ansibullbot
commented
1 year ago Files identified in the description: None
If these files are inaccurate, please update the component name section of the description or use the !component bot command.
Closed pwrccloud closed 1 year ago
ansibullbot
commented
1 year ago Files identified in the description: None
If these files are inaccurate, please update the component name section of the description or use the !component bot command.
tremble
commented
1 year ago Thanks for taking the time to open this issue.
The triggering PR was #1224. However, support for passing both profile and credentials was deprecated in release 1.2.0 (back in 2020), and officially "removed" in release 5.0.0. This includes passing them through both environment variables and parameters.
Unfortunately, due to some messy logic paths in the original code it looks like when removing support we only partially dropped support. With #1224 the logic was simplified and the change exposed the dropped support that you've now encountered.
Since this breaking change appeared in a non-major release I'm going to revert it for the remainder of the 5.x release cycle. However, please note that this behaviour will return in release 6.0.0.
tremble
commented
1 year ago One way to avoid modules using the values from the environment variables is by explicitly setting access_key, secret_key and session_token to empty strings:
- name: Test EC2 State Change
amazon.aws.ec2_instance:
profile: testing
access_key: ""
secret_key: ""
session_token: ""
state: running
instance_ids: i-xxxxxxxxYou may also be interested in using module_defaults:
---
- name: Example play for test
hosts: localhost
gather_facts: no
become: no
module_defaults:
group/aws:
access_key: ''
secret_key: ''
session_token: ''
profile: 'testing'
tasks:
- name: Test EC2 State Change
amazon.aws.ec2_instance:
state: running
instance_ids: i-xxxxxxxx
pwrccloud
commented
1 year ago Thanks @tremble I have updated my code to correct for this change.
Summary
Using amazon.aws.ec2_instance module with the profile parameter and AWS credentials stored in the environment variables results in an error
Passing both a profile and access tokens is not supportedThis behaviour is not shown in Ansible 7.2 using amazon.aws collection version 5.1.0
Issue Type
Bug Report
Component Name
amazon.aws.ec2_instance
Ansible Version
ansible [core 2.14.2] config file = /home/centos/ansible/ansible.cfg configured module search path = ['/home/centos/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /home/centos/.local/lib/python3.9/site-packages/ansible ansible collection location = /home/centos/.ansible/collections:/usr/share/ansible/collections executable location = /home/centos/.local/bin/ansible python version = 3.9.6 (default, Aug 25 2021, 16:22:38) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] (/usr/bin/python3) jinja version = 3.1.2 libyaml = True
Name: ansible Version: 7.2.0 Summary: Radically simple IT automation Home-page: https://ansible.com/ Author: Ansible, Inc. Author-email: info@ansible.com License: GPLv3+ Location: /home/centos/.local/lib/python3.9/site-packages Requires: ansible-core Required-by:
Collection Versions
Collection Version
