aws_ec2 does not fallback to env var when boto_profile is not found

[DeLoWaN]

SUMMARY

I wanted to setup AWX with my project. In my aws_ec2 inventory plugin, I specified a boto_profile var since I have multiple ones configured locally.

Problem is, AWX does not provide a way to specify what boto profile to feed. Instead, it feeds only the env var:

AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_SECURITY_TOKEN

Consequently, the plugin crashes since it does not use the provided env var but wants to read the boto profile.

Honestly I don't know which product has to change its behaviour:

• Does aws_ec2 must use the env vars provided even if the boto profile is not found (it was the behaviour of the deprecated ec2.py, when I used it, I got no errors) ?
• Does AWX has to figure out how to provide the boto profile (adding a AWS_PROFILE env var) ?

ISSUE TYPE

• Bug Report

COMPONENT NAME

aws_ec2

ANSIBLE VERSION

ansible 2.9.11

I also tested with last version of amazon.aws collection

CONFIGURATION

ALLOW_WORLD_READABLE_TMPFILES(/home/damien/git/ansible/ansible.cfg) = True
ANSIBLE_PIPELINING(/home/damien/git/ansible/ansible.cfg) = True
ANSIBLE_SSH_ARGS(/home/damien/git/ansible/ansible.cfg) = -o ControlMaster=auto -o ControlPersist=1800s
ANSIBLE_SSH_RETRIES(/home/damien/git/ansible/ansible.cfg) = 2
CACHE_PLUGIN(/home/damien/git/ansible/ansible.cfg) = jsonfile
CACHE_PLUGIN_CONNECTION(/home/damien/git/ansible/ansible.cfg) = /tmp/facts_cache
CACHE_PLUGIN_TIMEOUT(/home/damien/git/ansible/ansible.cfg) = 86400
DEFAULT_BECOME(/home/damien/git/ansible/ansible.cfg) = True
DEFAULT_BECOME_ASK_PASS(/home/damien/git/ansible/ansible.cfg) = False
DEFAULT_BECOME_METHOD(/home/damien/git/ansible/ansible.cfg) = sudo
DEFAULT_BECOME_USER(/home/damien/git/ansible/ansible.cfg) = root
DEFAULT_CALLBACK_WHITELIST(/home/damien/git/ansible/ansible.cfg) = ['profile_tasks']
DEFAULT_FORKS(/home/damien/git/ansible/ansible.cfg) = 500
DEFAULT_GATHERING(/home/damien/git/ansible/ansible.cfg) = smart
DEFAULT_HOST_LIST(/home/damien/git/ansible/ansible.cfg) = ['/home/damien/git/ansible/inventory']
DEFAULT_LOG_PATH(/home/damien/git/ansible/ansible.cfg) = /var/log/ansible.log
DEFAULT_REMOTE_USER(/home/damien/git/ansible/ansible.cfg) = admin
DEFAULT_ROLES_PATH(/home/damien/git/ansible/ansible.cfg) = ['/home/damien/git/ansible/roles']
DEFAULT_STDOUT_CALLBACK(/home/damien/git/ansible/ansible.cfg) = debug
DEFAULT_VAULT_IDENTITY_LIST(env: ANSIBLE_VAULT_IDENTITY_LIST) = ['@/home/damien/.ansible/default_vault_password', 'standalone@/home/damien/.ansible/standalone_vault_passwHOST_KEY_CHECKING(/home/damien/git/ansible/ansible.cfg) = False
INTERPRETER_PYTHON(/home/damien/git/ansible/ansible.cfg) = auto_silent
RETRY_FILES_ENABLED(/home/damien/git/ansible/ansible.cfg) = False

OS / ENVIRONMENT

python3 / debian buster

STEPS TO REPRODUCE

EXPECTED RESULTS

aws_ec2 can use the credentials env var even if the boto profile is missing

ACTUAL RESULTS

The inventory can't be parsed

    2.372 ERROR    [WARNING]:  * Failed to parse
    2.372 ERROR    /tmp/awx_347_pau03o08/project/inventory/aws_ec2.yml with auto plugin:
    2.372 ERROR    Insufficient credentials found: The config profile (ansible-inventory) could
    2.372 ERROR    not be found

[tremble]

This behaviour has been changed by #99 and the behaviour you're after should be available in Ansible 2.10.

At this point in time I do not plan on requesting a backport of the change.

[tremble]

Actually, sorry I just realised this is the inventory plugin, not the module.

[DeLoWaN]

For the record, I also tested with last version of amazon.aws collection (not only the verion bundled with ansible 2.9).

[goneri]

Hi @Akasurde, it sounds like we should just open an AWX feature request and close this one. What do you think?

[gravesm]

@DeLoWaN to confirm, does the bug only happen when you are in AWX? If so, could you please refile the issue under AWX?

[DeLoWaN]

@DeLoWaN to confirm, does the bug only happen when you are in AWX? If so, could you please refile the issue under AWX?

Yes it does. I created one as required.

[goneri]

Merci @DeLoWaN,

You can already configure the profile with the boto_profile key. The documentation also explain how to retrieve the value of an environment variable. The inventory plugin works as expected, this is the reason why I close the issue.