aws_kms: Support setting PendingWindowInDays (Deletion Delay) and fix tests #200
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tremble
force-pushed
the
aws_kms/deletion_delay
branch
from
3a9baf2 to
e972386
Compare
|
The test |
ansibullbot
added
affects_2.10
bug
tremble
changed the title
tremble
force-pushed
the
aws_kms/deletion_delay
branch
from
e972386 to
76d0eab
Compare
tremble
changed the title
tremble
force-pushed
the
aws_kms/deletion_delay
branch
3 times, most recently
from
f249322 to
e1ed61b
Compare
|
@jillr I've got this one running under CI now. Some minor bugs needed fixing. There's some instability in the tests, which seem to be related to doing things like re-updating policies quickly after an update. I think the value of getting these tests in place outweighs waiting until we've ironed all of the flakes out, so I've marked the tests 'unstable' so they're at least run when someone submits a KMS change. |
tremble
force-pushed
the
aws_kms/deletion_delay
branch
from
e1ed61b to
4c8df40
Compare
ansibullbot
added
community_review
and removed
needs_revision
tremble
force-pushed
the
aws_kms/deletion_delay
branch
from
4c8df40 to
807d178
Compare
… key rotation status
Use it in test suite (filters are done client side and are SLOW)
tremble
force-pushed
the
aws_kms/deletion_delay
branch
from
28c86c7 to
544d251
Compare
jillr
reviewed
Feb 10, 2021
tremble
commented
Feb 10, 2021
jillr
approved these changes
Feb 10, 2021
ethemcemozkan
pushed a commit
to ethemcemozkan/community.aws
that referenced
this pull request
Feb 18, 2021
… tests (ansible-collections#200) * Ensure we can still update / delete KMS keys when we can't access the key rotation status * Fix and enable KMS tests * Add support for setting the deletion schedule window * Ignore failures during cleanup * changelog * Change role name to match those permitted by CI policies * Split imports - easier to rebase * Make sure key rotation enable/disable errors don't drop through to main() * Allow STS principals as well as IAM principals * Add support for direct lookup by alias/id Use it in test suite (filters are done client side and are SLOW) * Ensure we don't throw an exception when a tag doesn't exist * Add docs * changelog * Flag aws_kms tests as unstable * lint fixups * Consistently handle 'UnsupportedOperationException' on key rotation * Update version added * Allow a little flexibility for deletion times * Update version_added
alinabuzachis
pushed a commit
to alinabuzachis/community.aws
that referenced
this pull request
Jul 19, 2021
… tests (ansible-collections#200) * Ensure we can still update / delete KMS keys when we can't access the key rotation status * Fix and enable KMS tests * Add support for setting the deletion schedule window * Ignore failures during cleanup * changelog * Change role name to match those permitted by CI policies * Split imports - easier to rebase * Make sure key rotation enable/disable errors don't drop through to main() * Allow STS principals as well as IAM principals * Add support for direct lookup by alias/id Use it in test suite (filters are done client side and are SLOW) * Ensure we don't throw an exception when a tag doesn't exist * Add docs * changelog * Flag aws_kms tests as unstable * lint fixups * Consistently handle 'UnsupportedOperationException' on key rotation * Update version added * Allow a little flexibility for deletion times * Update version_added
alinabuzachis
pushed a commit
to alinabuzachis/community.aws
that referenced
this pull request
Jul 19, 2021
… tests (ansible-collections#200) * Ensure we can still update / delete KMS keys when we can't access the key rotation status * Fix and enable KMS tests * Add support for setting the deletion schedule window * Ignore failures during cleanup * changelog * Change role name to match those permitted by CI policies * Split imports - easier to rebase * Make sure key rotation enable/disable errors don't drop through to main() * Allow STS principals as well as IAM principals * Add support for direct lookup by alias/id Use it in test suite (filters are done client side and are SLOW) * Ensure we don't throw an exception when a tag doesn't exist * Add docs * changelog * Flag aws_kms tests as unstable * lint fixups * Consistently handle 'UnsupportedOperationException' on key rotation * Update version added * Allow a little flexibility for deletion times * Update version_added
danielcotton
pushed a commit
to danielcotton/community.aws
that referenced
this pull request
Nov 23, 2021
… tests (ansible-collections#200) * Ensure we can still update / delete KMS keys when we can't access the key rotation status * Fix and enable KMS tests * Add support for setting the deletion schedule window * Ignore failures during cleanup * changelog * Change role name to match those permitted by CI policies * Split imports - easier to rebase * Make sure key rotation enable/disable errors don't drop through to main() * Allow STS principals as well as IAM principals * Add support for direct lookup by alias/id Use it in test suite (filters are done client side and are SLOW) * Ensure we don't throw an exception when a tag doesn't exist * Add docs * changelog * Flag aws_kms tests as unstable * lint fixups * Consistently handle 'UnsupportedOperationException' on key rotation * Update version added * Allow a little flexibility for deletion times * Update version_added
alinabuzachis
pushed a commit
to alinabuzachis/community.aws
that referenced
this pull request
May 25, 2022
* ec2_vpc_subnet_info integration tests
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SUMMARY
Adds support for setting
pending_window(the number of days a CMK will sit waiting to be deleted.Fixes failures when we don't have the GetKeyRotationStatus permission
Fixes integration tests and marks them supported
ISSUE TYPE
COMPONENT NAME
aws_kms
ADDITIONAL INFORMATION
Writing tests for #199 highlighted that aws_kms also handled missing 'Get' permissions poorly, follow up and handle them better.
Pending mattclay/aws-terminator#106 for CI permissions