Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mass update of docs and tests (credentials/session tokens) #1714

Merged
merged 2 commits into from
Aug 30, 2023
+452 −457
Merged

Mass update of docs and tests (credentials/session tokens) #1714

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
102054b
Mass update of docs and tests (credentials/session tokens)
tremble Aug 30, 2023
e61e5db
changelog
tremble Aug 30, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions changelogs/fragments/1714-parameters.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
trivial:
- update docs and integration tests to use the canonical parameter names for the credentials parameters.
6 changes: 3 additions & 3 deletions plugins/inventory/aws_ec2.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,9 +157,9 @@
# Example using filters, ignoring permission errors, and specifying the hostname precedence
plugin: amazon.aws.aws_ec2
# The values for profile, access key, secret key and token can be hardcoded like:
boto_profile: aws_profile
profile: aws_profile
# or you could use Jinja as:
# boto_profile: "{{ lookup('env', 'AWS_PROFILE') | default('aws_profile', true) }}"
# profile: "{{ lookup('env', 'AWS_PROFILE') | default('aws_profile', true) }}"
# Populate inventory with instances in these regions
regions:
- us-east-1
Expand Down Expand Up @@ -243,7 +243,7 @@

# Example using groups to assign the running hosts to a group based on vpc_id
plugin: amazon.aws.aws_ec2
boto_profile: aws_profile
profile: aws_profile
# Populate inventory with instances in these regions
regions:
- us-east-2
Expand Down
4 changes: 2 additions & 2 deletions plugins/lookup/secretsmanager_secret.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,8 +105,8 @@
# If an object is of the form `{"key1":{"key2":{"key3":1}}}` the query would return the value `1`.
- name: lookup secretsmanager secret in a specific region using specified region and aws profile using nested feature
debug: >
msg="{{ lookup('amazon.aws.aws_secret', 'secrets.environments.production.password', region=region, aws_profile=aws_profile,
aws_access_key=aws_access_key, aws_secret_key=aws_secret_key, nested=true) }}"
msg="{{ lookup('amazon.aws.aws_secret', 'secrets.environments.production.password', region=region, profile=aws_profile,
access_key=aws_access_key, secret_key=aws_secret_key, nested=true) }}"
# The secret can be queried using the following syntax: `aws_secret_object_name.key1.key2.key3`.
# If an object is of the form `{"key1":{"key2":{"key3":1}}}` the query would return the value `1`.
# Region is the AWS region where the AWS secret is stored.
Expand Down
6 changes: 3 additions & 3 deletions plugins/lookup/ssm_parameter.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,13 +85,13 @@
debug: msg="{{ lookup('amazon.aws.aws_ssm', 'Hello', decrypt=False ) }}"

- name: lookup ssm parameter store using a specified aws profile
debug: msg="{{ lookup('amazon.aws.aws_ssm', 'Hello', aws_profile='myprofile' ) }}"
debug: msg="{{ lookup('amazon.aws.aws_ssm', 'Hello', profile='myprofile' ) }}"

- name: lookup ssm parameter store using explicit aws credentials
debug: msg="{{ lookup('amazon.aws.aws_ssm', 'Hello', aws_access_key=my_aws_access_key, aws_secret_key=my_aws_secret_key, aws_security_token=my_security_token ) }}" # noqa: E501
debug: msg="{{ lookup('amazon.aws.aws_ssm', 'Hello', access_key=my_aws_access_key, secret_key=my_aws_secret_key, session_token=my_session_token ) }}" # noqa: E501

- name: lookup ssm parameter store with all options
debug: msg="{{ lookup('amazon.aws.aws_ssm', 'Hello', decrypt=false, region='us-east-2', aws_profile='myprofile') }}"
debug: msg="{{ lookup('amazon.aws.aws_ssm', 'Hello', decrypt=false, region='us-east-2', profile='myprofile') }}"

- name: lookup ssm parameter and fail if missing
debug: msg="{{ lookup('amazon.aws.aws_ssm', 'missing-parameter') }}"
Expand Down
11 changes: 2 additions & 9 deletions plugins/modules/ec2_security_group.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -285,13 +285,13 @@
"""

EXAMPLES = r"""
# Note: These examples do not set authentication details, see the AWS Guide for details.

