Add Support for Updating in iam_server_certificate by Deleting and Creating #2105
Conversation
Docs Build 📝Thank you for contribution!✨ The docsite for this PR is available for download as an artifact from this run: You can compare to the docs for the File changes:
Click to see the diff comparison.NOTE: only file modifications are shown here. New and deleted files are excluded. diff --git a/home/runner/work/community.aws/community.aws/docsbuild/base/collections/community/aws/iam_server_certificate_module.html b/home/runner/work/community.aws/community.aws/docsbuild/head/collections/community/aws/iam_server_certificate_module.html
index 192fbf1..c039d3f 100644
--- a/home/runner/work/community.aws/community.aws/docsbuild/base/collections/community/aws/iam_server_certificate_module.html
+++ b/home/runner/work/community.aws/community.aws/docsbuild/head/collections/community/aws/iam_server_certificate_module.html
@@ -159,6 +159,7 @@ see <a class="reference internal" href="#ansible-collections-community-aws-iam-s
<h2><a class="toc-backref" href="#id1" role="doc-backlink">Synopsis</a><a class="headerlink" href="#synopsis" title="Link to this heading"></a></h2>
<ul class="simple">
<li><p>Allows for the management of IAM server certificates.</p></li>
+<li><p>If a certificate already exists matching the name, but the certificate or chain is different, the certificate will be deleted and recreated. This will result in the same <em>ServerCertificateName</em> and <em>Arn</em>, but the <em>ServerCertificateId</em> may be different.</p></li>
</ul>
</section>
<section id="requirements">
|
|
Build failed. ✔️ ansible-galaxy-importer SUCCESS in 4m 16s (non-voting) |
There was a problem hiding this comment.
Hi @andrewjroth,
Thanks for taking the time to submit this PR.
- Please could you add an integration test (tests/integration/targets/iam_server_certificate)
- please add a changelog entry https://docs.ansible.com/ansible/latest/community/development_process.html#changelogs-how-to
- This feels like the type of change that could cause pain for anyone relying on "fail" behaviour, especially since the cert ID changes. I think it might be better to add a parameter to "force" the delete/create behaviour, we can default this to false, for now with a deprecation warning that it'll switch to true once the deprecation period has passed (2 years, but as long as the deprecation is there our automation should flag it rather than expecting you to remember to come back.)
SUMMARY
This PR relies on #2104 fixing the certificate comparison. Please merge #2104 first.
Previously, changes to the certificate would fail because the module does not support modifications. This change allows for updates by deleting the existing certificate before creating it again. While AWS does not support updating the certificate in-place, it can be supported by delete and replace.
Because this addresses a previously failed scenario, I don't believe this will break any existing usage. The newly created certificate will have the same name and ARN as the previous certificate, meaning it can continue to be referenced the same. The AWS-assigned random ID number will change, but this value is returned in the result from the module so that any downstream usage of the ID will necessarily have a different value and will update accordingly.
ISSUE TYPE
COMPONENT NAME
iam_server_certificate