New module: manage Amazon CloudFront origin access identities (cloud/amazon/cloudfront_origin_access_identity) #24568
Conversation
ansibot
added
affects_2.4
bcoca
removed
the
needs_triage
| argument_spec.update(dict( | ||
| state=dict(choices=['present', 'updated', 'absent'], default='present'), | ||
| origin_access_identity_id=dict(required=True, default=None, type='str'), | ||
| caller_reference=dict(required=False, default=None, type='str'), |
There was a problem hiding this comment.
This parameter isn't documented.
|
|
||
| from ansible.module_utils.ec2 import get_aws_connection_info, ec2_argument_spec | ||
| from ansible.module_utils.ec2 import boto3_conn, HAS_BOTO3 | ||
| from ansible.modules.cloud.amazon.cloudfront_distribution import CloudFrontHelpers |
There was a problem hiding this comment.
To share code between modules, please use module_utils instead of importing other modules directly.
| def delete_origin_access_identity(self, origin_access_identity_id, e_tag): | ||
| try: | ||
| func = partial(self.client.delete_cloud_front_origin_access_identity, | ||
| Id=origin_access_identity_id, IfMatch=e_tag) |
There was a problem hiding this comment.
This isn't ever going to be paginated. docs
| 'CallerReference': caller_reference, | ||
| 'Comment': comment | ||
| }) | ||
| return self.paginated_response(func) |
There was a problem hiding this comment.
Create/update/delete calls aren't paginated in boto3. Are you using this pagination function for other error handling as well?
There was a problem hiding this comment.
removed paginated - was only using to pop ResponseMetadata which have added back
| 'Comment': comment | ||
| }, | ||
| Id=origin_access_identity_id, IfMatch=e_tag) | ||
| return self.paginated_response(func) |
ansibot
added
needs_revision
| # - cloudfront_origin_access_identity | ||
|
|
||
|
|
||
| class CloudFrontHelpers: |
There was a problem hiding this comment.
This really doesn't need to be an object - I'd prefer to have from module_utils.cloudfront import helpers to instantiating a class.
| pass | ||
|
|
||
|
|
||
| class CloudFrontOriginAccessIdentityServiceManager: |
There was a problem hiding this comment.
This needs to be class CloudFrontOriginAccessIdentityServiceManager(object): to use new-style 2.7 classes.
alikins
changed the title
alikins
changed the title
ansibot
added
stale_ci
ansibot
added
the
stale_review
|
With cloudfront_distribution I updated it to just create an origin access identity when needed - do you think there's a need for a separate management of OAI? |
ansibot
added
the
support:core
|
@willthames probably not unless there is a compelling use case for it. |
| return dictionary | ||
|
|
||
|
|
||
| def snake_dict_to_pascal_dict(snake_dict): |
There was a problem hiding this comment.
snake_dict_to_camel_dict now takes the parameter capitalize_first and camel_dict_to_snake_dict takes reversible so those can be used instead these pascal functions.
There was a problem hiding this comment.
this file is no longer required as it is now in ansible/module_utils/ec2.py
There was a problem hiding this comment.
i might just open a new PR for this and only keep the origin_access_identity file as the rebase is going to be a nightmare
There was a problem hiding this comment.
Sure, whatever is easiest. I'm sorry about the rebase nightmare.
| @@ -238,8 +238,8 @@ | |||
| pass # will be caught by imported HAS_BOTO3 | |||
|
|
|||
|
|
|||
| class CloudFrontServiceManager: | |||
| """Handles CloudFront Services""" | |||
| class CloudFrontFactsServiceManager: | |||
There was a problem hiding this comment.
This should be a new style class CloudFrontFactsServiceManager(object)
| #!/usr/bin/python | ||
| # This file is part of Ansible | ||
| # | ||
| # Ansible is free software: you can redistribute it and/or modify |
There was a problem hiding this comment.
The copyright can be updated: http://docs.ansible.com/ansible/latest/dev_guide/developing_modules_documenting.html#copyright
| CloudFrontFactsServiceManager) | ||
| import ansible.module_utils.cloudfront as helpers | ||
| from ansible.module_utils.ec2 import camel_dict_to_snake_dict | ||
| from ansible.module_utils.basic import AnsibleModule |
There was a problem hiding this comment.
It would be better if AnsibleAWSModule was used instead of AnsibleModule because the exception handling is better (and cloudfront_distribution is using it). To import: from ansible.module_utils.aws.core import AnsibleAWSModule
Instead of using e.response and str(e) yourself, you can call
except (ClientError, BotoCoreError) as e:
module.fail_json_aws(e, msg="Unable to <thing that failed>")
and it formats the exception by using e.message if it exists or str(e) and uses e.response only if it exists.
There was a problem hiding this comment.
Using AnsibleAWSModule also means you can remove importing HAS_BOTO3 and the HAS_BOTO3 check, as the module checks it.
| self.client = boto3_conn( | ||
| self.module, conn_type='client', resource=resource, | ||
| region=region, endpoint=ec2_url, **aws_connect_kwargs) | ||
| except botocore.exceptions.NoRegionError: |
There was a problem hiding this comment.
boto3_conn() now handles NoRegionError and ClientError so you can remove that here.
| 'CallerReference': caller_reference, | ||
| 'Comment': comment | ||
| }) | ||
| except botocore.exceptions.ClientError as e: |
There was a problem hiding this comment.
BotoCoreError should be caught here as well and all other places catching ClientError https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/cloud/amazon/GUIDELINES.md#boto3-1
BotoCoreError does not have a .response, so using AnsibleAWSModule will cut down on exception handling logic as I suggested above.
| argument_spec.update(dict( | ||
| state=dict(choices=['present', 'absent'], default='present'), | ||
| origin_access_identity_id=dict(required=False, default=None, | ||
| type='str'), |
There was a problem hiding this comment.
type='str' is the default so you can remove that. default=None and required=False are also defaults that can be removed.
| else: | ||
| result = service_mgr.create_origin_access_identity( | ||
| caller_reference, comment) | ||
| changed = True |
There was a problem hiding this comment.
It looks like this module is not idempotent. Running the same task twice with state: present or state: absent will show changed every time.
| origin_access_identity_id, e_tag) | ||
| changed = True | ||
|
|
||
| if result: |
There was a problem hiding this comment.
I think you can just do result.pop('ResponseMetadata', None) and then call module.exit_json with result
wilvk
force-pushed
the
cloudfront_origin_access_identity
branch
from
11540fc
to
743c116
Compare
ansibot
removed
stale_ci
…w ok instead of changed when deleting same oai multiple times
…so made always present for add and update
wilvk
force-pushed
the
cloudfront_origin_access_identity
branch
from
1d82a78
to
0dac57c
Compare
ansibot
added
needs_rebase
|
Closing as have migrated changes to new PR #35540 |
SUMMARY
As advised by @ryansb in PR #24292 this comprises the origin access identity component of the cloudfront module additions.
ISSUE TYPE
COMPONENT NAME
lib/ansible/modules/cloud/amazon/cloudfront_origin_access_identity.py
ANSIBLE VERSION
ADDITIONAL INFORMATION