Skip to content

Commit

Permalink
Fix cloudfront_distribution s3_origin_access_identity_enabled bug (#881)
Browse files Browse the repository at this point in the history
Fix cloudfront_distribution s3_origin_access_identity_enabled bug

SUMMARY
If s3_origin_access_identity_enabled is set to True but no s3_origin_config then a default origin config is applied however it also picks up s3_origin_access_identity_enabled as S3OriginAccessIdentityEnabled and passes it to the API request which is not a valid option to be passed and then fails validation.
Fixes: #749
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
cloudfront_distribution
ADDITIONAL INFORMATION
The option mention is not valid for the API request:
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cloudfront.html#CloudFront.Client.create_distribution

Reviewed-by: Markus Bergholz <[email protected]>
Reviewed-by: Alina Buzachis <None>
(cherry picked from commit cecc9e8)
  • Loading branch information
marknet15 authored and patchback[bot] committed Jan 31, 2022
1 parent 776bbb3 commit 3f9cd54
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 5 deletions.
2 changes: 2 additions & 0 deletions changelogs/fragments/881-cloudfront-bug.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
bugfixes:
- cloudfront_distribution - Dont pass ``s3_origin_access_identity_enabled`` to API request (https://github.com/ansible-collections/community.aws/pull/881).
14 changes: 9 additions & 5 deletions plugins/modules/cloudfront_distribution.py
Original file line number Diff line number Diff line change
Expand Up @@ -1686,9 +1686,6 @@ def validate_origins(self, client, config, origins, default_origin_domain_name,
self.module.fail_json_aws(e, msg="Error validating distribution origins")

def validate_s3_origin_configuration(self, client, existing_config, origin):
if not origin['s3_origin_access_identity_enabled']:
return None

if origin.get('s3_origin_config', {}).get('origin_access_identity'):
return origin['s3_origin_config']['origin_access_identity']

Expand Down Expand Up @@ -1719,13 +1716,20 @@ def validate_origin(self, client, existing_config, origin, default_origin_path):
origin['custom_headers'] = ansible_list_to_cloudfront_list()
if self.__s3_bucket_domain_identifier in origin.get('domain_name').lower():
if origin.get("s3_origin_access_identity_enabled") is not None:
s3_origin_config = self.validate_s3_origin_configuration(client, existing_config, origin)
if origin['s3_origin_access_identity_enabled']:
s3_origin_config = self.validate_s3_origin_configuration(client, existing_config, origin)
else:
s3_origin_config = None

del(origin["s3_origin_access_identity_enabled"])

if s3_origin_config:
oai = s3_origin_config
else:
oai = ""

origin["s3_origin_config"] = dict(origin_access_identity=oai)
del(origin["s3_origin_access_identity_enabled"])

if 'custom_origin_config' in origin:
self.module.fail_json(msg="s3_origin_access_identity_enabled and custom_origin_config are mutually exclusive")
else:
Expand Down

0 comments on commit 3f9cd54

Please sign in to comment.