Mass update of docs and tests (credentials/session tokens) (ansible-c…

…ollections#1714)

Mass update of docs and tests (credentials/session tokens)

SUMMARY
We had a cleanup of credentials/session parameters which included a batch of deprecations and renames.
Ensure that all of our tests and docs are using the 'canonical' names
ISSUE TYPE

Docs Pull Request

COMPONENT NAME
plugins/inventory/aws_ec2.py
plugins/lookup/secretsmanager_secret.py
plugins/lookup/ssm_parameter.py
plugins/modules/ec2_security_group.py
tests/integration/targets
ADDITIONAL INFORMATION
See Also: ansible-collections#1172

Reviewed-by: Alina Buzachis
Reviewed-by: Mark Chappell

changelogs/fragments/1714-parameters.yml

@@ -0,0 +1,2 @@
+trivial:
+- update docs and integration tests to use the canonical parameter names for the credentials parameters.

plugins/inventory/aws_ec2.py

@@ -157,9 +157,9 @@
 # Example using filters, ignoring permission errors, and specifying the hostname precedence
 plugin: amazon.aws.aws_ec2
 # The values for profile, access key, secret key and token can be hardcoded like:
-boto_profile: aws_profile
+profile: aws_profile
 # or you could use Jinja as:
-# boto_profile: "{{ lookup('env', 'AWS_PROFILE') | default('aws_profile', true) }}"
+# profile: "{{ lookup('env', 'AWS_PROFILE') | default('aws_profile', true) }}"
 # Populate inventory with instances in these regions
 regions:
   - us-east-1
@@ -243,7 +243,7 @@
 
 # Example using groups to assign the running hosts to a group based on vpc_id
 plugin: amazon.aws.aws_ec2
-boto_profile: aws_profile
+profile: aws_profile
 # Populate inventory with instances in these regions
 regions:
   - us-east-2

plugins/lookup/secretsmanager_secret.py

@@ -105,8 +105,8 @@
    # If an object is of the form `{"key1":{"key2":{"key3":1}}}` the query would return the value `1`.
  - name: lookup secretsmanager secret in a specific region using specified region and aws profile using nested feature
    debug: >
-    msg="{{ lookup('amazon.aws.aws_secret', 'secrets.environments.production.password', region=region, aws_profile=aws_profile,
-    aws_access_key=aws_access_key, aws_secret_key=aws_secret_key, nested=true) }}"
+    msg="{{ lookup('amazon.aws.aws_secret', 'secrets.environments.production.password', region=region, profile=aws_profile,
+    access_key=aws_access_key, secret_key=aws_secret_key, nested=true) }}"
    # The secret can be queried using the following syntax: `aws_secret_object_name.key1.key2.key3`.
    # If an object is of the form `{"key1":{"key2":{"key3":1}}}` the query would return the value `1`.
    # Region is the AWS region where the AWS secret is stored.

plugins/lookup/ssm_parameter.py

@@ -85,13 +85,13 @@
   debug: msg="{{ lookup('amazon.aws.aws_ssm', 'Hello', decrypt=False ) }}"
 
 - name: lookup ssm parameter store using a specified aws profile
-  debug: msg="{{ lookup('amazon.aws.aws_ssm', 'Hello', aws_profile='myprofile' ) }}"
+  debug: msg="{{ lookup('amazon.aws.aws_ssm', 'Hello', profile='myprofile' ) }}"
 
 - name: lookup ssm parameter store using explicit aws credentials
-  debug: msg="{{ lookup('amazon.aws.aws_ssm', 'Hello', aws_access_key=my_aws_access_key, aws_secret_key=my_aws_secret_key, aws_security_token=my_security_token ) }}" # noqa: E501
+  debug: msg="{{ lookup('amazon.aws.aws_ssm', 'Hello', access_key=my_aws_access_key, secret_key=my_aws_secret_key, session_token=my_session_token ) }}" # noqa: E501
 
 - name: lookup ssm parameter store with all options
-  debug: msg="{{ lookup('amazon.aws.aws_ssm', 'Hello', decrypt=false, region='us-east-2', aws_profile='myprofile') }}"
+  debug: msg="{{ lookup('amazon.aws.aws_ssm', 'Hello', decrypt=false, region='us-east-2', profile='myprofile') }}"
 
 - name: lookup ssm parameter and fail if missing
   debug: msg="{{ lookup('amazon.aws.aws_ssm', 'missing-parameter') }}"

plugins/modules/ec2_security_group.py

@@ -285,13 +285,13 @@
 """
 
