-
Notifications
You must be signed in to change notification settings - Fork 336
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Promote modules iam_role and iam_role_info #1757
Promote modules iam_role and iam_role_info #1757
Conversation
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 8m 39s |
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 3m 59s |
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 4m 25s |
…ansible-collections#1757) config_rule - Fix Idempotency by Ignoring `EvaluationModes` Parameter SUMMARY config_rule module currently always returns changed = True. I believe this is due to EvaluationModes parameter recently added to describe_config_rules method output. ISSUE TYPE Bugfix Pull Request COMPONENT NAME config_rule ADDITIONAL INFORMATION Example configuration: - community.aws.config_rule: name: cloudwatch-log-group-encrypted description: Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK). source: identifier: CLOUDWATCH_LOG_GROUP_ENCRYPTED owner: AWS Expected result: first execution returns changed = True, subsequent executions return changed = False. Current behavior: every execution returns changed = True. This is because update_resource method ends up comparing: {'ConfigRuleName': 'cloudwatch-log-group-encrypted', 'Description': 'Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).', 'Source': {'Owner': 'AWS', 'SourceIdentifier': 'CLOUDWATCH_LOG_GROUP_ENCRYPTED'}, 'ConfigRuleState': 'ACTIVE'} with: {'ConfigRuleName': 'cloudwatch-log-group-encrypted', 'Description': 'Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).', 'Source': {'Owner': 'AWS', 'SourceIdentifier': 'CLOUDWATCH_LOG_GROUP_ENCRYPTED'}, 'ConfigRuleState': 'ACTIVE', 'EvaluationModes': [{'Mode': 'DETECTIVE'}]} Reviewed-by: Markus Bergholz <[email protected]>
replaced by #1758 |
…ansible-collections#1757) config_rule - Fix Idempotency by Ignoring `EvaluationModes` Parameter SUMMARY config_rule module currently always returns changed = True. I believe this is due to EvaluationModes parameter recently added to describe_config_rules method output. ISSUE TYPE Bugfix Pull Request COMPONENT NAME config_rule ADDITIONAL INFORMATION Example configuration: - community.aws.config_rule: name: cloudwatch-log-group-encrypted description: Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK). source: identifier: CLOUDWATCH_LOG_GROUP_ENCRYPTED owner: AWS Expected result: first execution returns changed = True, subsequent executions return changed = False. Current behavior: every execution returns changed = True. This is because update_resource method ends up comparing: {'ConfigRuleName': 'cloudwatch-log-group-encrypted', 'Description': 'Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).', 'Source': {'Owner': 'AWS', 'SourceIdentifier': 'CLOUDWATCH_LOG_GROUP_ENCRYPTED'}, 'ConfigRuleState': 'ACTIVE'} with: {'ConfigRuleName': 'cloudwatch-log-group-encrypted', 'Description': 'Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).', 'Source': {'Owner': 'AWS', 'SourceIdentifier': 'CLOUDWATCH_LOG_GROUP_ENCRYPTED'}, 'ConfigRuleState': 'ACTIVE', 'EvaluationModes': [{'Mode': 'DETECTIVE'}]} Reviewed-by: Markus Bergholz <[email protected]>
…ansible-collections#1757) config_rule - Fix Idempotency by Ignoring `EvaluationModes` Parameter SUMMARY config_rule module currently always returns changed = True. I believe this is due to EvaluationModes parameter recently added to describe_config_rules method output. ISSUE TYPE Bugfix Pull Request COMPONENT NAME config_rule ADDITIONAL INFORMATION Example configuration: - community.aws.config_rule: name: cloudwatch-log-group-encrypted description: Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK). source: identifier: CLOUDWATCH_LOG_GROUP_ENCRYPTED owner: AWS Expected result: first execution returns changed = True, subsequent executions return changed = False. Current behavior: every execution returns changed = True. This is because update_resource method ends up comparing: {'ConfigRuleName': 'cloudwatch-log-group-encrypted', 'Description': 'Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).', 'Source': {'Owner': 'AWS', 'SourceIdentifier': 'CLOUDWATCH_LOG_GROUP_ENCRYPTED'}, 'ConfigRuleState': 'ACTIVE'} with: {'ConfigRuleName': 'cloudwatch-log-group-encrypted', 'Description': 'Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).', 'Source': {'Owner': 'AWS', 'SourceIdentifier': 'CLOUDWATCH_LOG_GROUP_ENCRYPTED'}, 'ConfigRuleState': 'ACTIVE', 'EvaluationModes': [{'Mode': 'DETECTIVE'}]} Reviewed-by: Markus Bergholz <[email protected]> This commit was initially merged in https://github.com/ansible-collections/community.aws See: ansible-collections/community.aws@3ce5718
…ansible-collections#1757) config_rule - Fix Idempotency by Ignoring `EvaluationModes` Parameter SUMMARY config_rule module currently always returns changed = True. I believe this is due to EvaluationModes parameter recently added to describe_config_rules method output. ISSUE TYPE Bugfix Pull Request COMPONENT NAME config_rule ADDITIONAL INFORMATION Example configuration: - community.aws.config_rule: name: cloudwatch-log-group-encrypted description: Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK). source: identifier: CLOUDWATCH_LOG_GROUP_ENCRYPTED owner: AWS Expected result: first execution returns changed = True, subsequent executions return changed = False. Current behavior: every execution returns changed = True. This is because update_resource method ends up comparing: {'ConfigRuleName': 'cloudwatch-log-group-encrypted', 'Description': 'Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).', 'Source': {'Owner': 'AWS', 'SourceIdentifier': 'CLOUDWATCH_LOG_GROUP_ENCRYPTED'}, 'ConfigRuleState': 'ACTIVE'} with: {'ConfigRuleName': 'cloudwatch-log-group-encrypted', 'Description': 'Checks if a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).', 'Source': {'Owner': 'AWS', 'SourceIdentifier': 'CLOUDWATCH_LOG_GROUP_ENCRYPTED'}, 'ConfigRuleState': 'ACTIVE', 'EvaluationModes': [{'Mode': 'DETECTIVE'}]} Reviewed-by: Markus Bergholz <[email protected]>
SUMMARY
Migrate modules
iam_role
andiam_role_info
fromcommunity.aws
Apply deprecations:
iam_role
: module returns role information into iam_role onlyiam_role
andiam_role_info
: keys from returned propertyassume_role_policy_document
are no longer snake-casedISSUE TYPE
COMPONENT NAME
iam_role
iam_role_info