From 35359959de04d6848e437ac186645acaf78fa2e8 Mon Sep 17 00:00:00 2001
From: Mark Chappell <mchappel@redhat.com>
Date: Fri, 30 Aug 2019 20:25:37 +0200
Subject: [PATCH] aws_codecommit: Fix integration tests and Add support for
 updating the description (#61263)

* Update DevOps AWS policy
- Fix typos in permission names
- While AWS claims you can use 'arn:aws:codecommit:*' it errors unless you use '*'

* aws_codecommit: (integration tests) Migrate to module_defaults

* aws_codecommit: (integration tests) Fix integration tests

* aws_codecommit: (integration tests) Add tests for updating the description

* aws_codecommit: Add support for updating the description and rename "comment" option to "description"
---
 .../61263-aws_codecommit-description.yml      |  2 +
 .../testing_policies/devops-policy.json       |  8 +-
 .../modules/cloud/amazon/aws_codecommit.py    | 45 ++++++++--
 .../targets/aws_codecommit/tasks/main.yml     | 84 ++++++++++++++-----
 4 files changed, 105 insertions(+), 34 deletions(-)
 create mode 100644 changelogs/fragments/61263-aws_codecommit-description.yml

diff --git a/changelogs/fragments/61263-aws_codecommit-description.yml b/changelogs/fragments/61263-aws_codecommit-description.yml
new file mode 100644
index 00000000000..e3da4dff1e5
--- /dev/null
+++ b/changelogs/fragments/61263-aws_codecommit-description.yml
@@ -0,0 +1,2 @@
+minor_changes:
+  - aws_codecommit - Support updating the description
diff --git a/hacking/aws_config/testing_policies/devops-policy.json b/hacking/aws_config/testing_policies/devops-policy.json
index 3b8def2d65e..fa7359b6d08 100644
--- a/hacking/aws_config/testing_policies/devops-policy.json
+++ b/hacking/aws_config/testing_policies/devops-policy.json
@@ -6,12 +6,12 @@
         "Effect": "Allow",
         "Action": [
           "codecommit:ListRepositories",
-          "codecommit:CreateRepositories",
-          "codecommit:DeleteRpositories"
+          "codecommit:*Repository",
+          "codecommit:*RepositoryDescription"
         ],
         "Resource": [
-          "arn:aws:codecommit:*"
+          "*"
         ]
       }
     ]
-}
\ No newline at end of file
+}
diff --git a/lib/ansible/modules/cloud/amazon/aws_codecommit.py b/lib/ansible/modules/cloud/amazon/aws_codecommit.py
index 7a4454d40ee..ca674e4d5a9 100644
--- a/lib/ansible/modules/cloud/amazon/aws_codecommit.py
+++ b/lib/ansible/modules/cloud/amazon/aws_codecommit.py
@@ -27,10 +27,12 @@ options:
     description:
       - name of repository.
     required: true
-  comment:
+  description:
     description:
       - description or comment of repository.
     required: false
+    aliases:
+      - comment
   state:
     description:
       - Specifies the state of repository.
@@ -150,12 +152,20 @@ class CodeCommit(object):
     def process(self):
         result = dict(changed=False)
 
-        if self._module.params['state'] == 'present' and not self._repository_exists():
-            if not self._module.check_mode:
-                result = self._create_repository()
-            result['changed'] = True
+        if self._module.params['state'] == 'present':
+            if not self._repository_exists():
+                if not self._check_mode:
+                    result = self._create_repository()
+                result['changed'] = True
+            else:
+                metadata = self._get_repository()['repositoryMetadata']
+                if metadata['repositoryDescription'] != self._module.params['description']:
+                    if not self._check_mode:
+                        self._update_repository()
+                    result['changed'] = True
+                result.update(self._get_repository())
         if self._module.params['state'] == 'absent' and self._repository_exists():
-            if not self._module.check_mode:
+            if not self._check_mode:
                 result = self._delete_repository()
             result['changed'] = True
         return result
@@ -172,11 +182,30 @@ class CodeCommit(object):
             self._module.fail_json_aws(e, msg="couldn't get repository")
         return False
 
