Skip to content

Commit

Permalink
cloudfront_distribution: Add support for cache_policy_id and origin_r…
Browse files Browse the repository at this point in the history
…equest_policy_id for behaviors (#1589) (#2038)

[PR #1589/7da2ed5c backport][stable-7] cloudfront_distribution: Add support for cache_policy_id and origin_request_policy_id for behaviors

This is a backport of PR #1589 as merged into main (7da2ed5).
SUMMARY
As described by issue #290, the current cloudfront_distribution module does not support cache_policy_id and origin_request_policy_id in a behavior.  In particular, attempting to use cache_policy_id will add default values that are incompatible with it (mainly default_ttl, max_ttl, min_ttl, and compress).  So this change allows you to use the policies instead of using a forwarded_values for a given behavior.
Fixed #290
ISSUE TYPE

Feature Pull Request

COMPONENT NAME
cloudfront_distribution

Reviewed-by: Mark Chappell
  • Loading branch information
patchback[bot] authored Jan 9, 2024
1 parent 441c788 commit d649162
Show file tree
Hide file tree
Showing 3 changed files with 81 additions and 13 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
minor_changes:
- cloudfront_distribution - added support for ``cache_policy_id`` and ``origin_request_policy_id`` for behaviors (https://github.com/ansible-collections/community.aws/pull/1589)
76 changes: 63 additions & 13 deletions plugins/modules/cloudfront_distribution.py
Original file line number Diff line number Diff line change
Expand Up @@ -205,9 +205,25 @@
description:
- The ID of the header policy that CloudFront adds to responses that it sends to viewers.
type: str
cache_policy_id:
version_added: 7.1.0
description:
- The ID of the cache policy for CloudFront to use for the default cache behavior.
- A behavior should use either a C(cache_policy_id) or a C(forwarded_values) option.
- For more information see the CloudFront documentation
at U(https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html)
type: str
origin_request_policy_id:
version_added: 7.1.0
description:
- The ID of the origin request policy for CloudFront to use for the default cache behavior.
- For more information see the CloudFront documentation
at U(https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html)
type: str
forwarded_values:
description:
- A dict that specifies how CloudFront handles query strings and cookies.
- A behavior should use either a C(cache_policy_id) or a C(forwarded_values) option.
type: dict
suboptions:
query_string:
Expand Down Expand Up @@ -326,9 +342,25 @@
description:
- The ID of the header policy that CloudFront adds to responses that it sends to viewers.
type: str
cache_policy_id:
version_added: 7.1.0
description:
- The ID of the cache policy for CloudFront to use for the cache behavior.
- A behavior should use either a C(cache_policy_id) or a C(forwarded_values) option.
- For more information see the CloudFront documentation
at U(https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html)
type: str
origin_request_policy_id:
version_added: 7.1.0
description:
- The ID of the origin request policy for CloudFront to use for the cache behavior.
- For more information see the CloudFront documentation
at U(https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html)
type: str
forwarded_values:
description:
- A dict that specifies how CloudFront handles query strings and cookies.
- A behavior should use either a C(cache_policy_id) or a C(forwarded_values) option.
type: dict
suboptions:
query_string:
Expand Down Expand Up @@ -1914,7 +1946,10 @@ def validate_cache_behavior(self, config, cache_behavior, valid_origins, is_defa
cache_behavior = self.validate_cache_behavior_first_level_keys(
config, cache_behavior, valid_origins, is_default_cache
)
cache_behavior = self.validate_forwarded_values(config, cache_behavior.get("forwarded_values"), cache_behavior)
if cache_behavior.get("cache_policy_id") is None:
cache_behavior = self.validate_forwarded_values(
config, cache_behavior.get("forwarded_values"), cache_behavior
)
cache_behavior = self.validate_allowed_methods(config, cache_behavior.get("allowed_methods"), cache_behavior)
cache_behavior = self.validate_lambda_function_associations(
config, cache_behavior.get("lambda_function_associations"), cache_behavior
Expand All @@ -1926,19 +1961,34 @@ def validate_cache_behavior(self, config, cache_behavior, valid_origins, is_defa
return cache_behavior

def validate_cache_behavior_first_level_keys(self, config, cache_behavior, valid_origins, is_default_cache):
try:
cache_behavior = self.add_key_else_change_dict_key(
cache_behavior, "min_ttl", "min_t_t_l", config.get("min_t_t_l", self.__default_cache_behavior_min_ttl)
)
cache_behavior = self.add_key_else_change_dict_key(
cache_behavior, "max_ttl", "max_t_t_l", config.get("max_t_t_l", self.__default_cache_behavior_max_ttl)
)
cache_behavior = self.add_key_else_change_dict_key(
cache_behavior,
"default_ttl",
"default_t_t_l",
config.get("default_t_t_l", self.__default_cache_behavior_default_ttl),
if cache_behavior.get("cache_policy_id") is not None and cache_behavior.get("forwarded_values") is not None:
if is_default_cache:
cache_behavior_name = "Default cache behavior"
else:
cache_behavior_name = f"Cache behavior for path {cache_behavior['path_pattern']}"
self.module.fail_json(
msg=f"{cache_behavior_name} cannot have both a cache_policy_id and a forwarded_values option."
)
try:
if cache_behavior.get("cache_policy_id") is None:
cache_behavior = self.add_key_else_change_dict_key(
cache_behavior,
"min_ttl",
"min_t_t_l",
config.get("min_t_t_l", self.__default_cache_behavior_min_ttl),
)
cache_behavior = self.add_key_else_change_dict_key(
cache_behavior,
"max_ttl",
"max_t_t_l",
config.get("max_t_t_l", self.__default_cache_behavior_max_ttl),
)
cache_behavior = self.add_key_else_change_dict_key(
cache_behavior,
"default_ttl",
"default_t_t_l",
config.get("default_t_t_l", self.__default_cache_behavior_default_ttl),
)
cache_behavior = self.add_missing_key(
cache_behavior, "compress", config.get("compress", self.__default_cache_behavior_compress)
)
Expand Down
16 changes: 16 additions & 0 deletions tests/integration/targets/cloudfront_distribution/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -632,6 +632,22 @@
- result.origins['quantity'] > 0
- result.origins['items'] | selectattr('s3_origin_config', 'defined') | map(attribute='s3_origin_config') | selectattr('origin_access_identity', 'eq', origin_access_identity) | list | length == 1

- name: update distribution to use cache_policy_id and origin_request_policy_id
cloudfront_distribution:
distribution_id: "{{ distribution_id }}"
default_cache_behavior:
cache_policy_id: "658327ea-f89d-4fab-a63d-7e88639e58f6"
origin_request_policy_id: "88a5eaf4-2fd4-4709-b370-b4c650ea3fcf"
state: present
register: update_distribution_with_cache_policies

- name: ensure that the cache_policy_id and origin_request_policy_id was set
assert:
that:
- update_distribution_with_cache_policies.changed
- update_distribution_with_cache_policies.default_cache_behavior.cache_policy_id == '658327ea-f89d-4fab-a63d-7e88639e58f6'
- update_distribution_with_cache_policies.default_cache_behavior.origin_request_policy_id == '88a5eaf4-2fd4-4709-b370-b4c650ea3fcf'

always:
# TEARDOWN STARTS HERE
- name: delete the s3 bucket
Expand Down

0 comments on commit d649162

Please sign in to comment.