ecs_taskdefinition can absent without containers argument (#41398)

* ecs_taskdefinition can absent without containers argument

* add regression test for absent with arn

* Add PassRole privilege for ecs_cluster to pass

hacking/aws_config/testing_policies/compute-policy.json

@@ -213,7 +213,8 @@
                 "arn:aws:iam::{{aws_account}}:role/ansible_lambda_role",
                 "arn:aws:iam::{{aws_account}}:role/ecsInstanceRole",
                 "arn:aws:iam::{{aws_account}}:role/ecsServiceRole",
-                "arn:aws:iam::{{aws_account}}:role/aws_eks_cluster_role"
+                "arn:aws:iam::{{aws_account}}:role/aws_eks_cluster_role",
+                "arn:aws:iam::{{aws_account}}:role/ecsTaskExecutionRole"
             ]
         },
         {

lib/ansible/modules/cloud/amazon/ecs_taskdefinition.py

@@ -325,9 +325,10 @@ def main():
         if not module.botocore_at_least('1.10.44'):
             module.fail_json(msg='botocore needs to be version 1.10.44 or higher to use execution_role_arn')
 
-    for container in module.params.get('containers', []):
-        for environment in container.get('environment', []):
-            environment['value'] = to_text(environment['value'])
+    if module.params['containers']:
+        for container in module.params['containers']:
+            for environment in container.get('environment', []):
+                environment['value'] = to_text(environment['value'])
 
     if module.params['state'] == 'present':
         if 'containers' not in module.params or not module.params['containers']:

test/integration/targets/ecs_cluster/playbooks/roles/ecs_cluster/tasks/main.yml

@@ -654,6 +654,20 @@
     # ============================================================
     # End tests for Fargate
 
+    - name: create task definition for absent with arn regression test
+      ecs_taskdefinition:
+        containers: "{{ ecs_task_containers }}"
+        family: "{{ ecs_task_name }}-absent"
+        state: present
+        <<: *aws_connection_info
+      register: ecs_task_definition_absent_with_arn
+
+    - name: absent task definition by arn
+      ecs_taskdefinition:
+        arn: "{{ ecs_task_definition_absent_with_arn.taskdefinition.taskDefinitionArn }}"
+        state: absent
+        <<: *aws_connection_info
+
   always:
     # TEAR DOWN: snapshot, ec2 instance, ec2 key pair, security group, vpc
     - name: Announce teardown start
@@ -795,6 +809,15 @@
         <<: *aws_connection_info
       ignore_errors: yes
 
+    - name: remove ecs task definition for absent with arn
+      ecs_taskdefinition:
+        containers: "{{ ecs_task_containers }}"
+        family: "{{ ecs_task_name }}-absent"
+        revision: "{{ ecs_task_definition_absent_with_arn.taskdefinition.revision }}"
+        state: absent
+        <<: *aws_connection_info
+      ignore_errors: yes
+
     - name: remove load balancer
       elb_application_lb:
         name: "{{ ecs_load_balancer_name }}"