-
Notifications
You must be signed in to change notification settings - Fork 398
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for requesting public and private ACM certificate #869
base: main
Are you sure you want to change the base?
Conversation
Build failed.
|
Build succeeded.
|
c00fcfc
to
b96c333
Compare
Build succeeded.
|
Build failed.
|
c26b17c
to
4235a3c
Compare
Build failed.
|
Build failed.
|
c8a6f7e
to
81dfa60
Compare
Build failed.
|
Build failed.
|
Build failed.
|
Build succeeded.
|
2d9a6e4
to
f29d30d
Compare
Build failed.
|
Build failed.
|
Build failed.
|
@sebastien-rosset this PR contains the following merge commits: Please rebase your branch to remove these commits. |
Build failed.
|
feceacb
to
6409aa2
Compare
Build failed.
|
6409aa2
to
3dbf3cc
Compare
Build failed.
|
… integration tests (#870) Add support for tagging certificates. Fix deprecated tasks in aws_acm integration tests SUMMARY This PR adds support for configuring arbitrary tags when importing a certificate using the aws_acm module. Previously, it was only possible to set the 'Name' tag. Additionally, this PR fixes issues with the aws_acm integration tests. The integration tests were using deprecated tasks or attributes, such as openssl_certificate. ISSUE TYPE Bugfix Pull Request COMPONENT NAME aws_acm ADDITIONAL INFORMATION Changes to the aws_acm.py module: Add new tags and purge_tags attributes. The certificate_arn attribute is now allowed when state='present'. A playbook should be allowed to modify an existing certificate entry by providing the ARN. For example, a play may want to add, modify, remove tags on an existing certificate. The aws_acm module returns the updated tags. See example below. Refactor aws_acm.py to improve code reuse and make it possible to set arbitrary tags. This should also help to 1) improve readability. 2) prepare for #869 which I am planning to work on next. Backwards-compatibility is retained, even though it might make sense to normalize some of the attributes. Example return value: "certificate": { "arn": "arn:aws:acm:us-west-1:account:certificate/f85abf9d-4bda-4dcc-98c3-770664a68243", "domain_name": "acm1.949058644.ansible.com", "tags": { "Application": "search", "Environment": "development", "Name": "ansible-test-78006277-398b5796f999_949058644_1" } } Integration tests: The openssl_certificate task is deprecated. Migrate to x509_certificate. The signature_algorithms attribute is no longer supported by the new x509_certificate task. Using selfsigned_digest instead. The integration tests for the aws_acm module pass locally. I see ansible/ansible#67788 has been closed, but tests/integration/targets/aws_acm/aliases still has unstable. I am not sure what to do about it. I was able to run the tests in my local workspace after making the above changes. Reviewed-by: Markus Bergholz <[email protected]> Reviewed-by: Sebastien Rosset <None> Reviewed-by: Mark Woolley <[email protected]> Reviewed-by: Alina Buzachis <None>
… integration tests (#870) Add support for tagging certificates. Fix deprecated tasks in aws_acm integration tests SUMMARY This PR adds support for configuring arbitrary tags when importing a certificate using the aws_acm module. Previously, it was only possible to set the 'Name' tag. Additionally, this PR fixes issues with the aws_acm integration tests. The integration tests were using deprecated tasks or attributes, such as openssl_certificate. ISSUE TYPE Bugfix Pull Request COMPONENT NAME aws_acm ADDITIONAL INFORMATION Changes to the aws_acm.py module: Add new tags and purge_tags attributes. The certificate_arn attribute is now allowed when state='present'. A playbook should be allowed to modify an existing certificate entry by providing the ARN. For example, a play may want to add, modify, remove tags on an existing certificate. The aws_acm module returns the updated tags. See example below. Refactor aws_acm.py to improve code reuse and make it possible to set arbitrary tags. This should also help to 1) improve readability. 2) prepare for #869 which I am planning to work on next. Backwards-compatibility is retained, even though it might make sense to normalize some of the attributes. Example return value: "certificate": { "arn": "arn:aws:acm:us-west-1:account:certificate/f85abf9d-4bda-4dcc-98c3-770664a68243", "domain_name": "acm1.949058644.ansible.com", "tags": { "Application": "search", "Environment": "development", "Name": "ansible-test-78006277-398b5796f999_949058644_1" } } Integration tests: The openssl_certificate task is deprecated. Migrate to x509_certificate. The signature_algorithms attribute is no longer supported by the new x509_certificate task. Using selfsigned_digest instead. The integration tests for the aws_acm module pass locally. I see ansible/ansible#67788 has been closed, but tests/integration/targets/aws_acm/aliases still has unstable. I am not sure what to do about it. I was able to run the tests in my local workspace after making the above changes. Reviewed-by: Markus Bergholz <[email protected]> Reviewed-by: Sebastien Rosset <None> Reviewed-by: Mark Woolley <[email protected]> Reviewed-by: Alina Buzachis <None> (cherry picked from commit 29d37be)