+    def _get_repository(self):
+        try:
+            result = self._client.get_repository(
+                repositoryName=self._module.params['name']
+            )
+        except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e:
+            self._module.fail_json_aws(e, msg="couldn't get repository")
+        return result
+
+    def _update_repository(self):
+        try:
+            result = self._client.update_repository_description(
+                repositoryName=self._module.params['name'],
+                repositoryDescription=self._module.params['description']
+            )
+        except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e:
+            self._module.fail_json_aws(e, msg="couldn't create repository")
+        return result
+
     def _create_repository(self):
         try:
             result = self._client.create_repository(
                 repositoryName=self._module.params['name'],
-                repositoryDescription=self._module.params['comment']
+                repositoryDescription=self._module.params['description']
             )
         except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e:
             self._module.fail_json_aws(e, msg="couldn't create repository")
@@ -196,7 +225,7 @@ def main():
     argument_spec = dict(
         name=dict(required=True),
         state=dict(choices=['present', 'absent'], required=True),
-        comment=dict(default='')
+        description=dict(default='', aliases=['comment'])
     )
 
     ansible_aws_module = AnsibleAWSModule(
diff --git a/test/integration/targets/aws_codecommit/tasks/main.yml b/test/integration/targets/aws_codecommit/tasks/main.yml
index 70a9cd146f4..29b9f6b27e5 100644
--- a/test/integration/targets/aws_codecommit/tasks/main.yml
+++ b/test/integration/targets/aws_codecommit/tasks/main.yml
@@ -1,65 +1,105 @@
 ---
-- block:
-  # ============================================================
-  - name: set connection information for all tasks
-    set_fact:
-      aws_connection_info: &aws_connection_info
-        aws_access_key: "{{ aws_access_key }}"
-        aws_secret_key: "{{ aws_secret_key }}"
-        security_token: "{{ security_token }}"
-        region: "{{ aws_region }}"
-    no_log: true
+- module_defaults:
+    group/aws:
+      aws_access_key: "{{ aws_access_key }}"
+      aws_secret_key: "{{ aws_secret_key }}"
+      security_token: "{{ security_token | default(omit) }}"
+      region: "{{ aws_region }}"
+  block:
   # ============================================================
+  - name: Create a repository (CHECK MODE)
+    aws_codecommit:
+      name: "{{ resource_prefix }}_repo"
+      description: original comment
+      state: present
+    register: output
+    check_mode: yes
+  - assert:
+      that:
+        - output is changed
+
   - name: Create a repository
     aws_codecommit:
       name: "{{ resource_prefix }}_repo"
-      comment: original comment
+      description: original comment
       state: present
-      <<: *aws_connection_info
     register: output
   - assert:
       that:
         - output is changed
-        - output['repository_metadata'].repository_name == '{{ resource_prefix }}_repo'
-        - output['repository_metadata'].repository_description == 'original comment'
-  # ============================================================
-  - name: Create a repository (CHECK MODE)
+        - output.repository_metadata.repository_name == '{{ resource_prefix }}_repo'
+        - output.repository_metadata.repository_description == 'original comment'
+
+  - name: No-op update to repository
     aws_codecommit:
-      name: "{{ resource_prefix }}_check_repo"
-      comment: original comment
+      name: "{{ resource_prefix }}_repo"
+      description: original comment
+      state: present
+    register: output
+  - assert:
+      that:
+        - output is not changed
+        - output.repository_metadata.repository_name == '{{ resource_prefix }}_repo'
+        - output.repository_metadata.repository_description == 'original comment'
+
+  - name: Update repository description (CHECK MODE)
+    aws_codecommit:
+      name: "{{ resource_prefix }}_repo"
+      description: new comment
       state: present
-      <<: *aws_connection_info
     register: output
     check_mode: yes
   - assert:
       that:
         - output is changed
+        - output.repository_metadata.repository_name == '{{ resource_prefix }}_repo'
+        - output.repository_metadata.repository_description == 'original comment'
+
+  - name: Update repository description
+    aws_codecommit:
+      name: "{{ resource_prefix }}_repo"
+      description: new comment
+      state: present
+    register: output
+  - assert:
+      that:
+        - output is changed
+        - output.repository_metadata.repository_name == '{{ resource_prefix }}_repo'
+        - output.repository_metadata.repository_description == 'new comment'
+
   # ============================================================
   - name: Delete  a repository (CHECK MODE)
     aws_codecommit:
       name: "{{ resource_prefix }}_repo"
       state: absent
-      <<: *aws_connection_info
     register: output
     check_mode: yes
   - assert:
       that:
         - output is changed
+
   - name: Delete  a repository
     aws_codecommit:
       name: "{{ resource_prefix }}_repo"
       state: absent
-      <<: *aws_connection_info
     register: output
   - assert:
       that:
         - output is changed
 
+  - name: Delete a non-existent repository
+    aws_codecommit:
+      name: "{{ resource_prefix }}_repo"
+      state: absent
+    register: output
+  - assert:
+      that:
+        - output is not changed
+
   always:
      ###### TEARDOWN STARTS HERE ######
     - name: Delete  a repository
       aws_codecommit:
         name: "{{ resource_prefix }}_repo"
         state: absent
-        <<: *aws_connection_info
       ignore_errors: yes