Conversation
|
@chadmf thoughts on pulling in this credential plugin? |
|
kicking CI |
|
LGTM! |
github-actions
bot
added
component:awx_collection
Signed-off-by: Derek <derek@frisbeeworld.com>
Signed-off-by: Derek <derek@frisbeeworld.com>
Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
Signed-off-by: Derek <derek@frisbeeworld.com>
derekwaters
force-pushed
the
add_aws_assume_role_plugin
branch
from
28dc514 to
3f001d7
Compare
|
Now updated to pass unit tests properly, and adjusted for Sonarcloud scan. Sorry about the previous unit testing and linting failures, poor form on my part. |
|
re kicked CI @derekwaters and no worries. |
thedoubl3j
left a comment
thedoubl3j
left a comment
There was a problem hiding this comment.
rebased and waiting for CI to finish. thanks for the contribution @derekwaters
|
|
Also @derekwaters do note that this code will be affected by our new architecture work to move inv plugins and creds out of the AWX. A forum post can be found talking about it. I didn't want to get into a state of you doing all of this work here and then us cutting things and this not be there, thus forcing you to recontribute already "done" work. Either myself or @chrismeyersfsu in #15476 will cut over the work to the new repo (https://github.com/ansible/awx-plugins) and make sure that commit history and authorship is preserved. |
|
Thanks @thedoubl3j I am aware of that move, I'm happy to rework if necessary in the new repo, but if this can go in before the refactor, then great. |
|
@derekwaters the corresponding code for other things is already in the other repo. So here it'll only be a removal and wiring up the dependency. That repo, though, is still in progress of integrating the migrated code with the dev/test infra. You can make a PR already but it'll be a minute until the infra becomes able to accept it. |
|
any update on this? still waiting for this feature.! |
|
Any update about this? |
|
@ki0 @pratikkumar-mohite I currently don't have cycles but if someone wants to pick this up, please feel free. I did note that we are seeing movement on this so will raise it up. We are revisiting a lot of the plugins and this repo in particular in the upcoming months. more just on how we consume them and make this particular process (contributing them) easier. So if folks have tried or are have issues adding their own in deployments on devel, please provide that feedback. Forum or here is welcome. |
|
conflicts will need to be resolved and CI kicked again but currently, I see no reason for this to be blocked. |
|
Hi @thedoubl3j I'm happy to revisit this, but as per webknjaz's comment in August last year, this was moved to a PR on the awx-plugins repo instead. Should I be revisiting that PR (ansible/awx-plugins#24) instead? Apologies, I know the awx rearchitecture program is in progress, so I don't want to contribute additional work by pushing code into the wrong place! |
|
@derekwaters yes, most places you're touching don't exist in this repo anymore. |
|
this is correct, we should close this my apologies @derekwaters @webknjaz I thought I was in awx-plugins -_- |
7 participants
SUMMARY
This change adds a new credential plugin that allows for the lookup of temporary AWS credentials using the AWS AssumeRole API. An AWS User Account may be configured either in the AssumeRole credential plugin (with an Access Key and Secret Key) or the default AWS API authentication may be used within the execution environment.
Prior to execution a job, the AWS AssumeRole API is called with the specified role name (ARN). If the authentication is successful, a temporary Access Key, Secret Key and Session Token are generated by AWS and used to populate a standard AWS Access Credential.
ISSUE TYPE
COMPONENT NAME
AWX VERSION
ADDITIONAL INFORMATION
AWS AssumeRole API information can be found here:
https://docs.aws.amazon.com/cli/latest/reference/sts/assume-role.html#output
Details of how this plugin works (from when it was implemented as a custom user-installed plugin) can be found here:
https://derekwaters.github.io/ansible/execution/environments/credentials/aws/sts/assume/role/2023/12/21/building-a-custom-credential-plugin.html