Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for EC2 dynamic data in ec2_facts #21532

Merged
merged 5 commits into from
Jun 30, 2017
Merged

Add support for EC2 dynamic data in ec2_facts #21532

merged 5 commits into from
Jun 30, 2017

Conversation

roadmapper
Copy link
Contributor

@roadmapper roadmapper commented Feb 16, 2017
edited

ISSUE TYPE
  • Feature Pull Request
COMPONENT NAME

module ec2_facts

ANSIBLE VERSION
ansible 2.2.1.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = Default w/o overrides
SUMMARY

This change allows the ec2_facts module to set facts with the data from the EC2 dynamic data (instance identity document, signatures, etc.). Due to the this, parsing the region out of the availability zone is no longer needed; the hardcoded list of regions and parsing are removed and the old placement region key is left for backwards compatibility.

Minor changes:

  • The IAM info/credentials data is also flattened out so that there is a key for each value inside the JSON document
  • The IAM role is parsed out separately (handles Add better iam role ec2 facts #21626)
  • The security group IDs have commas instead of newlines

Before

"ansible_ec2_iam_info": "{\n  \"Code\" : \"Success\",\n  \"LastUpdated\" : \"2017-02-16T18:28:22Z\",\n  \"InstanceProfileArn\" : \"arn:aws:iam::<AWS account ID>:instance-profile/<role name>\",\n  \"InstanceProfileId\" : \"<instance profile ID>\"\n}",
"ansible_ec2_iam_security_credentials_<role name>": "{\n  \"Code\" : \"Success\",\n  \"LastUpdated\" : \"2017-02-16T18:28:07Z\",\n  \"Type\" : \"AWS-HMAC\",\n  \"AccessKeyId\" : \"<Access Key ID>\",\n  \"SecretAccessKey\" : \"<Secret Access Key>\",\n  \"Token\" : \"<token>\",\n  \"Expiration\" : \"2017-02-17T01:01:22Z\"\n}",
...
"ansible_ec2_network_interfaces_macs_<mac>_security_group_ids": "<sg1>\n<sg2>",

After

"ansible_ec2_fws_instance_monitoring": "enabled",
...
"ansible_ec2_iam_info_code": "Success",
"ansible_ec2_iam_info_instanceprofilearn": "arn:aws:iam::<AWS Account ID>:instance-profile/<role name>",
"ansible_ec2_iam_info_instanceprofileid": "<instance profile ID>",
"ansible_ec2_iam_info_lastupdated": "2017-02-16T18:28:22Z",
"ansible_ec2_iam_instance_profile_role": "<role name>",
"ansible_ec2_iam_security_credentials_<role name>_accesskeyid": "<Access Key ID>",
"ansible_ec2_iam_security_credentials_<role name>_code": "Success",
"ansible_ec2_iam_security_credentials_<role name>_expiration": "2017-02-17T01:01:22Z",
"ansible_ec2_iam_security_credentials_<role name>_lastupdated": "2017-02-16T18:28:07Z",
"ansible_ec2_iam_security_credentials_<role name>_secretaccesskey": "<Secret Access Key>",
"ansible_ec2_iam_security_credentials_<role name>_token": "<token>",
"ansible_ec2_iam_security_credentials_<role name>_type": "AWS-HMAC",
...
"ansible_ec2_instance_identity_document_accountid": "<AWS Account ID>",
"ansible_ec2_instance_identity_document_architecture": "x86_64",
"ansible_ec2_instance_identity_document_availabilityzone": "us-east-1a",
"ansible_ec2_instance_identity_document_billingproducts": null,
"ansible_ec2_instance_identity_document_devpayproductcodes": null,
"ansible_ec2_instance_identity_document_imageid": "<image ID>",
"ansible_ec2_instance_identity_document_instanceid": "<instance ID>",
"ansible_ec2_instance_identity_document_instancetype": "t2.medium",
"ansible_ec2_instance_identity_document_kernelid": null,
"ansible_ec2_instance_identity_document_pendingtime": "2017-02-07T20:24:56Z",
"ansible_ec2_instance_identity_document_privateip": "<private IP>",
"ansible_ec2_instance_identity_document_ramdiskid": null,
"ansible_ec2_instance_identity_document_region": "us-east-1",
"ansible_ec2_instance_identity_document_version": "2010-08-31",
"ansible_ec2_instance_identity_pkcs7": "<PKCS7 signature>",
"ansible_ec2_instance_identity_rsa2048": "<RSA signature>",
"ansible_ec2_instance_identity_signature": "<instance identity signature>",
...
"ansible_ec2_network_interfaces_macs_<mac>_security_group_ids": "<sg1>,<sg2>",

@ansibot
Copy link
Contributor

ansibot commented Feb 16, 2017

cc @willthames @silviud
click here for bot help

@ansibot ansibot added WIP This issue/PR is a work in progress. Nevertheless it was shared for getting input from peers. affects_2.3 This issue/PR affects Ansible v2.3 aws cloud committer_review In order to be merged, this PR must follow the certified review workflow. feature_pull_request module This issue/PR relates to a module. needs_triage Needs a first human triage before being processed. labels Feb 16, 2017
@s-hertel s-hertel removed the needs_triage Needs a first human triage before being processed. label Feb 17, 2017
@roadmapper roadmapper changed the title [WIP] Add support for EC2 dynamic data in ec2_facts Add support for EC2 dynamic data in ec2_facts Feb 17, 2017
@ansibot ansibot removed the WIP This issue/PR is a work in progress. Nevertheless it was shared for getting input from peers. label Feb 17, 2017
@roadmapper
Copy link
Contributor Author

Just checking in if there was any update on this. I don't think there will be any action from @silviud; he doesn't seem to actively checks PRs. Maybe this PR should be community reviewed?

@ansibot ansibot added the affects_2.4 This issue/PR affects Ansible v2.4 label Mar 27, 2017
@ansibot ansibot added the stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. label Apr 11, 2017
@ansibot ansibot added needs_rebase https://docs.ansible.com/ansible/devel/dev_guide/developing_rebasing.html needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. and removed committer_review In order to be merged, this PR must follow the certified review workflow. stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. labels Apr 27, 2017
@ansibot
Copy link
Contributor

ansibot commented Apr 27, 2017

The test ansible-test sanity --test pep8 failed with the following error:

lib/ansible/modules/cloud/amazon/ec2_facts.py:133:5: E303 too many blank lines (2)

click here for bot help

@ansibot ansibot added ci_verified Changes made in this PR are causing tests to fail. committer_review In order to be merged, this PR must follow the certified review workflow. and removed needs_rebase https://docs.ansible.com/ansible/devel/dev_guide/developing_rebasing.html ci_verified Changes made in this PR are causing tests to fail. needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. labels Apr 27, 2017
@s-hertel s-hertel self-assigned this May 2, 2017
@mattclay
Copy link
Member

Renaming/deprecating a module should be done in a separate PR from actual code changes. There are two reasons for this:

  1. Renaming/deprecating is something that can be quickly reviewed and merged (or rejected), since there are no substantial changes required to the module itself.

  2. Combining a rename and code changes usually complicates reviewing diffs. Since git doesn't track renames, it must detect them after the fact. Significant code changes usually prevent this detection from occurring, causing diffs to show up as a full delete and add instead of a rename.

@mattclay
Copy link
Member

Oh, and a third reason. The bot will ping namespace maintainers on a rename, despite the module not being new. It's better to do this on a PR which will quickly be merged (the rename), instead of pulling in a lot of maintainers to discussion on changes for the module which really only need to involve the module maintainer(s).

@ansibot ansibot added community_review In order to be merged, this PR must follow the community review workflow. and removed needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. labels Jun 27, 2017
@roadmapper
Copy link
Contributor Author

Unfortunately this PR has sat out for a long time; I'm happy to change it back to the old name and submit a PR if that will speed things along. I kept trying to find guidelines on the module rename process with changes, but I didn't find much guidance, except for @ryansb's proposal suggested by @s-hertel. I would still like to modify the Ansible doc of the old module so that return values are properly documented.

@s-hertel
Copy link
Contributor

@roadmapper If you want help with putting this back the way it was prior to the renaming changes let me know. I agree with mattclay's points but I'm sorry about your inconvenience with the back and forth.

@ansibot ansibot added the support:community This issue/PR relates to code supported by the Ansible community. label Jun 29, 2017
@roadmapper
Add support for EC2 dynamic data in ec2_facts
32ef994 
- Flattens out JSON in the instance identity document and IAM info/credentials for easy access to facts
- This changes region fact from ‘ansible_ec2_placement_region’ to ’ansible_ec2_instance_identity_document_region’
@roadmapper
Maintain backwards compatibility by putting the region into the old key
3388684
@roadmapper
Improve JSON parsing logic and split security group IDs
a975a05
@roadmapper
Add documentation, backwards compatibility, fix bug and formatting
8d006b8 
- Update documentation for ec2_facts with return values
- Preserve JSON value from the metadata service for backwards compatibility
- Fix bug in fix_invalid_varnames
  - The keys in the dict were being modified in place; new dict now created to hold the sanitized keys
  - Consolidate two replace calls with a regex substitution
- Move imports for ec2_facts to the top
@roadmapper
Add support for parsing the IAM instance profile role
8a615fb
@ansibot ansibot added committer_review In order to be merged, this PR must follow the certified review workflow. support:curated and removed community_review In order to be merged, this PR must follow the community review workflow. new_module This PR includes a new module. labels Jun 30, 2017
@roadmapper
Copy link
Contributor Author

Reverted the module rename and tested, ready_for_review

@willthames willthames merged commit c884d4a into ansible:devel Jun 30, 2017
@willthames
Copy link
Contributor

Merged, thanks for your patience and bearing with us!

@willthames
Copy link
Contributor

And apologies for my bad suggestion of doing the deprecation at the same time.

@roadmapper roadmapper mentioned this pull request Jun 30, 2017
Merged
@s-hertel s-hertel mentioned this pull request Aug 11, 2017
Closed
@tedder tedder mentioned this pull request Jan 10, 2018
Closed
@ansibot ansibot added feature This issue/PR relates to a feature request. and removed feature_pull_request labels Mar 4, 2018
@roadmapper roadmapper mentioned this pull request Apr 17, 2018
Closed
@ansible ansible locked and limited conversation to collaborators Apr 26, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ryansb ryansb ryansb left review comments

@s-hertel s-hertel s-hertel approved these changes

Assignees
No one assigned
Labels
affects_2.3 This issue/PR affects Ansible v2.3 affects_2.4 This issue/PR affects Ansible v2.4 aws cloud committer_review In order to be merged, this PR must follow the certified review workflow. feature This issue/PR relates to a feature request. module This issue/PR relates to a module. support:community This issue/PR relates to code supported by the Ansible community.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@roadmapper @ansibot @willthames @s-hertel @mattclay @ryansb