Botocore sets bad endpoint_url #1170

downingar · 2022-10-13T22:41:28Z

Summary

The botocore utility can (but does not need to) set the endpoint_url based on two env vars: (https://github.com/ansible-collections/amazon.aws/blob/main/plugins/module_utils/botocore.py#L190) AWS_URL or EC2_URL. If both are unset everything works as expected. However, if EC2_URL is set to the correct address for EC2, and AWL_URL is unset, when you use a non-ec2 module, such as the route53 module, it fails with a very unhelpful error message:

botocore.exceptions.ClientError: An error occurred () when calling the ListHostedZones operation:

When you try and use an ec2-based module everything works fine, which does point you towards it being a r53-specific issue, but it also muddles the issue, as apparently boto3 is working fine!

When used directly (ie importing boto3 and making a client in the interactive interpreter) boto3 does not follow this pattern, and given the unhelpful error message and the counterintuitive behavior that setting EC2_URL breaks the route53 module, this seems like a case that could be handled better. Frankly I don't understand why EC2_URL is brought in at all, but if it needs to be for backwards compatibility with something, it should only be used when you are creating an EC2 client, I think.

Issue Type

Bug Report

Component Name

botocore

Ansible Version

% ansible --version
ansible [core 2.13.5]
  config file = /Users/alan.downing/.ansible.cfg
  configured module search path = ['/Users/alan.downing/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/alan.downing/repos/data_streaming_infra_management_poc/infra/ansible/.venv/lib/python3.8/site-packages/ansible
  ansible collection location = /Users/alan.downing/.ansible/collections:/usr/share/ansible/collections
  executable location = /Users/alan.downing/repos/data_streaming_infra_management_poc/infra/ansible/.venv/bin/ansible
  python version = 3.8.3 (v3.8.3:6f8c8320e9, May 13 2020, 16:29:34) [Clang 6.0 (clang-600.0.57)]
  jinja version = 3.1.2
  libyaml = True

Collection Versions

% ansible-galaxy collection list

# /Users/alan.downing/.ansible/collections/ansible_collections
Collection Version
---------- -------
amazon.aws 5.0.2  

# /Users/alan.downing/<path redacted>/.venv/lib/python3.8/site-packages/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    3.5.0  
ansible.netcommon             3.1.3  
ansible.posix                 1.4.0  
ansible.utils                 2.6.1  
ansible.windows               1.11.1 
arista.eos                    5.0.1  
awx.awx                       21.7.0 
azure.azcollection            1.13.0 
check_point.mgmt              2.3.0  
chocolatey.chocolatey         1.3.1  
cisco.aci                     2.2.0  
cisco.asa                     3.1.0  
cisco.dnac                    6.6.0  
cisco.intersight              1.0.19 
cisco.ios                     3.3.2  
cisco.iosxr                   3.3.1  
cisco.ise                     2.5.5  
cisco.meraki                  2.11.0 
cisco.mso                     2.0.0  
cisco.nso                     1.0.3  
cisco.nxos                    3.2.0  
cisco.ucs                     1.8.0  
cloud.common                  2.1.2  
cloudscale_ch.cloud           2.2.2  
community.aws                 3.6.0  
community.azure               1.1.0  
community.ciscosmb            1.0.5  
community.crypto              2.7.0  
community.digitalocean        1.22.0 
community.dns                 2.3.3  
community.docker              2.7.1  
community.fortios             1.0.0  
community.general             5.7.0  
community.google              1.0.0  
community.grafana             1.5.3  
community.hashi_vault         3.3.1  
community.hrobot              1.5.2  
community.libvirt             1.2.0  
community.mongodb             1.4.2  
community.mysql               3.5.1  
community.network             4.0.1  
community.okd                 2.2.0  
community.postgresql          2.2.0  
community.proxysql            1.4.0  
community.rabbitmq            1.2.2  
community.routeros            2.3.0  
community.sap                 1.0.0  
community.sap_libs            1.3.0  
community.skydive             1.0.0  
community.sops                1.4.1  
community.vmware              2.10.0 
community.windows             1.11.0 
community.zabbix              1.8.0  
containers.podman             1.9.4  
cyberark.conjur               1.2.0  
cyberark.pas                  1.0.14 
dellemc.enterprise_sonic      1.1.2  
dellemc.openmanage            5.5.0  
dellemc.os10                  1.1.1  
dellemc.os6                   1.0.7  
dellemc.os9                   1.0.4  
f5networks.f5_modules         1.20.0 
fortinet.fortimanager         2.1.5  
fortinet.fortios              2.1.7  
frr.frr                       2.0.0  
gluster.gluster               1.0.2  
google.cloud                  1.0.2  
hetzner.hcloud                1.8.2  
hpe.nimble                    1.1.4  
ibm.qradar                    2.1.0  
ibm.spectrum_virtualize       1.10.0 
infinidat.infinibox           1.3.3  
infoblox.nios_modules         1.4.0  
inspur.ispim                  1.1.0  
inspur.sm                     2.2.0  
junipernetworks.junos         3.1.0  
kubernetes.core               2.3.2  
mellanox.onyx                 1.0.0  
netapp.aws                    21.7.0 
netapp.azure                  21.10.0
netapp.cloudmanager           21.20.1
netapp.elementsw              21.7.0 
netapp.ontap                  21.24.1
netapp.storagegrid            21.11.1
netapp.um_info                21.8.0 
netapp_eseries.santricity     1.3.1  
netbox.netbox                 3.8.0  
ngine_io.cloudstack           2.2.4  
ngine_io.exoscale             1.0.0  
ngine_io.vultr                1.1.2  
openstack.cloud               1.10.0 
openvswitch.openvswitch       2.1.0  
ovirt.ovirt                   2.2.3  
purestorage.flasharray        1.14.0 
purestorage.flashblade        1.10.0 
purestorage.fusion            1.1.1  
sensu.sensu_go                1.13.1 
servicenow.servicenow         1.0.6  
splunk.es                     2.1.0  
t_systems_mms.icinga_director 1.31.0 
theforeman.foreman            3.7.0  
vmware.vmware_rest            2.2.0  
vultr.cloud                   1.1.0  
vyos.vyos                     3.0.1  
wti.remote                    1.0.4

AWS SDK versions

% pip show boto boto3 botocore
Name: boto3
Version: 1.24.90
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email: None
License: Apache License 2.0
Location: /Users/alan.downing/repos/data_streaming_infra_management_poc/infra/ansible/.venv/lib/python3.8/site-packages
Requires: botocore, s3transfer, jmespath
Required-by: 
---
Name: botocore
Version: 1.27.90
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email: None
License: Apache License 2.0
Location: /Users/alan.downing/repos/data_streaming_infra_management_poc/infra/ansible/.venv/lib/python3.8/site-packages
Requires: urllib3, python-dateutil, jmespath
Required-by: s3transfer, boto3

Configuration

No response

OS / Environment

No response

Steps to Reproduce

export EC2_URL=https://ec2.us-east-1.amazonaws.com
ansible-playbook example.yml

 % cat example.yml 
- hosts: localhost
  tasks:
    - name: Add instance to route53
      delegate_to: localhost
      amazon.aws.route53:
        state: absent
        zone: "<redacted>"
        record: "<redacted>."
        type: A
        ttl: 600
        value: <redacted>
        wait: yes

Expected Results

A record should be created as described.

