Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update iam_role.update_role_description to use UpdateRole action #204

Closed
Martin11175 opened this issue Aug 26, 2020 · 4 comments · Fixed by #697
Closed

Update iam_role.update_role_description to use UpdateRole action #204

Martin11175 opened this issue Aug 26, 2020 · 4 comments · Fixed by #697
Assignees
@mandar242
Labels
affects_2.10 bug This issue/PR relates to a bug easyfix Good for new comers and easy to start with contribution module module plugins plugin (any type) python3 waiting_on_contributor Needs help. Feel free to engage to get things unblocked

Comments

@Martin11175
Copy link

SUMMARY

UpdateRoleDescription action is deprecated and should be replaced with UpdateRole action call, but in a way such that existing workflows reliant on the UpdateRoleDescription permission are able to use it if necessary.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

iam_role

ANSIBLE VERSION
ansible 2.9.7
  config file = None
  configured module search path = ['/home/mhiggs/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/mhiggs/.local/lib/python3.6/site-packages/ansible
  executable location = /home/mhiggs/.local/bin/ansible
  python version = 3.6.9 (default, Apr 18 2020, 01:56:04) [GCC 8.4.0]
CONFIGURATION
OS / ENVIRONMENT

Windows 10 / WSL Ubuntu 18.04

STEPS TO REPRODUCE

Using an AWS role with iam:UpdateRole permissions on another existing role:

- name: Update a role's description
  iam_role:
    name: existing-role
    description: A new description
EXPECTED RESULTS

No error, role updates successfully.

ACTUAL RESULTS

Module call fails:

\"Unable to update description for role existing-role: An error occurred (AccessDenied) when calling the UpdateRoleDescription operation: User: arn:aws:sts::*:assumed-role/test-iam-role is not authorized to perform: iam:UpdateRoleDescription on resource: role existing-role\""
@ansibullbot
Copy link

Files identified in the description:

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

@ansibullbot
Copy link

cc @jillr @s-hertel @tremble @wimnat
click here for bot help

@ansibullbot ansibullbot added affects_2.10 bug This issue/PR relates to a bug module module needs_triage plugins plugin (any type) python3 labels Aug 27, 2020
@gravesm gravesm added waiting_on_contributor Needs help. Feel free to engage to get things unblocked easyfix Good for new comers and easy to start with contribution and removed needs_triage labels Feb 12, 2021
@gravesm
Copy link
Member

gravesm commented Feb 12, 2021

@Martin11175 Thank you for reporting this issue. Would you be willing to submit a PR for this?

@mandar242 mandar242 self-assigned this Aug 24, 2021
@ansibullbot
Copy link

cc @markuman
click here for bot help

@tremble tremble linked a pull request Aug 24, 2021 that will close this issue
iam_role: replace UpdateRoleDescription with use UpdateRole #697
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mandar242 mandar242

Labels
affects_2.10 bug This issue/PR relates to a bug easyfix Good for new comers and easy to start with contribution module module plugins plugin (any type) python3 waiting_on_contributor Needs help. Feel free to engage to get things unblocked
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

iam_role: replace UpdateRoleDescription with use UpdateRole mandar242/community.aws
4 participants
@gravesm @Martin11175 @mandar242 @ansibullbot