From d649162e988b3ffaee16e4154711c25210f3ccb5 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Tue, 9 Jan 2024 13:05:32 +0000 Subject: [PATCH] cloudfront_distribution: Add support for cache_policy_id and origin_request_policy_id for behaviors (#1589) (#2038) [PR #1589/7da2ed5c backport][stable-7] cloudfront_distribution: Add support for cache_policy_id and origin_request_policy_id for behaviors This is a backport of PR #1589 as merged into main (7da2ed5). SUMMARY As described by issue #290, the current cloudfront_distribution module does not support cache_policy_id and origin_request_policy_id in a behavior. In particular, attempting to use cache_policy_id will add default values that are incompatible with it (mainly default_ttl, max_ttl, min_ttl, and compress). So this change allows you to use the policies instead of using a forwarded_values for a given behavior. Fixed #290 ISSUE TYPE Feature Pull Request COMPONENT NAME cloudfront_distribution Reviewed-by: Mark Chappell --- ...9-cloudfront_distribution-add-policies.yml | 2 + plugins/modules/cloudfront_distribution.py | 76 +++++++++++++++---- .../cloudfront_distribution/tasks/main.yml | 16 ++++ 3 files changed, 81 insertions(+), 13 deletions(-) create mode 100644 changelogs/fragments/1589-cloudfront_distribution-add-policies.yml diff --git a/changelogs/fragments/1589-cloudfront_distribution-add-policies.yml b/changelogs/fragments/1589-cloudfront_distribution-add-policies.yml new file mode 100644 index 00000000000..c0b9bbdd5c7 --- /dev/null +++ b/changelogs/fragments/1589-cloudfront_distribution-add-policies.yml @@ -0,0 +1,2 @@ +minor_changes: + - cloudfront_distribution - added support for ``cache_policy_id`` and ``origin_request_policy_id`` for behaviors (https://github.com/ansible-collections/community.aws/pull/1589) \ No newline at end of file diff --git a/plugins/modules/cloudfront_distribution.py b/plugins/modules/cloudfront_distribution.py index 33299623e09..13718cfb896 100644 --- a/plugins/modules/cloudfront_distribution.py +++ b/plugins/modules/cloudfront_distribution.py @@ -205,9 +205,25 @@ description: - The ID of the header policy that CloudFront adds to responses that it sends to viewers. type: str + cache_policy_id: + version_added: 7.1.0 + description: + - The ID of the cache policy for CloudFront to use for the default cache behavior. + - A behavior should use either a C(cache_policy_id) or a C(forwarded_values) option. + - For more information see the CloudFront documentation + at U(https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html) + type: str + origin_request_policy_id: + version_added: 7.1.0 + description: + - The ID of the origin request policy for CloudFront to use for the default cache behavior. + - For more information see the CloudFront documentation + at U(https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html) + type: str forwarded_values: description: - A dict that specifies how CloudFront handles query strings and cookies. + - A behavior should use either a C(cache_policy_id) or a C(forwarded_values) option. type: dict suboptions: query_string: @@ -326,9 +342,25 @@ description: - The ID of the header policy that CloudFront adds to responses that it sends to viewers. type: str + cache_policy_id: + version_added: 7.1.0 + description: + - The ID of the cache policy for CloudFront to use for the cache behavior. + - A behavior should use either a C(cache_policy_id) or a C(forwarded_values) option. + - For more information see the CloudFront documentation + at U(https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html) + type: str + origin_request_policy_id: + version_added: 7.1.0 + description: + - The ID of the origin request policy for CloudFront to use for the cache behavior. + - For more information see the CloudFront documentation + at U(https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html) + type: str forwarded_values: description: - A dict that specifies how CloudFront handles query strings and cookies. + - A behavior should use either a C(cache_policy_id) or a C(forwarded_values) option. type: dict suboptions: query_string: @@ -1914,7 +1946,10 @@ def validate_cache_behavior(self, config, cache_behavior, valid_origins, is_defa cache_behavior = self.validate_cache_behavior_first_level_keys( config, cache_behavior, valid_origins, is_default_cache ) - cache_behavior = self.validate_forwarded_values(config, cache_behavior.get("forwarded_values"), cache_behavior) + if cache_behavior.get("cache_policy_id") is None: + cache_behavior = self.validate_forwarded_values( + config, cache_behavior.get("forwarded_values"), cache_behavior + ) cache_behavior = self.validate_allowed_methods(config, cache_behavior.get("allowed_methods"), cache_behavior) cache_behavior = self.validate_lambda_function_associations( config, cache_behavior.get("lambda_function_associations"), cache_behavior @@ -1926,19 +1961,34 @@ def validate_cache_behavior(self, config, cache_behavior, valid_origins, is_defa return cache_behavior def validate_cache_behavior_first_level_keys(self, config, cache_behavior, valid_origins, is_default_cache): - try: - cache_behavior = self.add_key_else_change_dict_key( - cache_behavior, "min_ttl", "min_t_t_l", config.get("min_t_t_l", self.__default_cache_behavior_min_ttl) - ) - cache_behavior = self.add_key_else_change_dict_key( - cache_behavior, "max_ttl", "max_t_t_l", config.get("max_t_t_l", self.__default_cache_behavior_max_ttl) - ) - cache_behavior = self.add_key_else_change_dict_key( - cache_behavior, - "default_ttl", - "default_t_t_l", - config.get("default_t_t_l", self.__default_cache_behavior_default_ttl), + if cache_behavior.get("cache_policy_id") is not None and cache_behavior.get("forwarded_values") is not None: + if is_default_cache: + cache_behavior_name = "Default cache behavior" + else: + cache_behavior_name = f"Cache behavior for path {cache_behavior['path_pattern']}" + self.module.fail_json( + msg=f"{cache_behavior_name} cannot have both a cache_policy_id and a forwarded_values option." ) + try: + if cache_behavior.get("cache_policy_id") is None: + cache_behavior = self.add_key_else_change_dict_key( + cache_behavior, + "min_ttl", + "min_t_t_l", + config.get("min_t_t_l", self.__default_cache_behavior_min_ttl), + ) + cache_behavior = self.add_key_else_change_dict_key( + cache_behavior, + "max_ttl", + "max_t_t_l", + config.get("max_t_t_l", self.__default_cache_behavior_max_ttl), + ) + cache_behavior = self.add_key_else_change_dict_key( + cache_behavior, + "default_ttl", + "default_t_t_l", + config.get("default_t_t_l", self.__default_cache_behavior_default_ttl), + ) cache_behavior = self.add_missing_key( cache_behavior, "compress", config.get("compress", self.__default_cache_behavior_compress) ) diff --git a/tests/integration/targets/cloudfront_distribution/tasks/main.yml b/tests/integration/targets/cloudfront_distribution/tasks/main.yml index 7a1fa91af81..281097db1d1 100644 --- a/tests/integration/targets/cloudfront_distribution/tasks/main.yml +++ b/tests/integration/targets/cloudfront_distribution/tasks/main.yml @@ -632,6 +632,22 @@ - result.origins['quantity'] > 0 - result.origins['items'] | selectattr('s3_origin_config', 'defined') | map(attribute='s3_origin_config') | selectattr('origin_access_identity', 'eq', origin_access_identity) | list | length == 1 + - name: update distribution to use cache_policy_id and origin_request_policy_id + cloudfront_distribution: + distribution_id: "{{ distribution_id }}" + default_cache_behavior: + cache_policy_id: "658327ea-f89d-4fab-a63d-7e88639e58f6" + origin_request_policy_id: "88a5eaf4-2fd4-4709-b370-b4c650ea3fcf" + state: present + register: update_distribution_with_cache_policies + + - name: ensure that the cache_policy_id and origin_request_policy_id was set + assert: + that: + - update_distribution_with_cache_policies.changed + - update_distribution_with_cache_policies.default_cache_behavior.cache_policy_id == '658327ea-f89d-4fab-a63d-7e88639e58f6' + - update_distribution_with_cache_policies.default_cache_behavior.origin_request_policy_id == '88a5eaf4-2fd4-4709-b370-b4c650ea3fcf' + always: # TEARDOWN STARTS HERE - name: delete the s3 bucket