Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_ssm: add profile support in connections #278

Merged
merged 7 commits into from
Apr 10, 2021
Merged

aws_ssm: add profile support in connections #278

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
b359bbb
aws_ssm: add profile support in connections
amaxine Oct 23, 2020
33f8c5b
aws_ssm: fix entry for profile
amaxine Oct 27, 2020
ad4eb30
aws_ssm: readd description to profile entry
amaxine Oct 28, 2020
88b13bf
aws_ssm: fallback value when profile_name is unset
amaxine Nov 16, 2020
d330d9f
aws_ssm: set profile for all clients
amaxine Nov 16, 2020
efa8ed5
changelog
amaxine Feb 24, 2021
9dcbf61
Avoid setting profile_name when profile isn't set
tremble Apr 10, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions changelogs/fragments/278-aws_ssm-profile-support.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
minor_changes:
- aws_ssm connection plugin - add support for specifying a profile to be used when connecting (https://github.com/ansible-collections/community.aws/pull/278).
39 changes: 27 additions & 12 deletions plugins/connection/aws_ssm.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,11 @@
vars:
- name: ansible_aws_ssm_plugin
default: '/usr/local/bin/session-manager-plugin'
profile:
description: Sets AWS profile to use.
vars:
- name: ansible_aws_ssm_profile
version_added: 1.5.0
retries:
description: Number of attempts to connect.
default: 3
Expand Down Expand Up @@ -304,10 +309,10 @@ def start_session(self):
raise AnsibleError("failed to find the executable specified %s."
" Please verify if the executable exists and re-try." % executable)

profile_name = ''
profile_name = self.get_option('profile') or ''
Copy link
Contributor

@dekimsey dekimsey Mar 30, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could this be better set as an entry on the configuration blob above?
Perhaps with AWS_PROFILE support too?

profile:
   ...
   default: ''
   env:
    - name: AWS_PROFILE

region_name = self.get_option('region')
ssm_parameters = dict()
client = self._get_boto_client('ssm', region_name=region_name)
client = self._get_boto_client('ssm', region_name=region_name, profile_name=profile_name)
tremble marked this conversation as resolved.
Show resolved Hide resolved
self._client = client
response = client.start_session(Target=self.instance_id, Parameters=ssm_parameters)
self._session_id = response['SessionId']
Expand Down Expand Up @@ -498,13 +503,13 @@ def _flush_stderr(self, subprocess):

return stderr

def _get_url(self, client_method, bucket_name, out_path, http_method):
def _get_url(self, client_method, bucket_name, out_path, http_method, profile_name):
''' Generate URL for get_object / put_object '''
region_name = self.get_option('region') or 'us-east-1'
client = self._get_boto_client('s3', region_name)
client = self._get_boto_client('s3', region_name=region_name, profile_name=profile_name)
return client.generate_presigned_url(client_method, Params={'Bucket': bucket_name, 'Key': out_path}, ExpiresIn=3600, HttpMethod=http_method)

def _get_boto_client(self, service, region_name=None):
def _get_boto_client(self, service, region_name=None, profile_name=None):
''' Gets a boto3 client based on the STS token '''

aws_access_key_id = self.get_option('access_key_id')
Expand All @@ -517,13 +522,21 @@ def _get_boto_client(self, service, region_name=None):
aws_secret_access_key = os.environ.get("AWS_SECRET_ACCESS_KEY", None)
if aws_session_token is None:
aws_session_token = os.environ.get("AWS_SESSION_TOKEN", None)
if not profile_name:
profile_name = os.environ.get("AWS_PROFILE", None)

client = boto3.client(
service,
session_args = dict(
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=region_name,
)
if profile_name:
session_args['profile_name'] = profile_name
session = boto3.session.Session(**session_args)

client = session.client(
service,
config=Config(signature_version="s3v4")
)
return client
Expand All @@ -536,18 +549,20 @@ def _file_transport_command(self, in_path, out_path, ssm_action):
s3_path = path_unescaped.replace('\\', '/')
bucket_url = 's3://%s/%s' % (self.get_option('bucket_name'), s3_path)

profile_name = self.get_option('profile')

if self.is_windows:
put_command = "Invoke-WebRequest -Method PUT -InFile '%s' -Uri '%s' -UseBasicParsing" % (
in_path, self._get_url('put_object', self.get_option('bucket_name'), s3_path, 'PUT'))
in_path, self._get_url('put_object', self.get_option('bucket_name'), s3_path, 'PUT', profile_name))
get_command = "Invoke-WebRequest '%s' -OutFile '%s'" % (
self._get_url('get_object', self.get_option('bucket_name'), s3_path, 'GET'), out_path)
self._get_url('get_object', self.get_option('bucket_name'), s3_path, 'GET', profile_name), out_path)
else:
put_command = "curl --request PUT --upload-file '%s' '%s'" % (
in_path, self._get_url('put_object', self.get_option('bucket_name'), s3_path, 'PUT'))
in_path, self._get_url('put_object', self.get_option('bucket_name'), s3_path, 'PUT', profile_name))
get_command = "curl '%s' -o '%s'" % (
self._get_url('get_object', self.get_option('bucket_name'), s3_path, 'GET'), out_path)
self._get_url('get_object', self.get_option('bucket_name'), s3_path, 'GET', profile_name), out_path)

client = self._get_boto_client('s3')
client = self._get_boto_client('s3', profile_name=profile_name)
if ssm_action == 'get':
(returncode, stdout, stderr) = self.exec_command(put_command, in_data=None, sudoable=False)
with open(to_bytes(out_path, errors='surrogate_or_strict'), 'wb') as data:
Expand Down