* AWS IAM Sanity test cleanup
(cherry picked from commit fd54c54b51
)
This commit is contained in:
parent
c30e340094
commit
b4cb407b4b
9 changed files with 61 additions and 31 deletions
|
@ -23,56 +23,70 @@ options:
|
|||
description:
|
||||
- Type of IAM resource
|
||||
choices: ["user", "group", "role"]
|
||||
type: str
|
||||
name:
|
||||
description:
|
||||
- Name of IAM resource to create or identify
|
||||
required: true
|
||||
type: str
|
||||
new_name:
|
||||
description:
|
||||
- When state is update, will replace name with new_name on IAM resource
|
||||
type: str
|
||||
new_path:
|
||||
description:
|
||||
- When state is update, will replace the path with new_path on the IAM resource
|
||||
type: str
|
||||
state:
|
||||
description:
|
||||
- Whether to create, delete or update the IAM resource. Note, roles cannot be updated.
|
||||
required: true
|
||||
choices: [ "present", "absent", "update" ]
|
||||
type: str
|
||||
path:
|
||||
description:
|
||||
- When creating or updating, specify the desired path of the resource. If state is present,
|
||||
it will replace the current path to match what is passed in when they do not match.
|
||||
default: "/"
|
||||
type: str
|
||||
trust_policy:
|
||||
description:
|
||||
- The inline (JSON or YAML) trust policy document that grants an entity permission to assume the role. Mutually exclusive with C(trust_policy_filepath).
|
||||
version_added: "2.2"
|
||||
type: dict
|
||||
trust_policy_filepath:
|
||||
description:
|
||||
- The path to the trust policy document that grants an entity permission to assume the role. Mutually exclusive with C(trust_policy).
|
||||
version_added: "2.2"
|
||||
type: str
|
||||
access_key_state:
|
||||
description:
|
||||
- When type is user, it creates, removes, deactivates or activates a user's access key(s). Note that actions apply only to keys specified.
|
||||
choices: [ "create", "remove", "active", "inactive"]
|
||||
choices: [ "create", "remove", "active", "inactive", "Create", "Remove", "Active", "Inactive"]
|
||||
type: str
|
||||
key_count:
|
||||
description:
|
||||
- When access_key_state is create it will ensure this quantity of keys are present. Defaults to 1.
|
||||
default: '1'
|
||||
default: 1
|
||||
type: int
|
||||
access_key_ids:
|
||||
description:
|
||||
- A list of the keys that you want impacted by the access_key_state parameter.
|
||||
type: list
|
||||
groups:
|
||||
description:
|
||||
- A list of groups the user should belong to. When update, will gracefully remove groups not listed.
|
||||
type: list
|
||||
password:
|
||||
description:
|
||||
- When type is user and state is present, define the users login password. Also works with update. Note that always returns changed.
|
||||
type: str
|
||||
update_password:
|
||||
default: always
|
||||
choices: ['always', 'on_create']
|
||||
description:
|
||||
- C(always) will update passwords if they differ. C(on_create) will only set the password for newly created users.
|
||||
type: str
|
||||
notes:
|
||||
- 'Currently boto does not support the removal of Managed Policies, the module will error out if your
|
||||
user/group/role has managed policies when you try to do state=absent. They will need to be removed manually.'
|
||||
|
@ -603,11 +617,9 @@ def delete_role(module, iam, name, role_list, prof_list):
|
|||
def main():
|
||||
argument_spec = ec2_argument_spec()
|
||||
argument_spec.update(dict(
|
||||
iam_type=dict(
|
||||
default=None, required=True, choices=['user', 'group', 'role']),
|
||||
iam_type=dict(required=True, choices=['user', 'group', 'role']),
|
||||
groups=dict(type='list', default=None, required=False),
|
||||
state=dict(
|
||||
default=None, required=True, choices=['present', 'absent', 'update']),
|
||||
state=dict(required=True, choices=['present', 'absent', 'update']),
|
||||
password=dict(default=None, required=False, no_log=True),
|
||||
update_password=dict(default='always', required=False, choices=['always', 'on_create']),
|
||||
access_key_state=dict(default=None, required=False, choices=[
|
||||
|
|
|
@ -13,6 +13,10 @@
|
|||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
from __future__ import absolute_import, division, print_function
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
@ -30,36 +34,44 @@ options:
|
|||
description:
|
||||
- Name of certificate to add, update or remove.
