cloudfront_distribution: Always add field_level_encryption_id to cach…

…e behaviour (ansible#61271) * cloudfront_distribution: (integration tests) Migrate to using module_defaults * cloudfront_distribution: (integration tests) Use the ID rather than the alias Using aliases requires providing a valid SSL certificate, as such we're not longer able to test using an arbitrary hostname * cloudfront_distribution: (integration tests) Make sure we delete the test s3 bucket when tests fail * cloudfront_distribution: field_level_encryption_id is now a mandatory field always add it Setting the field to an empty string has the same effect as the original behaviour. * Copy & Paste fixup Co-Authored-By: Jill R <[email protected]> Co-authored-by: Jill R <[email protected]>
base10 · Feb 19, 2020 · 3aae025 · 3aae025
1 parent 052e8b7
commit 3aae025
Show file tree

Hide file tree

Showing 4 changed files with 64 additions and 65 deletions.
diff --git a/changelogs/fragments/61271-cloudfront_distribution-encryptionid.yml b/changelogs/fragments/61271-cloudfront_distribution-encryptionid.yml
@@ -0,0 +1,2 @@
+bugfixes:
+- cloudfront_distribution - Always add field_level_encryption_id to cache behaviour to match AWS requirements
diff --git a/lib/ansible/modules/cloud/amazon/cloudfront_distribution.py b/lib/ansible/modules/cloud/amazon/cloudfront_distribution.py
@@ -1859,11 +1859,12 @@ def validate_lambda_function_associations(self, config, lambda_function_associat
             self.module.fail_json_aws(e, msg="Error validating lambda function associations")
 
     def validate_field_level_encryption_id(self, config, field_level_encryption_id, cache_behavior):
-        # only set field_level_encryption_id if it's already set or if it was passed
         if field_level_encryption_id is not None:
             cache_behavior['field_level_encryption_id'] = field_level_encryption_id
         elif 'field_level_encryption_id' in config:
             cache_behavior['field_level_encryption_id'] = config.get('field_level_encryption_id')
+        else:
+            cache_behavior['field_level_encryption_id'] = ""
         return cache_behavior
 
     def validate_allowed_methods(self, config, allowed_methods, cache_behavior):

diff --git a/test/integration/targets/cloudfront_distribution/defaults/main.yml b/test/integration/targets/cloudfront_distribution/defaults/main.yml
@@ -1,6 +1,14 @@
 cloudfront_hostname: "{{ resource_prefix }}01"
+
 # Use a domain that has a wildcard DNS
-cloudfront_alias: "{{ cloudfront_hostname }}.github.io"
+# Using an alias requires also having an SSL cert...
+#cloudfront_alias: "{{ cloudfront_hostname }}.github.io"
+#cloudfront_viewer_cert:
+#  acm_certificate_arn: ...
+#  certificate: ...
+#  certificate_source: ...
+#  minimum_protocol_version: ...
+#  ssl_support_method: ...
 
 cloudfront_test_cache_behaviors:
   - path_pattern: /test/path
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		bugfixes:
		- cloudfront_distribution - Always add field_level_encryption_id to cache behaviour to match AWS requirements