read enabled_key_rotation status also in aws_kms_info (#67770)

* read enabled_key_rotation status * add changelog * use AWSRetry decorator to prevent api rate limits * fix pip8
5 years ago · 9463d28967
parent 454b043c13
commit 9463d28967
3 changed files with 15 additions and 0 deletions
--- a/changelogs/fragments/67770-aws-kms-info-key-rotation.yml
+++ b/changelogs/fragments/67770-aws-kms-info-key-rotation.yml
@ -0,0 +1,2 @@
+minor_changes:
+  - aws_kms_info - Adds the ``enable_key_rotation`` info to the return value.
--- a/lib/ansible/modules/cloud/amazon/aws_kms_info.py
+++ b/lib/ansible/modules/cloud/amazon/aws_kms_info.py
@ -107,6 +107,11 @@ keys:
      type: str
      returned: always
      sample: false
+    enable_key_rotation:
+      description: Whether the automatically key rotation every year is enabled.
+      type: bool
+      returned: always
+      sample: false
    aliases:
      description: list of aliases associated with the key
      type: list
@ -284,6 +289,12 @@ def get_key_policy_with_backoff(connection, key_id, policy_name):
    return connection.get_key_policy(KeyId=key_id, PolicyName=policy_name)


+@AWSRetry.backoff(tries=5, delay=5, backoff=2.0)
+def get_enable_key_rotation_with_backoff(connection, key_id):
+    current_rotation_status = connection.get_key_rotation_status(KeyId=key_id)
+    return current_rotation_status.get('KeyRotationEnabled')
+
+
 def get_kms_tags(connection, module, key_id):
    # Handle pagination here as list_resource_tags does not have
    # a paginator
@ -360,6 +371,7 @@ def get_key_details(connection, module, key_id, tokens=None):
                         exception=traceback.format_exc(),
                         **camel_dict_to_snake_dict(e.response))
    result['aliases'] = aliases.get(result['KeyId'], [])
+    result['enable_key_rotation'] = get_enable_key_rotation_with_backoff(connection, key_id)

    if module.params.get('pending_deletion'):
        return camel_dict_to_snake_dict(result)
--- a/test/integration/targets/aws_kms/tasks/main.yml
+++ b/test/integration/targets/aws_kms/tasks/main.yml
@ -72,6 +72,7 @@
      assert:
        that:
          - new_key["keys"]|length == 1
+          - new_key["keys"][0]["enable_key_rotation"] == true

    - name: Update Policy on key to match AWS Console generate policy
      aws_kms: