From 4b1245477f19b8e3312bc093530597986b0f19ad Mon Sep 17 00:00:00 2001 From: Sebastien Rosset Date: Wed, 9 Feb 2022 07:36:32 -0800 Subject: [PATCH] Handle ResourceNotFoundException while iterating certificates (#646) Handle ResourceNotFoundException while iterating certificates SUMMARY The module/utils/acm.py was not correctly handling deletion of certificates. While iterating over a list of certificates, the get_certificate function was making API calls to obtain more information about the certificates, but some certificates may be deleted while iterating. Fixes #622 ISSUE TYPE Bugfix Pull Request COMPONENT NAME acm.py ADDITIONAL INFORMATION Wow, it seems many tests are very flaky. I'm attempting to fix an issue in ACM, but problems occur elsewhere. Not to mention I raised this PR to fix #622, which was discovered while working on ansible-collections/community.aws#870. And I discovered other issues as well, and so it looks like it's not possible to make any progress without going down a tree of bug fixes. TypeError: 'NoneType' object is not subscriptable fatal: [testhost]: FAILED! => { "changed": false, "module_stderr": "Traceback (most recent call last):\n File \"\", line 121, in \n File \"\", line 113, in _ansiballz_main\n File \"\", line 61, in invoke_module\n File \"/usr/lib64/python3.8/runpy.py\", line 207, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib64/python3.8/runpy.py\", line 97, in _run_module_code\n _run_code(code, mod_globals, init_globals,\n File \"/usr/lib64/python3.8/runpy.py\", line 87, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_ec2_vpc_igw_payload_g4o1kl_r/ansible_ec2_vpc_igw_payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2_vpc_igw.py\", line 248, in \n File \"/tmp/ansible_ec2_vpc_igw_payload_g4o1kl_r/ansible_ec2_vpc_igw_payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2_vpc_igw.py\", line 242, in main\n File \"/tmp/ansible_ec2_vpc_igw_payload_g4o1kl_r/ansible_ec2_vpc_igw_payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2_vpc_igw.py\", line 132, in process\n File \"/tmp/ansible_ec2_vpc_igw_payload_g4o1kl_r/ansible_ec2_vpc_igw_payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2_vpc_igw.py\", line 220, in ensure_igw_present\n File \"/tmp/ansible_ec2_vpc_igw_payload_g4o1kl_r/ansible_ec2_vpc_igw_payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2_vpc_igw.py\", line 158, in get_igw_info\nTypeError: 'NoneType' object is not subscriptable\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1 } Reviewed-by: Alina Buzachis Reviewed-by: Jill R --- .../fragments/646-acm-resource-not-found.yml | 3 +++ plugins/module_utils/acm.py | 16 +++++++++++++--- 2 files changed, 16 insertions(+), 3 deletions(-) create mode 100644 changelogs/fragments/646-acm-resource-not-found.yml diff --git a/changelogs/fragments/646-acm-resource-not-found.yml b/changelogs/fragments/646-acm-resource-not-found.yml new file mode 100644 index 00000000000..4bef9adbfa8 --- /dev/null +++ b/changelogs/fragments/646-acm-resource-not-found.yml @@ -0,0 +1,3 @@ +bugfixes: +- >- + aws_acm - No longer raising ResourceNotFound exception while retrieving ACM certificates. diff --git a/plugins/module_utils/acm.py b/plugins/module_utils/acm.py index 0fc86516e4a..e0934deade4 100644 --- a/plugins/module_utils/acm.py +++ b/plugins/module_utils/acm.py @@ -38,6 +38,7 @@ from ansible.module_utils._text import to_bytes from ansible.module_utils.common.dict_transformations import camel_dict_to_snake_dict +from .core import is_boto3_error_code from .ec2 import AWSRetry from .ec2 import ansible_dict_to_boto3_tag_list from .ec2 import boto3_tag_list_to_ansible_dict @@ -109,19 +110,28 @@ def get_certificates(self, client, module, domain_name=None, statuses=None, arn= for certificate in certificates: try: cert_data = self.describe_certificate_with_backoff(client, certificate['CertificateArn']) - except (BotoCoreError, ClientError) as e: + except is_boto3_error_code('ResourceNotFoundException'): + # The certificate was deleted after the call to list_certificates_with_backoff. + continue + except (BotoCoreError, ClientError) as e: # pylint: disable=duplicate-except module.fail_json_aws(e, msg="Couldn't obtain certificate metadata for domain %s" % certificate['DomainName']) # in some states, ACM resources do not have a corresponding cert if cert_data['Status'] not in ['PENDING_VALIDATION', 'VALIDATION_TIMED_OUT', 'FAILED']: try: cert_data.update(self.get_certificate_with_backoff(client, certificate['CertificateArn'])) - except (BotoCoreError, ClientError, KeyError) as e: + except is_boto3_error_code('ResourceNotFoundException'): + # The certificate was deleted after the call to list_certificates_with_backoff. + continue + except (BotoCoreError, ClientError, KeyError) as e: # pylint: disable=duplicate-except module.fail_json_aws(e, msg="Couldn't obtain certificate data for domain %s" % certificate['DomainName']) cert_data = camel_dict_to_snake_dict(cert_data) try: tags = self.list_certificate_tags_with_backoff(client, certificate['CertificateArn']) - except (BotoCoreError, ClientError) as e: + except is_boto3_error_code('ResourceNotFoundException'): + # The certificate was deleted after the call to list_certificates_with_backoff. + continue + except (BotoCoreError, ClientError) as e: # pylint: disable=duplicate-except module.fail_json_aws(e, msg="Couldn't obtain tags for domain %s" % certificate['DomainName']) cert_data['tags'] = boto3_tag_list_to_ansible_dict(tags)