Skip to content

Instantly share code, notes, and snippets.

View s-hertel's full-sized avatar

Sloane Hertel s-hertel

70 followers · 24 following
View GitHub Profile
@s-hertel
s-hertel / replace_dash_in_groups = False
Last active March 7, 2019 20:44
aws_ec2 config file for script compatibility
# Make sure you set ANSIBLE_TRANSFORM_INVALID_GROUP_CHARS=False
plugin: aws_ec2
boto_profile: shertel
use_legacy_script_group_name_sanitization: True
keyed_groups:
- prefix: tag
key: tags
- prefix: key
key: key_name
@s-hertel
s-hertel / gist:8b88a875dce32981907833a7b38871b8
Last active March 13, 2019 19:48
Example process for an AWS pull request failing with CI from authentication in CI
* Step 1, run the tests which will output the minimum actions that must be permitted by the policy
For an example I'm using abbreviated ec2_group tests (which already are a part of Ansible)
(python3.6.4) 14:33:08 [ansible]$ ansible-test integration unstable/ec2_group
... test output ...
PLAY RECAP *******************************************************************************************************************************
testhost : ok=156 changed=51 unreachable=0 failed=0 skipped=8 rescued=0 ignored=10
AWS ACTIONS: ['ec2:AuthorizeSecurityGroupEgress', 'ec2:AuthorizeSecurityGroupIngress', 'ec2:CreateSecurityGroup', 'ec2:CreateTags', 'ec2:CreateVpc', 'ec2:DeleteSecurityGroup', 'ec2:DeleteTags', 'ec2:DeleteVpc', 'ec2:DescribeSecurityGroups', 'ec2:DescribeTags', 'ec2:DescribeVpcAttribute', 'ec2:DescribeVpcClassicLink', 'ec2:DescribeVpcs', 'ec2:ModifyVpcAttribute', 'ec2:RevokeSecurityGroupEgress', 'ec2:RevokeSecurityGroupIngress', 'ec2:UpdateSecurityGroupRuleDescriptionsEgress'
@s-hertel
s-hertel / test.yml
Created May 6, 2019 17:04
---
- hosts: localhost
connection: local
gather_facts: no
tasks:
- name: Ensure file for specifications
file:
path: /tmp/test
state: touch
access_time: preserve
@s-hertel
s-hertel / gist:50f72d8f521378225a3cdc0b42644509
Last active June 11, 2019 22:00
diff --git a/lib/ansible/plugins/cache/__init__.py b/lib/ansible/plugins/cache/__init__.py
index fbc4122aca..6de6a064c5 100644
--- a/lib/ansible/plugins/cache/__init__.py
+++ b/lib/ansible/plugins/cache/__init__.py
@@ -306,10 +306,9 @@ class CachePluginAdjudicator(MutableMapping):
def _do_load_key(self, key):
load = False
if key not in self._cache and key not in self._retrieved and self._plugin_name != 'memory':
- if isinstance(self._plugin, BaseFileCacheModule):
- load = True
@s-hertel
s-hertel / test_aws_ec2.yml
Created June 25, 2019 17:55
plugin: aws_ec2
regions: !vault |
$ANSIBLE_VAULT;1.1;AES256
64323931633738656464633939333864316530303436666437343164316364333638346434613164
3537306435373164373334333234356664336531303032320a636661656634313130353638353764
32633162313165393838623635306332363361363461353532386232646431613264396530646436
3361333435353266640a663637326462383432373361336165653031303233316636633635323135
3337
@s-hertel
s-hertel / devel_out
Created July 1, 2019 15:19
(python3.7.2) 11:18:21 [ansible]$ ansible-playbook -i inventory test_group_by.yml -vvv
ansible-playbook 2.9.0.dev0
config file = None
configured module search path = ['/Users/shertel/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /Users/shertel/Code/3/ansible/lib/ansible
executable location = /Users/shertel/Code/3/ansible/bin/ansible-playbook
python version = 3.7.2 (default, Mar 20 2019, 13:14:56) [Clang 9.0.0 (clang-900.0.39.2)]
No config file found; using defaults
host_list declined parsing /Users/shertel/Code/3/ansible/inventory as it did not pass its verify_file() method
script declined parsing /Users/shertel/Code/3/ansible/inventory as it did not pass its verify_file() method
@s-hertel
s-hertel / gist:881ab33ac78371b5e3bd4b69b64c5338
Last active July 30, 2019 20:53
Fix iam_password_policy when no max pw age
$ git diff
diff --git a/lib/ansible/modules/cloud/amazon/iam_password_policy.py b/lib/ansible/modules/cloud/amazon/iam_password_policy.py
index 435cf08605..dcef27923e 100644
--- a/lib/ansible/modules/cloud/amazon/iam_password_policy.py
+++ b/lib/ansible/modules/cloud/amazon/iam_password_policy.py
@@ -127,18 +127,21 @@ class IAMConnection(object):
pw_reuse_prevent = module.params.get('pw_reuse_prevent')
pw_expire = module.params.get('pw_expire')
+ update_parameters = dict(
@s-hertel
s-hertel / playbook.yml
Created February 19, 2020 14:18
- debug: msg="{{ ec2 }}"
# Since you're looping over ec2 creating instances, instead of ec2.tagged_instances or ec2.instances you'll need
# to iterate over the results list created due to with_items
# Brand new instance can be accessed with either the instance_ids list, or instances list
- set_fact:
only_new_instances: "{{ ec2.results | json_query('[*].instance_ids') }}"
# New and old hosts that match the count tag are always in the tagged_instances list
@s-hertel
s-hertel / gist:909f3a76c30b277a77a1ac92d9b7f6e2
Created March 6, 2020 15:20
diff --git a/lib/ansible/executor/task_executor.py b/lib/ansible/executor/task_executor.py
index bda38b0bdf..e3da2fd038 100644
--- a/lib/ansible/executor/task_executor.py
+++ b/lib/ansible/executor/task_executor.py
@@ -1032,6 +1032,8 @@ class TaskExecutor:
# let action plugin override module, fallback to 'normal' action plugin otherwise
if self._shared_loader_obj.action_loader.has_plugin(self._task.action, collection_list=collections):
handler_name = self._task.action
+ elif self._shared_loader_obj.action_loader.has_plugin(self._task.abbreviated_name, collection_list=collections):
+ handler_name = self._task.abbreviated_name
@s-hertel
s-hertel / gist.diff
Created June 10, 2020 17:59
diff --git a/lib/ansible/cli/doc.py b/lib/ansible/cli/doc.py
index 79aa3eb1ec..079e488128 100644
--- a/lib/ansible/cli/doc.py
+++ b/lib/ansible/cli/doc.py
@@ -161,6 +161,7 @@ class DocCLI(CLI):
# add to plugin paths from command line
basedir = context.CLIARGS['basedir']
if basedir:
+ basedir = os.path.abspath(basedir)
AnsibleCollectionConfig.playbook_paths = basedir