Skip to content

Commit

Permalink
Add support for tagging certificates. Fix deprecated tasks in aws_acm…
Browse files Browse the repository at this point in the history 
… integration tests (ansible-collections#870)

Add support for tagging certificates. Fix deprecated tasks in aws_acm integration tests

SUMMARY

This PR adds support for configuring arbitrary tags when importing a certificate using the aws_acm module. Previously, it was only possible to set the 'Name' tag.
Additionally, this PR fixes issues with the aws_acm integration tests.  The integration tests were using deprecated tasks or attributes, such as openssl_certificate.

ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME

aws_acm
ADDITIONAL INFORMATION


Changes to the aws_acm.py module:

Add new tags and purge_tags attributes.
The certificate_arn attribute is now allowed when state='present'. A playbook should be allowed to modify an existing certificate entry by providing the ARN. For example, a play may want to add, modify, remove tags on an existing certificate.
The aws_acm module returns the updated tags. See example below.
Refactor aws_acm.py to improve code reuse and make it possible to set arbitrary tags. This should also help to 1) improve readability. 2) prepare for ansible-collections#869 which I am planning to work on next.

Backwards-compatibility is retained, even though it might make sense to normalize some of the attributes.
Example return value:
"certificate": {
            "arn": "arn:aws:acm:us-west-1:account:certificate/f85abf9d-4bda-4dcc-98c3-770664a68243",
            "domain_name": "acm1.949058644.ansible.com",
            "tags": {
                "Application": "search",
                "Environment": "development",
                "Name": "ansible-test-78006277-398b5796f999_949058644_1"
            }
        }

Integration tests:

The openssl_certificate task is deprecated. Migrate to x509_certificate.
The signature_algorithms attribute is no longer supported by the new x509_certificate task. Using selfsigned_digest instead.
The integration tests for the aws_acm module pass locally.
I see ansible/ansible#67788 has been closed, but tests/integration/targets/aws_acm/aliases still has unstable. I am not sure what to do about it. I was able to run the tests in my local workspace after making the above changes.

Reviewed-by: Markus Bergholz <[email protected]>
Reviewed-by: Sebastien Rosset <None>
Reviewed-by: Mark Woolley <[email protected]>
Reviewed-by: Alina Buzachis <None>
  • Loading branch information
@sebastien-rosset
sebastien-rosset authored Mar 31, 2022
1 parent 6d04145 commit 2757479
Showing 1 changed file with 251 additions and 92 deletions.
Loading

0 comments on commit 2757479

Please sign in to comment.