New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Cloudfront distribution now uses provided origin_access_identity #39
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for taking the time to submit this patch.
Please could you also update the integration tests to ensure we don't see a regression:
tests/integration/targets/cloudfront_distribution/tasks/main.yml
86d4d2c
to
614f91c
Compare
- This is the same fix that had been originally pushed to ansible/ansible#68845
c19cc10
to
88e53d8
Compare
88e53d8
to
87b982f
Compare
I have added the tests 2 weeks ago, and clicked on the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apologies, I didn't see the re-request.
tests/integration/targets/cloudfront_distribution/tasks/main.yml
Outdated
Show resolved
Hide resolved
Co-authored-by: Mark Chappell <mchappel@redhat.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What are the next steps for this PR? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@TheOptimisticFactory Sorry about the delays here, I'm trying to follow up with a couple of folks. In the mean time I noticed a copy and paste artefact which would be good to clean up.
tests/integration/targets/cloudfront_distribution/tasks/main.yml
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for patch (and patience) @TheOptimisticFactory, sorry for not taking a look sooner. The code looks great. The tests are failing for me locally (one of the very first tests is asserting changed should be false but it's true - unrelated to this change), but I can't remember if there's a trick to getting them to run normally - @tremble is the test suite working for you? (wondering specifically since these are marked unsupported
and don't run in CI)
cloudfront_distribution: | ||
distribution_id: "{{ distribution_id }}" | ||
origins: | ||
- id: "{{ targetBucket }}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
targetBucket
is not defined anywhere in the test suite, which causes this task to fail. I think you may have meant to use resource_prefix
here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are correct 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have updated my PR to use resource_prefix
instead
I had to comment out the failing assertion to get the tests to proceed, but they seem to do ok after that point. I've opened an issue for the bad assertion and added a card to the CI tracking board for it. I'm ok with testing that way for this PR, once the tests to cover this change are passing. |
99d4500
to
7033223
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm sorry about the delays involved here.
I retried with the failing 'changed' assertions commented out and was unable to successfully complete the tests.
Since additional changes are also required, please also add a changelog entry: https://docs.ansible.com/ansible/latest/community/development_process.html#changelogs-how-to
domain_name: "{{ resource_prefix }}.s3.amazonaws.com" | ||
s3_origin_access_identity_enabled: true | ||
s3_origin_config: | ||
origin_access_identity: origin-access-identity/cloudfront/ANYTHING |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AWS appears to validate the OAI it's passed, so this results in a failure:
An error occurred (InvalidOriginAccessIdentity) when calling the UpdateDistribution operation: The specified origin access identity does not exist or is not valid.
``
distribution_id: "{{ distribution_id }}" | ||
origins: | ||
- id: "{{ resource_prefix }}" | ||
domain_name: "{{ resource_prefix }}.s3.amazonaws.com" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
domain_name: "{{ resource_prefix }}.s3.amazonaws.com" | |
domain_name: "{{ resource_prefix }}-bucket.s3.amazonaws.com" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As we discussed on irc during pr_day, the broken test suite exceeds the scope of this change. This change should not affect any existing use cases and we feel confident with the code as it is here.
Thanks very much for your work and patience on this one @TheOptimisticFactory! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We've had a discussion on IRC.
We're reasonably certain that your change itself is going to do the right thing. As it stands the integration tests are broken, but this is not directly a result of your change. We're going to merge this and (at some point) try to follow up and fix the tests.
Thank you for your time on this and sorry it's taken so long.
…ansible-collections#39) * fix: Cloudfront distribution now uses provided origin_access_identity - This is the same fix that had been originally pushed to ansible/ansible#68845 * test: Added new test case * test: corrected typo in task name Co-authored-by: Mark Chappell <mchappel@redhat.com> * test: Adjusted test task labeling Co-authored-by: Romain Gagnaire <romain@viibe.co> Co-authored-by: Mark Chappell <mchappel@redhat.com>
…ansible-collections#39) * fix: Cloudfront distribution now uses provided origin_access_identity - This is the same fix that had been originally pushed to ansible/ansible#68845 * test: Added new test case * test: corrected typo in task name Co-authored-by: Mark Chappell <mchappel@redhat.com> * test: Adjusted test task labeling Co-authored-by: Romain Gagnaire <romain@viibe.co> Co-authored-by: Mark Chappell <mchappel@redhat.com>
Adding `s3_origin_config` to docs in parameters and return values
Adding s3_origin_config to docs in parameters and return values (from changes in PR #39) #39 Adding s3_origin_config to docs in parameters and return values SUMMARY ISSUE TYPE Bugfix Pull Request Docs Pull Request Feature Pull Request New Module Pull Request COMPONENT NAME ADDITIONAL INFORMATION Reviewed-by: Mark Chappell <None> Reviewed-by: None <None>
…ansible-collections#39) * fix: Cloudfront distribution now uses provided origin_access_identity - This is the same fix that had been originally pushed to ansible/ansible#68845 * test: Added new test case * test: corrected typo in task name Co-authored-by: Mark Chappell <mchappel@redhat.com> * test: Adjusted test task labeling Co-authored-by: Romain Gagnaire <romain@viibe.co> Co-authored-by: Mark Chappell <mchappel@redhat.com>
Adding `s3_origin_config` to docs in parameters and return values
Adding `s3_origin_config` to docs in parameters and return values
SUMMARY
This PR was originally opened at fix: Cloudfront distribution now uses provided origin_access_identity ansible/ansible#68845
Currently, a new access-identity is created even though the parameters specify a given access-identity ID in
origin.s3_origin_config.origin_access_identity
.It will instead a new access-identity instead of using the provided
origin-access-identity/cloudfront/ANYTHING
This PR adds the retrieval of
origin.s3_origin_config.origin_access_identity
when applicableISSUE TYPE
COMPONENT NAME
ADDITIONAL INFORMATION
Call parameters
Output (with fix)