Last active
March 21, 2017 09:09
-
-
Save romanrev/8bacbad568ced64754de7f9ca8f6df16 to your computer and use it in GitHub Desktop.
Ansible 1.9.6 STS assume role backport patch - PR #2421 and #3347 - use connect_to_aws everywhere possible
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/cloudformation.py ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/cloudformation.py | |
| index 1da173e..3fe8136 100644 | |
| --- ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/cloudformation.py | |
| +++ ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/cloudformation.py | |
| @@ -75,20 +75,6 @@ options: | |
| default: null | |
| aliases: [] | |
| version_added: "1.4" | |
| - aws_secret_key: | |
| - description: | |
| - - AWS secret key. If not set then the value of the AWS_SECRET_KEY environment variable is used. | |
| - required: false | |
| - default: null | |
| - aliases: [ 'ec2_secret_key', 'secret_key' ] | |
| - version_added: "1.5" | |
| - aws_access_key: | |
| - description: | |
| - - AWS access key. If not set then the value of the AWS_ACCESS_KEY environment variable is used. | |
| - required: false | |
| - default: null | |
| - aliases: [ 'ec2_access_key', 'access_key' ] | |
| - version_added: "1.5" | |
| region: | |
| description: | |
| - The AWS region to use. If not specified then the value of the EC2_REGION environment variable, if any, is used. | |
| @@ -189,7 +175,6 @@ def stack_operation(cfn, stack_name, operation): | |
| time.sleep(5) | |
| return result | |
| - | |
| def main(): | |
| argument_spec = ec2_argument_spec() | |
| argument_spec.update(dict( | |
| @@ -220,7 +205,7 @@ def main(): | |
| template_parameters = module.params['template_parameters'] | |
| tags = module.params['tags'] | |
| - ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module) | |
| + region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module) | |
| kwargs = dict() | |
| if tags is not None: | |
| @@ -234,11 +219,7 @@ def main(): | |
| stack_outputs = {} | |
| try: | |
| - cfn = boto.cloudformation.connect_to_region( | |
| - region, | |
| - aws_access_key_id=aws_access_key, | |
| - aws_secret_access_key=aws_secret_key, | |
| - ) | |
| + cfn = connect_to_aws(boto.cloudformation, region, **aws_connect_kwargs) | |
| except boto.exception.NoAuthHandlerFound, e: | |
| module.fail_json(msg=str(e)) | |
| update = False | |
| diff --git ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/ec2.py ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/ec2.py | |
| index 8549d97..cdacda0 100755 | |
| --- ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/ec2.py | |
| +++ ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/ec2.py | |
| @@ -1208,15 +1208,11 @@ def main(): | |
| ec2 = ec2_connect(module) | |
| - ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module) | |
| + region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module) | |
| if region: | |
| try: | |
| - vpc = boto.vpc.connect_to_region( | |
| - region, | |
| - aws_access_key_id=aws_access_key, | |
| - aws_secret_access_key=aws_secret_key | |
| - ) | |
| + vpc = connect_to_aws(boto.vpc, region, **aws_connect_kwargs) | |
| except boto.exception.NoAuthHandlerFound, e: | |
| module.fail_json(msg = str(e)) | |
| else: | |
| diff --git ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/ec2_vpc.py ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/ec2_vpc.py | |
| index af11a96..55755a6 100644 | |
| --- ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/ec2_vpc.py | |
| +++ ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/ec2_vpc.py | |
| @@ -100,18 +100,6 @@ options: | |
| required: false | |
| default: null | |
| aliases: ['aws_region', 'ec2_region'] | |
| - aws_secret_key: | |
| - description: | |
| - - AWS secret key. If not set then the value of the AWS_SECRET_KEY environment variable is used. | |
| - required: false | |
| - default: None | |
| - aliases: ['ec2_secret_key', 'secret_key' ] | |
| - aws_access_key: | |
| - description: | |
| - - AWS access key. If not set then the value of the AWS_ACCESS_KEY environment variable is used. | |
| - required: false | |
| - default: None | |
| - aliases: ['ec2_access_key', 'access_key' ] | |
| validate_certs: | |
| description: | |
| - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0. | |
| @@ -126,8 +114,6 @@ author: Carson Gee | |
| ''' | |
| EXAMPLES = ''' | |
| -# Note: None of these examples set aws_access_key, aws_secret_key, or region. | |
| -# It is assumed that their matching environment variables are set. | |
| # Basic creation example: | |
