iam_profile_name with path invalid

danhiris commented 6 years ago

If I use a profile name that includes a path, I get errors. It wortks fine if I use IAM profile names that are in the root roles/ path.

This is how I define the profile name. I tried single quotes and double quotes and didn't make a difference. iam_profile_name: "app/ec2/dev/app-ec2-inasandboxdev-profile-role-v1"

This is the debug of the errors I get when I used a profile nested within a path:

D      ------Exception-------
D      Class: Kitchen::ActionFailed
D      Message: 1 actions failed.
>>>>>>     Failed to complete #create action: [Value (app/ec2/dev/app-ec2-inasandboxdev-profile-role-v1) for parameter iamInstanceProfile.name is invalid. Invalid IAM Instance Profile name] on Kitchen-Linux-alab
D      ----------------------
D      ------Backtrace-------
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/command.rb:183:in `report_errors'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/command.rb:174:in `run_action'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/command/action.rb:36:in `block in call'
D      /opt/chefdk/embedded/lib/ruby/2.4.0/benchmark.rb:293:in `measure'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/command/action.rb:34:in `call'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/cli.rb:52:in `perform'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/cli.rb:193:in `block (2 levels) in <class:CLI>'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/command.rb:27:in `run'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/invocation.rb:126:in `invoke_command'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor.rb:359:in `dispatch'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/base.rb:440:in `start'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/bin/kitchen:13:in `block in <top (required)>'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/errors.rb:171:in `with_friendly_errors'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/bin/kitchen:13:in `<top (required)>'
D      /usr/local/bin/kitchen:255:in `load'
D      /usr/local/bin/kitchen:255:in `<main>'
D      ----End Backtrace-----
D      -Composite Exception--
D      Class: Kitchen::ActionFailed
D      Message: Failed to complete #create action: [Value (app/ec2/dev/app-ec2-inasandboxdev-profile-role-v1) for parameter iamInstanceProfile.name is invalid. Invalid IAM Instance Profile name] on Kitchen-Linux-alab
D      ----------------------
D      ------Backtrace-------
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/aws-sdk-core-2.10.90/lib/seahorse/client/plugins/raise_response_errors.rb:15:in `call'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/aws-sdk-core-2.10.90/lib/aws-sdk-core/plugins/jsonvalue_converter.rb:20:in `call'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/aws-sdk-core-2.10.90/lib/aws-sdk-core/plugins/idempotency_token.rb:18:in `call'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/aws-sdk-core-2.10.90/lib/aws-sdk-core/plugins/param_converter.rb:20:in `call'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/aws-sdk-core-2.10.90/lib/seahorse/client/plugins/response_target.rb:21:in `call'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/aws-sdk-core-2.10.90/lib/seahorse/client/request.rb:70:in `send_request'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/aws-sdk-core-2.10.90/lib/seahorse/client/base.rb:207:in `block (2 levels) in define_operation_methods'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/kitchen-ec2-1.3.2/lib/kitchen/driver/ec2.rb:381:in `create_spot_request'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/kitchen-ec2-1.3.2/lib/kitchen/driver/ec2.rb:351:in `submit_spot'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/kitchen-ec2-1.3.2/lib/kitchen/driver/ec2.rb:183:in `create'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:469:in `public_send'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:469:in `block in perform_action'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:536:in `synchronize_or_call'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:498:in `block in action'
D      /opt/chefdk/embedded/lib/ruby/2.4.0/benchmark.rb:293:in `measure'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:497:in `action'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:469:in `perform_action'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:379:in `create_action'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:368:in `block in transition_to'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:367:in `each'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:367:in `transition_to'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:124:in `create'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/command.rb:197:in `public_send'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/command.rb:197:in `run_action_in_thread'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/command.rb:169:in `block (2 levels) in run_action'
D      ----End Backtrace-----
D      ---Nested Exception---
D      Class: Kitchen::ActionFailed
D      Message: Failed to complete #create action: [Value (app/ec2/dev/app-ec2-inasandboxdev-profile-role-v1) for parameter iamInstanceProfile.name is invalid. Invalid IAM Instance Profile name]
D      ----------------------
D      ------Backtrace-------
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/aws-sdk-core-2.10.90/lib/seahorse/client/plugins/raise_response_errors.rb:15:in `call'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/aws-sdk-core-2.10.90/lib/aws-sdk-core/plugins/jsonvalue_converter.rb:20:in `call'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/aws-sdk-core-2.10.90/lib/aws-sdk-core/plugins/idempotency_token.rb:18:in `call'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/aws-sdk-core-2.10.90/lib/aws-sdk-core/plugins/param_converter.rb:20:in `call'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/aws-sdk-core-2.10.90/lib/seahorse/client/plugins/response_target.rb:21:in `call'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/aws-sdk-core-2.10.90/lib/seahorse/client/request.rb:70:in `send_request'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/aws-sdk-core-2.10.90/lib/seahorse/client/base.rb:207:in `block (2 levels) in define_operation_methods'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/kitchen-ec2-1.3.2/lib/kitchen/driver/ec2.rb:381:in `create_spot_request'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/kitchen-ec2-1.3.2/lib/kitchen/driver/ec2.rb:351:in `submit_spot'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/kitchen-ec2-1.3.2/lib/kitchen/driver/ec2.rb:183:in `create'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:469:in `public_send'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:469:in `block in perform_action'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:536:in `synchronize_or_call'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:498:in `block in action'
D      /opt/chefdk/embedded/lib/ruby/2.4.0/benchmark.rb:293:in `measure'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:497:in `action'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:469:in `perform_action'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:379:in `create_action'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:368:in `block in transition_to'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:367:in `each'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:367:in `transition_to'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:124:in `create'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/command.rb:197:in `public_send'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/command.rb:197:in `run_action_in_thread'
D      /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/command.rb:169:in `block (2 levels) in run_action'
D      ----End Backtrace-----

cheeseplus commented 6 years ago

From the stacktrace it looks like the AWS SDK itself is barfing on the validation.

danhiris commented 6 years ago

Yes, the aws sdk has a separate variable for the path to the iam profile and won't let it use the path in the actual name. That variable doesn't seem to be something that the kitchen ec2 gem is aware of.

pschaumburg commented 5 years ago

Hi,

I've just tested your behaviour but can not reproduce this. My tests:

aws iam create-role --path /testing/test/test2/ --role-name test --assume-role-policy-document file://assume-role-policy.json

Where assume-role-policy.json is defined as:

{
  "Version": "2012-10-17",
  "Statement": {
    "Effect": "Allow",
    "Principal": {"Service": "ec2.amazonaws.com"},
    "Action": "sts:AssumeRole"
  }
}

aws iam create-instance-profile --path testing/test/test --instance-profile-name test
aws iam add-role-to-instance-profile --instance-profile-name /testing/test/test/test --role-name test

-> Using "test" as role works for me very well:

iam_profile_name: test

Is there anything I'm doing wrong?

Best regards, Patrick

danhiris commented 5 years ago

in kitchen.yml, there is no way to set the path of the role-name as you do with the aws cli commands.

test-kitchen / kitchen-ec2

iam_profile_name with path invalid #412