cloudtrail: Initial integration tests (#61919)

author: Mark Chappell <mchappel@redhat.com> 2019-09-21 03:46:37 +0200
committer: Jill R <4121322+jillr@users.noreply.github.com> 2019-09-20 18:46:37 -0700
commit: 0239f706486ad777b146c6bcf56277064bcb2ae6 (patch)
tree: a6635aa57d414b7b58ffad960f8fa7a744ce667b /hacking
parent: 40660e7f6eccda1729b24ba53e7dc6c18a766271 (diff)
download: ansible-0239f706486ad777b146c6bcf56277064bcb2ae6.tar.gz
2 files changed, 26 insertions, 4 deletions
diff --git a/hacking/aws_config/testing_policies/security-policy.json b/hacking/aws_config/testing_policies/security-policy.json
index 67c08e17cc..e38842ef55 100644
--- a/hacking/aws_config/testing_policies/security-policy.json
+++ b/hacking/aws_config/testing_policies/security-policy.json
@@ -46,6 +46,7 @@
                 "iam:DeleteRolePolicy",
                 "iam:DeleteRolePermissionsBoundary",
                 "iam:DetachRolePolicy",
+                "iam:PutRolePolicy",
                 "iam:PassRole",
                 "iam:PutRolePolicy",
                 "iam:PutRolePermissionsBoundary",
@@ -99,6 +100,28 @@
             ]
         },
         {
+            "Sid": "AllowModifyingCloudtrail",
+            "Effect": "Allow",
+            "Action": [
+                "cloudtrail:*"
+            ],
+            "Resource": [
+                "arn:aws:cloudtrail:{{aws_region}}:{{aws_account}}:trail/ansible-test-*"
+            ]
+        },
+        {
+            "Sid": "AllowDescribingCloudtrails",
+            "Effect": "Allow",
+            "Action": [
+                "cloudtrail:DescribeTrails",
+                "cloudtrail:ListTags",
+                "cloudtrail:ListPublicKeys"
+            ],
+            "Resource": [
+                "*"
+            ]
+        },
+        {
             "Sid": "AllowModifyingCloudwatchLogs",
             "Effect": "Allow",
             "Action": [
@@ -107,7 +130,7 @@
                 "logs:DeleteLogGroup"
             ],
             "Resource": [
-                "arn:aws:logs:{{aws_region}}:{{aws_account}}:log-group:ansible-testing*"
+                "arn:aws:logs:{{aws_region}}:{{aws_account}}:log-group:ansible-test*"
             ]
         },
         {
diff --git a/hacking/aws_config/testing_policies/storage-policy.json b/hacking/aws_config/testing_policies/storage-policy.json
index e48aad64c8..91dc6706d2 100644
--- a/hacking/aws_config/testing_policies/storage-policy.json
+++ b/hacking/aws_config/testing_policies/storage-policy.json
@@ -5,8 +5,7 @@
             "Sid": "AllowS3AnsibleTestBuckets",
             "Action": [
                 "s3:CreateBucket",
-                "s3:DeleteBucket",
-                "s3:DeleteObject",
+                "s3:Delete*",
                 "s3:GetBucketPolicy",
                 "s3:GetBucketRequestPayment",
                 "s3:GetBucketTagging",
@@ -15,7 +14,7 @@
                 "s3:GetObject",
                 "s3:GetBucketNotification",
                 "s3:HeadBucket",
-                "s3:ListBucket",
+                "s3:List*",
                 "s3:PutBucketAcl",
                 "s3:PutBucketPolicy",
                 "s3:PutBucketRequestPayment",
author	Mark Chappell <mchappel@redhat.com>	2019-09-21 03:46:37 +0200
committer	Jill R <4121322+jillr@users.noreply.github.com>	2019-09-20 18:46:37 -0700
commit	0239f706486ad777b146c6bcf56277064bcb2ae6 (patch)
tree	a6635aa57d414b7b58ffad960f8fa7a744ce667b /hacking
parent	40660e7f6eccda1729b24ba53e7dc6c18a766271 (diff)
download	ansible-0239f706486ad777b146c6bcf56277064bcb2ae6.tar.gz