|
||||
required: true
|
||||
type: str
|
||||
new_name:
|
||||
description:
|
||||
- When state is present, this will update the name of the cert.
|
||||
- The cert, key and cert_chain parameters will be ignored if this is defined.
|
||||
type: str
|
||||
new_path:
|
||||
description:
|
||||
- When state is present, this will update the path of the cert.
|
||||
- The cert, key and cert_chain parameters will be ignored if this is defined.
|
||||
type: str
|
||||
state:
|
||||
description:
|
||||
- Whether to create(or update) or delete certificate.
|
||||
- If new_path or new_name is defined, specifying present will attempt to make an update these.
|
||||
required: true
|
||||
choices: [ "present", "absent" ]
|
||||
type: str
|
||||
path:
|
||||
description:
|
||||
- When creating or updating, specify the desired path of the certificate.
|
||||
default: "/"
|
||||
type: str
|
||||
cert_chain:
|
||||
description:
|
||||
- The path to, or content of the CA certificate chain in PEM encoded format.
|
||||
As of 2.4 content is accepted. If the parameter is not a file, it is assumed to be content.
|
||||
type: str
|
||||
cert:
|
||||
description:
|
||||
- The path to, or content of the certificate body in PEM encoded format.
|
||||
As of 2.4 content is accepted. If the parameter is not a file, it is assumed to be content.
|
||||
type: str
|
||||
key:
|
||||
description:
|
||||
- The path to, or content of the private key in PEM encoded format.
|
||||
As of 2.4 content is accepted. If the parameter is not a file, it is assumed to be content.
|
||||
type: str
|
||||
dup_ok:
|
||||
description:
|
||||
- By default the module will not upload a certificate that is already uploaded into AWS.
|
||||
|
|
|
@ -14,6 +14,9 @@
|
|||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
from __future__ import absolute_import, division, print_function
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
@ -33,19 +36,23 @@ options:
|
|||
description:
|
||||
- The name of the group to create.
|
||||
required: true
|
||||
type: str
|
||||
managed_policy:
|
||||
description:
|
||||
- A list of managed policy ARNs or friendly names to attach to the role. To embed an inline policy, use M(iam_policy).
|
||||
required: false
|
||||
type: list
|
||||
users:
|
||||
description:
|
||||
- A list of existing users to add as members of the group.
|
||||
required: false
|
||||
type: list
|
||||
state:
|
||||
description:
|
||||
- Create or remove the IAM group
|
||||
required: true
|
||||
choices: [ 'present', 'absent' ]
|
||||
type: str
|
||||
purge_policy:
|
||||
description:
|
||||
- Detach policy which not included in managed_policy list
|
||||
|
|
|
@ -22,27 +22,37 @@ options:
|
|||
description:
|
||||
- The name of the managed policy.
|
||||
required: True
|
||||
type: str
|
||||
policy_description:
|
||||
description:
|
||||
- A helpful description of this policy, this value is immutable and only set when creating a new policy.
|
||||
default: ''
|
||||
type: str
|
||||
policy:
|
||||
description:
|
||||
- A properly json formatted policy
|
||||
type: json
|
||||
make_default:
|
||||
description:
|
||||
- Make this revision the default revision.
|
||||
default: True
|
||||
type: bool
|
||||
only_version:
|
||||
description:
|
||||
- Remove all other non default revisions, if this is used with C(make_default) it will result in all other versions of this policy being deleted.
