Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Promote modules iam_role and iam_role_info #1757

Closed
wants to merge 5 commits into from
Closed

Promote modules iam_role and iam_role_info #1757

wants to merge 5 commits into from

Conversation

abikouo
Copy link
Contributor

@abikouo abikouo commented Sep 15, 2023

SUMMARY

Migrate modules iam_role and iam_role_info from community.aws
Apply deprecations:

  • iam_role: module returns role information into iam_role only
  • iam_role and iam_role_info: keys from returned property assume_role_policy_document are no longer snake-cased
ISSUE TYPE
  • New Module Pull Request
COMPONENT NAME

iam_role
iam_role_info

@abikouo abikouo mentioned this pull request Sep 15, 2023
Merged
@softwarefactory-project-zuul
Copy link
Contributor

Build succeeded.
https://ansible.softwarefactory-project.io/zuul/buildset/f1c558006cc34016b7803359286ca78d

✔️ ansible-galaxy-importer SUCCESS in 8m 39s
✔️ build-ansible-collection SUCCESS in 12m 56s
✔️ ansible-test-splitter SUCCESS in 4m 39s
✔️ integration-amazon.aws-1 SUCCESS in 6m 45s
✔️ integration-community.aws-1 SUCCESS in 7m 47s
Skipped 42 jobs

@softwarefactory-project-zuul
Copy link
Contributor

Build succeeded.
https://ansible.softwarefactory-project.io/zuul/buildset/69f97d9703c345d3b1e8d3306cc9a0b7

✔️ ansible-galaxy-importer SUCCESS in 3m 59s
✔️ build-ansible-collection SUCCESS in 13m 43s
✔️ ansible-test-splitter SUCCESS in 4m 51s
✔️ integration-amazon.aws-1 SUCCESS in 8m 09s
✔️ integration-community.aws-1 SUCCESS in 6m 41s
Skipped 42 jobs

@softwarefactory-project-zuul
Copy link
Contributor

Build succeeded.
https://ansible.softwarefactory-project.io/zuul/buildset/234fc5288d1542d1a3e248ebde2e7ee6

✔️ ansible-galaxy-importer SUCCESS in 4m 25s
✔️ build-ansible-collection SUCCESS in 13m 07s
✔️ ansible-test-splitter SUCCESS in 5m 02s
✔️ integration-amazon.aws-1 SUCCESS in 9m 20s
✔️ integration-community.aws-1 SUCCESS in 8m 53s
Skipped 42 jobs

abikouo pushed a commit to abikouo/amazon.aws that referenced this pull request Sep 18, 2023
@ichekaldin
config_rule - Fix Idempotency by Ignoring EvaluationModes Parameter (
21971a3 
…ansible-collections#1757)

config_rule - Fix Idempotency by Ignoring `EvaluationModes` Parameter

SUMMARY
config_rule module currently always returns changed = True.
I believe this is due to EvaluationModes parameter recently added to describe_config_rules method output.

ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME

config_rule
ADDITIONAL INFORMATION


Example configuration:

- community.aws.config_rule:
  name: cloudwatch-log-group-encrypted
  description: Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).
  source:
    identifier: CLOUDWATCH_LOG_GROUP_ENCRYPTED
    owner: AWS

Expected result: first execution returns changed = True, subsequent executions return changed = False.
Current behavior: every execution returns changed = True.
This is because update_resource method ends up comparing:
{'ConfigRuleName': 'cloudwatch-log-group-encrypted', 'Description': 'Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).', 'Source': {'Owner': 'AWS', 'SourceIdentifier': 'CLOUDWATCH_LOG_GROUP_ENCRYPTED'}, 'ConfigRuleState': 'ACTIVE'}

with:
{'ConfigRuleName': 'cloudwatch-log-group-encrypted', 'Description': 'Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).', 'Source': {'Owner': 'AWS', 'SourceIdentifier': 'CLOUDWATCH_LOG_GROUP_ENCRYPTED'}, 'ConfigRuleState': 'ACTIVE', 'EvaluationModes': [{'Mode': 'DETECTIVE'}]}

Reviewed-by: Markus Bergholz <[email protected]>
@abikouo
Copy link
Contributor Author

abikouo commented Sep 18, 2023

replaced by #1758

abikouo pushed a commit to abikouo/amazon.aws that referenced this pull request Sep 18, 2023
@ichekaldin @abikouo
config_rule - Fix Idempotency by Ignoring EvaluationModes Parameter (
6736960 
…ansible-collections#1757)

config_rule - Fix Idempotency by Ignoring `EvaluationModes` Parameter

SUMMARY
config_rule module currently always returns changed = True.
I believe this is due to EvaluationModes parameter recently added to describe_config_rules method output.

ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME

config_rule
ADDITIONAL INFORMATION


Example configuration:

- community.aws.config_rule:
  name: cloudwatch-log-group-encrypted
  description: Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).
  source:
    identifier: CLOUDWATCH_LOG_GROUP_ENCRYPTED
    owner: AWS

Expected result: first execution returns changed = True, subsequent executions return changed = False.
Current behavior: every execution returns changed = True.
This is because update_resource method ends up comparing:
{'ConfigRuleName': 'cloudwatch-log-group-encrypted', 'Description': 'Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).', 'Source': {'Owner': 'AWS', 'SourceIdentifier': 'CLOUDWATCH_LOG_GROUP_ENCRYPTED'}, 'ConfigRuleState': 'ACTIVE'}

with:
{'ConfigRuleName': 'cloudwatch-log-group-encrypted', 'Description': 'Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).', 'Source': {'Owner': 'AWS', 'SourceIdentifier': 'CLOUDWATCH_LOG_GROUP_ENCRYPTED'}, 'ConfigRuleState': 'ACTIVE', 'EvaluationModes': [{'Mode': 'DETECTIVE'}]}

Reviewed-by: Markus Bergholz <[email protected]>
@tremble tremble closed this Sep 19, 2023
abikouo pushed a commit to abikouo/amazon.aws that referenced this pull request Oct 20, 2023
@ichekaldin @abikouo
config_rule - Fix Idempotency by Ignoring EvaluationModes Parameter (
b8b41cf 
…ansible-collections#1757)

config_rule - Fix Idempotency by Ignoring `EvaluationModes` Parameter

SUMMARY
config_rule module currently always returns changed = True.
I believe this is due to EvaluationModes parameter recently added to describe_config_rules method output.

ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME

config_rule
ADDITIONAL INFORMATION

Example configuration:

- community.aws.config_rule:
  name: cloudwatch-log-group-encrypted
  description: Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).
  source:
    identifier: CLOUDWATCH_LOG_GROUP_ENCRYPTED
    owner: AWS

Expected result: first execution returns changed = True, subsequent executions return changed = False.
Current behavior: every execution returns changed = True.
This is because update_resource method ends up comparing:
{'ConfigRuleName': 'cloudwatch-log-group-encrypted', 'Description': 'Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).', 'Source': {'Owner': 'AWS', 'SourceIdentifier': 'CLOUDWATCH_LOG_GROUP_ENCRYPTED'}, 'ConfigRuleState': 'ACTIVE'}

with:
{'ConfigRuleName': 'cloudwatch-log-group-encrypted', 'Description': 'Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).', 'Source': {'Owner': 'AWS', 'SourceIdentifier': 'CLOUDWATCH_LOG_GROUP_ENCRYPTED'}, 'ConfigRuleState': 'ACTIVE', 'EvaluationModes': [{'Mode': 'DETECTIVE'}]}

Reviewed-by: Markus Bergholz <[email protected]>

This commit was initially merged in https://github.com/ansible-collections/community.aws
See: ansible-collections/community.aws@3ce5718
abikouo pushed a commit to abikouo/amazon.aws that referenced this pull request Oct 24, 2023
@ichekaldin
config_rule - Fix Idempotency by Ignoring EvaluationModes Parameter (
3ce5718 
…ansible-collections#1757)

config_rule - Fix Idempotency by Ignoring `EvaluationModes` Parameter

SUMMARY
config_rule module currently always returns changed = True.
I believe this is due to EvaluationModes parameter recently added to describe_config_rules method output.

ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME

config_rule
ADDITIONAL INFORMATION


Example configuration:

- community.aws.config_rule:
  name: cloudwatch-log-group-encrypted
  description: Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).
  source:
    identifier: CLOUDWATCH_LOG_GROUP_ENCRYPTED
    owner: AWS

Expected result: first execution returns changed = True, subsequent executions return changed = False.
Current behavior: every execution returns changed = True.
This is because update_resource method ends up comparing:
{'ConfigRuleName': 'cloudwatch-log-group-encrypted', 'Description': 'Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).', 'Source': {'Owner': 'AWS', 'SourceIdentifier': 'CLOUDWATCH_LOG_GROUP_ENCRYPTED'}, 'ConfigRuleState': 'ACTIVE'}

with:
{'ConfigRuleName': 'cloudwatch-log-group-encrypted', 'Description': 'Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).', 'Source': {'Owner': 'AWS', 'SourceIdentifier': 'CLOUDWATCH_LOG_GROUP_ENCRYPTED'}, 'ConfigRuleState': 'ACTIVE', 'EvaluationModes': [{'Mode': 'DETECTIVE'}]}

Reviewed-by: Markus Bergholz <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@abikouo @tremble