Refactor ARN validation code #1619

tremble · 2023-06-21T11:13:28Z

SUMMARY

Adds resource_id and resource_type to parse_aws_arn() return value.
Adds validate_aws_arn() to handle common pattern matching for ARNs.

ISSUE TYPE

Feature Pull Request

COMPONENT NAME

ec2_instance
iam_user

ADDITIONAL INFORMATION

Related to ansible-collections/community.aws#1846 - We've been doing things like assuming the aws partition.

softwarefactory-project-zuul · 2023-06-21T13:07:08Z

Build failed.
https://ansible.softwarefactory-project.io/zuul/buildset/5c2a43a5744545a7932b91704f0e50ce

✔️ ansible-galaxy-importer SUCCESS in 4m 02s
✔️ build-ansible-collection SUCCESS in 13m 49s
✔️ ansible-test-splitter SUCCESS in 5m 09s
✔️ integration-amazon.aws-1 SUCCESS in 14m 19s
✔️ integration-amazon.aws-2 SUCCESS in 22m 06s
✔️ integration-amazon.aws-3 SUCCESS in 19m 29s
✔️ integration-amazon.aws-4 SUCCESS in 20m 47s
✔️ integration-amazon.aws-5 SUCCESS in 20m 38s
✔️ integration-amazon.aws-6 SUCCESS in 14m 07s
✔️ integration-amazon.aws-7 SUCCESS in 12m 32s
✔️ integration-amazon.aws-8 SUCCESS in 17m 00s
✔️ integration-amazon.aws-9 SUCCESS in 8m 36s
✔️ integration-amazon.aws-10 SUCCESS in 11m 14s
✔️ integration-amazon.aws-11 SUCCESS in 13m 26s
✔️ integration-amazon.aws-12 SUCCESS in 14m 01s
❌ integration-amazon.aws-13 FAILURE in 20m 42s
✔️ integration-amazon.aws-14 SUCCESS in 16m 52s
✔️ integration-amazon.aws-15 SUCCESS in 13m 36s
✔️ integration-amazon.aws-16 SUCCESS in 17m 15s
✔️ integration-amazon.aws-17 SUCCESS in 8m 33s
✔️ integration-amazon.aws-18 SUCCESS in 13m 29s
✔️ integration-amazon.aws-19 SUCCESS in 9m 02s
✔️ integration-amazon.aws-20 SUCCESS in 9m 40s
Skipped 24 jobs

alinabuzachis · 2023-06-22T16:47:01Z

recheck

softwarefactory-project-zuul · 2023-06-22T17:53:26Z

Build succeeded.
https://ansible.softwarefactory-project.io/zuul/buildset/0b345dbffd17409ca70557a74b5b2a6b

✔️ ansible-galaxy-importer SUCCESS in 4m 27s
✔️ build-ansible-collection SUCCESS in 12m 54s
✔️ ansible-test-splitter SUCCESS in 5m 57s
✔️ integration-amazon.aws-1 SUCCESS in 12m 19s
✔️ integration-amazon.aws-2 SUCCESS in 17m 30s
✔️ integration-amazon.aws-3 SUCCESS in 17m 39s
✔️ integration-amazon.aws-4 SUCCESS in 21m 47s
✔️ integration-amazon.aws-5 SUCCESS in 18m 47s
✔️ integration-amazon.aws-6 SUCCESS in 9m 00s
✔️ integration-amazon.aws-7 SUCCESS in 13m 12s
✔️ integration-amazon.aws-8 SUCCESS in 22m 11s
✔️ integration-amazon.aws-9 SUCCESS in 8m 02s
✔️ integration-amazon.aws-10 SUCCESS in 7m 57s
✔️ integration-amazon.aws-11 SUCCESS in 9m 02s
✔️ integration-amazon.aws-12 SUCCESS in 13m 57s
✔️ integration-amazon.aws-13 SUCCESS in 19m 43s
✔️ integration-amazon.aws-14 SUCCESS in 15m 27s
✔️ integration-amazon.aws-15 SUCCESS in 14m 22s
✔️ integration-amazon.aws-16 SUCCESS in 15m 27s
✔️ integration-amazon.aws-17 SUCCESS in 9m 23s
✔️ integration-amazon.aws-18 SUCCESS in 10m 14s
✔️ integration-amazon.aws-19 SUCCESS in 12m 19s
✔️ integration-amazon.aws-20 SUCCESS in 7m 29s
✔️ integration-community.aws-1 SUCCESS in 22m 42s
Skipped 23 jobs

softwarefactory-project-zuul · 2023-06-23T07:55:28Z

Build succeeded (gate pipeline).
https://ansible.softwarefactory-project.io/zuul/buildset/0666c344994744478aae00652d7a404b

✔️ ansible-galaxy-importer SUCCESS in 5m 02s
✔️ build-ansible-collection SUCCESS in 14m 07s
✔️ ansible-test-splitter SUCCESS in 5m 01s
✔️ integration-amazon.aws-1 SUCCESS in 13m 33s
✔️ integration-amazon.aws-2 SUCCESS in 26m 55s
✔️ integration-amazon.aws-3 SUCCESS in 22m 33s
✔️ integration-amazon.aws-4 SUCCESS in 21m 26s
✔️ integration-amazon.aws-5 SUCCESS in 19m 04s
✔️ integration-amazon.aws-6 SUCCESS in 13m 50s
✔️ integration-amazon.aws-7 SUCCESS in 14m 51s
✔️ integration-amazon.aws-8 SUCCESS in 18m 20s
✔️ integration-amazon.aws-9 SUCCESS in 8m 27s
✔️ integration-amazon.aws-10 SUCCESS in 9m 28s
✔️ integration-amazon.aws-11 SUCCESS in 12m 01s
✔️ integration-amazon.aws-12 SUCCESS in 15m 50s
✔️ integration-amazon.aws-13 SUCCESS in 18m 14s
✔️ integration-amazon.aws-14 SUCCESS in 10m 49s
✔️ integration-amazon.aws-15 SUCCESS in 13m 59s
✔️ integration-amazon.aws-16 SUCCESS in 18m 02s
✔️ integration-amazon.aws-17 SUCCESS in 10m 24s
✔️ integration-amazon.aws-18 SUCCESS in 9m 50s
✔️ integration-amazon.aws-19 SUCCESS in 8m 14s
✔️ integration-amazon.aws-20 SUCCESS in 9m 04s
Skipped 24 jobs

patchback · 2023-06-23T07:56:09Z

Backport to stable-6: 💚 backport PR created

✅ Backport PR branch: patchback/backports/stable-6/344dbd1a0f6cc6c2e6cfd582ba989f070001444a/pr-1619

Backported as #1622

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

Refactor ARN validation code SUMMARY Adds resource_id and resource_type to parse_aws_arn() return value. Adds validate_aws_arn() to handle common pattern matching for ARNs. ISSUE TYPE Feature Pull Request COMPONENT NAME ec2_instance iam_user ADDITIONAL INFORMATION Related to ansible-collections/community.aws#1846 - We've been doing things like assuming the aws partition. Reviewed-by: Alina Buzachis (cherry picked from commit 344dbd1)

Various ARN handling fixes Depends-On: ansible-collections/amazon.aws#1619 SUMMARY fixes: #1846 Various modules had hard-coded ARN handling which assumed the use of the main partition. This causes problems for folks using Gov Cloud (and aws-cn) ISSUE TYPE Bugfix Pull Request COMPONENT NAME plugins/modules/batch_compute_environment.py plugins/modules/ec2_launch_template.py plugins/modules/elasticache_info.py plugins/modules/iam_group.py plugins/modules/iam_role.py plugins/modules/msk_config.py plugins/modules/redshift.py plugins/modules/sns_topic.py ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis

SUMMARY Adds resource_id and resource_type to parse_aws_arn() return value. Adds validate_aws_arn() to handle common pattern matching for ARNs. ISSUE TYPE Feature Pull Request COMPONENT NAME ec2_instance iam_user ADDITIONAL INFORMATION Related to ansible-collections/community.aws#1846 - We've been doing things like assuming the aws partition. Reviewed-by: Alina Buzachis (cherry picked from commit 344dbd1)

Various ARN handling fixes Depends-On: ansible-collections/amazon.aws#1619 SUMMARY fixes: #1846 Various modules had hard-coded ARN handling which assumed the use of the main partition. This causes problems for folks using Gov Cloud (and aws-cn) ISSUE TYPE Bugfix Pull Request COMPONENT NAME plugins/modules/batch_compute_environment.py plugins/modules/ec2_launch_template.py plugins/modules/elasticache_info.py plugins/modules/iam_group.py plugins/modules/iam_role.py plugins/modules/msk_config.py plugins/modules/redshift.py plugins/modules/sns_topic.py ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis (cherry picked from commit 25a636c)

[PR #1848/25a636ce backport][stable-6] Various ARN handling fixes This is a backport of PR #1848 as merged into main (25a636c). Depends-On: ansible-collections/amazon.aws#1619 SUMMARY fixes: #1846 Various modules had hard-coded ARN handling which assumed the use of the main partition. This causes problems for folks using Gov Cloud (and aws-cn) ISSUE TYPE Bugfix Pull Request COMPONENT NAME plugins/modules/batch_compute_environment.py plugins/modules/ec2_launch_template.py plugins/modules/elasticache_info.py plugins/modules/iam_group.py plugins/modules/iam_role.py plugins/modules/msk_config.py plugins/modules/redshift.py plugins/modules/sns_topic.py ADDITIONAL INFORMATION Reviewed-by: Mark Chappell

Various ARN handling fixes Depends-On: ansible-collections#1619 SUMMARY fixes: ansible-collections#1846 Various modules had hard-coded ARN handling which assumed the use of the main partition. This causes problems for folks using Gov Cloud (and aws-cn) ISSUE TYPE Bugfix Pull Request COMPONENT NAME plugins/modules/batch_compute_environment.py plugins/modules/ec2_launch_template.py plugins/modules/elasticache_info.py plugins/modules/iam_group.py plugins/modules/iam_role.py plugins/modules/msk_config.py plugins/modules/redshift.py plugins/modules/sns_topic.py ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis This commit was initially merged in https://github.com/ansible-collections/community.aws See: ansible-collections/community.aws@25a636c

Various ARN handling fixes Depends-On: ansible-collections#1619 SUMMARY fixes: ansible-collections#1846 Various modules had hard-coded ARN handling which assumed the use of the main partition. This causes problems for folks using Gov Cloud (and aws-cn) ISSUE TYPE Bugfix Pull Request COMPONENT NAME plugins/modules/batch_compute_environment.py plugins/modules/ec2_launch_template.py plugins/modules/elasticache_info.py plugins/modules/iam_group.py plugins/modules/iam_role.py plugins/modules/msk_config.py plugins/modules/redshift.py plugins/modules/sns_topic.py ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis

Various ARN handling fixes Depends-On: ansible-collections#1619 SUMMARY fixes: ansible-collections#1846 Various modules had hard-coded ARN handling which assumed the use of the main partition. This causes problems for folks using Gov Cloud (and aws-cn) ISSUE TYPE Bugfix Pull Request COMPONENT NAME plugins/modules/batch_compute_environment.py plugins/modules/ec2_launch_template.py plugins/modules/elasticache_info.py plugins/modules/iam_group.py plugins/modules/iam_role.py plugins/modules/msk_config.py plugins/modules/redshift.py plugins/modules/sns_topic.py ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis This commit was initially merged in https://github.com/ansible-collections/community.aws See: ansible-collections/community.aws@25a636c

…nsible-collections#1619) aws_ssm: ability to customize s3 endpoint for vpc interface endpoint Depends-On: ansible/ansible-zuul-jobs#1743 SUMMARY Add a new variable for setting the s3 endpoint url ISSUE TYPE Feature Pull Request COMPONENT NAME connection aws_ssm.py ADDITIONAL INFORMATION If you try to running SSM commands on EC2 instances in private networks only with vpc interface endpoints. You are not able to access S3 service because the generated URL is wrong. For now this plugin only works for s3 vpc gateway endpoints. Not for s3 vpc interface endpoints. To simply fix this. We need the possibility to set the interface endpoint url. So I added a new parameter to the connection plugin. How to test - name: test ssm on an EC2 instance hosts: router vars: ansible_python_interpreter: /usr/bin/python3 ansible_connection: aws_ssm ansible_aws_ssm_region: 'eu-west-1' ansible_aws_ssm_bucket_name: testbucket ansible_aws_ssm_bucket_endpoint_url: "https://vpce-00000000000000-10ygvtbr.s3.eu-west-1.vpce.amazonaws.com" tasks: - name: list files in opt folder shell: echo "running on $(curl -s http://169.254.169.254/latest/meta-data/instance-id)" Output before change XEC curl 'https://testbucket.s3.amazonaws.com/i-0b5e11951ab6b12cd//home/ssm-user/.ansible/tmp/ansible-tmp-1610187779.9946203-6452-52757228453165/AnsiballZ_setup.py?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAZEY6F5MCGGCDZQGI%2F20210109%2F**eu-central-1**%2Fs3%2Faws4_request&X-Amz-Date=20210109T102300Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEKr%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaDGV1LWNlbnRyYWwtMSJIMEYCIQDRoCbT6dS9geijC00Xhr4nKdDrfKSE0ULsEXNgjM3vUwIhAMoAiDJJSGehMKvcmUlZDHc17WcV3Wnw4lsCED4MH%2BkMKroDCHMQABoMNjI4NzM5MTQwMzU2IgylHaq9VXBqdPex8fsqlwMzbTC5nczwsbUzXkpdw1MWndywQnjxp%2BnZoYcHMba6TGM57osVwt6hQoYxKA04co63FOr%2FtvhmmLGdphxeEGBPRjyTCNB%2Bdtr%2BwfKmjyls7WmBQF4jRMm2xPMUSd3EBnitCOpRvHPtp4xsuIX59QKCZmUNKBYIn2USx18mcSrWpI1emQGkmgewn9EOxUT168X9unNnvmUerokKgD5f1dZvpnIEmUyPYhYFCkJAdmLa5E5CIWe4UFfULLwDwTqYe6akqSAhBUeMrzWvebp7oXkER%2BymsmdGdAl4nFKNDtJ5suSkcGooliKsFhrHKEb1gN4UH%2FldPSFZqCEOayiWByk6SK7yEkhqI7wbc5Ufwv68AimpRddA5dU95kXUL3tgBYq5QcSeXStdd%2B6nQ3vRDBJx%2BETvR2dGOeZv%2Bu6p1iLaT5wnMgMcSnPQWCTja%2Bnf7Lp%2Bkmd4pR9yfTYaPa%2FVdblsVAXtfDURQ7wHwV6DJJavt26oUXNOOjEXg4FDraLzGSNWGFjMkbxLSBFNEyKBB9g3Hk8hV4YOwjC4%2BeX%2FBTrqAfEXoF92NloBKePOvKXzFcp8YT8yC0p35rXYqa0GA5d9ZNaGewFw6ks9VMUTSht3SZ2ns2qCYF6p73ISe88pgrUWGwFaxZnbNxP1dvfpNH3X9zQ9oVyjKfD9dwPfnOYpx6j48dZZhdgZ6n2H13h3Ckf7hmebHo7po%2BWrXkc8K1Bo07YSFyFMffieXBk0NvrBPGNGtKTEJ3m%2FfF4vkM4lnEN2xWaS0umgwMQrCqfhKD3Gpf%2BdglVJ2oBRHb3ho7dfie48ohpAd%2B6j752PjR2SuaA3Gokns8scHLBB7dvkGlmqb3vrX8TYsc7CZg%3D%3D&X-Amz-Signature=a992947e6682f66239d42c08a6b8ba2da136a572bc15a2184763846fd5a39504' -o '/home/ssm-user/.ansible/tmp/ansible-tmp-1610187779.9946203-6452-52757228453165/AnsiballZ_setup.py' Output after change XEC curl 'https://testbucket.vpce-00000000000000-10ygvtbr.s3.eu-west-1.vpce.amazonaws.com/i-0b5e11951ab6b12cd//home/ssm-user/.ansible/tmp/ansible-tmp-1610187779.9946203-6452-52757228453165/AnsiballZ_setup.py?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAZEY6F5MCGGCDZQGI%2F20210109%2F**eu-central-1**%2Fs3%2Faws4_request&X-Amz-Date=20210109T102300Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEKr%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaDGV1LWNlbnRyYWwtMSJIMEYCIQDRoCbT6dS9geijC00Xhr4nKdDrfKSE0ULsEXNgjM3vUwIhAMoAiDJJSGehMKvcmUlZDHc17WcV3Wnw4lsCED4MH%2BkMKroDCHMQABoMNjI4NzM5MTQwMzU2IgylHaq9VXBqdPex8fsqlwMzbTC5nczwsbUzXkpdw1MWndywQnjxp%2BnZoYcHMba6TGM57osVwt6hQoYxKA04co63FOr%2FtvhmmLGdphxeEGBPRjyTCNB%2Bdtr%2BwfKmjyls7WmBQF4jRMm2xPMUSd3EBnitCOpRvHPtp4xsuIX59QKCZmUNKBYIn2USx18mcSrWpI1emQGkmgewn9EOxUT168X9unNnvmUerokKgD5f1dZvpnIEmUyPYhYFCkJAdmLa5E5CIWe4UFfULLwDwTqYe6akqSAhBUeMrzWvebp7oXkER%2BymsmdGdAl4nFKNDtJ5suSkcGooliKsFhrHKEb1gN4UH%2FldPSFZqCEOayiWByk6SK7yEkhqI7wbc5Ufwv68AimpRddA5dU95kXUL3tgBYq5QcSeXStdd%2B6nQ3vRDBJx%2BETvR2dGOeZv%2Bu6p1iLaT5wnMgMcSnPQWCTja%2Bnf7Lp%2Bkmd4pR9yfTYaPa%2FVdblsVAXtfDURQ7wHwV6DJJavt26oUXNOOjEXg4FDraLzGSNWGFjMkbxLSBFNEyKBB9g3Hk8hV4YOwjC4%2BeX%2FBTrqAfEXoF92NloBKePOvKXzFcp8YT8yC0p35rXYqa0GA5d9ZNaGewFw6ks9VMUTSht3SZ2ns2qCYF6p73ISe88pgrUWGwFaxZnbNxP1dvfpNH3X9zQ9oVyjKfD9dwPfnOYpx6j48dZZhdgZ6n2H13h3Ckf7hmebHo7po%2BWrXkc8K1Bo07YSFyFMffieXBk0NvrBPGNGtKTEJ3m%2FfF4vkM4lnEN2xWaS0umgwMQrCqfhKD3Gpf%2BdglVJ2oBRHb3ho7dfie48ohpAd%2B6j752PjR2SuaA3Gokns8scHLBB7dvkGlmqb3vrX8TYsc7CZg%3D%3D&X-Amz-Signature=a992947e6682f66239d42c08a6b8ba2da136a572bc15a2184763846fd5a39504' -o '/home/ssm-user/.ansible/tmp/ansible-tmp-1610187779.9946203-6452-52757228453165/AnsiballZ_setup.py' Reviewed-by: Markus Bergholz <git@osuv.de> Reviewed-by: Mark Chappell <None>

