Fix ARN lookup when using IAM roles in boto_iam module

2024-11-08 17:33:54 +00:00 · 2015-03-02 12:06:45 -08:00 · 2015-03-02 12:06:45 -08:00 · b12e96424e
commit b12e96424e
parent 4623f92554
1 changed files with 21 additions and 4 deletions
--- a/salt/modules/boto_iam.py
+++ b/salt/modules/boto_iam.py
@ -427,10 +427,27 @@ def get_account_id(region=None, key=None, keyid=None, profile=None):
    cache_key = 'boto_iam.account_id'
    if cache_key not in __context__:
        conn = _get_conn(region, key, keyid, profile)
-        ret = conn.get_user()
-        # the get_user call returns an user ARN:
-        #    arn:aws:iam::027050522557:user/salt-test
-        arn = ret['get_user_response']['get_user_result']['user']['arn']
+        try:
+            ret = conn.get_user()
+            # The get_user call returns an user ARN:
+            #    arn:aws:iam::027050522557:user/salt-test
+            arn = ret['get_user_response']['get_user_result']['user']['arn']
+        except boto.exception.BotoServerError:
+            # If call failed, then let's try to get the ARN from the metadata
+            timeout = boto.config.getfloat(
+                'Boto', 'metadata_service_timeout', 1.0
+            )
+            attempts = boto.config.getint(
+                'Boto', 'metadata_service_num_attempts', 1
+            )
+            metadata = boto.utils.get_instance_metadata(
+                timeout=timeout, num_retries=attempts
+            )
+            try:
+                arn = metadata['iam']['info']['InstanceProfileArn']
+            except KeyError:
+                log.error('Failed to get user or metadata ARN information in'
+                          ' boto_iam.get_account_id.')
        __context__[cache_key] = arn.split(':')[4]
    return __context__[cache_key]