diff --git a/contrib/inventory/alicloud.ini b/contrib/inventory/alicloud.ini index b4042175..06a13a56 100644 --- a/contrib/inventory/alicloud.ini +++ b/contrib/inventory/alicloud.ini @@ -109,3 +109,8 @@ group_by_tag_none = True # # alicloud_access_key = Abcd1234 # alicloud_secret_key = Abcd2345 +# alicloud_region=cn-beijing +# alicloud_profile=test +# alicloud_role_arn=acs:ram::1182725234319447:role/role_name +# alicloud_assume_role_session_name=ansible-test +# alicloud_assume_role_policy={"Statement": [{"Action": ["*"],"Effect": "Allow","Resource": "*"}],"Version": "1"} \ No newline at end of file diff --git a/contrib/inventory/alicloud.py b/contrib/inventory/alicloud.py index d17a159c..bb02eb7e 100755 --- a/contrib/inventory/alicloud.py +++ b/contrib/inventory/alicloud.py @@ -25,7 +25,7 @@ import configparser from time import time -from ansible.module_utils.alicloud_ecs import connect_to_acs +from ansible.module_utils.alicloud_ecs import connect_to_acs, get_profile try: import json @@ -141,11 +141,50 @@ def read_settings(self): if not security_token: security_token = self.get_option(config, 'credentials', 'alicloud_security_token') - self.credentials = { - 'acs_access_key_id': access_key, - 'acs_secret_access_key': secret_key, + alicloud_region = os.environ.get('ALICLOUD_REGION', None) + if not alicloud_region: + alicloud_region = self.get_option(config, 'credentials', 'alicloud_region') + + ecs_role_name = os.environ.get('ALICLOUD_ECS_ROLE_NAME', None) + if not ecs_role_name: + ecs_role_name = self.get_option(config, 'credentials', 'alicloud_ecs_role_name') + + profile = os.environ.get('ALICLOUD_PROFILE', None) + if not profile: + profile = self.get_option(config, 'credentials', 'alicloud_profile') + + shared_credentials_file = os.environ.get('ALICLOUD_SHARED_CREDENTIALS_FILE', None) + if not shared_credentials_file: + shared_credentials_file = self.get_option(config, 'credentials', 'alicloud_shared_credentials_file') + + role_arn = os.environ.get('ALICLOUD_ASSUME_ROLE_ARN', None) + if not role_arn: + role_arn = self.get_option(config, 'credentials', 'alicloud_role_arn') + + assume_role_session_name = os.environ.get('ALICLOUD_ASSUME_ROLE_SESSION_NAME', None) + if not assume_role_session_name: + assume_role_session_name = self.get_option(config, 'credentials', 'alicloud_assume_role_session_name') + + assume_role_session_expiration = os.environ.get('ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION', None) + if not assume_role_session_expiration: + assume_role_session_expiration = self.get_option(config, 'credentials', 'alicloud_assume_role_session_expiration') + + alicloud_assume_role_policy = self.get_option(config, 'credentials', 'alicloud_assume_role_policy') + + credentials = { + 'alicloud_access_key': access_key, + 'alicloud_secret_key': secret_key, 'security_token': security_token, + 'ecs_role_name': ecs_role_name, + 'profile': profile, + 'shared_credentials_file': shared_credentials_file, + 'alicloud_assume_role_policy': alicloud_assume_role_policy, + 'alicloud_assume_role_arn': role_arn, + 'alicloud_assume_role_session_name': assume_role_session_name, + 'alicloud_assume_role_session_expiration': assume_role_session_expiration, + 'alicloud_region': alicloud_region } + self.credentials = get_profile(credentials) # Regions config_regions = self.get_option(config, 'ecs', 'regions') @@ -441,7 +480,7 @@ def connect_to_ecs(self, module, region): # Check module args for credentials, then check environment vars access key pair and region connect_args = self.credentials - connect_args['user_agent'] = 'Ansible-Provider-Alicloud' + connect_args['user_agent'] = 'Ansible-Provider-Inventory' conn = connect_to_acs(module, region, **connect_args) if conn is None: self.fail_with_error("region name: %s likely not supported. Connection to region failed." % region)