Skip to content

Commit

Permalink
Fix passing an instance profile arn to ec2_launch_template (ansible-c…
Browse files Browse the repository at this point in the history
…ollections#371)

* Fix passing an instance profile arn to ec2_launch_template

If the string given on the iam_instance_profile looked like an arn, the
wrong structure format was being returned. boto3 expects a dict of the
format { arn: "{{ arn }}" } but the string was returned instead.

This fixes this error:
Couldn't create subsequent launch template version: Parameter validation failed:
Invalid type for parameter LaunchTemplateData.IamInstanceProfile, value: arn:aws:iam::[...]:instance-profile/[...], type: <class 'str'>, valid types: <class 'dict'>


* integration test
* changelog
Co-authored-by: Mark Chappell <[email protected]>
  • Loading branch information
kepstin authored Apr 8, 2021
1 parent fc8f7bc commit 905be1e
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 1 deletion.
2 changes: 2 additions & 0 deletions changelogs/fragments/371-ec2_launch_template-profile-arn.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
bugfixes:
- ec2_launch_template - fixes parameter validation failure when passing a instance profile ARN instead of just the role name (https://github.com/ansible-collections/community.aws/pull/371).
2 changes: 1 addition & 1 deletion plugins/modules/ec2_launch_template.py
Original file line number Diff line number Diff line change
Expand Up @@ -411,7 +411,7 @@

def determine_iam_role(module, name_or_arn):
if re.match(r'^arn:aws:iam::\d+:instance-profile/[\w+=/,.@-]+$', name_or_arn):
return name_or_arn
return {'arn': name_or_arn}
iam = module.client('iam', retry_decorator=AWSRetry.jittered_backoff())
try:
role = iam.get_instance_profile(InstanceProfileName=name_or_arn, aws_retry=True)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,36 @@
- 'template_with_updated_role is not changed'
- 'template_with_updated_role.default_template.launch_template_data.iam_instance_profile.arn == iam_role_2.arn.replace(":role/", ":instance-profile/")'

- name: Update instance with original instance_role (pass profile ARN)
ec2_launch_template:
name: "{{ resource_prefix }}-test-instance-role"
image_id: "{{ ec2_ami_image }}"
instance_type: t2.micro
# By default an instance profile will be created with the same name as the role
iam_instance_profile: '{{ iam_role.arn.replace(":role/", ":instance-profile/") }}'
register: template_with_updated_role

- assert:
that:
- 'template_with_updated_role.default_template.launch_template_data.iam_instance_profile.arn == iam_role.arn.replace(":role/", ":instance-profile/")'
- 'template_with_updated_role.default_template.launch_template_data.iam_instance_profile.arn == iam_role.arn.replace(":role/", ":instance-profile/")'
- 'template_with_role.default_template.version_number < template_with_updated_role.default_template.version_number'
- 'template_with_updated_role is changed'
- 'template_with_updated_role is not failed'

- name: Re-set with same new instance_role (pass profile ARN)
ec2_launch_template:
name: "{{ resource_prefix }}-test-instance-role"
image_id: "{{ ec2_ami_image }}"
instance_type: t2.micro
iam_instance_profile: '{{ iam_role.arn.replace(":role/", ":instance-profile/") }}'
register: template_with_updated_role

- assert:
that:
- 'template_with_updated_role is not changed'
- 'template_with_updated_role.default_template.launch_template_data.iam_instance_profile.arn == iam_role.arn.replace(":role/", ":instance-profile/")'

always:
- name: delete launch template
ec2_launch_template:
Expand Down

0 comments on commit 905be1e

Please sign in to comment.