community.aws
community.aws copied to clipboard
[aws_acm_info] DomainValidationOptions.ResourceRecord not Available in Response
SUMMARY
When requesting for a certificate using the acm AWS module, there's an option to use either email validation or DNS validation.
When the DNS option is chosen, the describe certificate
response is expected to have a ResourceRecord
field, which has details of what to configure to allow domain validation (see "ResourceRecord" in the official AWS documentation).
However, this field is not available in the response from the community.aws.aws_acm_info
module.
ISSUE TYPE
- ~Bug Report~ Documentation Report (Ref to comment below: https://github.com/ansible-collections/community.aws/issues/321#issuecomment-740442194)
COMPONENT NAME
community.aws.aws_acm_info
ANSIBLE VERSION
ansible 2.10.3
config file = None
configured module search path = ['/path/to/home/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/Cellar/ansible/2.10.3/libexec/lib/python3.9/site-packages/ansible
executable location = /usr/local/bin/ansible
python version = 3.9.0 (default, Nov 14 2020, 10:50:03) [Clang 12.0.0 (clang-1200.0.32.27)]
CONFIGURATION
(empty output)
OS / ENVIRONMENT
- Running on macOS 11.0.1.
- Using local connection
STEPS TO REPRODUCE
- Request for a certificate from AWS ACM, and note the ARN (you may have to create this outside of this Ansible, using the
aws
CLI. - Use the ARN from step 1 to fetch information using
community.aws.aws_acm_info
module, and output it
# Task to request certificate via shell command (requires `aws` CLI)
- name: "Request for Certificate on ACM"
shell: |
aws acm request-certificate --domain-name "{{ domain_name }}" --validation-method "DNS"
environment:
AWS_ACCESS_KEY_ID: "{{ acm_aws_access_key }}"
AWS_SECRET_ACCESS_KEY: "{{ acm_aws_secret_key }}"
AWS_REGION: "{{ aws_default_region }}"
register: request_cert_result
# Inspect successful result
- name: "Inspect successful certificate result"
set_fact:
request_certificate_output: "{{ request_cert_result['stdout'] | from_json }}"
when:
request_cert_result is not failed
# Fetch certificate info
- name: "Fetch Certificate Information"
community.aws.aws_acm_info:
aws_access_key: "{{ acm_aws_access_key }}"
aws_secret_key: "{{ acm_aws_secret_key }}"
aws_region: "{{ aws_default_region }}"
certificate_arn: "{{ request_certificate_output.CertificateArn }}"
EXPECTED RESULTS
- Expected the output of "Fetch Certificate Information" to have a
Resource Record
field (similar to what's there for theaws describe-certificate
command. (Seeaws describe-certificate
response in screenshot below):
ACTUAL RESULTS
- Output did not have Resource Record field
See output in screenshot
Update: Noticed that the resource_record
value becomes available in the response if the query is ran a few seconds later (possible because AWS takes some time to create the DNS record required for validation?)
We may only need to update the documentation for this module to:
- Include details about the resource record field
- Note that the
resource_record
field may not be available immediately after creating a certificate
Hi @muya,
Would you like to push a PR to improve the documentation as you suggested? Otherwise can we close the issue?
Hi @muya,
Would you like to push a PR to improve the documentation as you suggested? Otherwise can we close the issue?
@goneri I'm definitely up for doing this when I get some time ✅