Skip to content

Commit

Permalink
Add support for tagging certificates. Fix deprecated tasks in aws_acm…
Browse files Browse the repository at this point in the history
… integration tests (#870) (#1044)

[PR #870/29d37bed backport][stable-3] Add support for tagging certificates. Fix deprecated tasks in aws_acm integration tests

This is a backport of PR #870 as merged into main (29d37be).
SUMMARY

This PR adds support for configuring arbitrary tags when importing a certificate using the aws_acm module. Previously, it was only possible to set the 'Name' tag.
Additionally, this PR fixes issues with the aws_acm integration tests.  The integration tests were using deprecated tasks or attributes, such as openssl_certificate.

ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME

aws_acm
ADDITIONAL INFORMATION


Changes to the aws_acm.py module:

Add new tags and purge_tags attributes.
The certificate_arn attribute is now allowed when state='present'. A playbook should be allowed to modify an existing certificate entry by providing the ARN. For example, a play may want to add, modify, remove tags on an existing certificate.
The aws_acm module returns the updated tags. See example below.
Refactor aws_acm.py to improve code reuse and make it possible to set arbitrary tags. This should also help to 1) improve readability. 2) prepare for #869 which I am planning to work on next.

Backwards-compatibility is retained, even though it might make sense to normalize some of the attributes.
Example return value:
"certificate": {
            "arn": "arn:aws:acm:us-west-1:account:certificate/f85abf9d-4bda-4dcc-98c3-770664a68243",
            "domain_name": "acm1.949058644.ansible.com",
            "tags": {
                "Application": "search",
                "Environment": "development",
                "Name": "ansible-test-78006277-398b5796f999_949058644_1"
            }
        }

Integration tests:

The openssl_certificate task is deprecated. Migrate to x509_certificate.
The signature_algorithms attribute is no longer supported by the new x509_certificate task. Using selfsigned_digest instead.
The integration tests for the aws_acm module pass locally.
I see ansible/ansible#67788 has been closed, but tests/integration/targets/aws_acm/aliases still has unstable. I am not sure what to do about it. I was able to run the tests in my local workspace after making the above changes.

Reviewed-by: Alina Buzachis <None>
  • Loading branch information
patchback[bot] authored Mar 31, 2022
1 parent acfb37f commit 3500c6b
Show file tree
Hide file tree
Showing 5 changed files with 437 additions and 106 deletions.
2 changes: 2 additions & 0 deletions changelogs/fragments/870-aws_acm_certificate_tags.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
minor_changes:
- aws_acm - Add ``tags`` and ``purge_tags`` parameters to tag certificates in ACM (https://github.com/ansible-collections/community.aws/pull/870).
Loading

0 comments on commit 3500c6b

Please sign in to comment.