| ec2_vpc: | |
| @@ -600,16 +586,12 @@ def main(): | |
| state = module.params.get('state') | |
| - ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module) | |
| + region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module) | |
| # If we have a region specified, connect to its endpoint. | |
| if region: | |
| try: | |
| - vpc_conn = boto.vpc.connect_to_region( | |
| - region, | |
| - aws_access_key_id=aws_access_key, | |
| - aws_secret_access_key=aws_secret_key | |
| - ) | |
| + vpc_conn = connect_to_aws(boto.vpc, region, **aws_connect_kwargs) | |
| except boto.exception.NoAuthHandlerFound, e: | |
| module.fail_json(msg = str(e)) | |
| else: | |
| diff --git ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/rds_param_group.py ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/rds_param_group.py | |
| index 6c08a10..558ba9a 100644 | |
| --- ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/rds_param_group.py | |
| +++ ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/rds_param_group.py | |
| @@ -67,18 +67,6 @@ options: | |
| required: true | |
| default: null | |
| aliases: [ 'aws_region', 'ec2_region' ] | |
| - aws_access_key: | |
| - description: | |
| - - AWS access key. If not set then the value of the AWS_ACCESS_KEY environment variable is used. | |
| - required: false | |
| - default: null | |
| - aliases: [ 'ec2_access_key', 'access_key' ] | |
| - aws_secret_key: | |
| - description: | |
| - - AWS secret key. If not set then the value of the AWS_SECRET_KEY environment variable is used. | |
| - required: false | |
| - default: null | |
| - aliases: [ 'ec2_secret_key', 'secret_key' ] | |
| requirements: [ "boto" ] | |
| author: Scott Anderson | |
| ''' | |
| @@ -249,13 +237,13 @@ def main(): | |
| module.fail_json(msg = str("Parameter %s not allowed for state='absent'" % not_allowed)) | |
| # Retrieve any AWS settings from the environment. | |
| - ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module) | |
| + region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module) | |
| if not region: | |
| module.fail_json(msg = str("region not specified and unable to determine region from EC2_REGION.")) | |
| try: | |
| - conn = boto.rds.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key) | |
| + conn = connect_to_aws(boto.rds, region, **aws_connect_kwargs) | |
| except boto.exception.BotoServerError, e: | |
| module.fail_json(msg = e.error_message) | |
| diff --git ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/rds_subnet_group.py ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/rds_subnet_group.py | |
| index 9731154..cbef46a 100644 | |
| --- ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/rds_subnet_group.py | |
| +++ ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/rds_subnet_group.py | |
| @@ -53,18 +53,6 @@ options: | |
| required: true | |
| default: null | |
| aliases: [ 'aws_region', 'ec2_region' ] | |
| - aws_access_key: | |
| - description: | |
| - - AWS access key. If not set then the value of the AWS_ACCESS_KEY environment variable is used. | |
| - required: false | |
| - default: null | |
| - aliases: [ 'ec2_access_key', 'access_key' ] | |
| - aws_secret_key: | |
| - description: | |
| - - AWS secret key. If not set then the value of the AWS_SECRET_KEY environment variable is used. | |
| - required: false | |
| - default: null | |
| - aliases: [ 'ec2_secret_key', 'secret_key' ] | |
| requirements: [ "boto" ] | |
| author: Scott Anderson | |
| ''' | |
| @@ -121,13 +109,13 @@ def main(): | |
| module.fail_json(msg = str("Parameter %s not allowed for state='absent'" % not_allowed)) | |
| # Retrieve any AWS settings from the environment. | |
| - ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module) | |
| + region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module) | |
| if not region: | |
| module.fail_json(msg = str("region not specified and unable to determine region from EC2_REGION.")) | |
| try: | |
| - conn = boto.rds.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key) | |
| + conn = connect_to_aws(boto.rds, region, **aws_connect_kwargs) | |
| except boto.exception.BotoServerError, e: | |
| module.fail_json(msg = e.error_message) | |
| diff --git ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/route53.py ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/route53.py | |
| index 78801b0..019caeb 100644 | |
| --- ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/route53.py | |
| +++ ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/route53.py | |
| @@ -177,6 +177,7 @@ try: | |
