amazon.aws icon indicating copy to clipboard operation
amazon.aws copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

Logic bug in the aws_ssm lookup module

Open dginther opened this issue 4 years ago • 1 comments
trafficstars

SUMMARY

Problem: If you request a versioned parameter using the lookup function, you get an unhandled exception. This is because although we are checking for just the name of the parameter (by using .split), when we add it to the list we are returning, we use the name as-is for the index lookup. Here is an example from the Python console, based on the code in the buggy module.

session = boto3.Session()
ssm = session.client('ssm')
ssm_dict["Names"] = ['/path/to/parameter:1']
response = ssm.get_parameters(**ssm_dict)
params = boto3_tag_list_to_ansible_dict(response['Parameters'], tag_name_key_name="Name",
                                                                    tag_value_key_name="Value")
for i in ['/path/to/parameter:1']:
  if i.split(':', 1)[0] in params:
    print(params[i])

Traceback (most recent call last):
  File "<stdin>", line 3, in <module>
KeyError: '/path/to/parameter:1'

Fixes: #389

ISSUE TYPE
  • Bug Report
COMPONENT NAME

aws_ssm lookup module

ANSIBLE VERSION
ansible 2.10.7
  config file = None
  configured module search path = ['/Users/demianginther/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.9.2 (default, Mar 26 2021, 23:27:12) [Clang 12.0.0 (clang-1200.0.32.29)]
CONFIGURATION
--- no output ---
OS / ENVIRONMENT
STEPS TO REPRODUCE
session = boto3.Session()
ssm = session.client('ssm')
ssm_dict["Names"] = ['/path/to/parameter:1']
response = ssm.get_parameters(**ssm_dict)
params = boto3_tag_list_to_ansible_dict(response['Parameters'], tag_name_key_name="Name",
                                                                    tag_value_key_name="Value")
for i in ['/path/to/parameter:1']:
  if i.split(':', 1)[0] in params:
    print(params[i])
EXPECTED RESULTS

Expected output is to see the encrypted secret

ACTUAL RESULTS
Traceback (most recent call last):
  File "<stdin>", line 3, in <module>
KeyError: '/path/to/parameter:1'

dginther avatar Jun 17 '21 14:06 dginther

Files identified in the description:

  • [lib/ansible/plugins/lookup](https://github.com/['ansible-collections/amazon.aws', 'ansible-collections/community.aws', 'ansible-collections/community.vmware']/blob/main/lib/ansible/plugins/lookup)

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot avatar Jun 17 '21 14:06 ansibullbot

Apologies for the delay here.

As was noted in #388 there's been some substantial work on this lookup plugin. I've just tested against main and the issue seems to be resolved now. #1356 adds an integration test to avoid regressions. However, since the issue appears to be resolved I'm going to close this issue.

tremble avatar Feb 09 '23 12:02 tremble