-
Notifications
You must be signed in to change notification settings - Fork 398
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ecs_ecr - Add encryption_configuration option #1623
ecs_ecr - Add encryption_configuration option #1623
Conversation
Docs Build 📝Thank you for contribution!✨ This PR has been merged and your docs changes will be incorporated when they are next published. |
@rwha thanks for your first contribution. |
I have something written to check for modifications to the encryption config, but I'm unsure of how to handle an unsupported change. If the encryption configuration for an existing repository is different from what is defined in the task, should the task fail, or should a warning be emitted? I would prefer a failure, however showing a warning was mentioned in #1203. If a failure is preferred, should the code at that point do something like this? result['msg'] = 'Repository encryption configuration cannot be modified.'
return False, result |
I'll prefer a warning instead of a complete interruption. But let's wait was others are expecting/prefer. TL;DR: Once the ECR is created, the encryption mode is not changeable. What should the module do when the requested encryption differs from existing encryption? Fail or warn? |
I would lean towards fail rather than warn especially with something security related: When Ansible's running within a tool like Ansible |
Arguments with a default should not be marked as required
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not overly familiar with ECR, however in general things look good
Backport to stable-5: 💚 backport PR created✅ Backport PR branch: Backported as #1661 🤖 @patchback |
ecs_ecr - Add encryption_configuration option SUMMARY Adds an encryption_configuration option for new repositories to allow specifying a KMS key. Fixes #1203. ISSUE TYPE Feature Pull Request COMPONENT NAME ecs_ecr ADDITIONAL INFORMATION Reviewed-by: Markus Bergholz <[email protected]> Reviewed-by: Mark Chappell <None> Reviewed-by: Alina Buzachis <None> (cherry picked from commit efbe850)
[PR #1623/efbe8503 backport][stable-5] ecs_ecr - Add encryption_configuration option This is a backport of PR #1623 as merged into main (efbe850). SUMMARY Adds an encryption_configuration option for new repositories to allow specifying a KMS key. Fixes #1203. ISSUE TYPE Feature Pull Request COMPONENT NAME ecs_ecr ADDITIONAL INFORMATION Reviewed-by: Markus Bergholz <[email protected]>
SUMMARY
Adds an encryption_configuration option for new repositories to allow specifying a KMS key. Fixes #1203.
ISSUE TYPE
COMPONENT NAME
ecs_ecr
ADDITIONAL INFORMATION