Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

e2c_vpc_nacl_info fails if no NACL are found #2425

Open
1 task done
branic opened this issue Dec 19, 2024 · 0 comments · May be fixed by #2429
Open
1 task done

e2c_vpc_nacl_info fails if no NACL are found #2425

branic opened this issue Dec 19, 2024 · 0 comments · May be fixed by #2429
Labels

Comments

@branic
Copy link
Contributor

branic commented Dec 19, 2024

Summary

When I try to get a list of VPC NACLs an Unable to describe ACL. NetworkAcl does not exist error is returned from the module.

This error was not observed when this module was part of the community.aws collection. In the community.aws version of the module if there were no NACLs found an empty list would be returned.

Causing the module to fail when there are no NACLs found is not helpful (IMHO). For example, I need to get the NACLs that match a filter (in my case that they are the non-default NACLs) and do further processing with the ones that are returned from the query. If there are no NACLs that match the query that is fine (the further processing becomes a NOP), but having the module fail just because the query returns no results causes the entire play to fail.

Issue Type

Bug Report

Component Name

ec2_vpc_nacl_info

Ansible Version

$ ansible --version
ansible [core 2.18.1]
  config file = None
  configured module search path = ['/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.11/site-packages/ansible
  ansible collection location = /runner/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.11.9 (main, Sep 11 2024, 00:00:00) [GCC 11.5.0 20240719 (Red Hat 11.5.0-2)] (/usr/bin/python3.11)
  jinja version = 3.1.4
  libyaml = True

Collection Versions

$ ansible-galaxy collection list

# /usr/share/ansible/collections/ansible_collections
Collection        Version
----------------- -------
amazon.aws        9.1.0  
community.aws     9.0.0  
community.general 10.1.0 

AWS SDK versions

$ pip3 show boto boto3 botocore
WARNING: Package(s) not found: boto
Name: boto3
Version: 1.35.84
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email: 
License: Apache License 2.0
Location: /usr/local/lib/python3.11/site-packages
Requires: botocore, jmespath, s3transfer
Required-by: 
---
Name: botocore
Version: 1.35.84
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email: 
License: Apache License 2.0
Location: /usr/local/lib/python3.11/site-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: boto3, s3transfer

Configuration

$ ansible-config dump --only-changed
CONFIG_FILE() = None

GALAXY_SERVERS:

OS / Environment

RHEL 9.5

Steps to Reproduce

This playbook succeeds when community.aws version 8.0.0 is installed, but fails when amazon.aws version 9.1.0 is installed.

---
- name: Network ACL Query Test
  hosts: localhost
  gather_facts: false

  vars:
    region_name: ap-south-1

  tasks:
    - name: Get non-default VPC network ACLs in region {{ region_name }}
      community.aws.ec2_vpc_nacl_info:
        region: "{{ region_name }}"
        filters:
          default: false
      register: region_nacls

    - name: Display query results
      ansible.builtin.debug:
        var: region_nacls

Expected Results

I expected that the module would return an empty list of nacls

For comparison, when running the playbook with the community.aws version 8.0.0 installed the result that is registered in the region_nacls variable in the above playbook is:

TASK [Display query results] ***************************************************
task path: /aws-cleanup/playbooks/test-play.yml:17
ok: [localhost] => {
    "region_nacls": {
        "changed": false,
        "failed": false,
        "nacls": []
    }
}

Actual Results

ansible-navigator run playbooks/test-play.yml -vvv
ansible-playbook [core 2.18.1]
  config file = /aws-cleanup/ansible.cfg
  configured module search path = ['/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.11/site-packages/ansible
  ansible collection location = /runner/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible-playbook
  python version = 3.11.9 (main, Sep 11 2024, 00:00:00) [GCC 11.5.0 20240719 (Red Hat 11.5.0-2)] (/usr/bin/python3.11)
  jinja version = 3.1.4
  libyaml = True
Using /aws-cleanup/ansible.cfg as config file
host_list declined parsing /aws-cleanup/inventory.ini as it did not pass its verify_file() method
script declined parsing /aws-cleanup/inventory.ini as it did not pass its verify_file() method
auto declined parsing /aws-cleanup/inventory.ini as it did not pass its verify_file() method
yaml declined parsing /aws-cleanup/inventory.ini as it did not pass its verify_file() method
Parsed /aws-cleanup/inventory.ini inventory source with ini plugin
redirecting (type: modules) community.aws.ec2_vpc_nacl_info to amazon.aws.ec2_vpc_nacl_info
Skipping callback 'awx_display', as we already have a stdout callback.
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: test-play.yml ********************************************************
1 plays in /aws-cleanup/playbooks/test-play.yml

PLAY [Network ACL Query Test] **************************************************

TASK [Get non-default VPC network ACLs in region ap-south-1] *******************
task path: /aws-cleanup/playbooks/test-play.yml:10
redirecting (type: modules) community.aws.ec2_vpc_nacl_info to amazon.aws.ec2_vpc_nacl_info
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: satuser
<localhost> EXEC /bin/sh -c 'echo ~satuser && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /runner/.ansible/tmp `"&& mkdir "` echo /runner/.ansible/tmp/ansible-tmp-1734565448.779751-18-155249145604013 `" && echo ansible-tmp-1734565448.779751-18-155249145604013="` echo /runner/.ansible/tmp/ansible-tmp-1734565448.779751-18-155249145604013 `" ) && sleep 0'
redirecting (type: modules) community.aws.ec2_vpc_nacl_info to amazon.aws.ec2_vpc_nacl_info
Using module file /usr/share/ansible/collections/ansible_collections/amazon/aws/plugins/modules/ec2_vpc_nacl_info.py
<localhost> PUT /runner/.ansible/tmp/ansible-local-15okh27p2y/tmpyjgvt101 TO /runner/.ansible/tmp/ansible-tmp-1734565448.779751-18-155249145604013/AnsiballZ_ec2_vpc_nacl_info.py
<localhost> EXEC /bin/sh -c 'chmod u+x /runner/.ansible/tmp/ansible-tmp-1734565448.779751-18-155249145604013/ /runner/.ansible/tmp/ansible-tmp-1734565448.779751-18-155249145604013/AnsiballZ_ec2_vpc_nacl_info.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/python3.11 /runner/.ansible/tmp/ansible-tmp-1734565448.779751-18-155249145604013/AnsiballZ_ec2_vpc_nacl_info.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /runner/.ansible/tmp/ansible-tmp-1734565448.779751-18-155249145604013/ > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "access_key": "<REDACTED>",
            "aws_ca_bundle": null,
            "aws_config": null,
            "debug_botocore_endpoint_logs": false,
            "endpoint_url": null,
            "filters": {
                "default": false
            },
            "nacl_ids": [],
            "profile": null,
            "region": "ap-south-1",
            "secret_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "session_token": null,
            "validate_certs": true
        }
    },
    "msg": "Unable to describe ACL. NetworkAcl does not exist"
}

PLAY RECAP *********************************************************************
localhost                  : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   
Please review the log for errors.

Code of Conduct

  • I agree to follow the Ansible Code of Conduct
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants