Skip to content

Commit

Permalink
Move aws connection default/env handling to option parsing (#514) (#1683
Browse files Browse the repository at this point in the history
)

[PR #514/94d12952 backport][stable-5] aws_ssm connection - Move connection vars environment handling into options

This is a backport of PR #514 as merged into main (94d1295).
SUMMARY
This fix moves a number of connection related variables to the options parsing step instead of inline. This has the added effect of documenting their existence and making overriding them more consistent with Ansible's UX.
Fixes #343
ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME
aws_ssm
ADDITIONAL INFORMATION


There were a couple of other minor changes related to logging and silencing curl's progress info outside of the connection vars themselves. I'm happy to pull them out if desired and submit them as a separate PR.
I added fallback on hostnames lookup to match SSH's host handling since that's the defacto connection plugin. This incidentally fixes the way delegation is reported (it didn't show the -> delegated host bit in the logs).
Of note, the ec2.py module sets the instance_id and placement on instances it detects so I added it as first-class fallback for instance_id and region parameters respectively. The get_options parser doesn't handle nested variable lookups, so I had to modify the lookup slightly.

Reviewed-by: Mark Chappell <None>
  • Loading branch information
patchback[bot] authored Jan 31, 2023
1 parent 7bee51c commit bf7de35
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 9 deletions.
2 changes: 2 additions & 0 deletions changelogs/fragments/514-aws_ssm-env_vars.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
minor_changes:
- aws_ssm - rework environment variable handling to use built in Ansible plugin support (https://github.com/ansible-collections/community.aws/pull/514).
20 changes: 11 additions & 9 deletions plugins/connection/aws_ssm.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,16 +24,22 @@
description: The STS access key to use when connecting via session-manager.
vars:
- name: ansible_aws_ssm_access_key_id
env:
- name: AWS_ACCESS_KEY_ID
version_added: 1.3.0
secret_access_key:
description: The STS secret key to use when connecting via session-manager.
vars:
- name: ansible_aws_ssm_secret_access_key
env:
- name: AWS_SECRET_ACCESS_KEY
version_added: 1.3.0
session_token:
description: The STS session token to use when connecting via session-manager.
vars:
- name: ansible_aws_ssm_session_token
env:
- name: AWS_SESSION_TOKEN
version_added: 1.3.0
instance_id:
description: The EC2 instance ID.
Expand All @@ -43,6 +49,9 @@
description: The region the EC2 instance is located.
vars:
- name: ansible_aws_ssm_region
env:
- name: AWS_REGION
- name: AWS_DEFAULT_REGION
default: 'us-east-1'
bucket_name:
description: The name of the S3 bucket used for file transfers.
Expand All @@ -62,6 +71,8 @@
description: Sets AWS profile to use.
vars:
- name: ansible_aws_ssm_profile
env:
- name: AWS_PROFILE
version_added: 1.5.0
reconnection_retries:
description: Number of attempts to connect.
Expand Down Expand Up @@ -747,15 +758,6 @@ def _get_boto_client(self, service, region_name=None, profile_name=None, endpoin
aws_secret_access_key = self.get_option('secret_access_key')
aws_session_token = self.get_option('session_token')

if aws_access_key_id is None:
aws_access_key_id = os.environ.get("AWS_ACCESS_KEY_ID", None)
if aws_secret_access_key is None:
aws_secret_access_key = os.environ.get("AWS_SECRET_ACCESS_KEY", None)
if aws_session_token is None:
aws_session_token = os.environ.get("AWS_SESSION_TOKEN", None)
if not profile_name:
profile_name = os.environ.get("AWS_PROFILE", None)

session_args = dict(
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
Expand Down

0 comments on commit bf7de35

Please sign in to comment.