From 9463d289673af9af75a63ca8afecf284120e0c94 Mon Sep 17 00:00:00 2001
From: Markus Bergholz <markuman@gmail.com>
Date: Thu, 27 Feb 2020 00:51:04 +0100
Subject: [PATCH] read enabled_key_rotation status also in aws_kms_info
 (#67770)

* read enabled_key_rotation status

* add changelog

* use AWSRetry decorator to prevent api rate limits

* fix pip8
---
 .../fragments/67770-aws-kms-info-key-rotation.yml    |  2 ++
 lib/ansible/modules/cloud/amazon/aws_kms_info.py     | 12 ++++++++++++
 test/integration/targets/aws_kms/tasks/main.yml      |  1 +
 3 files changed, 15 insertions(+)
 create mode 100644 changelogs/fragments/67770-aws-kms-info-key-rotation.yml

diff --git a/changelogs/fragments/67770-aws-kms-info-key-rotation.yml b/changelogs/fragments/67770-aws-kms-info-key-rotation.yml
new file mode 100644
index 00000000000..adff2ab322b
--- /dev/null
+++ b/changelogs/fragments/67770-aws-kms-info-key-rotation.yml
@@ -0,0 +1,2 @@
+minor_changes:
+  - aws_kms_info - Adds the ``enable_key_rotation`` info to the return value.
diff --git a/lib/ansible/modules/cloud/amazon/aws_kms_info.py b/lib/ansible/modules/cloud/amazon/aws_kms_info.py
index 1f41be07048..e8988b45b14 100644
--- a/lib/ansible/modules/cloud/amazon/aws_kms_info.py
+++ b/lib/ansible/modules/cloud/amazon/aws_kms_info.py
@@ -107,6 +107,11 @@ keys:
       type: str
       returned: always
       sample: false
+    enable_key_rotation:
+      description: Whether the automatically key rotation every year is enabled.
+      type: bool
+      returned: always
+      sample: false
     aliases:
       description: list of aliases associated with the key
       type: list
@@ -284,6 +289,12 @@ def get_key_policy_with_backoff(connection, key_id, policy_name):
     return connection.get_key_policy(KeyId=key_id, PolicyName=policy_name)
 
 
+@AWSRetry.backoff(tries=5, delay=5, backoff=2.0)
+def get_enable_key_rotation_with_backoff(connection, key_id):
+    current_rotation_status = connection.get_key_rotation_status(KeyId=key_id)
+    return current_rotation_status.get('KeyRotationEnabled')
+
+
 def get_kms_tags(connection, module, key_id):
     # Handle pagination here as list_resource_tags does not have
     # a paginator
@@ -360,6 +371,7 @@ def get_key_details(connection, module, key_id, tokens=None):
                          exception=traceback.format_exc(),
                          **camel_dict_to_snake_dict(e.response))
     result['aliases'] = aliases.get(result['KeyId'], [])
+    result['enable_key_rotation'] = get_enable_key_rotation_with_backoff(connection, key_id)
 
     if module.params.get('pending_deletion'):
         return camel_dict_to_snake_dict(result)
diff --git a/test/integration/targets/aws_kms/tasks/main.yml b/test/integration/targets/aws_kms/tasks/main.yml
index 52489611d66..38810601afe 100644
--- a/test/integration/targets/aws_kms/tasks/main.yml
+++ b/test/integration/targets/aws_kms/tasks/main.yml
@@ -72,6 +72,7 @@
       assert:
         that:
           - new_key["keys"]|length == 1
+          - new_key["keys"][0]["enable_key_rotation"] == true
 
     - name: Update Policy on key to match AWS Console generate policy
       aws_kms: