community.aws
community.aws copied to clipboard
ansible-collections
community.aws.iam_role_info: preserve case when returning role trust relationship
SUMMARY
Current community.aws.iam_role_info returns the following dict. for a given role based on the usage of the camel_dict_to_snake_dict function as follows:
{
"arn": "arn:aws:iam::XXXX:role/XXXX-admin",
"assume_role_policy_document": {
"statement": [
{
"action": "sts:AssumeRoleWithSAML",
"condition": {
"string_equals": {
"saml:aud": "https://signin.aws.amazon.com/saml"
}
},
"effect": "Allow",
"principal": {
"federated": "arn:aws:iam::XXXX:saml-provider/compnay"
}
},
{
"action": "sts:AssumeRole",
"effect": "Allow",
"principal": {
"aws": "arn:aws:iam::YYYY:root"
}
}
],
"version": "2012-10-17"
},
The trust relationship does not respect the case of the AWS resource, thus rendering the trust relationship invalid.
ISSUE TYPE
- Feature Idea
COMPONENT NAME
community.aws.iam_role_info
ADDITIONAL INFORMATION
The suggestion consists in adding a module option, such as preserve_case which would render the trust relationship compliant with IAM syntax:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::XXXXXX:saml-provider/compnay"
},
"Action": "sts:AssumeRoleWithSAML",
"Condition": {
"StringEquals": {
"SAML:aud": "https://signin.aws.amazon.com/saml"
}
}
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::XXXXXX:root"
},
"Action": "sts:AssumeRole"
}
]
}
Files identified in the description: None
If these files are inaccurate, please update the component name section of the description or use the !component bot command.
In some cases it is reversable when you use a simple custom python filter that uses just snake_dict_to_camel_dict.
But aws has so many exceptions in their keys all over their platform. I think preserve_case parameter is a good idea and should be easy to implement.
