From 3330ee9a9b6e81cf2814f76ea966215f6b136eb9 Mon Sep 17 00:00:00 2001 From: Stefan Horning Date: Wed, 29 Apr 2020 23:33:40 +0200 Subject: [PATCH] aws_kms: Fix policy arg to actually work with JSON strings that is needs (#43) * Fix policy arg to actually work with JSON strings that is needs. Also update docs. * Fix typo in docs * Fix long line in example * Update type in docs too Co-Authored-By: Mark Chappell * Remove unecessary documentation for aws_kms policy param Co-Authored-By: Mark Chappell Co-authored-by: Mark Chappell --- aws_kms.py | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/aws_kms.py b/aws_kms.py index 5ad254ed6c9..879676286d3 100644 --- a/aws_kms.py +++ b/aws_kms.py @@ -164,9 +164,9 @@ type: dict policy: description: - - policy to apply to the KMS key + - policy to apply to the KMS key. - See U(https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) - type: str + type: json author: - Ted Timmons (@tedder) - Will Thames (@willthames) @@ -224,6 +224,18 @@ operations: - Decrypt - RetireGrant + +- name: Update IAM policy on an existing KMS key + aws_kms: + alias: my-kms-key + policy: '{"Version": "2012-10-17", "Id": "my-kms-key-permissions", "Statement": [ { } ]}' + state: present + +- name: Example using lookup for policy json + aws_kms: + alias: my-kms-key + policy: "{{ lookup('template', 'kms_iam_policy_template.json.j2') }}" + state: present ''' RETURN = ''' @@ -1017,7 +1029,7 @@ def main(): tags=dict(type='dict', default={}), purge_tags=dict(type='bool', default=False), grants=dict(type='list', default=[]), - policy=dict(), + policy=dict(type='json'), purge_grants=dict(type='bool', default=False), state=dict(default='present', choices=['present', 'absent']), enable_key_rotation=(dict(type='bool'))