amazon.aws 5.2.0 ansible.netcommon 4.1.0 ansible.posix 1.5.1 ansible.utils 2.9.0 ansible.windows 1.13.0 arista.eos 6.0.0 awx.awx 21.11.0 azure.azcollection 1.14.0 check_point.mgmt 4.0.0 chocolatey.chocolatey 1.4.0 cisco.aci 2.3.0 cisco.asa 4.0.0 cisco.dnac 6.6.3 cisco.intersight 1.0.23 cisco.ios 4.3.1 cisco.iosxr 4.1.0 cisco.ise 2.5.12 cisco.meraki 2.15.0 cisco.mso 2.2.1 cisco.nso 1.0.3 cisco.nxos 4.0.1 cisco.ucs 1.8.0 cloud.common 2.1.2 cloudscale_ch.cloud 2.2.4 community.aws 5.2.0 community.azure 2.0.0 community.ciscosmb 1.0.5 community.crypto 2.10.0 community.digitalocean 1.23.0 community.dns 2.5.0 community.docker 3.4.0 community.fortios 1.0.0 community.general 6.3.0 community.google 1.0.0 community.grafana 1.5.3 community.hashi_vault 4.1.0 community.hrobot 1.7.0 community.libvirt 1.2.0 community.mongodb 1.4.2 community.mysql 3.5.1 community.network 5.0.0 community.okd 2.2.0 community.postgresql 2.3.2 community.proxysql 1.5.1 community.rabbitmq 1.2.3 community.routeros 2.7.0 community.sap 1.0.0 community.sap_libs 1.4.0 community.skydive 1.0.0 community.sops 1.6.0 community.vmware 3.3.0 community.windows 1.12.0 community.zabbix 1.9.1 containers.podman 1.10.1 cyberark.conjur 1.2.0 cyberark.pas 1.0.17 dellemc.enterprise_sonic 2.0.0 dellemc.openmanage 6.3.0 dellemc.os10 1.1.1 dellemc.os6 1.0.7 dellemc.os9 1.0.4 dellemc.powerflex 1.5.0 dellemc.unity 1.5.0 f5networks.f5_modules 1.22.0 fortinet.fortimanager 2.1.7 fortinet.fortios 2.2.2 frr.frr 2.0.0 gluster.gluster 1.0.2 google.cloud 1.1.2 grafana.grafana 1.1.0 hetzner.hcloud 1.9.1 hpe.nimble 1.1.4 ibm.qradar 2.1.0 ibm.spectrum_virtualize 1.11.0 infinidat.infinibox 1.3.12 infoblox.nios_modules 1.4.1 inspur.ispim 1.2.0 inspur.sm 2.3.0 junipernetworks.junos 4.1.0 kubernetes.core 2.3.2 lowlydba.sqlserver 1.3.1 mellanox.onyx 1.0.0 netapp.aws 21.7.0 netapp.azure 21.10.0 netapp.cloudmanager 21.22.0 netapp.elementsw 21.7.0 netapp.ontap 22.2.0 netapp.storagegrid 21.11.1 netapp.um_info 21.8.0 netapp_eseries.santricity 1.4.0 netbox.netbox 3.10.0 ngine_io.cloudstack 2.3.0 ngine_io.exoscale 1.0.0 ngine_io.vultr 1.1.3 openstack.cloud 1.10.0 openvswitch.openvswitch 2.1.0 ovirt.ovirt 2.4.1 purestorage.flasharray 1.16.2 purestorage.flashblade 1.10.0 purestorage.fusion 1.3.0 sensu.sensu_go 1.13.2 splunk.es 2.1.0 t_systems_mms.icinga_director 1.32.0 theforeman.foreman 3.8.0 vmware.vmware_rest 2.2.0 vultr.cloud 1.7.0 vyos.vyos 4.0.0 wti.remote 1.0.4
AWS SDK versions
Name: boto Version: 2.49.0 Summary: Amazon Web Services Library Home-page: https://github.com/boto/boto/ Author: Mitch Garnaat Author-email: mitch@garnaat.com License: MIT Location: /home/centos/.local/lib/python3.9/site-packages Requires: Required-by:
Name: boto3 Version: 1.26.66 Summary: The AWS SDK for Python Home-page: https://github.com/boto/boto3 Author: Amazon Web Services Author-email: License: Apache License 2.0 Location: /home/centos/.local/lib/python3.9/site-packages Requires: botocore, jmespath, s3transfer Required-by:
Name: botocore Version: 1.29.66 Summary: Low-level, data-driven core of boto 3. Home-page: https://github.com/boto/botocore Author: Amazon Web Services Author-email: License: Apache License 2.0 Location: /home/centos/.local/lib/python3.9/site-packages Requires: jmespath, python-dateutil, urllib3 Required-by: awscli, boto3, s3transfer
Configuration
CONFIG_FILE() = /home/centos/ansible/ansible.cfg DEFAULT_HOST_LIST(/home/centos/ansible/ansible.cfg) = ['/home/centos/ansible/inventory'] DEFAULT_ROLES_PATH(/home/centos/ansible/ansible.cfg) = ['/home/centos/ansible/roles'] DEFAULT_STDOUT_CALLBACK(/home/centos/ansible/ansible.cfg) = yaml HOST_KEY_CHECKING(/home/centos/ansible/ansible.cfg) = False INVENTORY_ENABLED(/home/centos/ansible/ansible.cfg) = ['ini']
OS / Environment
CentOS Stream 8
Steps to Reproduce
Using Ansible 7.2 and amazon.aws collection version 5.2.0
Store AWS creds in environment vars
Setup AWS profile config file:
Add Ansible code
Run ansible-playbook
ansible-playbook example-play.ymlExpected Results
Authenticate to AWS using the profile instead of the AWS credentials stored in environment vars Successfully run the actions in the amazon.aws.ec2_instance task
Actual Results
Using amazon.aws 5.2.0
Using amazon.aws 5.1.0 Task completes successfully as expected
Code of Conduct