From 644225c81cb7d244f0c9e62eaf8a67b97dc0d92d Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Wed, 29 Jun 2022 17:30:40 +0200 Subject: [PATCH] Rename KMS modules (#1284) Rename KMS modules SUMMARY In line with the naming guidelines, rename aws_kms and aws_kms_info ISSUE TYPE Feature Pull Request COMPONENT NAME plugins/modules/aws_kms.py plugins/modules/aws_kms_info.py plugins/modules/kms_key.py plugins/modules/kms_key_info.py ADDITIONAL INFORMATION Reviewed-by: Joseph Torcasso Reviewed-by: Alina Buzachis --- README.md | 4 +- changelogs/fragments/1284-rename-kms.yml | 3 + ... => community.aws.kms_key_info_module.rst} | 11 +- ...e.rst => community.aws.kms_key_module.rst} | 39 ++++-- meta/runtime.yml | 8 ++ plugins/modules/{aws_kms.py => kms_key.py} | 128 +++++++++--------- .../{aws_kms_info.py => kms_key_info.py} | 20 +-- .../targets/{aws_kms => kms_key}/aliases | 2 +- .../targets/{aws_kms => kms_key}/inventory | 0 .../targets/{aws_kms => kms_key}/main.yml | 0 .../{aws_kms => kms_key}/meta/main.yml | 0 .../roles/aws_kms/defaults/main.yml | 0 .../roles/aws_kms/tasks/main.yml | 0 .../roles/aws_kms/tasks/test_grants.yml | 0 .../roles/aws_kms/tasks/test_modify.yml | 0 .../roles/aws_kms/tasks/test_states.yml | 0 .../roles/aws_kms/tasks/test_tagging.yml | 0 .../console-policy-no-key-rotation.j2 | 0 .../roles/aws_kms/templates/console-policy.j2 | 0 .../targets/{aws_kms => kms_key}/runme.sh | 0 20 files changed, 121 insertions(+), 94 deletions(-) create mode 100644 changelogs/fragments/1284-rename-kms.yml rename docs/{community.aws.aws_kms_info_module.rst => community.aws.kms_key_info_module.rst} (99%) rename docs/{community.aws.aws_kms_module.rst => community.aws.kms_key_module.rst} (97%) rename plugins/modules/{aws_kms.py => kms_key.py} (91%) rename plugins/modules/{aws_kms_info.py => kms_key_info.py} (97%) rename tests/integration/targets/{aws_kms => kms_key}/aliases (95%) rename tests/integration/targets/{aws_kms => kms_key}/inventory (100%) rename tests/integration/targets/{aws_kms => kms_key}/main.yml (100%) rename tests/integration/targets/{aws_kms => kms_key}/meta/main.yml (100%) rename tests/integration/targets/{aws_kms => kms_key}/roles/aws_kms/defaults/main.yml (100%) rename tests/integration/targets/{aws_kms => kms_key}/roles/aws_kms/tasks/main.yml (100%) rename tests/integration/targets/{aws_kms => kms_key}/roles/aws_kms/tasks/test_grants.yml (100%) rename tests/integration/targets/{aws_kms => kms_key}/roles/aws_kms/tasks/test_modify.yml (100%) rename tests/integration/targets/{aws_kms => kms_key}/roles/aws_kms/tasks/test_states.yml (100%) rename tests/integration/targets/{aws_kms => kms_key}/roles/aws_kms/tasks/test_tagging.yml (100%) rename tests/integration/targets/{aws_kms => kms_key}/roles/aws_kms/templates/console-policy-no-key-rotation.j2 (100%) rename tests/integration/targets/{aws_kms => kms_key}/roles/aws_kms/templates/console-policy.j2 (100%) rename tests/integration/targets/{aws_kms => kms_key}/runme.sh (100%) diff --git a/README.md b/README.md index 7afc7cb4246..81ef9a61374 100644 --- a/README.md +++ b/README.md @@ -54,8 +54,6 @@ Name | Description [community.aws.aws_glue_connection](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.aws_glue_connection_module.rst)|Manage an AWS Glue connection [community.aws.aws_glue_job](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.aws_glue_job_module.rst)|Manage an AWS Glue job [community.aws.aws_inspector_target](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.aws_inspector_target_module.rst)|Create, Update and Delete Amazon Inspector Assessment Targets -[community.aws.aws_kms](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.aws_kms_module.rst)|Perform various KMS management tasks -[community.aws.aws_kms_info](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.aws_kms_info_module.rst)|Gather information about AWS KMS keys [community.aws.aws_msk_cluster](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.aws_msk_cluster_module.rst)|Manage Amazon MSK clusters [community.aws.aws_msk_config](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.aws_msk_config_module.rst)|Manage Amazon MSK cluster configurations. [community.aws.aws_region_info](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.aws_region_info_module.rst)|Gather information about AWS regions. @@ -166,6 +164,8 @@ Name | Description [community.aws.iam_user](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.iam_user_module.rst)|Manage