Actual Results

The full traceback is:
Traceback (most recent call last):
  File "/Users/alan.downing/.ansible/tmp/ansible-tmp-1665696500.7966459-4233-237887837318650/AnsiballZ_route53.py", line 107, in <module>
    _ansiballz_main()
  File "/Users/alan.downing/.ansible/tmp/ansible-tmp-1665696500.7966459-4233-237887837318650/AnsiballZ_route53.py", line 99, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File "/Users/alan.downing/.ansible/tmp/ansible-tmp-1665696500.7966459-4233-237887837318650/AnsiballZ_route53.py", line 47, in invoke_module
    runpy.run_module(mod_name='ansible_collections.amazon.aws.plugins.modules.route53', init_globals=dict(_module_fqn='ansible_collections.amazon.aws.plugins.modules.route53', _modlib_path=modlib_path),
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/runpy.py", line 207, in run_module
    return _run_module_code(code, init_globals, run_name, mod_spec)
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/runpy.py", line 97, in _run_module_code
    _run_code(code, mod_globals, init_globals,
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/runpy.py", line 87, in _run_code
    exec(code, run_globals)
  File "/var/folders/yg/mmd_7gzs549239zwbd9ybw1h0000gq/T/ansible_amazon.aws.route53_payload_92ltxvg1/ansible_amazon.aws.route53_payload.zip/ansible_collections/amazon/aws/plugins/modules/route53.py", line 794, in <module>
  File "/var/folders/yg/mmd_7gzs549239zwbd9ybw1h0000gq/T/ansible_amazon.aws.route53_payload_92ltxvg1/ansible_amazon.aws.route53_payload.zip/ansible_collections/amazon/aws/plugins/modules/route53.py", line 649, in main
  File "/var/folders/yg/mmd_7gzs549239zwbd9ybw1h0000gq/T/ansible_amazon.aws.route53_payload_92ltxvg1/ansible_amazon.aws.route53_payload.zip/ansible_collections/amazon/aws/plugins/modules/route53.py", line 460, in get_zone_id_by_name
  File "/var/folders/yg/mmd_7gzs549239zwbd9ybw1h0000gq/T/ansible_amazon.aws.route53_payload_92ltxvg1/ansible_amazon.aws.route53_payload.zip/ansible_collections/amazon/aws/plugins/module_utils/cloud.py", line 119, in _retry_wrapper
  File "/var/folders/yg/mmd_7gzs549239zwbd9ybw1h0000gq/T/ansible_amazon.aws.route53_payload_92ltxvg1/ansible_amazon.aws.route53_payload.zip/ansible_collections/amazon/aws/plugins/module_utils/cloud.py", line 69, in _retry_func
  File "/var/folders/yg/mmd_7gzs549239zwbd9ybw1h0000gq/T/ansible_amazon.aws.route53_payload_92ltxvg1/ansible_amazon.aws.route53_payload.zip/ansible_collections/amazon/aws/plugins/modules/route53.py", line 438, in _list_hosted_zones
  File "/Users/alan.downing/repos/data_streaming_infra_management_poc/infra/ansible/.venv/lib/python3.8/site-packages/botocore/paginate.py", line 479, in build_full_result
    for response in self:
  File "/Users/alan.downing/repos/data_streaming_infra_management_poc/infra/ansible/.venv/lib/python3.8/site-packages/botocore/paginate.py", line 269, in __iter__
    response = self._make_request(current_kwargs)
  File "/Users/alan.downing/repos/data_streaming_infra_management_poc/infra/ansible/.venv/lib/python3.8/site-packages/botocore/paginate.py", line 357, in _make_request
    return self._method(**current_kwargs)
  File "/Users/alan.downing/repos/data_streaming_infra_management_poc/infra/ansible/.venv/lib/python3.8/site-packages/botocore/client.py", line 514, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/Users/alan.downing/repos/data_streaming_infra_management_poc/infra/ansible/.venv/lib/python3.8/site-packages/botocore/client.py", line 938, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred () when calling the ListHostedZones operation: 
fatal: [localhost]: FAILED! => {
    "changed": false,
