand All @@ -30,7 +31,7 @@

- name: 'Re-enable aws:kms encryption with KMS master key (idempotent)'
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: present
encryption: "aws:kms"
register: output
Expand All @@ -45,7 +46,7 @@

- name: Disable encryption from bucket
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: present
encryption: "none"
register: output
Expand All @@ -57,7 +58,7 @@

- name: Disable encryption from bucket
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: present
encryption: "none"
register: output
Expand All @@ -71,7 +72,7 @@

- name: Delete encryption test s3 bucket
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: absent
register: output

Expand All @@ -83,6 +84,6 @@
always:
- name: Ensure all buckets are deleted
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: absent
ignore_errors: yes
17 changes: 9 additions & 8 deletions tests/integration/targets/s3_bucket/roles/s3_bucket/tasks/encryption_sse.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,18 +6,19 @@
security_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:

- set_fact:
local_bucket_name: "{{ bucket_name | hash('md5')}}e-sse"
# ============================================================

- name: 'Create a simple bucket'
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: present
register: output

- name: 'Enable AES256 encryption'
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: present
encryption: 'AES256'
register: output
Expand All @@ -30,7 +31,7 @@

- name: 'Re-enable AES256 encryption (idempotency)'
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: present
encryption: 'AES256'
register: output
Expand All @@ -45,7 +46,7 @@

- name: Disable encryption from bucket
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: present
encryption: "none"
register: output
Expand All @@ -57,7 +58,7 @@

- name: Disable encryption from bucket
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: present
encryption: "none"
register: output
Expand All @@ -71,7 +72,7 @@

- name: Delete encryption test s3 bucket
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: absent
register: output

Expand All @@ -83,6 +84,6 @@
always:
- name: Ensure all buckets are deleted
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: absent
ignore_errors: yes
6 changes: 4 additions & 2 deletions tests/integration/targets/s3_bucket/roles/s3_bucket/tasks/missing.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,16 @@
---
- name: 'Attempt to delete non-existent buckets'
block:
- set_fact:
local_bucket_name: "{{ bucket_name | hash('md5')}}-missing"
# ============================================================
#
# While in theory the 'simple' test case covers this there are
# ways in which eventual-consistency could catch us out.
#
- name: 'Delete non-existstent s3_bucket (never created)'
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: absent
register: output

Expand All @@ -21,6 +23,6 @@
always:
- name: 'Ensure all buckets are deleted'
s3_bucket:
name: '{{ bucket_name }}'
name: '{{ local_bucket_name }}'
state: absent
ignore_errors: yes
Loading