cloudtrail - Fix changed = true when kms key alias used #506
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fix output.exists value on create Fix tags being changed to lower case add changelog
ansibullbot
added
bug
tremble
approved these changes
Mar 31, 2021
alinabuzachis
pushed a commit
to alinabuzachis/community.aws
that referenced
this pull request
Jul 19, 2021
alinabuzachis
pushed a commit
to alinabuzachis/community.aws
that referenced
this pull request
Jul 19, 2021
danielcotton
pushed a commit
to danielcotton/community.aws
that referenced
this pull request
Nov 23, 2021
abikouo
pushed a commit
to abikouo/community.aws
that referenced
this pull request
Oct 24, 2023
) Fix output.exists value on create Fix tags being changed to lower case add changelog This commit was initially merged in https://github.com/ansible-collections/community.aws See: ansible-collections@b825069
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SUMMARY
Fixes all bugs listed in the integration tests.
The implementation for the the changed = true fix requires no additional iam permissions, except for in the case where check_mode = true. In this case, it will use the
kms:ListAliasespermission if possible. I used this permission specifically because it is one of the kms permissions included in the aws managed policyarn:aws:iam::aws:policy/AWSCloudTrail_FullAccess. However, if the user does not have this permission then the module will fallback to its current behavior of reporting changed = true when check_mode = true and a kms key alias is used.Fixes #246
ISSUE TYPE
COMPONENT NAME
cloudtrail
ADDITIONAL INFORMATION