fix AWS plugin credential precedence for environment variables (#52945)

* fix AWS plugin credential precedence for environment variables * Allow aliases in direct plugins options Consolidate precedence fix just in the doc fragment using aliases for mismatched options * Access options with the option name rather than alias * fix indentation * update unit tests * Improve readability
2025-05-02 15:21:25 -07:00 · 2019-03-25 15:53:11 -05:00 · 2019-03-25 15:53:11 -05:00 · 54be769e8d
commit 54be769e8d
parent 4fac91bed5
8 changed files with 54 additions and 83 deletions
--- a/lib/ansible/plugins/inventory/aws_ec2.py
+++ b/lib/ansible/plugins/inventory/aws_ec2.py
@ -14,6 +14,7 @@ DOCUMENTATION = '''
    extends_documentation_fragment:
        - inventory_cache
        - constructed
+        - aws_credentials
    description:
        - Get inventory hosts from Amazon Web Services EC2.
        - Uses a YAML configuration file that ends with aws_ec2.(yml|yaml).
@ -25,34 +26,6 @@ DOCUMENTATION = '''
            description: token that ensures this is a source file for the 'aws_ec2' plugin.
            required: True
            choices: ['aws_ec2']
-        boto_profile:
-          description:
-              - The boto profile to use.
-              - This plugin supports boto3-style credentials, so the profile may be sourced from ~/.aws/config for assuming an IAM role.
-              - See U(https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html) for details.
-          env:
-              - name: AWS_PROFILE
-              - name: AWS_DEFAULT_PROFILE
-        aws_access_key_id:
-          description: The AWS access key to use. If you have specified a profile, you don't need to provide
-              an access key/secret key/session token.
-          env:
-              - name: AWS_ACCESS_KEY_ID
-              - name: AWS_ACCESS_KEY
-              - name: EC2_ACCESS_KEY
-        aws_secret_access_key:
-          description: The AWS secret key that corresponds to the access key. If you have specified a profile,
-              you don't need to provide an access key/secret key/session token.
-          env:
-              - name: AWS_SECRET_ACCESS_KEY
-              - name: AWS_SECRET_KEY
-              - name: EC2_SECRET_KEY
-        aws_security_token:
-          description: The AWS security token if using temporary access and secret keys.
-          env:
-              - name: AWS_SECURITY_TOKEN
-              - name: AWS_SESSION_TOKEN
-              - name: EC2_SECURITY_TOKEN
        regions:
          description:
              - A list of regions in which to describe EC2 instances.
@ -555,9 +528,9 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
            :param config_data: contents of the inventory config file
        '''

-        self.boto_profile = self.get_option('boto_profile')
-        self.aws_access_key_id = self.get_option('aws_access_key_id')
-        self.aws_secret_access_key = self.get_option('aws_secret_access_key')
+        self.boto_profile = self.get_option('aws_profile')
+        self.aws_access_key_id = self.get_option('aws_access_key')
+        self.aws_secret_access_key = self.get_option('aws_secret_key')
        self.aws_security_token = self.get_option('aws_security_token')

        if not self.boto_profile and not (self.aws_access_key_id and self.aws_secret_access_key):