diff options
author | Mark Chappell <mchappel@redhat.com> | 2019-09-21 03:46:37 +0200 |
---|---|---|
committer | Jill R <4121322+jillr@users.noreply.github.com> | 2019-09-20 18:46:37 -0700 |
commit | 0239f706486ad777b146c6bcf56277064bcb2ae6 (patch) | |
tree | a6635aa57d414b7b58ffad960f8fa7a744ce667b /hacking | |
parent | 40660e7f6eccda1729b24ba53e7dc6c18a766271 (diff) | |
download | ansible-0239f706486ad777b146c6bcf56277064bcb2ae6.tar.gz |
cloudtrail: Initial integration tests (#61919)
Diffstat (limited to 'hacking')
-rw-r--r-- | hacking/aws_config/testing_policies/security-policy.json | 25 | ||||
-rw-r--r-- | hacking/aws_config/testing_policies/storage-policy.json | 5 |
2 files changed, 26 insertions, 4 deletions
diff --git a/hacking/aws_config/testing_policies/security-policy.json b/hacking/aws_config/testing_policies/security-policy.json index 67c08e17cc..e38842ef55 100644 --- a/hacking/aws_config/testing_policies/security-policy.json +++ b/hacking/aws_config/testing_policies/security-policy.json @@ -46,6 +46,7 @@ "iam:DeleteRolePolicy", "iam:DeleteRolePermissionsBoundary", "iam:DetachRolePolicy", + "iam:PutRolePolicy", "iam:PassRole", "iam:PutRolePolicy", "iam:PutRolePermissionsBoundary", @@ -99,6 +100,28 @@ ] }, { + "Sid": "AllowModifyingCloudtrail", + "Effect": "Allow", + "Action": [ + "cloudtrail:*" + ], + "Resource": [ + "arn:aws:cloudtrail:{{aws_region}}:{{aws_account}}:trail/ansible-test-*" + ] + }, + { + "Sid": "AllowDescribingCloudtrails", + "Effect": "Allow", + "Action": [ + "cloudtrail:DescribeTrails", + "cloudtrail:ListTags", + "cloudtrail:ListPublicKeys" + ], + "Resource": [ + "*" + ] + }, + { "Sid": "AllowModifyingCloudwatchLogs", "Effect": "Allow", "Action": [ @@ -107,7 +130,7 @@ "logs:DeleteLogGroup" ], "Resource": [ - "arn:aws:logs:{{aws_region}}:{{aws_account}}:log-group:ansible-testing*" + "arn:aws:logs:{{aws_region}}:{{aws_account}}:log-group:ansible-test*" ] }, { diff --git a/hacking/aws_config/testing_policies/storage-policy.json b/hacking/aws_config/testing_policies/storage-policy.json index e48aad64c8..91dc6706d2 100644 --- a/hacking/aws_config/testing_policies/storage-policy.json +++ b/hacking/aws_config/testing_policies/storage-policy.json @@ -5,8 +5,7 @@ "Sid": "AllowS3AnsibleTestBuckets", "Action": [ "s3:CreateBucket", - "s3:DeleteBucket", - "s3:DeleteObject", + "s3:Delete*", "s3:GetBucketPolicy", "s3:GetBucketRequestPayment", "s3:GetBucketTagging", @@ -15,7 +14,7 @@ "s3:GetObject", "s3:GetBucketNotification", "s3:HeadBucket", - "s3:ListBucket", + "s3:List*", "s3:PutBucketAcl", "s3:PutBucketPolicy", "s3:PutBucketRequestPayment", |