Move aws connection default/env handling to option parsing

ansible-collections · Jan 20, 2023 · 3bf7bcf · 3bf7bcf
1 parent 8503d80
commit 3bf7bcf
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 14 deletions.
diff --git a/changelogs/fragments/514-aws_ssm-env_vars.yml b/changelogs/fragments/514-aws_ssm-env_vars.yml
@@ -0,0 +1,2 @@
+minor_changes:
+- aws_ssm - rework environment variable handling to use built in Ansible plugin support (https://github.com/ansible-collections/community.aws/pull/514).
diff --git a/plugins/connection/aws_ssm.py b/plugins/connection/aws_ssm.py
@@ -24,16 +24,22 @@
     description: The STS access key to use when connecting via session-manager.
     vars:
     - name: ansible_aws_ssm_access_key_id
+    env:
+    - name: AWS_ACCESS_KEY_ID
     version_added: 1.3.0
   secret_access_key:
     description: The STS secret key to use when connecting via session-manager.
     vars:
     - name: ansible_aws_ssm_secret_access_key
+    env:
+    - name: AWS_SECRET_ACCESS_KEY
     version_added: 1.3.0
   session_token:
     description: The STS session token to use when connecting via session-manager.
     vars:
     - name: ansible_aws_ssm_session_token
+    env:
+    - name: AWS_SESSION_TOKEN
     version_added: 1.3.0
   instance_id:
     description: The EC2 instance ID.
@@ -43,6 +49,8 @@
     description: The region the EC2 instance is located.
     vars:
     - name: ansible_aws_ssm_region
+    env:
+    - name: AWS_REGION
     default: 'us-east-1'
   bucket_name:
     description: The name of the S3 bucket used for file transfers.
@@ -352,26 +360,25 @@ def _vvvv(self, message):
 
     def _init_clients(self):
         self._vvvv("INITIALIZE BOTO3 CLIENTS")
-        profile_name = self.get_option('profile') or ''
         region_name = self.get_option('region')
 
         # The SSM Boto client, currently used to initiate and manage the session
         # Note: does not handle the actual SSM session traffic
         self._vvvv("SETUP BOTO3 CLIENTS: SSM")
-        ssm_client = self._get_boto_client('ssm', region_name=region_name, profile_name=profile_name)
+        ssm_client = self._get_boto_client('ssm', region_name=region_name)
         self._client = ssm_client
 
         region_name = self.get_option('region') or 'us-east-1'
         self._vvvv("SETUP BOTO3 CLIENTS: S3 (tmp)")
-        tmp_s3_client = self._get_boto_client('s3', region_name=region_name, profile_name=profile_name)
+        tmp_s3_client = self._get_boto_client('s3', region_name=region_name)
         # Fetch the location of the bucket so we can open a client against the 'right' endpoint
         bucket_location = tmp_s3_client.get_bucket_location(
             Bucket=(self.get_option('bucket_name')),
         )
         bucket_region = bucket_location['LocationConstraint']
         # This is the S3 client we'll really be using
         self._vvvv(f"SETUP BOTO3 CLIENTS: S3 - {bucket_region}")
-        s3_bucket_client = self._get_boto_client('s3', region_name=bucket_region, profile_name=profile_name)
+        s3_bucket_client = self._get_boto_client('s3', region_name=bucket_region)
         self._s3_client = s3_bucket_client
 
     def __init__(self, *args, **kwargs):
@@ -706,21 +713,13 @@ def _get_url(self, client_method, bucket_name, out_path, http_method, extra_args
             params.update(extra_args)
         return client.generate_presigned_url(client_method, Params=params, ExpiresIn=3600, HttpMethod=http_method)
 
-    def _get_boto_client(self, service, region_name=None, profile_name=None):
+    def _get_boto_client(self, service, region_name=None):
         ''' Gets a boto3 client based on the STS token '''
 
         aws_access_key_id = self.get_option('access_key_id')
         aws_secret_access_key = self.get_option('secret_access_key')
         aws_session_token = self.get_option('session_token')
-
-        if aws_access_key_id is None:
-            aws_access_key_id = os.environ.get("AWS_ACCESS_KEY_ID", None)
-        if aws_secret_access_key is None:
-            aws_secret_access_key = os.environ.get("AWS_SECRET_ACCESS_KEY", None)
-        if aws_session_token is None:
-            aws_session_token = os.environ.get("AWS_SESSION_TOKEN", None)
-        if not profile_name:
-            profile_name = os.environ.get("AWS_PROFILE", None)
+        aws_profile_name = self.get_option('profile_name')
 
         session_args = dict(
             aws_access_key_id=aws_access_key_id,
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		minor_changes:
		- aws_ssm - rework environment variable handling to use built in Ansible plugin support (https://github.com/ansible-collections/community.aws/pull/514).