 EXAMPLES = r"""
+# Note: These examples do not set authentication details, see the AWS Guide for details.
+
 - name: example using security group rule descriptions
   amazon.aws.ec2_security_group:
     name: "{{ name }}"
     description: sg with rule descriptions
     vpc_id: vpc-xxxxxxxx
-    profile: "{{ aws_profile }}"
-    region: us-east-1
     rules:
       - proto: tcp
         ports:
@@ -304,8 +304,6 @@
     name: "{{ name }}"
     description: sg for ICMP
     vpc_id: vpc-xxxxxxxx
-    profile: "{{ aws_profile }}"
-    region: us-east-1
     rules:
       - proto: icmp
         icmp_type: 3
@@ -317,9 +315,6 @@
     name: example
     description: an example EC2 group
     vpc_id: 12345
-    region: eu-west-1
-    aws_secret_key: SECRET
-    aws_access_key: ACCESS
     rules:
       - proto: tcp
         from_port: 80
@@ -377,7 +372,6 @@
     name: example2
     description: an example2 EC2 group
     vpc_id: 12345
-    region: eu-west-1
     rules:
       # 'ports' rule keyword was introduced in version 2.4. It accepts a single
       # port value or a list of values including ranges (from_port-to_port).
@@ -414,7 +408,6 @@
 
 - name: "Delete group by its id"
   amazon.aws.ec2_security_group:
-    region: eu-west-1
     group_id: sg-33b4ee5b
     state: absent
 """

tests/integration/targets/autoscaling_group/main.yml

@@ -9,9 +9,9 @@
   tasks:
   - module_defaults:
       group/aws:
-        aws_access_key: '{{ aws_access_key }}'
-        aws_secret_key: '{{ aws_secret_key }}'
-        security_token: '{{ security_token | default(omit) }}'
+        access_key: '{{ aws_access_key }}'
+        secret_key: '{{ aws_secret_key }}'
+        session_token: '{{ security_token | default(omit) }}'
         region: '{{ aws_region }}'
     block:
     - include_role:

tests/integration/targets/autoscaling_group/roles/ec2_asg/tasks/create_update_delete.yml

@@ -7,9 +7,9 @@
 
   - name: test without specifying required module options
     autoscaling_group:
-      aws_access_key: '{{ aws_access_key }}'
-      aws_secret_key: '{{ aws_secret_key }}'
-      security_token: '{{ security_token | default(omit) }}'
+      access_key: '{{ aws_access_key }}'
+      secret_key: '{{ aws_secret_key }}'
+      session_token: '{{ security_token | default(omit) }}'
     ignore_errors: true
     register: result
   - name: assert name is a required module option

tests/integration/targets/autoscaling_group/roles/ec2_asg/tasks/main.yml

@@ -5,9 +5,9 @@
 - name: Wrap up all tests and setup AWS credentials
   module_defaults:
     group/aws:
-      aws_access_key: '{{ aws_access_key }}'
-      aws_secret_key: '{{ aws_secret_key }}'
-      security_token: '{{ security_token | default(omit) }}'
+      access_key: '{{ aws_access_key }}'
+      secret_key: '{{ aws_secret_key }}'
+      session_token: '{{ security_token | default(omit) }}'
       region: '{{ aws_region }}'
       aws_config:
         retries:

tests/integration/targets/aws_az_info/tasks/main.yml

@@ -1,10 +1,10 @@
 ---
 - module_defaults:
     group/aws:
-      aws_access_key: '{{ aws_access_key | default(omit) }}'
-      aws_secret_key: '{{ aws_secret_key | default(omit) }}'
-      security_token: '{{ security_token | default(omit) }}'
-      region: '{{ aws_region | default(omit) }}'
+      access_key: '{{ aws_access_key }}'
+      secret_key: '{{ aws_secret_key }}'
+      session_token: '{{ security_token | default(omit) }}'
+      region: '{{ aws_region }}'
 
   block:
   - name: 'List available AZs in current Region'

tests/integration/targets/aws_caller_info/tasks/main.yaml

@@ -1,9 +1,9 @@
 - module_defaults:
     group/aws:
         region: "{{ aws_region }}"
-        aws_access_key: "{{ aws_access_key }}"
-        aws_secret_key: "{{ aws_secret_key }}"
-        security_token: "{{ security_token | default(omit) }}"
+        access_key: "{{ aws_access_key }}"
+        secret_key: "{{ aws_secret_key }}"
+        session_token: "{{ security_token | default(omit) }}"
   block:
   - name: retrieve caller facts
     aws_caller_info:

tests/integration/targets/backup_plan/tasks/main.yml

@@ -1,9 +1,9 @@
 ---
 - module_defaults:
     group/aws:
-      aws_access_key: "{{ aws_access_key }}"
-      aws_secret_key: "{{ aws_secret_key }}"
-      security_token: "{{ security_token | default(omit) }}"
+      access_key: "{{ aws_access_key }}"
+      secret_key: "{{ aws_secret_key }}"
+      session_token: "{{ security_token | default(omit) }}"
       region: "{{ aws_region }}"
   block:
     - name: Create a backup vault for the plan to target

