Handle FieldLevelEncryptionId in cloudfront_distribution (ansible#41770)

Ensure that FieldLevelEncryptionId is properly handled - passing it if set, and keeping it if returned by GetDistribution Update cloudfront_distribution tests to remove references to test_identifier so test suite actually works Fixes ansible#40724
pva · Jul 19, 2018 · 786613f · 786613f
1 parent f0f335d
commit 786613f
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 5 deletions.
diff --git a/lib/ansible/modules/cloud/amazon/cloudfront_distribution.py b/lib/ansible/modules/cloud/amazon/cloudfront_distribution.py
@@ -152,6 +152,7 @@
               I(lambda_function_associations[])
                 I(lambda_function_arn)
                 I(event_type)
+              I(field_level_encryption_id)
 
     cache_behaviors:
       description:
@@ -180,6 +181,7 @@
             I(max_ttl)
             I(compress)
             I(lambda_function_associations[])
+            I(field_level_encryption_id)
 
     purge_cache_behaviors:
       description: Whether to remove any cache behaviors that aren't listed in I(cache_behaviors). This switch
@@ -1505,6 +1507,7 @@ def validate_cache_behavior(self, config, cache_behavior, valid_origins, is_defa
         cache_behavior = self.validate_allowed_methods(config, cache_behavior.get('allowed_methods'), cache_behavior)
         cache_behavior = self.validate_lambda_function_associations(config, cache_behavior.get('lambda_function_associations'), cache_behavior)
         cache_behavior = self.validate_trusted_signers(config, cache_behavior.get('trusted_signers'), cache_behavior)
+        cache_behavior = self.validate_field_level_encryption_id(config, cache_behavior.get('field_level_encryption_id'), cache_behavior)
         return cache_behavior
 
     def validate_cache_behavior_first_level_keys(self, config, cache_behavior, valid_origins, is_default_cache):
@@ -1587,6 +1590,14 @@ def validate_lambda_function_associations(self, config, lambda_function_associat
         except Exception as e:
             self.module.fail_json_aws(e, msg="Error validating lambda function associations")
 
+    def validate_field_level_encryption_id(self, config, field_level_encryption_id, cache_behavior):
+        # only set field_level_encryption_id if it's already set or if it was passed
+        if field_level_encryption_id is not None:
+            cache_behavior['field_level_encryption_id'] = field_level_encryption_id
+        elif 'field_level_encryption_id' in config:
+            cache_behavior['field_level_encryption_id'] = config.get('field_level_encryption_id')
+        return cache_behavior
+
     def validate_allowed_methods(self, config, allowed_methods, cache_behavior):
         try:
             if allowed_methods is not None:

diff --git a/test/integration/targets/cloudfront_distribution/meta/main.yml b/test/integration/targets/cloudfront_distribution/meta/main.yml
@@ -1,3 +1 @@
-dependencies:
-  - prepare_tests
-  - setup_ec2
+dependencies: []
diff --git a/test/integration/targets/cloudfront_distribution/tasks/main.yml b/test/integration/targets/cloudfront_distribution/tasks/main.yml
@@ -124,7 +124,6 @@
         custom_origin_config:
           http_port: 8080
       - domain_name: "{{ resource_prefix }}2.example.com"
-      - domain_name: "{{ test_identifier }}2.example.com"
       default_root_object: index.html
       wait: yes
       state: present
@@ -178,7 +177,7 @@
     cloudfront_distribution:
       alias: "{{ cloudfront_alias }}"
       origins:
-      - domain_name: "{{ test_identifier }}2.example.com"
+      - domain_name: "{{ resource_prefix }}2.example.com"
       default_root_object: index.php
       state: present
       <<: *aws_connection_info