Skip to content

Commit

Permalink
Merge branch 'ansible-collections:main' into acm-tags
Browse files Browse the repository at this point in the history
  • Loading branch information
sebastien-rosset authored Jan 21, 2022
2 parents 247dbc2 + c0b3e1b commit d895b5c
Show file tree
Hide file tree
Showing 12 changed files with 111 additions and 24 deletions.
15 changes: 15 additions & 0 deletions CHANGELOG.rst
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,21 @@ community.aws Release Notes
.. contents:: Topics


v3.0.1
======

Release Summary
---------------

This is a path release of the ``community.aws`` collection.

Minor Changes
-------------

- aws_msk_config - remove duplicated and unspecific requirements (https://github.com/ansible-collections/community.aws/pull/863).
- ecs_taskdefinition - remove duplicated and unspecific requirements (https://github.com/ansible-collections/community.aws/pull/863).
- s3_lifecycle - Add ``abort_incomplete_multipart_upload_days`` and ``expire_object_delete_marker`` parameters (https://github.com/ansible-collections/community.aws/pull/794).

v3.0.0
======

Expand Down
13 changes: 13 additions & 0 deletions changelogs/changelog.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1619,3 +1619,16 @@ releases:
- 838-ignore-deprecated-param-aws_kms_info.yml
- remove_deprecated_facts.yml
release_date: '2022-01-06'
3.0.1:
changes:
minor_changes:
- aws_msk_config - remove duplicated and unspecific requirements (https://github.com/ansible-collections/community.aws/pull/863).
- ecs_taskdefinition - remove duplicated and unspecific requirements (https://github.com/ansible-collections/community.aws/pull/863).
- s3_lifecycle - Add ``abort_incomplete_multipart_upload_days`` and ``expire_object_delete_marker``
parameters (https://github.com/ansible-collections/community.aws/pull/794).
release_summary: This is a path release of the ``community.aws`` collection.
fragments:
- 3.0.1.yml
- 794-s3_lifecycle_abort_expire.yml
- 863-requirements-doc-fix.yml
release_date: '2022-01-18'
2 changes: 0 additions & 2 deletions changelogs/fragments/794-s3_lifecycle_abort_expire.yml

This file was deleted.

2 changes: 2 additions & 0 deletions changelogs/fragments/860-add-missing-parameter.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
minor_changes:
- iam_user - add parameter ``password_reset_required`` (https://github.com/ansible-collections/community.aws/pull/860).
3 changes: 0 additions & 3 deletions changelogs/fragments/863-requirements-doc-fix.yml

This file was deleted.

7 changes: 3 additions & 4 deletions docs/community.aws.aws_kms_info_module.rst
Original file line number Diff line number Diff line change
Expand Up @@ -211,13 +211,12 @@ Parameters
<td>
<ul style="margin: 0; padding: 0"><b>Choices:</b>
<li>no</li>
<li><div style="color: blue"><b>yes</b>&nbsp;&larr;</div></li>
<li>yes</li>
</ul>
</td>
<td>
<div>Whether to return the results in the <code>keys</code> attribute as well as the <code>kms_keys</code> attribute.</div>
<div>Returning the <code>keys</code> attribute conflicts with the builtin keys() method on dictionaries and as such has been deprecated.</div>
<div>After version <code>3.0.0</code> this parameter will do nothing, and after version <code>4.0.0</code> this parameter will be removed.</div>
<div>Returning the <code>keys</code> attribute conflicted with the builtin keys() method on dictionaries and as such was deprecated.</div>
<div>This parameter now does nothing, and after version <code>4.0.0</code> this parameter will be removed.</div>
</td>
</tr>
<tr>
Expand Down
4 changes: 1 addition & 3 deletions docs/community.aws.aws_msk_config_module.rst
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,9 @@ Requirements
------------
The below requirements are needed on the host that executes this module.

- boto3
- python >= 3.6
- boto3 >= 1.16.0
- botocore >= 1.17.48
- botocore >= 1.19.0
- python >= 3.6


Parameters
Expand Down
5 changes: 1 addition & 4 deletions docs/community.aws.ecs_taskdefinition_module.rst
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,9 @@ Requirements
------------
The below requirements are needed on the host that executes this module.

- boto3
- python >= 3.6
- boto3 >= 1.16.0
- botocore
- botocore >= 1.19.0
- json
- python >= 3.6


