From 786613f426cd6bc5c8efac4e5e73453c08ec7de0 Mon Sep 17 00:00:00 2001 From: Will Thames Date: Thu, 19 Jul 2018 22:27:13 +1000 Subject: [PATCH] Handle FieldLevelEncryptionId in cloudfront_distribution (#41770) Ensure that FieldLevelEncryptionId is properly handled - passing it if set, and keeping it if returned by GetDistribution Update cloudfront_distribution tests to remove references to test_identifier so test suite actually works Fixes #40724 --- .../modules/cloud/amazon/cloudfront_distribution.py | 11 +++++++++++ .../targets/cloudfront_distribution/meta/main.yml | 4 +--- .../targets/cloudfront_distribution/tasks/main.yml | 3 +-- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/lib/ansible/modules/cloud/amazon/cloudfront_distribution.py b/lib/ansible/modules/cloud/amazon/cloudfront_distribution.py index aaa49a841d9..449d1a556c5 100644 --- a/lib/ansible/modules/cloud/amazon/cloudfront_distribution.py +++ b/lib/ansible/modules/cloud/amazon/cloudfront_distribution.py @@ -152,6 +152,7 @@ options: I(lambda_function_associations[]) I(lambda_function_arn) I(event_type) + I(field_level_encryption_id) cache_behaviors: description: @@ -180,6 +181,7 @@ options: I(max_ttl) I(compress) I(lambda_function_associations[]) + I(field_level_encryption_id) purge_cache_behaviors: description: Whether to remove any cache behaviors that aren't listed in I(cache_behaviors). This switch @@ -1505,6 +1507,7 @@ class CloudFrontValidationManager(object): cache_behavior = self.validate_allowed_methods(config, cache_behavior.get('allowed_methods'), cache_behavior) cache_behavior = self.validate_lambda_function_associations(config, cache_behavior.get('lambda_function_associations'), cache_behavior) cache_behavior = self.validate_trusted_signers(config, cache_behavior.get('trusted_signers'), cache_behavior) + cache_behavior = self.validate_field_level_encryption_id(config, cache_behavior.get('field_level_encryption_id'), cache_behavior) return cache_behavior def validate_cache_behavior_first_level_keys(self, config, cache_behavior, valid_origins, is_default_cache): @@ -1587,6 +1590,14 @@ class CloudFrontValidationManager(object): except Exception as e: self.module.fail_json_aws(e, msg="Error validating lambda function associations") + def validate_field_level_encryption_id(self, config, field_level_encryption_id, cache_behavior): + # only set field_level_encryption_id if it's already set or if it was passed + if field_level_encryption_id is not None: + cache_behavior['field_level_encryption_id'] = field_level_encryption_id + elif 'field_level_encryption_id' in config: + cache_behavior['field_level_encryption_id'] = config.get('field_level_encryption_id') + return cache_behavior + def validate_allowed_methods(self, config, allowed_methods, cache_behavior): try: if allowed_methods is not None: diff --git a/test/integration/targets/cloudfront_distribution/meta/main.yml b/test/integration/targets/cloudfront_distribution/meta/main.yml index 1f64f1169a9..32cf5dda7ed 100644 --- a/test/integration/targets/cloudfront_distribution/meta/main.yml +++ b/test/integration/targets/cloudfront_distribution/meta/main.yml @@ -1,3 +1 @@ -dependencies: - - prepare_tests - - setup_ec2 +dependencies: [] diff --git a/test/integration/targets/cloudfront_distribution/tasks/main.yml b/test/integration/targets/cloudfront_distribution/tasks/main.yml index 02a291c1553..654fc6675b7 100644 --- a/test/integration/targets/cloudfront_distribution/tasks/main.yml +++ b/test/integration/targets/cloudfront_distribution/tasks/main.yml @@ -124,7 +124,6 @@ custom_origin_config: http_port: 8080 - domain_name: "{{ resource_prefix }}2.example.com" - - domain_name: "{{ test_identifier }}2.example.com" default_root_object: index.html wait: yes state: present @@ -178,7 +177,7 @@ cloudfront_distribution: alias: "{{ cloudfront_alias }}" origins: - - domain_name: "{{ test_identifier }}2.example.com" + - domain_name: "{{ resource_prefix }}2.example.com" default_root_object: index.php state: present <<: *aws_connection_info