-
Notifications
You must be signed in to change notification settings - Fork 336
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Passing both a profile and access tokens is not supported #1353
Comments
Files identified in the description: If these files are inaccurate, please update the |
Thanks for taking the time to open this issue. The triggering PR was #1224. However, support for passing both profile and credentials was deprecated in release 1.2.0 (back in 2020), and officially "removed" in release 5.0.0. This includes passing them through both environment variables and parameters. Unfortunately, due to some messy logic paths in the original code it looks like when removing support we only partially dropped support. With #1224 the logic was simplified and the change exposed the dropped support that you've now encountered. Since this breaking change appeared in a non-major release I'm going to revert it for the remainder of the 5.x release cycle. However, please note that this behaviour will return in release 6.0.0. |
One way to avoid modules using the values from the environment variables is by explicitly setting
You may also be interested in using module_defaults:
|
Thanks @tremble |
fixes #1353 SUMMARY #1224 exposed that the removal of support for passing both profiles and security tokens was only partially implemented in release 5.0.0 (#834) Since we had already announced that support would be dropped for passing both (back in 2020 with release 1.2.0), I think it's reasonable to still fully drop support in 6.0.0. The documentation was originally very fuzzy about when we'd fallback and use which variables. ISSUE TYPE - Bugfix Pull Request COMPONENT NAME plugins/module_utils/botocore.py plugins/module_utils/modules.py ADDITIONAL INFORMATION
…ns#1353) feat(module/vpc-cagw): Add Carrier Gateway modules SUMMARY New modules to manage VPC Carrear Gateways. ISSUE TYPE New Module Pull Request COMPONENT NAME modules (new): ec2_carrier_gateway ec2_carrier_gateway_info ADDITIONAL INFORMATION $ ansible localhost -m ec2_vpc_cagw_info localhost | SUCCESS => { "carrier_gateways": [ { "carrier_gateway_id": "cagw-037df45cae5362d59", "tags": { "Name": "test1-54dsl-vpc-cagw" }, "vpc_id": "vpc-069cabb60c7e7fc6d" } ], "changed": false } $ ansible localhost -m ec2_carrier_gateway -a "state=absent vpc_id=vpc-069cabb60c7e7fc6d carrier_gateway_id=cagw-037df45cae5362d59" localhost | CHANGED => { "changed": true } $ ansible localhost -m ec2_carrier_gateway_info localhost | SUCCESS => { "carrier_gateways": [], "changed": false } $ ansible localhost -m ec2_carrier_gateway-a "vpc_id=vpc-069cabb60c7e7fc6d" localhost | CHANGED => { "carrier_gateway_id": "cagw-095f998ebdcb5ef86", "changed": true, "tags": {}, "vpc_id": "vpc-069cabb60c7e7fc6d" } $ ansible localhost -m ec2_carrier_gateway_info localhost | SUCCESS => { "carrier_gateways": [ { "carrier_gateway_id": "cagw-095f998ebdcb5ef86", "tags": {}, "vpc_id": "vpc-069cabb60c7e7fc6d" } ], "changed": false } Reviewed-by: Mark Chappell Reviewed-by: Marco Braga Reviewed-by: Markus Bergholz <[email protected]>
