Merge pull request #2428 from ansible-collections/patchback/backports/stable-9/86b9182767c67b32627c3aeafc727ac582bebf21/pr-2391

[PR #2391/86b91827 backport][stable-9] cloudformation: Fix bug when updating stack's termination_protection with create_changeset set

Author: hakbailey

changelogs/fragments/2391-cloudformation-update-stack-termination_protection.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - cloudformation - Fix bug where termination protection is not updated when create_changeset=true is used for stack updates (https://github.com/ansible-collections/amazon.aws/pull/2391).

plugins/modules/cloudformation.py

@@ -514,6 +514,7 @@ def update_stack(module, stack_params, cfn, events_limit):
 
 def update_termination_protection(module, cfn, stack_name, desired_termination_protection_state):
     """updates termination protection of a stack"""
+    changed = False
     stack = get_stack_facts(module, cfn, stack_name)
     if stack:
         if stack["EnableTerminationProtection"] is not desired_termination_protection_state:
@@ -523,8 +524,10 @@ def update_termination_protection(module, cfn, stack_name, desired_termination_p
                     EnableTerminationProtection=desired_termination_protection_state,
                     StackName=stack_name,
                 )
+                changed = True
             except botocore.exceptions.ClientError as e:
                 module.fail_json_aws(e)
+    return changed
 
 
 def stack_operation(module, cfn, stack_name, operation, events_limit, op_token=None):
@@ -779,14 +782,17 @@ def main():
     if state == "present":
         if not stack_info:
             result = create_stack(module, stack_params, cfn, module.params.get("events_limit"))
-        elif module.params.get("create_changeset"):
-            result = create_changeset(module, stack_params, cfn, module.params.get("events_limit"))
         else:
+            changeset_updated = False
+            if module.params.get("create_changeset"):
+                result = create_changeset(module, stack_params, cfn, module.params.get("events_limit"))
+                changeset_updated = True
             if module.params.get("termination_protection") is not None:
-                update_termination_protection(
+                result["changed"] = update_termination_protection(
                     module, cfn, stack_params["StackName"], bool(module.params.get("termination_protection"))
                 )
-            result = update_stack(module, stack_params, cfn, module.params.get("events_limit"))
+            if not changeset_updated:
+                result = update_stack(module, stack_params, cfn, module.params.get("events_limit"))
 
         # format the stack output
 

tests/integration/targets/cloudformation/defaults/main.yml

@@ -2,6 +2,7 @@
 stack_name: "{{ resource_prefix }}"
 stack_name_disable_rollback_true: "{{ resource_prefix }}-drb-true"
 stack_name_disable_rollback_false: "{{ resource_prefix }}-drb-false"
+stack_name_update_termination_protection: "{{ resource_prefix }}-update-tp"
 
 availability_zone: "{{ ec2_availability_zone_names[0] }}"