| import boto | |
| from boto import route53 | |
| from boto.route53.record import ResourceRecordSets | |
| + from boto.route53 import Route53Connection | |
| except ImportError: | |
| print "failed=True msg='boto required for this module'" | |
| sys.exit(1) | |
| @@ -224,7 +225,7 @@ def main(): | |
| retry_interval_in = module.params.get('retry_interval') | |
| private_zone_in = module.params.get('private_zone') | |
| - ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module) | |
| + region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module) | |
| value_list = () | |
| @@ -251,7 +252,7 @@ def main(): | |
| # connect to the route53 endpoint | |
| try: | |
| - conn = boto.route53.connection.Route53Connection(aws_access_key, aws_secret_key) | |
| + conn = Route53Connection(**aws_connect_kwargs) | |
| except boto.exception.BotoServerError, e: | |
| module.fail_json(msg = e.error_message) | |
| diff --git ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/s3.py ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/s3.py | |
| index 2b00e92..7813b57 100644 | |
| --- ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/s3.py | |
| +++ ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/s3.py | |
| @@ -71,18 +71,6 @@ options: | |
| - "S3 URL endpoint for usage with Eucalypus, fakes3, etc. Otherwise assumes AWS" | |
| default: null | |
| aliases: [ S3_URL ] | |
| - aws_secret_key: | |
| - description: | |
| - - AWS secret key. If not set then the value of the AWS_SECRET_KEY environment variable is used. | |
| - required: false | |
| - default: null | |
| - aliases: ['ec2_secret_key', 'secret_key'] | |
| - aws_access_key: | |
| - description: | |
| - - AWS access key. If not set then the value of the AWS_ACCESS_KEY environment variable is used. | |
| - required: false | |
| - default: null | |
| - aliases: [ 'ec2_access_key', 'access_key' ] | |
| metadata: | |
| description: | |
| - Metadata for PUT operation, as a dictionary of 'key=value' and 'key=value,key=value'. | |
| @@ -125,11 +113,11 @@ import os | |
| import urlparse | |
| import hashlib | |
| -from boto.s3.connection import OrdinaryCallingFormat | |
| - | |
| try: | |
| import boto | |
| from boto.s3.connection import Location | |
| + from boto.s3.connection import OrdinaryCallingFormat | |
| + from boto.s3.connection import S3Connection | |
| except ImportError: | |
| print "failed=True msg='boto required for this module'" | |
| sys.exit(1) | |
| @@ -301,7 +289,7 @@ def main(): | |
| overwrite = module.params.get('overwrite') | |
| metadata = module.params.get('metadata') | |
| - ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module) | |
| + region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module) | |
| if region in ('us-east-1', '', None): | |
| # S3ism for the US Standard region | |
| @@ -318,26 +306,31 @@ def main(): | |
| if not s3_url and 'S3_URL' in os.environ: | |
| s3_url = os.environ['S3_URL'] | |
| + if '.' in bucket: | |
| + aws_connect_kwargs['calling_format'] = OrdinaryCallingFormat() | |
| + | |
| # Look at s3_url and tweak connection settings | |
| # if connecting to Walrus or fakes3 | |
| try: | |
| if is_fakes3(s3_url): | |
| fakes3 = urlparse.urlparse(s3_url) | |
| - s3 = boto.connect_s3( | |
| - aws_access_key, | |
| - aws_secret_key, | |
| - is_secure=False, | |
| + s3 = S3Connection( | |
| + is_secure=fakes3.scheme == 'fakes3s', | |
| host=fakes3.hostname, | |
| port=fakes3.port, | |
| - calling_format=OrdinaryCallingFormat()) | |
| + calling_format=OrdinaryCallingFormat(), | |
| + **aws_connect_kwargs | |
| + ) | |
| elif is_walrus(s3_url): | |
| walrus = urlparse.urlparse(s3_url).hostname | |
| - s3 = boto.connect_walrus(walrus, aws_access_key, aws_secret_key) | |
| + s3 = boto.connect_walrus(walrus, **aws_connect_kwargs) | |
| else: | |
| - s3 = boto.s3.connect_to_region(location, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key, is_secure=True, calling_format=OrdinaryCallingFormat()) | |
| + aws_connect_kwargs['is_secure'] = True | |
| + try: | |
| + s3 = connect_to_aws(boto.s3, location, **aws_connect_kwargs) | |
| + except AnsibleAWSError: | |
| # use this as fallback because connect_to_region seems to fail in boto + non 'classic' aws accounts in some cases | |
| - if s3 is None: | |
| - s3 = boto.connect_s3(aws_access_key, aws_secret_key) | |
| + s3 = boto.connect_s3(**aws_connect_kwargs) | |
| except boto.exception.NoAuthHandlerFound, e: | |
| module.fail_json(msg='No Authentication Handler found: %s ' % str(e)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment