Improve iam_group exception handling (#45599)

* Improve iam_group exception handling Use AnsibleAWSModule for iam_group and handle BotoCoreErrors as well as ClientErrors. Use fail_json_aws to improve error messages * Add minimal iam_group test suite Update some of the read-only IAM permissions (this is not sufficient to run the test suite but it gets further than it did until it tries to add a (non-existent) user) * Clean up after tests
2026-05-07 05:42:50 +00:00 · 2018-09-18 09:53:44 +10:00
parent 5c49641798
commit d2569a3f7d
4 changed files with 115 additions and 78 deletions
--- a/test/integration/targets/iam_group/aliases
+++ b/test/integration/targets/iam_group/aliases
@@ -0,0 +1,2 @@
+unsupported
+cloud/aws
--- a/test/integration/targets/iam_group/tasks/main.yml
+++ b/test/integration/targets/iam_group/tasks/main.yml
@@ -0,0 +1,70 @@
+- name: set up aws connection info
+  set_fact:
+    aws_connection_info: &aws_connection_info
+      aws_access_key: "{{ aws_access_key }}"
+      aws_secret_key: "{{ aws_secret_key }}"
+      security_token: "{{ security_token }}"
+      region: "{{ aws_region }}"
+  no_log: yes
+
+- name: ensure ansible user exists
+  iam_user:
+    name: AnsibleTestUser
+    state: present
+    <<: *aws_connection_info
+
+- name: ensure group exists
+  iam_group:
+    name: ansible_test
+    users:
+      - AnsibleTestUser
+    state: present
+    <<: *aws_connection_info
+  register: iam_group
+
+- assert:
+    that:
+      - iam_group.users
+
+- name: add non existent user to group
+  iam_group:
+    name: ansible_test
+    users:
+      - AnsibleTestUser
+      - NonExistentUser
+    state: present
+    <<: *aws_connection_info
+  ignore_errors: yes
+  register: iam_group
+
+- name: assert that adding non existent user to group fails with helpful message
+  assert:
+    that:
+      - iam_group is failed
+      - iam_group.msg.startswith("Couldn't add user NonExistentUser to group ansible_test")
+
+- name: remove a user
+  iam_group:
+    name: ansible_test
+    purge_users: True
+    users: []
+    state: present
+    <<: *aws_connection_info
+  register: iam_group
+
+- assert:
+    that:
+      - iam_group.changed
+      - not iam_group.users
+
+- name: remove group
+  iam_group:
+    name: ansible_test
+    state: absent
+    <<: *aws_connection_info
+
+- name: remove ansible user
+  iam_user:
+    name: AnsibleTestUser
+    state: absent
+    <<: *aws_connection_info