…ns#1353) feat(module/vpc-cagw): Add Carrier Gateway modules SUMMARY New modules to manage VPC Carrear Gateways. ISSUE TYPE New Module Pull Request COMPONENT NAME modules (new): ec2_carrier_gateway ec2_carrier_gateway_info ADDITIONAL INFORMATION $ ansible localhost -m ec2_vpc_cagw_info localhost | SUCCESS => { "carrier_gateways": [ { "carrier_gateway_id": "cagw-037df45cae5362d59", "tags": { "Name": "test1-54dsl-vpc-cagw" }, "vpc_id": "vpc-069cabb60c7e7fc6d" } ], "changed": false } $ ansible localhost -m ec2_carrier_gateway -a "state=absent vpc_id=vpc-069cabb60c7e7fc6d carrier_gateway_id=cagw-037df45cae5362d59" localhost | CHANGED => { "changed": true } $ ansible localhost -m ec2_carrier_gateway_info localhost | SUCCESS => { "carrier_gateways": [], "changed": false } $ ansible localhost -m ec2_carrier_gateway-a "vpc_id=vpc-069cabb60c7e7fc6d" localhost | CHANGED => { "carrier_gateway_id": "cagw-095f998ebdcb5ef86", "changed": true, "tags": {}, "vpc_id": "vpc-069cabb60c7e7fc6d" } $ ansible localhost -m ec2_carrier_gateway_info localhost | SUCCESS => { "carrier_gateways": [ { "carrier_gateway_id": "cagw-095f998ebdcb5ef86", "tags": {}, "vpc_id": "vpc-069cabb60c7e7fc6d" } ], "changed": false } Reviewed-by: Mark Chappell Reviewed-by: Marco Braga Reviewed-by: Markus Bergholz <[email protected]>
…ns#1353) feat(module/vpc-cagw): Add Carrier Gateway modules SUMMARY New modules to manage VPC Carrear Gateways. ISSUE TYPE New Module Pull Request COMPONENT NAME modules (new): ec2_carrier_gateway ec2_carrier_gateway_info ADDITIONAL INFORMATION $ ansible localhost -m ec2_vpc_cagw_info localhost | SUCCESS => { "carrier_gateways": [ { "carrier_gateway_id": "cagw-037df45cae5362d59", "tags": { "Name": "test1-54dsl-vpc-cagw" }, "vpc_id": "vpc-069cabb60c7e7fc6d" } ], "changed": false } $ ansible localhost -m ec2_carrier_gateway -a "state=absent vpc_id=vpc-069cabb60c7e7fc6d carrier_gateway_id=cagw-037df45cae5362d59" localhost | CHANGED => { "changed": true } $ ansible localhost -m ec2_carrier_gateway_info localhost | SUCCESS => { "carrier_gateways": [], "changed": false } $ ansible localhost -m ec2_carrier_gateway-a "vpc_id=vpc-069cabb60c7e7fc6d" localhost | CHANGED => { "carrier_gateway_id": "cagw-095f998ebdcb5ef86", "changed": true, "tags": {}, "vpc_id": "vpc-069cabb60c7e7fc6d" } $ ansible localhost -m ec2_carrier_gateway_info localhost | SUCCESS => { "carrier_gateways": [ { "carrier_gateway_id": "cagw-095f998ebdcb5ef86", "tags": {}, "vpc_id": "vpc-069cabb60c7e7fc6d" } ], "changed": false } Reviewed-by: Mark Chappell Reviewed-by: Marco Braga Reviewed-by: Markus Bergholz <[email protected]>
Summary
Using amazon.aws.ec2_instance module with the profile parameter and AWS credentials stored in the environment variables results in an error
Passing both a profile and access tokens is not supported
This behaviour is not shown in Ansible 7.2 using amazon.aws collection version 5.1.0
Issue Type
Bug Report
Component Name
amazon.aws.ec2_instance
Ansible Version
ansible [core 2.14.2]
config file = /home/centos/ansible/ansible.cfg
configured module search path = ['/home/centos/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/centos/.local/lib/python3.9/site-packages/ansible
ansible collection location = /home/centos/.ansible/collections:/usr/share/ansible/collections
executable location = /home/centos/.local/bin/ansible
python version = 3.9.6 (default, Aug 25 2021, 16:22:38) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] (/usr/bin/python3)
jinja version = 3.1.2
libyaml = True
Name: ansible
Version: 7.2.0
Summary: Radically simple IT automation
Home-page: https://ansible.com/
Author: Ansible, Inc.
