ecs_ecr -- Return repository policy if it exists, even if we did not … #1171

karcadia · 2022-05-26T22:46:21Z

Return repository policy if it exists, even if we did not create or modify it.

SUMMARY

Existing behavior will only print the ECR repo (permissions) policy if we just created/edited that policy. There is no way to just pull the existing policy and use it in a subsequent task.

New behavior will print the existing ECR repo policy information if it exists, even if we did not just create/edit that policy.

ISSUE TYPE

Feature Pull Request

COMPONENT NAME

ecs_ecr -- run function

ADDITIONAL INFORMATION

Given the scenario that my ECR repo already exists and already has a permissions policy on it. I would like to use ansible to retrieve that policy.
Today this module will only return the policy as part of the return object if we are telling the module to create or edit the policy.
After merging, the module will create the policy if it was defined, or update the policy if needed, and if neither of those were defined (else) we will check for an existing permissions policy and add it to the return object.

Given the example tasks:
- name: Pull the existing permissions policy for the ECR repo.
      community.aws.ecs_ecr:
        region: "{{ AWS_REGION }}"
        aws_access_key: "{{ survey_access_key_id }}"
        aws_secret_key: "{{ survey_secret_access_key }}"
        aws_security_token: "{{ survey_session_token }}"
        validate_certs: False
        name: 'example/nginx'
      register: ecr_repo_info

    - name: debug
      debug:
        msg: "{{ ecr_repo_info }}"

Here is the current behavior:
ASK [debug] *********************************************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "msg": {
        "changed": false,
        "created": false,
        "failed": false,
        "repository": {
            "createdAt": "2022-05-19T11:15:49-05:00",
            "encryptionConfiguration": {
                "encryptionType": "AES256"
            },
            "imageScanningConfiguration": {
                "scanOnPush": false
            },
            "imageTagMutability": "MUTABLE",
            "registryId": "12345",
            "repositoryArn": "arn:aws:ecr:us-east-1:123456789:repository/example/nginx",
            "repositoryName": "example/nginx",
            "repositoryUri": "123456789.dkr.ecr.us-east-1.amazonaws.com/example/nginx"
        },
        "state": "present"
    }
}

And here is the post-merge output:
ASK [debug] *********************************************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "msg": {
        "changed": false,
        "created": false,
        "failed": false,
        "policy": {
            "Statement": [
                {
                    "Action": [
                        "ecr:GetDownloadUrlForLayer",
                        "ecr:BatchGetImage",
                        "ecr:BatchCheckLayerAvailability",
                        "ecr:ListImages",
                        "ecr:DescribeImages",
                        "ecr:DescribeRepositories"
                    ],
                    "Effect": "Allow",
                    "Principal": {
                        "AWS": "arn:aws:iam::12345678:root"
                    },
                    "Sid": "Allow managed accounts to access this repo."
                }
            ],
            "Version": "2008-10-17"
        },
        "repository": {
            "createdAt": "2022-05-19T11:15:49-05:00",
            "encryptionConfiguration": {
                "encryptionType": "AES256"
            },
            "imageScanningConfiguration": {
                "scanOnPush": false
            },
            "imageTagMutability": "MUTABLE",
            "registryId": "12345",
            "repositoryArn": "arn:aws:ecr:us-east-1:123456789:repository/example/nginx",
            "repositoryName": "example/nginx",
            "repositoryUri": "123456789.dkr.ecr.us-east-1.amazonaws.com/example/nginx"
        },
        "state": "present"
    }
}

ansibullbot · 2022-05-26T22:49:19Z

cc @jillr @leedm777 @markuman @s-hertel @tremble
click here for bot help

github-actions · 2022-05-26T22:51:23Z

Docs Build 📝

Thank you for contribution!✨

This PR has been merged and your docs changes will be incorporated when they are next published.

softwarefactory-project-zuul · 2022-05-26T23:05:00Z

Build succeeded.

plugins/modules/ecs_ecr.py

markuman

I'm okey with that change. An ecs_ecr_info module would be also helpful in the future.

If an iam policy should also be transformed to snake_dict, must be discussed first.

Otherwise it LGTM. Just a changelog fragment is missing.

ansibullbot · 2022-05-27T14:11:24Z

@karcadia this PR contains the following merge commits:

c52c244

Please rebase your branch to remove these commits.

click here for bot help

softwarefactory-project-zuul · 2022-05-27T14:26:14Z

Build failed.

ansibullbot · 2022-05-27T14:44:15Z

@karcadia this PR contains the following merge commits:

Please rebase your branch to remove these commits.

click here for bot help

softwarefactory-project-zuul · 2022-05-27T15:13:35Z

Build succeeded.

karcadia

Trying to clear the needs_revision tag.

The changelog fragment has been added.
I accepted the change for the added in version 4.0.
There was a discussion around casing but I didn't see a specific action item so should be ready for review. Thanks.

plugins/modules/ecs_ecr.py

softwarefactory-project-zuul · 2022-06-02T15:33:41Z

Build succeeded.

alinabuzachis

@karcadia Thank you. LGTM!

…create or modify it. Return repository policy if it exists, even if we did not create or modify it.

Co-authored-by: Markus Bergholz <git@osuv.de>

Co-authored-by: Alina Buzachis <abuzachis@redhat.com>

I(state=present) I(state=absent) The i is for italics.

softwarefactory-project-zuul · 2022-06-03T18:20:28Z

Build succeeded.

softwarefactory-project-zuul · 2022-06-04T06:43:36Z

Build succeeded (gate pipeline).

ansibullbot added community_review feature This issue/PR relates to a feature request module module needs_triage new_contributor Help guide this first time contributor plugins plugin (any type) labels May 26, 2022

markuman reviewed May 27, 2022

View reviewed changes

plugins/modules/ecs_ecr.py Outdated Show resolved Hide resolved

markuman reviewed May 27, 2022

View reviewed changes

plugins/modules/ecs_ecr.py Show resolved Hide resolved

markuman requested changes May 27, 2022

View reviewed changes

ansibullbot added needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR and removed community_review labels May 27, 2022

karcadia force-pushed the main branch from ed4c59d to ebebe75 Compare May 27, 2022 14:56

ansibullbot added community_review and removed merge_commit This PR contains at least one merge commit. Please resolve! needs_rebase https://docs.ansible.com/ansible/devel/dev_guide/developing_rebasing.html labels May 27, 2022

ansibullbot added needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR and removed community_review labels May 27, 2022

karcadia commented May 27, 2022

View reviewed changes

karcadia requested a review from markuman May 27, 2022 18:33

markuman reviewed May 30, 2022

View reviewed changes

plugins/modules/ecs_ecr.py Outdated Show resolved Hide resolved

ansibullbot added community_review and removed new_contributor Help guide this first time contributor labels Jun 2, 2022

ansibullbot added needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR and removed community_review labels Jun 2, 2022

markuman approved these changes Jun 3, 2022

View reviewed changes

markuman requested a review from alinabuzachis June 3, 2022 09:08

ansibullbot added community_review and removed needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR labels Jun 3, 2022

alinabuzachis approved these changes Jun 3, 2022

View reviewed changes

karcadia and others added 13 commits June 3, 2022 13:01

ecs_ecr -- Return repository policy if it exists, even if we did not …

4b12ac6

…create or modify it. Return repository policy if it exists, even if we did not create or modify it.

Add a changelog fragment to 1171.

f57c296

Update plugins/modules/ecs_ecr.py

c3488a7

Co-authored-by: Markus Bergholz <git@osuv.de>

Punctuation.

52bd22b

Co-authored-by: Alina Buzachis <abuzachis@redhat.com>

Add integration tests for pulling and printing policy

db925e1

Dropped some quotes.

a92179b

Add integration tests for pulling and printing policy

c717747

Dropped some quotes.

2079878

Follow a standard for Returned formatting.

ef7da7e

I(state=present) I(state=absent) The i is for italics.

Add integration tests for pulling and printing policy

4f8773c

Dropped some quotes.

b7a0624

Add integration tests for pulling and printing policy

99a8307

Dropped some quotes.

38643cc

karcadia force-pushed the main branch from c16046f to 38643cc Compare June 3, 2022 18:01

markuman added the mergeit Merge the PR (SoftwareFactory) label Jun 4, 2022

ansibullbot removed the needs_triage label Jun 4, 2022

softwarefactory-project-zuul bot merged commit 24c3df8 into ansible-collections:main Jun 4, 2022

renovate bot mentioned this pull request Jun 24, 2022

chore(deps): update dependency community.aws to v4 linxside/ansible-ee#34

Merged

1 task

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ecs_ecr -- Return repository policy if it exists, even if we did not … #1171

ecs_ecr -- Return repository policy if it exists, even if we did not … #1171

karcadia commented May 26, 2022 •

edited

Loading

ansibullbot commented May 26, 2022

github-actions bot commented May 26, 2022 •

edited

Loading

softwarefactory-project-zuul bot commented May 26, 2022

markuman left a comment

ansibullbot commented May 27, 2022

softwarefactory-project-zuul bot commented May 27, 2022

ansibullbot commented May 27, 2022

softwarefactory-project-zuul bot commented May 27, 2022

karcadia left a comment

softwarefactory-project-zuul bot commented Jun 2, 2022

alinabuzachis left a comment

softwarefactory-project-zuul bot commented Jun 3, 2022

softwarefactory-project-zuul bot commented Jun 4, 2022

ecs_ecr -- Return repository policy if it exists, even if we did not … #1171

ecs_ecr -- Return repository policy if it exists, even if we did not … #1171

Conversation

karcadia commented May 26, 2022 • edited Loading

SUMMARY

ISSUE TYPE

COMPONENT NAME

ADDITIONAL INFORMATION

ansibullbot commented May 26, 2022

github-actions bot commented May 26, 2022 • edited Loading

Docs Build 📝

softwarefactory-project-zuul bot commented May 26, 2022

markuman left a comment

Choose a reason for hiding this comment

ansibullbot commented May 27, 2022

softwarefactory-project-zuul bot commented May 27, 2022

ansibullbot commented May 27, 2022

softwarefactory-project-zuul bot commented May 27, 2022

karcadia left a comment

Choose a reason for hiding this comment

softwarefactory-project-zuul bot commented Jun 2, 2022

alinabuzachis left a comment

Choose a reason for hiding this comment

softwarefactory-project-zuul bot commented Jun 3, 2022

softwarefactory-project-zuul bot commented Jun 4, 2022

karcadia commented May 26, 2022 •

edited

Loading

github-actions bot commented May 26, 2022 •

edited

Loading