Skip to content

Instantly share code, notes, and snippets.

@romanrev
Last active March 21, 2017 09:09
Show Gist options
  • Save romanrev/8bacbad568ced64754de7f9ca8f6df16 to your computer and use it in GitHub Desktop.
Save romanrev/8bacbad568ced64754de7f9ca8f6df16 to your computer and use it in GitHub Desktop.
Ansible 1.9.6 STS assume role backport patch - PR #2421 and #3347 - use connect_to_aws everywhere possible
diff --git ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/cloudformation.py ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/cloudformation.py
index 1da173e..3fe8136 100644
--- ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/cloudformation.py
+++ ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/cloudformation.py
@@ -75,20 +75,6 @@ options:
default: null
aliases: []
version_added: "1.4"
- aws_secret_key:
- description:
- - AWS secret key. If not set then the value of the AWS_SECRET_KEY environment variable is used.
- required: false
- default: null
- aliases: [ 'ec2_secret_key', 'secret_key' ]
- version_added: "1.5"
- aws_access_key:
- description:
- - AWS access key. If not set then the value of the AWS_ACCESS_KEY environment variable is used.
- required: false
- default: null
- aliases: [ 'ec2_access_key', 'access_key' ]
- version_added: "1.5"
region:
description:
- The AWS region to use. If not specified then the value of the EC2_REGION environment variable, if any, is used.
@@ -189,7 +175,6 @@ def stack_operation(cfn, stack_name, operation):
time.sleep(5)
return result
-
def main():
argument_spec = ec2_argument_spec()
argument_spec.update(dict(
@@ -220,7 +205,7 @@ def main():
template_parameters = module.params['template_parameters']
tags = module.params['tags']
- ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module)
+ region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module)
kwargs = dict()
if tags is not None:
@@ -234,11 +219,7 @@ def main():
stack_outputs = {}
try:
- cfn = boto.cloudformation.connect_to_region(
- region,
- aws_access_key_id=aws_access_key,
- aws_secret_access_key=aws_secret_key,
- )
+ cfn = connect_to_aws(boto.cloudformation, region, **aws_connect_kwargs)
except boto.exception.NoAuthHandlerFound, e:
module.fail_json(msg=str(e))
update = False
diff --git ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/ec2.py ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/ec2.py
index 8549d97..cdacda0 100755
--- ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/ec2.py
+++ ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/ec2.py
@@ -1208,15 +1208,11 @@ def main():
ec2 = ec2_connect(module)
- ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module)
+ region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module)
if region:
try:
- vpc = boto.vpc.connect_to_region(
- region,
- aws_access_key_id=aws_access_key,
- aws_secret_access_key=aws_secret_key
- )
+ vpc = connect_to_aws(boto.vpc, region, **aws_connect_kwargs)
except boto.exception.NoAuthHandlerFound, e:
module.fail_json(msg = str(e))
else:
diff --git ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/ec2_vpc.py ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/ec2_vpc.py
index af11a96..55755a6 100644
--- ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/ec2_vpc.py
+++ ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/ec2_vpc.py
@@ -100,18 +100,6 @@ options:
required: false
default: null
aliases: ['aws_region', 'ec2_region']
- aws_secret_key:
- description:
- - AWS secret key. If not set then the value of the AWS_SECRET_KEY environment variable is used.
- required: false
- default: None
- aliases: ['ec2_secret_key', 'secret_key' ]
- aws_access_key:
- description:
- - AWS access key. If not set then the value of the AWS_ACCESS_KEY environment variable is used.
- required: false
- default: None
- aliases: ['ec2_access_key', 'access_key' ]
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
@@ -126,8 +114,6 @@ author: Carson Gee
'''
EXAMPLES = '''
-# Note: None of these examples set aws_access_key, aws_secret_key, or region.
-# It is assumed that their matching environment variables are set.
# Basic creation example:
ec2_vpc:
@@ -600,16 +586,12 @@ def main():
state = module.params.get('state')
- ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module)
+ region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module)
# If we have a region specified, connect to its endpoint.
if region:
try:
- vpc_conn = boto.vpc.connect_to_region(
- region,
- aws_access_key_id=aws_access_key,
- aws_secret_access_key=aws_secret_key
- )
+ vpc_conn = connect_to_aws(boto.vpc, region, **aws_connect_kwargs)
except boto.exception.NoAuthHandlerFound, e:
module.fail_json(msg = str(e))
else:
diff --git ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/rds_param_group.py ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/rds_param_group.py
index 6c08a10..558ba9a 100644
--- ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/rds_param_group.py
+++ ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/rds_param_group.py
@@ -67,18 +67,6 @@ options:
required: true
default: null
aliases: [ 'aws_region', 'ec2_region' ]
- aws_access_key:
- description:
- - AWS access key. If not set then the value of the AWS_ACCESS_KEY environment variable is used.
- required: false
- default: null
- aliases: [ 'ec2_access_key', 'access_key' ]
- aws_secret_key:
- description:
- - AWS secret key. If not set then the value of the AWS_SECRET_KEY environment variable is used.
- required: false
- default: null
- aliases: [ 'ec2_secret_key', 'secret_key' ]
requirements: [ "boto" ]
author: Scott Anderson
'''
@@ -249,13 +237,13 @@ def main():
module.fail_json(msg = str("Parameter %s not allowed for state='absent'" % not_allowed))
# Retrieve any AWS settings from the environment.
- ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module)
+ region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module)
if not region:
module.fail_json(msg = str("region not specified and unable to determine region from EC2_REGION."))
try:
- conn = boto.rds.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key)
+ conn = connect_to_aws(boto.rds, region, **aws_connect_kwargs)
except boto.exception.BotoServerError, e:
module.fail_json(msg = e.error_message)
diff --git ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/rds_subnet_group.py ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/rds_subnet_group.py
index 9731154..cbef46a 100644
--- ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/rds_subnet_group.py
+++ ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/rds_subnet_group.py
@@ -53,18 +53,6 @@ options:
required: true
default: null
aliases: [ 'aws_region', 'ec2_region' ]
- aws_access_key:
- description:
- - AWS access key. If not set then the value of the AWS_ACCESS_KEY environment variable is used.
- required: false
- default: null
- aliases: [ 'ec2_access_key', 'access_key' ]
- aws_secret_key:
- description:
- - AWS secret key. If not set then the value of the AWS_SECRET_KEY environment variable is used.
- required: false
- default: null
- aliases: [ 'ec2_secret_key', 'secret_key' ]
requirements: [ "boto" ]
author: Scott Anderson
'''
@@ -121,13 +109,13 @@ def main():
module.fail_json(msg = str("Parameter %s not allowed for state='absent'" % not_allowed))
# Retrieve any AWS settings from the environment.
- ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module)
+ region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module)
if not region:
module.fail_json(msg = str("region not specified and unable to determine region from EC2_REGION."))
try:
- conn = boto.rds.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key)
+ conn = connect_to_aws(boto.rds, region, **aws_connect_kwargs)
except boto.exception.BotoServerError, e:
module.fail_json(msg = e.error_message)
diff --git ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/route53.py ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/route53.py
index 78801b0..019caeb 100644
--- ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/route53.py
+++ ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/route53.py
@@ -177,6 +177,7 @@ try:
import boto
from boto import route53
from boto.route53.record import ResourceRecordSets
+ from boto.route53 import Route53Connection
except ImportError:
print "failed=True msg='boto required for this module'"
sys.exit(1)
@@ -224,7 +225,7 @@ def main():
retry_interval_in = module.params.get('retry_interval')
private_zone_in = module.params.get('private_zone')
- ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module)
+ region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module)
value_list = ()
@@ -251,7 +252,7 @@ def main():
# connect to the route53 endpoint
try:
- conn = boto.route53.connection.Route53Connection(aws_access_key, aws_secret_key)
+ conn = Route53Connection(**aws_connect_kwargs)
except boto.exception.BotoServerError, e:
module.fail_json(msg = e.error_message)
diff --git ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/s3.py ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/s3.py
index 2b00e92..7813b57 100644
--- ansible-1.9.6.orig/lib/ansible/modules/core/cloud/amazon/s3.py
+++ ansible-1.9.6/lib/ansible/modules/core/cloud/amazon/s3.py
@@ -71,18 +71,6 @@ options:
- "S3 URL endpoint for usage with Eucalypus, fakes3, etc. Otherwise assumes AWS"
default: null
aliases: [ S3_URL ]
- aws_secret_key:
- description:
- - AWS secret key. If not set then the value of the AWS_SECRET_KEY environment variable is used.
- required: false
- default: null
- aliases: ['ec2_secret_key', 'secret_key']
- aws_access_key:
- description:
- - AWS access key. If not set then the value of the AWS_ACCESS_KEY environment variable is used.
- required: false
- default: null
- aliases: [ 'ec2_access_key', 'access_key' ]
metadata:
description:
- Metadata for PUT operation, as a dictionary of 'key=value' and 'key=value,key=value'.
@@ -125,11 +113,11 @@ import os
import urlparse
import hashlib
-from boto.s3.connection import OrdinaryCallingFormat
-
try:
import boto
from boto.s3.connection import Location
+ from boto.s3.connection import OrdinaryCallingFormat
+ from boto.s3.connection import S3Connection
except ImportError:
print "failed=True msg='boto required for this module'"
sys.exit(1)
@@ -301,7 +289,7 @@ def main():
overwrite = module.params.get('overwrite')
metadata = module.params.get('metadata')
- ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module)
+ region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module)
if region in ('us-east-1', '', None):
# S3ism for the US Standard region
@@ -318,26 +306,31 @@ def main():
if not s3_url and 'S3_URL' in os.environ:
s3_url = os.environ['S3_URL']
+ if '.' in bucket:
+ aws_connect_kwargs['calling_format'] = OrdinaryCallingFormat()
+
# Look at s3_url and tweak connection settings
# if connecting to Walrus or fakes3
try:
if is_fakes3(s3_url):
fakes3 = urlparse.urlparse(s3_url)
- s3 = boto.connect_s3(
- aws_access_key,
- aws_secret_key,
- is_secure=False,
+ s3 = S3Connection(
+ is_secure=fakes3.scheme == 'fakes3s',
host=fakes3.hostname,
port=fakes3.port,
- calling_format=OrdinaryCallingFormat())
+ calling_format=OrdinaryCallingFormat(),
+ **aws_connect_kwargs
+ )
elif is_walrus(s3_url):
walrus = urlparse.urlparse(s3_url).hostname
- s3 = boto.connect_walrus(walrus, aws_access_key, aws_secret_key)
+ s3 = boto.connect_walrus(walrus, **aws_connect_kwargs)
else:
- s3 = boto.s3.connect_to_region(location, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key, is_secure=True, calling_format=OrdinaryCallingFormat())
+ aws_connect_kwargs['is_secure'] = True
+ try:
+ s3 = connect_to_aws(boto.s3, location, **aws_connect_kwargs)
+ except AnsibleAWSError:
# use this as fallback because connect_to_region seems to fail in boto + non 'classic' aws accounts in some cases
- if s3 is None:
- s3 = boto.connect_s3(aws_access_key, aws_secret_key)
+ s3 = boto.connect_s3(**aws_connect_kwargs)
except boto.exception.NoAuthHandlerFound, e:
module.fail_json(msg='No Authentication Handler found: %s ' % str(e))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment