aws_kms: Fix policy arg to actually work with JSON strings that is ne…

…eds (ansible-collections#43) * Fix policy arg to actually work with JSON strings that is needs. Also update docs. * Fix typo in docs * Fix long line in example * Update type in docs too Co-Authored-By: Mark Chappell <mchappel@redhat.com> * Remove unecessary documentation for aws_kms policy param Co-Authored-By: Mark Chappell <mchappel@redhat.com> Co-authored-by: Mark Chappell <mchappel@redhat.com>
abikouo · Sep 18, 2023 · 15d789f · 15d789f
1 parent ee5d8df
commit 15d789f
Showing 1 changed file with 15 additions and 3 deletions.
diff --git a/aws_kms.py b/aws_kms.py
@@ -164,9 +164,9 @@
             type: dict
   policy:
     description:
-      - policy to apply to the KMS key
+      - policy to apply to the KMS key.
       - See U(https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html)
-    type: str
+    type: json
 author:
   - Ted Timmons (@tedder)
   - Will Thames (@willthames)
@@ -224,6 +224,18 @@
         operations:
           - Decrypt
           - RetireGrant
+
+- name: Update IAM policy on an existing KMS key
+  aws_kms:
+    alias: my-kms-key
+    policy: '{"Version": "2012-10-17", "Id": "my-kms-key-permissions", "Statement": [ { <SOME STATEMENT> } ]}'
+    state: present
+
+- name: Example using lookup for policy json
+  aws_kms:
+    alias: my-kms-key
+    policy: "{{ lookup('template', 'kms_iam_policy_template.json.j2') }}"
+    state: present
 '''
 
 RETURN = '''
@@ -1017,7 +1029,7 @@ def main():
         tags=dict(type='dict', default={}),
         purge_tags=dict(type='bool', default=False),
         grants=dict(type='list', default=[]),
-        policy=dict(),
+        policy=dict(type='json'),
         purge_grants=dict(type='bool', default=False),
         state=dict(default='present', choices=['present', 'absent']),
         enable_key_rotation=(dict(type='bool'))