cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

read enabled_key_rotation status also in aws_kms_info (#67770)

Browse source 
* read enabled_key_rotation status

* add changelog

* use AWSRetry decorator to prevent api rate limits

* fix pip8
This commit is contained in:
Markus Bergholz 2020-02-27 00:51:04 +01:00 committed by GitHub
parent 454b043c13
commit 9463d28967
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/67770-aws-kms-info-key-rotation.yml Normal file
View file

@ -0,0 +1,2 @@
minor_changes:
- aws_kms_info - Adds the ``enable_key_rotation`` info to the return value.

12
lib/ansible/modules/cloud/amazon/aws_kms_info.py
View file

@ -107,6 +107,11 @@ keys:
type: str type: str
returned: always returned: always
sample: false sample: false
enable_key_rotation:
description: Whether the automatically key rotation every year is enabled.
type: bool
returned: always
sample: false
aliases: aliases:
description: list of aliases associated with the key description: list of aliases associated with the key
type: list type: list
@ -284,6 +289,12 @@ def get_key_policy_with_backoff(connection, key_id, policy_name):
return connection.get_key_policy(KeyId=key_id, PolicyName=policy_name) return connection.get_key_policy(KeyId=key_id, PolicyName=policy_name)
@AWSRetry.backoff(tries=5, delay=5, backoff=2.0)
def get_enable_key_rotation_with_backoff(connection, key_id):
current_rotation_status = connection.get_key_rotation_status(KeyId=key_id)
return current_rotation_status.get('KeyRotationEnabled')
def get_kms_tags(connection, module, key_id): def get_kms_tags(connection, module, key_id):
# Handle pagination here as list_resource_tags does not have # Handle pagination here as list_resource_tags does not have
# a paginator # a paginator
@ -360,6 +371,7 @@ def get_key_details(connection, module, key_id, tokens=None):
exception=traceback.format_exc(), exception=traceback.format_exc(),
**camel_dict_to_snake_dict(e.response)) **camel_dict_to_snake_dict(e.response))
result['aliases'] = aliases.get(result['KeyId'], []) result['aliases'] = aliases.get(result['KeyId'], [])
result['enable_key_rotation'] = get_enable_key_rotation_with_backoff(connection, key_id)
if module.params.get('pending_deletion'): if module.params.get('pending_deletion'):
return camel_dict_to_snake_dict(result) return camel_dict_to_snake_dict(result)

1
test/integration/targets/aws_kms/tasks/main.yml
View file

@ -72,6 +72,7 @@
assert: assert:
that: that:
- new_key["keys"]|length == 1 - new_key["keys"]|length == 1
- new_key["keys"][0]["enable_key_rotation"] == true
- name: Update Policy on key to match AWS Console generate policy - name: Update Policy on key to match AWS Console generate policy
aws_kms: aws_kms: