diff options
| author | Mark Chappell <mchappel@redhat.com> | 2019-09-20 22:26:29 +0200 |
|---|---|---|
| committer | Jill R <4121322+jillr@users.noreply.github.com> | 2019-09-20 22:26:29 +0200 |
| commit | 40660e7f6eccda1729b24ba53e7dc6c18a766271 (patch) | |
| tree | 3ba05a40c5f06da5209ff2aa9a374cd4c3ff1dcd /hacking | |
| parent | doc: fix typo (#62668) (diff) | |
| download | ansible-40660e7f6eccda1729b24ba53e7dc6c18a766271.tar.xz ansible-40660e7f6eccda1729b24ba53e7dc6c18a766271.zip | |
iam_role : support managing max session duration and deleting the instance profile it creates (#62014)
* iam_role: Add support for managing MaxSessionDuration
* iam_role: Add support for deleting the IAM Instance Profiles we created
* iam_role: migrate all boto failures to fail_json_aws for consistency
* iam_role: test validity of path so we can throw a more understandable error
* iam_role: (integration tests) Split iam_role integration tests from sts_assume_role tests
- Make the iam_role tests more comprehensive
- Add tests for iam_role_info
* iam_role: (integration tests) Make some of our pauses optional
If the tests appear to be flakey we may need to enable standard_pauses
Diffstat (limited to 'hacking')
| -rw-r--r-- | hacking/aws_config/testing_policies/security-policy.json | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/hacking/aws_config/testing_policies/security-policy.json b/hacking/aws_config/testing_policies/security-policy.json index 9aee5ab7d4..67c08e17cc 100644 --- a/hacking/aws_config/testing_policies/security-policy.json +++ b/hacking/aws_config/testing_policies/security-policy.json @@ -29,12 +29,29 @@ }, { "Action": [ + "iam:CreatePolicy", + "iam:ListPolicyVersions", + "iam:ListEntitiesForPolicy", + "iam:DeletePolicy" + ], + "Resource": "arn:aws:iam::{{ aws_account }}:policy/ansible-test-*", + "Effect": "Allow", + "Sid": "AllowManagementOfSpecificPolicies" + }, + { + "Action": [ "iam:AttachRolePolicy", "iam:CreateRole", "iam:DeleteRole", + "iam:DeleteRolePolicy", + "iam:DeleteRolePermissionsBoundary", "iam:DetachRolePolicy", "iam:PassRole", + "iam:PutRolePolicy", + "iam:PutRolePermissionsBoundary", "iam:UpdateAssumeRolePolicy", + "iam:UpdateRole", + "iam:UpdateRoleDescription", "sts:AssumeRole" ], "Resource": "arn:aws:iam::{{ aws_account }}:role/ansible-test-*", |