Author-email: [email protected]
License: GPLv3+
Location: /home/centos/.local/lib/python3.9/site-packages
Requires: ansible-core
Required-by:
Collection Versions
Collection Version
amazon.aws 5.2.0
ansible.netcommon 4.1.0
ansible.posix 1.5.1
ansible.utils 2.9.0
ansible.windows 1.13.0
arista.eos 6.0.0
awx.awx 21.11.0
azure.azcollection 1.14.0
check_point.mgmt 4.0.0
chocolatey.chocolatey 1.4.0
cisco.aci 2.3.0
cisco.asa 4.0.0
cisco.dnac 6.6.3
cisco.intersight 1.0.23
cisco.ios 4.3.1
cisco.iosxr 4.1.0
cisco.ise 2.5.12
cisco.meraki 2.15.0
cisco.mso 2.2.1
cisco.nso 1.0.3
cisco.nxos 4.0.1
cisco.ucs 1.8.0
cloud.common 2.1.2
cloudscale_ch.cloud 2.2.4
community.aws 5.2.0
community.azure 2.0.0
community.ciscosmb 1.0.5
community.crypto 2.10.0
community.digitalocean 1.23.0
community.dns 2.5.0
community.docker 3.4.0
community.fortios 1.0.0
community.general 6.3.0
community.google 1.0.0
community.grafana 1.5.3
community.hashi_vault 4.1.0
community.hrobot 1.7.0
community.libvirt 1.2.0
community.mongodb 1.4.2
community.mysql 3.5.1
community.network 5.0.0
community.okd 2.2.0
community.postgresql 2.3.2
community.proxysql 1.5.1
community.rabbitmq 1.2.3
community.routeros 2.7.0
community.sap 1.0.0
community.sap_libs 1.4.0
community.skydive 1.0.0
community.sops 1.6.0
community.vmware 3.3.0
community.windows 1.12.0
community.zabbix 1.9.1
containers.podman 1.10.1
cyberark.conjur 1.2.0
cyberark.pas 1.0.17
dellemc.enterprise_sonic 2.0.0
dellemc.openmanage 6.3.0
dellemc.os10 1.1.1
dellemc.os6 1.0.7
dellemc.os9 1.0.4
dellemc.powerflex 1.5.0
dellemc.unity 1.5.0
f5networks.f5_modules 1.22.0
fortinet.fortimanager 2.1.7
fortinet.fortios 2.2.2
frr.frr 2.0.0
gluster.gluster 1.0.2
google.cloud 1.1.2
grafana.grafana 1.1.0
hetzner.hcloud 1.9.1
hpe.nimble 1.1.4
ibm.qradar 2.1.0
ibm.spectrum_virtualize 1.11.0
infinidat.infinibox 1.3.12
infoblox.nios_modules 1.4.1
inspur.ispim 1.2.0
inspur.sm 2.3.0
junipernetworks.junos 4.1.0
kubernetes.core 2.3.2
lowlydba.sqlserver 1.3.1
mellanox.onyx 1.0.0
netapp.aws 21.7.0
netapp.azure 21.10.0
netapp.cloudmanager 21.22.0
netapp.elementsw 21.7.0
netapp.ontap 22.2.0
netapp.storagegrid 21.11.1
netapp.um_info 21.8.0
netapp_eseries.santricity 1.4.0
netbox.netbox 3.10.0
ngine_io.cloudstack 2.3.0
ngine_io.exoscale 1.0.0
ngine_io.vultr 1.1.3
openstack.cloud 1.10.0
openvswitch.openvswitch 2.1.0
ovirt.ovirt 2.4.1
purestorage.flasharray 1.16.2
purestorage.flashblade 1.10.0
purestorage.fusion 1.3.0
sensu.sensu_go 1.13.2
splunk.es 2.1.0
t_systems_mms.icinga_director 1.32.0
theforeman.foreman 3.8.0
vmware.vmware_rest 2.2.0
vultr.cloud 1.7.0
vyos.vyos 4.0.0
wti.remote 1.0.4
AWS SDK versions
Name: boto
Version: 2.49.0
Summary: Amazon Web Services Library
Home-page: https://github.com/boto/boto/
Author: Mitch Garnaat
Author-email: [email protected]
License: MIT
Location: /home/centos/.local/lib/python3.9/site-packages
Requires:
Required-by:
Name: boto3
Version: 1.26.66
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /home/centos/.local/lib/python3.9/site-packages
Requires: botocore, jmespath, s3transfer
Required-by:
Name: botocore
Version: 1.29.66
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /home/centos/.local/lib/python3.9/site-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: awscli, boto3, s3transfer
Configuration
CONFIG_FILE() = /home/centos/ansible/ansible.cfg
DEFAULT_HOST_LIST(/home/centos/ansible/ansible.cfg) = ['/home/centos/ansible/inventory']
DEFAULT_ROLES_PATH(/home/centos/ansible/ansible.cfg) = ['/home/centos/ansible/roles']
DEFAULT_STDOUT_CALLBACK(/home/centos/ansible/ansible.cfg) = yaml
HOST_KEY_CHECKING(/home/centos/ansible/ansible.cfg) = False
INVENTORY_ENABLED(/home/centos/ansible/ansible.cfg) = ['ini']
OS / Environment
CentOS Stream 8
Steps to Reproduce
Using Ansible 7.2 and amazon.aws collection version 5.2.0
Store AWS creds in environment vars
Setup AWS profile config file:
Add Ansible code
Run ansible-playbook
ansible-playbook example-play.yml
Expected Results
Authenticate to AWS using the profile instead of the AWS credentials stored in environment vars
Successfully run the actions in the amazon.aws.ec2_instance task
Actual Results
Using amazon.aws 5.2.0
Using amazon.aws 5.1.0
Task completes successfully as expected
Code of Conduct
The text was updated successfully, but these errors were encountered: