acm.py fails if DomainName is not set or is invalid

[poblahblahblah]

Summary

Some background: I am working on adding multiple pre-existing Root CA Certificates to ACM as part of a project to consolidate where we store our Root CA Certificates and how we access them. Some of these Root CA Certificates have existed for a few years and it would be difficult to reissue them.

One of these Root CA Certificates has the domain_name field set to -. OpenSSL apparently allowed us to do this and ACM allows us to import the Certificate and it appears in the console to be valid according to ACM. Once this Certificate is pushed to ACM, however, all calls to ACM through acm.py fail:

The full traceback is:
Traceback (most recent call last):
  File "/Users/patrick.obrien/.ansible/tmp/ansible-tmp-1733170307.146708-86769-260028618068534/AnsiballZ_acm_certificate_info.py", line 259, in <module>
    _ansiballz_main()
  File "/Users/patrick.obrien/.ansible/tmp/ansible-tmp-1733170307.146708-86769-260028618068534/AnsiballZ_acm_certificate_info.py", line 249, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File "/Users/patrick.obrien/.ansible/tmp/ansible-tmp-1733170307.146708-86769-260028618068534/AnsiballZ_acm_certificate_info.py", line 122, in invoke_module
    runpy.run_module(mod_name='ansible_collections.community.aws.plugins.modules.acm_certificate_info', init_globals=dict(_module_fqn='ansible_collections.community.aws.plugins.modules.acm_certificate_info', _modlib_path=modlib_path),
  File "<frozen runpy>", line 226, in run_module
  File "<frozen runpy>", line 98, in _run_module_code
  File "<frozen runpy>", line 88, in _run_code
  File "/var/folders/b_/g8013x3x61sf7_xdz1w2_9z80000gq/T/ansible_community.aws.acm_certificate_info_payload_xffbwfii/ansible_community.aws.acm_certificate_info_payload.zip/ansible_collections/community/aws/plugins/modules/acm_certificate_info.py", line 303, in <module>
  File "/var/folders/b_/g8013x3x61sf7_xdz1w2_9z80000gq/T/ansible_community.aws.acm_certificate_info_payload_xffbwfii/ansible_community.aws.acm_certificate_info_payload.zip/ansible_collections/community/aws/plugins/modules/acm_certificate_info.py", line 287, in main
  File "/var/folders/b_/g8013x3x61sf7_xdz1w2_9z80000gq/T/ansible_community.aws.acm_certificate_info_payload_xffbwfii/ansible_community.aws.acm_certificate_info_payload.zip/ansible_collections/amazon/aws/plugins/module_utils/acm.py", line 163, in get_certificates
  File "/var/folders/b_/g8013x3x61sf7_xdz1w2_9z80000gq/T/ansible_community.aws.acm_certificate_info_payload_xffbwfii/ansible_community.aws.acm_certificate_info_payload.zip/ansible_collections/amazon/aws/plugins/module_utils/acm.py", line 157, in _filter_certificate
KeyError: 'DomainName'

The issue goes away if line 193 (https://github.com/ansible-collections/amazon.aws/blob/main/plugins/module_utils/acm.py#L193) is updated to remove the reference to DomainName.

I suspect that this Certificate's domain name is invalid, yet the ACM console has no issues importing, displaying, or pulling the Certificate once line 193 has been updated.

Issue Type

Bug Report

Component Name

acm.py

Ansible Version

$ ansible --version
ansible [core 2.17.4]
  config file = /Users/patrick.obrien/ttdsrc/ttd/kpop/stray-cluster/ansible.cfg
  configured module search path = ['/Users/patrick.obrien/ttdsrc/ttd/kpop/stray-cluster/library']
  ansible python module location = /Users/patrick.obrien/.local/share/mise/installs/python/3.12/lib/python3.12/site-packages/ansible
  ansible collection location = /Users/patrick.obrien/.ansible/collections:/usr/share/ansible/collections
  executable location = /Users/patrick.obrien/.local/share/mise/installs/python/3.12/bin/ansible
  python version = 3.12.6 (main, Sep  9 2024, 21:36:32) [Clang 18.1.8 ] (/Users/patrick.obrien/.local/share/mise/installs/python/3.12/bin/python3.12)
  jinja version = 3.1.4
  libyaml = True

Collection Versions

$ ansible-galaxy collection list

# /Users/patrick.obrien/.ansible/collections/ansible_collections
Collection                               Version
---------------------------------------- -------
amazon.aws                               9.0.0
ansible.utils                            2.10.3
community.aws                            9.0.0
kubernetes.core                          2.4.0

AWS SDK versions

$  ~/s/t/k/stray-cluster> pip show boto boto3 botocore
WARNING: Package(s) not found: boto
Name: boto3
Version: 1.35.72
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /Users/patrick.obrien/.local/share/mise/installs/python/3.12/lib/python3.12/site-packages
Requires: botocore, jmespath, s3transfer
Required-by:
---
Name: botocore
Version: 1.35.72
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /Users/patrick.obrien/.local/share/mise/installs/python/3.12/lib/python3.12/site-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: boto3, s3transfer

Configuration

$ ansible-config dump --only-changed

OS / Environment

MacOS

Steps to Reproduce

First you need to import a Certificate into ACM with the domain name set to -.

Next, the following task should fail:

- name: Check if Primary Root CA exists in ACM
  community.aws.acm_certificate_info:
    region: "{{ certificate_details.region }}"
    tags:
      cluster: foobar
      role: primary
  register: existing_primary_ca

Expected Results

I would not expect a KeyError.

Actual Results

I pasted this above.

Code of Conduct

• I agree to follow the Ansible Code of Conduct