- name: example using security group rule descriptions
amazon.aws.ec2_security_group:
name: "{{ name }}"
description: sg with rule descriptions
vpc_id: vpc-xxxxxxxx
profile: "{{ aws_profile }}"
region: us-east-1
rules:
- proto: tcp
ports:
Expand All @@ -304,8 +304,6 @@
name: "{{ name }}"
description: sg for ICMP
vpc_id: vpc-xxxxxxxx
profile: "{{ aws_profile }}"
region: us-east-1
rules:
- proto: icmp
icmp_type: 3
Expand All @@ -317,9 +315,6 @@
name: example
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
aws_secret_key: SECRET
aws_access_key: ACCESS
rules:
- proto: tcp
from_port: 80
Expand Down Expand Up @@ -377,7 +372,6 @@
name: example2
description: an example2 EC2 group
vpc_id: 12345
region: eu-west-1
rules:
# 'ports' rule keyword was introduced in version 2.4. It accepts a single
# port value or a list of values including ranges (from_port-to_port).
Expand Down Expand Up @@ -414,7 +408,6 @@

- name: "Delete group by its id"
amazon.aws.ec2_security_group:
region: eu-west-1
group_id: sg-33b4ee5b
state: absent
"""
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/autoscaling_group/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@
tasks:
- module_defaults:
group/aws:
aws_access_key: '{{ aws_access_key }}'
aws_secret_key: '{{ aws_secret_key }}'
security_token: '{{ security_token | default(omit) }}'
access_key: '{{ aws_access_key }}'
secret_key: '{{ aws_secret_key }}'
session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
- include_role:
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/autoscaling_group/roles/ec2_asg/tasks/create_update_delete.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,9 @@

- name: test without specifying required module options
autoscaling_group:
aws_access_key: '{{ aws_access_key }}'
aws_secret_key: '{{ aws_secret_key }}'
security_token: '{{ security_token | default(omit) }}'
access_key: '{{ aws_access_key }}'
secret_key: '{{ aws_secret_key }}'
session_token: '{{ security_token | default(omit) }}'
ignore_errors: true
register: result
- name: assert name is a required module option
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/autoscaling_group/roles/ec2_asg/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@
- name: Wrap up all tests and setup AWS credentials
module_defaults:
group/aws:
aws_access_key: '{{ aws_access_key }}'
aws_secret_key: '{{ aws_secret_key }}'
security_token: '{{ security_token | default(omit) }}'
access_key: '{{ aws_access_key }}'
secret_key: '{{ aws_secret_key }}'
session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
aws_config:
retries:
Expand Down
8 changes: 4 additions & 4 deletions tests/integration/targets/aws_az_info/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
---
- module_defaults:
group/aws:
aws_access_key: '{{ aws_access_key | default(omit) }}'
aws_secret_key: '{{ aws_secret_key | default(omit) }}'
security_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region | default(omit) }}'
access_key: '{{ aws_access_key }}'
secret_key: '{{ aws_secret_key }}'
session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'

block:
- name: 'List available AZs in current Region'
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/aws_caller_info/tasks/main.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
- module_defaults:
group/aws:
region: "{{ aws_region }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
access_key: "{{ aws_access_key }}"
secret_key: "{{ aws_secret_key }}"
session_token: "{{ security_token | default(omit) }}"
block:
- name: retrieve caller facts
aws_caller_info:
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/backup_plan/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
---
- module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
access_key: "{{ aws_access_key }}"
secret_key: "{{ aws_secret_key }}"
session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:
- name: Create a backup vault for the plan to target
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/backup_selection/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
---
- module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
access_key: "{{ aws_access_key }}"
secret_key: "{{ aws_secret_key }}"
session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"

block:
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/backup_tag/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
---
- module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
access_key: "{{ aws_access_key }}"
secret_key: "{{ aws_secret_key }}"
session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:

Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/backup_vault/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
---
- module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
access_key: "{{ aws_access_key }}"
secret_key: "{{ aws_secret_key }}"
session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:
- name: create a key
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/callback_aws_resource_actions/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@
- amazon.aws
module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
access_key: "{{ aws_access_key }}"
secret_key: "{{ aws_secret_key }}"
session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
tasks:
- ec2_instance_info:
Expand Down
8 changes: 4 additions & 4 deletions tests/integration/targets/cloudformation/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
---
- module_defaults:
group/aws:
aws_access_key: '{{ aws_access_key | default(omit) }}'
aws_secret_key: '{{ aws_secret_key | default(omit) }}'
security_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region | default(omit) }}'
access_key: '{{ aws_access_key }}'
secret_key: '{{ aws_secret_key }}'
session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'

block:

Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/cloudtrail/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1347,9 +1347,9 @@
state: present
name: '{{ cloudtrail_name }}'
kms_key_id: 'alias/{{ kms_alias }}'
aws_access_key: "{{ noKms_assumed_role.sts_creds.access_key }}"
aws_secret_key: "{{ noKms_assumed_role.sts_creds.secret_key }}"
security_token: "{{ noKms_assumed_role.sts_creds.session_token }}"
access_key: "{{ noKms_assumed_role.sts_creds.access_key }}"
secret_key: "{{ noKms_assumed_role.sts_creds.secret_key }}"
session_token: "{{ noKms_assumed_role.sts_creds.session_token }}"
Comment on lines +1350 to +1352
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These creds should not be needed.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is just a rename PR, not sure why they're there so I'd rather handle that separately.

check_mode: yes
register: output
- assert:
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/cloudwatch_metric_alarm/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
- name: run cloudwatch_metric_alarm tests
module_defaults:
group/aws:
aws_access_key: '{{ aws_access_key }}'
aws_secret_key: '{{ aws_secret_key }}'
security_token: '{{ security_token | default(omit) }}'
access_key: '{{ aws_access_key }}'
secret_key: '{{ aws_secret_key }}'
session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
block:
- set_fact:
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/cloudwatchevent_rule/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
- module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
access_key: "{{ aws_access_key }}"
secret_key: "{{ aws_secret_key }}"
session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"

block:
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/cloudwatchlogs/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@

- module_defaults:
group/aws:
aws_access_key: '{{ aws_access_key }}'
aws_secret_key: '{{ aws_secret_key }}'
security_token: '{{ security_token | default(omit) }}'
access_key: '{{ aws_access_key }}'
secret_key: '{{ aws_secret_key }}'
session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'

block:
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/ec2_ami/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@
- module_defaults:
group/aws:
aws_region: '{{ aws_region }}'
aws_access_key: '{{ aws_access_key }}'
aws_secret_key: '{{ aws_secret_key }}'
security_token: '{{ security_token | default(omit) }}'
access_key: '{{ aws_access_key }}'
secret_key: '{{ aws_secret_key }}'
session_token: '{{ security_token | default(omit) }}'
collections:
- amazon.aws
block:
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/ec2_ami_instance/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@
- module_defaults:
group/aws:
aws_region: '{{ aws_region }}'
aws_access_key: '{{ aws_access_key }}'
aws_secret_key: '{{ aws_secret_key }}'
security_token: '{{ security_token | default(omit) }}'
access_key: '{{ aws_access_key }}'
secret_key: '{{ aws_secret_key }}'
session_token: '{{ security_token | default(omit) }}'
collections:
- amazon.aws
block:
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/ec2_ami_snapshot/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@
- module_defaults:
group/aws:
aws_region: '{{ aws_region }}'
aws_access_key: '{{ aws_access_key }}'
aws_secret_key: '{{ aws_secret_key }}'
security_token: '{{ security_token | default(omit) }}'
access_key: '{{ aws_access_key }}'
secret_key: '{{ aws_secret_key }}'
session_token: '{{ security_token | default(omit) }}'
collections:
- amazon.aws
block:
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/ec2_ami_tpm/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@
- module_defaults:
group/aws:
aws_region: '{{ aws_region }}'
aws_access_key: '{{ aws_access_key }}'
aws_secret_key: '{{ aws_secret_key }}'
security_token: '{{ security_token | default(omit) }}'
access_key: '{{ aws_access_key }}'
secret_key: '{{ aws_secret_key }}'
session_token: '{{ security_token | default(omit) }}'
collections:
- amazon.aws
block:
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/ec2_eip/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
- name: Integration testing for ec2_eip
module_defaults:
group/aws:
aws_access_key: '{{ aws_access_key }}'
aws_secret_key: '{{ aws_secret_key }}'
security_token: '{{ security_token | default(omit) }}'
access_key: '{{ aws_access_key }}'
secret_key: '{{ aws_secret_key }}'
session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'
amazon.aws.ec2_eip:
in_vpc: true
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/ec2_eni/tasks/main.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
---
- module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
access_key: "{{ aws_access_key }}"
secret_key: "{{ aws_secret_key }}"
session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"

collections:
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/ec2_instance_block_devices/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
- module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
access_key: "{{ aws_access_key }}"
secret_key: "{{ aws_secret_key }}"
session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:
- name: "New instance with an extra block device"
Expand Down
Loading
Loading