Merge pull request #7033 from chrismeyersfsu/fix-3801

use newest aws env var names for creds
2026-01-12 18:40:01 -03:30 · 2017-07-13 08:09:24 -04:00 · 2017-07-13 08:09:24 -04:00 · 2f7a720ba1
commit 2f7a720ba1
parent 4b9385a233 6511d2968e
2 changed files with 7 additions and 7 deletions
--- a/awx/main/tasks.py
+++ b/awx/main/tasks.py
@ -557,7 +557,7 @@ class BaseTask(Task):
        urlpass_re = re.compile(r'^.*?://[^:]+:(.*?)@.*?$')
        safe_env = dict(env)
        for k,v in safe_env.items():
-            if k in ('REST_API_URL', 'AWS_ACCESS_KEY', 'AWS_ACCESS_KEY_ID'):
+            if k in ('REST_API_URL', 'AWS_ACCESS_KEY_ID'):
                continue
            elif k.startswith('ANSIBLE_') and not k.startswith('ANSIBLE_NET'):
                continue
@ -943,8 +943,8 @@ class RunJob(BaseTask):
        cred_files = kwargs.get('private_data_files', {}).get('credentials', {})
        for cloud_cred in job.cloud_credentials:
            if cloud_cred and cloud_cred.kind == 'aws':
-                env['AWS_ACCESS_KEY'] = cloud_cred.username
-                env['AWS_SECRET_KEY'] = decrypt_field(cloud_cred, 'password')
+                env['AWS_ACCESS_KEY_ID'] = cloud_cred.username
+                env['AWS_SECRET_ACCESS_KEY'] = decrypt_field(cloud_cred, 'password')
                if len(cloud_cred.security_token) > 0:
                    env['AWS_SECURITY_TOKEN'] = decrypt_field(cloud_cred, 'security_token')
                # FIXME: Add EC2_URL, maybe EC2_REGION!
--- a/awx/main/tests/unit/test_tasks.py
+++ b/awx/main/tests/unit/test_tasks.py
@ -494,8 +494,8 @@ class TestJobCredentials(TestJobExecution):
        call_args, _ = self.run_pexpect.call_args_list[0]
        args, cwd, env, stdout = call_args

-        assert env['AWS_ACCESS_KEY'] == 'bob'
-        assert env['AWS_SECRET_KEY'] == 'secret'
+        assert env['AWS_ACCESS_KEY_ID'] == 'bob'
+        assert env['AWS_SECRET_ACCESS_KEY'] == 'secret'
        assert 'AWS_SECURITY_TOKEN' not in env

    def test_aws_cloud_credential_with_sts_token(self):
@ -514,8 +514,8 @@ class TestJobCredentials(TestJobExecution):
        call_args, _ = self.run_pexpect.call_args_list[0]
        args, cwd, env, stdout = call_args

-        assert env['AWS_ACCESS_KEY'] == 'bob'
-        assert env['AWS_SECRET_KEY'] == 'secret'
+        assert env['AWS_ACCESS_KEY_ID'] == 'bob'
+        assert env['AWS_SECRET_ACCESS_KEY'] == 'secret'
        assert env['AWS_SECURITY_TOKEN'] == 'token'

    def test_gce_credentials(self):