Parameters
Expand Down
40 changes: 40 additions & 0 deletions docs/community.aws.s3_lifecycle_module.rst
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,22 @@ Parameters
<th>Choices/<font color="blue">Defaults</font></th>
<th width="100%">Comments</th>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>abort_incomplete_multipart_upload_days</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">integer</span>
</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 2.2.0</div>
</td>
<td>
</td>
<td>
<div>Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 will wait before permanently removing all parts of the upload.</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
Expand Down Expand Up @@ -160,6 +176,7 @@ Parameters
<td>
<div>Indicates the lifetime of the objects that are subject to the rule by the date they will expire.</div>
<div>The value must be ISO-8601 format, the time must be midnight and a GMT timezone must be specified.</div>
<div>This cannot be specified with <em>expire_object_delete_marker</em></div>
</td>
</tr>
<tr>
Expand All @@ -176,6 +193,29 @@ Parameters
<td>
<div>Indicates the lifetime, in days, of the objects that are subject to the rule.</div>
<div>The value must be a non-zero positive integer.</div>
<div>This cannot be specified with <em>expire_object_delete_marker</em></div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>expire_object_delete_marker</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">boolean</span>
</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 2.2.0</div>
</td>
<td>
<ul style="margin: 0; padding: 0"><b>Choices:</b>
<li>no</li>
<li>yes</li>
</ul>
</td>
<td>
<div>Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions.</div>
<div>If set to <code>true</code>, the delete marker will be expired; if set to <code>false</code> the policy takes no action.</div>
<div>This cannot be specified with <em>expiration_days</em> or <em>expiration_date</em>.</div>
</td>
</tr>
<tr>
Expand Down
2 changes: 1 addition & 1 deletion galaxy.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
namespace: community
name: aws
version: 3.0.0
version: 3.0.1
readme: README.md
authors:
- Ansible (https://github.com/ansible)
Expand Down
35 changes: 28 additions & 7 deletions plugins/modules/iam_user.py
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,13 @@
required: false
type: str
version_added: 2.2.0
password_reset_required:
description:
- Defines if the user is required to set a new password after login.
required: false
type: bool
default: false
version_added: 3.1.0
update_password:
default: always
choices: ['always', 'on_create']
Expand Down Expand Up @@ -250,18 +257,20 @@ def create_or_update_login_profile(connection, module):
user_params = dict()
user_params['UserName'] = module.params.get('name')
user_params['Password'] = module.params.get('password')
user_params['PasswordResetRequired'] = module.params.get('password_reset_required')
retval = {}

try:
connection.update_login_profile(**user_params)
retval = connection.update_login_profile(**user_params)
except is_boto3_error_code('NoSuchEntity'):
try:
connection.create_login_profile(**user_params)
retval = connection.create_login_profile(**user_params)
except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e:
module.fail_json_aws(e, msg="Unable to create user login profile")
except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: # pylint: disable=duplicate-except
module.fail_json_aws(e, msg="Unable to update user login profile")

return True
return True, retval


def delete_login_profile(connection, module):
Expand Down Expand Up @@ -296,6 +305,7 @@ def create_or_update_user(connection, module):
user = get_user(connection, module, params['UserName'])

# If user is None, create it
new_login_profile = False
if user is None:
# Check mode means we would create the user
if module.check_mode:
Expand All @@ -312,13 +322,20 @@ def create_or_update_user(connection, module):
wait_iam_exists(connection, module)

if module.params.get('password') is not None:
create_or_update_login_profile(connection, module)
login_profile_result, login_profile_data = create_or_update_login_profile(connection, module)

if login_profile_data.get('LoginProfile', {}).get('PasswordResetRequired', False):
new_login_profile = True
else:
login_profile_result = None
update_result = update_user_tags(connection, module, params, user)

if module.params['update_password'] == "always" and module.params.get('password') is not None:
login_profile_result = create_or_update_login_profile(connection, module)
login_profile_result, login_profile_data = create_or_update_login_profile(connection, module)

if login_profile_data.get('LoginProfile', {}).get('PasswordResetRequired', False):
new_login_profile = True

elif module.params.get('remove_password'):
login_profile_result = delete_login_profile(connection, module)

Expand Down Expand Up @@ -361,6 +378,9 @@ def create_or_update_user(connection, module):

# Get the user again
user = get_user(connection, module, params['UserName'])
if changed and new_login_profile:
# `LoginProfile` is only returned on `create_login_profile` method
user['user']['password_reset_required'] = login_profile_data.get('LoginProfile', {}).get('PasswordResetRequired', False)

module.exit_json(changed=changed, iam_user=user)

Expand Down Expand Up @@ -505,8 +525,9 @@ def main():
argument_spec = dict(
name=dict(required=True, type='str'),
password=dict(type='str', no_log=True),
password_reset_required=dict(type='bool', default=False, no_log=False),
update_password=dict(default='always', choices=['always', 'on_create'], no_log=False),
remove_password=dict(type='bool'),
remove_password=dict(type='bool', no_log=False),
managed_policies=dict(default=[], type='list', aliases=['managed_policy'], elements='str'),
state=dict(choices=['present', 'absent'], required=True),
purge_policies=dict(default=False, type='bool', aliases=['purge_policy', 'purge_managed_policies']),
Expand All @@ -519,7 +540,7 @@ def main():
module = AnsibleAWSModule(
argument_spec=argument_spec,
supports_check_mode=True,
mutually_exclusive=[['password', 'remove_password']]
mutually_exclusive=[['password', 'remove_password']],
)

connection = module.client('iam')
Expand Down
7 changes: 7 additions & 0 deletions tests/integration/targets/iam_user/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -111,13 +111,15 @@
iam_user:
name: "{{ test_user3 }}"
password: "{{ test_password }}"
password_reset_required: yes
state: present
register: iam_user

- name: assert that the second user is created
assert:
that:
- iam_user is changed
- iam_user.iam_user.user.password_reset_required

- name: get info on IAM user(s) on path
iam_user_info:
Expand Down Expand Up @@ -275,12 +277,17 @@
that:
- iam_user_update is not changed

# flakey, there is no waiter for login profiles
# Login Profile for User ansible-user-c cannot be modified while login profile is being created.
- name: update IAM password
iam_user:
name: "{{ test_user3 }}"
password: "{{ test_new_password }}"
state: present
register: iam_user_update
until: iam_user_update.failed == false
delay: 3
retries: 5

- assert:
that:
Expand Down

0 comments on commit d895b5c

Please sign in to comment.