rename aws_credentials_profile and aws_credentials_section to be more…

… clear

README.md

@@ -1,12 +1,24 @@
 aws-credentials
 =========
 
-A brief description of aws-credentials goes here.
+Install aws credentials onto a destination machine.  ~/.aws/credentials is the location for boto and other system libraries to look for credentials.
+
+There are two ways that credentials are obtained to put on the machine.
+
+** Explicitly with the following variabile **
+
+* aws_credentials_access_key 
+* aws_credentials_secret_access_key
+
+** Implicitly using a source AWS profile that is setup on the host. **
+
+* aws_credentials_profile_source
+* aws_credentials_profile_destination
 
 Requirements
 ------------
 
-Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+For testing requires aws configure to have been run on the host machine. 
 
 Role Variables
 --------------

defaults/main.yml

@@ -2,7 +2,9 @@
 
 aws_credentials_user: root
 aws_credentials_group: "{{ aws_credentials_user }}"
-aws_credentials_section: default
+
 aws_credentials_access_key: ""
 aws_credentials_secret_access_key: ""
-aws_credentials_profile: ""
+
+aws_credentials_profile_source: default
+aws_credentials_profile_destination: default

tasks/main.yml

@@ -6,25 +6,31 @@
     path=/home/{{ aws_credentials_user }}/.aws
     owner={{ aws_credentials_user }}
     group={{ aws_credentials_group }}
+    mode=0750
+  become_user: '{{ aws_credentials_user }}'
 
 - name: aws-credentials - set .aws/credentials key=access_key
   ini_file:
     dest: /home/{{ aws_credentials_user }}/.aws/credentials
-    section: "{{ aws_credentials_section }}"
+    section: "{{ aws_credentials_profile_destination }}"
     option: aws_access_key_id
-    value: "{{ aws_credentials_access_key if aws_credentials_access_key|length > 0 else lookup('ini','aws_access_key_id section=' + aws_credentials_profile|default('default') + ' file=~/.aws/credentials ') }}"
+    value: "{{ aws_credentials_access_key if aws_credentials_access_key|length > 0 else lookup('ini','aws_access_key_id section=' + aws_credentials_profile_source|default('default') + ' file=~/.aws/credentials ') }}"
     backup: no
     owner: "{{ aws_credentials_user }}"
     group: "{{ aws_credentials_group }}"
+    mode: 0750
+  become_user: '{{ aws_credentials_user }}'
 
 - name: aws-credentials - set .aws/credentials values
   ini_file:
     dest: /home/{{ aws_credentials_user }}/.aws/credentials
-    section: "{{ aws_credentials_section }}"
+    section: "{{ aws_credentials_profile_destination }}"
     option: aws_secret_access_key
     # only look up if the if the aws_credentials_access_key was provided, otherwise, the fact that this value is empty does not mean that we need to look it up
     # it's important to not change this, otherwise, it introduce a security hole
-    value: "{{ aws_credentials_secret_access_key if aws_credentials_access_key|length > 0 else lookup('ini','aws_secret_access_key section=' + aws_credentials_profile|default('default') + ' file=~/.aws/credentials ') }}"
+    value: "{{ aws_credentials_secret_access_key if aws_credentials_access_key|length > 0 else lookup('ini','aws_secret_access_key section=' + aws_credentials_profile_source|default('default') + ' file=~/.aws/credentials ') }}"
     backup: no
     owner: "{{ aws_credentials_user }}"
     group: "{{ aws_credentials_group }}"
+    mode: 0750
+  become_user: '{{ aws_credentials_user }}'

test.yml

@@ -5,15 +5,15 @@
     - role: aws-credentials
       aws_credentials_user: vagrant
       aws_credentials_group: vagrant
-      aws_credentials_section: default
+      aws_credentials_profile_destination: default
       aws_credentials_access_key: blah
       aws_credentials_secret_access_key: blah_bla
 
     #this will only work if aws credentials have been configured on the box that is running this
     - role: aws-credentials
       aws_credentials_user: vagrant
       aws_credentials_group: vagrant
-      aws_credentials_section: real
       aws_credentials_access_key: ''
       aws_credentials_secret_access_key: ''
-      aws_credentials_profile: default
+      aws_credentials_profile_destination: real
+      aws_credentials_profile_source: default