From 92b3d792837f65e6264ce4b4a4fb1459dad94a6e Mon Sep 17 00:00:00 2001 From: kwerey Date: Tue, 16 Jan 2018 13:45:01 +0000 Subject: [PATCH] [cloudtrail] Only pass extra create_trail options if set in module params (#34745) * Fixes #34700, only passes extra create_trail options when explicitly set --- lib/ansible/modules/cloud/amazon/cloudtrail.py | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/lib/ansible/modules/cloud/amazon/cloudtrail.py b/lib/ansible/modules/cloud/amazon/cloudtrail.py index 1ca1b4b2d69..941233d6df8 100644 --- a/lib/ansible/modules/cloud/amazon/cloudtrail.py +++ b/lib/ansible/modules/cloud/amazon/cloudtrail.py @@ -62,7 +62,6 @@ options: description: - Specifies whether log file integrity validation is enabled. - CloudTrail will create a hash for every log file delivered and produce a signed digest file that can be used to ensure log files have not been tampered. - default: false version_added: "2.4" aliases: [ "log_file_validation_enabled" ] include_global_events: @@ -444,7 +443,7 @@ def main(): s3_key_prefix=dict(), sns_topic_name=dict(), is_multi_region_trail=dict(default=False, type='bool'), - enable_log_file_validation=dict(default=False, type='bool', aliases=['log_file_validation_enabled']), + enable_log_file_validation=dict(type='bool', aliases=['log_file_validation_enabled']), include_global_events=dict(default=True, type='bool', aliases=['include_global_service_events']), cloudwatch_logs_role_arn=dict(), cloudwatch_logs_log_group_arn=dict(), @@ -472,12 +471,6 @@ def main(): S3BucketName=module.params['s3_bucket_name'], IncludeGlobalServiceEvents=module.params['include_global_events'], IsMultiRegionTrail=module.params['is_multi_region_trail'], - EnableLogFileValidation=module.params['enable_log_file_validation'], - S3KeyPrefix='', - SnsTopicName='', - CloudWatchLogsRoleArn='', - CloudWatchLogsLogGroupArn='', - KmsKeyId='' ) if module.params['s3_key_prefix']: @@ -492,6 +485,9 @@ def main(): if module.params['cloudwatch_logs_log_group_arn']: ct_params['CloudWatchLogsLogGroupArn'] = module.params['cloudwatch_logs_log_group_arn'] + if module.params['enable_log_file_validation'] is not None: + ct_params['EnableLogFileValidation'] = module.params['enable_log_file_validation'] + if module.params['kms_key_id']: ct_params['KmsKeyId'] = module.params['kms_key_id'] @@ -599,7 +595,9 @@ def main(): pass trail = dict() trail.update(ct_params) - trail['LogFileValidationEnabled'] = ct_params['EnableLogFileValidation'] + if 'EnableLogFileValidation' not in ct_params: + ct_params['EnableLogFileValidation'] = False + trail['EnableLogFileValidation'] = ct_params['EnableLogFileValidation'] trail.pop('EnableLogFileValidation') fake_arn = 'arn:aws:cloudtrail:' + region + ':' + acct_id + ':trail/' + ct_params['Name'] trail['HasCustomEventSelectors'] = False