Comments (6)
I'm unable to tag the author @wimnat
from community.aws.
Oh, it seems tags do work. It just doesn't look like it when I'm typing.
Anyway, I'm trying to look at the code to figure out what's happening.
I think the problem is that compare_policies
, called from compare_assume_role_policy_document
is comparing a json string to a dictionary.
I find it hard to read Ansible code. But I'm guessing that the call in get_role is calling boto3.client('iam').get_role()
, which returns the existing policy as a string, not a dictionary.
If compare_policies
is passed two identical policies, except one is a dict and one is a json string, after looking at this, I think it would say that they are different. (As opposed to throwing an exception.)
from community.aws.
I can see that you're testing against 2.9.0, there's been some fairly major surgery to the module between the version in Ansible 2.9 and this collection. Are you able to reproduce the issue using the version from this repo?
from community.aws.
I haven't tested against the latest version.
After the big split, is this collection usable yet? Do I just do pip install ansible --pre
and then galaxy install community.aws
?
Note that whilst I haven't executed the code to test my PR (due to #120 ) I have read the code in the master branch, and it looks like the bug is still there. Both in terms of functionality, and a missing not
from the test.
I'll try executing with the latest release.
from community.aws.
The 'not' in the test is correct. I've done a little testing and I think I've narrowed down the actual bug.
The following results in changed
- hosts: localhost
collections:
- amazon.aws
- community.ws
tasks:
- name: "Create role for SMS logging"
iam_role:
name: testing-SNSSMSDeliveryStatusLogging
assume_role_policy_document:
Statement:
- Action:
- "sts:AssumeRole"
Effect: Allow
Principal:
Service:
- "sns.amazonaws.com"
managed_policy:
# let SNS log to CloudWatch
- "arn:aws:iam::aws:policy/service-role/AmazonSNSRole"
boundary: "arn:aws:iam::aws:policy/PowerUserAccess" # should be "{{ boundary_policy_arn }}"
create_instance_profile: False # must be false when assigning a boundary policy
This, however, does not:
- hosts: localhost
collections:
- amazon.aws
- community.ws
tasks:
- name: "Create role for SMS logging"
iam_role:
name: testing-SNSSMSDeliveryStatusLogging
assume_role_policy_document:
Statement:
- Action:
- "sts:AssumeRole"
Effect: Allow
Principal:
Service:
- "sns.amazonaws.com"
Version: "2008-10-17"
managed_policy:
# let SNS log to CloudWatch
- "arn:aws:iam::aws:policy/service-role/AmazonSNSRole"
boundary: "arn:aws:iam::aws:policy/PowerUserAccess" # should be "{{ boundary_policy_arn }}"
create_instance_profile: False # must be false when assigning a boundary policy
Notice the added "Version" in the policy
What's complex is that this would technically be a bug over in amazon.aws (the compare_policy function lives over there)
from community.aws.
After the big split, is this collection usable yet? Do I just do
pip install ansible --pre
and thengalaxy install community.aws
?
I believe so, Yes
from community.aws.
Related Issues (20)
- iam_instance_profile: missing functionality HOT 6
- iam role boundary does not account for gov-cloud HOT 2
- aws_ssm should re-use session across tasks for speed improvement HOT 5
- mq_broker: add wait and wait_for parameters
- Add Associated IAM role to Redshift cluster HOT 1
- Support of EFS Elastic Throughput
- aws.eks_cluster shouldn't require security_groups during new EKS cluster creation HOT 3
- community.aws.ecs_taskdefinition: Invalid type for parameter taskRoleArn error HOT 2
- Unable to configure runtimePlatform in ECS Task Definition to use ARM
- KeyError: 'Description' when deleting transit gateway HOT 2
- Ecs task definition error setting environment vars from ssm
- Don't use S3 for file transfers in SSM connection plugin HOT 1
- s3_website module - Please provide more examples about routing_rules with 1 or multiple redirect rules HOT 3
- Mass apply isort prior to stable-7 branching HOT 3
- KeyError 'Options' from opensearch module_utils HOT 4
- cloudfront_distribution_info summary fails with 'TypeError: CloudFrontFactsServiceManager.describe_cloudfront_property() takes 4 positional arguments but 5 were given' HOT 13
- fix: msk_cluster cannot concurrently support multiple client auth strategies HOT 2
- community.aws.ec2_win_password "unable to parse key data" - Ansible Automation Platform Controller 4.4.2 HOT 1
- Some ansible tasks take upwards of an hour to complete (seemingly at random)
- api_gateway module can not update API Gateway resource configuration with a swagger file
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from community.aws.