AWS IAM users [community.aws.iam_user_info](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.iam_user_info_module.rst)|Gather IAM user(s) facts in AWS [community.aws.kinesis_stream](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.kinesis_stream_module.rst)|Manage a Kinesis Stream. +[community.aws.kms_key](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.kms_key_module.rst)|Perform various KMS key management tasks +[community.aws.kms_key_info](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.kms_key_info_module.rst)|Gather information about AWS KMS keys [community.aws.lambda](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.lambda_module.rst)|Manage AWS Lambda functions [community.aws.lambda_alias](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.lambda_alias_module.rst)|Creates, updates or deletes AWS Lambda function aliases [community.aws.lambda_event](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.lambda_event_module.rst)|Creates, updates or deletes AWS Lambda function event mappings diff --git a/changelogs/fragments/1284-rename-kms.yml b/changelogs/fragments/1284-rename-kms.yml new file mode 100644 index 00000000000..ce7b3356ead --- /dev/null +++ b/changelogs/fragments/1284-rename-kms.yml @@ -0,0 +1,3 @@ +minor_changes: +- aws_kms - the ``aws_kms`` module has been renamed to ``kms_key``, ``aws_kms`` remains as an alias (https://github.com/ansible-collections/community.aws/pull/1284). +- aws_kms_info - the ``aws_kms_info`` module has been renamed to ``kms_key_info``, ``aws_kms_info`` remains as an alias (https://github.com/ansible-collections/community.aws/pull/1284). diff --git a/docs/community.aws.aws_kms_info_module.rst b/docs/community.aws.kms_key_info_module.rst similarity index 99% rename from docs/community.aws.aws_kms_info_module.rst rename to docs/community.aws.kms_key_info_module.rst index fbcd3d5474d..c8a6ccc7cf7 100644 --- a/docs/community.aws.aws_kms_info_module.rst +++ b/docs/community.aws.kms_key_info_module.rst @@ -1,8 +1,8 @@ -.. _community.aws.aws_kms_info_module: +.. _community.aws.kms_key_info_module: ************************** -community.aws.aws_kms_info +community.aws.kms_key_info ************************** **Gather information about AWS KMS keys** @@ -18,6 +18,7 @@ Version added: 1.0.0 Synopsis -------- - Gather information about AWS KMS keys including tags and grants. +- Prior to release 5.0.0 this module was called ``community.aws.aws_kms_info``. The usage did not change. @@ -304,15 +305,15 @@ Examples # Note: These examples do not set authentication details, see the AWS Guide for details. # Gather information about all KMS keys - - community.aws.aws_kms_info: + - community.aws.kms_key_info: # Gather information about all keys with a Name tag - - community.aws.aws_kms_info: + - community.aws.kms_key_info: filters: tag-key: Name # Gather information about all keys with a specific name - - community.aws.aws_kms_info: + - community.aws.kms_key_info: filters: "tag:Name": Example diff --git a/docs/community.aws.aws_kms_module.rst b/docs/community.aws.kms_key_module.rst similarity index 97% rename from docs/community.aws.aws_kms_module.rst rename to docs/community.aws.kms_key_module.rst index 42157341c8c..e4f91ca0670 100644 --- a/docs/community.aws.aws_kms_module.rst +++ b/docs/community.aws.kms_key_module.rst @@ -1,11 +1,11 @@ -.. _community.aws.aws_kms_module: +.. _community.aws.kms_key_module: ********************* -community.aws.aws_kms +community.aws.kms_key ********************* -**Perform various KMS management tasks** +**Perform various KMS key management tasks** Version added: 1.0.0 @@ -17,7 +17,9 @@ Version added: 1.0.0 Synopsis -------- -- Manage role/user access to a KMS key. Not designed for encrypting/decrypting. +- Manage role/user access to a KMS key. +- Not designed for encrypting/decrypting. +- Prior to release 5.0.0 this module was called ``community.aws.aws_kms``. The usage did not change. @@ -53,7 +55,11 @@ Parameters -
An alias for a key. For safety, even though KMS does not require keys to have an alias, this module expects all new keys to be given an alias to make them easier to manage. Existing keys without an alias may be referred to by key_id. Use community.aws.aws_kms_info to find key ids. Required if key_id is not given. Note that passing a key_id and alias will only cause a new alias to be added, an alias will never be renamed. The 'alias/' prefix is optional.
+
An alias for a key.
+
For safety, even though KMS does not require keys to have an alias, this module expects all new keys to be given an alias to make them easier to manage. Existing keys without an alias may be referred to by key_id. Use community.aws.kms_key_info to find key ids.
+
Note that passing a key_id and alias will only cause a new alias to be added, an alias will never be renamed.
+
The alias/ prefix is optional.
+
Required if key_id is not given.

aliases: key_alias
@@ -154,7 +160,8 @@ Parameters -
A description of the CMK. Use a description that helps you decide whether the CMK is appropriate for a task.
+
A description of the CMK.
+
Use a description that helps you decide whether the CMK is appropriate for a task.
@@ -622,7 +629,9 @@ Parameters -
Whether a key should be present or absent. Note that making an existing key absent only schedules a key for deletion. Passing a key that is scheduled for deletion with state present will cancel key deletion.
+
Whether a key should be present or absent.
+
Note that making an existing key absent only schedules a key for deletion.
+
Passing a key that is scheduled for deletion with state=present will cancel key deletion.
@@ -669,7 +678,7 @@ Notes ----- .. note:: - - There are known inconsistencies in the amount of time required for updates of KMS keys to be fully reflected on AWS. This can cause issues when running duplicate tasks in succession or using the aws_kms_info module to fetch key metadata shortly after modifying keys. For this reason, it is recommended to use the return data from this module (aws_kms) to fetch a key's metadata. + - There are known inconsistencies in the amount of time required for updates of KMS keys to be fully reflected on AWS. This can cause issues when running duplicate tasks in succession or using the :ref:`community.aws.kms_key_info ` module to fetch key metadata shortly after modifying keys. For this reason, it is recommended to use the return data from this module (:ref:`community.aws.kms_key `) to fetch a key's metadata. - If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence ``AWS_URL`` or ``EC2_URL``, ``AWS_PROFILE`` or ``AWS_DEFAULT_PROFILE``, ``AWS_ACCESS_KEY_ID`` or ``AWS_ACCESS_KEY`` or ``EC2_ACCESS_KEY``, ``AWS_SECRET_ACCESS_KEY`` or ``AWS_SECRET_KEY`` or ``EC2_SECRET_KEY``, ``AWS_SECURITY_TOKEN`` or ``EC2_SECURITY_TOKEN``, ``AWS_REGION`` or ``EC2_REGION``, ``AWS_CA_BUNDLE`` - When no credentials are explicitly provided the AWS SDK (boto3) that Ansible uses will fall back to its configuration files (typically ``~/.aws/credentials``). See https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html for more information. - ``AWS_REGION`` or ``EC2_REGION`` can be typically be used to specify the AWS region, when required, but this can also be defined in the configuration files. @@ -684,28 +693,28 @@ Examples # Managing the KMS IAM Policy via policy_mode and policy_grant_types is fragile # and has been deprecated in favour of the policy option. - name: grant user-style access to production secrets - community.aws.aws_kms: + community.aws.kms_key: args: alias: "alias/my_production_secrets" policy_mode: grant policy_role_name: "prod-appServerRole-1R5AQG2BSEL6L" policy_grant_types: "role,role grant" - name: remove access to production secrets from role - community.aws.aws_kms: + community.aws.kms_key: args: alias: "alias/my_production_secrets" policy_mode: deny policy_role_name: "prod-appServerRole-1R5AQG2BSEL6L" # Create a new KMS key - - community.aws.aws_kms: + - community.aws.kms_key: alias: mykey tags: Name: myKey Purpose: protect_stuff # Update previous key with more tags - - community.aws.aws_kms: + - community.aws.kms_key: alias: mykey tags: Name: myKey @@ -715,7 +724,7 @@ Examples # Update a known key with grants allowing an instance with the billing-prod IAM profile # to decrypt data encrypted with the environment: production, application: billing # encryption context - - community.aws.aws_kms: + - community.aws.kms_key: key_id: abcd1234-abcd-1234-5678-ef1234567890 grants: - name: billing_prod @@ -729,13 +738,13 @@ Examples - RetireGrant - name: Update IAM policy on an existing KMS key - community.aws.aws_kms: + community.aws.kms_key: alias: my-kms-key policy: '{"Version": "2012-10-17", "Id": "my-kms-key-permissions", "Statement": [ { } ]}' state: present - name: Example using lookup for policy json - community.aws.aws_kms: + community.aws.kms_key: alias: my-kms-key policy: "{{ lookup('template', 'kms_iam_policy_template.json.j2') }}" state: present diff --git a/meta/runtime.yml b/meta/runtime.yml index 6647ff1685b..7b6e45367dc 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -149,6 +149,8 @@ action_groups: - iam_user - iam_user_info - kinesis_stream + - kms_key + - kms_key_info - lambda - lambda_alias - lambda_event @@ -228,6 +230,12 @@ plugin_routing: aws_eks_cluster: # Deprecation for this alias should not *start* prior to 2024-09-01 redirect: community.aws.eks_cluster + aws_kms: + # Deprecation for this alias should not *start* prior to 2024-09-01 + redirect: community.aws.kms_key + aws_kms_info: + # Deprecation for this alias should not *start* prior to 2024-09-01 + redirect: community.aws.kms_key_info aws_s3_bucket_info: # Deprecation for this alias should not *start* prior to 2024-09-01 redirect: community.aws.s3_bucket_info diff --git a/plugins/modules/aws_kms.py b/plugins/modules/kms_key.py similarity index 91% rename from plugins/modules/aws_kms.py rename to plugins/modules/kms_key.py index 046af605da1..53d691888b6 100644 --- a/plugins/modules/aws_kms.py +++ b/plugins/modules/kms_key.py @@ -8,97 +8,102 @@ DOCUMENTATION = r''' --- -module: aws_kms +module: kms_key version_added: 1.0.0 -short_description: Perform various KMS management tasks +short_description: Perform various KMS key management tasks description: - - Manage role/user access to a KMS key. Not designed for encrypting/decrypting. + - Manage role/user access to a KMS key. + - Not designed for encrypting/decrypting. + - Prior to release 5.0.0 this module was called C(community.aws.aws_kms). + The usage did not change. options: alias: - description: An alias for a key. For safety, even though KMS does not require keys - to have an alias, this module expects all new keys to be given an alias - to make them easier to manage. Existing keys without an alias may be - referred to by I(key_id). Use M(community.aws.aws_kms_info) to find key ids. Required - if I(key_id) is not given. Note that passing a I(key_id) and I(alias) - will only cause a new alias to be added, an alias will never be renamed. - The 'alias/' prefix is optional. + description: + - An alias for a key. + - For safety, even though KMS does not require keys to have an alias, this module expects all + new keys to be given an alias to make them easier to manage. Existing keys without an alias + may be referred to by I(key_id). Use M(community.aws.kms_key_info) to find key ids. + - Note that passing a I(key_id) and I(alias) will only cause a new alias to be added, an alias will never be renamed. + - The C(alias/) prefix is optional. + - Required if I(key_id) is not given. required: false aliases: - key_alias type: str key_id: description: - - Key ID or ARN of the key. - - One of I(alias) or I(key_id) are required. + - Key ID or ARN of the key. + - One of I(alias) or I(key_id) are required. required: false aliases: - key_arn type: str enable_key_rotation: description: - - Whether the key should be automatically rotated every year. + - Whether the key should be automatically rotated every year. required: false type: bool policy_mode: description: - - (deprecated) Grant or deny access. - - Used for modifying the Key Policy rather than modifying a grant and only - works on the default policy created through the AWS Console. - - This option has been deprecated, and will be removed in a release after 2021-12-01. Use I(policy) instead. + - (deprecated) Grant or deny access. + - Used for modifying the Key Policy rather than modifying a grant and only + works on the default policy created through the AWS Console. + - This option has been deprecated, and will be removed in a release after 2021-12-01. Use I(policy) instead. default: grant choices: [ grant, deny ] aliases: - - mode + - mode type: str policy_role_name: description: - - (deprecated) Role to allow/deny access. - - One of I(policy_role_name) or I(policy_role_arn) are required. - - Used for modifying the Key Policy rather than modifying a grant and only - works on the default policy created through the AWS Console. - - This option has been deprecated, and will be removed in a release after 2021-12-01. Use I(policy) instead. + - (deprecated) Role to allow/deny access. + - One of I(policy_role_name) or I(policy_role_arn) are required. + - Used for modifying the Key Policy rather than modifying a grant and only + works on the default policy created through the AWS Console. + - This option has been deprecated, and will be removed in a release after 2021-12-01. Use I(policy) instead. required: false aliases: - - role_name + - role_name type: str policy_role_arn: description: - - (deprecated) ARN of role to allow/deny access. - - One of I(policy_role_name) or I(policy_role_arn) are required. - - Used for modifying the Key Policy rather than modifying a grant and only - works on the default policy created through the AWS Console. - - This option has been deprecated, and will be removed in a release after 2021-12-01. Use I(policy) instead. + - (deprecated) ARN of role to allow/deny access. + - One of I(policy_role_name) or I(policy_role_arn) are required. + - Used for modifying the Key Policy rather than modifying a grant and only + works on the default policy created through the AWS Console. + - This option has been deprecated, and will be removed in a release after 2021-12-01. Use I(policy) instead. type: str required: false aliases: - - role_arn + - role_arn policy_grant_types: description: - - (deprecated) List of grants to give to user/role. Likely "role,role grant" or "role,role grant,admin". - - Required when I(policy_mode=grant). - - Used for modifying the Key Policy rather than modifying a grant and only - works on the default policy created through the AWS Console. - - This option has been deprecated, and will be removed in a release after 2021-12-01. Use I(policy) instead. + - (deprecated) List of grants to give to user/role. Likely "role,role grant" or "role,role grant,admin". + - Required when I(policy_mode=grant). + - Used for modifying the Key Policy rather than modifying a grant and only + works on the default policy created through the AWS Console. + - This option has been deprecated, and will be removed in a release after 2021-12-01. Use I(policy) instead. required: false aliases: - - grant_types + - grant_types type: list elements: str policy_clean_invalid_entries: description: - - (deprecated) If adding/removing a role and invalid grantees are found, remove them. These entries will cause an update to fail in all known cases. - - Only cleans if changes are being made. - - Used for modifying the Key Policy rather than modifying a grant and only - works on the default policy created through the AWS Console. - - This option has been deprecated, and will be removed in a release after 2021-12-01. Use I(policy) instead. + - (deprecated) If adding/removing a role and invalid grantees are found, remove them. These entries will cause an update to fail in all known cases. + - Only cleans if changes are being made. + - Used for modifying the Key Policy rather than modifying a grant and only + works on the default policy created through the AWS Console. + - This option has been deprecated, and will be removed in a release after 2021-12-01. Use I(policy) instead. type: bool default: true aliases: - clean_invalid_entries state: - description: Whether a key should be present or absent. Note that making an - existing key absent only schedules a key for deletion. Passing a key that - is scheduled for deletion with state present will cancel key deletion. + description: + - Whether a key should be present or absent. + - Note that making an existing key C(absent) only schedules a key for deletion. + - Passing a key that is scheduled for deletion with I(state=present) will cancel key deletion. required: False choices: - present @@ -111,21 +116,21 @@ type: bool description: description: - A description of the CMK. Use a description that helps you decide - whether the CMK is appropriate for a task. + - A description of the CMK. + - Use a description that helps you decide whether the CMK is appropriate for a task. type: str pending_window: description: - - The number of days between requesting deletion of the CMK and when it will actually be deleted. - - Only used when I(state=absent) and the CMK has not yet been deleted. - - Valid values are between 7 and 30 (inclusive). - - 'See also: U(https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html#KMS-ScheduleKeyDeletion-request-PendingWindowInDays)' + - The number