ACMServiceManager.list_certificates_with_backoff: explicit key type f…

…ilter added (ansible-collections#1570)

ACMServiceManager.list_certificates_with_backoff: explicit key type filter added

SUMMARY
Fixes ansible-collections#1567
ACM.Client.list_certificates requires explicit certificate type filter in order to return the non-RSA_2048 certificates too, and this is needed to ensure the idempotency of importing such certificates.
ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME

acm

Reviewed-by: Mark Chappell
Reviewed-by: Alina Buzachis

changelogs/fragments/1567-list-certificate-all-key-types.yml

@@ -0,0 +1,2 @@
+bugfixes:
+- module_utils.acm - fixes list_certificates returning only RSA_2048 certificates (https://github.com/ansible-collections/amazon.aws/issues/1567).

plugins/module_utils/acm.py

@@ -63,7 +63,20 @@ def delete_certificate_with_backoff(self, arn):
     @AWSRetry.jittered_backoff(delay=5, catch_extra_error_codes=["RequestInProgressException"])
     def list_certificates_with_backoff(self, statuses=None):
         paginator = self.client.get_paginator("list_certificates")
-        kwargs = dict()
+        # `list_certificates` requires explicit key type filter, or it returns only RSA_2048 certificates
+        kwargs = {
+            "Includes": {
+                "keyTypes": [
+                    "RSA_1024",
+                    "RSA_2048",
+                    "RSA_3072",
+                    "RSA_4096",
+                    "EC_prime256v1",
+                    "EC_secp384r1",
+                    "EC_secp521r1",
+                ],
+            },
+        }
         if statuses:
             kwargs["CertificateStatuses"] = statuses
         return paginator.paginate(**kwargs).build_full_result()["CertificateSummaryList"]