Skip to content

Commit

Permalink
Various ARN handling fixes (ansible-collections#1848)
Browse files Browse the repository at this point in the history
Various ARN handling fixes

Depends-On: ansible-collections#1619
SUMMARY
fixes: ansible-collections#1846
Various modules had hard-coded ARN handling which assumed the use of the main  partition.  This causes problems for folks using Gov Cloud (and aws-cn)
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
plugins/modules/batch_compute_environment.py
plugins/modules/ec2_launch_template.py
plugins/modules/elasticache_info.py
plugins/modules/iam_group.py
plugins/modules/iam_role.py
plugins/modules/msk_config.py
plugins/modules/redshift.py
plugins/modules/sns_topic.py
ADDITIONAL INFORMATION

Reviewed-by: Alina Buzachis

This commit was initially merged in https://github.com/ansible-collections/community.aws
See: ansible-collections/community.aws@25a636c
  • Loading branch information
tremble authored and alinabuzachis committed Oct 6, 2023
1 parent f319079 commit 6029f7c
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions plugins/modules/iam_role.py
Original file line number Diff line number Diff line change
Expand Up @@ -224,6 +224,7 @@

from ansible.module_utils.common.dict_transformations import camel_dict_to_snake_dict

from ansible_collections.amazon.aws.plugins.module_utils.arn import validate_aws_arn
from ansible_collections.amazon.aws.plugins.module_utils.botocore import is_boto3_error_code
from ansible_collections.amazon.aws.plugins.module_utils.policy import compare_policies
from ansible_collections.amazon.aws.plugins.module_utils.retries import AWSRetry
Expand Down Expand Up @@ -265,7 +266,7 @@ def wait_iam_exists(module, client):


def convert_friendly_names_to_arns(module, client, policy_names):
if not any(not policy.startswith("arn:") for policy in policy_names):
if all(validate_aws_arn(policy, service="iam") for policy in policy_names if policy is not None):
return policy_names

allpolicies = {}
Expand All @@ -275,7 +276,7 @@ def convert_friendly_names_to_arns(module, client, policy_names):
allpolicies[policy["PolicyName"]] = policy["Arn"]
allpolicies[policy["Arn"]] = policy["Arn"]
try:
return [allpolicies[policy] for policy in policy_names]
return [allpolicies[policy] for policy in policy_names if policy is not None]
except KeyError as e:
module.fail_json_aws(e, msg="Couldn't find policy")

Expand Down Expand Up @@ -746,7 +747,7 @@ def main():
if module.params.get("boundary"):
if module.params.get("create_instance_profile"):
module.fail_json(msg="When using a boundary policy, `create_instance_profile` must be set to `false`.")
if not module.params.get("boundary").startswith("arn:aws:iam"):
if not validate_aws_arn(module.params.get("boundary"), service="iam"):
module.fail_json(msg="Boundary policy must be an ARN")
if module.params.get("max_session_duration"):
max_session_duration = module.params.get("max_session_duration")
Expand Down

0 comments on commit 6029f7c

Please sign in to comment.