-
Notifications
You must be signed in to change notification settings - Fork 343
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
kms_key: Add multi region support to create_key (#1290)
kms_key: Add multi region support to create_key Signed-off-by: GomathiselviS [email protected] SUMMARY Fixes #1281 ISSUE TYPE Feature Pull Request COMPONENT NAME ADDITIONAL INFORMATION Reviewed-by: Gonéri Le Bouder <[email protected]> Reviewed-by: Jill R <None> Reviewed-by: Mark Chappell <None> Reviewed-by: Alina Buzachis <None> Reviewed-by: GomathiselviS <None>
- Loading branch information
1 parent
e823f89
commit a4ab720
Showing
6 changed files
with
291 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
minor_changes: | ||
- kms_key - Add multi_region option to create_key (https://github.com/ansible-collections/amazon.aws/pull/1290). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
100 changes: 100 additions & 0 deletions
100
tests/integration/targets/kms_key/roles/aws_kms/tasks/test_multi_region.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
- block: | ||
# ============================================================ | ||
# PREPARATION | ||
# | ||
# Get some information about who we are before starting our tests | ||
# we'll need this as soon as we start working on the policies | ||
- name: get ARN of calling user | ||
aws_caller_info: | ||
register: aws_caller_info | ||
- name: See whether key exists and its current state | ||
kms_key_info: | ||
alias: '{{ kms_key_alias }}' | ||
- name: create a multi region key - check mode | ||
kms_key: | ||
alias: '{{ kms_key_alias }}-check' | ||
tags: | ||
Hello: World | ||
state: present | ||
multi_region: True | ||
enabled: yes | ||
register: key_check | ||
check_mode: yes | ||
- name: find facts about the check mode key | ||
kms_key_info: | ||
alias: '{{ kms_key_alias }}-check' | ||
register: check_key | ||
- name: ensure that check mode worked as expected | ||
assert: | ||
that: | ||
- check_key.kms_keys | length == 0 | ||
- key_check is changed | ||
|
||
- name: create a multi region key | ||
kms_key: | ||
alias: '{{ kms_key_alias }}' | ||
tags: | ||
Hello: World | ||
state: present | ||
enabled: yes | ||
multi_region: True | ||
enable_key_rotation: no | ||
register: key | ||
- name: assert that state is enabled | ||
assert: | ||
that: | ||
- key is changed | ||
- '"key_id" in key' | ||
- key.key_id | length >= 36 | ||
- not key.key_id.startswith("arn:aws") | ||
- '"key_arn" in key' | ||
- key.key_arn.endswith(key.key_id) | ||
- key.key_arn.startswith("arn:aws") | ||
- key.key_state == "Enabled" | ||
- key.enabled == True | ||
- key.tags | length == 1 | ||
- key.tags['Hello'] == 'World' | ||
- key.enable_key_rotation == false | ||
- key.key_usage == 'ENCRYPT_DECRYPT' | ||
- key.customer_master_key_spec == 'SYMMETRIC_DEFAULT' | ||
- key.grants | length == 0 | ||
- key.key_policies | length == 1 | ||
- key.key_policies[0].Id == 'key-default-1' | ||
- key.description == '' | ||
- key.multi_region == True | ||
|
||
- name: Sleep to wait for updates to propagate | ||
wait_for: | ||
timeout: 45 | ||
|
||
- name: create a key (expect failure) | ||
kms_key: | ||
alias: '{{ kms_key_alias }}' | ||
tags: | ||
Hello: World | ||
state: present | ||
enabled: yes | ||
multi_region: True | ||
register: result | ||
ignore_errors: True | ||
|
||
- assert: | ||
that: | ||
- result is failed | ||
- result.msg != "MODULE FAILURE" | ||
- result.changed == False | ||
- '"You cannot change the multi-region property on an existing key." in result.msg' | ||
|
||
always: | ||
# ============================================================ | ||
# CLEAN-UP | ||
- name: finish off by deleting keys | ||
kms_key: | ||
state: absent | ||
alias: '{{ item }}' | ||
pending_window: 7 | ||
ignore_errors: true | ||
loop: | ||
- '{{ kms_key_alias }}' | ||
- '{{ kms_key_alias }}-diff-spec-usage' | ||
- '{{ kms_key_alias }}-check' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.