From b5c784120a0c01d19e64129b8dfd93812bddeed1 Mon Sep 17 00:00:00 2001
From: Guillaume Coré <gucore@redhat.com>
Date: Mon, 03 Sep 2018 14:10:46 +0200
Subject: [PATCH] bucket name must be unique across all AWS account

---
 ansible/roles/infra-ec2-template-generate/tasks/main.yml |   21 ++++++++++++++++++---
 ansible/roles/infra-ec2-template-create/tasks/main.yml   |    2 +-
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/ansible/roles/infra-ec2-template-create/tasks/main.yml b/ansible/roles/infra-ec2-template-create/tasks/main.yml
index a58289b..a41fe44 100644
--- a/ansible/roles/infra-ec2-template-create/tasks/main.yml
+++ b/ansible/roles/infra-ec2-template-create/tasks/main.yml
@@ -64,7 +64,7 @@
         region: "{{ aws_region_loop | d(aws_region) | d(region) | d('us-east-1')}}"
         # rollback is unreliable, it can make this task hang forever.
         disable_rollback: true
-        template_url: "https://s3.amazonaws.com/redhat-gpe-cloudformation-templates/{{env_type}}.{{guid}}.{{cloud_provider}}_cloud_template"
+        template_url: "https://s3.amazonaws.com/{{bucket_templates}}/{{env_type}}.{{guid}}.{{cloud_provider}}_cloud_template"
         tags: "{{ cf_tags | combine(cloud_tags_final)}}"
       tags:
         - aws_infrastructure_deployment
diff --git a/ansible/roles/infra-ec2-template-generate/tasks/main.yml b/ansible/roles/infra-ec2-template-generate/tasks/main.yml
index ebb4295..83b2565 100644
--- a/ansible/roles/infra-ec2-template-generate/tasks/main.yml
+++ b/ansible/roles/infra-ec2-template-generate/tasks/main.yml
@@ -45,12 +45,27 @@
     AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}"
     AWS_DEFAULT_REGION: "{{aws_region_final|d(aws_region)}}"
   block:
+    - name: Get user name
+      command: aws iam get-user
+      register: rget_user
+      ignore_errors: yes
+
+    # Bucket name must be globally unique. Use the userID to define the bucketname.
+    # Otherwise when we use the code in another account it fails because the bucket
+    # already exists.
+    - set_fact:
+        aws_account_user: "{{rget_user.stdout|from_json|json_query('User.UserId')}}"
+      ignore_errors: yes
+
+    - set_fact:
+        bucket_templates: "cloudformation-templates-{{aws_account_user|default('user')}}"
+
     - name: Create bucket
       s3_bucket:
-        name: redhat-gpe-cloudformation-templates
+        name: "{{bucket_templates}}"
     - name: Copy Template to S3
       aws_s3:
-        bucket: redhat-gpe-cloudformation-templates
+        bucket: "{{bucket_templates}}"
         object: "{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template"
         src: "{{ANSIBLE_REPO_PATH}}/workdir/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template"
         mode: put
@@ -83,7 +98,7 @@
   command: >-
     aws cloudformation validate-template
     --region {{ aws_region_final | d(aws_region) | default(region) | default('us-east-1')}}
-    --template-url https://s3.amazonaws.com/redhat-gpe-cloudformation-templates/{{env_type}}.{{guid}}.{{cloud_provider}}_cloud_template
+    --template-url https://s3.amazonaws.com/{{bucket_templates}}/{{env_type}}.{{guid}}.{{cloud_provider}}_cloud_template
   changed_when: false
   register: cloudformation_validation
   until: cloudformation_validation is succeeded

--
Gitblit v1.9.3