… integration tests (#870) (#1044) [PR #870/29d37bed backport][stable-3] Add support for tagging certificates. Fix deprecated tasks in aws_acm integration tests This is a backport of PR #870 as merged into main (29d37be). SUMMARY This PR adds support for configuring arbitrary tags when importing a certificate using the aws_acm module. Previously, it was only possible to set the 'Name' tag. Additionally, this PR fixes issues with the aws_acm integration tests. The integration tests were using deprecated tasks or attributes, such as openssl_certificate. ISSUE TYPE Bugfix Pull Request COMPONENT NAME aws_acm ADDITIONAL INFORMATION Changes to the aws_acm.py module: Add new tags and purge_tags attributes. The certificate_arn attribute is now allowed when state='present'. A playbook should be allowed to modify an existing certificate entry by providing the ARN. For example, a play may want to add, modify, remove tags on an existing certificate. The aws_acm module returns the updated tags. See example below. Refactor aws_acm.py to improve code reuse and make it possible to set arbitrary tags. This should also help to 1) improve readability. 2) prepare for #869 which I am planning to work on next. Backwards-compatibility is retained, even though it might make sense to normalize some of the attributes. Example return value: "certificate": { "arn": "arn:aws:acm:us-west-1:account:certificate/f85abf9d-4bda-4dcc-98c3-770664a68243", "domain_name": "acm1.949058644.ansible.com", "tags": { "Application": "search", "Environment": "development", "Name": "ansible-test-78006277-398b5796f999_949058644_1" } } Integration tests: The openssl_certificate task is deprecated. Migrate to x509_certificate. The signature_algorithms attribute is no longer supported by the new x509_certificate task. Using selfsigned_digest instead. The integration tests for the aws_acm module pass locally. I see ansible/ansible#67788 has been closed, but tests/integration/targets/aws_acm/aliases still has unstable. I am not sure what to do about it. I was able to run the tests in my local workspace after making the above changes. Reviewed-by: Alina Buzachis <None>
3dbf3cc
to
0d46131
Compare
Merge Failed. This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset. |
…nsible-collections#869) Rename aws_s3 to s3_object (and deprecate bucket creation/deleting) SUMMARY The aws_s3 module (as it's known today) is primarily for managing objects within S3. While it provides minimal support for creating S3 buckets, the feature set is very limited. Support for the advanced bucket management features is provided via the s3_bucket modules (such as managing encryption settings). Because the name aws_s3 often puts the module at the top of the list of modules, well away from the s3_bucket module, it can be difficult for folks to discover the s3_bucket module leading them to assume that we simply have no support for the more complex s3_bucket management features. As such, I suggest renaming the module to s3_object to make the intended scope more obvious and to improve the discoverability of s3_bucket. At this time I do not recommend setting a deprecation date for the alias, the cost of an alias is minimal and we've had a lot of churn recently. Additionally, deprecates the duplicated (but very limited) bucket creation/deletion functionality of aws_s3/s3_object ISSUE TYPE Feature Pull Request COMPONENT NAME aws_s3 (s3_object) ADDITIONAL INFORMATION See for example ansible-collections#866 where there was an attempt to create duplicate functionality. Reviewed-by: Alina Buzachis <None> Reviewed-by: Mark Chappell <None> Reviewed-by: Jill R <None>
SUMMARY
certificate_request
parameter (and sub-options) to obtain a public or private cert from ACM.certificate_request
parameter is specified:wait
andwait_timeout
parameters. Ifwait
is specified, wait until the validation records are generated, then return them.Fixes #868
ISSUE TYPE
COMPONENT NAME
aws_acm
ADDITIONAL INFORMATION
aws_acm
module only supports imported certificates. This PR is adding support for requesting a certificate.