Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mass update of docs and tests (credentials/session tokens) #1921

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions changelogs/fragments/botocore_params-cleanup.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
trivial:
- update docs and tests to use canonical parameter names for credentials.
6 changes: 3 additions & 3 deletions plugins/modules/batch_compute_environment.py
Original file line number Diff line number Diff line change
Expand Up @@ -165,15 +165,15 @@
changed: false
invocation:
module_args:
aws_access_key: ~
aws_secret_key: ~
access_key: ~
secret_key: ~
bid_percentage: ~
compute_environment_name: <name>
compute_environment_state: ENABLED
compute_resource_type: EC2
desiredv_cpus: 0
ec2_key_pair: ~
ec2_url: ~
endpoint_url: ~
image_id: ~
instance_role: "arn:aws:iam::..."
instance_types:
Expand Down
5 changes: 2 additions & 3 deletions plugins/modules/cloudformation_exports_info.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,9 @@
"""

EXAMPLES = r"""
# Note: These examples do not set authentication details, see the AWS Guide for details.
- name: Get Exports
community.aws.cloudformation_exports_info:
profile: 'my_aws_profile'
region: 'my_region'
community.aws.cloudformation_exports_info: {}
register: cf_exports
- ansible.builtin.debug:
msg: "{{ cf_exports }}"
Expand Down
3 changes: 1 addition & 2 deletions plugins/modules/ec2_vpc_vpn.py
Original file line number Diff line number Diff line change
Expand Up @@ -143,8 +143,7 @@
"""

EXAMPLES = r"""
# Note: None of these examples set aws_access_key, aws_secret_key, or region.
# It is assumed that their matching environment variables are set.
# Note: These examples do not set authentication details, see the AWS Guide for details.

- name: create a VPN connection with vpn_gateway_id
community.aws.ec2_vpc_vpn:
Expand Down
3 changes: 1 addition & 2 deletions plugins/modules/elasticache.py
Original file line number Diff line number Diff line change
Expand Up @@ -103,8 +103,7 @@
RETURN = r""" # """

EXAMPLES = r"""
# Note: None of these examples set aws_access_key, aws_secret_key, or region.
# It is assumed that their matching environment variables are set.
# Note: These examples do not set authentication details, see the AWS Guide for details.

- name: Basic example
community.aws.elasticache:
Expand Down
5 changes: 2 additions & 3 deletions plugins/modules/elasticache_parameter_group.py
Original file line number Diff line number Diff line change
Expand Up @@ -50,9 +50,8 @@
"""

EXAMPLES = r"""
# Note: None of these examples set aws_access_key, aws_secret_key, or region.
# It is assumed that their matching environment variables are set.
---
# Note: These examples do not set authentication details, see the AWS Guide for details.

- hosts: localhost
connection: local
tasks:
Expand Down
3 changes: 1 addition & 2 deletions plugins/modules/elasticache_snapshot.py
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,7 @@
"""

EXAMPLES = r"""
# Note: None of these examples set aws_access_key, aws_secret_key, or region.
# It is assumed that their matching environment variables are set.
# Note: These examples do not set authentication details, see the AWS Guide for details.

- name: 'Create a snapshot'
community.aws.elasticache_snapshot:
Expand Down
5 changes: 2 additions & 3 deletions plugins/modules/ses_rule_set.py
Original file line number Diff line number Diff line change
Expand Up @@ -50,9 +50,8 @@
"""

EXAMPLES = r"""
# Note: None of these examples set aws_access_key, aws_secret_key, or region.
# It is assumed that their matching environment variables are set.
---
# Note: These examples do not set authentication details, see the AWS Guide for details.

- name: Create default rule set and activate it if not already
community.aws.ses_rule_set:
name: default-rule-set
Expand Down
13 changes: 7 additions & 6 deletions plugins/modules/sts_assume_role.py
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,8 @@
- The value provided by the MFA device, if the trust policy of the role being assumed requires MFA.
type: str
notes:
- In order to use the assumed role in a following playbook task you must pass the access_key, access_secret and access_token.
- In order to use the assumed role in a following playbook task you must pass the I(access_key),
I(secret_key) and I(session_token) parameters to modules that should use the assumed credentials.
extends_documentation_fragment:
- amazon.aws.common.modules
- amazon.aws.region.modules
Expand Down Expand Up @@ -80,19 +81,19 @@
"""

EXAMPLES = r"""
# Note: These examples do not set authentication details, see the AWS Guide for details.

# Assume an existing role (more details: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html)
- community.aws.sts_assume_role:
access_key: AKIA1EXAMPLE1EXAMPLE
secret_key: 123456789abcdefghijklmnopqrstuvwxyzABCDE
role_arn: "arn:aws:iam::123456789012:role/someRole"
role_session_name: "someRoleSession"
register: assumed_role

# Use the assumed role above to tag an instance in account 123456789012
- amazon.aws.ec2_tag:
aws_access_key: "{{ assumed_role.sts_creds.access_key }}"
aws_secret_key: "{{ assumed_role.sts_creds.secret_key }}"
security_token: "{{ assumed_role.sts_creds.session_token }}"
access_key: "{{ assumed_role.sts_creds.access_key }}"
secret_key: "{{ assumed_role.sts_creds.secret_key }}"
session_token: "{{ assumed_role.sts_creds.session_token }}"
resource: i-xyzxyz01
state: present
tags:
Expand Down
15 changes: 9 additions & 6 deletions plugins/modules/sts_session_token.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
---
module: sts_session_token
version_added: 1.0.0
short_description: Obtain a session token from the AWS Security Token Service
short_description: obtain a session token from the AWS Security Token Service
description:
- Obtain a session token from the AWS Security Token Service.
author:
Expand All @@ -29,7 +29,8 @@
- The value provided by the MFA device, if the trust policy of the user requires MFA.
type: str
notes:
- In order to use the session token in a following playbook task you must pass the I(access_key), I(access_secret) and I(access_token).
- In order to use the session token in a following playbook task you must pass the I(access_key),
I(secret_key) and I(session_token) parameters to modules that should use the session credentials.
extends_documentation_fragment:
- amazon.aws.common.modules
- amazon.aws.region.modules
Expand All @@ -42,7 +43,7 @@
returned: always
type: list
sample:
access_key: ASXXXXXXXXXXXXXXXXXX
access_key: ASIAXXXXXXXXXXXXXXXX
expiration: "2016-04-08T11:59:47+00:00"
secret_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
session_token: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Expand All @@ -59,14 +60,16 @@
# (more details: https://docs.aws.amazon.com/STS/latest/APIReference/API_GetSessionToken.html)
- name: Get a session token
community.aws.sts_session_token:
access_key: AKIA1EXAMPLE1EXAMPLE
secret_key: 123456789abcdefghijklmnopqrstuvwxyzABCDE
duration_seconds: 3600
register: session_credentials

- name: Use the session token obtained above to tag an instance in account 123456789012
amazon.aws.ec2_tag:
aws_access_key: "{{ session_credentials.sts_creds.access_key }}"
aws_secret_key: "{{ session_credentials.sts_creds.secret_key }}"
security_token: "{{ session_credentials.sts_creds.session_token }}"
access_key: "{{ session_credentials.sts_creds.access_key }}"
secret_key: "{{ session_credentials.sts_creds.secret_key }}"
session_token: "{{ session_credentials.sts_creds.session_token }}"
resource: i-xyzxyz01
state: present
tags:
Expand Down
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
---
- module_defaults:
group/aws:
aws_access_key: '{{ aws_access_key | default(omit) }}'
aws_secret_key: '{{ aws_secret_key | default(omit) }}'
security_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region | default(omit) }}'
access_key: '{{ aws_access_key }}'
secret_key: '{{ aws_secret_key }}'
session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'

block:
- name: get ARN of calling user
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@
module_defaults:
group/aws:
aws_region: '{{ aws_region }}'
aws_access_key: '{{ aws_access_key }}'
aws_secret_key: '{{ aws_secret_key }}'
security_token: '{{ security_token | default(omit) }}'
access_key: '{{ aws_access_key }}'
secret_key: '{{ aws_secret_key }}'
session_token: '{{ security_token | default(omit) }}'
block:
- name: list certs
aws_acm_info: null
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/acm_certificate/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@
module_defaults:
group/aws:
aws_region: '{{ aws_region }}'
aws_access_key: '{{ aws_access_key }}'
aws_secret_key: '{{ aws_secret_key }}'
security_token: '{{ security_token | default(omit) }}'
access_key: '{{ aws_access_key }}'
secret_key: '{{ aws_secret_key }}'
session_token: '{{ security_token | default(omit) }}'
block:
# The CI runs many of these tests in parallel
# Use this random ID to differentiate which resources
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/api_gateway/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
- name: Wrap API Gateway tests with credentials by default
module_defaults:
group/aws:
aws_access_key: '{{ aws_access_key }}'
aws_secret_key: '{{ aws_secret_key }}'
security_token: '{{ security_token | default(omit) }}'
access_key: '{{ aws_access_key }}'
secret_key: '{{ aws_secret_key }}'
session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'

block:
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/api_gateway_domain/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@
- name: Run aws_api_gateway_domain module integration tests
module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
access_key: "{{ aws_access_key }}"
secret_key: "{{ aws_secret_key }}"
session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"