of days between requesting deletion of the CMK and when it will actually be deleted. + - Only used when I(state=absent) and the CMK has not yet been deleted. + - Valid values are between 7 and 30 (inclusive). + - 'See also: U(https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html#KMS-ScheduleKeyDeletion-request-PendingWindowInDays)' type: int aliases: ['deletion_delay'] version_added: 1.4.0 purge_grants: - description: Whether the I(grants) argument should cause grants not in the list to - be removed. + description: + - Whether the I(grants) argument should cause grants not in the list to be removed. default: False type: bool grants: @@ -192,40 +197,39 @@ - amazon.aws.ec2 - amazon.aws.tags.deprecated_purge - notes: - There are known inconsistencies in the amount of time required for updates of KMS keys to be fully reflected on AWS. - This can cause issues when running duplicate tasks in succession or using the aws_kms_info module to fetch key metadata + This can cause issues when running duplicate tasks in succession or using the M(community.aws.kms_key_info) module to fetch key metadata shortly after modifying keys. - For this reason, it is recommended to use the return data from this module (aws_kms) to fetch a key's metadata. + For this reason, it is recommended to use the return data from this module (M(community.aws.kms_key)) to fetch a key's metadata. ''' EXAMPLES = r''' # Managing the KMS IAM Policy via policy_mode and policy_grant_types is fragile # and has been deprecated in favour of the policy option. - name: grant user-style access to production secrets - community.aws.aws_kms: + community.aws.kms_key: args: alias: "alias/my_production_secrets" policy_mode: grant policy_role_name: "prod-appServerRole-1R5AQG2BSEL6L" policy_grant_types: "role,role grant" - name: remove access to production secrets from role - community.aws.aws_kms: + community.aws.kms_key: args: alias: "alias/my_production_secrets" policy_mode: deny policy_role_name: "prod-appServerRole-1R5AQG2BSEL6L" # Create a new KMS key -- community.aws.aws_kms: +- community.aws.kms_key: alias: mykey tags: Name: myKey Purpose: protect_stuff # Update previous key with more tags -- community.aws.aws_kms: +- community.aws.kms_key: alias: mykey tags: Name: myKey @@ -235,7 +239,7 @@ # Update a known key with grants allowing an instance with the billing-prod IAM profile # to decrypt data encrypted with the environment: production, application: billing # encryption context -- community.aws.aws_kms: +- community.aws.kms_key: key_id: abcd1234-abcd-1234-5678-ef1234567890 grants: - name: billing_prod @@ -249,13 +253,13 @@ - RetireGrant - name: Update IAM policy on an existing KMS key - community.aws.aws_kms: + community.aws.kms_key: alias: my-kms-key policy: '{"Version": "2012-10-17", "Id": "my-kms-key-permissions", "Statement": [ { } ]}' state: present - name: Example using lookup for policy json - community.aws.aws_kms: + community.aws.kms_key: alias: my-kms-key policy: "{{ lookup('template', 'kms_iam_policy_template.json.j2') }}" state: present diff --git a/plugins/modules/aws_kms_info.py b/plugins/modules/kms_key_info.py similarity index 97% rename from plugins/modules/aws_kms_info.py rename to plugins/modules/kms_key_info.py index 2863fd0538e..b9ecf80fcc3 100644 --- a/plugins/modules/aws_kms_info.py +++ b/plugins/modules/kms_key_info.py @@ -8,12 +8,15 @@ DOCUMENTATION = r''' --- -module: aws_kms_info +module: kms_key_info version_added: 1.0.0 short_description: Gather information about AWS KMS keys description: - - Gather information about AWS KMS keys including tags and grants. -author: "Will Thames (@willthames)" + - Gather information about AWS KMS keys including tags and grants. + - Prior to release 5.0.0 this module was called C(community.aws.aws_kms_info). + The usage did not change. +author: + - "Will Thames (@willthames)" options: alias: description: @@ -46,24 +49,23 @@ default: False type: bool extends_documentation_fragment: -- amazon.aws.aws -- amazon.aws.ec2 - + - amazon.aws.aws + - amazon.aws.ec2 ''' EXAMPLES = r''' # Note: These examples do not set authentication details, see the AWS Guide for details. # Gather information about all KMS keys -- community.aws.aws_kms_info: +- community.aws.kms_key_info: # Gather information about all keys with a Name tag -- community.aws.aws_kms_info: +- community.aws.kms_key_info: filters: tag-key: Name # Gather information about all keys with a specific name -- community.aws.aws_kms_info: +- community.aws.kms_key_info: filters: "tag:Name": Example ''' diff --git a/tests/integration/targets/aws_kms/aliases b/tests/integration/targets/kms_key/aliases similarity index 95% rename from tests/integration/targets/aws_kms/aliases rename to tests/integration/targets/kms_key/aliases index 04f36ba6ec9..967fd7fe094 100644 --- a/tests/integration/targets/aws_kms/aliases +++ b/tests/integration/targets/kms_key/aliases @@ -5,4 +5,4 @@ cloud/aws -aws_kms_info +kms_key_info diff --git a/tests/integration/targets/aws_kms/inventory b/tests/integration/targets/kms_key/inventory similarity index 100% rename from tests/integration/targets/aws_kms/inventory rename to tests/integration/targets/kms_key/inventory diff --git a/tests/integration/targets/aws_kms/main.yml b/tests/integration/targets/kms_key/main.yml similarity index 100% rename from tests/integration/targets/aws_kms/main.yml rename to tests/integration/targets/kms_key/main.yml diff --git a/tests/integration/targets/aws_kms/meta/main.yml b/tests/integration/targets/kms_key/meta/main.yml similarity index 100% rename from tests/integration/targets/aws_kms/meta/main.yml rename to tests/integration/targets/kms_key/meta/main.yml diff --git a/tests/integration/targets/aws_kms/roles/aws_kms/defaults/main.yml b/tests/integration/targets/kms_key/roles/aws_kms/defaults/main.yml similarity index 100% rename from tests/integration/targets/aws_kms/roles/aws_kms/defaults/main.yml rename to tests/integration/targets/kms_key/roles/aws_kms/defaults/main.yml diff --git a/tests/integration/targets/aws_kms/roles/aws_kms/tasks/main.yml b/tests/integration/targets/kms_key/roles/aws_kms/tasks/main.yml similarity index 100% rename from tests/integration/targets/aws_kms/roles/aws_kms/tasks/main.yml rename to tests/integration/targets/kms_key/roles/aws_kms/tasks/main.yml diff --git a/tests/integration/targets/aws_kms/roles/aws_kms/tasks/test_grants.yml b/tests/integration/targets/kms_key/roles/aws_kms/tasks/test_grants.yml similarity index 100% rename from tests/integration/targets/aws_kms/roles/aws_kms/tasks/test_grants.yml rename to tests/integration/targets/kms_key/roles/aws_kms/tasks/test_grants.yml diff --git a/tests/integration/targets/aws_kms/roles/aws_kms/tasks/test_modify.yml b/tests/integration/targets/kms_key/roles/aws_kms/tasks/test_modify.yml similarity index 100% rename from tests/integration/targets/aws_kms/roles/aws_kms/tasks/test_modify.yml rename to tests/integration/targets/kms_key/roles/aws_kms/tasks/test_modify.yml diff --git a/tests/integration/targets/aws_kms/roles/aws_kms/tasks/test_states.yml b/tests/integration/targets/kms_key/roles/aws_kms/tasks/test_states.yml similarity index 100% rename from tests/integration/targets/aws_kms/roles/aws_kms/tasks/test_states.yml rename to tests/integration/targets/kms_key/roles/aws_kms/tasks/test_states.yml diff --git a/tests/integration/targets/aws_kms/roles/aws_kms/tasks/test_tagging.yml b/tests/integration/targets/kms_key/roles/aws_kms/tasks/test_tagging.yml similarity index 100% rename from tests/integration/targets/aws_kms/roles/aws_kms/tasks/test_tagging.yml rename to tests/integration/targets/kms_key/roles/aws_kms/tasks/test_tagging.yml diff --git a/tests/integration/targets/aws_kms/roles/aws_kms/templates/console-policy-no-key-rotation.j2 b/tests/integration/targets/kms_key/roles/aws_kms/templates/console-policy-no-key-rotation.j2 similarity index 100% rename from tests/integration/targets/aws_kms/roles/aws_kms/templates/console-policy-no-key-rotation.j2 rename to tests/integration/targets/kms_key/roles/aws_kms/templates/console-policy-no-key-rotation.j2 diff --git a/tests/integration/targets/aws_kms/roles/aws_kms/templates/console-policy.j2 b/tests/integration/targets/kms_key/roles/aws_kms/templates/console-policy.j2 similarity index 100% rename from tests/integration/targets/aws_kms/roles/aws_kms/templates/console-policy.j2 rename to tests/integration/targets/kms_key/roles/aws_kms/templates/console-policy.j2 diff --git a/tests/integration/targets/aws_kms/runme.sh b/tests/integration/targets/kms_key/runme.sh similarity index 100% rename from tests/integration/targets/aws_kms/runme.sh rename to tests/integration/targets/kms_key/runme.sh