From 6c37fbb487ae40e19887f0aee0519936fab22ed6 Mon Sep 17 00:00:00 2001 From: Sofiia Podolskaia Date: Tue, 22 Dec 2020 11:31:21 +0300 Subject: [PATCH 1/4] Rearrange security_token sources as AWS_SECURITY_TOKEN is deprecated --- plugins/module_utils/ec2.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugins/module_utils/ec2.py b/plugins/module_utils/ec2.py index e22789922c5..9837ceddad6 100644 --- a/plugins/module_utils/ec2.py +++ b/plugins/module_utils/ec2.py @@ -310,10 +310,10 @@ def get_aws_connection_info(module, boto3=False): secret_key = None if not security_token: - if os.environ.get('AWS_SECURITY_TOKEN'): - security_token = os.environ['AWS_SECURITY_TOKEN'] - elif os.environ.get('AWS_SESSION_TOKEN'): + if os.environ.get('AWS_SESSION_TOKEN'): security_token = os.environ['AWS_SESSION_TOKEN'] + elif os.environ.get('AWS_SECURITY_TOKEN'): + security_token = os.environ['AWS_SECURITY_TOKEN'] elif os.environ.get('EC2_SECURITY_TOKEN'): security_token = os.environ['EC2_SECURITY_TOKEN'] elif HAS_BOTO and boto.config.get('Credentials', 'aws_security_token'): From 789fb78adba03cf77719c79e099a71acc445a32d Mon Sep 17 00:00:00 2001 From: Sofiia Podolskaia Date: Tue, 22 Dec 2020 20:35:15 +0300 Subject: [PATCH 2/4] Rearrange security_token sources as AWS_SECURITY_TOKEN is deprecated --- plugins/doc_fragments/aws_credentials.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/doc_fragments/aws_credentials.py b/plugins/doc_fragments/aws_credentials.py index 73eff046e40..b99c4adb929 100644 --- a/plugins/doc_fragments/aws_credentials.py +++ b/plugins/doc_fragments/aws_credentials.py @@ -40,6 +40,6 @@ class ModuleDocFragment(object): type: str env: - name: EC2_SECURITY_TOKEN - - name: AWS_SESSION_TOKEN - name: AWS_SECURITY_TOKEN + - name: AWS_SESSION_TOKEN ''' From 4ef4efb5367fa06a0f84c3ee0a87cd9b946e029e Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Thu, 11 Mar 2021 09:27:08 +0100 Subject: [PATCH 3/4] Add a changelog --- changelogs/fragments/221-security_token-order.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 changelogs/fragments/221-security_token-order.yml diff --git a/changelogs/fragments/221-security_token-order.yml b/changelogs/fragments/221-security_token-order.yml new file mode 100644 index 00000000000..6e42575a4e8 --- /dev/null +++ b/changelogs/fragments/221-security_token-order.yml @@ -0,0 +1,2 @@ +breaking_changes: +- AWS modules - the ``AWS_SESSION_TOKEN`` environment variable now takes precendence over the (deprecated) ``AWS_SECURITY_TOKEN`` environment variable (https://github.com/ansible-collections/amazon.aws/pull/221). From ccd02f473dfa93a05de1e9adbb3940ddcfb47ee5 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Thu, 11 Mar 2021 09:29:29 +0100 Subject: [PATCH 4/4] Add integration test for 221 --- .../roles/ec2_connect/tasks/credentials.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/integration/targets/module_utils_ec2/roles/ec2_connect/tasks/credentials.yml b/tests/integration/targets/module_utils_ec2/roles/ec2_connect/tasks/credentials.yml index 1843a497d18..498e22de955 100644 --- a/tests/integration/targets/module_utils_ec2/roles/ec2_connect/tasks/credentials.yml +++ b/tests/integration/targets/module_utils_ec2/roles/ec2_connect/tasks/credentials.yml @@ -54,6 +54,20 @@ that: - credential_result is successful +- name: 'Test basic operation using simple credentials (aws-environment)' + example_module: + environment: + AWS_REGION: '{{ aws_region }}' + AWS_ACCESS_KEY_ID: '{{ aws_access_key }}' + AWS_SECRET_ACCESS_KEY: '{{ aws_secret_key }}' + AWS_SECURITY_TOKEN: 'junk-example' + AWS_SESSION_TOKEN: '{{ security_token }}' + register: credential_result + +- assert: + that: + - credential_result is successful + - name: 'Test basic operation using simple credentials (aws2-environment)' example_module: environment: