diff --git a/changelogs/fragments/1211-wafv2_ip_set-description.yml b/changelogs/fragments/1211-wafv2_ip_set-description.yml new file mode 100644 index 00000000000..1dd955452c2 --- /dev/null +++ b/changelogs/fragments/1211-wafv2_ip_set-description.yml @@ -0,0 +1,2 @@ +bugfixes: +- wafv2_ip_set - fix bug where incorrect changed state was returned when only changing the description (https://github.com/ansible-collections/community.aws/pull/1211). diff --git a/plugins/modules/wafv2_ip_set.py b/plugins/modules/wafv2_ip_set.py index add677eba1f..b4b3e4f8609 100644 --- a/plugins/modules/wafv2_ip_set.py +++ b/plugins/modules/wafv2_ip_set.py @@ -314,15 +314,19 @@ def main(): if ip_set.get(): tags_updated = ensure_wafv2_tags(wafv2, ip_set.arn, tags, purge_tags, module.fail_json_aws, module.check_mode) - change, addresses = compare(ip_set.get(), addresses, purge_addresses, state) - if (change or ip_set.description() != description) and not check_mode: + ips_updated, addresses = compare(ip_set.get(), addresses, purge_addresses, state) + description_updated = bool(description) and ip_set.description() != description + change = ips_updated or description_updated or tags_updated + retval = ip_set.get() + if module.check_mode: + pass + elif ips_updated or description_updated: retval = ip_set.update( description=description, addresses=addresses ) - else: - retval = ip_set.get() - change |= tags_updated + elif tags_updated: + retval, id, locktoken, arn = ip_set.get_set() else: if not check_mode: retval = ip_set.create( diff --git a/tests/integration/targets/wafv2_ip_set/tasks/description.yml b/tests/integration/targets/wafv2_ip_set/tasks/description.yml new file mode 100644 index 00000000000..b44b4828dfd --- /dev/null +++ b/tests/integration/targets/wafv2_ip_set/tasks/description.yml @@ -0,0 +1,131 @@ +- name: Tests relating to setting descriptions on wavf2_ip_sets + vars: + description_one: 'a Description - {{ resource_prefix }}' + description_two: 'Another_Description - {{ resource_prefix }}' + # Mandatory settings + module_defaults: + community.aws.wafv2_ip_set: + name: '{{ ip_set_name }}' + state: present + scope: REGIONAL + ip_address_version: IPV4 + purge_addresses: no + addresses: [] + community.aws.wafv2_ip_set_info: + name: '{{ ip_set_name }}' + scope: REGIONAL + block: + + - name: test setting description wafv2_ip_set (check mode) + wafv2_ip_set: + description: '{{ description_one }}' + register: update_result + check_mode: yes + - name: assert that update succeeded + assert: + that: + - update_result is changed + + - name: test setting description wafv2_ip_set + wafv2_ip_set: + description: '{{ description_one }}' + register: update_result + - name: assert that update succeeded + assert: + that: + - update_result is changed + - update_result.description == description_one + + - name: test setting description wafv2_ip_set - idempotency (check mode) + wafv2_ip_set: + description: '{{ description_one }}' + register: update_result + check_mode: yes + - name: assert that update succeeded + assert: + that: + - update_result is not changed + + - name: test setting description wafv2_ip_set - idempotency + wafv2_ip_set: + description: '{{ description_one }}' + register: update_result + - name: assert that update succeeded + assert: + that: + - update_result is not changed + - update_result.description == description_one + + ### + + - name: test updating description on wafv2_ip_set (check mode) + wafv2_ip_set: + description: '{{ description_two }}' + register: update_result + check_mode: yes + - name: assert that update succeeded + assert: + that: + - update_result is changed + + - name: test updating description on wafv2_ip_set + wafv2_ip_set: + description: '{{ description_two }}' + register: update_result + - name: assert that update succeeded + assert: + that: + - update_result is changed + - update_result.description == description_two + + - name: test updating description on wafv2_ip_set - idempotency (check mode) + wafv2_ip_set: + description: '{{ description_two }}' + register: update_result + check_mode: yes + - name: assert that update succeeded + assert: + that: + - update_result is not changed + + - name: test updating description on wafv2_ip_set - idempotency + wafv2_ip_set: + description: '{{ description_two }}' + register: update_result + - name: assert that update succeeded + assert: + that: + - update_result is not changed + - update_result.description == description_two + + ### + + - name: test that wafv2_ip_set_info returns the description + wafv2_ip_set_info: + register: tag_info + - name: assert description present + assert: + that: + - tag_info.description == description_two + + ### + + - name: test no description param wafv2_ip_set (check mode) + wafv2_ip_set: {} + register: update_result + check_mode: yes + - name: assert no change + assert: + that: + - update_result is not changed + - update_result.description == description_two + + + - name: test no description param wafv2_ip_set + wafv2_ip_set: {} + register: update_result + - name: assert no change + assert: + that: + - update_result is not changed + - update_result.description == description_two diff --git a/tests/integration/targets/wafv2_ip_set/tasks/main.yml b/tests/integration/targets/wafv2_ip_set/tasks/main.yml index 51d15cc08dc..f7afc5b93cb 100644 --- a/tests/integration/targets/wafv2_ip_set/tasks/main.yml +++ b/tests/integration/targets/wafv2_ip_set/tasks/main.yml @@ -177,6 +177,7 @@ - out.addresses | count == 1 - include_tasks: 'tagging.yml' + - include_tasks: 'description.yml' - name: delete ip set wafv2_ip_set: