-
Notifications
You must be signed in to change notification settings - Fork 23.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New module: manage Amazon CloudFront origin access identities (cloud/amazon/cloudfront_origin_access_identity) #24568
Conversation
argument_spec.update(dict( | ||
state=dict(choices=['present', 'updated', 'absent'], default='present'), | ||
origin_access_identity_id=dict(required=True, default=None, type='str'), | ||
caller_reference=dict(required=False, default=None, type='str'), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This parameter isn't documented.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added to doc
|
||
from ansible.module_utils.ec2 import get_aws_connection_info, ec2_argument_spec | ||
from ansible.module_utils.ec2 import boto3_conn, HAS_BOTO3 | ||
from ansible.modules.cloud.amazon.cloudfront_distribution import CloudFrontHelpers |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To share code between modules, please use module_utils instead of importing other modules directly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
def delete_origin_access_identity(self, origin_access_identity_id, e_tag): | ||
try: | ||
func = partial(self.client.delete_cloud_front_origin_access_identity, | ||
Id=origin_access_identity_id, IfMatch=e_tag) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This isn't ever going to be paginated. docs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no - removed
'CallerReference': caller_reference, | ||
'Comment': comment | ||
}) | ||
return self.paginated_response(func) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Create/update/delete calls aren't paginated in boto3. Are you using this pagination function for other error handling as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
removed paginated - was only using to pop ResponseMetadata which have added back
'Comment': comment | ||
}, | ||
Id=origin_access_identity_id, IfMatch=e_tag) | ||
return self.paginated_response(func) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same
# - cloudfront_origin_access_identity | ||
|
||
|
||
class CloudFrontHelpers: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This really doesn't need to be an object - I'd prefer to have from module_utils.cloudfront import helpers
to instantiating a class.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
pass | ||
|
||
|
||
class CloudFrontOriginAccessIdentityServiceManager: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs to be class CloudFrontOriginAccessIdentityServiceManager(object):
to use new-style 2.7 classes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
With cloudfront_distribution I updated it to just create an origin access identity when needed - do you think there's a need for a separate management of OAI? |
@willthames probably not unless there is a compelling use case for it. |
return dictionary | ||
|
||
|
||
def snake_dict_to_pascal_dict(snake_dict): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
snake_dict_to_camel_dict now takes the parameter capitalize_first
and camel_dict_to_snake_dict takes reversible
so those can be used instead these pascal functions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this file is no longer required as it is now in ansible/module_utils/ec2.py
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i might just open a new PR for this and only keep the origin_access_identity file as the rebase is going to be a nightmare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, whatever is easiest. I'm sorry about the rebase nightmare.
@@ -238,8 +238,8 @@ | |||
pass # will be caught by imported HAS_BOTO3 | |||
|
|||
|
|||
class CloudFrontServiceManager: | |||
"""Handles CloudFront Services""" | |||
class CloudFrontFactsServiceManager: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be a new style class CloudFrontFactsServiceManager(object)
#!/usr/bin/python | ||
# This file is part of Ansible | ||
# | ||
# Ansible is free software: you can redistribute it and/or modify |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The copyright can be updated: http://docs.ansible.com/ansible/latest/dev_guide/developing_modules_documenting.html#copyright
CloudFrontFactsServiceManager) | ||
import ansible.module_utils.cloudfront as helpers | ||
from ansible.module_utils.ec2 import camel_dict_to_snake_dict | ||
from ansible.module_utils.basic import AnsibleModule |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would be better if AnsibleAWSModule was used instead of AnsibleModule because the exception handling is better (and cloudfront_distribution is using it). To import: from ansible.module_utils.aws.core import AnsibleAWSModule
Instead of using e.response and str(e) yourself, you can call
except (ClientError, BotoCoreError) as e:
module.fail_json_aws(e, msg="Unable to <thing that failed>")
and it formats the exception by using e.message if it exists or str(e) and uses e.response only if it exists.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using AnsibleAWSModule also means you can remove importing HAS_BOTO3 and the HAS_BOTO3 check, as the module checks it.
self.client = boto3_conn( | ||
self.module, conn_type='client', resource=resource, | ||
region=region, endpoint=ec2_url, **aws_connect_kwargs) | ||
except botocore.exceptions.NoRegionError: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
boto3_conn() now handles NoRegionError and ClientError so you can remove that here.
'CallerReference': caller_reference, | ||
'Comment': comment | ||
}) | ||
except botocore.exceptions.ClientError as e: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BotoCoreError should be caught here as well and all other places catching ClientError https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/cloud/amazon/GUIDELINES.md#boto3-1
BotoCoreError does not have a .response, so using AnsibleAWSModule will cut down on exception handling logic as I suggested above.
argument_spec.update(dict( | ||
state=dict(choices=['present', 'absent'], default='present'), | ||
origin_access_identity_id=dict(required=False, default=None, | ||
type='str'), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
type='str'
is the default so you can remove that. default=None
and required=False
are also defaults that can be removed.
else: | ||
result = service_mgr.create_origin_access_identity( | ||
caller_reference, comment) | ||
changed = True |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like this module is not idempotent. Running the same task twice with state: present
or state: absent
will show changed every time.
origin_access_identity_id, e_tag) | ||
changed = True | ||
|
||
if result: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you can just do result.pop('ResponseMetadata', None)
and then call module.exit_json with result
11540fc
to
743c116
Compare
…w ok instead of changed when deleting same oai multiple times
…so made always present for add and update
1d82a78
to
0dac57c
Compare
Closing as have migrated changes to new PR #35540 |
SUMMARY
As advised by @ryansb in PR #24292 this comprises the origin access identity component of the cloudfront module additions.
ISSUE TYPE
COMPONENT NAME
lib/ansible/modules/cloud/amazon/cloudfront_origin_access_identity.py
ANSIBLE VERSION
ADDITIONAL INFORMATION