    "module_stderr": "Traceback (most recent call last):\n  File \"/Users/alan.downing/.ansible/tmp/ansible-tmp-1665696500.7966459-4233-237887837318650/AnsiballZ_route53.py\", line 107, in <module>\n    _ansiballz_main()\n  File \"/Users/alan.downing/.ansible/tmp/ansible-tmp-1665696500.7966459-4233-237887837318650/AnsiballZ_route53.py\", line 99, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/Users/alan.downing/.ansible/tmp/ansible-tmp-1665696500.7966459-4233-237887837318650/AnsiballZ_route53.py\", line 47, in invoke_module\n    runpy.run_module(mod_name='ansible_collections.amazon.aws.plugins.modules.route53', init_globals=dict(_module_fqn='ansible_collections.amazon.aws.plugins.modules.route53', _modlib_path=modlib_path),\n  File \"/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/runpy.py\", line 207, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/runpy.py\", line 97, in _run_module_code\n    _run_code(code, mod_globals, init_globals,\n  File \"/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/runpy.py\", line 87, in _run_code\n    exec(code, run_globals)\n  File \"/var/folders/yg/mmd_7gzs549239zwbd9ybw1h0000gq/T/ansible_amazon.aws.route53_payload_92ltxvg1/ansible_amazon.aws.route53_payload.zip/ansible_collections/amazon/aws/plugins/modules/route53.py\", line 794, in <module>\n  File \"/var/folders/yg/mmd_7gzs549239zwbd9ybw1h0000gq/T/ansible_amazon.aws.route53_payload_92ltxvg1/ansible_amazon.aws.route53_payload.zip/ansible_collections/amazon/aws/plugins/modules/route53.py\", line 649, in main\n  File \"/var/folders/yg/mmd_7gzs549239zwbd9ybw1h0000gq/T/ansible_amazon.aws.route53_payload_92ltxvg1/ansible_amazon.aws.route53_payload.zip/ansible_collections/amazon/aws/plugins/modules/route53.py\", line 460, in get_zone_id_by_name\n  File \"/var/folders/yg/mmd_7gzs549239zwbd9ybw1h0000gq/T/ansible_amazon.aws.route53_payload_92ltxvg1/ansible_amazon.aws.route53_payload.zip/ansible_collections/amazon/aws/plugins/module_utils/cloud.py\", line 119, in _retry_wrapper\n  File \"/var/folders/yg/mmd_7gzs549239zwbd9ybw1h0000gq/T/ansible_amazon.aws.route53_payload_92ltxvg1/ansible_amazon.aws.route53_payload.zip/ansible_collections/amazon/aws/plugins/module_utils/cloud.py\", line 69, in _retry_func\n  File \"/var/folders/yg/mmd_7gzs549239zwbd9ybw1h0000gq/T/ansible_amazon.aws.route53_payload_92ltxvg1/ansible_amazon.aws.route53_payload.zip/ansible_collections/amazon/aws/plugins/modules/route53.py\", line 438, in _list_hosted_zones\n  File \"/Users/alan.downing/repos/data_streaming_infra_management_poc/infra/ansible/.venv/lib/python3.8/site-packages/botocore/paginate.py\", line 479, in build_full_result\n    for response in self:\n  File \"/Users/alan.downing/repos/data_streaming_infra_management_poc/infra/ansible/.venv/lib/python3.8/site-packages/botocore/paginate.py\", line 269, in __iter__\n    response = self._make_request(current_kwargs)\n  File \"/Users/alan.downing/repos/data_streaming_infra_management_poc/infra/ansible/.venv/lib/python3.8/site-packages/botocore/paginate.py\", line 357, in _make_request\n    return self._method(**current_kwargs)\n  File \"/Users/alan.downing/repos/data_streaming_infra_management_poc/infra/ansible/.venv/lib/python3.8/site-packages/botocore/client.py\", line 514, in _api_call\n    return self._make_api_call(operation_name, kwargs)\n  File \"/Users/alan.downing/repos/data_streaming_infra_management_poc/infra/ansible/.venv/lib/python3.8/site-packages/botocore/client.py\", line 938, in _make_api_call\n    raise error_class(parsed_response, operation_name)\nbotocore.exceptions.ClientError: An error occurred () when calling the ListHostedZones operation: \n",
    "module_stdout": "",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
    "rc": 1
}

