Browse Source

use ini_file module instead of regexp

master
Markus Bergholz 1 year ago
parent
commit
8cd7742926
1 changed files with 12 additions and 11 deletions
  1. +12
    -11
      ansible/rotate_aws_keys.yml

+ 12
- 11
ansible/rotate_aws_keys.yml View File

@ -43,21 +43,22 @@
profile: "{{ AWS_PROFILE }}"
key_count: 1
- name: replace secret key
replace:
- name: update secret access key credentials file
ini_file:
path: ~/.aws/credentials
regexp: "{{ current_secret_key | regex_escape() }}"
replace: "{{ new_credentials.created_keys[0].secret_access_key }}"
section: "{{ AWS_PROFILE }}"
option: aws_secret_access_key
value: "{{ new_credentials.created_keys[0].secret_access_key }}"
mode: '0600'
backup: yes
register: FILE
failed_when: FILE.changed == false
- name: replace access key
replace:
- name: update access key credentials file
ini_file:
path: ~/.aws/credentials
regexp: "{{ current_access_key }}"
replace: "{{ new_credentials.created_keys[0].access_key_id }}"
section: "{{ AWS_PROFILE }}"
option: aws_access_key_id
value: "{{ new_credentials.created_keys[0].access_key_id }}"
mode: '0600'
rescue:
- name: print new created credentials in case of task failure


Loading…
Cancel
Save