Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cloudwatchevent_rule doesn't support JSON input_templates #1348

Closed
1 task done
alalonde opened this issue Jul 11, 2022 · 5 comments
Closed
1 task done

cloudwatchevent_rule doesn't support JSON input_templates #1348

alalonde opened this issue Jul 11, 2022 · 5 comments
Labels
bug This issue/PR relates to a bug module module needs_triage plugins plugin (any type)

Comments

@alalonde
Copy link

alalonde commented Jul 11, 2022

Summary

AWS EventBridge supports JSON for their input templates. However, we are assuming a string is desired, and therefore wrap the input template in quotes, which is not parsed by AWS as a JSON template.

Issue Type

Bug Report

Component Name

cloudwatchevent_rule

Ansible Version

$ ansible --version

Collection Versions

This was pointing to master. From our Dockerfile:

RUN ansible-galaxy collection install git+https://github.com/ansible-collections/community.aws.git,main

AWS SDK versions

$ pip show boto boto3 botocore

Configuration

$ ansible-config dump --only-changed

OS / Environment

No response

Steps to Reproduce

Here is a working example using the AWS CLI:

eventbridge_target.json
{
   "Rule": "myRule",
   "Targets": [{
      ...
      "InputTransformer": {
         "InputPathsMap": {
            "s3Key": "$.detail.object.key"
         },
         "InputTemplate": "{\"containerOverrides\": [{\"name\": \"thrivSportsJob-stage_jobmg10\", \"environment\": [{\"name\": \"S3_KEY\",\"value\": <s3Key>}]}]}"
      }
   }]
}

Which can be executed with a aws events put-targets --cli-input-json file://eventbridge_target.json

However, when parsing the target configuration, the input is wrapped in a string:

                target_request['InputTransformer']['InputTemplate'] = '"{0}"'.format(
                    target['input_template']
                )

AWS will not route an event with an invalid transformer template. So the input for a JSON template must begin with a {, not a ". My solution was to remove the string wrapping, AND prepend the template with a space, as recommended here. This results in:

      -  name: Define trigger input template
         set_fact:
            trigger_input_template: |
               {
                  "containerOverrides": [{
                     "name": "{{container_name}}",
                     "environment": [{
                        "name": "S3_KEY",
                        "value": <s3Key>
                     }]
                  }]
               }
      -  name: Create rule in EventBridge
         community.aws.cloudwatchevent_rule:
            ...
            targets:
               -  id: "myJob-{{env}}"
                  ...
                  input_paths_map:
                     s3Key: "$.detail.object.key"
                  input_template: " {{trigger_input_template}}"
                  ...

Expected Results

I expected the input template to be wrapped by { ... } but was instead "{ ... }"

image

Actual Results

Code of Conduct

  • I agree to follow the Ansible Code of Conduct
@ansibullbot
Copy link

Files identified in the description:

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

@ansibullbot
Copy link

@ansibullbot ansibullbot added bug This issue/PR relates to a bug module module needs_triage plugins plugin (any type) labels Jul 11, 2022
@tremble
Copy link
Contributor

tremble commented Jul 15, 2022

@alalonde,

#1355 has recently been added:

  • Moves input_paths_map and input_template under input_transformer (this simplifies some of the logic we can use on the backend)
  • Tells the Ansible that event_pattern and input_template are both supposed to be "JSON" and tries to be more intelligent with how it handles strings vs complex JSON objects.

While I realise this breaks your playbook, please understand that while we'll avoid breaking changes once something's officially been released on Galaxy, we may occasionally rework things that are 'only' in the main branch.

@tremble tremble closed this as completed Jul 15, 2022
@alalonde
Copy link
Author

@tremble Thanks! Just successfully deployed this same event pattern using the new ansible configuration keys.

@alalonde
Copy link
Author

Note that for this to work, the transformer input template MUST be valid JSON. So something like

 {
    "containerOverrides": [{
       "name": "{{container_name}}",
       "environment": [{
          "name": "S3_KEY",
          "value": <s3Key>
       }]
    }]
 }

will NOT work, because containerOverrides[0].environment.value is not a quoted string.

Fortunately, quoting this value does not prevent EventBridge from processing the input correctly.

abikouo pushed a commit to abikouo/community.aws that referenced this issue Oct 24, 2023
…llections#1348)

Remove an unreachable code fragment in ec2_security_group 

In file: ec2_security_group.py, method: ensure_present, a logical expression uses the identity operator. A new object is created inside the identity check operation and then used for matching identity. Since this is a distinct, new object, it will not have identity and match with anything else. As a result, the identity check will have a logical short circuit and the program may have unintended behavior.
I suggested that the logical operation should be done properly.

Reviewed-by: Mark Chappell
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug This issue/PR relates to a bug module module needs_triage plugins plugin (any type)
Projects
None yet
Development

No branches or pull requests

3 participants