Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Impossible to add authorized_ip_ranges if it's not already set in existing AKS cluster #768

Closed
nuclear0wl opened this issue Feb 22, 2022 · 2 comments · Fixed by #912
Closed

Impossible to add authorized_ip_ranges if it's not already set in existing AKS cluster #768

nuclear0wl opened this issue Feb 22, 2022 · 2 comments · Fixed by #912
Labels
bug Something isn't working has_pr PR fixes have been made medium_priority Medium priority

Comments

@nuclear0wl
Copy link

nuclear0wl commented Feb 22, 2022
edited
Loading

SUMMARY

Attempt to set authorized_ip_ranges for cluster where ranges weren't set before fails.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

Module azure_rm_aks in azure.azcollection >= 1.11.0

ANSIBLE VERSION
ansible 2.10.17
  python version = 3.8.12 (default, Oct 13 2021, 06:42:42) [Clang 13.0.0 (clang-1300.0.29.3)]
COLLECTION VERSION
Collection         Version
------------------ -------
azure.azcollection 1.11.0
STEPS TO REPRODUCE
  1. Create AKS Cluster with Authorized IP Ranges disabled
  2. In module define some value for authorized_ip_ranges
api_server_access_profile:
  authorized_ip_ranges:
    - "0.0.0.0/0"
  1. Try to run Ansible task
EXPECTED RESULTS

Authorized IP Ranges are successfully applied.

ACTUAL RESULTS

Module tries to fetch actual authorized_ip_ranges:

azure/plugins/modules/azure_rm_aks.py

Line 813 in 63388fc

len(response['api_server_access_profile'].get('authorized_ip_ranges')):

As there is no authorized_ip_ranges (there won't be any in ARM template if option wasn't set), it causes the error below.

TypeError: object of type 'NoneType' has no len()
@Fred-sun
Copy link
Collaborator

@nuclear0wl Thank you for submitting this question, I will check whether "authorized_ip_ranges" can be set for the existing cluster, thank you!

@Fred-sun Fred-sun added medium_priority Medium priority work in In trying to solve, or in working with contributors labels Feb 22, 2022
@verhyppo
Copy link
Contributor

verhyppo commented Feb 23, 2022
edited
Loading

Hi @Fred-sun it is possible during the whole lifetime of the AKS instance both via az cli and Portal.
You can actually create a cluster that does not have any during creation but get updated to set the authorised ip ranges or viceversa.
Please have a look here

@Fred-sun Fred-sun mentioned this issue Jul 5, 2022
Merged
@Fred-sun Fred-sun added bug Something isn't working has_pr PR fixes have been made and removed work in In trying to solve, or in working with contributors labels Jul 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working has_pr PR fixes have been made medium_priority Medium priority
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix the authorized_ip_ranges parameter being None Fred-sun/ansible_collections_azure
3 participants
@verhyppo @nuclear0wl @Fred-sun