tests/integration/targets/backup_selection/tasks/main.yml

@@ -1,9 +1,9 @@
 ---
 - module_defaults:
     group/aws:
-      aws_access_key: "{{ aws_access_key }}"
-      aws_secret_key: "{{ aws_secret_key }}"
-      security_token: "{{ security_token | default(omit) }}"
+      access_key: "{{ aws_access_key }}"
+      secret_key: "{{ aws_secret_key }}"
+      session_token: "{{ security_token | default(omit) }}"
       region: "{{ aws_region }}"
 
   block:

tests/integration/targets/backup_tag/tasks/main.yml

@@ -1,9 +1,9 @@
 ---
 - module_defaults:
     group/aws:
-      aws_access_key: "{{ aws_access_key }}"
-      aws_secret_key: "{{ aws_secret_key }}"
-      security_token: "{{ security_token | default(omit) }}"
+      access_key: "{{ aws_access_key }}"
+      secret_key: "{{ aws_secret_key }}"
+      session_token: "{{ security_token | default(omit) }}"
       region: "{{ aws_region }}"
   block:
 

tests/integration/targets/backup_vault/tasks/main.yml

@@ -1,9 +1,9 @@
 ---
 - module_defaults:
     group/aws:
-      aws_access_key: "{{ aws_access_key }}"
-      aws_secret_key: "{{ aws_secret_key }}"
-      security_token: "{{ security_token | default(omit) }}"
+      access_key: "{{ aws_access_key }}"
+      secret_key: "{{ aws_secret_key }}"
+      session_token: "{{ security_token | default(omit) }}"
       region: "{{ aws_region }}"
   block:
     - name: create a key

tests/integration/targets/callback_aws_resource_actions/main.yml

@@ -4,9 +4,9 @@
   - amazon.aws
   module_defaults:
     group/aws:
-      aws_access_key: "{{ aws_access_key }}"
-      aws_secret_key: "{{ aws_secret_key }}"
-      security_token: "{{ security_token | default(omit) }}"
+      access_key: "{{ aws_access_key }}"
+      secret_key: "{{ aws_secret_key }}"
+      session_token: "{{ security_token | default(omit) }}"
       region: "{{ aws_region }}"
   tasks:
   - ec2_instance_info:

tests/integration/targets/cloudformation/tasks/main.yml

@@ -1,10 +1,10 @@
 ---
 - module_defaults:
     group/aws:
-      aws_access_key: '{{ aws_access_key | default(omit) }}'
-      aws_secret_key: '{{ aws_secret_key | default(omit) }}'
-      security_token: '{{ security_token | default(omit) }}'
-      region: '{{ aws_region | default(omit) }}'
+      access_key: '{{ aws_access_key }}'
+      secret_key: '{{ aws_secret_key }}'
+      session_token: '{{ security_token | default(omit) }}'
+      region: '{{ aws_region }}'
 
   block:
 

tests/integration/targets/cloudtrail/tasks/main.yml

@@ -1347,9 +1347,9 @@
       state: present
       name: '{{ cloudtrail_name }}'
       kms_key_id: 'alias/{{ kms_alias }}'
-      aws_access_key: "{{ noKms_assumed_role.sts_creds.access_key }}"
-      aws_secret_key: "{{ noKms_assumed_role.sts_creds.secret_key }}"
-      security_token: "{{ noKms_assumed_role.sts_creds.session_token }}"
+      access_key: "{{ noKms_assumed_role.sts_creds.access_key }}"
+      secret_key: "{{ noKms_assumed_role.sts_creds.secret_key }}"
+      session_token: "{{ noKms_assumed_role.sts_creds.session_token }}"
     check_mode: yes
     register: output
   - assert:

tests/integration/targets/cloudwatch_metric_alarm/tasks/main.yml

@@ -1,9 +1,9 @@
 - name: run cloudwatch_metric_alarm tests
   module_defaults:
     group/aws:
-      aws_access_key: '{{ aws_access_key }}'
-      aws_secret_key: '{{ aws_secret_key }}'
-      security_token: '{{ security_token | default(omit) }}'
+      access_key: '{{ aws_access_key }}'
+      secret_key: '{{ aws_secret_key }}'
+      session_token: '{{ security_token | default(omit) }}'
       region: '{{ aws_region }}'
   block:
   - set_fact:

tests/integration/targets/cloudwatchevent_rule/tasks/main.yml

@@ -1,8 +1,8 @@
 - module_defaults:
     group/aws:
-      aws_access_key: "{{ aws_access_key }}"
-      aws_secret_key: "{{ aws_secret_key }}"
-      security_token: "{{ security_token | default(omit) }}"
+      access_key: "{{ aws_access_key }}"
+      secret_key: "{{ aws_secret_key }}"
+      session_token: "{{ security_token | default(omit) }}"
       region: "{{ aws_region }}"
 
