Mass update of docs and tests (credentials/session tokens) (ansible-c…

…ollections#1921) Mass update of docs and tests (credentials/session tokens) SUMMARY We had a cleanup of credentials/session parameters which included a batch of deprecations and renames. Ensure that all of our tests and docs are using the 'canonical' names ISSUE TYPE Docs Pull Request COMPONENT NAME plugins/modules/batch_compute_environment.py plugins/modules/cloudformation_exports_info.py plugins/modules/ec2_vpc_vpn.py plugins/modules/elasticache.py plugins/modules/elasticache_parameter_group.py plugins/modules/elasticache_snapshot.py plugins/modules/ses_rule_set.py plugins/modules/sts_assume_role.py plugins/modules/sts_session_token.py tests/integration ADDITIONAL INFORMATION See also ansible-collections/amazon.aws#1172 ansible-collections/amazon.aws#1714 Reviewed-by: Alina Buzachis This commit was initially merged in https://github.com/ansible-collections/community.aws See: ansible-collections@4a5b50e
abikouo · Oct 6, 2023 · 811357d · 811357d
1 parent 663d538
commit 811357d
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 18 deletions.
diff --git a/plugins/modules/sts_assume_role.py b/plugins/modules/sts_assume_role.py
@@ -49,7 +49,8 @@
       - The value provided by the MFA device, if the trust policy of the role being assumed requires MFA.
     type: str
 notes:
-  - In order to use the assumed role in a following playbook task you must pass the access_key, access_secret and access_token.
+  - In order to use the assumed role in a following playbook task you must pass the I(access_key),
+    I(secret_key) and I(session_token) parameters to modules that should use the assumed credentials.
 extends_documentation_fragment:
   - amazon.aws.common.modules
   - amazon.aws.region.modules
@@ -80,19 +81,19 @@
 """
 
 EXAMPLES = r"""
-# Note: These examples do not set authentication details, see the AWS Guide for details.
-
 # Assume an existing role (more details: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html)
 - community.aws.sts_assume_role:
+    access_key: AKIA1EXAMPLE1EXAMPLE
+    secret_key: 123456789abcdefghijklmnopqrstuvwxyzABCDE
     role_arn: "arn:aws:iam::123456789012:role/someRole"
     role_session_name: "someRoleSession"
   register: assumed_role
 
 # Use the assumed role above to tag an instance in account 123456789012
 - amazon.aws.ec2_tag:
-    aws_access_key: "{{ assumed_role.sts_creds.access_key }}"
-    aws_secret_key: "{{ assumed_role.sts_creds.secret_key }}"
-    security_token: "{{ assumed_role.sts_creds.session_token }}"
+    access_key: "{{ assumed_role.sts_creds.access_key }}"
+    secret_key: "{{ assumed_role.sts_creds.secret_key }}"
+    session_token: "{{ assumed_role.sts_creds.session_token }}"
     resource: i-xyzxyz01
     state: present
     tags:

diff --git a/tests/integration/targets/sts_assume_role/tasks/main.yml b/tests/integration/targets/sts_assume_role/tasks/main.yml
@@ -4,9 +4,9 @@
 - module_defaults:
     group/aws:
         region: "{{ aws_region }}"
-        aws_access_key: "{{ aws_access_key }}"
-        aws_secret_key: "{{ aws_secret_key }}"
-        security_token: "{{ security_token | default(omit) }}"
+        access_key: "{{ aws_access_key }}"
+        secret_key: "{{ aws_secret_key }}"
+        session_token: "{{ security_token | default(omit) }}"
   collections:
     - amazon.aws
   block:
@@ -39,9 +39,9 @@
     # ============================================================
     - name: test with no parameters
       sts_assume_role:
-        aws_access_key: '{{ omit }}'
-        aws_secret_key: '{{ omit }}'
-        security_token: '{{ omit }}'
+        access_key: '{{ omit }}'
+        secret_key: '{{ omit }}'
+        session_token: '{{ omit }}'
       register: result
       ignore_errors: true
 
@@ -248,9 +248,9 @@
     # ============================================================
     - name: test that assumed credentials have IAM read-only access
       iam_role:
-        aws_access_key: "{{ assumed_role.sts_creds.access_key }}"
-        aws_secret_key: "{{ assumed_role.sts_creds.secret_key }}"
-        security_token: "{{ assumed_role.sts_creds.session_token }}"
+        access_key: "{{ assumed_role.sts_creds.access_key }}"
+        secret_key: "{{ assumed_role.sts_creds.secret_key }}"
+        session_token: "{{ assumed_role.sts_creds.session_token }}"
         name: "{{ iam_role_name }}"
         assume_role_policy_document: "{{ lookup('template','policy.json.j2') }}"
         create_instance_profile: False
@@ -267,9 +267,9 @@
     # ============================================================
     - name: test assumed role with unprivileged action
       iam_role:
-        aws_access_key: "{{ assumed_role.sts_creds.access_key }}"
-        aws_secret_key: "{{ assumed_role.sts_creds.secret_key }}"
-        security_token: "{{ assumed_role.sts_creds.session_token }}"
+        access_key: "{{ assumed_role.sts_creds.access_key }}"
+        secret_key: "{{ assumed_role.sts_creds.secret_key }}"
+        session_token: "{{ assumed_role.sts_creds.session_token }}"
         name: "{{ iam_role_name }}-new"
         assume_role_policy_document: "{{ lookup('template','policy.json.j2') }}"
         state: present