|
||||
type: bool
|
||||
default: 'no'
|
||||
default: false
|
||||
state:
|
||||
description:
|
||||
- Should this managed policy be present or absent. Set to absent to detach all entities from this policy and remove it if found.
|
||||
default: present
|
||||
choices: [ "present", "absent" ]
|
||||
type: str
|
||||
fail_on_delete:
|
||||
description:
|
||||
- The I(fail_on_delete) option does nothing.
|
||||
type: bool
|
||||
|
||||
author: "Dan Kozlowski (@dkhenry)"
|
||||
extends_documentation_fragment:
|
||||
- aws
|
||||
|
@ -277,7 +287,7 @@ def main():
|
|||
policy=dict(type='json'),
|
||||
make_default=dict(type='bool', default=True),
|
||||
only_version=dict(type='bool', default=False),
|
||||
fail_on_delete=dict(type='bool', default=True),
|
||||
fail_on_delete=dict(type='bool'),
|
||||
state=dict(default='present', choices=['present', 'absent']),
|
||||
))
|
||||
|
||||
|
|
|
@ -24,6 +24,7 @@ options:
|
|||
user_name:
|
||||
description:
|
||||
- The name of the user whose MFA devices will be listed
|
||||
type: str
|
||||
extends_documentation_fragment:
|
||||
- aws
|
||||
- ec2
|
||||
|
|
|
@ -28,11 +28,13 @@ options:
|
|||
- Specifies the overall state of the password policy.
|
||||
required: true
|
||||
choices: ['present', 'absent']
|
||||
type: str
|
||||
min_pw_length:
|
||||
description:
|
||||
- Minimum password length.
|
||||
default: 6
|
||||
aliases: [minimum_password_length]
|
||||
type: int
|
||||
require_symbols:
|
||||
description:
|
||||
- Require symbols in password.
|
||||
|
@ -65,11 +67,13 @@ options:
|
|||
do not expire automatically.
|
||||
default: 0
|
||||
aliases: [password_max_age]
|
||||
type: int
|
||||
pw_reuse_prevent:
|
||||
description:
|
||||
- Prevent re-use of passwords.
|
||||
default: 0
|
||||
aliases: [password_reuse_prevent, prevent_reuse]
|
||||
type: int
|
||||
pw_expire:
|
||||
description:
|
||||
- Prevents users from change an expired password.
|
||||
|
|
|
@ -26,6 +26,7 @@ options:
|
|||
description:
|
||||
- The name of the server certificate you are retrieving attributes for.
|
||||
required: true
|
||||
type: str
|
||||
extends_documentation_fragment:
|
||||
- aws
|
||||
- ec2
|
||||
|
|
|
@ -2,6 +2,9 @@
|
|||
# Copyright (c) 2017 Ansible Project
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
from __future__ import absolute_import, division, print_function
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
@ -19,15 +22,18 @@ options:
|
|||
description:
|
||||
- The name of the user to create.
|
||||
required: true
|
||||
type: str
|
||||
managed_policy:
|
||||
description:
|
||||
- A list of managed policy ARNs or friendly names to attach to the user. To embed an inline policy, use M(iam_policy).
|
||||
required: false
|
||||
type: list
|
||||
state:
|
||||
description:
|
||||
- Create or remove the IAM user
|
||||
required: true
|
||||
choices: [ 'present', 'absent' ]
|
||||
type: str
|
||||
purge_policy:
|
||||
description:
|
||||
- Detach policies which are not included in managed_policy list
|
||||
|
|
|
@ -947,24 +947,6 @@ lib/ansible/modules/cloud/amazon/execute_lambda.py metaclass-boilerplate
|
|||
lib/ansible/modules/cloud/amazon/execute_lambda.py validate-modules:doc-default-does-not-match-spec
|
||||
lib/ansible/modules/cloud/amazon/execute_lambda.py validate-modules:parameter-type-not-in-doc
|
||||
lib/ansible/modules/cloud/amazon/execute_lambda.py validate-modules:doc-missing-type
|
||||
lib/ansible/modules/cloud/amazon/iam.py validate-modules:no-default-for-required-parameter
|
||||
lib/ansible/modules/cloud/amazon/iam.py validate-modules:doc-choices-do-not-match-spec
|
||||
lib/ansible/modules/cloud/amazon/iam.py validate-modules:parameter-type-not-in-doc
|
||||
lib/ansible/modules/cloud/amazon/iam.py validate-modules:doc-missing-type
|
||||
lib/ansible/modules/cloud/amazon/iam_cert.py future-import-boilerplate
|
||||
lib/ansible/modules/cloud/amazon/iam_cert.py metaclass-boilerplate
|
||||
lib/ansible/modules/cloud/amazon/iam_cert.py validate-modules:doc-missing-type
|
||||
lib/ansible/modules/cloud/amazon/iam_group.py future-import-boilerplate
|
||||
lib/ansible/modules/cloud/amazon/iam_group.py metaclass-boilerplate
|
||||
lib/ansible/modules/cloud/amazon/iam_group.py validate-modules:parameter-type-not-in-doc
|
||||
lib/ansible/modules/cloud/amazon/iam_group.py validate-modules:doc-missing-type
|
||||
lib/ansible/modules/cloud/amazon/iam_managed_policy.py validate-modules:undocumented-parameter
|
||||
lib/ansible/modules/cloud/amazon/iam_managed_policy.py validate-modules:doc-default-does-not-match-spec
|
||||
lib/ansible/modules/cloud/amazon/iam_managed_policy.py validate-modules:parameter-type-not-in-doc
|
||||
lib/ansible/modules/cloud/amazon/iam_managed_policy.py validate-modules:doc-missing-type
|
||||
lib/ansible/modules/cloud/amazon/iam_mfa_device_info.py validate-modules:doc-missing-type
|
||||
lib/ansible/modules/cloud/amazon/iam_password_policy.py validate-modules:parameter-type-not-in-doc
|
||||
lib/ansible/modules/cloud/amazon/iam_password_policy.py validate-modules:doc-missing-type
|
||||
lib/ansible/modules/cloud/amazon/iam_policy.py future-import-boilerplate
|
||||
lib/ansible/modules/cloud/amazon/iam_policy.py metaclass-boilerplate
|
||||
lib/ansible/modules/cloud/amazon/iam_policy.py validate-modules:no-default-for-required-parameter
|
||||
|
@ -975,11 +957,6 @@ lib/ansible/modules/cloud/amazon/iam_role.py future-import-boilerplate
|
|||
lib/ansible/modules/cloud/amazon/iam_role.py metaclass-boilerplate
|
||||
lib/ansible/modules/cloud/amazon/iam_role.py validate-modules:parameter-type-not-in-doc
|
||||
lib/ansible/modules/cloud/amazon/iam_role_info.py validate-modules:doc-missing-type
|
||||
lib/ansible/modules/cloud/amazon/iam_server_certificate_info.py validate-modules:parameter-type-not-in-doc
|
||||
lib/ansible/modules/cloud/amazon/iam_user.py future-import-boilerplate
|
||||
lib/ansible/modules/cloud/amazon/iam_user.py metaclass-boilerplate
|
||||
lib/ansible/modules/cloud/amazon/iam_user.py validate-modules:parameter-type-not-in-doc
|
||||
lib/ansible/modules/cloud/amazon/iam_user.py validate-modules:doc-missing-type
|
||||
lib/ansible/modules/cloud/amazon/kinesis_stream.py pylint:blacklisted-name
|
||||
lib/ansible/modules/cloud/amazon/kinesis_stream.py validate-modules:no-default-for-required-parameter
|
||||
lib/ansible/modules/cloud/amazon/kinesis_stream.py validate-modules:doc-default-does-not-match-spec
|
||||
|
|
Loading…
Reference in a new issue