   block:

tests/integration/targets/cloudwatchlogs/tasks/main.yml

@@ -2,9 +2,9 @@
 
 - module_defaults:
     group/aws:
-      aws_access_key: '{{ aws_access_key }}'
-      aws_secret_key: '{{ aws_secret_key }}'
-      security_token: '{{ security_token | default(omit) }}'
+      access_key: '{{ aws_access_key }}'
+      secret_key: '{{ aws_secret_key }}'
+      session_token: '{{ security_token | default(omit) }}'
       region: '{{ aws_region }}'
 
   block:

tests/integration/targets/ec2_ami/tasks/main.yml

@@ -3,9 +3,9 @@
 - module_defaults:
     group/aws:
       aws_region: '{{ aws_region }}'
-      aws_access_key: '{{ aws_access_key }}'
-      aws_secret_key: '{{ aws_secret_key }}'
-      security_token: '{{ security_token | default(omit) }}'
+      access_key: '{{ aws_access_key }}'
+      secret_key: '{{ aws_secret_key }}'
+      session_token: '{{ security_token | default(omit) }}'
   collections:
     - amazon.aws
   block:

tests/integration/targets/ec2_ami_instance/tasks/main.yml

@@ -3,9 +3,9 @@
 - module_defaults:
     group/aws:
       aws_region: '{{ aws_region }}'
-      aws_access_key: '{{ aws_access_key }}'
-      aws_secret_key: '{{ aws_secret_key }}'
-      security_token: '{{ security_token | default(omit) }}'
+      access_key: '{{ aws_access_key }}'
+      secret_key: '{{ aws_secret_key }}'
+      session_token: '{{ security_token | default(omit) }}'
   collections:
     - amazon.aws
   block:

tests/integration/targets/ec2_ami_snapshot/tasks/main.yml

@@ -3,9 +3,9 @@
 - module_defaults:
     group/aws:
       aws_region: '{{ aws_region }}'
-      aws_access_key: '{{ aws_access_key }}'
-      aws_secret_key: '{{ aws_secret_key }}'
-      security_token: '{{ security_token | default(omit) }}'
+      access_key: '{{ aws_access_key }}'
+      secret_key: '{{ aws_secret_key }}'
+      session_token: '{{ security_token | default(omit) }}'
   collections:
     - amazon.aws
   block:

tests/integration/targets/ec2_ami_tpm/tasks/main.yml

@@ -3,9 +3,9 @@
 - module_defaults:
     group/aws:
       aws_region: '{{ aws_region }}'
-      aws_access_key: '{{ aws_access_key }}'
-      aws_secret_key: '{{ aws_secret_key }}'
-      security_token: '{{ security_token | default(omit) }}'
+      access_key: '{{ aws_access_key }}'
+      secret_key: '{{ aws_secret_key }}'
+      session_token: '{{ security_token | default(omit) }}'
   collections:
     - amazon.aws
   block:

tests/integration/targets/ec2_eip/tasks/main.yml

@@ -1,9 +1,9 @@
 - name: Integration testing for ec2_eip
   module_defaults:
     group/aws:
-      aws_access_key: '{{ aws_access_key }}'
-      aws_secret_key: '{{ aws_secret_key }}'
-      security_token: '{{ security_token | default(omit) }}'
+      access_key: '{{ aws_access_key }}'
+      secret_key: '{{ aws_secret_key }}'
+      session_token: '{{ security_token | default(omit) }}'
       region: '{{ aws_region }}'
     amazon.aws.ec2_eip:
       in_vpc: true

tests/integration/targets/ec2_eni/tasks/main.yaml

@@ -1,9 +1,9 @@
 ---
 - module_defaults:
     group/aws:
-      aws_access_key: "{{ aws_access_key }}"
-      aws_secret_key: "{{ aws_secret_key }}"
-      security_token: "{{ security_token | default(omit) }}"
+      access_key: "{{ aws_access_key }}"
+      secret_key: "{{ aws_secret_key }}"
+      session_token: "{{ security_token | default(omit) }}"
       region: "{{ aws_region }}"
 
   collections:

tests/integration/targets/ec2_instance_block_devices/tasks/main.yml

@@ -1,8 +1,8 @@
 - module_defaults:
     group/aws:
-      aws_access_key: "{{ aws_access_key }}"
-      aws_secret_key: "{{ aws_secret_key }}"
-      security_token: "{{ security_token | default(omit) }}"
+      access_key: "{{ aws_access_key }}"
+      secret_key: "{{ aws_secret_key }}"
+      session_token: "{{ security_token | default(omit) }}"
       region: "{{ aws_region }}"
   block:
   - name: "New instance with an extra block device"