tremble mentioned this pull request Jun 21, 2023

Various ARN handling fixes ansible-collections/community.aws#1848

Merged

tremble added 2 commits June 21, 2023 14:04

Refactor code for testing ARNs

28d605f

changelog

4b7246d

tremble force-pushed the module_utils/arn/test_arn branch from 9d70075 to 285c9f1 Compare June 21, 2023 12:05

fix ec2_instance unit test

317b0a1

tremble marked this pull request as ready for review June 21, 2023 14:04

tremble force-pushed the module_utils/arn/test_arn branch from 285c9f1 to 317b0a1 Compare June 21, 2023 14:05

tremble requested a review from alinabuzachis June 22, 2023 07:06

alinabuzachis approved these changes Jun 22, 2023

View reviewed changes

tremble added the mergeit Merge the PR (SoftwareFactory) label Jun 23, 2023

softwarefactory-project-zuul bot merged commit 344dbd1 into ansible-collections:main Jun 23, 2023
73 checks passed

tremble added the backport-6 PR should be backported to the stable-6 branch label Jun 23, 2023

patchback bot mentioned this pull request Jun 23, 2023

[PR #1619/344dbd1a backport][stable-6] Refactor ARN validation code #1622

Merged

patchback bot mentioned this pull request Jun 27, 2023

[PR #1848/25a636ce backport][stable-6] Various ARN handling fixes ansible-collections/community.aws#1858

Merged

tremble deleted the module_utils/arn/test_arn branch September 27, 2023 07:00

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Refactor ARN validation code #1619

Refactor ARN validation code #1619

tremble commented Jun 21, 2023

softwarefactory-project-zuul bot commented Jun 21, 2023

alinabuzachis commented Jun 22, 2023

softwarefactory-project-zuul bot commented Jun 22, 2023

softwarefactory-project-zuul bot commented Jun 23, 2023

patchback bot commented Jun 23, 2023 •

edited

Loading

Refactor ARN validation code #1619

Refactor ARN validation code #1619

Conversation

tremble commented Jun 21, 2023

SUMMARY

ISSUE TYPE

COMPONENT NAME

ADDITIONAL INFORMATION

softwarefactory-project-zuul bot commented Jun 21, 2023

alinabuzachis commented Jun 22, 2023

softwarefactory-project-zuul bot commented Jun 22, 2023

softwarefactory-project-zuul bot commented Jun 23, 2023

patchback bot commented Jun 23, 2023 • edited Loading

Backport to stable-6: 💚 backport PR created

patchback bot commented Jun 23, 2023 •

edited

Loading