From aed38b12cd31d79c563c76aec88809ff41984e7b Mon Sep 17 00:00:00 2001 From: Vinay Dandekar Date: Tue, 4 Dec 2018 10:02:00 -0500 Subject: [PATCH] [aws] Revert back to getting the AWS role name from the URI (#49427) * Revert back to getting the AWS role name from the URI with a small change (#49113) - The role name and instance profile name _can_ be different - Change the delimiter to `:` for keys that are discovered through the JSON parsing (which is not a valid delimiter for AWS IAM role names), this delimiter is still converted to underscore - Now checks for the existence of that delimiter to remove the cases where the JSON keys are appended to the role name to find the role name (cherry picked from commit ff9b86f5609ca2e81410a517986cf4f62927bc8c) * Changelog update --- .../fragments/49113-iam-role-arn-parsing-updated.yml | 2 ++ lib/ansible/modules/cloud/amazon/ec2_metadata_facts.py | 7 ++++--- 2 files changed, 6 insertions(+), 3 deletions(-) create mode 100644 changelogs/fragments/49113-iam-role-arn-parsing-updated.yml diff --git a/changelogs/fragments/49113-iam-role-arn-parsing-updated.yml b/changelogs/fragments/49113-iam-role-arn-parsing-updated.yml new file mode 100644 index 00000000000..b14fa7be7c2 --- /dev/null +++ b/changelogs/fragments/49113-iam-role-arn-parsing-updated.yml @@ -0,0 +1,2 @@ +bugfixes: + - ec2_metadata_facts - Parse IAM role name from the security credential field since the instance profile name is different diff --git a/lib/ansible/modules/cloud/amazon/ec2_metadata_facts.py b/lib/ansible/modules/cloud/amazon/ec2_metadata_facts.py index 2416f9f31c8..0f5cd454691 100644 --- a/lib/ansible/modules/cloud/amazon/ec2_metadata_facts.py +++ b/lib/ansible/modules/cloud/amazon/ec2_metadata_facts.py @@ -467,8 +467,9 @@ class Ec2Metadata(object): new_fields = {} for key, value in fields.items(): split_fields = key[len(uri):].split('/') - if len(split_fields) == 2 and split_fields[0:2] == ['iam', 'info_instanceprofilearn']: - new_fields[self._prefix % "iam-instance-profile-role"] = value.split('/')[1] + # Parse out the IAM role name (which is _not_ the same as the instance profile name) + if len(split_fields) == 3 and split_fields[0:2] == ['iam', 'security-credentials'] and ':' not in split_fields[2]: + new_fields[self._prefix % "iam-instance-profile-role"] = split_fields[2] if len(split_fields) > 1 and split_fields[1]: new_key = "-".join(split_fields) new_fields[self._prefix % new_key] = value @@ -504,7 +505,7 @@ class Ec2Metadata(object): dict = json.loads(content) self._data['%s' % (new_uri)] = content for (key, value) in dict.items(): - self._data['%s_%s' % (new_uri, key.lower())] = value + self._data['%s:%s' % (new_uri, key.lower())] = value except: self._data['%s' % (new_uri)] = content # not a stringifed JSON string