[cloudtrail] Only pass extra create_trail options if set in module params (#34745)

* Fixes #34700, only passes extra create_trail options when explicitly set
2024-09-14 20:13:21 +02:00 · 2018-01-16 13:45:01 +00:00 · 2018-01-16 13:45:01 +00:00 · 92b3d79283
commit 92b3d79283
parent a727930f07
1 changed files with 7 additions and 9 deletions
--- a/lib/ansible/modules/cloud/amazon/cloudtrail.py
+++ b/lib/ansible/modules/cloud/amazon/cloudtrail.py
@ -62,7 +62,6 @@ options:
    description:
      - Specifies whether log file integrity validation is enabled.
      - CloudTrail will create a hash for every log file delivered and produce a signed digest file that can be used to ensure log files have not been tampered.
-    default: false
    version_added: "2.4"
    aliases: [ "log_file_validation_enabled" ]
  include_global_events:
@ -444,7 +443,7 @@ def main():
        s3_key_prefix=dict(),
        sns_topic_name=dict(),
        is_multi_region_trail=dict(default=False, type='bool'),
-        enable_log_file_validation=dict(default=False, type='bool', aliases=['log_file_validation_enabled']),
+        enable_log_file_validation=dict(type='bool', aliases=['log_file_validation_enabled']),
        include_global_events=dict(default=True, type='bool', aliases=['include_global_service_events']),
        cloudwatch_logs_role_arn=dict(),
        cloudwatch_logs_log_group_arn=dict(),
@ -472,12 +471,6 @@ def main():
        S3BucketName=module.params['s3_bucket_name'],
        IncludeGlobalServiceEvents=module.params['include_global_events'],
        IsMultiRegionTrail=module.params['is_multi_region_trail'],
-        EnableLogFileValidation=module.params['enable_log_file_validation'],
-        S3KeyPrefix='',
-        SnsTopicName='',
-        CloudWatchLogsRoleArn='',
-        CloudWatchLogsLogGroupArn='',
-        KmsKeyId=''
    )

    if module.params['s3_key_prefix']:
@ -492,6 +485,9 @@ def main():
    if module.params['cloudwatch_logs_log_group_arn']:
        ct_params['CloudWatchLogsLogGroupArn'] = module.params['cloudwatch_logs_log_group_arn']

+    if module.params['enable_log_file_validation'] is not None:
+        ct_params['EnableLogFileValidation'] = module.params['enable_log_file_validation']
+
    if module.params['kms_key_id']:
        ct_params['KmsKeyId'] = module.params['kms_key_id']

@ -599,7 +595,9 @@ def main():
                pass
            trail = dict()
            trail.update(ct_params)
-            trail['LogFileValidationEnabled'] = ct_params['EnableLogFileValidation']
+            if 'EnableLogFileValidation' not in ct_params:
+                ct_params['EnableLogFileValidation'] = False
+            trail['EnableLogFileValidation'] = ct_params['EnableLogFileValidation']
            trail.pop('EnableLogFileValidation')
            fake_arn = 'arn:aws:cloudtrail:' + region + ':' + acct_id + ':trail/' + ct_params['Name']
            trail['HasCustomEventSelectors'] = False