# NOTE: To make tests work set TLS ARN in defaults/main.yml to an existing and
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@
- name: "Wrap up all tests and setup AWS credentials"
module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
access_key: "{{ aws_access_key }}"
secret_key: "{{ aws_secret_key }}"
session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
collections:
- community.aws
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@
- name: setup credentials and region
module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
access_key: "{{ aws_access_key }}"
secret_key: "{{ aws_secret_key }}"
session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"

collections:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@
ec2_asg_instance_refresh:
name: "{{ asg_name }}"
state: "started"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
access_key: "{{ aws_access_key }}"
secret_key: "{{ aws_secret_key }}"
region: "{{ aws_region }}"
ignore_errors: no
retries: 10
Expand All @@ -23,7 +23,7 @@
ec2_asg_instance_refresh:
name: "{{ asg_name }}"
state: "cancelled"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
access_key: "{{ aws_access_key }}"
secret_key: "{{ aws_secret_key }}"
region: "{{ aws_region }}"
ignore_errors: yes
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
- name: run ec2_lc tests
module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
access_key: "{{ aws_access_key }}"
secret_key: "{{ aws_secret_key }}"
session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
collections:
- amazon.aws
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/autoscaling_lifecycle_hook/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,9 @@
tasks:
- module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
access_key: "{{ aws_access_key }}"
secret_key: "{{ aws_secret_key }}"
session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
vars:
# We can't just use "run_once" because the facts don't propagate when
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@
- name: "Wrap up all tests and setup AWS credentials"
module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
access_key: "{{ aws_access_key }}"
secret_key: "{{ aws_secret_key }}"
session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
aws_config:
retries:
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/targets/autoscaling_policy/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@
- module_defaults:
group/aws:
region: "{{ aws_region }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
access_key: "{{ aws_access_key }}"
secret_key: "{{ aws_secret_key }}"
session_token: "{{ security_token | default(omit) }}"
collections:
- amazon.aws
block:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@
- community.aws
module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
access_key: "{{ aws_access_key }}"
secret_key: "{{ aws_secret_key }}"
session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
block:
## Set up the testing dependencies: VPC, subnet, security group, and launch configuration
Expand Down
8 changes: 4 additions & 4 deletions tests/integration/targets/aws_region_info/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
---
- module_defaults:
group/aws:
aws_access_key: '{{ aws_access_key | default(omit) }}'
aws_secret_key: '{{ aws_secret_key | default(omit) }}'
security_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region | default(omit) }}'
access_key: '{{ aws_access_key }}'
secret_key: '{{ aws_secret_key }}'
session_token: '{{ security_token | default(omit) }}'
region: '{{ aws_region }}'

block:
- name: 'List available Regions'
Expand Down
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
- name: set connection information for aws modules and run tasks
module_defaults:
group/aws:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token | default(omit) }}"
access_key: "{{ aws_access_key }}"
secret_key: "{{ aws_secret_key }}"
session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
collections:
- amazon.aws
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,14 @@
- name: set up aws connection info
set_fact:
aws_connection_info: &aws_connection_info
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token }}"
access_key: "{{ aws_access_key }}"
secret_key: "{{ aws_secret_key }}"
session_token: "{{ security_token | default(omit) }}"
region: "{{ aws_region }}"
aws_secondary_connection_info: &aws_secondary_connection_info
aws_access_key: "{{ secondary_aws_access_key }}"
aws_secret_key: "{{ secondary_aws_secret_key }}"
security_token: "{{ secondary_security_token }}"
access_key: "{{ secondary_aws_access_key }}"
secret_key: "{{ secondary_aws_secret_key }}"
session_token: "{{ secondary_security_token | default(omit) }}"
region: "{{ aws_region }}"
no_log: true

Expand Down
Loading