ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-22 12:50:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

Speed up ec2_ami_facts and handle permissions issue (#34385)

Browse source 
* describe_images is very slow if not filtered to owner accounts
  *or* if the Owners parameter is passed (unless the Owners parameter
  is `self`). Convert Owners parameters to `owner-id` and `owner-alias`
  filters where possible. Tests with CLI show that `--owners self` is
  fast, `--owners 123456789012` is slow (with or without owner-id filter).

* describe_image_attributes fails against accounts other than your
  own. Launch permissions are useful information, but not critical.
This commit is contained in:
Will Thames 2018-01-17 12:33:33 +10:00 committed by ansibot
commit 8e48793654
1 changed files with 31 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

39
lib/ansible/modules/cloud/amazon/ec2_ami_facts.py
View file

@ -127,7 +127,7 @@ images:
sample: machine
launch_permissions:
description: launch permissions of the ami
returned: always
returned: when image is owned by calling account
type: complex
sample: [{"group": "all"}, {"user_id": "408466080000"}]
name:
@ -189,21 +189,44 @@ from ansible.module_utils.ec2 import (boto3_conn, ec2_argument_spec, get_aws_con
def list_ec2_images(ec2_client, module):
image_ids = module.params.get("image_ids")
filters = ansible_dict_to_boto3_filter_list(module.params.get("filters"))
owners = module.params.get("owners")
executable_users = module.params.get("executable_users")
filters = module.params.get("filters")
owner_param = []
# describe_images is *very* slow if you pass the `Owners`
# param (unless it's self), for some reason.
# Converting the owners to filters and removing from the
# owners param greatly speeds things up.
# Implementation based on aioue's suggestion in #24886
for owner in owners:
if owner.isdigit():
if 'owner-id' not in filters:
filters['owner-id'] = list()
filters['owner-id'].append(owner)
elif owner == 'self':
# self not a valid owner-alias filter (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeImages.html)
owner_param.append(owner)
else:
if 'owner-alias' not in filters:
filters['owner-alias'] = list()
filters['owner-alias'].append(owner)
filters = ansible_dict_to_boto3_filter_list(filters)
try:
images = ec2_client.describe_images(ImageIds=image_ids, Filters=filters, Owners=owners, ExecutableUsers=executable_users)
images = ec2_client.describe_images(ImageIds=image_ids, Filters=filters, Owners=owner_param, ExecutableUsers=executable_users)
images = [camel_dict_to_snake_dict(image) for image in images["Images"]]
for image in images:
launch_permissions = ec2_client.describe_image_attribute(Attribute='launchPermission', ImageId=image['image_id'])['LaunchPermissions']
image['launch_permissions'] = [camel_dict_to_snake_dict(perm) for perm in launch_permissions]
except (ClientError, BotoCoreError) as err:
module.fail_json_aws(err, msg="error describing images")
for image in images:
image['tags'] = boto3_tag_list_to_ansible_dict(image.get('tags', []), 'key', 'value')
try:
image['tags'] = boto3_tag_list_to_ansible_dict(image.get('tags', []))
launch_permissions = ec2_client.describe_image_attribute(Attribute='launchPermission', ImageId=image['image_id'])['LaunchPermissions']
image['launch_permissions'] = [camel_dict_to_snake_dict(perm) for perm in launch_permissions]
except (ClientError, BotoCoreError) as err:
# describing launch permissions of images owned by others is not permitted, but shouldn't cause failures
pass
module.exit_json(images=images)