Code of Conduct

I agree to follow the Ansible Code of Conduct

The text was updated successfully, but these errors were encountered:

ansibullbot · 2022-10-13T22:44:11Z

Files identified in the description:

[plugins/module_utils/botocore.py](https://github.com/['ansible-collections/amazon.aws', 'ansible-collections/community.aws', 'ansible-collections/community.vmware']/blob/main/plugins/module_utils/botocore.py)

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

tremble · 2022-10-14T09:24:50Z

I agree this is confusing given the 'EC2' in the name, it's a relic of the earliest modules where we only supported EC2, and I think it's time to deprecate support for the EC2_ environment variables.

It is however behaving as documented:

Note:

If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence AWS_URL or EC2_URL ...

Since deprecation will take multiple years, I'm going to close this issue as "Works as expected". However, I will be following up with a change to deprecate the EC2_ variables.

Cleanup shared 'EC2' parameters SUMMARY As seen in both #1170 and ansible-collections/community.aws#1458 the "EC2_" prefix for a number of fall-back environment variables results in confusion. "EC2_" implies it's specific to the EC2 API, not all of AWS. Deprecates the ec2_ parameter aliases Deprecates the EC2_ environment variables Deprecates the security_token/aws_security_token/access_token parameter aliases which were based on the original boto parameter names ISSUE TYPE Feature Pull Request COMPONENT NAME plugins/module_utils/botocore.py plugins/module_utils/modules.py ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis <None>

Cleanup shared 'EC2' parameters SUMMARY As seen in both #1170 and ansible-collections/community.aws#1458 the "EC2_" prefix for a number of fall-back environment variables results in confusion. "EC2_" implies it's specific to the EC2 API, not all of AWS. Deprecates the ec2_ parameter aliases Deprecates the EC2_ environment variables Deprecates the security_token/aws_security_token/access_token parameter aliases which were based on the original boto parameter names ISSUE TYPE Feature Pull Request COMPONENT NAME plugins/module_utils/botocore.py plugins/module_utils/modules.py ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis <None> (cherry picked from commit 06cecac)

[PR #1172/06cecace backport][stable-5] Cleanup shared 'EC2' parameters This is a backport of PR #1172 as merged into main (06cecac). SUMMARY As seen in both #1170 and ansible-collections/community.aws#1458 the "EC2_" prefix for a number of fall-back environment variables results in confusion. "EC2_" implies it's specific to the EC2 API, not all of AWS. Deprecates the ec2_ parameter aliases Deprecates the EC2_ environment variables Deprecates the security_token/aws_security_token/access_token parameter aliases which were based on the original boto parameter names ISSUE TYPE Feature Pull Request COMPONENT NAME plugins/module_utils/botocore.py plugins/module_utils/modules.py ADDITIONAL INFORMATION Reviewed-by: Mark Chappell <None>

…ections#1170) ecs_service - fix validation for `placementConstraints` SUMMARY Fixes ansible-collections#1058 ISSUE TYPE Bugfix Pull Request COMPONENT NAME ecs_service Reviewed-by: Markus Bergholz <[email protected]> Reviewed-by: Oleksandr Novak <[email protected]> Reviewed-by: Alina Buzachis <None>

ansibullbot added bug This issue/PR relates to a bug module_utils module_utils needs_triage plugins plugin (any type) python3 traceback labels Oct 13, 2022

tremble closed this as completed Oct 14, 2022

tremble mentioned this issue Oct 14, 2022

Cleanup shared 'EC2' parameters #1172

Merged

patchback bot mentioned this issue Oct 17, 2022

[PR #1172/06cecace backport][stable-5] Cleanup shared 'EC2' parameters #1173

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Botocore sets bad endpoint_url #1170

Botocore sets bad endpoint_url #1170

downingar commented Oct 13, 2022

ansibullbot commented Oct 13, 2022

tremble commented Oct 14, 2022

Botocore sets bad endpoint_url #1170

Botocore sets bad endpoint_url #1170

Comments

downingar commented Oct 13, 2022

Summary

Issue Type

Component Name

Ansible Version

Collection Versions

AWS SDK versions

Configuration

OS / Environment

Steps to Reproduce

Expected Results

Actual Results

Code of Conduct

ansibullbot commented Oct 13, 2022

tremble commented Oct 14, 2022