Skip to content

Commit

Permalink
Handle ResourceNotFoundException while iterating certificates (#646)
Browse files Browse the repository at this point in the history
Handle ResourceNotFoundException while iterating certificates

SUMMARY

The module/utils/acm.py was not correctly handling deletion of certificates. While iterating over a list of certificates, the get_certificate function was making API calls to obtain more information about the certificates, but some certificates may be deleted while iterating.
Fixes #622

ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME

acm.py
ADDITIONAL INFORMATION



Wow, it seems many tests are very flaky. I'm attempting to fix an issue in ACM, but problems occur elsewhere. Not to mention I raised this PR to fix #622, which was discovered while working on ansible-collections/community.aws#870. And I discovered other issues as well, and so it looks like it's not possible to make any progress without going down a tree of bug fixes.
TypeError: 'NoneType' object is not subscriptable
fatal: [testhost]: FAILED! => {
    "changed": false,
    "module_stderr": "Traceback (most recent call last):\n  File \"<stdin>\", line 121, in <module>\n  File \"<stdin>\", line 113, in _ansiballz_main\n  File \"<stdin>\", line 61, in invoke_module\n  File \"/usr/lib64/python3.8/runpy.py\", line 207, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib64/python3.8/runpy.py\", line 97, in _run_module_code\n    _run_code(code, mod_globals, init_globals,\n  File \"/usr/lib64/python3.8/runpy.py\", line 87, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_ec2_vpc_igw_payload_g4o1kl_r/ansible_ec2_vpc_igw_payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2_vpc_igw.py\", line 248, in <module>\n  File \"/tmp/ansible_ec2_vpc_igw_payload_g4o1kl_r/ansible_ec2_vpc_igw_payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2_vpc_igw.py\", line 242, in main\n  File \"/tmp/ansible_ec2_vpc_igw_payload_g4o1kl_r/ansible_ec2_vpc_igw_payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2_vpc_igw.py\", line 132, in process\n  File \"/tmp/ansible_ec2_vpc_igw_payload_g4o1kl_r/ansible_ec2_vpc_igw_payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2_vpc_igw.py\", line 220, in ensure_igw_present\n  File \"/tmp/ansible_ec2_vpc_igw_payload_g4o1kl_r/ansible_ec2_vpc_igw_payload.zip/ansible_collections/amazon/aws/plugins/modules/ec2_vpc_igw.py\", line 158, in get_igw_info\nTypeError: 'NoneType' object is not subscriptable\n",
    "module_stdout": "",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
    "rc": 1
}

Reviewed-by: Alina Buzachis <None>
Reviewed-by: Jill R <None>
  • Loading branch information
sebastien-rosset authored Feb 9, 2022
1 parent 4e9aec7 commit 4b12454
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 3 deletions.
3 changes: 3 additions & 0 deletions changelogs/fragments/646-acm-resource-not-found.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
bugfixes:
- >-
aws_acm - No longer raising ResourceNotFound exception while retrieving ACM certificates.
16 changes: 13 additions & 3 deletions plugins/module_utils/acm.py
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
from ansible.module_utils._text import to_bytes
from ansible.module_utils.common.dict_transformations import camel_dict_to_snake_dict

from .core import is_boto3_error_code
from .ec2 import AWSRetry
from .ec2 import ansible_dict_to_boto3_tag_list
from .ec2 import boto3_tag_list_to_ansible_dict
Expand Down Expand Up @@ -109,19 +110,28 @@ def get_certificates(self, client, module, domain_name=None, statuses=None, arn=
for certificate in certificates:
try:
cert_data = self.describe_certificate_with_backoff(client, certificate['CertificateArn'])
except (BotoCoreError, ClientError) as e:
except is_boto3_error_code('ResourceNotFoundException'):
# The certificate was deleted after the call to list_certificates_with_backoff.
continue
except (BotoCoreError, ClientError) as e: # pylint: disable=duplicate-except
module.fail_json_aws(e, msg="Couldn't obtain certificate metadata for domain %s" % certificate['DomainName'])

# in some states, ACM resources do not have a corresponding cert
if cert_data['Status'] not in ['PENDING_VALIDATION', 'VALIDATION_TIMED_OUT', 'FAILED']:
try:
cert_data.update(self.get_certificate_with_backoff(client, certificate['CertificateArn']))
except (BotoCoreError, ClientError, KeyError) as e:
except is_boto3_error_code('ResourceNotFoundException'):
# The certificate was deleted after the call to list_certificates_with_backoff.
continue
except (BotoCoreError, ClientError, KeyError) as e: # pylint: disable=duplicate-except
module.fail_json_aws(e, msg="Couldn't obtain certificate data for domain %s" % certificate['DomainName'])
cert_data = camel_dict_to_snake_dict(cert_data)
try:
tags = self.list_certificate_tags_with_backoff(client, certificate['CertificateArn'])
except (BotoCoreError, ClientError) as e:
except is_boto3_error_code('ResourceNotFoundException'):
# The certificate was deleted after the call to list_certificates_with_backoff.
continue
except (BotoCoreError, ClientError) as e: # pylint: disable=duplicate-except
module.fail_json_aws(e, msg="Couldn't obtain tags for domain %s" % certificate['DomainName'])

cert_data['tags'] = boto3_tag_list_to_ansible_dict(tags)
Expand Down

0 comments on commit 4b12454

Please sign in to comment.